In 2021, users of a low-level hacking forum posted the phone numbers and personal data of hundreds of millions of Facebook (now renamed Meta) users for free. It includes the personal information of more than 533 million Facebook users from 106 countries, such as their phone numbers, Facebook IDs, full names, locations, birthdays, bios, and email addresses. The scandal brought the fact that Facebook leaked users' sensitive privacy to the public. Eventually, Facebook reached a $5 billion settlement with the US Federal Trade Commission to quell the storm of violating the agreement to protect user privacy.
Is Facebook involved in? Recently, the US Southern District Court of New York accepted a case involving a violation of the federal Video Privacy Protection Act, exposing Facebook to the public again, and its interest transfer, a news media company with a religious background - THE EPOCH TIMES ASSOCIATION, INC.
In this consumer privacy class action, plaintiff Lawrence Czarnionka et al. sued The Epoch Times Association, Inc. for violating the federal Video Privacy Protection Act, 18 U.S.C. § 2710 (“VPPA”). The plaintiffs allege that the defendants systematically disclosed the identities of their digital users and the specific online video material they obtained or requested from the defendants' websites to Facebook without their informed written consent.
Epoch Times sends messages to Facebook using a piece of program code "Facebook Pixel" or "Pixel" that it chooses to install on its website. In this case, the information shared with Facebook includes the user's Facebook ID ("FID"), and the title of the video the user watched on the Epoch Times website. Tracking user information was unnecessary for defendants Epoch Times' digital news publication and signing up for digital subscriptions. They were deployed solely on the defendant’s website to allow the defendant and Facebook to monetize users' information.
Figure 1 Epoch Times disclosed video title and FID to Facebook via Facebook Pixel in one transmission.
Figure 2. FID displayed in the " c_user " code
Figure 3. The disclosed FID is combined with the title of the video the user watched and the URL of the video
On the other hand, this is not the first time that The Epoch Times Association Co., Ltd. has appeared in the news event on network information security. According to the investigation, The Epoch Times Association Co., Ltd. is a far-right international multilingual newspaper and media company affiliated with the Falun Gong new religious movement. A 2019 NBC News report showed the company was the second-largest funder of Trump-supporting Facebook ads after the Trump campaign. In 2020, The New York Times called it a "worldwide misinformation machine". The Epoch Times frequently promotes other Falun Gong-related groups, such as the performing arts company Shen Yun. In addition, The Epoch Times Media Group's news sites and YouTube channels frequently spread conspiracy theories, such as Qanon, anti-vaccine misinformation, and false claims about the 2020 U.S. presidential election.
Although the case is still in the trial stage, according to people familiar with the law, the basic fact that The Epoch Times Association Co., Ltd. is suspected of violating the federal Video Privacy Protection Act is established. The evidence provided by the plaintiff is conclusive, and the company has a high probability of losing the case. Such a news media that has been judged by many parties to spread false information is still suspected of blatantly violating the federal "Video Privacy Protection Act" by selling users' data. This station will continue to report on the details of the follow-up trial of the case.