So most of the data provided is probably coming in via the FB tracking pixel. I think the references to FB's "custom audiences" is a red herring - it's a very manual process and very few companies use that feature in any sort of scale. FB hashes the data that gets uploaded and specifically throws out extraneous data that does not help it make matches with its existing data set: https://www.facebook.com/business/help/2082575038703844?id=2...
Love this note at the bottom: "Editor’s Note: Consumer Reports has a business relationship with LiveRamp and another data broker, Acxiom. Consumer Reports shares data with each of these companies in order to help support its mission."
Update: Having poked around my own FB privacy report, Consumer Reports is clearly using the data available in the "Advertisers using your activity or information" report.
There are a ton of random companies on here, but it's important to note that this is NOT data being sent to FB as the report implies. This particular report is just the number of times I have been matched to an uploaded list - the uploading company already had my contact information, and they were able to add me to an ad campaign. FB doesn't bring in new data via these match requests, and they really don't share information with advertisers outside of how many matches they got.
How is “they sent facebook a list with my name on it, and facebook showed me their records showing I was on their list” compatible with the statement “this is NOT data being sent to FB”?!?
> Advertisers may get information from you (like your email address) when you interact with them outside of Facebook, like if you make a purchase in their store or create an account for a rewards program. They can create a hashed list with that information and upload it to Facebook. We can match users using the list to help the advertiser reach people who may be interested in their business and without Facebook learning any new identifying information about you.
Well, if a shoe company sends my email address to Facebook because I’m their customer and they want to advertise to me on platform, Facebook has learned new information about my purchasing behaviour.
I’m not sure what else Facebook does with that information. I wouldn’t be surprised if they use it and send me ads for shoes from other companies.
I'm not saying it's okay, but I'm also pointing out that the system doesn't work that way. Data brokers would not be comfortable handing over all of the data to FB if they thought FB was just going to steal it, and FB wouldn't trust gobs of unprocessed data from third parties ("You are now a 16 year old girl who likes Taylor Swift because there was a typo in the matched email address").
This argument is absurd. Facebook has a settings page with a list of all the companies that have told Facebook they do business with you. That's the monetizable signal that Facebook is paying for.
It doesn't matter if they took your name, hashed it and then facebook reversed the hash via a lookup table. Presumably, the fact that they're doing the hash stuff is to give themselves plausible deniability when you tell them to delete all your personal information, and they decide not to.
Here's a sketch of the argument:
- We got a request to delete your info, so we deleted your name and email address and everything with the hash, including the fact that the hash doesn't want to be tracked.
- 10 ms later, data brokers started pumping information about the hashes back into our system, but there was nothing we could do to block it (we forgot the hash)
- We rebuilt your profile to high fidelity within a few minutes, and linked it to all your devices within a day
- The next week a shady app developer sold us info to link your real-world identity to the hashes, but we had to assume this was a new user that hadn't opted out, since we deleted your info.
> I think the references to FB's "custom audiences" is a red herring - it's a very manual process and very few companies use that feature in any sort of scale.
My experience is that "custom audiences" is a typical/normal usage. Companies that use platforms like Adobe Experience Platform (AEP) create their marketing segments (sets of targeted customers or prospects) in AEP and send those identifiers (e.g. hashed email) to various destinations including Facebook (via "custom audiences").
I guess FB tracking pixels will no longer work when third-party cookies are removed from browsers. That seems like a massive hit for them if I understand it correctly (and a big W for us)
Getting rid of third-party support will mean FB doesn't get anonymous data from random website users - but if you are logged into FB or hit the page from a FB link, it would still be trackable as a first-party cookie.
My default for all browsing is to use Private Safari window and never stay logged in for longer than needed.
Btw, there is hidden Safari setting in iOS, under Advanced at the bottom, “Privacy Preserved Ad Measurement” that was on, for some weird reason. And check and purge Website Data periodically.
I'm in a similar setup for FF on my Mac, but I also have it clear everything on exit. I exit at least every couple of days just to clear things, and sometimes immediately after visiting certain sites just because it makes me feel better while wearing tin foil. It's annoying after every launch causes me to use all of the various 2FAs to log back in, but I just don't trust what all you evil devs have done to the internet.
