Did you know that ads on Facebook cost ten times as much if they are targeted to vulnerable or highly profitable groups? For example, pregnant women are a prime target. Facebook targets vulnerable people.
Facebook targets vulnerable people. Well, we are beginning to understand that Facebook data comes from perhaps hundreds of millions of sources outside Facebook itself. Its recent and hasty release of the Off-Facebook Activity Tool gobsmacked anyone that looked behind the scenes at the information collected by its Business Tools built into companies websites, apps and stores.
But that is only part of the answer to how Facebook targets vulnerable people. It also gets data from app and website developers using yet another Facebook tool – its Facebook Analytics SDK tool.
First, a true story to illustrate how Facebook targets vulnerable people
Last year my son and his partner announced on Facebook that they were having a baby. Within minutes their advertisements turned from travel, alcohol, dining, fashion to baby, baby, baby. Also, many focused on getting them to download other apps to help their experience – naming the child, caring, breastfeeding, vaccination or anti-vac, even which schools to pre-enrol in. If they opened these apps, they were drawn into an ever-decreasing circle convincing them they needed product X or Y.
But here is the kicker – within hours all their friends (in their contacts and their friend’s subsequent contacts) were being bombarded similarly with baby gift ideas for my son and partner.
Facebook Analytics SDK tool – another surreptitious data sucker!
Privacy International set out to look at the most used menstruation apps. Using traffic analysis, it wanted to see if those apps were sharing data with third parties and Facebook in particular, through the Facebook Analytics SDK.
“Our research shed light on the horrific practices of some menstruation apps that shared their users’ most intimate data – about their sexual life, their health and lifestyle – with Facebook…”
Kaspersky assisted in identifying the data flow.
“So, it turns out that there was no real need [for an app] to transfer the data to Facebook — the developers had simply integrated an additional [Facebook] analytics system without ever considering what data would go where”.
Yes – shock and horror apps that help women monitor their period, plan pregnancies, help select baby names, set up a gift registry, send invitations to baby showers were pouring data to Facebook. It was, in turn, was super-profiting by charging more to advertisers to reach these vulnerable people and everyone in their contacts list!
One app (but typical of menstrual apps) asked the date/time you had sex; was it good; how did you feel; contraceptive practices; caffeine, alcohol, smoking habits and more. It also requested information unrelated to women’s health, such as hairstyles and manicures.
But it gets worse
Once the data is in Facebook’s greedy paws, it can be used in other ways. Kaspersky states,
Intimate health information falling into the wrong hands could affect, for example, the cost of health insurance. A potential employer who knows a job applicant is planning to get pregnant might give preference to another candidate. A pregnant woman might not even be allowed on an international flight. And you would hardly want Facebook to be privy to details you wouldn’t share with your closest friend.
By the way, it’s not just menstruation apps
Facebook Analytics is “A powerful, free product and behavioural analytics tool that helps you understand your audience and grow your business.”
Being free and easy to implement means it is built into hundreds of millions of apps and now we know it may be leaking personally identifiable information to Facebook. These apps might monitor sleep quality, calories, health, a daily diary or even order a pizza. If the app oversteps the mark in any way other than to do what it promises – delete it.
But there is the other side of the argument
Facebook says no developer has to use its Analytics SDK – and if they use any other brand of SDK, the same information will flow to that brand (the are tacitly pointing to Google).
Facebook is not responsible for what data gets piped to it via the SDK. This is akin to blaming the ruler for what gets measured. It says the problem isn’t Facebook, it is the whole analytics ecosystem.
Kaspersky sums up
- Choose apps wisely and read user comments about the information requested
- Don’t give apps more information than necessary — think carefully about what they genuinely need and what they can do without. If the app doesn’t work if you skip a question, delete it fast!
Is this the coverup that could sink Facebook?
Some app developers were horrified that such data was leaking via the Facebook Analytics SDK and immediately abandoned it. Others had a business model based on selling that data and continue to leak.