How to see which facebook advertisers have your private info

Cameron Summerson is ex-Editor-in-Chief of Review Geek and served as an Editorial Advisor for How-To Geek and LifeSavvy. He covered technology for a decade and wrote over 4,000 articles and hundreds of product reviews in that time. He’s been published in print magazines and quoted as a smartphone expert in the New York Times. Read more.

It’s widely known that Facebook allows advertisers to specifically target groups of people, but did you know that you can see which advertisers are actively targeting you? You can—and it may blow your mind.

As part of Facebook’s attempt to be more transparent, you can easily find out which advertisers are showing ads using a contact list that contains your info. This info is gathered by the advertiser, then uploaded to Facebook as a way to control who the ads are shown to.

Here’s how to find that info on both the web and in the Facebook app.

On the Web

To find your ad settings on Facebook dot com, you can click on this link to go directly to it. But for future reference, here’s where to find that info in Facebook’s menus.

First, jump into the Settings menu. You’ll find it by clicking the little down arrow near your name and picture in the upper bar.

From there, click the Ads option.

Choose “Advertisers you’ve interacted with,” then look at the “Who have added their contact list to Facebook” section.

That’s what you want—and the odds are you can keep clicking the “See More” button for a while. I had hundreds of advertisers on my list. Most of which I’ve never even heard of.

In the Mobile Apps

The verbiage is slightly different in Facebook’s mobile apps, so here’s where to find it.

First, open the menu (the three lines), then tap on “Settings & Privacy.” From there, choose Settings.

Scroll down to the Ads section, and click on “Ad Preferences.”

Choose “Advertisers you’ve interacted with” here, then see the second section—Advertisers who uploaded a contact list with your info. Tap the “See all” button to see the full (and likely massive) list.

As I said, mine had hundreds over a thousand.

The social media company is giving you more information about your information.

Share this story

• Share this on Facebook
• Share this on Twitter

Share All sharing options for: What you need to know about Facebook’s latest privacy tool

Facebook headquarters in Menlo Park, California. Josh Edelson/AFP via Getty Images

This story is part of a group of stories called

Uncovering and explaining how our digital world is changing — and changing us.

Facebook is giving users more details on the data it collects about them and how it’s used.

The company is updating its “Access Your Information” feature, first rolled out in 2018, to make it easier for users to see their personal information and activities across the site, as well as how it might be used to target ads to them. Here’s what it does — and what it doesn’t.

The feature is available for iOS and Android devices now, and Facebook says it will be rolled out for other platforms soon. If you want to see it for yourself, go to Settings & Privacy > Privacy Shortcuts > Your Facebook Information > Access Your Information.

Mobile app users will see eight categories of data when they tap “Access Your Information”: their activity across Facebook, friends and followers, preferences, personal information, logged information, ads information, apps and websites off of Facebook, and security and login information. Most of this data was already available to users, but the update makes it more granular and better spells out what it all means. Considering that many Facebook users still don’t realize or understand how some of this stuff works, more transparency is a good thing.

“We want to make sure that your information on Facebook is useful, easy to understand and easy to find,” the company said in a blog post announcing the update. “All of these changes were made in response to our own research that showed us how people interacted with Access Your Information already — for example, the new categories were developed based on what people were already clicking on.”

Facebook’s Access Your Information menu has a new look. Facebook

Facebook will also tell you how your data might be used to target ads to you (also known as, “Personalize your experience”). You could already see this information by clicking, “Why am I seeing this ad?” on the ads themselves, but this puts it in a second location, and one where the association between your data and how Facebook uses it is more clear. The company has also added a search function within Access Your Information to make it easier to find what you might be looking for.

Facebook, along with many other tech platforms, has in recent years tried to make its data collection practices more transparent and give users more control over them — to a point, at least. The company now lets users see how Facebook is tracking them when they visit other websites, as well as delete that data and stop Facebook from targeting them with ads based on it. And it’s made it easier for users to see the length and breadth of their Facebook activity across the platform and manage it. As a purely hypothetical example, you can easily find and delete or hide embarrassing roller derby afterparty photos from 2009 that you may not want to be associated with in 2021.

But you still can’t find out exactly how or why you were targeted for a specific ad (Facebook’s “Why am I seeing this ad?” feature always adds the caveat that “there could also be more factors not listed here”), and Facebook will still target ads to you based on your profile information and your location even when you turn personalized ads off. This doesn’t stop Facebook from collecting that information in the first place. There are limits, after all, to what Facebook wants you to know about what it knows about you.

Open Sourced is made possible by the Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Millions turn to Vox to understand what’s happening in the news. Our mission has never been more vital than it is in this moment: to empower through understanding. Financial contributions from our readers are a critical part of supporting our resource-intensive work and help us keep our journalism free for all. Please consider making a contribution to Vox today to help us keep our work free for all.

As Apple and Google enact privacy changes, businesses are grappling with the fallout, Madison Avenue is fighting back and Facebook has cried foul.

Send any friend a story

As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.

Give this article

Listen to This Article

To hear more audio stories from publications like The New York Times, download Audm for iPhone or Android .

SAN FRANCISCO — Apple introduced a pop-up window for iPhones in April that asks people for their permission to be tracked by different apps.

Google recently outlined plans to disable a tracking technology in its Chrome web browser.

And Facebook said last month that hundreds of its engineers were working on a new method of showing ads without relying on people’s personal data.

The developments may seem like technical tinkering, but they were connected to something bigger: an intensifying battle over the future of the internet. The struggle has entangled tech titans, upended Madison Avenue and disrupted small businesses. And it heralds a profound shift in how people’s personal information may be used online, with sweeping implications for the ways that businesses make money digitally.

At the center of the tussle is what has been the internet’s lifeblood: advertising.

More than 20 years ago, the internet drove an upheaval in the advertising industry. It eviscerated newspapers and magazines that had relied on selling classified and print ads, and threatened to dethrone television advertising as the prime way for marketers to reach large audiences.

Instead, brands splashed their ads across websites, with their promotions often tailored to people’s specific interests. Those digital ads powered the growth of Facebook, Google and Twitter, which offered their search and social networking services to people without charge. But in exchange, people were tracked from site to site by technologies such as “cookies,” and their personal data was used to target them with relevant marketing.

Now that system, which ballooned into a $350 billion digital ad industry, is being dismantled. Driven by online privacy fears, Apple and Google have started revamping the rules around online data collection. Apple, citing the mantra of privacy, has rolled out tools that block marketers from tracking people. Google, which depends on digital ads, is trying to have it both ways by reinventing the system so it can continue aiming ads at people without exploiting access to their personal data.

If personal information is no longer the currency that people give for online content and services, something else must take its place. Media publishers, app makers and e-commerce shops are now exploring different paths to surviving a privacy-conscious internet, in some cases overturning their business models. Many are choosing to make people pay for what they get online by levying subscription fees and other charges instead of using their personal data.

Jeff Green, the chief executive of the Trade Desk, an ad-technology company in Ventura, Calif., that works with major ad agencies, said the behind-the-scenes fight was fundamental to the nature of the web.

“The internet is answering a question that it’s been wrestling with for decades, which is: How is the internet going to pay for itself?” he said.

