“Can I try the Cole Haans in a size 8?”
Later that night on Facebook: An advertisement for Cole Haan pumps.
OK, maybe a coincidence.
“What’s the best high-tech scale?” my wife asks aloud.
Five minutes later on Instagram: An ad for scales.
Wait, are they listening?
“Get the little red Sudafed pills,” my mom says after I sneeze.
That afternoon: An advertisement for Sudafed PE.
Yep, they’ve even wiretapped my bodily functions. A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads. It’s not. “Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed,” says Facebook. Yeah, sure, and the government swears it isn’t keeping any pet aliens at Area 51. So I contacted former Facebook employees, and various advertising technology experts, who all cited technical and legal reasons audio snooping isn’t possible.
Uploading and scanning that much audio data “would strain even the resources of the NSA,” says former Facebook ad-targeting product manager Antonio Garcia Martinez. “They would need to understand the context of what you are saying—not just listen for words,” says Sandy Parakilas, a former Facebook operations manager. I believe them, but for another reason: Facebook is now so good at watching what we do online—and even offline, wandering around the physical world—it doesn’t need to hear us. After digging into the various bits of info Facebook and its advertisers collect and the bits I’ve handed over myself, I can now explain why I got each of those eerily relevant ads. (Facebook ads themselves offer limited explanations when you click “Why do I see this?”) Advertising is an important staple of the free internet, but the companies buying and selling ads are turning into stalkers. We need to understand what they’re doing, and what we can—or can’t—do to limit them.
What You’ve Bought
The story of how that Sudafed ad got to me begins at Walgreens. As I bought tissues and Afrin, I keyed in my phone number so I could get loyalty points. Information about the contents of my shopping bag began to spread. A third-party data collector—likely Nielsen-Catalina Solutions—added it to the purchase history it acquires from Walgreens. Johnson & Johnson, maker of Sudafed, paid the data broker for that information. With the use of Facebook’s tools, the information from my loyalty card—email, phone number, etc.—was matched with my Facebook account. (Data brokers run personal information through an algorithm before uploading, so it’s not identifiable, Facebook says, but it still can be matched with Facebook account information.) Then via Facebook, Johnson & Johnson decided to target adults ages 25 to 54 who bought Sudafed or a competing brand. In other words, me.
Do this: For starters, either doesn’t use loyalty cards or register them with an email address or phone number you don’t use. Facebook works directly with six data brokers, all of which allow you to opt out from their sharing of your data, everything from your email to your purchase history. Of course, it isn’t easy. You need to go to each broker website and fill out your form with, yes, your personal information.
Where You’ve Been
What could be better than your purchase history? Location, location, location. Did you stop by a shop? This ad will remind you to come back! Are you close to one of our stores? Here’s a coupon! My colleague Christopher Mims detailed in his recent column how advertisers are using all sorts of location signals—your phone’s GPS, Wi-Fi access points around you, IP addresses, etc.— to follow your breadcrumbs.
Do this: Limit Facebook from knowing where you are. In the mobile app (iOS and Android), go to Settings > Account Settings > Location and turn off location tracking. Disable location history, too. Other apps can pinpoint your location and serve you ads back on Facebook. Before granting any app location access, think it through. On the iPhone, go to Settings > Privacy > Location Services and go through the apps you’ve granted location access. (They should all say “Never” or “While Using”—not “Always.”) On Android, go to Settings > Location.
Which Apps You’re Using
A few days before my wife mentioned that digital scale, I downloaded LoseIt, a food-tracking app, to my iPhone. No more than 24 hours later, my entire Facebook and Instagram feeds were taken over with fitness and weight-loss ads. (Yes, Facebook-owned Instagram pulls from the same ad selection.) The free version of LoseIt shows ads from Facebook’s Audience Network. Even if you don’t log into the app via Facebook, the companies swap information. In my case, LoseIt’s maker FitNow Inc. used my iPhone’s Identifier for Advertisers (IDFA), a number stored on my iPhone, to match up any other history associated with my IDFA, including my Facebook account. FitNow confirmed that, when I opened the app, my IDFA became associated with “Healthy Living” and “Weight Loss,” which are now marked on my Facebook advertising profile.
Do this: Apple gives you the ability to limit advertisers from getting your IDFA. In iOS go to Settings > Privacy > Advertising > switch on Limit Ad Tracking. At the same time, you should reset the advertising identifier. With Android’s similar system, just go to Settings > Google > Ads > Opt out of Ads Personalization.
What You’ve Clicked or Tapped
Of course, there’s another way Facebook knows, well, pretty much everything about me: my web browsing history. Facebook Pixel is installed on millions of websites and apps, enabling advertisers and Facebook to see what you do on there. It’s why you may see an ad for a spatula after browsing spatulas. Add something to a shopping cart? Click on a different product or article on the site? A pixel can know.
Do this: Interest-based advertising is used across the web by the big technology companies. Facebook, Amazon, Google and others offer ways to opt out of their websites. On Facebook, go to Settings > Account Settings > Ads > Ad Settings and turn off all the settings on that page. You can also delete any interests Facebook may have gathered about you previously. On your computer’s browser, install the Ghostery or Privacy Badger extensions. Both allow you to see—and disable— trackers that are running on web pages.
Who You Really Are
All that information, combined with your activity on Facebook and Instagram—which pages or posts you’ve liked, the people you are friends with and more—gives the social networking conglomerate a very good portrait of you. The portrait gets clearer with even more information from data brokers: your salary, car preference, home size, political affiliations, spending habits and far more. It’s what allows any advertiser to log into Facebook Ads Manager and start targeting. Even I was able to log in, and laser focuses on people in a certain NYC ZIP code who have bought furniture and cooking spices—and who are “likely to move soon.”
Do this: Short of deleting Facebook and living in a bunker; there isn’t anything you can do to stop this entirely. “When ad targeting is used well, it makes advertising better,” says Facebook spokesperson Joe Osborne. “That’s why we build our targeting tools in a way that doesn’t share people’s personal information with advertisers and that gives people control over the ads they see.” My problem is, we still don’t have enough transparency about how these ads are getting to us. The more we focus on the realities—not that they’re listening, but how they’re monitoring our app downloads and trips to the supermarket—the more we’ll know where our privacy is at stake. But hey, if you’re still worried about the mic, by all means, turn it off. (On iPhone, go to Settings > Privacy > Microphone > Facebook. On Android, go to Settings > Apps > Facebook > Permissions > Disable microphone.
Credit: Joanna Stern for The Wall Street Journal, 7 March 2018.