So most of the data provided is probably coming in via the FB tracking pixel. I think the references to FB's "custom audiences" is a red herring - it's a very manual process and very few companies use that feature in any sort of scale. FB hashes the data that gets uploaded and specifically throws out extraneous data that does not help it make matches with its existing data set: https://www.facebook.com/business/help/2082575038703844?id=2...
Love this note at the bottom: "Editor’s Note: Consumer Reports has a business relationship with LiveRamp and another data broker, Acxiom. Consumer Reports shares data with each of these companies in order to help support its mission."
Update: Having poked around my own FB privacy report, Consumer Reports is clearly using the data available in the "Advertisers using your activity or information" report.
There are a ton of random companies on here, but it's important to note that this is NOT data being sent to FB as the report implies. This particular report is just the number of times I have been matched to an uploaded list - the uploading company already had my contact information, and they were able to add me to an ad campaign. FB doesn't bring in new data via these match requests, and they really don't share information with advertisers outside of how many matches they got.
How is “they sent facebook a list with my name on it, and facebook showed me their records showing I was on their list” compatible with the statement “this is NOT data being sent to FB”?!?
> Advertisers may get information from you (like your email address) when you interact with them outside of Facebook, like if you make a purchase in their store or create an account for a rewards program. They can create a hashed list with that information and upload it to Facebook. We can match users using the list to help the advertiser reach people who may be interested in their business and without Facebook learning any new identifying information about you.
Well, if a shoe company sends my email address to Facebook because I’m their customer and they want to advertise to me on platform, Facebook has learned new information about my purchasing behaviour.
I’m not sure what else Facebook does with that information. I wouldn’t be surprised if they use it and send me ads for shoes from other companies.
I'm not saying it's okay, but I'm also pointing out that the system doesn't work that way. Data brokers would not be comfortable handing over all of the data to FB if they thought FB was just going to steal it, and FB wouldn't trust gobs of unprocessed data from third parties ("You are now a 16 year old girl who likes Taylor Swift because there was a typo in the matched email address").
This argument is absurd. Facebook has a settings page with a list of all the companies that have told Facebook they do business with you. That's the monetizable signal that Facebook is paying for.
It doesn't matter if they took your name, hashed it and then facebook reversed the hash via a lookup table. Presumably, the fact that they're doing the hash stuff is to give themselves plausible deniability when you tell them to delete all your personal information, and they decide not to.
Here's a sketch of the argument:
- We got a request to delete your info, so we deleted your name and email address and everything with the hash, including the fact that the hash doesn't want to be tracked.
- 10 ms later, data brokers started pumping information about the hashes back into our system, but there was nothing we could do to block it (we forgot the hash)
- We rebuilt your profile to high fidelity within a few minutes, and linked it to all your devices within a day
- The next week a shady app developer sold us info to link your real-world identity to the hashes, but we had to assume this was a new user that hadn't opted out, since we deleted your info.
> I think the references to FB's "custom audiences" is a red herring - it's a very manual process and very few companies use that feature in any sort of scale.
My experience is that "custom audiences" is a typical/normal usage. Companies that use platforms like Adobe Experience Platform (AEP) create their marketing segments (sets of targeted customers or prospects) in AEP and send those identifiers (e.g. hashed email) to various destinations including Facebook (via "custom audiences").
I guess FB tracking pixels will no longer work when third-party cookies are removed from browsers. That seems like a massive hit for them if I understand it correctly (and a big W for us)
Getting rid of third-party support will mean FB doesn't get anonymous data from random website users - but if you are logged into FB or hit the page from a FB link, it would still be trackable as a first-party cookie.
My default for all browsing is to use Private Safari window and never stay logged in for longer than needed.
Btw, there is hidden Safari setting in iOS, under Advanced at the bottom, “Privacy Preserved Ad Measurement” that was on, for some weird reason. And check and purge Website Data periodically.