The fallout may hurt brands that relied on targeted ads to get people to buy their goods. It may also initially hurt tech giants like Facebook — but not for long. Instead, businesses that can no longer track people but still need to advertise are likely to spend more with the largest tech platforms, which still have the most data on consumers.

David Cohen, chief executive of the Interactive Advertising Bureau, a trade group, said the changes would continue to “drive money and attention to Google, Facebook, Twitter.”

The shifts are complicated by Google’s and Apple’s opposing views on how much ad tracking should be dialed back. Apple wants its customers, who pay a premium for its iPhones, to have the right to block tracking entirely. But Google executives have suggested that Apple has turned privacy into a privilege for those who can afford its products.

For many people, that means the internet may start looking different depending on the products they use. On Apple gadgets, ads may be only somewhat relevant to a person’s interests, compared with highly targeted promotions inside Google’s web. Website creators may eventually choose sides, so some sites that work well in Google’s browser might not even load in Apple’s browser, said Brendan Eich, a founder of Brave, the private web browser.

“It will be a tale of two internets,” he said.

Businesses that do not keep up with the changes risk getting run over. Increasingly, media publishers and even apps that show the weather are charging subscription fees, in the same way that Netflix levies a monthly fee for video streaming. Some e-commerce sites are considering raising product prices to keep their revenues up.

Consider Seven Sisters Scones, a mail-order pastry shop in Johns Creek, Ga., which relies on Facebook ads to promote its items. Nate Martin, who leads the bakery’s digital marketing, said that after Apple blocked some ad tracking, its digital marketing campaigns on Facebook became less effective. Because Facebook could no longer get as much data on which customers like baked goods, it was harder for the store to find interested buyers online.

“Everything came to a screeching halt,” Mr. Martin said. In June, the bakery’s revenue dropped to $16,000 from $40,000 in May.

Sales have since remained flat, he said. To offset the declines, Seven Sisters Scones has discussed increasing prices on sampler boxes to $36 from $29.

Apple declined to comment, but its executives have said advertisers will adapt. Google said it was working on an approach that would protect people’s data but also let advertisers continue targeting users with ads.

Since the 1990s, much of the web has been rooted in digital advertising. In that decade, a piece of code planted in web browsers — the “cookie” — began tracking people’s browsing activities from site to site. Marketers used the information to aim ads at individuals, so someone interested in makeup or bicycles saw ads about those topics and products.

After the iPhone and Android app stores were introduced in 2008, advertisers also collected data about what people did inside apps by planting invisible trackers. That information was linked with cookie data and shared with data brokers for even more specific ad targeting.

The result was a vast advertising ecosystem that underpinned free websites and online services. Sites and apps like BuzzFeed and TikTok flourished using this model. Even e-commerce sites rely partly on advertising to expand their businesses.

Facebook is one of the most visited websites on the planet. The social media giant boasts 1.71 billion active monthly users, from all four corners of the globe. It’s likely you have a Facebook profile yourself, as do your friends and family members. When you sign up, you provide personal details and data – which then gets frequently updated by members over the years. As you can imagine, that’s a lot of personal data! And it’s data that Facebook is making money from.

Targeted Adverts

Have you ever noticed the sponsored posts and adverts on Facebook? It’s likely that one or two has caught your eye in the past. Especially as they seem so targeted. If you change your relationship status to ‘Engaged’, you’re likely to see dozens of wedding related adverts. Recently lost your job? Facebook knows about that too. You’ll suddenly see training courses, recruitment agencies, and job postings galore. Targeted adverts are one of the biggest moneymakers for Facebook. By utilising the vast amount of personal data from the 1.71 billion active users, the social media giant can tailor adverts to suit your situation. This type of targeting is extremely beneficial for advertisers, who are willing to pay a premium to ensure their ads get seen by the right people.

Mobile Growth

According to the Wall Street Journal, Facebook reported a 57% revenue increase in the first quarter of 2016, taking their total to $5.2 billion. With the growing usage of mobile phones for social browsing, the mobile ad revenue accounted for four-fifths of that total. When users log into Facebook on their phone, the social network receives massive amounts of data – including location. This geographical data is invaluable to potential advertisers, as it shows who is in their catchment area. This, paired with the usual personal data shared on Facebook, ensures that mobile adverts command a far higher price than desktop advertisements.

Protecting Your Privacy

According to a report by the World Economic Forum (WEF), 50 billion devices will be connected to the internet by 2020. This means that the amount of personal data stored on the web is also likely to be 44 times larger than it was in 2009. And companies like Facebook will continue to make a fortune from this data. There are ways to protect your privacy online, however. It’s time for you to take charge of your own data. For starters, you can limit what you share on the social media site. While this may take some ‘fun’ out of Facebook, it can also work to your advantage in terms of security. There are also ways to turn off location sharing on your phone, using your settings. This will stop those geographically targeted ads and from Facebook making a pretty penny with advertisers targeting your area.

The key is to be extremely careful what you share with the world, using any kind of social networking service. There is a price on your personal data and Facebook is making sure it gets that price for each of its 1.71 billion users.

• How Facebook Makes Money from Personal Data
• Privacy concerns about Facebook LifeStage app
• Pokemon Go Privacy Concerns
• What is the GDPR?

About Us

At PrivacyTrust we are dedicated to helping companies understand and meet the highest standards of data privacy. To help protect the sensitive information, and respond in the event of a data breach. We specialise in Privacy Shield and GDPR.

What is Targeted Advertising?

Lesson 20: What is Targeted Advertising?

What is targeted advertising?

Advertising is everywhere online, but we’ve gotten pretty good at ignoring it. To win back our attention, advertisers have adapted to our digital viewing habits by remembering what we read and buy online, then using this information to sell us things they think we might like. While it may sound strange, this practice, called targeted advertising, has become very common.

Targeted advertising is a form of online advertising that focuses on the specific traits, interests, and preferences of a consumer. Advertisers discover this information by tracking your activity on the Internet.

How does it work?

Here’s one of the most common methods: Let’s say you go to Amazon to look for a new Paul McCartney CD. In order to keep track of your visit, Amazon creates a file called a cookie on your computer. Later, when you’re reading an article on Slate, automated advertisements read this cookie and generate ads for items related to your Amazon visit, like other Paul McCartney albums or a Beatles T-shirt.

The good thing about targeted ads is that you’ll see ads for products you actually want. However, this system isn’t perfect. Even if you only visit a page once, you may see ads for that particular product for quite some time. For instance, you may keep getting ads for maternity wear long after you’ve given birth.

Aside from cookies, advertisers also learn about you in other ways, like checking your search engine history and finding your personal information on social media.

Isn’t this an invasion of my privacy?

Targeted advertising could be seen as an invasion of privacy. However, remember that all of the information you submit to the Internet can be tracked, whether it be search engine requests, social media updates, or the websites you visit. And if it can be tracked, this information may return to you in the form of a targeted ad.

The more advertisers know about you, the more they assume about your buying habits. Age, gender, income, relationship status: Advertisers will take whatever they can get if it means they could sell you something.

For instance, the Facebook profile below contains biographical information that advertisers would love to know. According to the profile, this user is a young, art school-educated woman who lives in a big city. Based solely on this information, advertisers could send her numerous targeted ads that may appeal to her.

Can these ads follow me across different devices?

