Menu
EN

Facebook’s medical data scandal, Telegram, Mozilla's cookies & apps that prey on children. AdGuard's digest

In this edition of AdGuard's Digest: Facebook is accused of hoarding sensitive medical data, Telegram partners with Google and possibly the police, Mozilla fights trackers, school apps spy on children, Twitter misuses user data as the US moves closer to adopting federal privacy law.

Facebook tool harvests medical data from hospital websites

In the news that should surprise no one, Facebook's ad tracking tool was found to be sending sensitive medical data collected from hospital websites to… Facebook. The Markup investigation found that the Meta Pixel tool also known as the Facebook Pixel has been embedded into dozens of US hospital websites, including that of major children's hospital network. Once a patient or a parent clicked a button to make an appointment, Meta Pixel sent the tech giant the name of the condition, the doctor's name, the search word used to find that doctor, and other data. In the case of the children's hospital, Facebook could even get the full name of the child complete with the IP address. The tracker was also found in supposedly secure patient portals, which meant that Facebook could find out what medications visitors were taking and what allergic reactions they had.

Meta, which owns Facebook, has denied that it extended its tentacles to sensitive patient data, saying it had special filters in place to prevent it from being sent. Several hospitals have since removed the code from their websites, and a class-action lawsuit was filed in California accusing Facebook of violating medical privacy laws. The plaintiffs say that they have identified as many as "664 hospital systems or medical provider web properties where Facebook has received patient data via the Facebook Pixel."

Facebook's appetite for data-harvesting seems to know no bounds, and it looks like the tech giant is willing to go to great lengths to gain access to user data. It's hard to take Facebook's claims that it doesn't actually get patient data at face value as the company has been caught red-handed violating user privacy too many times before.

Et tu? Telegram shares data with Google and possibly police

Breaking away from its long-standing policy of not sharing user data with third parties, Telegram has reportedly provided the German police with information on child abuse and terrorism suspects, Spiegel reported. The messenger is also said to have set up a special email account for the police to send their requests to. It was reported last year that Telegram could face a steep to the tune of €55 million if it failed to create such a backchannel.

Telegram is reportedly helping the German police

Telegram has yet to comment on its alleged assistance to German police. If true, it shows that even companies with strict data-sharing policies are not immune to pressure, especially if it is exerted in the name of protecting the innocent. The EU has been peddling legislation aimed at scanning text messangers for indicators of child sexual abuse — we wrote about this in the previous digest. Sadly, it looks like the protection of children is becoming a tool to coerce online platforms into revealing user data.

On its website, Telegram states that it has yet to disclose a byte of data to third parties, either to governments or anybody else.

Telegram claims it has not shared data with third parties yet

And while it has neither confirmed nor denied its cooperation with the police, Telegram openly announced that it would be sharing data with Google as part of its premium plan. Telegram's new premium feature relies on Google technology to transcribe audio messages. According to the agreement between Telegram and Google, the latter is prohibited from logging transcripts and audio data and cannot use it for any other purposes, including advertising. However, the very fact that Telegram has entrusted its user data to Google is concerning in itself.

Yummy! Firefox curbs cross-site tracking by putting cookies in jars

Mozilla has set out to organize the internet's kitchen cabinets, confining third-party cookies to the "cookie jars" hidden from everybody but the website that had planted them. The new feature has become default for all Firefox browser desktop users, and is yet to come to mobile. Third-party cookies are small text files planted into your browser by various advertisers so that they can track you across the web. Mozilla now wants to prevent trackers from accessing each other's cookies.

"No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you — giving you freedom from invasive ads and reducing the amount of information companies gather about you", Mozilla says.

Mozilla, unlike some other tech companies (we won't point the finger at them), seems to be walking the talk on privacy. It's worth noting that Mozilla has also decided to allow ad blockers to exist in Firefox in their original, powerful form by cherry-picking parts of Manifest 3 to implement: we wrote about this in more detail here.

EdTech products rat out children to advertisers

About 90% of state-backed EdTech platforms across 49 countries trampled on children's rights during the pandemic by tracking them across the web and off class. Many allowed advertisers to use students' personal data. That is according to Human Rights Watch which reviewed 164 online tools used for distance learning.

"Human Rights Watch observed 146 EdTech products directly sending or granting access to children’s personal data to 196 third-party companies, overwhelmingly AdTech", the report states. The data was mainly sent to AdTech giants — Google and Facebook. What's more, eight websites used a sophisticated tracking method known as 'canvas fingerprinting' that does not require cookies.

Apps used in virtual classrooms overwhelmingly spy on children

Children and parents were mostly kept in the dark about apps' data collection habits. In most cases the child was faced with an impossible choice: either to continue learning or opt out of surveillance.