I'm in a similar setup for FF on my Mac, but I also have it clear everything on exit. I exit at least every couple of days just to clear things, and sometimes immediately after visiting certain sites just because it makes me feel better while wearing tin foil. It's annoying after every launch causes me to use all of the various 2FAs to log back in, but I just don't trust what all you evil devs have done to the internet.
Ha ha! I get it. But today’s FF is slipping to being worse. Lets see if uBO survives Manifest V3. And don't use DoH, I have a bad feeling about it, http cookies inside DoH are undefined thing.
You say so. It does everything I need, and as far as developing, I much prefer FF DevTools to Chrome and Safari. I only turn to Safari if I need dev tools for an iDevice
The tricky part, though, is that even with your client-side settings and privacy tools set up 100% right, any company that has your info can still send it to Facebook server-to-server, with "Conversions API."
The camera app on my Android phone pings Facebook every time it starts up despite me not having an account to use any of the Facebook integration. Presumably the lib does the same in many other apps.
Don't tracking pixels also work without cookies or Javascript though? If you have an `<img src="example.com/someTrackingPixel.gif">` on your website or app, the server that houses that URL gets a ton of info on you from the HTTP request header data. Less useful without the cookie but still something.
are we really not that identifiable with all of the fingerprinting techniques and what not? the majority of people do not use VPNs to cover their tracks, and most home ISPs don't rotate their IPs that frequently that my tin foil hat suggests that for the non-techie person attempting to foil the IDing, they're IDing them.
Most browser "fingerprinting" methods have a pretty short half-life. The last assessment I read said something like half of the fingerprints were lost within 24 hours.
There are some companies that advertise device fingerprinting for moderation/anti-abuse services, but I have yet to see it in any martech stack. I assume they give lots of false positives and don't distinguish between different users/devices on the same network.
>Most browser "fingerprinting" methods have a pretty short half-life. The last assessment I read said something like half of the fingerprints were lost within 24 hours.
That's absolutely not my experience. Maybe if you use some weird research-level fingerprinting technique, but most fingerprints are just regular old boring stuff - screen and browser viewport size, installed plugins and fonts, browser UA and settings, hardware/gpu quirks, etc[1]. And it doesn't have to be 100% reliable, just reliable enough to track your activity to show you some ads.
[1] as a privacy conscious individual I'm fully aware just viewport size is enough to almost uniquely fingerprint me. I use my laptop screen, with sidebery extension, browser tab bar hidden by user css and sway in tabbed mode. My second computer is less unique, I "just" use sway and firefox with the minimal tab size (that for some reason is hidden must be unlocked in the about:config so it's very rarely used).
The problem is, if you are running a marketing database of millions and and millions of distinct IDs, you have to get into very esoteric fingerprint factors. Anytime you have a driver update or switch devices, you lose the connection in the data.
Doesn't the firefox resistfingerprinting setting fuzz most of these things? I see a lot of misconceptions about it on here when people use amiunique. It will say you are unique but if you look for a historical match there aren't any because you are unique, but also different each time you show up.
This gets lost a lot - just because you can prove uniqueness doesn't mean it's persistent or repeatable. Some of the "uniqueness" factors include things like number of audio devices or battery life.
There's a server side implementation FB offers developers to circumvent some privacy restrictions now being enforced by browsers which doesn't have all the features of the clientside version but is their current workaround. It will improve privacy slightly, but some websites are still gathering as much information about you as possible over the course of a session to try and build demographic information and remarket to you.
Consumer Reports themselves have 12 unique data trackers on their site, including the Facebook pixel.
And just to be clear about the usage of the term "Monitored" here. They mean that data tracking pixels are sending anonymized data between META and all of these companies. Not a soul at META or any company with that pixel installed are aware of any PII or even, in most cases, cognizant of your specific session on their site.
Earlier today, this[1] was on the HN front page, a blog post on how Meta processes trillions of serverless functions. All that impressive tech exists for one single reason - massive surveillance at scale.