Yes. If you’re shopping for work boots on your laptop, you can get targeted ads for work boots on your smartphone, even though you never browsed for boots on the device. Advertisers can now guess who you are by analyzing your location, browsing habits, and the types of sites you sign in to, like Facebook or Google. And the crazy part? Their guesses are surprisingly accurate, according to articles from Digital Trends and MIT Technology Review.

The advertisers that collect and use this data claim to not keep sensitive personal information on file, but it’s difficult to figure out exactly what these big-data advertisers know. Unfortunately, this type of data collection is becoming the norm and currently there are no regulations against it, meaning it will likely be around for years. Thankfully, there are a few things you can do to fight back against the ads.

How can I stop these ads?

First, a good rule of thumb for browsing online: Assume that nothing you do online is private.

Next, if you simply want to stop seeing ads, download an ad blocker for your web browser, which should get rid of most of them. To prevent advertisers from tracking your information altogether, you have a few options:

• Go to the Privacy settings of your web browser, then delete your cookies and ask websites not to track you.
• Visit an opt-out site like About Ads and request that participating ad agencies stop tracking your information. While it will not completely eliminate targeted ads, it will significantly reduce them.
• Reduce the amount of information you share on social media, giving advertisers less to learn about you.

Also, all web browsers have a private browsing mode that doesn’t record your history or cookies. However, this mode will not prevent targeted ads, as advertisers can still track you in other ways, like your search engine history and social media information.

Online ads aren’t going away anytime soon, and targeted advertising is proof that advertisements have adapted to the changing tastes and habits of consumers. Now that you understand how advertisers learn about you and your online activity, targeted ads should no longer surprise you.

How Does Facebook Know What Ads to Show You? (Example)

The way Facebook determines what ads to show you is based a lot around the information you provide by your online activity. By using things such as your age, location, page likes, app use, and even data from the mobile websites you browse, Facebook profiles you into categories that advertisers can then use to target ads to you on Facebook. If the ads you see on Facebook sometimes seem frighteningly specific to you, that’s because Facebook is constantly keeping track of your activity, determined not only by everything you do on Facebook, but also by your offline activity as well.

With a few key partnerships in place, Facebook also uses what you buy in real life stores to influence and track the ads you see. Through combined data, they have an idea of what you like, where you shop, and what you buy. It sounds a bit crazy, but do not be alarmed! This practice is actually much older than many people realize. Facebook combines the information from data collection companies like Epsilon, Datalogix, Acxiom, and BlueKai with information they have about you. Through things like store loyalty cards, mailing lists, public records information, and browser cookies, these companies already collect information about you. For example, if you buy a bunch of frozen pizza at a grocery store, and use your loyalty card to get a discount, that information is cataloged and saved by a company like Acxiom.

Basically it comes down to this: your online and offline activity combined- determines what kind of ads you’ll see. Of course, a lot of complex math and algorithms are in place to actually produce this data, but much of it comes down to how much information you are making public—whether you’re aware of it or not—that makes the system work. In theory, it does this to make targeted ads more relevant and specific to you.

Facebook does break their targeting categories out into subcategories including Demographics, Interests and Behaviors.

Demographics are used to reach people based on things such as education, employment, household, financial, income, language and lifestyle. To take a look at how specific the targeting can get, let’s look at education as an example. Demographics could answer questions such as:

• What’s their education level? (Associate degree, college graduate, Master’s degree, Doctorate degree, high school grad, in grad school, in high school, still in college, professional degree, some college, some grad school, some high school, not specified)
• What was/is their field of study? (Business, Marketing, Finance, etc.)
• What school did they attend? (High schools, colleges, graduate school etc.)
• What years were they in undergrad? (Select a range of years people graduated)

Another great example could be moms. Demographics could target not only are they a mom, but what type? (Big-city moms, fit moms, corporate moms, green moms, moms of pre-school age children, moms of high school kids, new moms, soccer moms, stay-at-home moms, trendy moms, sports moms)

Interests reach specific audiences by their “interests” and this is where things can get really interesting, because you can type in just about any brand, place, or topic and target those users if the audience is large enough.

This category includes: apps they use, posts they share on their timelines, and pages they “Like.”

Not surprising, the Interests section includes the most targeting options. There are tons of categories, with even more subcategories. The category breakdown is as follows:

• Business and Industry
• Entertainment
• Family and Relationships
• Fitness and Wellness
• Food and Drink
• Hobbies and Activities.
• Shopping and Fashion
• Sports and Outdoors
• Technology

Behaviors are used to reach people based on purchase behaviors or intents, device usage and more. Typically this data is acquired by Facebook from third-party data collection companies. Like Interests, there are many, many Behaviors and even more subcategories to target. Some examples of Behavior targets and subcategories:

• Automotive: What kind of vehicle do they drive? What cars are they interested in? New or used? Buy or lease?
• Charitable Donations: Do they donate to charitable organizations, and if so, which ones?
• Digital Activities: What Internet browser do they use? Are they console gamers? Are they early or late technology adopters?
• Financial: Are they likely to invest? Are they likely to be high spenders? Do they have multiple lines of credit?
• Mobile Device User: What brand of mobile device do they use? Are they smartphone or tablet owners?
• Purchase Behavior: Do they use coupons? Do they shop from department stores or luxury stores? The kinds of products they heavily buy: clothing, toys, house goods?
• Residential Profiles: How long have they lived in their home? Are they likely to move? Have they recently borrowed money to purchase a home? Are they renters?

These are just a few examples, but you can see, Facebook uses many ways to target, all in the hopes of showing the consumer, relevant, useful ads, which is what makes it such a powerful advertising tool.

This is a significant shift for Facebook advertisers to note.

After its initial strong opposition to evolving approaches to user data tracking, which have imposed significant limitations on the information that it’s able to utilize within its ad targeting processes, Facebook has seemingly now accepted that this is the new norm, and that it will need to work with app hosts to update its systems in order to better align with the new limits on what information it’s able to access about audience response to ads.

As explained by Facebook:

” With Apple and Google continuing to make changes via their browsers and operating systems, and with the changing privacy regulatory landscape, it’s important to acknowledge that digital advertising must evolve to become less reliant on individual third-party data. That’s why we’ve been investing in a multi-year effort to build a portfolio of privacy-enhancing technologies and collaborate with the industry on these and other standards that will support this next era.”

Indeed, Apple’s App Tracking Transparency (ATT) update, which it rolled out in April as part of 1OS 14.5, is already having a major impact on the digital ads sector, with Facebook advertisers, in particular, still adjusting their approaches and working out the best ways to mitigate the loss of audience insight.

The true impacts of the ATT change are still evolving, with reports showing that over half of all iOS users are opting out of app tracking, when shown the new prompts.

That’s lead many to increase their reliance on a broader range of data tools to attribute ad response – but soon, Facebook says that it will have a range of new options to consider on this front.

Helping to provide more insight within these data limitations, Facebook developing a set of p rivacy-enhancing technologies (PETs) for ads, which will minimize the amount of data gathered and processed, in order to help protect personal information, while still facilitating insight into campaign performance.

“ We believe that PETs will support the next generation of digital advertising, which is why we’re investing in a multi-year effort with academics, global organizations and developers to build solutions and best practices.”

Facebook says that PETs will involve ‘advanced techniques drawn from the fields of cryptography and statistics’, which minimize the data that’s processed, while still preserving critical marketing functionality like ad measurement and personalization.

