Tags: privacy Facebook information control
Noticing the Stalker
A friend pinged me today, asking about a strange interaction he’d just had. Basically, he had added something to a retail site’s shopping cart, then closed the browser tab without buying the item. Happens all the time, right? Depending on the site, your cart might still be present if you decide to return to the site, but otherwise it’s a done deal.
The difference in this case is that he received a Facebook message from the store, asking if he wanted to complete his purchase. Now, he had no account with the retailer, so wasn’t logged in either as you might with Amazon. Similarly, the store isn’t one of his Facebook friends. So the question is, how did they reach him to send the message?
Our mutual suspicion is that there is a tie between analytics used on the site and Facebook. When his browser tab was closed or some timeout passed, an event was triggered that somehow reached back through Facebook, where he was logged in, and asked them, “who was that guy?” We can’t tell if they have received any other information about him, or “just” used Facebook to pass on a message. Either way, it’s creepy as hell. How would you feel if you left a physical store, then got a text message from the sales guy without having left your number? It’s invasive and unwelcome, like any other stalker that doesn’t respect personal boundaries.
Naturally, the topic changed to how to respond to this intrusion. Clearly, many people find Facebook useful or amusing, or we wouldn’t participate there at all. Maybe account deletion is an option, but it’s a drastic step to take if you’re using it for any personal interactions that it facilitates. Is there anything else you can do to minimize this sort of irritation? Ideally without cutting everyone else off?
Things You Can Do
Much of what we’re seeing as intrusive or targeting behaviour is enabled by something we have done, or at least permitted. Default options tend towards making everything work, and sharing as much as possible. Maybe these huge companies will still know way too much about you, but it’s less bothersome if our noses aren’t rubbed in it.
Browsers Are, or at Least Can Be, Your Friend
Most of us tend to live in a web browser these days, one way or another. They provide a level of interactivity that may seem unfamiliar to computer users of old, and they blur distinctions about where programs are running, or data is stored.
To be sure though, your browser is something that you have at least a level of control over. They’re among the battle-scarred veterans of the information age, as they’re right on the front line for most things you do on-line. This has a couple of side effects that can work in your favour.
First, browsers are used to do multiple things at once, with at least some logical separation between what goes on in one tab or window and another. [[!wikipedia Same-origin_policy]] constrains your main interaction with the site whose page your tab is open to. This makes sense intuitively, because that site is where we think we “are” when browsing the Internet. When they save data to your system, it’s mainly that site that does so. “Cookies” are small chunks of mostly-harmless data, used to help you maintain that interaction from one click to the next.
Because browsers are general-purpose tools, they provide a number of controls or settings that allow you to adjust how they operate. When you use Facebook’s (or other sites’) mobile apps, you are giving up this controls to a large extent. You may have some basic enforcement provided by your phone, but otherwise it’s their tool, used for their purposes. The first tip then, is:
- Use your browser, not their apps. On an iPhone, this would be https://m.facebook.com/ in Safari, or the same URL in Android’s browser. Remove or purge the Facebook app as much as you are able.
Back to those cookies, they are also used to manage your data between sites. This uses what are known as “third-party” cookies, where the first two would be yourself, and the other is whatever site you are on. This is one of those technologies that I find rarely need as a normal user, and that is mainly used to do things between sites that I don’t need to be connected.
- On iOS Safari, this is under Settings/Safari, “Prevent Cross-Site Tracking”.
- On Firefox, under Settings, you have a Privacy and Security section. Set “accept third-party cookies” to “never”.
- On Chrome, you have to look under “Advanced” to get to a “Privacy and security” section, then “Content settings”, “Cookies”, until you find the option to block third-party cookies. It’ll be a post for another time, but it should strike you as no coincidence that Google does not make privacy settings obvious to the user.
Browser Add-Ons for Privacy
Browser add-ons or extensions provide additional functionality, either not intended or necessarily supported by default in your browser of choice. Most of them are frivolous, but there are a few I almost never go without.