We at AdGuard think that children's privacy as well as that of adults should be protected by default. A child should not sacrifice privacy for education and vice versa. The practice of targeting children that can be as young as 9 with personalized ads is nothing short of predatory.

The news itself is hardly shocking, however, as data collection methods become ever more clandestine and intrusive…

Copy-pasting is BAD, but it's not about what you think it is

…As evidenced by the case of 11 Android apps with over 45 million downloads that had been secretly sending away user GPS data, email addresses, phone numbers via a third-party SDK named Coelib. AppCencus has reported earlier this year that the software development kit (SDK) in question was part of several Quran-themed apps, a barcode scanner, and a WiFi mouse among others. One of the apps, Simple Weather & Clock Widget, uploaded to the SDK vendor's servers everything a user copied and pasted. Google removed the apps from its Play Store last year, and they all have returned since but without the offending SDK.

We strongly recommend users to install apps only from trusted developers and give them only the most necessary permissions.

Pranksters and privacy advocates' nightmare: Indians may soon see caller names by default

India's telecom regulator has been working on a new mechanism that would require providers to flash a caller's full name on a screen every time a phone rings. Providers will have to source the caller data from their KYC (Know Your Customer) records. When a customer buys a SIM card, an operator verifies their identity and inputs the information into the database.

Indian spam callers are preparing to get outed

The Indian government wants to rein in spam callers that are increasingly getting on citizens' nerves. Two-thirds of Indians receive three or more spam calls a day, and over 220 million use caller identification app Truecaller. The latter crowdsources caller data, meaning that it may not be up to date. While KYC records are a much more accurate source of data, the main problem remains — no user consent is required in either of the cases.

The details of the proposal are yet to be thrashed out, but it looks like the Indian government is going after pesky callers at the expense of citizen privacy. The benefit from the policy is questionable: it's not clear how seeing a random name instead of a random number will make much of a difference. The new initiative threatens to deliver another blow to the country's already weak privacy protections. Earlier this year we wrote about a new Indian law that would force all VPN and other online services providers to store user logs for at least 5 years.

Twitter: We collect your data for security purposes only.* Only joking.

Twitter has paid $150 million to settle a case with the US government, which accused the tech giant of misleading its users about what it can do with their personal data. From 2013 to 2019, Twitter claimed that it needed users' phone numbers and email addresses solely to secure their accounts. However, the US Department of Justice said that the social behemoth would then share that data with advertisers. 140 million users have been affected by the practice, which is likely helped to swell Twitter's coffers since its primary source of income is ad revenue.

For its part, Twitter admitted the data "might have been" used for advertising "inadvertently".

The news did not sit well with prospective Twitter buyer, Elon Musk. "If Twitter was not truthful here, what else is not true?" the billionaire wrote. Musk had previously put a deal with a platform on hold, accusing it of failing to disclose the number of spam bots.

Twitter misled users about the purpose of its security feature

We share these concerns. While Twitter has signaled recently that it's ready to become more privacy-oriented and clarified its privacy and security policy (check our previous digest for more on this), the news of the settlement remind us of stark reality — big tech firms may pose as privacy-friendly, but as long as advertising remains their main source of revenue, it all might be smokes and mirrors.

US inches closer to adopting country-wide privacy law

A bipartisan group of Democrat and Republican lawmakers have unveiled a draft of a federal data privacy bill, named 'The American Data Privacy and Protection Act' (ADPPA) after years of back-and-forth. The draft is now up for a debate. The bill is designed to preempt state privacy laws, but with a long list of notable exemptions for Illinois Biometrics Information Privacy Act, parts of the California Privacy Rights Act, as well as for facial recognition and consumer protection laws. The bill would require tech companies to receive an express consent from the individual before collecting or processing sensitive personal data, such as biometric data, private communication, precise geolocation, financial and health data, log-in creditionals, browsing history and sexual orientation. The companies would also be required to publish privacy policies, while individuals will have the right to opt out of the transfer of their data to third parties for targeted advertising. Advertisers won't be able serve minors under 17 years of age targeted ads altogether.

Users will also be able to sue companies in a federal court for damages, but only 4 years after the bill goes into effect.

The draft was released to mixed reviews from privacy experts and lawmakers alike: while some see it as a welcome first step, others argue that it is "riddled with enforcement loopholes". If the law passes through Congress, the US would theoretically come closer to Europe's privacy protection standards enshrined in the GDPR. The devil, however, is in the details and the implementation.

Liked this post?
18,386 18386 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
18,386 18386 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
18,386 18386 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
18,386 18386 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
18,386 18386 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
18,386 18386 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
18,386 18386 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
18,386 18386 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device