A former Meta employee has accused the company of sidestepping Apple’s privacy protections(nuova finestra) — and claims he was fired after raising concerns.

The allegations, now part of an employment tribunal(nuova finestra) in London, suggest Meta may have used internal data methods to continue tracking users despite Apple’s rules requiring consent. If accurate, the claims point to a larger issue: how easily user consent can be undermined and why protecting your privacy requires far more than trusting platform policies.

Here’s what’s alleged, why it matters, and what you can do to protect your privacy.

What happened?

Samujjal Purkayastha, a former product manager on Meta’s Shops Ads team, alleged in legal filings that Meta (nuova finestra)used a technique called deterministic matching(nuova finestra) to track users across its platforms — potentially even when they denied tracking permission via Apple’s App Tracking Transparency (ATT) feature(nuova finestra).

In his complaint, Purkayastha claims:

  • Meta combined internal data from platforms like Facebook and Instagram to match user identities and behavior, potentially bypassing ATT restrictions.
  • The company inflated the reported performance of its “Shops Ads” by including taxes and shipping in the reported conversion value — allegedly boosting return-on-ad-spend by up to 19%.
  • Meta used $160 million in internal subsidies to promote the ad product(nuova finestra) and make it appear more successful than it was.

Meta denies these allegations and says Purkayastha’s dismissal was due to unrelated factors.

Why it matters

Apple introduced ATT(nuova finestra) to give iPhone users more control over how apps track their activity across other apps and websites. If Purkayastha’s allegations are sustained in the courts, however, Meta’s practices could have circumvented those protections, undermining user consent and the effectiveness of platform-level privacy controls.

Here’s what’s at stake and why this story should matter to you:

  • Your opt-out may not be absolute. Even without third-party trackers, companies may be able to link your data using internal identifiers, a practice often invisible to users.
  • Consent-based frameworks rely on enforcement. If privacy restrictions can be quietly sidestepped, users lose meaningful control.
  • This example could inspire others to push ethical boundaries even harder. Workarounds by platforms as powerful as Meta can set precedents others may follow.

Meta is testing even more aggressive tracking methods

Two iOS developers known collectively as Mysk discovered that Instagram is testing a new notification system that will allow the app to collect even more information on your device without you ever opening it.

Purkayastha’s allegations seem to bolster Mysk’s previous claims that Meta already uses push notifications to report back details about your device, like battery level, timezone, CPU, which let it fingerprint your device and track you across your apps. This is precisely what Apple introduced ATT to prevent, but it appears as though Apple’s controls cannot (or will not) prevent determined apps from collecting device-level information.

Its new push notification will include profile photos that require the app to ask Instagram’s servers for the image each time the notification appears, allowing Instagram to track when each notification hits your system. Meta’s data collection continues to grow, even if you don’t open its apps.

What you can do to protect your privacy

Adjust your privacy settings

On iPhone, go to Settings → Privacy & Security → Tracking and disable “Allow Apps to Request to Track.”

An iPhone that highlights the "Allow apps to request to track" setting

This reduces your exposure to cross-app tracking, though it doesn’t block all possible tracking methods.

But be aware: many apps are actively trying to work around this setting. If you’re serious about protecting your privacy, you’ll need to take more proactive steps, as App Tracking Transparency alone won’t stop them.

Turn off push notifications

You turn off push notifications for apps where it’s not absolutely necessary. Meta is far from the only offender. X and LinkedIn also collect information that could be used to fingerprint your device. Here’s how to turn off Instagram notifications.

  1. Open the Settings app on your iPhone.
  2. Scroll down and tap Notifications.
  3. In the list of apps, find and tap Instagram.
An iPhone highlights the Instagram app in the Notifications area
  1. Toggle Allow Notifications to off (the switch should no longer be green).
An iPhone highlights the "Allow notifications" setting for the Instagram app

Once you’ve done this, Instagram will no longer send push notifications to your iPhone.

Use the web app in a privacy-first browser

Rather than downloading the native app onto your device, use the Instagram (or X or LinkedIn) web app with a browser like Firefox(nuova finestra) or Brave(nuova finestra), which block many common trackers and minimize data sharing by default. Proton recommends these browsers when using our services — and for safer browsing overall.

The bottom line

While Meta disputes Purkayastha’s claims and the case is ongoing, the allegations are a reminder that platform promises aren’t always enough. And just because a company says it respects privacy doesn’t mean it’s true.

Combined with recent reports — such as claims that Meta AI is scanning camera rolls without explicit consent and ongoing lawsuits raising questions about WhatsApp’s safety — it’s understandable why some people might feel Meta is continually testing the limits of privacy controls.

At Proton, we believe privacy should be enforced through the technology itself — not just terms of service. And that should be a top priority: preserving privacy as a basic human right.