You're right, but "selling people stuff" is a secondary source of profit. Surveillance too. The truth is, users become profitable far before they ever pull out a credit card, and the goal isn't the credit card, it's the user itself.
To target an ad for a product, you need an interest-based profile on someone. To build that profile, you need data.
To influence public opinion (as has become so popular for politicians and intelligence departments), or if you want to monetize an emotional reaction (like the NRA or PETA) you need a psychological profile, or a way to extrapolate one. Again, data.
To prosecute crimes, you need communications and location data (this is what most would call "surveillance"). Law enforcement (state and federal), private investigators, state departments are all customers for this. The market for this evidence (both what can and can't be used in court is harvested; look up "evidence laundering") is an unending stream of income, for the same reason as all three of these, and here's why:
If you're Meta, or Google, do you want to be performing this psychological profiling, or scanning every message for "incriminating" keywords, or tracking specific users' locations? Absolutely not. That would put your company at fault. So what do you do? You sell the data itself, unspecified, en masse. The FBI approaches you to implement a service that you can query for real-time location data? Hell no, buddy, that'd threaten the whole company! Go do it on your own servers! Pay for the data and compute it yourself! (Or pay for just enough processing to get what you need without us knowing what you're using it for, which is what op's link is about)
And that's exactly what happens: the data itself becomes the product. Then, the goal is to harvest as much data as you possibly can. That's the business model.
Product sales are not the aim. The people are what is sold.
they can't sell them stuff if they haven't surveilled them to find out what they want. although, even after all of the surveilling, they still fail to deliver relevant ads way more often than they should.
With an average of over 2000 companies tracking each person in the study, and with a great many of those companies being retailers, there is zero chance the identities of the individuals involved are not either already de-anonymized or trivially de-anonymized at some point in the future through a leak of the data collected by one of those retailers.
I have little doubt some of these companies do de-anonymization themselves (or through a third party). I use a PO Box for all my mail, yet I somehow get ads delivered to me based on my interests and recent purchases in my name to my residential address. I've literally never purchased anything using my residential address, I have zero mail sent here intentionally.
Do you receive mail to both addresses under the same or any name? Is it required to have the name field populated to receive mail to your physical or P.O. Box?
Oh another point this reminded me of: I go by Alex (to the extreme that it's on my bank accounts and credit cards) but all the ads have my full name Alexis. When I google my full name in quotes, all of the results are data brokers.
Full name isn't required, I've received mail to my PO box with my first name only, last name only, initials, etc...
My residential address is used so infrequently that my cousin remembers my PO Box number but had to recently ask for my street number to visit.
> The Markup has written extensively about the Meta Pixel and how it has been used to surveil people as they dial suicide hotlines, buy their groceries, take the SAT, file their taxes, and book appointments with their doctors. Website owners can configure the pixel to track user website interactions such as searches or filling out a form, sending each action to Meta, even if the user doesn’t have an account on Facebook. Although research tools like The Markup’s Pixel Hunt can detect the Meta pixel or SDK tracking, there is no way for a consumer to monitor the traffic between a company’s server and Meta’s.
Another reason to never touch an Ad company’s phone.
Wow that makes a lot of sense. When people complain about social media using their data, it often comes off as if they're addicted and a victim of it, like they're really complaining about their own use of the platforms that they have grown to resent. I, too, would resent FB (for me, Instagram) if it had even the slightest bit of control over me.
Pro tip: Like/interact with ads on Instagram that look cool so they'll show up more. I like the watches, cool shoes, cat food ads. I assume I'll buy something eventually once I get targeted with something that's not a cheap Chinese manufactured pile. It's never useful stuff like "Check out this cool shovel".
My understanding is that 3rd parties get to _target according to this data_, but they do not _get the actual data_. So I can say "I'm going to propose!" a bunch of times and get engagement ring ads (the classic example, bc now the bride-to-be may also start getting engagement ring ads before she's/they's proposed to) but the 3rd parties don't know what I said or who I am, just that there is +1 in the engagement ring bucket.
