Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Facebook Advertising Privacy

Facebook Has Trackers in 25% of Websites and 61% of the Most Popular Apps (msn.com) 81

Megan Borovicka forget all about her Facebook account after 2013, reports the Washington Post. "But Facebook never forgot about her." The 42-year-old Oakland, California, lawyer never picked any "friends," posted any status updates, liked any photos or even opened the Facebook app on her phone. Yet over the last decade, Facebook has used an invisible data vacuum to suction up very specific details about her life — from her brand of underwear to where she received her paycheck... It isn't just the Facebook app that's gobbling up your information. Facebook is so big, it has convinced millions of other businesses, apps and websites to also snoop on its behalf. Even when you're not actively using Facebook. Even when you're not online. Even, perhaps, if you've never had a Facebook account.

Here's how it works: Facebook provides its business partners tracking software they embed in apps, websites and loyalty programs. Any business or group that needs to do digital advertising has little choice but to feed your activities into Facebook's vacuum: your grocer, politicians and, yes, even the paywall page for this newspaper's website. Behind the scenes, Facebook takes in this data and tries to match it up to your account. It sits under your name in a part of your profile your friends can't see, but Facebook uses to shape your experience online. Among the 100 most popular smartphone apps, you can find Facebook software in 61 of them, app research firm Sensor Tower told me. Facebook also has trackers in about 25 percent of websites, according to privacy software maker Ghostery...

Facebook got a notice when I opened Hulu to watch TV. Facebook knew when I went shopping for paint, a rocking chair and fancy beans. Facebook learned I read the websites What To Expect, Lullaby Trust and Happiest Baby. Over two weeks, Facebook tracked me on at least 95 different apps, websites and businesses, and those are just the ones I know about. It was as if Facebook had hired a private eye to prepare a dossier about my life. Why does Facebook think that's okay? The company emailed me answers about how its tracking technology works, but declined my requests to interview its chief privacy officer or other executives about its alleged monopoly....

Who in their right mind thought they were signing up for this much surveillance back when they first joined Facebook?

The article points out that in 2014 Facebook began allowing its advertisers to target users based on websites they'd visited...and now also gathers more data about users from other companies. And "While many companies were using browser cookies, which could be easily cleared or blocked, Facebook tied what it learned to real identities — the names on our Facebook profiles." And beyond that, companies "can report other identifying information to Facebook like your email to help it figure out who you are... If you've never had a Facebook account at all? It may still be watching."

It's a lucrative business, the Post points out. "In 2013, the average American's data was worth about $19 per year in advertising sales to Facebook, according to its financial statements. In 2020, your data was worth $164 per year."

What does Facebook know about your off-Facebook activity? You can find out at this URL.

If you just want to stop them from giving this information to advertisers, the right side of that page has an option to "Clear History — Disconnect off-Facebook activity history from your account." But you then have to also click "More Options" and then "Manage Future Activity" to also stop them from later matching up more of your off-Facebook activity to your profile for advertisers.

If you try to select it, Facebook warns what you'll be missing — that "Keeping your future off-Facebook activity saved with your account allows us to personalize your experience." And proceeding anyways then generates a popup reminding you that "We'll still receive activity from the businesses and organizations you visit. It may be used for measurement purposes and to make improvements to our ads systems, but it will be disconnected from your account."

And apparently your activity on Oculus isn't covered, and will still remain connected to your Facebook account.
This discussion has been archived. No new comments can be posted.

Facebook Has Trackers in 25% of Websites and 61% of the Most Popular Apps

Comments Filter:
  • by Anonymous Coward

    Our e-commerce customers often ask us to support facebook integration and even support generating sales reports to sell to third parties. We just say no, get someone else to do it. I don't care if it means we lose an income stream.

    • Ah yes, those magic words: "income stream"!

      Over and over, you think, "No one would do that!" But if the income stream is there - they certainly will. Cash is the universal solvent.

  • by Anonymous Coward
    Outlaw all tracking like this, mandatory jail time for anyone violating people's privacy.
    • mandatory jail time for anyone violating people's privacy.

      ^^^ This. A thousand times, this. (A thousand jail terms per offence)

  • This is why I am using the browser plug-in Privacy Badger [privacybadger.org].

    Older versions of Privacy Badger used to list all domains that a page loaded from and let me block every one, but newer versions block only verified trackers.
    But really, I think that browsers should have this functionality in themselves - the older functionality, that is.

    • Privacy Badger, uBlock Origin, HTTPS Everywhere are the 3 minimal plugins every browser should run. NoScript if you can deal with it also very good. There are probably more out there as well people can recommend.

