Social Media Tracking Of Non-Users? Risks For Employers And Employees

March 9, 2023

Internet security company, Malwarebytes Labs, is reporting that, according to Consumer Reports (CR), a U.S.-based nonprofit consumer organization, TikTok gathers data on people who do not even use the app itself.

TikTok embeds a tracker called a "pixel" on many websites, often without the site owner's knowledge. Users accessing that website are recorded by the pixel and their user data and website interaction is sent to TikTok or Facebook to then help those tech companies create targeted ads and measure their effectiveness.

CR enlisted the aid of the security firm, Disconnect, to scan for websites containing TikTok's pixel, paying particular attention to sites that regularly deal with sensitive information, such as .gov, .org, and .edu sites. It found that pixels are already widespread.

This is not a new tactic by TikTok. Facebook/Meta used the "Like" button embedded on many websites to track users' browsing habits. That data was reported to Facebook/Meta, even if the user had no social media account.

Among other data, TikTok collects the IP address, the page a user is on, and what the user is clicking, typing, or searching for. Although the data is used for targeted ads and ad effectiveness, a TikTok spokesperson claims the data "is not used to group individuals into particular interest categories for other advertisers to target." Data collected from non-TikTok users, however, are used in aggregated reports sent to advertisers. "TikTok's "secret operation" tracks you even if you don't use it." www.malwarebytes.com (Oct. 04, 2022)

Commentary

Organizations should consider a policy that limits the use of social media and standards that promote privacy protections from third parties. While the tracking is claimed to be for marketing/advertising purposes for now, that does not mean it will not be used for other purposes in the future. 

The risk for organizations is that employee information is tracked, but also that employee interactions online create a heightened risk for social engineering.

As for organizations and individuals, Consumer Reports recommends three guidelines to protect organizational and personal information online:

 

·  Use privacy-protected browser extensions such as uBlock Origin or Malwarebytes Browser Guard.

·  Take advantage of your browser’s privacy settings.

·  Use a privacy-focused browser, such as Brave or Firefox.


 

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Ask Jack: Are There ChatGPT And Phishing Risks Emerging?

A reader asks Jack about emerging risks surrounding ChatGPT. Jack discusses the popular chatbot and phishing.

Ask Jack: Can I Require Employees To Lock Up Their Laptops At Work And At Home?

Thieves target laptops and other mobile devices for a reason. Jack explains the risk and what organizations need to do to limit it.

Social Media Tracking Of Non-Users? Risks For Employers And Employees

Even if you do not have a TikTok account, a report states that your web habits are still being tracked. Learn about the risk.