I also don't use much real PII, with fake name, burner email, but real uni and real birthday. Though I had to tell FB I was a straight male so I'd stop getting their hunk ads.
Anyways, there are ~550 advertisers listed. Here are the top ones. I threw a zinger in there too.
Live Nation Sponsorship x x
Ticketmaster x x
Drive with Lyft x x
Essence x x
Airbnb x x
Uber x x
AEG Presents x x
MullenLowe U.S. x x
AEG Presents - Media x x
Coinbase x x
The Joy of Spandex Deritives Incorporated, Inc
Live Nation Concerts x x
Amtrak x
CVS Pharmacy x
Iron Store x
Microsoft Customer Insights Center x
Massage Envy x
Huntington National Bank x
Evernote x
Big Spaceship x
Dollar General x
Edit: Holy sh!t!!! I personally made an FB ad to say hi to this girl I was dating back when targeting could be super narrow, and [her name] is one of the ads that targeted me lol! Wow and that was only once for a couple days.
Facebook probably has lots of more interesting data about you that you don't see in your report. Aside from that, having this data from millions of people, and being able to control what content they see on their platforms, these kind of companies gain a lot of power over a large group of people that they can employ in several ways. Influence political opinion, distract you from news they don't want you to know about. Influence public opinion. You can do a lot with it. That is why it's worth so much money and is it such a big business. On a personal level it might not directly have an influence on you, but you are contributing to humans being sheep for the herders to guide them as they want you to.
Never had Instagram. Never had WhatsApp. Had an old Facebook account opened under a fake name, using a throwaway email (haven't opened it in six months, maybe more).
Let me guess: you don't have a kid that goes to a school that only posts crucial news and updates to their Facebook page and you don't have a friend group that uses a WhatsApp group to plan events. Try explaining to the average human that you have a moral objection which means you can't install the same app everyone else has, and that everyone else needs to do a lot of work to accommodate you. One of my friend groups calls me a tech vegan, and not in a good way.
I have kids that go to school and they don't use Facebook. They don't want to. I didn't even ask them to not have an account. (that one kind-of surprised me, honestly)
My Jiu Jitsu gym heavily uses Facebook but they're smart enough to recognize that not everyone (even the people that have an account) checks it regularly so they notify the members through other means. Lately they've been telling people to be on the lookout for a text message they're planning on sending so, it sounds like they're recognizing that Facebook use is waning in a meaningful way.
I haven't had a Facebook account in 12 years and haven't missed it one bit. I don't expect everyone else to do any extra work to accommodate my preferences. I didn't ask my gym to text me. The just started doing it.
Time and again for the last 12 years I've found that if there was something someone needed me to know, they found a way to contact me and, if I needed to get in touch with them I found a way. Just like we did for many, many years before Facebook started.
This is an excellent reply to the tired old "But nobody can possibly live without Facebook, Instagram, and WhatsApp" claim people keep making. I'm sure there are tens, maybe hundreds of thousands of people who, apparently by some great miracle, manage to live normal, healthy lives without using these apps. If businesses want to do business with you, they will find a way to be reachable outside of Meta. If your friends are actually your friends, they will communicate with you outside of Meta. If your school has a mandate to keep in touch with parents, they will find a way.
I do not use facebook anymore. Yes I do have an account but I cannot remember last time I logged in. Likely over 6 months ago. Whenever I do login it is to check my jujitsu gym. Thats it! Logged in and out with.. what.. 5 mins?
I had little friends list on my fb. It was ex co-workers, uni/college/school friends. I know people who would have hundreds and hundreds of "friends" on theirs, making out how difficult it would be to leave it. Truth is half of them they have never met or spoke in person.
There are other means to connect with my friends. I am just tired of the current world, believing they need these social media accounts which, under the disguise of being free, have flaws in other ways as well as their mental health!
