Slashdot Mirror
Facebook Ads Could 'Out' Gay Users
itwbennett writes "Researchers at Microsoft Research India and the Max Planck Institute for Software Systems in Germany have written a paper showing that a users may be inadvertently revealing their sexual preference to advertisers. 'One example was an advertisement for a nursing program at a medical college in Florida, which was only shown to gay men. The researchers said that persons seeing the ad would not know that it had been exclusively aimed at them solely based on their sexuality, nor would they realize that clicking on the ad would reveal to the advertiser, by implication, their sexual preference in addition to other information they might expect to be sent, such as their IP (Internet Protocol) address.' For its part, Facebook 'downplayed the study, saying that the site does not pass any personally identifiable information back to an advertiser.'"
The MAFIAA is furiously trying to make "IP" mean "Intellectual Property" in the public mindshare. The ugly thing is when you smash both acronyms into the same sentence you get Halloween Horror.
"I recorded that this IP is stealing my IP and demand he be sued into bankruptcy".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
No, you don't understand. Facebook has a policy saying they won't disclose personal info, like what age you are.
Now, suppose an advertiser says "target this ad at people born in October of 1978" ... Facebook says "OK". So all of these people's birth months are revealed to the advertiser, in violation of the policy. Thru essentially costless micro-targeting, advertisers (or any attacker with $) can dig out whatever info they want. There's a simple and obvious way for an attacker to get a list of people based on a piece of information Facebook has said they're keeping private.
There is a big difference between someone clicking on an ad for, say, a gay-dating site -- when you click on an ad, you know you are implicitly signaling some level of interest in its content to the advertiser -- and clicking on an ad (*any* ad, it could be for a car or for dog food ... the content of the ad could have *nothing* to do with the audience targeting) that happens to be targeted based on a specific database query.
If a piece of information is promised to be kept private, private should not equal "disclosed to third parties who pay us."
It's not even an issue with privacy settings though. I just read this part of the summary and went, "uhh, well yeah, duh!"
The researchers said that persons seeing the ad would not know that it had been exclusively aimed at them solely based on their sexuality, nor would they realize that clicking on the ad would reveal to the advertiser, by implication, their sexual preference in addition to other information they might expect to be sent, such as their IP (Internet Protocol) address.
So essentially, if you had been on any site, and you clicked on the advertisement from any website, your IP address would get sent so that you can be redirected from the adserver to the website. (This is how they know the Ads are working, if it was a direct link to the website, the adserver wouldn't be the proper referer). So now the adserver has your IP and will use BY IMPLICATION your sexual preferences. Seriously, this doesn't even DEAL with Facebook.
So the question is whether the ad is being shown to them based on their information - whether Facebook is giving up the information in the first place. Now thats a big doozy. It hasn't been proven, but its highly suspected. I would normally think that Adservers are catering to me based on my IP, but I've had other people use my computer and its shocking how the ads immediately cater to them after starting a facebook session.
Then there's this juicy nugget.
For its part, Facebook 'downplayed the study, saying that the site does not pass any personally identifiable information back to an advertiser
Emphasis mine. Well - no, it's not sending it BACK to the adserver, the adserver hasn't made a request yet. Facebook says to itself "I need to load a page. There's going to be an advertisement here. Hey advertising server, here's who is lookin'" and the Adserver serves up the correct ads.
Devil's in the details, right?
Facebook DOES pass personally identifiable information, albeit inadvertently.
As a Facebook Ads user, I have tracked down people who have clicked my ads EASILY.
How?
Your unique Facebook user ID is passed through the refer string each and every time you click on an ad.
Simply copy down this ID and paste it in the USERID variable below.
http://www.facebook.com/profile.php?id=USERID
Tada.
I have had gay targeted ads show up on my facebook before. It has been awhile though. My sexual preference is left blank, but I must have an unusually high percentage of gay male friends. I'm out to most people so it didn't out me or anything, but it was kind of scary that it could correctly guess my sexual preference.
Said I was interested in men rather than that I was a man. So I got some really really gay targeted ads. Gay dating services, special razors to shave with, all very fun. Try it and see.
The real issue is that the current terms of service allows yhem to share your groups and interests, which likely can identify you as being close to the GLBC.
I sometimes hang out on a web forum, and they have a special forum where you could post anonymously - it's not really anonymous, as you still need to login and post, but the postings do not show your user id or IP addresses, so it appears totally anonymous, except to the web admins. So people post a lot of random crazy stuff there which would embarrass themselves if it had not been anonymous.
Then one day the forum upgraded their software, and due to a bug, all posts inside that anonymous forum suddenly showed all user IDs - including the old ones. That quickly turned into a sh*tstorm as people ran around screaming in panic with their underwear.
The lesson: do not post anything if you don't want others to find out it's you.
I have to admit I'm curious, why would someone rape another man because he has sex with other men? Do heterosexual male rapists avoid lesbians on principal and moral or did I miss something?
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Are male nurses required to be gay?