You Probably Don’t Know All the Ways Facebook Tracks You

Uploaded on 2018-01-31 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

We’re all aware of the deal we make when we sign up with Facebook: we get somewhere to post vacation photos and stalk friends, and Mark Zuckerberg gets to sell your passion for fishing trips to fishing equipment retailers.

What you might not realise is how deep or extensive the tracking goes, so let’s shed some light on it.

All of this is well within Facebook’s remit. You’re using its services and, per its privacy policy, it can do what it likes with the data you hand over: Facebook’s full privacy policy is here.

There are some ways to limit the reach of Facebook’s data-sucking tentacles (and we’ll go through them below), but ultimately the only way to really get back all of your privacy is to delete your account.

Some of the relationship between your actions of Facebook and how Facebook uses those actions for financial gain is immediately obvious: like a page on Coke, and you see more adverts for the fizzy beverage.

But less obvious are the ways Facebook joins the dots between the data points it collects, building up a picture of who you are and what you might be interested in, whether or not it’s 100 percent accurate doesn’t really matter, because it can still sell targeted adverts at a higher rate.

“Even if people are aware of what data they’re telling Facebook about themselves, they’re unaware about the types of correlations that Facebook can make based on that data,” Bruce Schneier, a security expert and fellow at Harvard’s Berkman Center, told Gizmodo.

“This is normal, we tend to focus on the data collection because that’s easier to see. I think the real problem are the correlations, which are much harder to see.”

Take Facebook’s 2014 analysis of which users are in relationships, even if it’s not declared on their profiles. The way your posting frequency sheds light on your life is one of the correlations that Facebook can use, and this was four years ago!

The data in the experiment was aggregated and anonymised, Facebook says, but it shows the reach of Facebook’s digital surveillance apparatus.

If you want an idea on how Facebook perceives your online behavior and transforms it into tailored advertisements log into the site and visit your Ad Preferences page.

“Everything people do, either on Facebook directly or on sites that have a Facebook ‘Like’ button, reveals information about them to Facebook,” adds Schneier. “That’s an important point: Facebook tracks you even when you’re not on Facebook, because of their extensive surveillance network on sites that link to them.”

The Big Reveal

Even if you’re careful about the advertisers and businesses you interact with on Facebook, the social network’s range of technologies mean it’s very hard to stay completely untracked as you move about the web.

Load up Facebook’s ad policy page and you can learn about some of the ways you might be exposing yourself to eager advertisers, Facebook knows when you share information with a business, sign up for a loyalty program, or even add items to a shopping cart that you then never purchase.

As Facebook’s algorithms get smarter, its automated tracking gets smarter too. For example, facial recognition is a handy little AI trick you can use when you want to call up all the pictures you and your best buddy have been in together, but it also means Facebook can now recognise you in photos without you actually having to go to the trouble of tagging yourself, something that’s got the platform into hot water in Europe.

“As images are posted and you are tagged... facial recognition is continually refined,” Craig Spiezle, Chairman of the Online Trust Allowance, told Gizmodo. “Do users understand the implications? For example if there is a group photo of a project or an event, you may automatically be recognised and tagged.”

“Settings can be complex and while I think [Facebook] does try to provide notices on changes, I believe the typical user ignores it,” adds Spiezle, saying that while these tracking features can be disabled in certain cases, “these all come with a trade off to the user experience” on the network. Which means in order to enjoy the full benefit of what Facebook potentially has to offer you also have to give away much of your privacy.

Facebook isn’t the only company working on facial recognition and it’s not the only company that has to answer questions about how this automated scanning could be used to track us in the physical world when we’re not even aware of it.

There are plenty more examples of how Facebook adds to its user profiles too:

  • Where you’re going: The big data point Facebook gets when you install its mobile applications is where you are every second of the day. This gives it information on the bands you like seeing, the tourist spots you enjoy, and even the individual stores you walk into. If you’re not happy with this, you can revoke these permissions on Android and iOS.
  • The websites you visit: So many websites and third-party services use Facebook technologies, from Like buttons to login options, that Facebook has a pretty good idea of what you’re up to when you’re not actually on Facebook. If you want to limit how this data can be collected and used, then you need to do some tidying up in your Facebook settings.
  • Your financial status: Even if you never post about your money worries (or joys) on Facebook, it can still build up a fairly good assessment of your financial position to sell on to advertisers. How? By combining data points like your online purchases and where you live, together with records provided by its marketing partners from various sources.
  • Status updates you almost post: Facebook can tell when you’re about to write something and then think better of it, as per a 2012 research paper(though the contents of your self-censored musings aren’t logged). If you’re thinking of making a drunken boast or a barbed comment and then think better of it, Facebook sees your indecisiveness.
  • Apps you install: It’s not just Facebook’s privacy policy you need to worry about, but also how third-party apps are using your data, while a Facebook quiz may seem innocuous, telling the world which bands you’ve seen gives another data point to advertisers. Pay close attention to the permissions apps ask for and remove the ones you don’t need.
  • Apps your friends install: Bad news, apps your dimwitted friends install can gather information you’re sharing with them too. To limit this, go to the Apps section of Settings on Facebook, click Edit under Apps others use, and then untick all the categories of information you’re not comfortable sharing. Alternatively, unfriend the worst offenders.
  • When you’re feeling low: Another trick Facebook’s algorithms can do is make a pretty good guess about when you’re at a low ebb. This is one of the data points Facebook promises it isn’t selling on to advertisers, but it’s a sign of the way all these various social media signals can be combined together to make some revealing conclusions about you.
  • Facebook’s other apps: Even if you barely touch Facebook, the social network can still harvest information about you through the other apps it owns, like Instagram and WhatsApp. If you want to stop this from happening, you can switch off data sharing in WhatsApp, though you’re more or less stuck with it if you’re an Instagram user.

Do you know where your data is?

Facebook sees everything you do on the platform, though it does offer a decent amount of control over who else can see your posts and who can’t.

Sometimes, however, these lines aren’t as clearly marked as you might think, and with a little bit of expert know-how, other people can dig deeper into your profile than you might like.

Michael Bazzell collects publicly available online data for his job as a security expert (he’s served as a technical advisor on Mr. Robot), and was able to show us how to check on the big information you might be revealing without knowing it.

First, head here, click the Facebook link on the left side of the page, and enter your username into the FB User Name field to get your profile number (a long series of digits). Log into Facebook and try any of the following URLs to see what you (or your friends have been) up to.

  • Places you’ve checked into:
    www.facebook.com/search/<userID>/places-checked-in  
  • Events you’re going to/interested in:
    www.facebook.com/search/<userID>/events    
  • Photos you’ve commented on:
    www.facebook.com/search/<userID>/photos-commented    
  • Facebook videos you’ve liked:
    www.facebook.com/search/<userID>/videos-liked

You can pick up data here that’s not necessarily available through your profile and can even in some cases be seen by people who you’re not friends with on Facebook, as long as the posts are public. If other people can uncover these sorts of results with a few clicks, imagine what’s going on deep within Facebook’s servers.

“The examples above were done legally and within the intention of Facebook’s search,” Bazzell, who doesn’t post anything on Facebook, told us. “There was nothing shady. I only pulled publicly available details.”

“My view is that anything posted to a social network is public data, regardless of the privacy settings. I don’t blame Facebook, I blame all of us for not investigating the companies that want our data. Facebook does not charge its users for access, yet makes billions of dollars. The users are the product.”

It’s up to you whether you find the services of Facebook (or Google or Apple or Amazon) useful enough to be worth the privacy trade-off, but what’s certain is we’re in a new age of data tracking, one that goes way beyond the information we’re actually aware that we’re sharing.

Gizmodo:    Image: Nick Youngson 

You Might Also Read: 

The Big Online Advertising Swindle:

Australia To Challenge Facebook & Google Over Media Disruption:

 

« Facebook Names IBM Watson Executive AI Chief
Cyber Attacks Rank Alongside Natural Disasters »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

CryptTalk

CryptTalk

CryptTalk is an easy-to-use secure communication service.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.

Platin Bilişim

Platin Bilişim

Platin Bilisim is an IT Security company providing consultancy, solutions and operational support services.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

RISE

RISE

RISE is an independent, State-owned research institute, which offers unique expertise and over 100 testbeds and demonstration environments for future-proof technologies, products and services.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

CyberPion

CyberPion

Cyberpion’s groundbreaking platform enables security teams to identify and neutralize threats stemming from vulnerabilities within online assets throughout an enterprise’s ecosystem.

Millennium Corporation

Millennium Corporation

For nearly two decades, Millennium Corporation has been operating on the leading edge of cybersecurity.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.