Facebook’s exploring several ways to apply these approaches to new measurement solutions.

“Last year we began testing our Private Lift Measurement solution with select partners, which uses a privacy-enhancing technology called secure multi-party computation. This helps advertisers understand how their campaigns are performing, while adding extra layers of privacy to limit the information that can be learned by the advertiser or Facebook.”

Facebook says that Private Lift Measurement will be a vailable to advertisers next year, while it’s also working on additional tracking tools, like secure multi-party computation (MPC) , which enables two or more organizations to work together on data sharing, while limiting the information that either party can learn.

“Data is encrypted end-to-end: while in transit, in storage and in use, ensuring neither party can see the other’s data. MPC is useful for enhancing privacy while calculating outcomes from more than one party, such as reporting the results of an ad campaign or training a machine-learning model where the data is held by two or more parties.”

Facebook’s also researching on-device learning, which would facilitate ad performance insights without sharing individual data, among other approaches to the new privacy-enhanced landscape.

Similar to Google’s Privacy Sandbox project, which aims to limit data gathering, while still facilitating ad performance tracking, these new tools aim to find a middle ground of sorts to ensure that marketers can still maximize their ad spend, while also meeting increased demand for data control and restrictions from consumer groups.

But in order to action these new approaches, Facebook will need industry cooperation:

“These technologies will only be successful for people and businesses of all sizes if there is industry collaboration and a shared set of standards. That’s why we are calling on platforms, publishers, developers and other industry participants to work together – on these technologies and other privacy-focused standards and practices.”

Facebook’s hope is that, now that the initial impacts of Apple’s ATT update are clear, more industry groups will be compelled to worth together on solutions – though that will be relative to the impacts that each platform and organization is seeing, with some no doubt happy to see Facebook lose some ground as the clear leader in digital ad tracking.

Some platforms, like Twitter, have claimed that they’re not seeing major impacts as a result of the ATT update, while reports have also suggested that Facebook will be the most heavily impacted by this shift. Given its dominance in the digital ad space, maybe some won’t be so keen to help it regain ground in this respect, while individual advertisers who are also switching for more first-party data tracking may also, eventually, see less reliance on Facebook insights for their ad performance, lessening the impacts over time.

Which is why Facebook needs to push now. And clearly, smaller advertisers are the ones most impacted by this change, which lessens their capacity to hone in their campaigns, and reduce ad spend by optimizing based on such insights.

Maybe, by partnering with small business groups, Facebook can push for these changes to be adopted as industry-standard. But it’s an interesting shift, either way, which will have major impacts across the digital advertising sector.

Learn how Facebook tracks where you’ve been and how you can control it.

Fact-checked

Checked for accuracy by our qualified fact-checkers and verifiers. Find out more about fact-checking at CHOICE.

Need to know

• Facebook tracks your location data, mostly for advertising purposes
• Location services, your IP address, and your online activity can all be used
• Third parties might also track you if you’ve linked your Facebook account to a separate app or service

The countless ways Facebook collects your data are still being uncovered by journalists and government bodies the world over.

Among the many data categories is location tracking and history. The places you go, your opinions on them and the things you buy or do there are all valuable information for advertisers.

If you’re curious about how much is known about you, you can request a download of the information Facebook has gathered on you over the years. We took a look at a single user profile activated in 2007 and received almost 7.5GB (gigabytes) across two files.

How Facebook tracks and collects your data

Here are three ways Facebook tracks your location:

• Location services – This involves your phone or tablet’s GPS coordinates, as well as Wi-Fi and cellular network locations.
• IP address – IP (internet) addresses give a vague idea of your whereabouts, sometimes down to the postcode. It’s been confirmed that Facebook will estimate your location using your IP address, even if you opt out of location tracking.
• User activity – Facebook lets you check into venues or tag venues (for which it likely knows the street address and type of establishment) when you post. If you make a post and select that you are “with” someone else that Facebook knows the location of, then it will know your whereabouts by association. If you share where you live on Marketplace or respond to an event invitation, Facebook records this.

Facebook has also confirmed it partners with retailers via loyalty programs to track instore purchases.

Why Facebook tracks you

Despite what is commonly believed, Facebook doesn’t sell your information to advertisers. Instead, advertisers approach Facebook (or vice versa) with a goal like “We want to reach women under 40 who enjoy skiing and are likely to buy products online”.

If Facebook believes you fit into a category like this, you might see ads, articles or other content from that advertiser pop up in your feed or elsewhere on Facebook.

Your location helps build this profile on you in a few ways, including:

• If you’ve visited a store, venue or event recently and have given Facebook permission to track your phone, this could be taken as an indication of your interest in certain types of businesses, products, experiences or other factors such as political opinion or entertainment interests.
• If you click on or even view an ad online, then follow up by visiting a bricks-and-mortar location, Facebook can figure this out and give feedback to advertisers, letting them review the effectiveness of their advertising. It also confirms your interest in certain subjects and willingness to spend money on them. Facebook can gather this information partnering with loyalty programs and other payment-tracking services. It doesn’t need your GPS location.

Third-party interests

If you’ve given an app or service access to your Facebook account, it might use your location information for its own purposes. Facebook claims to have put stricter guidelines in place to control this activity in recent years, but it’s still a good idea to go into your account and see what apps are linked.

Delete anything you don’t use or would prefer doesn’t have access. Keep in mind if you use your Facebook account as a sign-in for an app or service, it will regain access the next time you log into it.

How to control Facebook location tracking and permissions

You can control how Facebook gathers and stores your location information – to a degree. We’ll cover the main points, but we recommend exploring the settings and seeing what other options you’d like to adjust or disable.

Location services

To disable GPS, Wi-Fi and cellular network tracking and location history on a phone or tablet (iPhone, iPad or Android), open your Facebook app and tap the three horizontal bars. Tap to expand Settings & Privacy, then Settings.

In the search bar, type “Location” and select the result to control location services and history.

For the more privacy-conscious, perhaps an even safer method is to uninstall the app and access your account via your device’s web browser.

IP tracking

Even if location tracking is disabled, your IP address might give you away. A VPN will fix this problem. Remember to only use a paid VPN service as free VPNs usually aren’t worth the risk.

You could also use the free TOR browser for mobile, which hides your IP address in a similar way to a VPN, but is often much slower.

User activity

If you want to keep your movements private, avoid tagging yourself at specific venues or with other people, who themselves might be broadcasting their location.

Also disable facial recognition in your account settings, so your smiling face won’t be automatically tagged in anyone else’s photos.

Many businesses and agencies that offer social media management as a service love the fact that all business profiles and ad accounts can be stored in one place (insert praise hands). Did you know, though, that there is a pretty major difference between Facebook ads manager and business manager? The wonderful world of Facebook can get confusing for some, so we thought we’d cover these two types of accounts within the platform that we utilize the most. Let’s dig in.

Ads Manager

Facebook ads manager is strictly for managing and creating ad campaigns. When you’re in the ads manager, you can select which individual ad account you’d like to view under your profile or your agency’s profile depending on who owns the ad account. For example, if your agency is an ad account owner, you can add business profiles under that account and create their own ad account under your agency’s. In ads manager, you can also check out ad campaign reports, which are super handy when you’re discussing ad performance with your clients.