      Also every router should really have some amount of list filtering/blocking similar to what PiHole or PFBlockerNG provides to stop a lot of this nefarious stuff at the gates as well.

    • Re: Privacy Badger (Score:3, Insightful)

      by Z00L00K ( 682162 )

      Unfortunately all those tools are web browser only. It won't help for contaminated apps. And you don't always know if an app is contaminated.

      I don't do facebook, but I have no illusion that 'I have evaded them completely.

    • Re:Privacy Badger (Score:5, Insightful)

      by betsuin ( 5812894 ) on Sunday August 29, 2021 @04:58PM (#61742413)
      I've posted this before but I guess it never hurts repeating:

      cat /etc/hosts | grep face
      # localhost is used to configure the loopback interface
      127.0.0.1 www.facebook.com
      127.0.0.1 facebook.com
      127.0.0.1 login.facebook.com
      127.0.0.1 www.login.facebook.com
      127.0.0.1 static.ak.connect.facebook.com
      127.0.0.1 connect.facebook.net
      127.0.0.1 www.connect.facebook.net
      127.0.0.1 apps.facebook.com
      ::1 www.facebook.com
      ::1 facebook.com
      ::1 login.facebook.com
      ::1 www.login.facebook.com
      ::1 static.ak.connect.facebook.com
      ::1 connect.facebook.net
      ::1 www.connect.facebook.net
      ::1 apps.facebook.com
      127.0.0.1 facebook.com
      127.0.0.1 www.facebook.com
      127.0.0.1 connect.facebook.com
      127.0.0.1 developers.facebook.com
      127.0.0.1 ads.interfacelift.com
      127.0.0.1 ads.ak.facebook.com.edgesuite.net
    • +1 for Privacy Badger, it's not perfect but at least coming from the EFF it's not going to be sold to some evil malware-producer tomorrow.

      FWIW, The previous blocking function was more comprehensive but the heuristics broke important stuff, e.g. like 'Verified by Visa', causing online transactions to fail at checkout (by default, this wasn't due to manual selection).
      I hit this issue a few years ago, eventually removed the extension, but reinstated it once it changed to verified trackers only.

  • by OrangeTide ( 124937 ) on Sunday August 29, 2021 @02:05PM (#61741979) Homepage Journal

    Corporations are people. And if an individual were to find the brand of underwear worn by every woman in his neighborhood there would be at the bare minimum some public outcry, if not an investigation. But when a corporation does it, we allow it and some even defend the practice.

    The entire point of the legal fiction of corporations is for a business partnership to trade some freedom(in the form of regulation) for some protection (personal liability), not for corporations to get more freedom than even a private citizen enjoys.

    Sadly we're going to react badly one day and swing to the other extreme in response. In that era, capital will be hard to come back and recessions will last a very long time. (assuming macroeconomists are even remotely correct)

    • by ArchieBunker ( 132337 ) on Sunday August 29, 2021 @02:10PM (#61742003)

      I’ll believe corporations are people as soon as Texas executes one.

      • Some countries have a corporate death penalty. Where the organization is dissolved and its assets are confiscated to pay restitution and the remaining redistributed by the government. Not a popular idea in the US sadly.

      • by Sebby ( 238625 )

        I’ll believe corporations are people as soon as Texas executes one.

        Or brought to trail... and I do mean the actual corporation, not a "representative" of it. Like, if I'm the prosecutor, I'd be "Where's the corporation?? I want the corporation on the stand, not this idiot representative of it. So?? WHERE IS THE CORPORATION??"

  • by gtall ( 79522 ) on Sunday August 29, 2021 @02:17PM (#61742025)

    Isn't this sort of like having to go to Hell to tell Satan to leave you alone?

    • Well, I'm in "Private Mode" so I clicked on the "What does Facebook know about your off-Facebook activity?" link. It asked me to sign in. I have never had a Facebook signin. What I have had is members wanting to "friend" me on at least two of my email accounts and they clearly track those requests.

  • Is by concentrating all this personal data in one place, it makes for a mighty ripe target for outsiders to "harvest" and resell.

    I sure hope BookFace is better at DB security than Microsoft.

    • by k0t0n ( 7251482 )
      What is even worse is when the information behemoths share the information amongst each other and there is nothing that you can do about it, just refusing all cookies won't cut it
  • Seriously, these companies that track us are not entirely honest about when they collect data, how, why, and what they use it for, yet somehow the users are often the ONLY ones catching shit - and catching shit for the underhanded tactics for electing certain information, and IMO it is illogical on so many levels. JFC.
  • Just setup DNS or browser to blacklist facebook.com. No FB trackers.

