One of the major new disclosures we’ve heard in recent days is that Facebook tracks and accumulates data from even those who don’t sign up for the service.
Facebook has just posted an article in its newsroom that provides a more detailed description of what it does. You can check out the page at the link, but like most Facebook communications, it’s filled with superfluous information and diversions rather than clarity. I decided to highlight some of the items in this announcement to make it easier to understand:
Facebook content is in italics, my comments are non-italics.
Hard Questions: What Data Does Facebook Collect When I’m Not Using Facebook, and Why?
Hard Questions is a series from Facebook that addresses the impact of our products on society.
By David Baser, Product Management Director
When does Facebook get data about people from other websites and apps?
Many websites and apps use Facebook services to make their content and ads more engaging and relevant.
Stop! They do it because they get paid to collect information about us to provide to advertisers to better target us. That’s what they mean by making ads more engaging. But in doing so, they are adding to their dossier about us.
These services include: Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook;
If I’m not a member of Facebook, why would I want this? It doesn’t matter. They do this for everyone.
Facebook Login, which lets you use your Facebook account to log into another website or app;
Facebook Analytics, which helps websites and apps better understand how people use their services;
Logging into a site using Facebook is one of the least private things you can do. Once you do, the site may be able to get access to all of your Facebook activities and profile if you belong to Facebook. And in return, you’ve told Facebook where you’re spending time on the Web and disclosing what new interests you have, even if you’re not a Facebook member. The result is that you’re helping Facebook build a profile of yourself.
When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.
Read that carefully. Facebook confirms that they treat you much like any member that has provided permission to be tracked. But not being a member means you’ve never given them permission, never been told what they are doing — and Facebook is taking your information without permission.
Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them. Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features. These companies — and many others — also offer advertising services. In fact, most websites and apps send the same information to multiple companies each time you visit them.
This is just an excuse to do it because others do it. But few do as much with this information as Facebook when it comes to providing data to third parties and using it to build out your profile. And it’s only Facebook (and to some extent Google) that has so much personal information so that what they learn can be combined with what they already know and profile you more exactly.
What kind of data does Facebook get from these websites and apps ?
Apps and websites that use our services, such as the Like button or Facebook Analytics, send us information to make their content and ads better.
I’ll use websites as an example, but this generally applies to apps, too.
When you visit a website, your browser (for example Chrome, Safari or Firefox) sends a request to the site’s server. The browser shares your IP address so the website knows where on the internet to send the site content. The website also gets information about the browser and operating system (for example Android or Windows) you’re using because not all browsers and devices support the same features. It also gets cookies, which are identifiers that websites use to know if you’ve visited before. This can help with things like saving items in your shopping cart.
Facebook gets your IP address (location), device, and operating system, which is typical. But it also gets your cookies and previously visited websites. And it’s not primarily to help with your shopping cart.
We also get information about which website or app you’re using, which is necessary to know when to provide our tools. This happens for any other service the site is using. For example, when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.
Stop! Facebook now explains that they get information from whatever app or website you are using. That’s pretty much everything you do online. And if we are not a member, why do we need their tools?
How does Facebook use the data it receives from other websites and apps?
There are three main ways in which Facebook uses the information we get from other websites and apps: providing our services to these sites or apps; improving safety and security on Facebook; and enhancing our own products and services. I’ll share a little more about each of these, but first I want to be clear: We don’t sell people’s data. Period.
We know that they don’t “sell our data.” We heard Mark Zuckerberg say they don’t sell it. But they rent it, lease it, and sometimes give it away.
Providing Our Services
Social plugins and Facebook Login. We use your IP address, browser/operating system information, and the address of the website or app you’re using to make these features work. For example, knowing your IP address allows us to send the Like button to your browser and helps us show it in your language. Cookies and device identifiers help us determine whether you’re logged in, which makes it easier to share content or use Facebook to log into another app.
This is superfluous and repetitious and is a way to bury the important info coming up.
Facebook Analytics. Facebook Analytics gives websites and apps data about how they are used. IP addresses help us list the countries where people are using an app. Browser and operating system information enable us to give developers information about the platforms people use to access their app.
Yes, you told us this earlier. Let’s get to the important stuff.
Cookies and other identifiers help us count the number of unique visitors. Cookies also help us recognize which visitors are Facebook users so we can provide aggregated demographic information, like age and gender, about the people using the app.
They want to track all of their users wherever they go to see what else they do on the Web and add to the member’s profile.
Ads. Facebook Audience Network enables other websites and apps to show ads from Facebook advertisers. When we get a request to show an Audience Network ad, we need to know where to send it and the browser and operating system a person is using. Cookies and device identifiers help us determine whether the person uses Facebook. If they do, we can use the fact that they visited a business’s site or app to show them an ad from that business – or a similar one — back on Facebook. If they don’t, we can show an ad encouraging them to sign up for Facebook.
They can track those not using FB and badger them with ads to sign up for FB or with products from their advertisers.
Ad Measurement. An advertiser can choose to add the Facebook Pixel, some computer code, to their site. This allows us to give advertisers stats about how many people are responding to their ads — even if they saw the ad on a different device — without us sharing anyone’s personal information.
The Facebook Pixel is the invisible code Facebook applies to websites that lets them keep track of everyone, members and non-members alike. Facebook doesn’t want to just engage you with ads on their sites, but everywhere you go on the web.
Keeping Your Information Secure
We also use the information we receive from websites and apps to help protect the security of Facebook. For example, receiving data about the sites a particular browser has visited can help us identify bad actors. If someone tries to log into your account using an IP address from a different country, we might ask some questions to verify it’s you. Or if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot. We’ll ask them to prove they’re a real person by completing additional security checks.
Improving Our Products and Services
The information we receive also helps us improve the content and ads we show on Facebook. So if you visit a lot of sports sites that use our services, you might see sports-related stories higher up in your News Feed. If you’ve looked at travel sites, we can show you ads for hotels and rental cars.
Means better tracking and getting to know you better.
What controls do I have?
As Mark said last week, we believe everyone deserves good privacy controls. We require websites and apps who use our tools to tell you they’re collecting and sharing your information with us, and to get your permission to do so.
Yes, if you care to read a 30-page document of fine print for every site you visit. No one does.
We give you a number of controls over the way this data is used to provide more relevant content and ads:
News Feed preferences lets you choose which content you see first and hide content you don’t want to see in your feed.
Ad preferences shows you the advertisers whose ads you might be seeing because you visited their sites or apps. You can remove any of these advertisers to stop seeing their ads.
In addition, you can opt out of these types of ads entirely — so you never see ads on Facebook based on information we have received from other websites and apps.
Finally, if you don’t want us to use your Facebook interests to show you ads on other websites and apps, there’s a control for that too.
Whether it’s information from apps and websites, or information you share with other people on Facebook, we want to put you in control — and be transparent about what information Facebook has and how it is used. We’ll keep working to make that easier.
But, Facebook, you don’t allow us to opt out entirely. You make us go through multiple pages of options to opt out, one item at a time. And some of these opt-out items do not have an adequate choice. It may say “show to all” or “just to friends,” but there is no option to show to “no one.”
But this is the most important and most egregious thing about Facebook’s policy. While Facebook says they are allowing us to choose not to be targeted, the company still refuses to provide an option to prevent them from tracking us in the first place. They still will collect our personal information anywhere we go and, based on their track record, allow this personal information to reach most anyone else in the world. Whether we are a Facebook member or not.