Facebook turns user tracking 'bug' into data mining 'feature' for advertisers

Facebook turns user tracking 'bug' into data mining 'feature' for advertisers

Summary: Facebook announced changes to its privacy and advertising policies on its company blog, extending Facebook's ability to track users outside of Facebook. This counters 2011's position that [we] "do not track users across the web."

TOPICS: Security, Privacy
Facebook tracking
Photo credit: James Martin, CNET

Facebook announced changes to its privacy and advertising policies on its company blog last Thursday, extending Facebook's ability to track users outside of Facebook -- undoing previous assurances it "does not track users across the web."

The press reports initially sounded like good news, announcing that Facebook would be "letting people better control their advertising preferences."

Indeed, users will soon be able to click on a little arrow on an ad, which will show them a simplified version of Facebook's marketing dossier on them, and the user can check or un-check different advertising interests.

Facebook extends user tracking beyond Facebook

Facebook also announced Thursday it will begin tracking its users' browsing and activities on websites and apps outside Facebook, starting within a few weeks.

Facebook said it will begin to disregard its users' choice of using their in-browser "Do Not Track" setting: Soon, anyone who clicks "ask websites not to track me" in Safari (or any other browser) will be completely ignored by Facebook.

Google and Yahoo already ignore people's Do Not Track settings; fortunately, Twitter, Microsoft and Pinterest still respect the browser setting.

In 2011 Facebook was hit with a $15 billion class action lawsuit for tracking users after they've logged out: The suit alleged Facebook had violated Federal wiretapping laws in doing so.

When reached for comment on this article, a Facebook representative told ZDNet, "At this time, we will only use information to make ads better that we get when you’re logged into Facebook. We won’t look at the information when you’re logged out."

Thursday's announcement seems to be an about-face on Facebook's 2011 statements, when the company told ZDNet:

"Facebook does not track users across the web. Instead, we use cookies on social plugins to personalize content (e.g. Show you what your friends liked), to help maintain and improve what we do (e.g. Measure click-through rate), or for safety and security (e.g. Keeping underage kids from trying to signup with a different age). No information we receive when you see a social plugins is used to target ads, we delete or anonymize this information within 90 days, and we never sell your information."

Facebook has been accused multiple times of using cookies to track users even after they log out of the service -- with the company twice denying the allegations, and twice claiming it had fixed the issue, calling it a bug. 

Since then, Facebook has introduced its own tracking alternative to cookies: Facebook's tracking conversion pixel. The 1x1 pixel is an invisible .gif that tracks users as they go anywhere, and everywhere online.

AdAge explained,

For now, it will capture websites that use Facebook's conversion tracking pixel -- which advertisers affix to see if their Facebook ads are yielding sales and traffic -- as well as mobile apps that use Facebook's software development kit to deploy Facebook services, like the log-in.

Websites and apps that have Facebook's tracking software encoded to retarget their visitors are also in the mix. Impressions tracked via the "like" button encoded in mobile apps -- which Facebook recently introduced at its f8 conference for developers -- will also be included.

According to Read Write Web, Facebook will honor do-not-track settings on iOS and Android devices.

Facebook's announcement said that users can easily opt-out of this tracking -- but the opt-out process is on an external website (the Digital Advertising Alliance), it must be done for each browser, and the opt-out must be re-done every time a user clears out their browser's cookies.

That's right, if you clear out your cookies, you inadvertently opt back in to Facebook's tracking.

Brian Boland, Facebook’s’ vice president of ad product, told The New York Times that "The thing that we have heard from people is that they want more targeted advertising."

Commenters everywhere were quick to joke that Boland's "people" probably also happened to be Facebook's advertisers.

The changes will roll out in the next few weeks, and will be first introduced to Facebook's American users.

Privacy advocates say the changes give Facebook an "unprecedented" reach into people's lives and are criticizing the Federal Trade Commission for allowing the company to move forward with its plan for data collection expansion.

Jeff Chester, executive director of the Center for Digital Democracy, told the Washington Post, "It's true that everybody is doing all of this, and that's how the system works. But this is unprecedented. Given Facebook's scale, this is a dramatic expansion of its spying on users."

