Gunes Acar:

“Automatic advanced matching is a feature of the Facebook pixel that more accurately matches online visitors and their activities to Facebook users. When this feature is enabled, the pixel extracts and hashes personal data that’s entered into forms, such as an email address, phone number, name, date of birth, etc. Facebook then uses those (hashed) identifiers to link your Facebook profile to your website visits and activities. 

The advantage of using this over cookies is that as a user you can remove or block cookies. Many browsers like Safari and Firefox now automatically block tracking-related cookies, and there are ongoing efforts to phase out third-party cookies. This means that identifiers based on email address or phone number—that are global, unique, and persistent—will likely become more important.

Facebook claims to collect this personal information from the website forms when the user clicks the submit button, but we found that it instead collects it when you click virtually any button or link on the page. For example, even if you just type in your email address and maybe you change your mind and decide to go back to another page or read the privacy policy before opening an account, once you click any link or any button, Facebook will extract your personal information, including email address, from the form, hash it, and send it to its servers. 

We also found that TikTok was using a similar method to collect personal data typed into forms. TikTok has a product called TikTok Pixel, which also has a feature to automatically harvest form data. When you type in your email address or phone number on a form, clicking almost any button triggers data collection by TikTok.”

Excerpt from this interview. Acar is an assistant professor at the Digital Security group of Radboud University in the Netherlands. He researches online tracking mechanisms, web security, anonymous communications, and dark patterns. 

facebook's workaround to the end of coo…