Turning Off Facebook Location Tracking Doesn't Stop It From Tracking Your Location

Even if you explicitly tell Facebook to not track your location, it says it will still use your IP address to track your location. Kashmir Hill, reporting for Gizmodo: Aleksandra Korolova has turned off Facebook's access to her location in every way that she can. She has turned off location history in the Facebook app and told her iPhone that she "Never" wants the app to get her location. She doesn't "check-in" to places and doesn't list her current city on her profile.

Despite all this, she constantly sees location-based ads on Facebook. She sees ads targeted at "people who live near Santa Monica" (where she lives) and at "people who live or were recently near Los Angeles" (where she works as an assistant professor at the University of Southern California). When she traveled to Glacier National Park, she saw an ad for activities in Montana, and when she went on a work trip to Cambridge, Massachusetts, she saw an ad for a ceramics school there. Facebook was continuing to track Korolova's location for ads despite her signaling in all the ways that she could that she didn't want Facebook doing that.

[...] "There is no way for people to opt out of using location for ads entirely," said a Facebook spokesperson by email. "We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service -- from ensuring they see Facebook in the right language, to making sure that they are shown nearby events and ads for businesses that are local to them."

Not really

There is no way for people to opt out of using location for ads entirely [unless you spoof your IP address via a mixer network such as Tor].

Re:Not really

If FB goes by IP address, that is all well and good. Best defense there is a VPN. This is what I use to deter location based ad slinging, and it seems to be effective, as FB can only get back the VPN's IP range.

Re:Not really

[bws111]

Which does not stop you from gettings ads, you just get ads for the wrong location.

Re:Not really

[nukenerd]

Which does not stop you from gettings ads, you just get ads for the wrong location.

That's fine, I find that funny, and it is satisfying to know that the admen are wasting effort on me and that their data well is poisoned. Almost as good as getting a live sales phonecall - my pretending I'm interested then leaving the handset on the table squawking away for the next 5 minutes to no-one.

For some reason ads on the web have got the idea that I live in Uxbridge, a suburb of London 200 miles from me, and that I need laser surgery on my eyes. That's just funny, not that I see ads very often anyway. OTOH if an ad were to come up that was relevant, like I really did want laser surgery on my eyes, I'd find it intrusive and sinister; and anyway I'm perfectly capable of seeking providers myself so it's patronising.

Re:Not really

[WorBlux]

Facebook has a fully functional .onion address.

Opt Out

[quote]
"There is no way for people to opt out of using location for ads entirely," said a Facebook spokesperson by email.
[/quote]

There most certainly *IS* a way to opt out. UNINSTALL THE DAMN APP!

Well so what?

[bobbied]

IF you are tracking my I-phone by it's IP, I spend a lot of time in downtown Dallas.. If you track my Facebook access from home, it's going to tell you I'm in the Carrolton Texas area. Both are about 25 miles from my ACTUAL location.

However, there are more ways to give up your physical location than accessing Facebook. Take a picture and share it with your mobile device? (They are usually GEO tagged by your device). Run some "GPS" application to get driving directions? Actually have it turned on and pinging a cell tower? (The carrier knows where you are with very good resolution.)

So why do I care what Facebook is tracking? I fully know my activities are being tracked by multiple services. IF you don't like that, don't access these services.. IF you don't already know about this, that's on you for accepting all the EULA's without understanding them.

Re:Well so what?

[morethanapapercert]

And don't forget radio signal fingerprinting. There is the cell tower, the free Wi-Fi at your favourite coffee shop, Bluetooth, S beam (or equivalent) and NFC . As I've said above, demographic and geolocation companies use more sources of information than just the apps you chose to install. Check your email at Starbucks? One of your apps, maybe even a vendor installed and non-removable app reports your location. Pay using your phone? The credit card company might be sharing your location into. Use Air Miles? You're definitely being tracked, that's how Air Miles can afford to give you those travel points, ditto for most store loyalty cards. Using ANY Android or Apple mobile device? The apps store itself knows your location and this function cannot be disabled. Google at least doesn't typically share this info directly. The deal it makes with advertised is : Tell us what demographic slice you want $ad to be shown to, frequency etc and we'll pass it along to the appropriate eyeballs.