Chester added,

We are very unhappy that the FTC appears to have given Facebook the greenlight on this. This kind of expansion and a thumbs-up from the FTC makes a mockery of its privacy regulation.

It's time to put Facebook in the corner

Keeping Facebook at arm's length is still possible. Here's how:

  • Bookmark the Digital Advertising Alliance, because you're going to visit it more than once.
  • Pick a browser that you don't use regularly. This is your new Facebook browser. In that browser, go to the Digital Advertising Alliance and opt-out of Facebook, etc.
  • Sign out of Facebook on your regular browser. Clear all your cookies. Go to the Digital Advertising Alliance and opt out of Facebook, etc.
  • You must have cookies on to opt out: If you're using AdBlock Plus, you need to turn it off before you can opt out.
  • You'll need to opt out for every browser, and you'll have to opt out again every time you clear your cookies.

Keep in mind that if you visit a Facebook page of any kind on your regular browser, you will get Facebook cookies, and you'll want to clean them out (and you'll probably need to opt-out again).

Some people use one browser for social media sites they're signed into (Facebook, Twitter, Google, Tumblr), and a separate browser for all of their web browsing.

For mobile:

Visit Opt Out Mobile and follow the directions there for your Apple, Android or Windows phone.

Next, opt out on your device:

  • Apple: Open iPhone Settings and go to General > Restrictions > Advertising, and then click "Limit Ad Tracking."
  • Android: Go to Google Settings > Ads > Opt Out of Interest-Based Ads, and click.
  • Windows: Go to Settings > System Applications > Advertising ID, and opt-out by setting the Advertising ID to "Off".

Read this

Freeing yourself from Facebook's new web trackers

Freeing yourself from Facebook's new web trackers

Don't want Facebook tracking your every move across the Web? Here's how to get out of the new Facebook traps.

When Thursday's news is combined with previous revelations about Facebook's shadow profile practices and last year's news that Facebook had been keylogging random users to study "self-censorship" -- what people typed, but didn't publish -- the new changes might make some wonder where the limits for Facebook's data collection really are.

The thing that most people forget is that Facebook can say it cares about user privacy, and we can see this is reflected in its user privacy policies and settings.

But user privacy settings and policies, on Facebook and other user-based companies, are primarily for front-facing and interpersonal user profile settings: User privacy settings have nothing to do with the way the company shares their information with its business partners and third parties.

Even if that information is (somehow) anonymized -- how we spend our time online and what we do during that time is still our private activities.

Either way, it extends that pervasive uncomfortable feeling everyone has on Facebook, that we're all being watched and recorded by Facebook, out into the rest of the Internet.

And that's not a good feeling.

Update Tue. June 17 11:16 AM PST: A Facebook representative told ZDNet via email, "At this time, we will only use information to make ads better that we get when you’re logged into Facebook. We won’t look at the information when you’re logged out. "

Topics: Security, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not surprising

    Ad companies are all like this, whether it be Google or Facebook.

    The new meme shot should be a pic of Zuckerberg with the word 'LIAR!' written across the top.
    • it is worth noting that Microsoft ruined it for all

      They were all planning to adopt and follow it.. The. Microsoft turned it on by default thereby cutting off most of the revenue from anyone that followed it because 95 percent of IE users don't eeven know what do not track was and don't care. The setting was supposed to be so privacy sensitive people could turn it on. Microsoft sabotaged it by turning it on in IE by default knowing that it would lose nearly all support because of that. IMO. Also they probably don't need browser tracking as they own the OS most use and win8 is very chatty to online Microsoft services anyway ...
      • The only people that the default hurt

        ...were the companies that WERE TRACKING USERS.

        None of those companies that complained about Microsoft's default were interested in following the standard anyway because: NEWSFLASH - IT GOES AGAINST THEIR BUSINESS MODEL!

        Blaming Microsoft is just a redirection tactic.
        • . . . and you can count on them to protect their own self-interests . . .

          "The only people that the default hurt
          ...were the companies that WERE TRACKING USERS"

          . . . and you can count on them to protect their own self-interests, rather than the interests of the users.

