It is well known that Facebook tracks the activity of its users. What is less known is that such tracking takes place even on other sites. Even worse, it has just been revealed that Facebook also tracks Internet users who have no Facebook account, even if they have never visited Facebook’s website. In fact, the social-media giant is building secret files on the Internet activity of literally billions of Internet users.
Website publishers use a variety of methods to track users’ activity on their sites. Most of these fall into the category of placing cookies on the user’s computer and are — at least to some degree — disclosed by the website’s privacy policy. If a user doesn’t agree to that policy, he or she simply doesn’t visit that site. But what Facebook is doing is something else, entirely: If a user has no Facebook account, he or she cannot have ever agreed to be tracked by the company in their travels across the digital landscape.
Again, there are a plethora of methods Facebook can use to track you, even if you have never been to the website. It appears their favorite tactic is a “tracking pixel.” Pixels are the tiny points of light that make up everything you see on your screen. What Facebook and others do is create a gif image that is one pixel by one pixel (practically invisible) and enables JavaScript. That tracking pixel can be part of the nearly ubiquitous Facebook “like” button found on millions of websites (including this one). The script it runs on your computer allows Facebook to track your activity as long as the script is running, even if you close that page.
Given that this allows Facebook to know the sites you visit, what you type, what you watch and listen to, who you communicate with, what credit cards you use, what you have searched for, and nearly everything else about your online activities, the invasion of privacy would be difficult to measure; it’s somewhere between way too much and complete.
To be fair, it is safe to assume that Facebook users have always at least imagined that the company keeps track of their use of the site itself. Would anyone really be shocked to learn that Facebook knows that a user liked a post? But, how far does it go?
Pretty far.
Facebook published a “help” article to explain what is collected. Users can even download that data and look at it. It is long and detailed. It lists 70 different categories of data, including chat logs, credit cards, e-mail addresses (even those you may have removed), IP addresses and networks you’ve used to log in, ads you’ve clicked, and ad topics you may be targeted with based on your web browsing, and more.
That is a great deal more information than many people would be comfortable sharing, but again, to be fair, this is data the user makes available to Facebook by using the site to access the service. But what about Internet users who don’t even have — or have never had — a Facebook account? That is where the situation moves from intrusive to dicey — because without an account, users cannot even download the data to see what Facebook knows about them. Furthermore, the downloadable data includes only information from “Facebook” and does not include what the company has gleaned from other methods, including tracking pixels.
To add injury to insult, while Facebook users can see the data the company collects from their use of the site, there is no method to have it removed from Facebook’s servers. Once the company has it, it is essentially theirs.
So, a company you may have never had any agreement with is able to track your Internet activities, compile and keep a startlingly accurate digital dossier on you, sell that information to others for advertising (or other) purposes, and does not share with you what they know about you— at least in the United States.
Some other nations have stricter laws about what Internet companies can gather from people who have never agreed to their terms and conditions. For instance, last month, a court in Belgium ordered Facebook to stop gathering data on users who do not have a Facebook account. The court also said that the company could face fines of more than $300,000 per day for violating that order. Facebook — defending its practices as “industry standard technologies” — has said it plans to appeal the ruling.
As of this writing, this writer has been waiting for about two hours for an e-mail from Facebook with a link to download my own data. What I see may surprise me, but most of it will be older data, since I have spent the past few years practicing much better privacy protection. For instance, I run the Brave browser, which includes the NoScript plugin by default. This wonderful little plug-in blocks scripts from running unless I choose to allow them. I run that NoScript in Firefox and Chrome, as well.
For more information about protecting your digital privacy, check out the first article I wrote for The New American. It is a little dated, but the advice I cover in that article is still sound.