The United States Postal Service (USPS) has been sharing the private information of its online customers with advertising and tech giants Meta, LinkedIn, and Snap. This revelation was discovered by TechCrunch through an investigation into the USPS website’s use of tracking pixels.
What is a Tracking Pixel?
A tracking pixel, also known as data-collecting code, is used across various websites to collect information about users. When a webpage containing this code loads in a user’s browser, it sends back information about their interactions with the site, including which pages they visit and how long they stay on each page.
USPS’s Use of Tracking Pixels
The USPS website uses tracking pixels to collect data from its online customers, including those who use the Informed Delivery service. This service allows users to see photos of their incoming mail before it arrives. The collected data includes the postal addresses of logged-in customers, which were shared with Meta, LinkedIn, and Snap.
How Did TechCrunch Discover This?
TechCrunch discovered this issue through its own testing of the USPS website using tools built into modern browsers to inspect network traffic. By examining the data-collecting code on the USPS site, it was found that it was scraping users’ addresses from the Informed Delivery landing page after they logged in and sending this information to the mentioned tech giants.
Data Collection Beyond Postal Addresses
The tracking pixels used by USPS also collected other sensitive data from users, including:
- Information about their computer type and browser
- Tracking numbers entered into the USPS website
- In-transit tracking data, including the real-world location of mail within the postal system
Reactions from Tech Companies
When reached for comment, Meta spokesperson Emil Vazquez stated that Facebook’s policies prohibit advertisers from sending sensitive information about users through its Business Tools. LinkedIn spokesperson Brionna Ruff echoed similar sentiments, noting that their customer ad tools and agreements are clear in prohibiting the sharing of sensitive data with them.
USPS Response
In a statement to TechCrunch, USPS spokesperson Jim McKean acknowledged that the Postal Service had been unaware of this issue and took immediate action to remediate it. However, he declined to comment further on the specific actions taken.
Broader Implications
This incident raises concerns about data privacy and security in the digital age. The sharing of sensitive information by organizations like USPS highlights the need for greater transparency and accountability in how data is collected and used.
Recent Similar Incidents
In 2023, telehealth wellness startup Cerebral and alcohol recovery apps Tempest and Monument revealed that they had shared private health information with tech and advertising companies. The Federal Trade Commission (FTC) brought enforcement action against healthcare data giant GoodRx for sharing customer health data with advertisers, resulting in a $1.5 million fine.
Conclusion
The discovery of USPS sharing customers’ private information with tech giants Meta, LinkedIn, and Snap serves as a reminder of the importance of robust data protection measures and transparency in the digital age. As technology continues to evolve, it is crucial for organizations to prioritize user privacy and security to maintain trust and avoid similar incidents.
Related Stories