          . . . which is why, in order for do not track to succeed, it probably needs to be law.

          Otherwise, you can count on these companies to ignore do not track.
      • i have left items in the tpilet smarter than you....

        See subject
        • stupid lack of edit

          Sorry, toilet...
  • facebook should be non-profit like wikipedia or something

    Where does it go from here? It already performs its intended function. There is no where to go except how to monetize more and more for the benefit of facebook, which will probably drive it into the ground eventually.
    • Just like software/feature creep

      This happens with every piece of software or service once it reaches maturity and there isn't really anywhere else to go within the original scope. New "features" start to be added which are more of a nuisance than anything. When that happens, it's not long before that piece of software/service is in the history books.

      Prime examples: Nero Burning ROM, uTorrent.
    • Eventually?

      I saw this coming.. on every one of these sites that offer free services. So I did not sign on.. now I am happy I did not. This tracking of everything you do so some greedy self centered Jackass can make a few more bucks, no matter what harm it might do to someone else's life. No Thank you. And if all of you had any sense you would exercise your power and close out.. if the advertisers that give him the big bucks saw everyone bailing out because this is just one step too far, they might be the next to bail out. Maybe not.. but you will never know until you all get off your butt's and flex a few muscles. Sure, it might hurt to pull the plug for a while/ever, but it would send a clear message to big business.. enough is enough.. our private lives are NOT there for you to track, steal and abuse to line your pockets.
      Or, do nothing and just come here and bellyache about it.. I figure most of you will just do the latter..
      • Actions to resolve

        1. Pressure your government to make this sort of tracking illegal, a criminal offence that the CEO will go to jail for.

        2. Boycott all advertisers using Facebook and email their marketing department on why you will not buy their product.
        • Im with you!I dont have facebook and DID NOT agreed with their terms, so...

          ...if my syster uses my computer and log into her facebook account, facebook will track my paid for computer ? I did not agreed with their terms and this is a criminal offense track my machine without my permission. I dont care if they do this with their sheeps but no with me, I think that this can be judge in a class action
      • Isn't ZDNet a free service?

        I'll bet you are signed on to more of them than you realize. Besides You don't need to sign on to any site offering free services, you just have to use the free services. All you really need to do is surf the net and you will be supporting the companies that track.

        BTW. Paid service providers track too.
  • Block subdomains at firewall

    I'd like to know what other subdomains Facebook uses so I can block them in the HOSTS on my computer, my phone, and at my firewall. F U Zuck.

    Here is what I have thus far www.facebook.com facebook.com static.ak.fbcdn.net www.static.ak.fbcdn.net login.facebook.com www.login.facebook.com fbcdn.net www.fbcdn.net fbcdn.com www.fbcdn.com static.ak.connect.facebook.com www.static.ak.connect.facebook.com
    • Another way?

      Can you add it into security zones with an asterisk?

      i.e.: *.facebook.com, *.fbcdn.com
  • Is Facebook...

    working for the NSA? It sure smells like it! Don't get me wrong, I fully understand that they need ads to make money because all the equipment and employees aren't free. But tracking even when you aren't logged in, that is pretty invasive. I would rather pay a monthly fee and not have that tracking.
    • Re: Is Facebook...

      You don't want to go down that road. because then you will end up paying a monthly fee, so as not to be tracked by every Company out on the net, even ones you didn't know existed.....

    • Not NSA, but the CIA

      You're almost right...

  • Facebook - an app for the terminally lame!

    I tried this stupid app for a short time, and when I started getting creepy e-mails and browser pop-ups I realized they were tracking my activity all the time. So I quit Facebook and never looked back. There's no reason on earth that would get me to re-join Marky Suckerberg's spy service.
  • Facebook is not the only one.

    I ran the check and found 117 of the little things.
  • Why can't my browser weed out image requests for the Facebook tracking gif?

    How hard could it be? C'mon Firefox, step up and provide an option to "Never retrieve Facebook tracking bug".

    Aside from that, we continue to free fall down an Orwellian black hole -- led by the National Stasi Agency (aka NSA).