    • by Known Nutter ( 988758 ) on Sunday August 29, 2021 @02:32PM (#61742061)

      Just setup DNS or browser to blacklist facebook.com. No FB trackers.

      Lest anyone think it's that easy, know that there are over 900 domains which need to be blocked in order to start thinking about blocking Facebook. It looks like this:

      https://qz.com/1234502/how-to-... [qz.com]

      That list is from 2018. There are likely many more by this point.

      • Well, that's why I generally whitelist. But there are also services to keep an up-to-date list of things to block.

      • I didn't count them at all, but I see maybe 10 domains that would need blocking? Where are you getting 900 from?

      • There aren't THAT many domains, but there are a lot of hosts. To do this at the DNS level, you need to configure your server to claim authority for fb.com, facebook.com, and similar. It won't try to recursively resolve ANY hosts in those domains, and just return whatever you want it to return.

        At one time, I did it for *.doubleclick.net within our network It also took out all the ads associated with that domain.

        But, it only works when you use your particular DNS server. A phone will generally use whatever th

    • My suspicion is that local blocking doesn't work, and these 'partner' companies are both supplying the fingerprinting scripts and sending the data from their servers.

      I use uBlock Origin in hard mode and recently searched for a music interface on GumTree. Of the 31 domains, uBlock allows four (two gumtree first-party, then akamaiedge.net and ebayimg.com). My Facebook tab (same Firefox browser, different container) very quickly showed ads for the product.

      This was inexplicable until today. I'm impressed that t

  • by Opportunist ( 166417 ) on Sunday August 29, 2021 @02:29PM (#61742047)

    Or a browser plugin that does it?

    There is one thing that's worse than no data. Way worse. It's poisoned data. Data where you cannot tell real data from manipulated data. Why didn't ever anyone create a tool that lets people swap about their cookies and/or visit a slew of garbage places to make everything they collect useless?

    • by Luckyo ( 1726890 ) on Sunday August 29, 2021 @03:01PM (#61742143)

      That's been done for a long time, and google, facebook et al did their damnest to make sure as few people as possible hear about it:

      https://adnauseam.io/ [adnauseam.io]

      • Comment removed based on user account deletion
      • I was thinking more along the lines of a plugin that shares among its peers the pages they visit, then then everyone in on it accesses the Facebook-tag so it looks to FB like they were visiting that page.

        The idea is to make the whole data gathered about a user's browser habit worthless by essentially visiting EVERY page, thus increasing entropy to the point where all the data has to be tossed out.

        • by Luckyo ( 1726890 )

          How would you make this work in practice? Not a hypothetical "what if" but how would you actually handle the distribution, blocking of the browser fingerprinting and so on?

          • Browser fingerprinting relies on a couple of things that can be faked, that's basically where it starts. Next, shuffle the tracking cookies among the participants. Or, failing that, shuffle about the tracking cookie URLs so everyone can "access" them to ensure everyone visits every page, thus invalidating the data collected there.

            • by Luckyo ( 1726890 )

              You didn't answer the specific questions I had, because those are actually really hard questions to answer. Distributing your tracking cookie to someone else, and then getting a no-knock warrant served at your house because someone else used your individual cookie to upload some child porn is a very real problem, as we now know for certain in the wake of Apple's "we scan everything you upload" revelation that police is indeed served data on things like child porn.

              Ad nauseam doesn't have those risks, while a

              • I'd expect pages that deal with the more questionable, read, illegal, material of the internet to not have too many ad trackers attached to their pages. For, well, obvious reasons.

                What I want is to have all those Facebook-tags that give Facebook the info that you visited a certain page distributed, so everyone would hit every "visited" marker. If everyone hits every page equally, the information you gather from it becomes worthless, because everybody is as good as nobody in this context, it's 100% entropy w

                • by Luckyo ( 1726890 )

                  At that point, facebook would make a deal with each site that would extend this to personal login data.

                  They already do this. In fact, they already do more than this. For example, they have an agreement with Lidl where purchase data from Lidl's bonus program is fed directly to facebook.

                  Your idea would simply motivate them to go deeper into spying. Right now, it's easily blockable. It's not hard to make it much harder to block and poison data. The only reason they don't do it is because they don't have to. Ye

                  • We don't have to make it impossible. We only have to make it so expensive that they consider it unfeasible to try to harvest that data and instead go with what they can get from those that don't try to block and poison them.