There are two types of general “ads,” within Facebook, though. There are actual Facebook ads and boosted posts. Facebook ads manager is, in fact, different than just boosting a post that is already on your Facebook feed. If and when you say you launched an ad, but really just put some money behind a post on your page, you did not really launch a Facebook ad. You can still target your audience with these boosted posts, however, you can not see a report nor can you choose an objective (brand awareness, video views, page likes, etc) with these types of promotions. The sole objective of these types of posts is visibility and engagement with that post. If you’d like to see how specific you can target an audience with regular Facebook ads, check this out .

One other nice thing about Facebook ads manager is that you can filter ads by objective, demographic of the audience, and ad delivery (whether the ad is active, complete, recently complete, etc). If you want to compare how different ads performed, this feature certainly comes in handy!

Business Manager

Facebook’s business manager saves us a lot of time, which is nice. We use it to manage business pages, manage who is an admin on those pages and can even manage ad accounts. We look at it as the hub of all Facebook management. You can request access to existing pages or ad accounts if you don’t already have access. Plus, you can customize employee’s access levels for ad accounts. There are three assets that someone can be assigned to in the business (ads) manager. Those are ad account analyst (can only see ads), ad account advertiser (can edit and manage ads), and ad account admin (can manage all aspects of campaigns). If you don’t have an ad account or business page created, you can create them in business manager, too. In business manager, you can edit permissions for the people you have set up in your account. You can see below all of the categories you can edit.

One other nice thing about business manager is that you can be assured that your accounts are secure, plus you don’t have to friend your colleagues on Facebook before adding them as an admin (even though we love being friends with our colleagues).

For business pages, you can assign your team different accounts, edit his or her permissions, such as page admin, editor, analyst, live contributor, moderator, and advertiser. Perhaps you only want or need someone to see specific information; this is key for this reason!

If you’re not already utilizing these Facebook features, you should start! If you’re not advertising, why not? Do you need help with any of this? Say hello . We’d love to chat.

The Off-Facebook Activity tool reveals which websites send information about your online activities to the social network, while Facebook’s Privacy Checkup tool helps you review and tighten your privacy.

Facebook is notorious for tracking your online behavior—both on and off the platform—in order to personalize your experience and send you targeted ads. Fortunately, the social network also offers you tools to review and modify your privacy settings. The Off-Facebook Activity tool tells you what Facebook knows about your online activities when you leave the site. And the Privacy Checkup tool allows you to determine how much or how little information you reveal, and to whom. Here’s how to use both features.

What Is Off-Facebook Activity?

Facebook not only has access to your activity when you use the social network but also when you visit certain third-party websites. To help you manage that information, the Off-Facebook Activity tool lets you review and delete the data collected about you when you’re using other websites. You can also stop the off-Facebook activity from being saved with your account entirely and download the data to analyze it offline.

Off-Facebook activity includes any information that websites, apps, and organizations share with Facebook about your actions with them. This may be something as simple as visiting a specific website or app, or a more involved task such as searching for an item or purchasing a product. Facebook uses this information to serve you targeted ads.

By capturing your activity and choices on supported websites, Facebook can show you coupons and promotions you may find useful. For example, you might buy a pair of shoes from an online clothing store. That store shares your activity and purchase with Facebook, which saves it to your account. Facebook then serves you an ad with a 10% off coupon on your next purchase from that store.

Manage Off-Facebook Activity

If you’re uncomfortable with this type of tracking, especially since it occurs when you’re not on Facebook, you can use the Off-Facebook Activity tool to manage this information. Access this feature by clicking the down arrow in the top right and selecting Settings. Select Your Facebook Information and click the option for Off-Facebook Activity.

Facebook displays the names of sites that have shared your activity and informs you how it gains access to this kind of information. Get more details about your overall off-Facebook activity by clicking the “Learn More” link at the top.

To view your off-Facebook activity, click the icon for any site in the list and then enter your password. You will then see all the sites that have provided information on your activity to Facebook. Click a site to view specific details about it.

A line at the top poses the question “How Did Facebook Get This Activity?” The first drop-down menu will tell you how the site was sent the data to Facebook, such as by using Facebook’s business tools. The second drop-down menu lists examples of interactions with other sites, such as opening an app, visiting a website, searching for an item, or purchasing an item.

If you wish to flag a site as inappropriate content or a misuse of your information, scroll to the bottom of the Activity Details screen and click the Give feedback about this activity link. Select a reason for the feedback and click Send.

If you no longer want this site to share your activity with Facebook, click the Turn off future activity link. A confirmation message explains what will happen if you turn off this activity. If you wish to proceed, click the Turn off button. A message tells you that future activity from this site has been turned off, but keep in mind that your past activity has not been disconnected.

Manage Past and Future Activity

You can manage both past and future activity from the Off-Facebook Activity screen by clicking Manage Future Activity. Read the information on how off-Facebook activity is used, then click Manage Future Activity to take control.

At the next page, you can view the activity that has already been turned off. You can also turn off all future activity by turning off the switch next to Future Off-Facebook Activity.

You can also remove your entire off-Facebook activity history. Return to the main Off-Facebook Activity page. Click the Clear History button at the top and then select Clear History.

Download Off-Facebook Activity

To download your Off-Facebook activity, return to the Off-Facebook Activity page and click Download Your Information on the right.

By default, the Download Your Information page selects all your Facebook data for download. At this point, there is no specific setting just to download your off-Facebook activity information. But certain categories, such Ads and Businesses, do include off-Facebook activity. You may want to select just Ads and Businesses as a first step to see what information it provides, or keep all categories selected to view all your Facebook data. After choosing the categories, click the Create File button.

The page tells you that a copy of your information is being created. You also receive a notification by email. After the file is compiled and ready for download, you will receive another notification email. At the Download Your Information page, click the Available Copies tab, then click the Download button to save the information as a zip file on your computer.

Unzip the file and open it to review the information. From the extracted files, open the index.html file. From there you can access and view whatever categories of information you downloaded.

Privacy Checkup

To run the latest version of Facebook’s Privacy Checkup tool, click the down arrow icon in the upper right, go to Settings & Privacy, and select Privacy Checkup. At the Privacy Checkup window, click the first topic for Who can see what you share.

Click Continue. At the Profile Information window, review the settings for your phone number, email addresses, and birthday. Click the button next to each one, and choose whether to change it to Public, Friends, Only Me, or a specific Facebook list. You probably want this information to remain private or only visible to friends or a specific group. When done, click Next.

At the Posts window, set the option for who should see future posts. You’ll likely want to set this to Friends. The Limit Past Posts option changes past posts that were seen by the public or friends of friends to only friends. To do this, click the Limit button and click OK. Then click Next.

At the Block screen, you can block specific people from seeing things you post, starting conversations with you, or trying to add you as a friend. To do this, click Add to Blocked list and type the name of the person or account you wish to block. From the list of suggestions, click the Block button for the correct person, then click Next.

Mark Zuckerberg may have emerged unscathed from his first marathon Senate hearing, but his appearance left many questions unanswered.

For five hours on Tuesday, the Facebook CEO and founder was questioned by members of Congress on its role in allowing Cambridge Analytica, a UK-based political data firm that worked for Donald Trump’s presidential campaign, to improperly access data on 87 million people. (He’s before Congress again on Wednesday).

