Enlarge (credit: Chesnot / Contributor | Getty Images Europe )

After Apple updated its privacy rules in 2021 to easily allow iOS users to opt out of all tracking by third-party apps, so many people opted out that the Electronic Frontier Foundation reported that Meta lost $10 billion in revenue over the next year.

Meta’s business model depends on selling user data to advertisers, and it seems that the owner of Facebook and Instagram sought new paths to continue widely gathering data and to recover from the suddenly lost revenue. Last month, a privacy researcher and former Google engineer, Felix Krause, alleged that one way Meta sought to recover its losses was by directing any link a user clicks in the app to open in-browser, where Krause reported that Meta was able to inject a code, alter the external websites, and track “anything you do on any website,” including tracking passwords, without user consent.

Now, within the past week, two class action lawsuits [1] [2] from three Facebook and iOS users—who point directly to Krause’s research—are suing Meta on behalf of all iOS users impacted, accusing Meta of concealing privacy risks, circumventing iOS user privacy choices, and intercepting, monitoring, and recording all activity on third-party websites viewed in Facebook or Instagram’s browser. This includes form entries and screenshots granting Meta a secretive pipeline through its in-app browser to access “personally identifiable information, private health details, text entries, and other sensitive confidential facts”—seemingly without users even knowing the data collection is happening.