Off Facebook Activity: Debunk

Saw this reposted by some friends on my Facebook Feed today, and in the process of writing up a comment response I ended up writing a long article about how that particular image ended up on my feed, and this one examining the truth:

Exact copy of image shared

For some background, I have 10+ years industry experience in software security as well as 2 years as a software engineer at Facebook on the mobile app, working on news feed and the iOS mobile application.

There is a good deal of non-factual information in this post, this isn’t the most interesting part or why I chose to start blogging instead of just pointing at one of the other debunks I found (after I made this post), however for supporting the much weirder post I’m writing now regarding the posts origins, I think it’s important to provide the chops that this is in fact disinformation:

Since Facebook last updated, they now have a feature where they can track all “Off Facebook Activity”

False: Facebooks latest mobile update (Though the screenshot seems to indicate mobile web, which doesn’t actually update?) introduces a new privacy stealing feature you have to opt out of

Truth: Facebook has a plugin that any website can use that will allow them to tell facebook to send them advertisments directly. This is a one way transaction (FB does not share customer information the other way, but will “deliver the ad”) similar to how you get mailbox stuffers in the mail, they had your address so they could send you shit. This has been one of Facebooks general advertising models for years. The only change here actually was an update in January 2020 (Not March when this meme first appeared) and was that FB implemented a feature that allows for users to block specific advertisers, and to see which advertisers have been sending Facebook information regarding your web traffic, as well as disconnect your account, allowing for more control. This was a commitment made during the senate hearings in 2018, and actually a privacy improvement over the existing mobile client behavior.

I went to my setting to see and they had access to my bank app, my email and anything I was searching for on Google

False: Facebook has access to your banking information, the contents of your email, or your google search history

Truth: Facebook gets your VISIT history for sites that choose to share that for purposes of advertising to you. For instance, when you visit a page on amazon for a particular dress you like, amazon may choose to send that page info to Facebook to send you advertisments related to that dress, or things that amazon thinks you may like related to that dress. Your bank may choose to send facebook the fact that you visited their site, in order to send you an advertisment for their latest checking product. They do not send your customer data. And Google doesn’t send facebook anything (they are a direct competitor of Facebook in the advertising space), though the websites you visit off that google search might send you ads. This information is used to send you advertisements that you might actually interact with. If you choose not to believe someone who worked there, or Facebooks own public statements, you could also follow the money, Facebook gets paid for ads based on which you interact with, and so it’s both in their best interest and yours to show you content that might be interesting. You CAN clear your whole Off-Line history (like this meme asks you to) but the only change you would see is that you would start to notice how many more worthless advertisements are in your feed, go ahead, scroll through, I think currently it’s 25% (in every 4 post), it feels like a lot more when they aren’t relevant.

TinFoil Hat Tip: If you’d rather see more irrelevant ads than risk facebook knowing what sites you visited, it’s not enough to just hit clear in the mobile app (assuming you don’t trust FB). Nor is it enough to “Clear your cookies” or use private browser, and an ad blocker, those who are really tracking you and not as public as facebook are doing so based on your home IP address, and other little fingerprint details that leak out of even your private browser. The only real way to anonymously browse the internet is to use a Tor based browser https://www.torproject.org/download/ and then only if you never login to a website, and use a new tab for each activity.

Another feature that is shown here is not related to visit tracking ads tagging, but the “Login using Facebook” functionality provided. It is technically possible if you choose to login to a website “Using Facebook” that Facebook could get then login as you to gain access to the information in those accounts (Kind of obvious, but maybe some people don’t get that?) — This would be STRICTLY against Facebook’s own terms of service, and something, that if done at any kind of scale would be easy to see by third party services, and if Facebook were to get caught in violation, the resulting fallout would destroy their entire business. These assurances are adequate for most websites that you can login to using Facebook (Oh no, Facebook could use my Candy Crush lives!) but are inadequate for most secure purposes that have some level of security liability (Note that your bank, or email account do not allow “Login with Facebook”), and by disabling this functionality (as the meme suggests) you’ll simply have to trust some other password storage tool, or remember the password you created so you could comment on NY Times articles…

Kevin Lohman, Software Engineer, Father, Story Teller, and former US Navy Sailor (who never set foot on a ship)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store