It is a sad world to constantly see people on their phones, likely witnessing a teenager walking to school or work with neck injuries in 15 years time.
Some people just cannot put their phone down. They are back on forums, groups, etc, within 10 minutes. Of course this is not a social media problem - but it most certainly is part of the cause.
So far, I've yet to be in a friend group that wasn't willing to switch to Signal once I explained my security concern. This includes my group of women who are spiritual directors in their 60s, not exactly a demographic you'd expect to care about E2EE.
It's always been easy for me to come up with a circumstance under which something the people involved cared about might become so politically or socially condemned that being associated with it could have major repercussions.
Maybe give that a shot next time you want a group to switch to something private.
> I've yet to be in a friend group that wasn't willing to switch to Signal once I explained my security concern.
I've found that works with friends, yes.
But it's too much to ask in cases like a whatsapp group for parents of a school class, or for participants in an upcoming event. Things where I don't feel like I'm entering with any social credit and don't want to be a huge noodge straight off the bat.
Well if they are your friends, you would expect that they will have respect for your choices. But maybe you are trying to convert them also, in a way they don't like it. So then they call you a tech vegan. I guess because vegans can be intense sometimes too.
It's not easy to convince ignorant friends. The best way I found is to not try to change them, but do keep your own principles. They'll respect that, and might even become interested in why you have your principles. Then if they ask you can explain them.
That is a good start but unfortunately my understanding is that they will still have a data profile on you specifically.
This is a problem for us all and we need regulation to solve it. And we probably need campaign finance reform to get people in power willing to regulate it.
Exactly, if your kid has an account, and she identified her mom, facebook will think her mom is your wife if at the same address. Those connections start to add up, add in they copied linkedin, your phone address books, email accounts, etc.
I try to do this and it _seems_ to be working okay. Facebook has not given me a correct/interesting recommendation in ages and google thinks I'm a different age and various other things that are not true when I look at their collected information.
I don't have that luxury. If I delete WhatsApp, I will be ostracized. Instagram is easier to live without but some people and services can only be contacted there. Mercifully Facebook is dead.
I've made peace with the fact that at least WhatsApp has end-to-end encryption. I hope to god they don't enshittify it.
This is depressing, but of even more concern is the fact that this data (and other, perhaps more "important" data) is available to essentially anyone with enough money to pay for it. This obviously includes most governments. I'm fairly sure the data brokers are not too picky about how they get paid.
There has to be regulation at the federal level to stop such practices. Nothing else will do.
Modern programmatic advertising enables each user to be pimped out to whichever manipulator is willing to pay the most. In just a few dozen milliseconds, Facebook will send out your personal data to participants in the advertising system ('bidstream data'), select a winner, and serve their ad to you.
Note: Your data goes out to bidders, and someone pays Facebook for it. That sure sounds like selling your data.
This is not some farcical, imaginary backdoor to collect data and spy on people. It's happening right now. "Patternz", an Israeli spy-tech company, run an advertising service as a front to get free access to bidstream data from 87 ad exchanges and SSPs including Google, Yahoo, MoPub, AdColony, and OpenX.
They take those bidstream data, de-anonymize them, and permanently record them. They claim to have profiles on billions of users including their location history, home address, interests, information about 'people nearby', 'co-workers' and 'family members'.
See also this slide of theirs: https://pbs.twimg.com/media/F-5bA6QW8AAyfSK.jpg, entitled, "We help national security agencies detect audience patterns and user behavior using digital advertising data mining and analytics".
Show us a link to a Facebook advertising API which can give me bidstream data which includes a user's demographic info? The links describe "Modern programmatic advertising" including "Patternz" but have not shown that Facebook is an implementor.
For the record every time I have advertised on both Google and Facebook, it works in reverse: I give them my ad, audience info, and how much I'm willing to bid, and they run an auction per impression (of which I don't get to participate in knowing the details directly). I get no user data, only the bill. If I did get user data (presumably with user consent) I would start my own direct-marketing mailing or email list and stop paying the ad-tech companies each time (who act as gate-keepers).