But many Facebook users still have questions about what the data scandal means, from what to do if an account is affected, to whether or not Facebook is selling user data to advertisers. We tackle questions from CNN readers below.

Want to submit a question? Send it in here. It could be featured in a future story.

How can I check if my data was compromised by Cambridge Analytica?

Users can see if their information was shared with Cambridge Analytica via a dedicated link.

Facebook is rolling out a message at the top of News Feeds to let users know if they’re among those affected. Users who were not affected may see a different pop-up alert showing which apps are connected to their Facebook accounts and what data those third parties can see. The link directs users to a tool that allows them to disconnect apps from their accounts.

A preview of messages users could see.

Why am I affected?

In 2014, about 270,000 people accessed a personality quiz from an app called This is Your Digital Life. Those who participated unknowingly shared personal information — including birthdays, pages they’ve liked and in some cases, even private messages — to Cambridge Analytica.

The process also shared the data of their Facebook friends. This means even if you didn’t take the quiz, and your Facebook friend did, you’re likely affected.

News of the improper collection surfaced last month.

What should I do if I was affected?

Unfortunately, there’s not much users can do right now.

Facebook is directing people to its Settings page to see which apps are connected to their accounts, such as Spotify and Airbnb. Users can manually remove those apps to make sure new data isn’t shared.

“[Users] will also be able to see what apps they have deleted in the past,” a spokesperson said.

It’s also possible to see the data Facebook has collected on them over the years. This includes old messages, poke history and which advertisers have access to your data.

To see your data profile, go to Settings > General > Download a copy of your Facebook data.

Do I have to have an active Facebook account to find out if my personal data was harvested?

If an account was deleted, Facebook cannot verify whether that data was accessed by Cambridge Analytica, according to the social network.

If I permanently delete my account, does Facebook still have my data?

When asked by a Senator if Facebook deletes user data when someone deletes their account, Zuckerberg said yes.

But the full answer is a bit more complicated.

If you permanently delete your account, you won’t be able to access any information or content you’ve shared in the past. However, some third-party apps may still have access to some of it.

Even when you delete your account, it can take up to 90 days for Facebook to remove the content like photos and updates stored in backup systems. But some information, such as messaging history, can still be seen by the Facebook user you wrote to even after your account was deleted.

“Copies of some material (example: log records) may remain in our database but are disassociated from personal identifiers,” the company says.

But third-party apps will still have access to previously collected personal data even if a user permanently deletes their Facebook account. For example, an app that was once connected to a profile, such as Uber or Airbnb, could still have access to information like a user’s friends list from 2013. The information stored depends on what access and permissions the user gives the app.

What is Facebook doing to prevent election meddling in US elections?

During his testimony on Tuesday, Zuckerberg said it’s one of his “top priorities” to “get this right.”

“One of my greatest regrets is we were slow in identifying the Russian operations in 2016,” Zuckerberg said.

Facebook has been under fire for allowing fake news and political ads linked to the Internet Research Agency — a St. Petersburg-based troll farm with ties to the Russian government — to spread during the 2016 election.

Last week, the company announced it will soon label political and issue ads, and show who paid for them. Facebook will also require anyone who wants to run a political or issue ad to verify their identity and location.

In an interview with Vox, Zuckerberg pointed to Facebook’s efforts during the French elections in 2017. The company developed new artificial intelligence tools to detect and delete fake accounts spreading misinformation. Meanwhile, during the special Senate election in Alabama last year, Facebook rolled out tools to target fake accounts spreading fake news.

Does Facebook sell my data to advertisers?

“We do not sell data to advertisers,” Zuckerberg said during Tuesday’s hearing.

However, Facebook uses information people provide — such as their age, gender and interests — to target ads to a specific audience. Advertisers tell Facebook which demographics they want to reach, and then the social media giant places the ads on related accounts.

Ads likely cost more based on how specific marketers want to get.

Although Facebook doesn’t directly sell your data to outside parties, it does make money from it. The company’s advertising revenue jumped 49% to $40 billion in 2017.

Why didn’t Zuckerberg testify before UK lawmakers?

Facebook hasn’t said why.

British lawmakers called on Zuckerberg to testify after the New York Times and UK media first reported about the Cambridge Analytica revelations.

“It is now time to hear from a senior Facebook executive with the sufficient authority to give an accurate account of this catastrophic failure of process. There is a strong public interest test regarding user protection,” Damian Collins, chair of the UK parliament’s media committee, wrote in a letter to Zuckerberg.

In a response to UK lawmakers, Facebook said it would make two senior executives available to testify instead, Chief Technology Officer Mike Schroepfer and Chief Product Officer Chris Cox. Both report directly to Zuckerberg.

Schroepfer is scheduled to testify on April 26 before the UK parliament’s media committee.

CNN’s Julia Horowitz contributed to this report.

The Data sharing settings in your Facebook channel lets you choose how customer data and browsing behavior is collected in your online store. Data sharing tools, such as the Facebook pixel and the Facebook Conversions API, let you track orders and other events, which can help you analyze your store traffic and improve ad targeting through dynamic ads.

Data sharing is a choice. While customer data improves campaign performance and sales tracking, not everyone wants their data shared. It’s important to tell your customers how you share data, and to decide what type of data, or how much data, you want to share. Make sure that your privacy policy is up to date to provide this information to your customers.

Choosing Facebook’s customer data-sharing level

The Facebook channel lets you choose how you want data to be collected and shared between your online store and Facebook. In the data-sharing settings you have three levels to choose from: Standard, Enhanced, or Maximum. For more information about customer tracking, refer to Cookies and customer tracking.

Depending on when you installed the Facebook sales channel, the customer data-sharing levels offer different privacy settings.

If you select Standard, then a Facebook pixel tracks customer browsing behavior in your online store. A browser-based ad blocker can prevent the Facebook pixel from sharing data.

If you select Enhanced, then your store uses Facebook’s Conversions API as well as the Facebook pixel. The Conversions API sends the purchase event between Shopify and Facebook servers. Data sent from server to server can’t be blocked by browser-based ad blockers. The Enhanced setting shares your customer’s personal information to match users on Facebook’s network. The information that is collected using this setting includes your customer’s name, location, email address, and phone number, as well as their browsing behavior in your online store. For more information, refer to Facebook’s documentation about Conversions API.

If you select Maximum, then your store uses Facebook’s Conversions API, Facebook pixel, and is updated with Facebook’s latest advertising technology. The Conversions API sends the purchase event between Shopify and Facebook servers. Data sent from server to server can’t be blocked by browser-based ad blockers. The Maximum setting shares your customer’s personal information to match users on Facebook’s network. The information that is collected using this setting includes your customer’s name, location, email address, and phone number, as well as their browsing behavior in your online store. For more information, refer to Facebook’s documentation about Conversions API.

For more information about data sharing, refer to Cookies and customer tracking.

Set up Facebook data sharing

You can enable customer data sharing during the set up of Facebook Shop, Instagram Shopping, and Facebook Marketing. You can also enable and change your Facebook customer data sharing settings at any time in the Facebook channel settings.

Steps:

From your Shopify admin, go to Sales channels > Facebook.

Click Settings.

Click Data sharing settings.

