You Probably Don’t Know All the Ways Facebook Tracks You

We’re all aware of the deal we make when we sign up with Facebook: we get somewhere to post vacation photos and stalk friends, and Mark Zuckerberg gets to sell your passion for fishing trips to fishing equipment retailers.

What you might not realise is how deep or extensive the tracking goes, so let’s shed some light on it.

All of this is well within Facebook’s remit. You’re using its services and, per its privacy policy, it can do what it likes with the data you hand over: Facebook’s full privacy policy is here.

There are some ways to limit the reach of Facebook’s data-sucking tentacles (and we’ll go through them below), but ultimately the only way to really get back all of your privacy is to delete your account.

Some of the relationship between your actions of Facebook and how Facebook uses those actions for financial gain is immediately obvious: like a page on Coke, and you see more adverts for the fizzy beverage.

But less obvious are the ways Facebook joins the dots between the data points it collects, building up a picture of who you are and what you might be interested in, whether or not it’s 100 percent accurate doesn’t really matter, because it can still sell targeted adverts at a higher rate.

“Even if people are aware of what data they’re telling Facebook about themselves, they’re unaware about the types of correlations that Facebook can make based on that data,” Bruce Schneier, a security expert and fellow at Harvard’s Berkman Center, told Gizmodo.

“This is normal, we tend to focus on the data collection because that’s easier to see. I think the real problem are the correlations, which are much harder to see.”

Take Facebook’s 2014 analysis of which users are in relationships, even if it’s not declared on their profiles. The way your posting frequency sheds light on your life is one of the correlations that Facebook can use, and this was four years ago!

The data in the experiment was aggregated and anonymised, Facebook says, but it shows the reach of Facebook’s digital surveillance apparatus.

If you want an idea on how Facebook perceives your online behavior and transforms it into tailored advertisements log into the site and visit your Ad Preferences page.

“Everything people do, either on Facebook directly or on sites that have a Facebook ‘Like’ button, reveals information about them to Facebook,” adds Schneier. “That’s an important point: Facebook tracks you even when you’re not on Facebook, because of their extensive surveillance network on sites that link to them.”

The Big Reveal

Even if you’re careful about the advertisers and businesses you interact with on Facebook, the social network’s range of technologies mean it’s very hard to stay completely untracked as you move about the web.

Load up Facebook’s ad policy page and you can learn about some of the ways you might be exposing yourself to eager advertisers, Facebook knows when you share information with a business, sign up for a loyalty program, or even add items to a shopping cart that you then never purchase.

As Facebook’s algorithms get smarter, its automated tracking gets smarter too. For example, facial recognition is a handy little AI trick you can use when you want to call up all the pictures you and your best buddy have been in together, but it also means Facebook can now recognise you in photos without you actually having to go to the trouble of tagging yourself, something that’s got the platform into hot water in Europe.

“As images are posted and you are tagged... facial recognition is continually refined,” Craig Spiezle, Chairman of the Online Trust Allowance, told Gizmodo. “Do users understand the implications? For example if there is a group photo of a project or an event, you may automatically be recognised and tagged.”

“Settings can be complex and while I think [Facebook] does try to provide notices on changes, I believe the typical user ignores it,” adds Spiezle, saying that while these tracking features can be disabled in certain cases, “these all come with a trade off to the user experience” on the network. Which means in order to enjoy the full benefit of what Facebook potentially has to offer you also have to give away much of your privacy.

Facebook isn’t the only company working on facial recognition and it’s not the only company that has to answer questions about how this automated scanning could be used to track us in the physical world when we’re not even aware of it.

There are plenty more examples of how Facebook adds to its user profiles too:

  • Where you’re going: The big data point Facebook gets when you install its mobile applications is where you are every second of the day. This gives it information on the bands you like seeing, the tourist spots you enjoy, and even the individual stores you walk into. If you’re not happy with this, you can revoke these permissions on Android and iOS.
  • The websites you visit: So many websites and third-party services use Facebook technologies, from Like buttons to login options, that Facebook has a pretty good idea of what you’re up to when you’re not actually on Facebook. If you want to limit how this data can be collected and used, then you need to do some tidying up in your Facebook settings.
  • Your financial status: Even if you never post about your money worries (or joys) on Facebook, it can still build up a fairly good assessment of your financial position to sell on to advertisers. How? By combining data points like your online purchases and where you live, together with records provided by its marketing partners from various sources.
  • Status updates you almost post: Facebook can tell when you’re about to write something and then think better of it, as per a 2012 research paper(though the contents of your self-censored musings aren’t logged). If you’re thinking of making a drunken boast or a barbed comment and then think better of it, Facebook sees your indecisiveness.
  • Apps you install: It’s not just Facebook’s privacy policy you need to worry about, but also how third-party apps are using your data, while a Facebook quiz may seem innocuous, telling the world which bands you’ve seen gives another data point to advertisers. Pay close attention to the permissions apps ask for and remove the ones you don’t need.
  • Apps your friends install: Bad news, apps your dimwitted friends install can gather information you’re sharing with them too. To limit this, go to the Apps section of Settings on Facebook, click Edit under Apps others use, and then untick all the categories of information you’re not comfortable sharing. Alternatively, unfriend the worst offenders.
  • When you’re feeling low: Another trick Facebook’s algorithms can do is make a pretty good guess about when you’re at a low ebb. This is one of the data points Facebook promises it isn’t selling on to advertisers, but it’s a sign of the way all these various social media signals can be combined together to make some revealing conclusions about you.
  • Facebook’s other apps: Even if you barely touch Facebook, the social network can still harvest information about you through the other apps it owns, like Instagram and WhatsApp. If you want to stop this from happening, you can switch off data sharing in WhatsApp, though you’re more or less stuck with it if you’re an Instagram user.

Do you know where your data is?

Facebook sees everything you do on the platform, though it does offer a decent amount of control over who else can see your posts and who can’t.

Sometimes, however, these lines aren’t as clearly marked as you might think, and with a little bit of expert know-how, other people can dig deeper into your profile than you might like.

Michael Bazzell collects publicly available online data for his job as a security expert (he’s served as a technical advisor on Mr. Robot), and was able to show us how to check on the big information you might be revealing without knowing it.

First, head here, click the Facebook link on the left side of the page, and enter your username into the FB User Name field to get your profile number (a long series of digits). Log into Facebook and try any of the following URLs to see what you (or your friends have been) up to.

  • Places you’ve checked into:
    www.facebook.com/search/<userID>/places-checked-in  
  • Events you’re going to/interested in:
    www.facebook.com/search/<userID>/events    
  • Photos you’ve commented on:
    www.facebook.com/search/<userID>/photos-commented    
  • Facebook videos you’ve liked:
    www.facebook.com/search/<userID>/videos-liked

You can pick up data here that’s not necessarily available through your profile and can even in some cases be seen by people who you’re not friends with on Facebook, as long as the posts are public. If other people can uncover these sorts of results with a few clicks, imagine what’s going on deep within Facebook’s servers.

“The examples above were done legally and within the intention of Facebook’s search,” Bazzell, who doesn’t post anything on Facebook, told us. “There was nothing shady. I only pulled publicly available details.”

“My view is that anything posted to a social network is public data, regardless of the privacy settings. I don’t blame Facebook, I blame all of us for not investigating the companies that want our data. Facebook does not charge its users for access, yet makes billions of dollars. The users are the product.”

It’s up to you whether you find the services of Facebook (or Google or Apple or Amazon) useful enough to be worth the privacy trade-off, but what’s certain is we’re in a new age of data tracking, one that goes way beyond the information we’re actually aware that we’re sharing.

Gizmodo:    Image: Nick Youngson 

You Might Also Read: 

The Big Online Advertising Swindle:

Australia To Challenge Facebook & Google Over Media Disruption:

 

« Facebook Names IBM Watson Executive AI Chief
Cyber Attacks Rank Alongside Natural Disasters »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Cybersecurity Coalition

Cybersecurity Coalition

The mission of the Cybersecurity Coalition is to bring together leading companies to help policymakers develop consensus-driven policy solutions to achieve improvements in cybersecurity.

Keeper Security

Keeper Security

Keeper is a leading enterprise password manager and cybersecurity platform for preventing password-related data breaches and cyberthreats.

WebOrion

WebOrion

WebOrion is an All-in-One Web Security & Performance Suite. Fortify, accelerate and monitor your website today.

CyberRisk Alliance (CRA)

CyberRisk Alliance (CRA)

CyberRisk Alliance is a business intelligence company created to serve the rapidly evolving cybersecurity and information risk management marketplace.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Quantum Ventura

Quantum Ventura

Quantum Ventura is a technology innovation company with a single mission of delivering customer-centric advanced solutions to US Federal & State Governments and Private Sector customers.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.