You Probably Don’t Know All the Ways Facebook Tracks You

We’re all aware of the deal we make when we sign up with Facebook: we get somewhere to post vacation photos and stalk friends, and Mark Zuckerberg gets to sell your passion for fishing trips to fishing equipment retailers.

What you might not realise is how deep or extensive the tracking goes, so let’s shed some light on it.

All of this is well within Facebook’s remit. You’re using its services and, per its privacy policy, it can do what it likes with the data you hand over: Facebook’s full privacy policy is here.

There are some ways to limit the reach of Facebook’s data-sucking tentacles (and we’ll go through them below), but ultimately the only way to really get back all of your privacy is to delete your account.

Some of the relationship between your actions of Facebook and how Facebook uses those actions for financial gain is immediately obvious: like a page on Coke, and you see more adverts for the fizzy beverage.

But less obvious are the ways Facebook joins the dots between the data points it collects, building up a picture of who you are and what you might be interested in, whether or not it’s 100 percent accurate doesn’t really matter, because it can still sell targeted adverts at a higher rate.

“Even if people are aware of what data they’re telling Facebook about themselves, they’re unaware about the types of correlations that Facebook can make based on that data,” Bruce Schneier, a security expert and fellow at Harvard’s Berkman Center, told Gizmodo.

“This is normal, we tend to focus on the data collection because that’s easier to see. I think the real problem are the correlations, which are much harder to see.”

Take Facebook’s 2014 analysis of which users are in relationships, even if it’s not declared on their profiles. The way your posting frequency sheds light on your life is one of the correlations that Facebook can use, and this was four years ago!

The data in the experiment was aggregated and anonymised, Facebook says, but it shows the reach of Facebook’s digital surveillance apparatus.

If you want an idea on how Facebook perceives your online behavior and transforms it into tailored advertisements log into the site and visit your Ad Preferences page.

“Everything people do, either on Facebook directly or on sites that have a Facebook ‘Like’ button, reveals information about them to Facebook,” adds Schneier. “That’s an important point: Facebook tracks you even when you’re not on Facebook, because of their extensive surveillance network on sites that link to them.”

The Big Reveal

Even if you’re careful about the advertisers and businesses you interact with on Facebook, the social network’s range of technologies mean it’s very hard to stay completely untracked as you move about the web.

Load up Facebook’s ad policy page and you can learn about some of the ways you might be exposing yourself to eager advertisers, Facebook knows when you share information with a business, sign up for a loyalty program, or even add items to a shopping cart that you then never purchase.

As Facebook’s algorithms get smarter, its automated tracking gets smarter too. For example, facial recognition is a handy little AI trick you can use when you want to call up all the pictures you and your best buddy have been in together, but it also means Facebook can now recognise you in photos without you actually having to go to the trouble of tagging yourself, something that’s got the platform into hot water in Europe.

“As images are posted and you are tagged... facial recognition is continually refined,” Craig Spiezle, Chairman of the Online Trust Allowance, told Gizmodo. “Do users understand the implications? For example if there is a group photo of a project or an event, you may automatically be recognised and tagged.”

“Settings can be complex and while I think [Facebook] does try to provide notices on changes, I believe the typical user ignores it,” adds Spiezle, saying that while these tracking features can be disabled in certain cases, “these all come with a trade off to the user experience” on the network. Which means in order to enjoy the full benefit of what Facebook potentially has to offer you also have to give away much of your privacy.

Facebook isn’t the only company working on facial recognition and it’s not the only company that has to answer questions about how this automated scanning could be used to track us in the physical world when we’re not even aware of it.

There are plenty more examples of how Facebook adds to its user profiles too:

