I have no more illusions about my online privacy. It’s no longer a private-until-proven-not-private world. We must actively fight to defend our privacy—big tech companies assume we have no real right to it.

That point was underlined on Tuesday, when Facebook launched a feature—first promised by CEO Mark Zuckerberg in the wake of the Cambridge Analytica scandal—called Off-Facebook Activity. Located in the service’s privacy settings, it lets you see all the websites and apps that reported data back to Facebook about your visits and activities. Looking at my summary page was an eye-opener.

A word of explanation: After quitting Facebook in November 2017, I (sort of) rejoined it just shy of four months ago under an assumed name. I use my new account only when my work as a reporter requires it. Even in that small space of time, 309 apps and websites dutifully reported my visits, purchases, and other actions back to Big Brother Facebook. Most of them reported data back more than once, many of them four or five times, and a few more than 50 times. That’s despite the fact that I’ve never clicked on any ads or added a single friend. They don’t care—it’s all automated.

And, Facebook advises, the summary page may not even list all the data the company collected from those sites and apps. For example, it may not include data collected from apps or sites while I was not logged in to Facebook. And during the four months or so I’ve been back on Facebook, I’ve probably only been logged in for about an hour in total. So Facebook may have a lot more data about me than I know.

Some of the sites that reported my actions to Facebook are personal in nature, such as my pharmacy and medical group. (Facebook says that its policies forbid sites from reporting back sensitive data such as health information, but they classify sites by type, and allow them to state that you made a purchase.)

A small part of my Off-Facebook Activity Summary.

In order for apps—such as the ones installed on my phone—to transmit data back to Facebook, I would have to have logged in to them using Facebook Login. Websites don’t require such a proactive decision on my part. Facebook says that sites are required to inform me that they intend to report back to Facebook on my visits, purchases, and other activities. I don’t recall ever having seen such an advisory, and when I asked, Facebook provided no further information on the subject.

The Off-Facebook browsing data is used to show you “relevant” ads you might click on Facebook as well as on sites on its advertising network. For instance, if you’ve been visiting sites about travel destinations, you may see an ad next to your Facebook feed about hotel deals at those places. Facebook would not say whether or not the Off-Facebook data was also used to determine what content is included in your feed.

The reason that organizations and brands flock to Facebook to advertise is because they can target people who are likely to click their ads. With all the data Facebook collects about what its members do on Facebook, combined with all the data it gets about what they do at other apps and sites, it knows a lot about people’s beliefs, interests, problems, and desires. To advertisers, that’s catnip.

Facebook also uses the Off-Facebook data to promote events it thinks you might like, including political events. Speaking of which, I noticed in my own report that the political sites I visit are indeed faithful reporters of my visits to their sites, which are shaped by reporting I do as a journalist. The Democratic Party has sent 10 reports to Facebook over the past few months. So has a GOP voter data vendor site I researched called i360.

The downloadable report documents each time a site or app reported your activity.

I also learned that the Republican Party was one of 306 organizations or companies that uploaded a list to Facebook that included my name, email address, or phone number.

Facebook does provide some limited control over the information it collects from its partner apps and sites. You can “disconnect” Off-Facebook data from your account, for specific sites or apps, or for all of them. But that won’t stop Facebook from collecting the data. All it does is stop Facebook from using the data to inform which ads and events you might see. To block the data from being transmitted in the first place, you’ve got to take charge with a tool such as the Firefox Facebook Container or the EFF’s Privacy Badger.

Facebook does let you download a report on all the off-Facebook data the company has compiled about you. I strongly suggest doing so. You can find your own report by clicking Settings, then Your Facebook Information (at the top of the left bar), then Your Off-Facebook Activity from the list in the middle.

For me Facebook’s data harvesting was always a bit nebulous. I knew it was happening behind the scenes, but wasn’t sure what it involved. When I saw the actual ID numbers and the descriptions of the reports about my activities across the web, Facebook’s practices became more tangible. It looks like surveillance.

I also hope that members of Congress get a good look at this new feature. If it has the same effect on them that it had on me, they might get a little more serious about advancing the federal privacy bill we so badly need.

Source: fastcompany.com