Only to the extent that I have read earlier reporting about Patternz, and that I have long been aware of the harm and national security risk that RTB poses and shouting about it whenever I can.
Couple days ago I logged into Facebook for the first time in about 2-3 years because I wanted to download a video that I had saved there. What a hot mess.
I needed to reset my password, but the form was seemingly unresponsive. Then suddenly a message appeared in a dialog popup letting me know that I had been temporarily locked out. I eventually managed to log in.
Inside the app, I had a handful of messages from various friends who were obviously hacked, asking me to click a some sketchy link. Several posts on my feed had comments from users who seem like bots.
I found the thumbnail of the video that I was looking for, clicked it, and got a plain-text page that read: "Gone." So, I guess the video doesn't exist anymore.
It felt like some sort of dystopia.
I couldn't stop thinking to myself about how many smart people work there, and how much money the company has, yet still it was one of the worst online experiences that I've had.
>I couldn't stop thinking to myself about how many smart people work there, and how much money the company has, yet still it was one of the worst online experiences that I've had.
Really feels like the product has been in 'maintenance mode' for a while. Probably the focus in the company has shifted to growing platforms and not declining ones. Once the grandparents are on the platform it dies.
Was it a video you uploaded? Have you considered doing a data request to see if your video is available that way?
> Once the grandparents are on the platform it dies.
Really? I thought the point of Facebook was to be in touch with friends and relatives.
I would rather say that "grandparents" were slow to adapt Facebook amd likewise slow to leave.
The decline of Facebook seems to me to be related to the feed pushing crap people don't care about and competition from Instagram, TikTok amd whatever.
Young people don't wanna be on the platform if their parents and grandparents are on it. Once those people got on Facebook the young moved to Instagram -> Snapchat -> Tiktok.
Instagram is interesting because it seems to have staying power in the face of Tiktok. Mainly just thirst traps and content stolen and ripped off of tiktok so not sure how long term it really is.
>The decline of Facebook seems to me to be related to the feed pushing crap people don't care about and competition from Instagram, TikTok amd whatever.
There is plenty of that on the other platforms you mentioned.
> I couldn't stop thinking to myself about how many smart people work there, and how much money the company has, yet still it was one of the worst online experiences that I've had.
Intellect by itself does not cause good. When will HN understand that? (Never.)
Wait until you try Marketplace. For something with so much monetization potential, it still looks and feels like it was slapped together by an intern. Using it is an exercise in frustration.
Most of the Facebook site has felt like something "slapped together by an intern" for a long time for me. But yeah, FBM really went above and beyond in that regard the last time I tried using it. It's too bad, because it does have a lot of potential as you said; Craigslist has been mostly ruined by scammers and FB has the advantage that everyone is basically a verified user and not some random person in Nigeria who wants to send you a cashier's check for more than your asking price.
The only thing from FB I've really liked was the Messenger Lite app, and they've destroyed that now. The regular Messenger app still works ok though, but it's very bloated.
> FB has the advantage that everyone is basically a verified user
When my wife sold a standing desk recently on FBM, approximately 60% of the respondents were scammers. They offered above the asking price, but wanted us to pay for a courier, for which they would repay us with cash in an envelope. The whole thing ended up so annoying and stressful, we said we'd never sell anything on Facebook again.
Recently been inundated with “People you may know” which are old flings, people I went on one date with/slept with once, etc… I met them on tinder or CL, and it’s very strange to see that. I can only guess maybe I was still in their phone, but I haven’t had a facebook app on my phone in many years, and I don’t believe they were all even on my contacts list. I did have whatsapp, so I can only guess that’s where it’s coming from - maybe there was a small overlap in 2017 or so. One of them I’m sure I never added to my contacts.
Anyway, it’s strange and jarring to see that. It’s been more than 6 years, I’m married - with kids. I don’t want to see them, I don’t want them to see me.
