Culture
Premium

Facebook Is Circumventing Your Privacy Settings, But You Can Stop Them

Mandel Ngan/Pool via AP

On the last day of April, Apple released a privacy-enhanced version of its popular mobile operating system for iPhone and iPad — and Facebook is already working hard to bypass those new privacy protections.

But you can stop them.

If you’re using the latest version of Apple’s iPhone or iPad operating systems (iOS 14.5, if you want to check), then Apple’s got your back on cross-app tracking.

You’re automatically opted out from allowing apps to see what you do in other apps. You’re even automatically opted out from apps being allowed to merely ask permission to use cross-app tracking.

Insanity Wrap Loves Apple Privacy Rules

It’s now a two-step process to let Facebook track you through other apps. First, you must manually opt in to allowing apps merely to ask if they may have permission to cross-track. Then, and only then, can you approve cross-tracking, and only for each individual app as they ask permission. Apps cross-tracked by that app enjoy no permission to cross-track back unless you give them permission, too.

NOTE: Getting into permissions and how they work is beyond the scope of this article, and suitable only to those who suffer from insomnia. But whatever fears users might have, apps can’t simply bypass permissions. Not even the operating system can do that.

Facebook has made a lot of money by tracking users, invisibly, no matter what app they might be using on whatever device they have in hand.

Apple’s new opt-in privacy controls strike at the heart of Facebook’s business model, and with Facebook’s most valuable users.

Mark Baartse reported for industry magazine AdNews last week that “Facebook marketing is generally dominated by” iPhone owners, who generate far more revenue per user than Android users do. Since between 80% and 90% or more of iPhone users refuse to opt in to Facebook’s tracking, Baartse concludes that “it’s pretty safe to assume Facebook has lost at least half their data, and arguably the most valuable half.”

Naturally, Facebook is fighting back — against their own users’ wishes.

Facebook being Facebook, they’re being devious about it, too.

While Apple’s protections prevent Facebook from using your iPhone to garner your location data, Apple can’t do anything to stop Facebook from doing whatever it wants with the data you voluntarily give them.

The problem for people who think that iOS 14.5 protects their privacy is that many millions are unaware of the amount of data contained inside each and every photo they upload to Facebook — including precise GPS location tracking.

Cybersecurity expert Zak Doffman reports on the privacy loophole exploited by Facebook:

Despite me telling my iPhone “never” to allow Facebook access to my location, despite me checking Facebook online to confirm it knows “location history for mobile devices” is set to “off.” Facebook continues to exploit a loophole, harvesting photo location tags and IP addresses, all of which it will, in its own words, “collect and process.”

I took a photo with my iPhone and then uploaded that to my Facebook account. I used Facebook’s app on my iPhone, the same app that has been told “never” to access my location, the same account that knows I have this switched off. But Facebook still collects the location tag from that photo, along with my IP address.

Photo sharing is one of Facebook’s most popular features, but despite Apple’s devotion to privacy, the company has missed one important privacy-protecting detail.

NOTE: I have no illusions about Apple’s “devotion to privacy.” They are serious about it, but not necessarily out of any noble intention. It’s great marketing, great for charging higher prices, and great for sticking it to rivals like Facebook and Google.

Requiring users to opt in for cross-app tracking might be the biggest privacy protection in the smartphone’s relatively brief history, but when it comes to sharing photos, even iOS 14.5 left a door wide open for Peeping Toms like Mark Zuckerberg.

By default, every time you share a photo — whether it’s on Facebook, Instagram, Twitter, or a messaging service — iOS also shares the embedded (and very precise) location data.

Users can tell iOS to strip the location data before sharing, but there are two big issues. The first is that it’s a buried setting, a small “Option” button inside iOS’s Share function. The second is that users have to switch it off, manually, for each photo they share.

At this time, there’s no way to change the default setting, systemwide.

So, yes, there is a workaround for Facebook’s workaround, but it’s needlessly difficult.

There’s no benefit to Apple to seemingly “trick” users this way, and as you’ve already seen, it’s a huge win for rival Facebook.

With location data — not to mention the ever-popular user-tagging Facebook function — the Mountain View giant can still keep far more tabs on users than Apple intended with iOS 14.5

I can only assume that this is an oversight on Apple’s part, but it’s a real black eye on the public face of the company’s privacy policies.

The best advice of course is not to use Facebook. But as the default means of keeping in touch for two billion users worldwide, that’s far easier said than done. Even with all my hate for Facebook, I’m forced to keep my account because certain associates insist on planning things there.

The next best thing is to keep users informed about Facebook’s nefarious ways, and for companies like Apple to keep giving them sharper and sharper privacy tools.

But as things stand right now, even Apple’s best privacy tool has at least one defective, dull edge.