USPS shared customer postal addresses with Meta, LinkedIn and Snap

Date:

Share post:


The U.S. Postal Service was sharing the postal addresses of its online customers with advertising and tech giants Meta, LinkedIn and Snap, TechCrunch has found.

On Wednesday, the USPS said it addressed the issue and stopped the practice, claiming that it was “unaware” of it.

TechCrunch found USPS was sharing customers’ information by way of hidden data-collecting code (also known as tracking pixels) used across its website. Tech and advertising companies create this kind of code to collect information about the user — such as which pages they visit — every time a webpage containing the code loads in the customer’s browser.

In the case of USPS, some of that collected data included the postal addresses of logged-in USPS Informed Delivery customers, who use the service to see photos of their incoming mail before it arrives.

It’s not clear how many individuals had their information collected or for how long. Informed Delivery had more than 62 million users as of March 2024. 

In a statement to TechCrunch, USPS spokesperson Jim McKean said: “The Postal Service leverages an analytics platform for our own internal purposes, so that we understand the usage of our products and services and which we use on an aggregated basis to market our products.”

“The Postal Service does not sell or provide any personal information that is collected from this analytics platform to any third party, and we were unaware of any configuration of the platform that collected personal information from the URL and that shared it without our knowledge with social media.” 

“We have taken immediate action to remediate this issue,” the spokesperson said, without saying what action was taken. The spokesperson declined to comment further. 

When reached for comment, Facebook spokesperson Emil Vazquez provided a statement: “We’ve been clear in our policies that advertisers should not send sensitive information about people through our Business Tools. Doing so is against our policies, and we educate advertisers on properly setting up Business Tools to prevent this from occurring. Our system is designed to filter out potentially sensitive data it is able to detect.”

Spokespeople for LinkedIn and Snap did not immediately comment when contacted by TechCrunch.

In our testing, TechCrunch discovered that the USPS website shared the postal address of a logged-in USPS Informed Delivery customer with Meta, LinkedIn and Snap. TechCrunch tested this by inspecting the network traffic using tools baked into most modern browsers. 

Our testing showed the data-collecting code on USPS’ website was scraping the customer’s address from the Informed Delivery landing page after customers logged in, and then sending it to the companies.

The code also collected other data, such as information about the user’s computer type and browser, which appeared as partly pseudonymized — essentially scrambled in a way that makes it more difficult for humans to know where data came from, or who it relates to, by using randomized identifiers in place of real customer names. But researchers have long warned that pseudonymous data can still be used to re-identify seemingly anonymous individuals. 

TechCrunch also found that tracking numbers entered into the USPS website were also shared with advertisers and tech companies, including Bing, Google, LinkedIn, Pinterest and Snap. Some in-transit tracking data was also shared, such as the real-world location of the mail in the postal system, even if the customer was not logged in to USPS’ website.

USPS’ spokesperson declined to say if the postal service will ask the tech companies to delete the data that they collected. 

A spokesperson for the USPS Office of Inspector General, the federal watchdog that provides oversight of the postal service, did not comment at press time.

USPS is the latest organization in recent years to curtail its use of web tracking code.

In 2023, telehealth wellness startup Cerebral and alcohol recovery apps Tempest and Monument revealed they had shared private health information, including assessments submitted by their users, with tech and advertising companies, and had since removed the tracking code.

In the same year, the Federal Trade Commission brought enforcement action against healthcare data giant GoodRx, which agreed to pay $1.5 million for sharing health data of customers with advertisers, and online therapy company BetterHelp, which was ordered to compensate patients to the tune of $7.8 million for also sharing their private health questionnaire responses.

Updated with comment from Meta.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

WhatsApp rolls out voice message transcripts

WhatsApp announced on Thursday it’s rolling out voice message transcripts. The Meta-owned company says the new feature...

Threads adjusts its algorithm to show you more content from accounts you follow

After several complaints about its algorithm, Threads is finally making changes to surface more content from people...

Spotify tests a video feature for audiobooks as it ramps up video expansion

Spotify is enhancing the audiobook experience for premium users through three new experiments: video clips, author pages,...

Candela brings its P-12 electric ferry to Tahoe and adds another $14M to build more

Electric passenger boat startup Candela has topped off its most recent raise with another $14 million, the...

OneRail’s software helps solve the last-mile delivery problem

Last-mile delivery, the very last step of the delivery process, is a common pain point for companies....

Bill to ban social media use by under-16s arrives in Australia’s parliament

Legislation to ban social media for under 16s has been introduced in the Australian parliament. The country’s...

Lighthouse, an analytics provider for the hospitality sector, lights up with $370M at a $1B valuation

Here is yet one more sign of the travel industry’s noticeable boom: a major growth round for...

DOJ: Google must sell Chrome to end monopoly

The United States Department of Justice argued Wednesday that Google should divest its Chrome browser as part...