After Apple updated its privacy rules in 2021, allowing iOS users to easily opt-out of all tracking by third-party apps, the Electronic Frontier Foundation reported that "Meta" could lose $10 billion in revenue in a year. Meta's business model relies on selling user data to advertisers, and it seems that the owner of Facebook and Instagram has been seeking new ways to continue large-scale data collection and recover the revenue that it suddenly lost.
Last month, privacy researcher and former Google engineer Felix Krause claimed that one way Meta sought to recover its losses was by redirecting any link users click on within the app to be opened in the browser, enabling Meta to track "anything you do on any website," including password tracking, without your consent.
Last week, a class-action lawsuit was filed by three Facebook and iOS users—who directly referenced Krause's research—against Meta on behalf of all affected iOS users, accusing the company of concealing privacy risks, circumventing iOS user privacy options, and intercepting and monitoring all activities on third-party websites viewed in the Facebook or Instagram browser. This includes form entries and screenshots, granting Meta a secret pathway via its in-app browser to access "personally identifiable information and sensitive private health details, text entries, and other confidential sensitive facts," apparently without users even knowing that data collection is taking place.
According to the complaint, which relies on the same facts revealed by Krause's research, "Meta has been injecting code into third-party websites, a practice that allows it to track users and intercept data that would not otherwise be available to it." The recent complaint was filed the day before yesterday by California-based Gabriel Willis and Louisiana-based Kerisha Davis. Adam Polak, an attorney from the legal team at Girard Sharp LLP, told Ars Technica that it is important to prevent "Meta" from escaping accountability by concealing ongoing privacy violations.
In the complaint, the legal team referenced Meta's previous wrongdoing in collecting user information without consent, noting that a Federal Trade Commission investigation had imposed a $5 billion fine on Meta.