Ha ha! I get it. But today’s FF is slipping to being worse. Lets see if uBO survives Manifest V3. And don't use DoH, I have a bad feeling about it, http cookies inside DoH are undefined thing.
You say so. It does everything I need, and as far as developing, I much prefer FF DevTools to Chrome and Safari. I only turn to Safari if I need dev tools for an iDevice
The tricky part, though, is that even with your client-side settings and privacy tools set up 100% right, any company that has your info can still send it to Facebook server-to-server, with "Conversions API."
The camera app on my Android phone pings Facebook every time it starts up despite me not having an account to use any of the Facebook integration. Presumably the lib does the same in many other apps.
Don't tracking pixels also work without cookies or Javascript though? If you have an `<img src="example.com/someTrackingPixel.gif">` on your website or app, the server that houses that URL gets a ton of info on you from the HTTP request header data. Less useful without the cookie but still something.
are we really not that identifiable with all of the fingerprinting techniques and what not? the majority of people do not use VPNs to cover their tracks, and most home ISPs don't rotate their IPs that frequently that my tin foil hat suggests that for the non-techie person attempting to foil the IDing, they're IDing them.
Most browser "fingerprinting" methods have a pretty short half-life. The last assessment I read said something like half of the fingerprints were lost within 24 hours.
There are some companies that advertise device fingerprinting for moderation/anti-abuse services, but I have yet to see it in any martech stack. I assume they give lots of false positives and don't distinguish between different users/devices on the same network.
>Most browser "fingerprinting" methods have a pretty short half-life. The last assessment I read said something like half of the fingerprints were lost within 24 hours.
That's absolutely not my experience. Maybe if you use some weird research-level fingerprinting technique, but most fingerprints are just regular old boring stuff - screen and browser viewport size, installed plugins and fonts, browser UA and settings, hardware/gpu quirks, etc[1]. And it doesn't have to be 100% reliable, just reliable enough to track your activity to show you some ads.
[1] as a privacy conscious individual I'm fully aware just viewport size is enough to almost uniquely fingerprint me. I use my laptop screen, with sidebery extension, browser tab bar hidden by user css and sway in tabbed mode. My second computer is less unique, I "just" use sway and firefox with the minimal tab size (that for some reason is hidden must be unlocked in the about:config so it's very rarely used).
The problem is, if you are running a marketing database of millions and and millions of distinct IDs, you have to get into very esoteric fingerprint factors. Anytime you have a driver update or switch devices, you lose the connection in the data.
Doesn't the firefox resistfingerprinting setting fuzz most of these things? I see a lot of misconceptions about it on here when people use amiunique. It will say you are unique but if you look for a historical match there aren't any because you are unique, but also different each time you show up.
This gets lost a lot - just because you can prove uniqueness doesn't mean it's persistent or repeatable. Some of the "uniqueness" factors include things like number of audio devices or battery life.
There's a server side implementation FB offers developers to circumvent some privacy restrictions now being enforced by browsers which doesn't have all the features of the clientside version but is their current workaround. It will improve privacy slightly, but some websites are still gathering as much information about you as possible over the course of a session to try and build demographic information and remarket to you.
Consumer Reports themselves have 12 unique data trackers on their site, including the Facebook pixel.
And just to be clear about the usage of the term "Monitored" here. They mean that data tracking pixels are sending anonymized data between META and all of these companies. Not a soul at META or any company with that pixel installed are aware of any PII or even, in most cases, cognizant of your specific session on their site.
So most of the data provided is probably coming in via the FB tracking pixel. I think the references to FB's "custom audiences" is a red herring - it's a very manual process and very few companies use that feature in any sort of scale. FB hashes the data that gets uploaded and specifically throws out extraneous data that does not help it make matches with its existing data set: https://www.facebook.com/business/help/2082575038703844?id=2...
Love this note at the bottom: "Editor’s Note: Consumer Reports has a business relationship with LiveRamp and another data broker, Acxiom. Consumer Reports shares data with each of these companies in order to help support its mission."