How Facebook Tracks Its Users, And Non-Users, Around the Internet
Tuesday, April 17, 2018
Many Facebook users wrongly believe that the social networking service doesn't track them around the internet when they aren't signed in. Also, many non-users of Facebook wrongly believe that they are not tracked.
Earlier this month, Consumer Reports explained the tracking:
"As you travel through the web, you’re likely to encounter Facebook Like or Share buttons, which the company calls Social Plugins, on all sorts of pages, from news outlets to shopping sites. Click on a Like button and you can see the number on the page’s counter increase by one; click on a Share button and a box opens up to let you post a link to your Facebook account.
But that’s just what’s happening on the surface. "If those buttons are on the page, regardless of whether you touch them or not, Facebook is collecting data," said Casey Oppenheim, co-founder of data security firm Disconnect."
This blog discussed social plugins back in 2010. However, the tracking includes more technologies:
"... every web page contains little bits of code that request the pictures, videos, and text that browsers need to display each item on the page. These requests typically go out to a wide swath of corporate servers—including Facebook—in addition to the website’s owner. And such requests can transmit data about the site you’re on, the browser you are using, and more. Useful data gets sent to Facebook whether you click on one of its buttons or not. If you click, Facebook finds out about that, too. And it learns a bit more about your interests.
In addition to the buttons, many websites also incorporate a Facebook Pixel, a tiny, transparent image file the size of just one of the millions of pixels on a typical computer screen. The web page makes a request for a Facebook Pixel, just as it would request a Like button. No user will ever notice the picture, but the request to get it is packaged with information... Facebook explains what data can be collected using a Pixel, such as products you’ve clicked on or added to a shopping cart, in its documentation for advertisers. Web developers can control what data is collected and when it is transmitted... Even if you’re not logged in, the company can still associate the data with your IP address and all the websites you’ve been to that contain Facebook code."
The article also explains "re-targeting" and how consumers who don't purchase anything at an online retail site will see advertisements later -- around the internet and not solely on the Facebook site -- about the items they viewed but not purchased. Then, there is the database it assembles:
"In materials written for its advertisers, Facebook explains that it sorts consumers into a wide variety of buckets based on factors such as age, gender, language, and geographic location. Facebook also sorts its users based on their online activities—from buying dog food, to reading recipes, to tagging images of kitchen remodeling projects, to using particular mobile devices. The company explains that it can even analyze its database to build “look-alike” audiences that are similar... Facebook can show ads to consumers on other websites and apps as well through the company’s Audience Network."
So, several technologies are used to track both Facebook users and non-users, and assemble a robust, descriptive database. And, some website operators collaborate to facilitate the tracking, which is invisible to most users. Neat, eh?
Like it or not, internet users are automatically included in the tracking and data collection. Can you opt out? Consumer reports also warns:
"The biggest tech companies don’t give you strong tools for opting out of data collection, though. For instance, privacy settings may let you control whether you see targeted ads, but that doesn’t affect whether a company collects and stores information about you."
Given this, one can conclude that Facebook is really a massive advertising network masquerading as a social networking service.
To minimize the tracking, consumers can: disable the Facebook API platform on their Facebook accounts, use the new tools (e.g., see these step-by-step instructions) by Facebook to review and disable the apps with access to their data, use ad-blocking software (e.g., Adblock Plus, Ghostery), use the opt out-out mechanisms offered by the major data brokers, use the OptOutPrescreen.com site to stop pre-approved credit offers, and use VPN software and services.
If you use the Firefox web browser, configure it for Private Browsing and install the new Facebook Container add-on specifically designed to prevent Facebook from tracking you. Don't use Firefox? Several web browsers offer Incognito Mode. And, you might try the Privacy Badger add-on instead. I've used it happily for years.
To combat "canvas fingerprinting" (e.g., tracking users by identifying the unique attributes of your computer, browser, and software), security experts have advised consumers to use different web browsers. For example, you'd use one browser only for online banking, and a different web browser for surfing the internet. However, this security method may not work much longer given the rise of cross-browser fingerprinting.
