Turning Off Facebook Location Tracking Doesn't Stop It From Tracking Your Location

Even if you explicitly tell Facebook to not track your location, it says it will still use your IP address to track your location. Kashmir Hill, reporting for Gizmodo: Aleksandra Korolova has turned off Facebook's access to her location in every way that she can. She has turned off location history in the Facebook app and told her iPhone that she "Never" wants the app to get her location. She doesn't "check-in" to places and doesn't list her current city on her profile.

Despite all this, she constantly sees location-based ads on Facebook. She sees ads targeted at "people who live near Santa Monica" (where she lives) and at "people who live or were recently near Los Angeles" (where she works as an assistant professor at the University of Southern California). When she traveled to Glacier National Park, she saw an ad for activities in Montana, and when she went on a work trip to Cambridge, Massachusetts, she saw an ad for a ceramics school there. Facebook was continuing to track Korolova's location for ads despite her signaling in all the ways that she could that she didn't want Facebook doing that.

[...] "There is no way for people to opt out of using location for ads entirely," said a Facebook spokesperson by email. "We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service -- from ensuring they see Facebook in the right language, to making sure that they are shown nearby events and ads for businesses that are local to them."

We don't know everything Facebook is doing.

[Futurepower(R)]

See online: The Facebook Dilemma That's an excellent documentary, especially Part 2. The Facebook system is seriously flawed, Part 2 says. In several countries people have died because of Facebook posts by destructive people.

As is explained in the documentary, people are accepting social media as news. But social media has no editor, in many cases. So, often people, especially those with little education, are accepting fake news stories on social media as true.

Problem: Most Slashdot readers are more logical than the average person in the world. Slashdot readers are much more likely to have developed methods of avoiding fake or unreliable news. But, apparently Slashdot readers are unlikely to realize how often it is that other people are not logical.

Social media managers, especially the Facebook managers interviewed for that Frontline documentary, say they have no responsibility.

"News" without an editor is a social problem that existed far less before the Internet became available because it was too expensive to distribute fake news.

Facebook abuse: Look at the 2nd part of the documentary starting at 43:11. Zeynep Tufekci of UNC Chapel Hill (University of North Carolina), Associate Professor, UNC School of Information and Library Science; Adjunct Professor, Department of Sociology says this about deaths as a result of people accepting a Facebook post as news:

"years and years of people begging the company [Facebook] ... and basically being ignored."

She indicates that Facebook cannot be trusted.

Re:You could try not using it as much

[morethanapapercert]

I could be wrong about this, but it's my understanding that just because the app isn't open and being used doesn't mean that all components of it are static data in storage. While messing around in the various settings and controls on Android mobile devices, I noticed a curious thing. Go to the apps list, tap any app that you have installed. You'll be given two choices for that app: Uninstall and Force Stop. Force Stop can be greyed out for many of the apps that were pre-installed and the manufacturer judged to be important to basic function of the device. For everything else, clicking that button then changes it to a greyed out state. One would have to assume that if you're given a Force Stop button and it changes state when you use it, then it is actually doing something "under the hood"

Of course, the benign possibility is that the app has some kind of monitor process that phones home occasionally to check for updates. (home being defined as either the app store or the developers own systems) But making that background process also track your location and report that in any of several ways should be trivial for any app developer skilled enough to meet the inclusion criteria of the Android or Apple app stores.

For companies like Facebook and pretty much every free mobile game out there, their entire business model is providing you with a service only as an opportunity to gather every possible scrap of data on you. Just because your phone isn't passing along what it knows about your location doesn't mean that the background app can't determine where you are through a number of other methods. It just means the level of certainty drops a tiny bit.

For example, you go to your favourite caffeine dispensary where they also happen to have free Wi-Fi. You happen to have $shiny_app installed but don't allow it to know your location. But it can still get identifying data for radio sources through the Wi-Fi, Bluetooth and possibly the NFC reader (aka S Beam in Samsung phones, many other phones have something similar). The background process I described already gathers that info and then phones home with that radio finger print. The $shiny_app developer has a data base, purchased from a 3rd party, which lists millions of such fingerprints. Thanks to numerous other mobile users who haven't disabled location data on their devices, the database has a pretty clear idea of where each radio fingerprint is physically located.

