Social Media Tracking Of Non-Users? Risks For Employers And Employees

Internet security company, Malwarebytes Labs, is reporting that, according to Consumer Reports (CR), a U.S.-based nonprofit consumer organization, TikTok gathers data on people who do not even use the app itself.

TikTok embeds a tracker called a "pixel" on many websites, often without the site owner's knowledge. Users accessing that website are recorded by the pixel and their user data and website interaction is sent to TikTok or Facebook to then help those tech companies create targeted ads and measure their effectiveness.

CR enlisted the aid of the security firm, Disconnect, to scan for websites containing TikTok's pixel, paying particular attention to sites that regularly deal with sensitive information, such as .gov, .org, and .edu sites. It found that pixels are already widespread.

This is not a new tactic by TikTok. Facebook/Meta used the "Like" button embedded on many websites to track users' browsing habits. That data was reported to Facebook/Meta, even if the user had no social media account.

Among other data, TikTok collects the IP address, the page a user is on, and what the user is clicking, typing, or searching for. Although the data is used for targeted ads and ad effectiveness, a TikTok spokesperson claims the data "is not used to group individuals into particular interest categories for other advertisers to target." Data collected from non-TikTok users, however, are used in aggregated reports sent to advertisers. "TikTok's "secret operation" tracks you even if you don't use it." (Oct. 04, 2022)


Organizations should consider a policy that limits the use of social media and standards that promote privacy protections from third parties. While the tracking is claimed to be for marketing/advertising purposes for now, that does not mean it will not be used for other purposes in the future. 

The risk for organizations is that employee information is tracked, but also that employee interactions online create a heightened risk for social engineering.

As for organizations and individuals, Consumer Reports recommends three guidelines to protect organizational and personal information online:


·  Use privacy-protected browser extensions such as uBlock Origin or Malwarebytes Browser Guard.

·  Take advantage of your browser’s privacy settings.

·  Use a privacy-focused browser, such as Brave or Firefox.


Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Ask Jack: Part One: What Are Signs My Computer Is Hacked?

Computer acting weird? Does it mean you are a victim of a cybercriminal? Jack takes a look at what should cause you to sweat and what shouldn't in a multi-part series.

Ask Jack: What Do I Need To Know About Malware Delivery Beyond Phishing?

Jack explains why you need to let employees know malware can originate from a lot of places other than their in-boxes.

Ask Jack: Is Deep Fake Voice Tech A Data Risk For Employers?

Deep fake voice scams are hitting families. Jack explains how it is just a matter of time before scammers turn their attention to employers.