Privacy Badger, from the Electronic Frontier Foundation (EFF) - This one takes a light approach, starting off as relatively unconfigured when first installed. It observes patterns in the sites accessed when browsing, and identifies those that appear to be trackers. This is what you generally want blocked, but you can be selective, and change your mind later. You should install this one first, as it can avoid some cruft while still being relatively unlikely to break web sites’ rendering.
uBlock Origin - There are a few variations of ad blockers, but some are paid for by advertising companies, or try to permit only unintrusive ads. I’m a cynic, and will suggest that those paying (someone else) for your eyeballs’ attention is intrusive by nature. This blocker is low-intensity on your resources, and takes subscription lists to track nuisance domains.
I rarely use a browser without ad-blocking, because they are also system infection vectors. In any case, I only need to see a few pages before I wander off in disgust. That people will tolerate blinking, flashing, moving ads seems counter-productive. If a site needs those ads to survive, maybe it’s time to move on.
How you use Facebook makes a large difference to the way your data is passed around. Notoriously, the individual settings are scattered willy-nilly across your settings menu items, change often, and are too easily changed back, even unintentionally. For instance, I tend to post to “Friends” only. That’s the default, and so it stays. If I want to post an item as Public however, it will silently change the default to Public as well. That is, the next post will be Public unless I go out of my way to change it back.
Apps - Entertainment, but There for Your Data
One of the issues at the heart of the Cambridge Analytica scandal was that the people whose information was gathered were not the original subjects of a survey app. Apps on Facebook aren’t served up directly by Facebook, but are hosted by other companies through their platform. Usually they’re something fluffy and vaguely annoying, where they’re prompting their users to also use the app, play Farmville or whatever. In this case, a bunch of people were paid a dollar or two to use the app for a survey, whereupon it harvested their data and often that of their friends. All of a sudden, it’s the data of 50 million people. While Facebook has tightened up the amount of data shared with app hosts, it highlights the issues of information sharing, and how little control you have once it’s out.
- If you use Facebook to log into other sites, get your IDs on those sites re-created under more typical login such as email address and password.
- Go to your app settings, and delete them all. Under Settings, go to the Apps, Websites and Games section, and make sure it’s turned off. Do this after the previous step, because it will disable those logins.
Facebook is primarily an ad platform, with a side benefit of helping you chat with friends and share cat photos. That ad behaviour is also where the creepy stuff comes in, so make it as non-touchy-feely as possible.
- Under Settings/Ads, turn off all the options to tie ads to your web usage, on and off Facebook.
- Make sure that your settings are set to “Friends”, not “Public”, unless you really want unknown people to see all your stuff, ever. Remember that if you make a Public post, you have to go and reset this so that your default isn’t kept Public.
You would be amazed at the amount of cruft you acquire on your account over time. At least I was, though I recognize all of it. It really highlights what a time sink this and other sites can be.
When I share things, it’s generally with the idea that someone might find it interesting, around that time. Maybe that day, or a week later or something. Whatever you post, or Like, or comment on though, is kept forever. Sure, you can delete your account, but that’s the nuclear option. It might be for the best, but let’s say you’re not ready to pull the whole plug today. What to do?
You can use another browser extension, to change the permissions on old content, or delete it entirely. Called “Social Book Post Manager”, it’s there to perform the thousands of clicks you need to get rid of old crap, that you will never go and do manually. It runs on Chrome and related browsers, and seems to work! Be aware though, it’ll run for hours.
- Install the Social Book Post Manager in your Chrome (or Opera, Vivaldi) browser. Sorry, this is a job for a PC, Mac, Linux or other desktop computer. I don’t think there is a mobile version.
- Log into Facebook
- Click the button for that extension, and follow the prompts.
- If deleting, note that it’s a two-step process. The first pass scans all the content for the time period in question, and then a subsequent confirmation goes and actually does it. It can take hours, so make sure you’re plugged in, and your computer isn’t set to go to sleep after a while.