However, thanks to things like beacon pixels and very carefully selected demographic criteria, it is fairly straight forward for an advertiser to discover your location. e.g. "show Ad_A to people within this zip code, show ad_B to people who have their credit card tied to their phone, show ad_C to someone who has paid with their phone at a Starbucks in the last 30 days" Do enough of these, constantly sharing the results with those back end database companies and you end up with a scarily accurate and damn near real time profile on individuals.

Re:Well so what?

[bob4u2c]

1. The burglars are tracked in real time as well, the cops find them quickly.

2. Same thing, BF is tracked being near your car.

3. Would track me at work, doing umm, work?

4. I know of a few shady places in town where I might pick up some drugs, not so sure I would want to hang out there otherwise.

5. I've had postings too, usually along the lines of "hey, that was you, small world".

6. My So would be disappointed to learn that I stop at the occasional grocery store, hardware store, auto parts store on the way home.

7. Maybe, but if I can't talk to people, maybe I should find a different company?

8. Ahh yes, dive bars. Well I guess if I did visit them frequently, maybe they have a point and should raise my rates so that their not forcing other people to pay more for my bad behavior.

9. A post, really. Heck if my neighbor wants the post replaced I'd more than gladly help them do so. All the posts I can see are also my posts as well, so its only the neighborly thing to do.

10. CABAL, do tell where I would find their meeting place in town? Why am I going to another country anyway? I know travel broadens the mind etc... But really I can find things I love to do and broaden my mind in my own house, town, or state without having the hassle of traveling halfway around the world and trying to get around there. I'm sure the Great Wall, the Pyramids, the Amazon, etc... are all great places, but I would get bored of them pretty quickly. I'd rather do something that challenges me, even if I never leave the house. Just walking around saying ahh, ohh, and the occasional snapshot does not challenge me.

Mind you I don't have a cell phone, but I assume I'm being tracked by my car, cameras, and debit card purchases anyway. Do I like being tracked, no. But other than dropping off the grid and paying for everything in cash or gold there isn't much you can do.

Honestly, the amount of data that is collected is so vast that finding anything significant is going to require a great deal of effort. So unless you are suspected of something your data is pretty much random noise. Companies that think otherwise are just fooling themselves. For example, my purchase of baby outfits, not because I'm having a baby but because I know someone who is having one. My purchase of fine brandy, not because I like to drink (I haven't had so much as a beer in over 25 years), I'm making a sauce out of it and I need something to flambeau.

My general strategy, make as much random noise as I can. If your doing something you shouldn't for long enough, you will get caught.

Re:Well so what?

[Miamicanes]

AFAIK, it's never been done... but if you had low-level programming access to the radio in an 802.11ac chipset (enough to detect TDWR radar bursts as they sweep by) and a source of extremely accurate timestamps, you could probably combine that with tower data and external data-aggregators (who, among other things, would have to monitor the radar beam's sweep) and obtain EXTREMELY accurate location data, even without involving GPS or wi-fi at all, and even if you were in an area that had access to only a single cellular tower.

Actually, if you had a local source of extremely stable, high-precision timestamp data, you could even probably log the radar bursts offline (along with their local timestamps), then LATER (when you GOT network connectivity of some kind), correlate those local timestamps to some "global" timestamp reference (and external log of observed radar beam rotations with their own accurate timestamps) & figure out with some degree of confidence where the user was at the time the radar bursts were noted. If you were in an area with multiple TDWR sites, you could probably narrow it down to an area roughly 1x3 kilometers. If you were in an area with three or more TDWR sites (basically, South Florida and Washington DC), you could probably narrow it down to a square kilometer or less (depending entirely upon the precision of your timestamp).

That said, I'm not confident you could actually DO this with a production mobile phone (at least, not without having access to programming and component information not generally available to the public, and not necessarily even readily available to phone manufacturers), but AFAIK, chipsets like the ones used by Broadcom are little more than software-defined radios with fairly open-ended capabilities that are more like a "blurry bucket" than a bright line (ie, some things work better than others, and not all frequencies have equal performance, but the Venn Diagram of "things that kind of work unreliably if you're really stubborn and willing to accept flakiness" is likely to be HUGE compared to "things that are certified to work reliably".

