Breaking it Down: How Facebook Tracks Users and Non-Users.
This is part seven of a multi-part series on, TheFacebook Dossier. Researched, reported, and compiled by Acreto IoT Security.
First, let’s talk about The Facebook Cookie.
The Facebook cookie is key to the organization’s data collection efforts. If at any point you (or your device) visit any Facebook property, you are designated a cookie. This Facebook cookie tracking marker is foundational and critical to Facebook’s operation. Here is a statement directly from the company about how it defines its Facebook cookie functionality:
Cookies and Other Storage Technologies
Facebook states on their website,
Second, let’s explore Facebook Plugins.
If Facebook has already tagged you with a cookie, next up come Facebook plugins. The Facebook “Like”, “Share” and “Comment” buttons will report on you even if you are not logged in to Facebook or even connected. Here is what Facebook has to say on their site about Facebook plugins:
“If you’ve previously received a cookie from Facebook because you either have an account or have visited Facebook.com, your browser sends us information about this cookie when you visit a site with the “Like” button or another social plugin. We use this cookie information to help show you a personalized experience on that site as well as Facebook, to help maintain and improve our service, and to protect both you and Facebook from malicious activity. We delete or anonymize it within 90 days, and we do not sell it to advertisers or share it without your permission.”
The above statement about Facebook plugins is now considered questionable given Facebook’s recent admissions.
There are roughly a dozen Facebook plugins that the company provides for third-party sites from every industry you can think of, of any size. These social plugins include features such as Like, Share, Quote and Comment. However, Facebook – and these Facebook plugins – are not limited to web sites, and other less known or altogether undisclosed plugins exist that integrate Facebook into mobile, or even IoTs such as connected TVs, refrigerators, cars or anything that supports Facebook.
Compliance and adherence of Facebook plugins’ features and capabilities to Facebook’s stated user and privacy policies are difficult to track. Given the proprietary nature of purpose-built technologies, it is near impossible to validate if Facebook is operating within the parameters they have publicly disclosed.
Third, the Facebook Pixel.
The Facebook Pixel is a small block of code an administrator (for example, an advertiser) can add to their site for data collection on all visitors. It is invisible to users and can only be identified with a forensic review of the site code, a capability the vast majority of Internet users lack. The Facebook Pixel is especially valuable for tracking multi-device users and following the conversion of users from ad clicks so they can be continually and robustly tracked even after they leave the Facebook app or property.
Check out this article on our website for a link to the Facebook page where site administrators can build and customize their own Facebook Pixel, and to see a sample of the Facebook Pixel code.
Fourth, let’s discuss Facebook Analytics.
Data collection is just the first step in a data-driven operation – just look at Facebook Analytics! Facebook’s massive analytics or data mining operation is one of the most sophisticated in the world. Where data collection provides data points, Facebook analytics fill in the gaps to paint a picture that no amount of data collection by itself can provide. For example, your location, the sites you visit, your time online, your interest in specific topics, and even posts from your social network can help determine your politics and income level, as well as your propensity to spend in one market segment over another.
Check out this article on our website to see a sample of the Facebook Analytics platform.
The power of analytics can be best highlighted by a story in which Target figured out a 16-year-old girl was pregnant before anyone else knew and immediately targeted (no pun intended) her family with pregnancy-related product advertisements. The amount of data Target used to make that determination was infinitesimal compared to Facebook’s massive data analytics machine.
Could it be, that in the future your psychiatrist will be able to turn to, let’s say, Facebook Medical for all the information needed to diagnose you, without even meeting you?
Fifth, time to talk about Facebook Ads.
Facebook’s sprawling empire is further expanded through its ad network – Facebook Ads. It improves its Audience Network where other websites and apps show ads from Facebook advertisers. The same mechanism used for outward promotion and revenue generation serves a double purpose of collecting data from ads. Facebook, through Facebook Ads, is well positioned to target Facebook users with the same ads they are seeing on Facebook when they visit other sites. If users visit sites or apps outside of Facebook, they will see a similar one when they arrive back on Facebook. Non-Facebook users are also targets and susceptible to much of the same data collection efforts.
Finally, let’s talk about the Facebook App.
Obviously, when someone is on the Facebook site or is using the Facebook App, the company collects prodigious amounts of data for analytics, as well as your communications with your social network. Facebook apps include all Facebook-owned properties and applications such as Messenger and Instagram, which function as disparate platforms but collect data in the same way and use it for advertising intel.
Facebook’s data misuse is so pervasive that a California law firm recently launched a class action lawsuit based on evidence that users’ personal data and privacy may have been compromised due to Facebook’s third-party data sharing. The lawsuit specifically focuses on the “This is my digital life” app and an online survey that was supposed to only be available when the survey taker shared it. The suit alleges that GSR’s Aleksandr Kogan gathered the data and sold it to Cambridge Analytica.
Next up in the Facebook Dossier, “We Want it All, We Want it NOW!”.
Learn more or read online by visiting our web site: Acreto.io — On Twitter: @acretoio and if you haven’t done so, sign up for the Acreto Crypto-n-IoTpodcast. You can get it from Apple – Google or your favorite podcast app.
About Acreto IoT Security
Acreto IoT Security delivers advanced security for IoT Ecosystems, from the cloud. IoTs are slated to grow to 50 Billion by 2021. Acreto’s Ecosystem security protects all Clouds, users, applications, and purpose-built IoTs that are unable to defend themselves in-the-wild. The Acreto platform offers simplicity and agility, and is guaranteed to protect IoTs for their entire 8-20 year lifespan. The company is founded and led by an experienced management team, with multiple successful cloud security innovations. Learn more by visiting Acreto IoT Security on the web at acreto.io or on Twitter @acretoio.