It seems that an arms race is underway between software for users to maintain privacy online versus technologies by advertisers to defeat users' privacy. Would Facebook and its affiliates/partners use cross-browser fingerprinting? My guess: yes it would, just like any other advertising network.
What do you think? Some related reading:
- How To View The List Of Advertisers Tracking You On Facebook
- How To Check If Your Information Was Collected By Cambridge Analytica In The Facebook Breach
- 4 Ways To Fix Facebook
- Facebook Update: 87 Million Affected By Its Data Breach With Cambridge Analytica. Considerations For All Consumers
- Fair Housing Groups Sue Facebook for Allowing Discrimination in Housing Ads
- Now Sites Can Fingerprint You Online Even When You Use Multiple Browsers
Well, it is certainly a David and Goliath story: Ordinary and individual Americans, and a few advocates for privacy and human dignity, who are arrayed against the mighty forces of Silicon Valley firms (Facebook, Google, and myriad others) who profit by trading our information, doing so without meaningful consent, all of the big ISP (e.g., AT&T, Cox, Verizon, etc.), and their hosts of retainers and lackeys in the Congress and at the FCC, FTC, and elsewhere. And we’ve been abandoned by our courts, who for reasons of institutional bias, social influence, and group-think, cannot see or refuse to acknowledge the obvious truth that the information that we create, as we use the Internet, is ours.
And that is not all. As the Editor reports, to all of that great wealth and massive political influence and corruption, the Goliath has created and assembled the most pervasive, sophisticated, and powerful array of technological weapons for collecting information and creating detailed profiles on people that has ever existed in the history of mankind, greatly exceeding the scope, reach, pervasiveness, and knowledge about everyone than any government, repressive or otherwise, has ever dreamed of, much less possessed, so that the industrial Goliath’s intrusions into our lives and trespasses on our privacy and detailed knowledge of us make repressive governments look like young boys peeking into the girls’ locker room by comparison.
Surely, with that mighty Goliath arrayed against us, resistance is futile, and privacy and its resulting human dignity and autonomy are dead. Why fight it? Simply accept being less independent and free than our grandparents’ were in their thoughts, in their communications, in holding secrets about themselves that none knew or could deduce.
The reason to resist is, as Spartacus said just before the Romans crucified him, is that there is some good in just resisting them. There was a dignity and triumph in Spartacus’ resistance, for though Roman crushed its slaves’ rebellion, the resistance showed that they were men, and Roman’s might did not and could not crush their dignity as men, and that Roman would, despite its legions, never be safe, would always be frightened, and would one day fall.
So too resisting the industrial Goliath’s misappropriation of our information, even if it were utterly futile, would show that we too are men and shall one day overturn Goliath and restore our privacy and our proprietary rights in our own acts on the Internet, just as we have privacy and proprietary rights in our acts off the Internet.
And, just as for Spartacus, our resistance isn’t futile. By using certain software and services, everything from Privacy Badger and NoScript to strong, private, and secure VPN, each of us and we together can make Goliath’s collection of our information so difficult and expensive that it isn’t worth it for Goliath to collect it. And there is always the weapon of our discretion and living and acting offline, along with our ability to lie and deceive and be false online, being true only to ourselves. So that Goliath and all its algorithms collect either nothing, collects naught but lies, or collects our information at so great a costs that it does not profit. While that is far from formidable, it is hardly futile resistance. And our resistance insists on and displays our dignity, threatens and terrifies Goliath, and foretells its doom. As all Rome shuttered when just one man said no, Goliath shutters with each act of resistance, both great and small, on the Internet.
So now alerted to the danger and the wrong of the Goliath’s misappropriation of our information and its destruction of our privacy, dignity, and democracy, use the privacy tools that the Editor and I describes, supra, to resist, and in so doing, lay irrefutable claim to your information, your privacy, and your human dignity.
Posted by: Chanson de Roland | Tuesday, April 17, 2018 at 08:32 PM