Facebook has all the photos you took at your girls’ weekend at the beach. That’s no surprise, because you posted them to your profile page. But Facebook has ways to get even more information about your getaway.
The company isn’t just a social network. It’s an ad network too, and it follows you around on the internet and in real life to find information that’ll help it tailor the ads it serves up to you. Facebook can track the websites you visited as you planned the trip.
It can gather customer information shared by partners, which might include the store where you bought your sunscreen. And Facebook has similar information about all the friends who went on the trip, and it knows you were all together, because it has your location data.
Put together, that’s more revealing than any swimsuit photo.
Facebook tracks you so much that it sometimes feels like the company is eavesdropping on your conversations. In fact, many people think the social network is listening to them through the mic on their phone. Facebook has denied it does, but that hasn’t put an end to this persistent conspiracy theory. CNET conducted an informal test and didn’t find evidence suggesting Facebook was listening to our conversations.
Technical experts and privacy watchdogs agree it’s unlikely Facebook is listening in on you. But that shouldn’t give you comfort, they say, because Facebook’s information gathering is much more effective than spying on your conversations could ever be.
“The funny thing — well, funny in a perverse way — is that the truth is a lot scarier than the myth,” said Serge Egelman, a privacy researcher at the International Computer Science Institute.
You can’t stop Facebook from collecting data about you, even if you deactivate or fully delete your account. (That said, deleting your account will significantly decrease the data collection.) The most you can do is limit what the social network gets. Here are some tips for keeping Facebook’s mitts off your info.
Step 1: Log on, click through, opt out
First, limit the information Facebook uses to determine which ads it shows you.
You’ll want to go into your settings and then choose “Ads” from the horizontal rail on the left. Next, navigate to the section called “Your ad preferences,” and click on “Ad settings.”
Under “Ads based on data from partners,” you can decide whether to opt out of seeing ads based on data from companies that partner with Facebook. As an example, Facebook says if you allow it to use this data, “You may see ads for hotel deals if you visit travel websites.”
The next section is “Ads based on your activity on Facebook company products that you see elsewhere.” Here, you can choose whether Facebook uses specific information about you to tailor ads you see on other websites. Yes, Facebook shows you ads on pages outside of Facebook. Think of ads you see when you’re doing things like reading an article from your local newspaper or shopping on a store’s website.
The catch: Even if you opt out of everything, Facebook is still going to tailor ads using your gender, age, location and the tastes of people similar to you.
Step 2: Cut off third-party apps
Last year, a whistleblower revealed that Cambridge Analytica, a UK political consultancy, was misusing data harvested from Facebook. The scandal revealed just how much data Facebook transfers to third-party companies and organizations.
Since the scandal, Facebook has changed the options for how third-party apps can use your data. So it’s a good idea to take a look at your settings again if you haven’t done so recently.
From the “Settings” page, choose “Apps and websites” from the left rail. At the top of the web page, you’ll see a list of any apps or websites that you logged in to using your Facebook account. Here you can remove specific third-party apps or limit the information they can request.
Below that is a section where you can pull out the big guns and cut off all access to your Facebook account from third-party apps. Under “Preferences,” find the section that says “Apps, websites and games.” Choose “Edit” to turn off access to your account.
The catch: If you fully opt out of connecting your Facebook account with third-party apps, you won’t be able to log in to those apps with your Facebook account or use Facebook’s “like” and “comment” features on third-party websites.
Step 3: Use outside blocking tools
You don’t have to rely on Facebook settings to lock down your information. There are tools to help take your privacy to the next level.
Safari will automatically block Facebook and any other third-party service from using two types of web trackers on websites: third-party cookies and browser fingerprinting. Controlling those trackers is important if you want to limit Facebook’s ability to watch you.
Third-party cookies let Facebook track your activity on any website that uses its like, share and comment features. (If you want to use those features, Safari will let you enable them after asking the first time.) Browser fingerprinting lets Facebook keep a continuous record of your activity even when you clear your cookies.
Similarly, Firefox offers an extension called Facebook Container, which separates your Facebook account from your activity on third-party websites. That means Facebook knows about your activity on other websites only if you use the Facebook share button.
The catch: Some of these features limit your use of Facebook tools on pages outside of the social network. For example, Facebook Container disables Facebook’s like and comment features on third-party websites, and you can’t log in to other services using your Facebook account.
Step 4: Keep your location under wraps
You can limit how much Facebook knows about the people around you, whether they’re friends, co-workers or strangers on the subway. The first thing to do is kill the app’s access to location services on your phone. But that isn’t enough. Your IP address reveals your location to the websites you visit and the apps you use. So hide it with a VPN.
A VPN is a service that tunnels your internet connection to another location before connecting you to a site or app. In other words, you could be on a beach in Florida, but the VPN could lead Facebook to think you’re somewhere else — say, London — based on the IP address it sees.
Be careful. You don’t want to choose just any VPN. Make sure you choose one that’s been vetted by privacy experts.
The catch: You’ll likely have to log in to Facebook and verify your identity more frequently if the social network thinks you’re using a new IP address all the time. It can be hard to use a VPN consistently, so you probably won’t be able to hide your location at all times. Finally, the ads you see are going to be aimed at people outside your location. Of course, that’s the point, isn’t it?
Step 5: There’s always more
You can also avoid installing the Facebook app on your phone, which keeps Facebook from adding your contacts to the information it already has about you. If you keep going down this path, it’s a hop, skip and a jump to deleting your Facebook account.
And we haven’t even gotten into the effects of using other Facebook-owned services, like Instagram, WhatsApp and Messenger. You could consider quitting those, too.
That isn’t going to stop other tech giants, like Google, and lesser-known ad networks from collecting similar information about you as you browse the internet. Facebook is just the most visible ad network, said David Choffnes, a computer science professor at Northeastern University who studies apps and privacy.
“We don’t realize how pervasive the companies that track our information online are,” Choffnes said, “and how they share our information with each other.”