Support » Plugin: Facebook for WooCommerce » Holy privacy violation Batman

  • Resolved tamar

    (@tamar)


    Just looking at my source code and found my personal email address and phone number in the code.

    Why is Facebook for WooCommerce displaying this? What’s the point in such an egregious privacy violation?

    
    <script type="text/javascript">
    
    				fbq('init', '[my ID]', {
        "em": "[my email]",
        "ph": "[my phone]"
    }, {
        "agent": "woocommerce-4.6.1-2.1.3"
    });
    
    				fbq( 'track', 'PageView', {
        "source": "woocommerce",
        "version": "4.6.1",
        "pluginVersion": "2.1.4"
    } );
    
    				document.addEventListener( 'DOMContentLoaded', function() {
    					jQuery && jQuery( function( $ ) {
    						// insert placeholder for events injected when a product is added to the cart through AJAX
    						$( document.body ).append( '<div class=\"wc-facebook-pixel-event-placeholder\"></div>' );
    					} );
    				}, false );
    
    			</script>
    
    • This topic was modified 1 year, 9 months ago by tamar.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support Julie Martin

    (@julieskyverge)

    Hi @tamar,

    Thanks so much for writing in. Are you signed in to Facebook when viewing your source? Are you still seeing this information if you try it out in a new private or incognito browser window?

    Thanks for any other information here!

    Julie 🙂
    SkyVerge

    Thread Starter tamar

    (@tamar)

    Good call, no, but why is it taking this info and putting it in the source? What’s the purpose?

    Plugin Support Julie Martin

    (@julieskyverge)

    Hey @tamar,

    Great, I’m glad it’s only pulling data for the logged-in user. 🙂 I’m fairly certain this is being put into the source for the advanced matching feature in the Facebook Pixel. However, I’m not certain why this information isn’t being hashed or otherwise obscured.

    I’m checking with a colleague on this and will come back to you as soon as they’ve gotten back to me.

    Thanks!

    Julie 🙂
    SkyVerge

    Thread Starter tamar

    (@tamar)

    Thank you Julie!

    Plugin Support Julie Martin

    (@julieskyverge)

    Hey @tamar,

    No worries, happy to help out!

    So what I’ve learned is that Facebook expects us to pass through that personally-identifiable information in order to track the specific user that’s logged in to Facebook as they move around on your site. We do it through JavaScript presently and, as such, we can’t obscure that data before we pass it to Facebook, it can only be done as we pass it to Facebook. Since we’re doing it through JavaScript, the user’s data will appear in the JavaScript in the page source and then we pull from that and push it to Facebook.

    That said, since it’s the logged-in user’s own data, this shouldn’t present any kind of security issue.

    You can read a bit more about the Advanced Matching feature of the Facebook pixel here:

    https://developers.facebook.com/docs/facebook-pixel/advanced/advanced-matching/

    Does that help to clarify things here? Please don’t hesitate to let me know if you have any other questions!

    Thanks,

    Julie 🙂
    SkyVerge

    Thread Starter tamar

    (@tamar)

    Thanks, yeah, but I think most sites have the pixel, just not with this option. Got it – thank you for looking into this. Will mark as resolved though, I’m glad script processing is pretty dynamic these days and there’s no reason I’d be accidentally sending someone some source code!

    Plugin Support Julie Martin

    (@julieskyverge)

    Hey @tamar,

    Of course, my pleasure!

    If there’s anything else we can do or if you have any other questions, would you please open up a new thread? We’ll be happy to help.

    Thanks so much,

    Julie 🙂
    SkyVerge

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Holy privacy violation Batman’ is closed to new replies.