This was with everything on good terms, I can only imagine how jarring it would be if things were different.
People who are in happy relationships/marriages probably disengage from the platforms and focus more on the real world. There is an incentive here to be reprehensible.
Every time I open FB, I see only sponsored and suggested content, and never any content from friends, pages or groups I'm in.
Since a few years I moved my social media presence on Mastodon and Instagram (too many non-tech people stuck in Meta-lands). Honestly, I am kinda happy to see many of the pages I follow on FB moving to Threads, yes it is still Meta, but with the incoming ActivityPub integration it feels better.
I wonder how long until Meta will eventually integrate FB with Threads, so that you can easily crosspost between the two, as FB seems to be in maintenance mode since a while and I think Meta will eventually shift focus on Threads more (so expect Threads groups, Threads marketplace, Threads messenger, ...).
Hopefully with ActivityPub I can follow my racing teams pages from my own Mastodon-server and delete my Meta account (finally)...
Agreed. I opened the Facebook website on my phone last weekend to search for a pic on a kayak fishing group. It was impossible to navigate my feed, it was all sponsored content, ads, and Facebook’s ads for its own content.
Lately a lot has been happening in my life and all I can say is Thank God I meet C L E A N S P Y T E C H .this expert has been really good to me . when I meet him and his recovery team ,all I worried about in the past came back magically, they fix back my BTC refund to my cash app weekly. Every scammer that lied to me are now in big trouble .They help to verify identity of anyone I meet online & any related tech issue ,I ring C L E A N S P Y T E C H on 1<541 901 3390 .They charge no dollar at all .what can be as good as that.
There's such a beautiful irony in reading about unfettered data mining on a website (theverge.com) which connects to *37* third-party domains when displaying the article:
1. ak.sail-horizon.com
2. amazon-adsystem.com
3. api.parsely.com
4. c.amazon-adsystem.com
5. cdn.concert.io
6. concert.io
7. coral.coralproject.net
8. coralproject.net
9. csp.withgoogle.com
10. d35xxde4fgg0cx.cloudfront.net
11. duet-cdn.vox-cdn.com
12. google.com
13. googleoptimize.com
14. googletagmanager.com
15. googletagservices.com
16. gstatic.com
17. ingest.sentry.io
18. js.memberful.com
19. memberful.com
20. micro.rubiconproject.com
21. moatads.com
22. narrativ.com
23. o4682.ingest.sentry.io
24. parsely.com
25. polyfill.io
26. rubiconproject.com
27. sail-horizon.com
28. sentry.io
29. static.narrativ.com
30. theverge.coral.coralproject.net
31. vox-cdn.com
32. www.google.com
33. www.googleoptimize.com
34. www.googletagmanager.com
35. www.googletagservices.com
36. www.gstatic.com
37. z.moatads.com
P.S. list courtesy of the uMatrix browser extension
The amount of redundancy on that list is hurting the point you’re trying to make.
In terms of tracking double/quadruple etc counting the same company isn’t meaningful. So, once you start noticing it the list seems significantly shorter than it actually is (2. amazon-adsystem.com vs 4. c.amazon-adsystem.com). Worse, 5 of them are the same domain with www. in front (12. google.com and 32. www.google.com) which most people subconsciously see as the same thing.
Therefore, a slightly curated list comes off as more impactful:
I became an obsessive FB marketplace user buying up tons of other peoples old junk until one day I initially offered to purchase a table but discovered that IKEA was selling the same table for 5$ less in new condition. I explained my reasoning to the seller and sent her the link and within minutes I was banned from Marketplace with no recourse. I don't know if she reported me or something.
I was really bummed for weeks because FB support does not exist. But after a while I figured out that if you sign up for FB verified you gain access to human based support. I did so and eventually they managed to restore my account with no reason as to why I was banned. Maybe that will help?
