Though Facebook’s popularity has waned for years, trouble truly began for the social media giant early last year when the Cambridge Analytica scandal became public knowledge. And while it was — and still is — highly troubling to know Facebook was sharing vast amounts of Americans’ data to a firm tasked with influencing the 2016 election, it seems that scandal continues to emerge almost weekly.
Though Facebook users around the world have been increasingly abandoning their accounts to protest the website’s seemingly endless privacy violations, that isn’t enough. After all, you don’t even need to be using Facebook in order for the company to track your online behavior.
The true extent of this monitoring recently came to light, thanks to a new report based on an independent investigation by Privacy International, a UK privacy advocacy charity. While other investigations found that browser-based tracking was being conducted on both those logged out of Facebook or not registered with the website at all, this is the first look at how app users are being tracked and to what extent.
According to the report, more than 42 percent of free Android apps had the ability to share user information with Facebook. This is because many apps are built using Facebook’s proprietary software development kit, or SDK. Though apps using this SDK are able to transmit data, do they?
At different times, Privacy International examined 34 highly popular Android apps with between 10 and 500 million users, finding that at least three in five regularly send user information to Facebook. As worrying as that may be, the range of details being shared has serious implications. This involves tracking details about other behavior aimed at creating a detailed user profile.
Other apps installed by a given person can be reported and tracked, ultimately revealing much about a person. For example, a person with a prayer app, a job search app and a children’s app could be identified as a religious, job-seeking parent. More detailed tracking of how these apps are used can reveal even more information.
While Facebook claims that anyone has the ability to opt out of this type of tracking, the Privacy International report found that the information being shared appeared to change very little, if at all, after officially opting out.
This is hardly the only way Facebook tracks people. One of the more innovative — but deeply alarming — tactics recently uncovered uses an algorithm which relies on analyzing flecks of dust or scratches on a camera lens to determine social connections and location.
For example, if one user shared their photographs with a friend, who then uploaded them to Facebook, a comparison of dust and scratch patterns could be performed to determine whether they were taken by a particular camera. And, in turn, the photos could be linked to a specific person based on other uploaded photographs taken by that device.
Similarly, Facebook has the ability to analyze and compare geo-location and gyroscope data to determine if two individuals are likely to know or even have simply encountered each each other; for example, doing so could show that certain people were walking together or were introduced at a bar and shared a conversation.
Facebook says that while these methods have been patented, they haven’t actually been implemented — but by now it would be rather naive to take the social media company at its word.
Not only is Facebook mining user and non-user data alike, but it’s also been grossly negligent about protecting this data. In September, it became public knowledge that 50 million users had their data compromised.
That’s not a problem for Facebook, however, thanks to the massive amount of money the company is raking in by selling this sensitive data to everyone from Microsoft to Netflix to Russia’s Yandex search service.