Tax prep services send sensitive financial info to Facebook

And they didn’t even know they were doing it.

Cory Doctorow


An H&R Block storefront; the ‘o’ in Block has been replaced with the glaring red eye of HAL9000 from 2001: A Space Odyssey. Mark Zuckerberg’s metaverse avatar peeks out from behind a pillar. Image: Cryteria (modified) CC BY 3.0 Social Woodlands (modified) CC BY 2.0

If you were unfortunate enough to e-file your US tax using HR Block, Taxact or Taxslayer, your most sensitive financial information was nonconsenually shared with Facebook, where it was added to the involuntary dossier the company maintains billions of people, including people who don’t have Facebook accounts.

A blockbuster investigative report from The Markup and The Verge reveals that major tax-prep services illegally embedded the Facebook tracking pixel in their sites, configured so that it transmitted as much data as possible to the surveillance giant.

In their defense, the companies say that they didn’t know that they were sending all this data to Facebook, and that they were using Facebook’s surveillance pixel to “deliver a more personalized customer experience.”

The companies had set the Facebook tracking pixel to use “automatic advanced matching,” which scours any page it’s embedded in for personally identifying information to harvest and transmit to Facebook.

Facebook claims that it doesn’t want this data and won’t use it, though the company has been previously caught violating fair finance laws by using finance data to discriminate against Black families:

But it’s possible that Facebook isn’t using this data — or that it doesn’t know whether it’s using this data. Facebook’s own internal audits show that the company doesn’t know what data it collects or how it uses it:

Remember, Facebook claims that it collects your data based on your consent; somehow it thinks that you can consent to collecting and using your data in ways that even Facebook can’t describe.