The ghost of Facebook pixel tracking on VPN websites is back!

Running a VPN service has a lot to do with building trust. Most of us are not really aware of what happens online, behind the binary shroud. We don’t know when we’re being tracked or where that data ends up going. That’s why trust is so important – mostly, we can only trust that a VPN is doing what they say. We have no means to infiltrate datacenters, hack emails, or engage in subterfuge to get to the truth. Watching Netflix is a lot more fun than playing David in his fight against the mighty digital Goliath!

Sadly, trust is brittle and VPN providers don‘t always play by their own rules. Recently, an unfortunate report made the rounds, demonstrating that many top VPN providers have a Facebook pixel on their websites. This means users‘ behavior on these sites is tracked and the data funneled to Facebook for marketing benefits. We‘ll get to why that‘s problematic in a bit, but there‘s some interesting history here. When the story broke (only a few months back!), many VPN providers mentioned in it quickly responded and removed their Facebook pixel. Time went on, the story stopped mattering, and, what do you know – Facebook pixels are in vogue again and so is tracking your behavior on VPN websites!

We’ve taken a look at the websites of our top 15 VPNs, and listed our findings below. Some are repeat offenders. They got caught the first time and quickly removed the pixel, only to reinstate it after the fire died down. These are:

  • CyberGhost VPN
  • SaferVPN
  • ZenMate
  • PureVPN
  • IPVanish

Below you’ll see how our top 15 looks:

vpns which are sharing data

It‘s great to see that some have nothing to report. Others are new to this thing, so let‘s give them a warm welcome!

As early as last week we reported about an issue with VPN providers using Gmail. ExpressVPN and ZenMate responded and even accused us of sensationalism. Yet here we are again.

We‘re surprised to see CyberGhost VPN on this list – they are generally quite good with your privacy. Then there‘s two more big names – Private Internet Access and IPVanish – and some others.

We‘re happy to see that PrivateVPN, Hotspot Shield, and VyprVPN, all of which were mentioned in the previous report, are not using a Facebook pixel – good job! And there are also some VPNs that have never used it to our knowledge, and are not using it now – namely, NordVPN and TorGuard.

What is the Facebook pixel and why should you care?

A Facebook pixel is code you can include in the code of your website to track certain “events”. You get to decide what those events are – here’s a list from Facebook:

Facebook pixel

Using this data, Facebook can provide more efficient advertising (for you or for others). Two particular tools come to mind: lookalike audiences and custom audiences. The first may use data gathered from pixels to build groups of people with similar interests (some who perhaps have never even visited a pixel website). The second might exclude one from VPN adverts if you’ve already bought a VPN (for example). Facebook can easily match web browsing data to your personal profile, meaning they can personalize to a very high level. It’s not merely about big audiences – it’s also about getting personal with complex ID matching, your Facebook profile leaving a trace all over the web, and so on. Using these techniques they can efficiently track you even across devices.

We can debate these marketing practices to no end, but that’s not really the point. The real problem is that Facebook controls the information tracked by pixels, and, as we all know, they don’t have the best privacy record. Although it dealt with a different type of issue, the Cambridge Analytica scandal showed the level of concern for privacy you can expect from Facebook. Do you want them to know you’re using a VPN?

Then there’s the issue of the government. You may think it’s not so bad Facebook knows you’re using a VPN, but then you’re just not doing things the government really doesn’t like. If you’re hacking into DNC servers to influence an election, that knowledge may be quite crucial! (Don’t do that, by the way)

VPNs are supposed to keep your online activities private, and mostly they do. But, somehow, they have no issue being a threat to privacy themselves! So, we have a rhetorical question: how do you trust a thief?