Personally, I'd LOVE to find a way of at least sniffing LTE tower data (tower id, reported signal strength, observed signal strength). It's still mostly a theory, but I suspect that you could probably use observed differences between reported & observed signal strength to detect rain nearby... especially if you had a phone that was built to work on multiple networks & could monitor towers from many networks on diverse frequencies (because not all frequencies are attenuated by precipitation... a fact you could use to disambiguate and distinguish moment-to-monent signal strength variance from variance due to falling raindrops attenuating signal strength). Basically, a form of "passive weather radar".

I got the idea a few years ago when I noticed that the signal strength of Sprint's ~3.5GHz WiMax was PROFOUNDLY reduced by rain. I'm not sure how much lower frequencies are affected by rain (Sprint WiMax was kind of an aberration... I'm not even sure WHAT is using Clear's old WiMax license anymore, if anything), but with new 5G service using higher frequency bands, it might become viable in the near future even if the death of Sprint WiMax made the approach temporarily moot.

Re:Well so what?

[morethanapapercert]

I'm no radio engineer, but it seems to me that you could duplicate some of that functionality without having to dive down to bare metal in your exploit. There are already "network analyser" apps for mobile devices. Those provide signal to noise ratio information already. Rain kills signal through two methods that I know of, simple attenuation and increased backscatter. If you already have clear weather reports from that already established location, a simple statistical comparison to your baseline (harvested from many devices at that location over time) should give you a good idea whether there is precipitation going on or not. You may not be able to get high accuracy, but even a rate of successful guesses in excess of 75% could be extremely useful. As something of a sanity check, you can compare results from known indoor and outdoor hotspots. Someone in a park using a municipal hot spot is going to be more affected by weather than someone sitting in the local McDonalds.

As low quality confirmation information, on the back end you can look at otherwise unexplained slow downs in traffic speed. The key would be to make sure to evaluate traffic in both directions. Some yahoo cutting you off triggers a slow down for you and every one behind you that can persist as a ripple in traffic speeds and moves backwards through the traffic at some speed related to traffic forward velocity. (I think it's called the slinky effect and I do not remember the math behind it, but it was something like a ripple in traffic moves back through the traffic at half of the average forward velocity) But that yahoo, unless he triggers an accident, doesn't affect the traffic going the other way. A slow down in both directions, with no construction or accident to explain it, could well be rain causing skilled drivers to slow down and open up their following distances.

each new revelation is increasingly depraved

[Thud457]

I am disgusted by your half-measures and find them to be ideologically impure.
The obvious only response to "There is no way for people to opt out of using location for ads" is DON'T USE FACEBOOK.


The only useful purpose Facebook serves is a list for the great telephone sanitizer purge.

/s on this whole post because good god, look at what we have been reduced to

Re:each new revelation is increasingly depraved

[Penguinisto]

Pretty much this... I managed to prevent FB from knowing where I am by removing (and previously disabling) the stupid app off the phone.

If I actually needed to be in Facebook, I'd just use the mobile browser and kill that tab before I closed it.

Re:each new revelation is increasingly depraved

All I have to do is connect my tablet to a wi-fi node, and Google knows my location within 50-100 feet. This even though location services and GPS are turned off. While Google is updating their maps, they are also collecting data on all of the wi-fi nodes that they detect, coupled with GPS location data. So when you connect to any wi-fi node, they know where you are by what wi-fi nodes that your phone or tablet can see.

I almost never use my tablet, and a big part of that is that Google (and many apps) track you. I don't have a "smart" phone, don't use Fakebook, TWITter, instagram, or any other data mining site! There is no such thing as "social media", that term is used to distract people from all of the ways that their data is being collected and used against them! Advertisers have become evil, and targeted ads are especially evil!

Re: each new revelation is increasingly depraved

[dnaumov]

Iâ(TM)ll bite: why would Google know the SSID of your WLAN, unless you are using Android?

Re: each new revelation is increasingly depraved

[Zero__Kelvin]

Let's not be so dramatic. A lot of people would not consider presenting ads relevant to their location rather than ads for services unavailable to them in their location "using the information against them." I'm not a Facebook fan, but acting like locale appropriate ads are an assault is a bit over the top.

Re:each new revelation is increasingly depraved

[viperidaenz]

They still track you via the websites you visit with "like" buttons.

Re:each new revelation is increasingly depraved

[Knightman]

That's why I have a separate browser just for facebook for the few times I use it...

Some people I know use firefox multi-account containers to separate the browsing together with multiple ad/script-block plugins.

Re: each new revelation is increasingly depraved

[datavirtue]

They have a phone app?