In the Customer data sharing section, enable customer data sharing.

In the CHOOSE LEVEL section, select the level of customer data sharing that you want to enable.

If you haven’t connected a Facebook pixel, then click Connect on the pixel that you want to use for customer data sharing.

Customer data-sharing events

After you add a Facebook pixel in Shopify, the pixel tracks certain events on your online store, such as when a customer views a certain page. You can use the data from these events to learn more about how customers interact with your store. Learn more about using Facebook pixel events to create campaigns and track conversions at the Facebook Help Center.

Events that track an order value use an order’s subtotal, which doesn’t include taxes or shipping costs.

After you integrate a Facebook pixel with your online store, the pixel automatically tracks the following events.

Facebook pixel standard event descriptions

Event name	Event description
ViewContent	When a visitor views a page, such as a product page
Search	When a visitor makes a search
AddToCart	When a visitor adds a product to the shopping cart
InitiateCheckout	When a visitor clicks the checkout button
AddPaymentInfo	When a visitor enters payment information in the checkout
Purchase	When a visitor completes a purchase and views the thank you page in the checkout

Data-sharing best practices

Because you decide how the personal information of your customers is shared, you need to make sure your customers understand how you collect and process their personal information. It’s your obligation to review Facebook’s best practices for privacy and data use for Facebook Business Tools, and include this and any other relevant information in a privacy policy in your store. To help you create a privacy policy, you can use Shopify’s privacy policy generator.

M anaging Facebook’s labyrinthine privacy settings is an ongoing challenge, not least because the options available to users are constantly changing. The social network has given people increasingly granular control over where their posts are shown and what pieces of personal data are used to serve ads. But these additional options have also made managing Facebook privacy even more confusing.

Here, we’ve put together a six-step guide to locking down your Facebook account as best as possible.

Step 1: See What Your Public Profile Looks Like

The first thing you’ll want to do is figure out how much of your Facebook info strangers can see. To do so, go to your profile page and click the three dots in the bottom right corner of your cover photo. In the dropdown menu that appears, click “View as.”

This will take you to a version of your Facebook page that appears the way it does to users who are not your friends. Certain information, like your name, current profile picture and cover photo, will always be viewable by strangers. But you can determine who sees other kinds of content. Try scrolling through your profile page in this view to see how many of your posts are publicly viewable to people who aren’t your friends.

Step 2: Decide Who Can See Your Posts

During Step 1 you may discover you’ve inadvertently been sharing posts with everyone on Facebook. Every time you make a post, Facebook gives you the chance to quickly decide which audience to share it with.

To the left of the “Post” button, you’ll see a box that shows who will be able to see a given piece of content. Click the box to choose an audience from a drop-down menu—the most common are “Only Me,” “Friends,” and “Public” (which includes anyone on or off Facebook). You can also share posts with people in your current city or create custom lists. That lets you share your baby photos only with family members, for instance.

Whatever audience you select for a certain post becomes the default going forward. So if you make one “Public” post, Facebook will default to making all your posts “Public” thereafter. If you find you’ve inadvertently been making too many posts Public, Facebook also has an option buried in its settings to retroactively make old posts more private. Click the down arrow in the top right corner of Facebook, then select “Settings” from the drop down menu. On the Settings screen, click “Privacy” in the left-hand rail, then select “Limit Past Posts” in the “Who Can See My Stuff?” section.

Step 3: Get Rid of Intrusive Apps

Over the years you’ve likely given dozens of apps permission to access your Facebook data in order to quickly login or pull up a roster of contacts. Facebook’s been keeping track of all those apps, and now gives you the ability to restrict particular apps’ access to information.

On the Settings screen, select “Apps” in the left-hand rail. You’ll be presented with a grid of all your Facebook-authenticated apps. Click any app and you’ll see an itemized list of every piece of personal information you share with the app, ranging from your birth date to your photos to your location. You can choose to stop sharing any individual data point or remove the app’s connection to your Facebook account outright. You can also turn off an app’s ability to send you Facebook notifications. That could prevent you from continuing to get annoying updates about your aunt’s Candy Crush habit, for instance.

Step 4: Make Yourself Harder to Find

Facebook made all user profiles searchable back in 2013, making it easier for other people to find you on the site. But users still have the ability to stop Google and other search engines from listing their profiles in search results.

On the Settings screen, select “Privacy” in the left-hand rail, then answer “No” to the final question listed, “Do you want search engines outside of Facebook to link to your profile?” On the same screen you can also choose whether you want anyone to be able to send you friend requests or only friends of friends.

Step 5: See Ads That Don’t Leverage Your Personal Data (As Much)

Facebook tracks your browsing habits across the Internet and uses this data to serve you more personalized ads. If that sounds creepy to you, you can tell the company to stop. In the Settings menu, click “Ads” on the left-hand rail. The first section deals with what Facebook calls “online interest-based ads.” If you turn this setting off, you’ll still see the same number of ads, but they won’t be tailored to your Web history off of Facebook. All your actions on Facebook are still fair game for serving targeted ads, though.

Just below this option is a setting to turn off ads paired with your social actions. When this setting is on, Facebook uses your Likes and shares to make ads in other people’s News Feeds more appealing. So if you like the Doritos page, that information might appear alongside a Doritos sponsored post in a friend’s feed without your knowledge. Select “no one” in this section and Facebook won’t use your Likes in this way.

Step 6: Block Troublesome Users

You can block specific users by selecting the “Blocking” option on the left-hand rail of the Settings menu. You can block users outright, meaning the users can’t see your profile or add you as a friend. You can also block users from doing specific actions, like sending you event invites or app game invites (again, good for that Candy Crush-addicted aunt). Also note that there’s a separate blocking option for Facebook Messenger on this settings page as well.

Users can also add users to a “Restricted List” on this page. Anyone on the list will only be able to see the posts and information you share with the entire public—and they won’t know they’ve been placed on this list. So if you want your co-workers to see your helpful Facebook privacy articles and not your raucous party photos, you might consider placing them on this list (and labeling certain posts “Public” as needed).

Behind every feature, Facebook is collecting data

Cambridge Analytica may have used Facebook’s data to influence your political opinions. But why does least-liked tech company Facebook have all this data about its users in the first place?

Let’s put aside Instagram, WhatsApp and other Facebook products for a minute. Facebook has built the world’s biggest social network. But that’s not what they sell. You’ve probably heard the internet saying “if a product is free, it means that you are the product.”

And it’s particularly true in this case because Facebook is the world’s second biggest advertising company in the world behind Google. During the last quarter of 2017, Facebook reported $12.97 billion in revenue, including $12.78 billion from ads.

That’s 98.5 percent of Facebook’s revenue coming from ads.

Ads aren’t necessarily a bad thing. But Facebook has reached ad saturation in the newsfeed. So the company has two options — creating new products and ad formats, or optimizing those sponsored posts.

Facebook has reached ad saturation in the newsfeed

This isn’t a zero-sum game — Facebook has been doing both at the same time. That’s why you’re seeing more ads on Instagram and Messenger. And that’s also why ads on Facebook seem more relevant than ever.

If Facebook can show you relevant ads and you end up clicking more often on those ads, then advertisers will pay Facebook more money.

So Facebook has been collecting as much personal data about you as possible — it’s all about showing you the best ad. The company knows your interests, what you buy, where you go and who you’re sleeping with.