It's important to note that deleting an offending app won't solve the problem. MOST of the apps you have installed will be doing this and there are only a handful of providers of that third party geolocation database. Thus the 3rd party database company has dozens, even hundreds of informants at any given time, compiling really massive amounts of data. To me, it is those 3rd party database providers that are the real and pernicious privacy threat.

As far as I know, these data analytic companies collect FAR more than just geolocation data. Many of them also cooperate with programs like Air Miles, store loyalty cards and so on. Which means that not only do they know where you are pretty much in real time, there's a good chance they know your name, credit score, banking information, shopping habits and place of employment. And while there is a tiny minority of people who actually worry about protecting their privacy from these apps (like a majority of slashdotters), very few seem to be taking a step back and worrying about the big picture.

What we need is a way to make protecting privacy more profitable than violating it but I'm certainly not the genius who will come up with one.

Re:You could try not using it as much

[morethanapapercert]

As I said above just a moment ago, it's not the app in question that is the problem. The offending app is just one spy among a myriad others that the database compilers partner with. Facebook collects data not only from its own app and site, but also through leasing access to 3rd party geolocation and demographic database providers. So even if you delete the Facebook app and archive your Facebook profile (you can't really delete a profile as easily as you might think) Facebook can and does still track you. Here is the scary part: Facebook is still tracking you and compiling profile information on you even if you have never interacted with Facebook or their services before

There are only a handful of geolocation and demographic database providers and all of them have numerous data feeds. A rough rule of thumb is that if you are using any free digital based service (Air Miles, store loyalty cards, branded credit cards etc) then these companies know who you are and a scary amount about your shopping habits and normal movement patterns.

As in the world of counter-inelligence, the problem isn't the spy. It is the intelligence agency that employs the spy. It's just that the spy happens to be one thing you might catch and defeat. Good counter-inel isn't just making sure you have no spies in your camp. It is also things like making sure none of your people leave useful information left laying around and carefully feeding false information to the other side. Thing is, that is very hard to do even for very good intelligence agencies. It is hopeless to think of the general mass of humanity (most of whom don't care) achieving the same level of vigilance.

Re:VPN?

[morethanapapercert]

A VPN only masks your IP from the destination web site and the routers your packets pass through. Your phone always knows where you are. It knows what cell towers are in range and relative signal strength from each, that right there can locate you within a hundred meter radius or so. The Android and Apple OS'es themselves know your location from the Cell towers, GPS (accurate within 8 meters) available Wi-Fi sources (~50 m), Bluetooth(100m), NFC (10 cm) and things like Samsungs S-beam (combines NFC and Wi-Fi). By combining these sources of location data, you can come up with a surprisingly accurate estimate of location for a given device. After all, even if you don't use Apple pay (for example) your phone can still "see" the Apple Pay reader device on the Starbucks counter while you're paying for your latte with cash. That device location is known and certainly isn't prone to moving around much.

None of that can be completely disabled. This information then gets shared with a handful of OEM apps and the application stores. On the back end, there are a handful of demographic and geolocation data base providers collating, cross referencing and compiling all the data from a myriad sources. Some of those sources include data like name, address and phone numbers. (shopper loyalty cards, Air Miles, store specific free draws etc)

Having Facebook know where you are at all times and showing you ads based on what they know about you is scary enough. But it gets worse when you realize that Facebook is tracking you and adding you to the databases they use even if you've never been a Facebook user. The real worst though is that these backend databases aren't really subject to any oversight and are accessible to any one willing to sign a contract with the analytics company. From time to time and in various places, laws have been passed that say marketers cannot collect certain kinds of information in certain ways or do certain things with that information. But it is rare for a law to take a holistic approach, starting with privacy and working from there. And I've NEVER heard of a law that banned certain data practices and required that all existing data gathered that way be purged