Meta’s Facebook subsidiary has been collecting hashed personal data from students seeking US government financial aid, even from those without a Facebook account and those not logged into the student aid website, according to a research study published this week.
News non-profit The Markup, working with Mozilla via its Rally data monitoring extension, found that the Meta pixel code has been gathering digital fingerprints representing the first name, last name, phone number, zip code, and email address of students filling out the Free Application for Federal Student Aid, or FAFSA, on the US Department of Education’s StudentAid.gov website.
This data is hashed – meaning it is one-way encrypted, using the SHA-256 algorithm – before it is sent to Meta, so Facebook doesn’t obtain the actual content of the information, such as someone’s name or email address. The info is scrambled into long numbers that act as digital fingerprints for each person’s form submissions. Though Facebook can’t see exactly what was entered, it could potentially use these hashes for tracking purposes or linking submissions to people’s Facebook profiles; if the hashes are useless to the biz, one wonders why it’s collected at all.
“Federal Student Aid works hard to protect the privacy and security of customer data for those who visit our our StudentAid.gov website,” Federal Student Aid chief operating officer Richard Cordray told The Register. “In this instance, we have determined that we need to go back and research this issue more fully. We will do that and