Facebook announced changes to its privacy and advertising policies on its company blog last Thursday, extending Facebook's ability to track users outside of Facebook -- undoing previous assurances it "does not track users across the web."
The press reports initially sounded like good news, announcing that Facebook would be "letting people better control their advertising preferences."
Indeed, users will soon be able to click on a little arrow on an ad, which will show them a simplified version of Facebook's marketing dossier on them, and the user can check or un-check different advertising interests.
Facebook extends user tracking beyond Facebook
Facebook also announced Thursday it will begin tracking its users' browsing and activities on websites and apps outside Facebook, starting within a few weeks.
Facebook said it will begin to disregard its users' choice of using their in-browser "Do Not Track" setting: Soon, anyone who clicks "ask websites not to track me" in Safari (or any other browser) will be completely ignored by Facebook.
Google and Yahoo already ignore people's Do Not Track settings; fortunately, Twitter, Microsoft and Pinterest still respect the browser setting.
In 2011 Facebook was hit with a $15 billion class action lawsuit for tracking users after they've logged out: The suit alleged Facebook had violated Federal wiretapping laws in doing so.
When reached for comment on this article, a Facebook representative told ZDNet, "At this time, we will only use information to make ads better that we get when you’re logged into Facebook. We won’t look at the information when you’re logged out."
Thursday's announcement seems to be an about-face on Facebook's 2011 statements, when the company told ZDNet:
Facebook has been accused multiple times of using cookies to track users even after they log out of the service -- with the company twice denying the allegations, and twice claiming it had fixed the issue, calling it a bug.
Since then, Facebook has introduced its own tracking alternative to cookies: Facebook's tracking conversion pixel. The 1x1 pixel is an invisible .gif that tracks users as they go anywhere, and everywhere online.
For now, it will capture websites that use Facebook's conversion tracking pixel -- which advertisers affix to see if their Facebook ads are yielding sales and traffic -- as well as mobile apps that use Facebook's software development kit to deploy Facebook services, like the log-in.
Websites and apps that have Facebook's tracking software encoded to retarget their visitors are also in the mix. Impressions tracked via the "like" button encoded in mobile apps -- which Facebook recently introduced at its f8 conference for developers -- will also be included.
According to Read Write Web, Facebook will honor do-not-track settings on iOS and Android devices.
Facebook's announcement said that users can easily opt-out of this tracking -- but the opt-out process is on an external website (the Digital Advertising Alliance), it must be done for each browser, and the opt-out must be re-done every time a user clears out their browser's cookies.
That's right, if you clear out your cookies, you inadvertently opt back in to Facebook's tracking.
Brian Boland, Facebook’s’ vice president of ad product, told The New York Times that "The thing that we have heard from people is that they want more targeted advertising."
Commenters everywhere were quick to joke that Boland's "people" probably also happened to be Facebook's advertisers.
The changes will roll out in the next few weeks, and will be first introduced to Facebook's American users.
Privacy advocates say the changes give Facebook an "unprecedented" reach into people's lives and are criticizing the Federal Trade Commission for allowing the company to move forward with its plan for data collection expansion.
Jeff Chester, executive director of the Center for Digital Democracy, told the Washington Post, "It's true that everybody is doing all of this, and that's how the system works. But this is unprecedented. Given Facebook's scale, this is a dramatic expansion of its spying on users."
We are very unhappy that the FTC appears to have given Facebook the greenlight on this. This kind of expansion and a thumbs-up from the FTC makes a mockery of its privacy regulation.
It's time to put Facebook in the corner
Keeping Facebook at arm's length is still possible. Here's how:
- Bookmark the Digital Advertising Alliance, because you're going to visit it more than once.
- Pick a browser that you don't use regularly. This is your new Facebook browser. In that browser, go to the Digital Advertising Alliance and opt-out of Facebook, etc.
- Sign out of Facebook on your regular browser. Clear all your cookies. Go to the Digital Advertising Alliance and opt out of Facebook, etc.
- You must have cookies on to opt out: If you're using AdBlock Plus, you need to turn it off before you can opt out.
- You'll need to opt out for every browser, and you'll have to opt out again every time you clear your cookies.
Keep in mind that if you visit a Facebook page of any kind on your regular browser, you will get Facebook cookies, and you'll want to clean them out (and you'll probably need to opt-out again).
Some people use one browser for social media sites they're signed into (Facebook, Twitter, Google, Tumblr), and a separate browser for all of their web browsing.
Visit Opt Out Mobile and follow the directions there for your Apple, Android or Windows phone.
Next, opt out on your device:
- Apple: Open iPhone Settings and go to General > Restrictions > Advertising, and then click "Limit Ad Tracking."
- Android: Go to Google Settings > Ads > Opt Out of Interest-Based Ads, and click.
- Windows: Go to Settings > System Applications > Advertising ID, and opt-out by setting the Advertising ID to "Off".
When Thursday's news is combined with previous revelations about Facebook's shadow profile practices and last year's news that Facebook had been keylogging random users to study "self-censorship" -- what people typed, but didn't publish -- the new changes might make some wonder where the limits for Facebook's data collection really are.
The thing that most people forget is that Facebook can say it cares about user privacy, and we can see this is reflected in its user privacy policies and settings.
But user privacy settings and policies, on Facebook and other user-based companies, are primarily for front-facing and interpersonal user profile settings: User privacy settings have nothing to do with the way the company shares their information with its business partners and third parties.
Even if that information is (somehow) anonymized -- how we spend our time online and what we do during that time is still our private activities.
Either way, it extends that pervasive uncomfortable feeling everyone has on Facebook, that we're all being watched and recorded by Facebook, out into the rest of the Internet.
And that's not a good feeling.
Update Tue. June 17 11:16 AM PST: A Facebook representative told ZDNet via email, "At this time, we will only use information to make ads better that we get when you’re logged into Facebook. We won’t look at the information when you’re logged out. "