Security Experts:

Facebook Admits to Tracking Non-Users Across the Internet

Facebook this week confirmed that it indeed knows when users access websites and apps that use Facebook services, even if they don’t have an account on the social network.

The social media platform has been under heavy scrutiny over user privacy for the past month, after it became public knowledge that at least one firm gathered information on millions of Facebook users without their knowledge or consent.

Over the past weeks, Facebook took various steps towards improving users’ privacy, by limiting apps’ access to user data, introducing bug bounties for data abuse, and updating its terms on privacy and data sharing.

After Facebook CEO Mark Zuckerberg testified in front of the United States Congress last week, the company on Monday shared more information on data collection practices that impact non-Facebook users.

Indeed, the social platform can track people who don't use it, as long as they access websites and applications that do use Facebook services. In other words, when anyone browses to a page that uses such a service, Facebook knows about it, product management director David Baser explains.

These Facebook services include social plugins such as the Like and Share buttons, Facebook Login (allows users to sign into websites and apps with their Facebook account), Facebook Analytics (offers usage data to websites and apps), and Facebook ads and measurement tools (websites and apps can show ads from Facebook advertisers and can run their own ads on Facebook or elsewhere).

“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook,” Baser says.

He also points out that other companies offer similar services too, including Twitter, Pinterest, LinkedIn, Google, and Amazon.

“In fact, most websites and apps send the same information to multiple companies each time you visit them,” he notes.

The data sent to Facebook is supposedly meant to make content and ads better. Some of the information a browser sends to the visited website includes user’s IP address, browser and operating system information, and cookies, and Facebook receives the same information. Additionally, the social platform knows which website or app the user accessed.

The information received from websites and apps, Facebook says, is used to provide services to those apps and sites, to improving the safety and security on Facebook, and to improve the social platform’s products and services.

According to Baser, Facebook uses data such as the IP address, browser/operating system, and visited website or app to make features such as the Like button or Facebook Login work. Other information allows the platform better understand how websites, apps, and services are used, and to determine what kind of ads to show to a person. Such data also tells advertisers how many people are responding to their ads.

The information, Baser adds, is also used for security purposes, to better protect users by identifying bad actors and determining whether an account has been compromised. This, of course, only applies to users who already have a Facebook account.

“If someone tries to log into your account using an IP address from a different country, we might ask some questions to verify it’s you. Or if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot. We’ll ask them to prove they’re a real person by completing additional security checks,” Baser notes.

Based on the received information, Facebook can also deliver better targeted ads, depending on the websites a user has visited.

Baser underlines that websites and apps who use Facebook services are required to inform users that they are collecting and sharing said information with the platform, and to request permissions to do so. He also notes that users have control over “how the data is used to provide more relevant content and ads,” and that users can completely opt out of being targeted with said ads.

Related: Would Facebook and Cambridge Analytica be in Breach of GDPR?

Related: FTC to Probe Facebook Over Privacy Practices

view counter