You can’t hide from Facebook

Facebook’s terms and conditions are a giant lie. They are purposely misleading, too long and too broad. So you can’t just read the company’s terms of service and understand what it knows about you.

That’s why some people have been downloading their Facebook data. You can do it too, it’s quite easy. Just head over to your Facebook settings and click the tiny link that says “Download a copy of your Facebook data.”

In that archive file, you’ll find your photos, your posts, your events, etc. But if you keep digging, you’ll also find your private messages on Messenger (by default, nothing is encrypted).

And if you keep digging a bit more, chances are you’ll also find your entire address book and even metadata about your SMS messages and phone calls.

Downloaded my facebook data as a ZIP file

Somehow it has my entire call history with my partner’s mum

All of this is by design and you agreed to it. Facebook has unified terms of service and share user data across all its apps and services (except WhatsApp data in Europe for now). So if you follow a clothing brand on Instagram, you could see an ad from this brand on Facebook.com.

Messaging apps are privacy traps

But Facebook has also been using this trick quite a lot with Messenger. You might not remember, but the on-boarding experience on Messenger is really aggressive.

On iOS, the app shows you a fake permission popup to access your address book that says “Ok” or “Learn More”. The company is using a fake popup because you can’t ask for permission twice.

There’s a blinking arrow below the OK button.

If you click on “Learn More”, you get a giant blue button that says “Turn On”. Everything about this screen is misleading and Messenger tries to manipulate your emotions.

“Messenger only works when you have people to talk to,” it says. Nobody wants to be lonely, that’s why Facebook implies that turning on this option will give you friends.

Even worse, it says “if you skip this step, you’ll need to add each contact one-by-one to message them.” This is simply a lie as you can automatically talk to your Facebook friends using Messenger without adding them one-by-one.

The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger

If you tap on “Not Now”, Messenger will show you a fake notification every now and then to push you to enable contact syncing. If you tap on yes and disable it later, Facebook still keeps all your contacts on its servers.

On Android, you can let Messenger manage your SMS messages. Of course, you guessed it, Facebook uploads all your metadata. Facebook knows who you’re texting, when, how often.

Even if you disable it later, Facebook will keep this data for later reference.

But Facebook doesn’t stop there. The company knows a lot more about you than what you can find in your downloaded archive. The company asks you to share your location with your friends. The company tracks your web history on nearly every website on earth using embedded JavaScript.

But my favorite thing is probably peer-to-peer payments. In some countries, you can pay back your friends using Messenger. It’s free! You just have to add your card to the app.

It turns out that Facebook also buys data about your offline purchases. The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger.

In other words, Messenger is a great Trojan horse designed to learn everything about you.

And the next time an app asks you to share your address book, there’s a 99-percent chance that this app is going to mine your address book to get new users, spam your friends, improve ad targeting and sell email addresses to marketing companies.

I could say the same thing about all the other permission popups on your phone. Be careful when you install an app from the Play Store or open an app for the first time on iOS. It’s easier to enable something if a feature doesn’t work without it than to find out that Facebook knows everything about you.

GDPR to the rescue

There’s one last hope. And that hope is GDPR. I encourage you to read TechCrunch’s Natasha Lomas excellent explanation of GDPR to understand what the European regulation is all about.

Many of the misleading things that are currently happening at Facebook will have to change. You can’t force people to opt in like in Messenger. Data collection should be minimized to essential features. And Facebook will have to explain why it needs all this data to its users.

If Facebook doesn’t comply, the company will have to pay up to 4 percent of its global annual turnover. But that doesn’t stop you from actively reclaiming your online privacy right now.

You can’t be invisible on the internet, but you have to be conscious about what’s happening behind your back. Every time a company asks you to tap OK, think about what’s behind this popup. You can’t say that nobody told you.

This week, Facebook began notifying people whether they had ever logged in to the “This Is Your Digital Life” app — which has been linked to the exposure of tens of millions of records for political research. NurPhoto via Getty Images hide caption

This week, Facebook began notifying people whether they had ever logged in to the “This Is Your Digital Life” app — which has been linked to the exposure of tens of millions of records for political research.

NurPhoto via Getty Images

Facebook users have begun to see whether they’re among the 87 million people whose information may have been compromised for use by a political research firm. For some, the news is good: “It doesn’t appear your Facebook information was shared with Cambridge Analytica.”

The notifications are appearing on Facebook’s page about users’ exposed data. The company had also said it would put the information at the top of users’ news feed.

A privacy notice from Facebook notifies a user that their information was “likely shared with ‘This Is Your Digital Life.’ ” Facebook/Screenshot by NPR hide caption

A privacy notice from Facebook notifies a user that their information was “likely shared with ‘This Is Your Digital Life.’ “

Facebook/Screenshot by NPR

Since Facebook began notifying people this week whether they had ever logged in to the “This Is Your Digital Life” app, which has been linked to the exposure of tens of millions of records for political research, people have been sharing the news of whether their data was put at risk.

Facebook is making the information available as its co-founder and CEO, Mark Zuckerberg, testifies before Congress this week about his company’s privacy practices — and how the practices may have been used by Cambridge Analytica, a data mining firm that worked for President Trump’s campaign.

“It doesn’t appear your Facebook information was shared with to Cambridge Analytica,” reads this all-clear notice from the social media company. Facebook/Screenshot by NPR hide caption

For some, the news about their Facebook data is complicated. While the worst-case scenario may be the realization that one had logged themselves in — perhaps at the goading of a well-meaning friend or relative — for others, the verdict is less clear.

“Based on our investigation, you don’t appear to have” logged in to the app before it was removed in 2015, one notice reads — before continuing, “However, a friend of yours did log in.”

The message goes on to say that information from the user’s public profile, in addition to their page “likes,” their birthday and current city were “likely shared with ‘This Is Your Digital Life.’ “

Politics

Facebook In Congress: What To Expect When Zuckerberg Goes To Capitol Hill

The notice adds that a “small number of people” who logged into the app also shared their own news feed, posts and messages — meaning that the affected user’s posts and messages may also have been included, along with their hometown.

In addition to the Cambridge Analytica data results page, here are some other ways to check settings and access on Facebook:

On that page, users can see and/or edit the type of information that is shared from their account. They can also remove any apps or websites they no longer want to have access to their information.

Note: Even for many apps and sites that have either expired or been removed, Facebook says they “may still have access to info you previously shared, but can’t make additional requests for private info.”

In sections from “Your interests” to “Your information” and the broad “Ad settings,” users can adjust which types of ads they see — and, by hovering over an advertiser’s logo, they can remove that company.

Users can also decide which information Facebook can use to show ads that are intended to reach certain audiences — from relationship status to profession, education and employer.

The listings of “Advertisers you’ve interacted with” names the companies, promotional campaigns and other entities that are “running ads using a contact list they uploaded that includes contact info you shared with them or with one of their data partners.”

Clicking “Remove” on one of those advertisers merely hides their ads — it doesn’t remove a user from the contact list that initially generated the connection via Facebook.

Here, users can tailor who who can see their profile, photos and posts. Based on privacy settings, Facebook also allows users to control what gets posted to their timeline — and to see what others can see when they look at their profile, by using the “View As” tool.