I don't have a solution, but I tried to do something similar and asked my friend who is a manager in data and identity management at Facebook how I could create an account for some experimentation. He explained to me that they are very strict on identification nowadays and the only way to get back into a locked out account is to show ID next to your face on camera.
I have one browser (Chrome) where I have logged into Facebook/Insta/Oculus/Meta and one where I have never logged into them (Brave with Shields UP). I'd like to think that gives me some protection from tracking in the clean browser. Am I naïve?
If I don't want to use tor, but just reduce fingerprinting, is there a solution that wouldn't depend on extensions but use the features from a regular browser?
Firefox could limit the fonts and the resolution it reports to "usual" values, then upscale/downscale as needed.
Firefox offers tab sandbox/isolation so you don't need to do this. It's becoming standard elsewhere. You'll want to start isolating everything eventually. Gmail, shopping sites, etc.
Last I checked, Firefox no longer offers the Facebook container feature on fresh install. It was a hidden feature I had to go into about:config to set up... :(
You can have the most tricked-out, up-to-date protections on your client, or in a proxy between your client and a web site...and if that site is using server-to-server tracking they can get around it.
I regularly get my ads and social algorithms injected with topics that I have no relation to, except other people in my household are deeply into them.
Like pet reptiles related products while my kid was doing prior research before pitching us on raising one.
The bigger companies definitely cross reference access from different users/devices/browsers.
Probably protects you against a decent amount of tracking, but there are numerous markers still that don’t even rely on cookies, and when used together can be correlated back to your profile. For instance, IP address, user agent OS string, timezone, hardware capabilities via the browser, etc.
They do something called browser fingerprinting and look at things like resolution, feature support, os, window size, ip address, and a hundred other things, and make a best guess
“… and we wish we had that sort of pull instead of the small number of hundreds of stalking partners we get some of our income from” -- that site¹, no doubt.
Though credit to Consumer Reports for their refreshingly honest stalking opt-in banner: the two choices are “accept all” and “do not sell my personal information”, so there is no doubt what “accept all” results in.
--
[1] before the link was updated to go direct to consumerreports.org
Somewhat related.. I recently discovered Facebook "Ad Topics". In my case through Instagram preferences. List of topics is hilariously long and 2/3rds have nothing to do with me. But I guess it does help the sales pitches.. "Are you selling hunting bows? Well if you advertise on Facebook we have audiences of tens of millions interested in 'Bow Hunting'".
This kind of thing is one of the reasons why I don't use Facebook. Not to single Facebook out, though -- I don't use any social media, and am extremely hesitant to heavily use any web site or internet service at all because of how ubiquitous all the spying is.
Really? Selling your data is core to the business model of virtually every merchant that offers the ability to create an account and/or use a membership "rewards" tracking system.
> Facebook users can browse through the list of companies that have sent their data to Facebook by going to the Accounts Center and clicking on “Your information and permissions.”
Following the instructions I get "You have no available activity to show at this time.". Even when downloading my data I get nothing under sections like "Connected apps and websites". So it looks like opting out of everything possible and running FB in a dedicated FF container only seems to do something.
Surely someone here either knows a FB insider or is one, and could anonymously give a realistic description from the inside on what "creepy information" exists for the average user. And yet I haven't seen such a description. Is this because FB is simply too large and complicated for any person to really know what is tracked to any useful degree?
I don't believe anyone has ever received a copy of their "shadow profile". Nor do I think folks can see all of the data associated with their FB account (or Google account, even). I think it would really creep folks out if they could.
So most of the data provided is probably coming in via the FB tracking pixel. I think the references to FB's "custom audiences" is a red herring - it's a very manual process and very few companies use that feature in any sort of scale. FB hashes the data that gets uploaded and specifically throws out extraneous data that does not help it make matches with its existing data set: https://www.facebook.com/business/help/2082575038703844?id=2...
Love this note at the bottom: "Editor’s Note: Consumer Reports has a business relationship with LiveRamp and another data broker, Acxiom. Consumer Reports shares data with each of these companies in order to help support its mission."