Facebook explained how it is tracking Non-Users across the Internet and for which purposes it is using their metadata.
Facebook is still in the middle of a storm for its conduct and the way it approached the privacy of its users after the Cambridge Analytica case.
Now Facebook is under scrutiny after Zuckerberg testified in front of the US Congress, the social network giant disclosed more information on data collection activity that aimed to gather info related to non-Facebook users.
Yes, it is true! Facebook can track you even if you are not using it, this is possible if you visit a website or an application that uses the services of the tech giant.
The services include Social plugins (i.e. Like and Share buttons), Facebook Login, Facebook Analytics, and ads and measurement tools.
“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.” explained product management director David Baser.
“Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them. Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features.”
As you can imagine, all these companies also offer targeted advertising services by leveraging the information gathered through their services.
Everytime a user visits a website, his browser shares the IP address to the website along with info about the machine (i.e. browser, operating system) and cookies. Facebook also collects data related to website or app accessed by the user.
According to Baser, the social network platform uses the information received from websites and apps, to implements its services, to target the advertising and to improve the safety and security on Facebook.
Data collected by the company also allows it to measure the success of its advertising campaigns.
Facebook also uses this information to prevent abuses and identify threat actors targeting its users.
“We also use the information we receive from websites and apps to help protect the security of Facebook. For example, receiving data about the sites a particular browser has visited can help us identify bad actors.” added Baser.
“If someone tries to log into your account using an IP address from a different country, we might ask some questions to verify it’s you. Or if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot.”
Websites and apps who use the services of the social network have to inform users that they are collecting and sharing said information with the social network. They need an explicit consent and are requested to explain the purpose data are collected.
Third-party scrapers have exploited an issue in the Facebook ’s search function that allows anyone to look up users via their email address or phone numbers.
Facebook revealed on Wednesday that 87 million users have been affected by the Cambridge Analytica case, much more than 50 million users initially thought.
Facebook is the middle of a storm, Mark Zuckerberg admitted public data of its 2.2 billion users has been compromised over the course of several years by third-party actors that gathered information on its users.
Third-party scrapers have exploited an issue in the Facebook’s search function that allows anyone to look up users via their email address or phone numbers.
Users name come up in Facebook searches is they don’t explicitly disable this security setting.
“Until today, people could enter another person’s phone number or email address into Facebook search to help find them. This has been especially useful for finding your friends in languages which take more effort to type out a full name, or where many people have the same name.” reads a blog post published by CTO Mike Schroepfer.
“However, malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. “
Schroepfer announced that Facebook has now disabled this feature and is changing the account recovery procedure to reduce the scraping activities.
Zuckerberg confirmed the extent of the scraping activity during a call with the press:
“I would assume if you had that setting turned on that someone at some point has access to your public information in some way.” explained Zuckerberg.
Zuckerberg blamed himself for what has happened to his company and promtly announced further improvements in term of privacy and security.
When asked if he still considered himself the best person to run the company, he said, “Yes.”
After the Cambridge Analytica scandal, Facebook made the headlines again, the company collected users’ Android call and SMS metadata for years.
The Cambridge Analytica case it raised the discussion about the power of social networks and the possibility of their abuse for the conditioning of political activities.
The non-professionals have discovered how important their digital experience is and how companies specialized in data analysis operate without their knowledge.
Social network platforms have an impressive quantity of information about and are able not only to profile us but also to influence our choice.
Six years ago I was banned by the “democratic” Wikipedia because I coined a term that described how it is possible to manipulate social network, the voice “Social network poisoning,” was deleted by Wikipedia English but it is still present in Wikipedia Italian version.
Give a look at the translated version … and if you have friends at Wikipedia tell them that was an error to ban me
Back to the present, many of you probably still don’t know that if you have installed Facebook Messenger app on your Android device, there are chances that the social network giant had been collecting your data (the start time for each call, the duration, and the contact’s name), including contacts, SMS data but not the text, and call history data at least until late last year.
The Facebook Messenger app logged phone call data only related to numbers saved in the phone’s address book. Facebook was collecting such kind of data, this is not a surprise for tech-savvy people because we have discussed it in the past.
In January, the popular Italian expert Simone Margaritelli wrote a blog post (Italian) on Medium inviting users to uninstall Facebook and Whatsapp.
The programmer Dylan McKay was able to find data, including logs of calls and SMS messages, in an archive he downloaded (as a ZIP file) from Facebook.
Mat Johnson, a Professor at the University of Houston Creative Writing Program, also made the same disturbing discovery.
The Cambridge Analytica case has is giving users another point of view regarding the collection of such kind of data made by Facebook and the real way they are using for.
A Facebook spokesperson explained that the platform collects this data to improve the users’ experience.
“This [above] screen in the Messenger application offers to conveniently track all your calls and messages. But Facebook was already doing this surreptitiously on some Android devices until October 2017, exploiting the way an older Android API handled permissions.” wrote Sean Gallagher, Ars Technica’s IT and National Security Editor.
“Facebook began explicitly asking permission from users of Messenger and Facebook Lite to access SMS and call data to “help friends find each other” after being publicly shamed in 2016 over the way it handled the “opt-in” for SMS services. That message mentioned nothing about retaining SMS and call data, but instead it offered an “OK” button to approve “keeping all of your SMS messages in one place.””
Facebook denied to collect call data surreptitiously with an official blog post, the social network giant highlighted that it never commercialized the data and that users are in total control of the data uploaded to the platform.
“When you sign up for Messenger or Facebook Lite on Android, or log into Messenger on an Android device, you are given the option to continuously upload your contacts as well as your call and text history.” reads the blog post published by Facebook. “For Messenger, you can either turn it on, choose ‘learn more’ or ‘not now’. On Facebook Lite, the options are to turn it on or ‘skip’. If you chose to turn this feature on, we will begin to continuously log this information, which can be downloaded at any time using the Download Your Information tool.”
Users can check data collected by Facebook going to your Facebook Settings→Download a copy of your Facebook data→Start My Archive.
“Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provide you with a better experience across Facebook. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.” continues Facebook.
If you want to stop Facebook from continuously upload your contacts to its server, you can turn off the uploading feature in the Messenger app. In this way, all previously uploaded contacts will be deleted.
iOS users are not affected by this issue.
Lesson leaned … every time we use an app it is essential to carefully read the documentation that details its work.