  • Where you’re going: The big data point Facebook gets when you install its mobile applications is where you are every second of the day. This gives it information on the bands you like seeing, the tourist spots you enjoy, and even the individual stores you walk into. If you’re not happy with this, you can revoke these permissions on Android and iOS.
  • The websites you visit: So many websites and third-party services use Facebook technologies, from Like buttons to login options, that Facebook has a pretty good idea of what you’re up to when you’re not actually on Facebook. If you want to limit how this data can be collected and used, then you need to do some tidying up in your Facebook settings.
  • Your financial status: Even if you never post about your money worries (or joys) on Facebook, it can still build up a fairly good assessment of your financial position to sell on to advertisers. How? By combining data points like your online purchases and where you live, together with records provided by its marketing partners from various sources.
  • Status updates you almost post: Facebook can tell when you’re about to write something and then think better of it, as per a 2012 research paper(though the contents of your self-censored musings aren’t logged). If you’re thinking of making a drunken boast or a barbed comment and then think better of it, Facebook sees your indecisiveness.
  • Apps you install: It’s not just Facebook’s privacy policy you need to worry about, but also how third-party apps are using your data, while a Facebook quiz may seem innocuous, telling the world which bands you’ve seen gives another data point to advertisers. Pay close attention to the permissions apps ask for and remove the ones you don’t need.
  • Apps your friends install: Bad news, apps your dimwitted friends install can gather information you’re sharing with them too. To limit this, go to the Apps section of Settings on Facebook, click Edit under Apps others use, and then untick all the categories of information you’re not comfortable sharing. Alternatively, unfriend the worst offenders.
  • When you’re feeling low: Another trick Facebook’s algorithms can do is make a pretty good guess about when you’re at a low ebb. This is one of the data points Facebook promises it isn’t selling on to advertisers, but it’s a sign of the way all these various social media signals can be combined together to make some revealing conclusions about you.
  • Facebook’s other apps: Even if you barely touch Facebook, the social network can still harvest information about you through the other apps it owns, like Instagram and WhatsApp. If you want to stop this from happening, you can switch off data sharing in WhatsApp, though you’re more or less stuck with it if you’re an Instagram user.

Do you know where your data is?

Facebook sees everything you do on the platform, though it does offer a decent amount of control over who else can see your posts and who can’t.

Sometimes, however, these lines aren’t as clearly marked as you might think, and with a little bit of expert know-how, other people can dig deeper into your profile than you might like.

Michael Bazzell collects publicly available online data for his job as a security expert (he’s served as a technical advisor on Mr. Robot), and was able to show us how to check on the big information you might be revealing without knowing it.

First, head here, click the Facebook link on the left side of the page, and enter your username into the FB User Name field to get your profile number (a long series of digits). Log into Facebook and try any of the following URLs to see what you (or your friends have been) up to.

  • Places you’ve checked into:
    www.facebook.com/search/<userID>/places-checked-in  
  • Events you’re going to/interested in:
    www.facebook.com/search/<userID>/events    
  • Photos you’ve commented on:
    www.facebook.com/search/<userID>/photos-commented    
  • Facebook videos you’ve liked:
    www.facebook.com/search/<userID>/videos-liked

You can pick up data here that’s not necessarily available through your profile and can even in some cases be seen by people who you’re not friends with on Facebook, as long as the posts are public. If other people can uncover these sorts of results with a few clicks, imagine what’s going on deep within Facebook’s servers.

“The examples above were done legally and within the intention of Facebook’s search,” Bazzell, who doesn’t post anything on Facebook, told us. “There was nothing shady. I only pulled publicly available details.”

“My view is that anything posted to a social network is public data, regardless of the privacy settings. I don’t blame Facebook, I blame all of us for not investigating the companies that want our data. Facebook does not charge its users for access, yet makes billions of dollars. The users are the product.”

It’s up to you whether you find the services of Facebook (or Google or Apple or Amazon) useful enough to be worth the privacy trade-off, but what’s certain is we’re in a new age of data tracking, one that goes way beyond the information we’re actually aware that we’re sharing.

Gizmodo:    Image: Nick Youngson 

You Might Also Read: 

The Big Online Advertising Swindle:

Australia To Challenge Facebook & Google Over Media Disruption:

 

« Facebook Names IBM Watson Executive AI Chief
Cyber Attacks Rank Alongside Natural Disasters »

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Defence IQ

Defence IQ

Defence IQ is an authoritative news source for commentary and analysis on global defence and military-related topics including cyber security.

GamaSec

GamaSec

GamaSec provide security solutions for detecting and protecting websites, web applications and other vulnerable online information.

cPacket Networks

cPacket Networks

cPacket’s distributed intelligence enables network operators to proactively identify imminent issues before they negatively impact end-users.

D3 Security

D3 Security

D3 Security provides the world's leading platform for incident response, investigation/case management, and security operations.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Geepy Smart Technology

Geepy Smart Technology

Geepy is the name for a range of smart products that integrate sensors, control, communications, cloud platform and cyber security.

VIBE Cybersecurity International

VIBE Cybersecurity International

VIBE’s certificate-less authenticated encryption enables scalable, flexible key exchange, and other advanced cryptographic functions using identity-based elliptic curve cryptosystems (ECC).