                    Like I said elsewhere, one of the creeds we had in statistics is "if you can't get good data, better don't get any". In other words, before you accept data that may poison your data pool, just go with the data you can get where you can be reasonably certain that it's good data. All we ha

                    • by Luckyo ( 1726890 )

                      You seem to use "we" as in plural, rather than royal.

                      Reminder that most people not just don't care, but actively want personalized content. You will not get a meaningful amount of people for these applications. They will remain niche. Adnauseam has been out for a long time, doesn't have the most extreme of negative consequences of the system you suggest, and it still didn't get any traction. And not just because of lack of word of mouth. A lot of complaints about it are actually about it breaking personalis

                    • Even better, then Facebook won't bother working against those that do value their privacy. They get their info from the duds, we get our privacy. It's win-win all over.

    • This is an interesting question. I think most likely Facebook would be able to tell the automatically generated fake traffic from the real traffic. Ultimately it could lead to an arms race between the bot algorithms and Facebook's AI based algorithms as they become more and more sophisticated in order to defeat each other. In the long run it would probably not completely defeat Facebook but it could certainly hurt them by increasing their operating costs.
    • by AmiMoJo ( 196126 )

      In Firefox and Chrome you can prevent most of this tracking by simply disabling 3rd party cookies.

      At the moment Firefox blocks 3rd party cookies by default. Chrome will do in the next year or so, having announced the change a while back.

      Obviously you should be running an ad blocker and privacy enhancer as well, but this change to the default setting will massively impact Facebook's ability to track users.

      • Not preventing. Perverting.

        I've been in statistics for most of my early professional life, and if there was one thing we dreaded more than having no data it was having bogus data. One of the key creeds was "If you can't provide reliable data, just provide none". Because no data at least leaves the rest of the data intact.

        If you throw in garbage with the data, up to the point where you can't tell real from fake, the whole data you have becomes utterly useless.

        And that is my goal. To make the data they have u

  • That is the equivalent of 'think of the children', I swear.
  • That "blue f" you see on webpages is an automatically loaded image that functions as a tracker. Most web-browsers will reply to cookie requests for same-domain IMG tags, so FB will have your userid if you leave FB cookies available when the evil "blue f" shows. I quarantine FB browsing in a separate profile where FB can read its own cookies and nothing else.

  • by wgoodman ( 1109297 ) on Sunday August 29, 2021 @03:49PM (#61742217)

    TFA talks about how they track you even if you don't have a Facebook account, but the link they give to limit your data only works if you have an account. How can you decline if you don't opt into their system?

    • Yes, this. I don't have an account but it appears the only way to have any voice with FB is to have one.
       
      Should someone open an account for the sole purpose of ensuring tracked data is explicitly tied to a No from the owner?
       
      If so, does anyone have tips like use / don't use a burner email, etc.?

  • I don't have a FaceCrap account, but they're welcome to collect all the statistical horseshit they like on me. It won't do them much good and will likely only pollute their stats in the long run.

  • because if you have no fb account then you cant't control what they hold on you . Nor can yoiu you give const so that must be A GDPR violation.
  • by Malays2 bowman ( 6656916 ) on Sunday August 29, 2021 @11:24PM (#61743295)

    Just kidding. The government just loves this, and FB's spy machine will continue to hum along smoothly as long as the scary 3 letter agencies are ensured access to this data.

    FaceBook + Instagram = FBI

  • Realized how bad the tracking was years ago when I wanted to make comments on different websites and FB tried to automatically sign me in. Some websites didn't give you a choice but to sign in with FB !! If you set-up developer mode with your browser and view HTML for any website, you see FB embedded in it.
  • Anecdote: After reading this article, I expected the worst. It turns out that Facebook had only two entries about me. Now, this is probably largely due to using Vivaldi/uBlock/Ghostery. In that sense, it's...interesting that I had the two entries I did. Those companies must send data *outside* the browser, i.e., they are reporting on their customers directly. Which is a pretty scummy thing to do. Seeing as I am in Europe (with the GDPR), it is probably also illegal.
  • For those enmeshed with Facebook this is probably no big deal. Facebook will probably want to do your shopping for you as the next big thing so you can just wait at home for the packages to show up. They probably won't unbox the goods and put them away for you though.
  • Who in their right mind thought they were signing up for this much surveillance back when they first joined Facebook?

    The people who DIDN'T sign up for Facebook ever, because back in the day, they could see how intensely invasive it was even without all the crazy tracking that has been added in the past 15 years.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...