Re: each new revelation is increasingly depraved

[PraiseBob]

Do advertisers have an inherent right to know the location of the device I am using (and by extension, me), when I specifically want to keep that information private?

Putting ads on billboards, or tv networks may be annoying, but targeted ads are:
* collecting information about me against my will, even when I use numerous methods to try to block them
* using that information to attempt to manipulate my behavior

Good and evil are relative terms, but I consider the majority of the industry to be outright "evil".

Re:each new revelation is increasingly depraved

nope. it's them little facebook thumbs on 3rd party pages tracking you.

VPN?

[smi.james.th]

Apart from the obvious option of deleting your Facebook account, a good VPN should probably be able to obfuscate your IP address effectively enough to prevent this kind of tracking, surely?

Re:VPN?

[110010001000]

No. They will just get the data from your wireless provider.

Re:VPN?

[morethanapapercert]

A VPN only masks your IP from the destination web site and the routers your packets pass through. Your phone always knows where you are. It knows what cell towers are in range and relative signal strength from each, that right there can locate you within a hundred meter radius or so. The Android and Apple OS'es themselves know your location from the Cell towers, GPS (accurate within 8 meters) available Wi-Fi sources (~50 m), Bluetooth(100m), NFC (10 cm) and things like Samsungs S-beam (combines NFC and Wi-Fi). By combining these sources of location data, you can come up with a surprisingly accurate estimate of location for a given device. After all, even if you don't use Apple pay (for example) your phone can still "see" the Apple Pay reader device on the Starbucks counter while you're paying for your latte with cash. That device location is known and certainly isn't prone to moving around much.

None of that can be completely disabled. This information then gets shared with a handful of OEM apps and the application stores. On the back end, there are a handful of demographic and geolocation data base providers collating, cross referencing and compiling all the data from a myriad sources. Some of those sources include data like name, address and phone numbers. (shopper loyalty cards, Air Miles, store specific free draws etc)

Having Facebook know where you are at all times and showing you ads based on what they know about you is scary enough. But it gets worse when you realize that Facebook is tracking you and adding you to the databases they use even if you've never been a Facebook user. The real worst though is that these backend databases aren't really subject to any oversight and are accessible to any one willing to sign a contract with the analytics company. From time to time and in various places, laws have been passed that say marketers cannot collect certain kinds of information in certain ways or do certain things with that information. But it is rare for a law to take a holistic approach, starting with privacy and working from there. And I've NEVER heard of a law that banned certain data practices and required that all existing data gathered that way be purged

Re:VPN?

[smi.james.th]

Surely not using the app but accessing Facebook through a browser and VPN will give you at least some level of concealment of your movements? I'm not a Facebook user but I do most of my browsing (desktop and mobile) using ProtonVPN always through the same server, so to anyone who wants to track me that way it looks as though I'm always in the same city.

I'm ok with IP based tracking

[hawguy]

I'm ok with IP based tracking, my IP stays static anywhere in my local metro are, so all they know is what city I'm in (and often that's not even accurate for small towns).

If I really want to hide it, I can use a VPN.

What I don't like is the GPS or Wifi SSID tracking which is much more granular and harder to mask. I almost never give apps that permission. I once tried a free flashlight app that wanted location permission and ability to read my contacts, I've been very selective about what apps I install after that.

Re:I'm ok with IP based tracking

[morethanapapercert]

A VPN only masks your IP from the destination web site and the routers your packets pass through. Your phone always knows where you are and shares that info with your carrier, OEM and application store, just for starters.

Re:I'm ok with IP based tracking

[hawguy]

A VPN only masks your IP from the destination web site and the routers your packets pass through. Your phone always knows where you are and shares that info with your carrier, OEM and application store, just for starters.

Yes, I know, that's why I'm ok with IP based tracking, but not GPS or Wifi SSID tracking, and I'm very selective over what apps have location access -- I know Google and my carrier know my location, but that's unavoidable, I'm not so principled that I'd give up a smartphone entirely.

Re:You could try not using it as much

[Shotgun]

Apps that aren't installed have an even harder time tracking you.

Duh

[110010001000]

Duh, they know your previous locations and use that as fallback. They also know your IP address. Your network provider always knows your location and might sell that data to advertisers as well. Your phone IS a location tracking device. It has to be in order to work properly.

Is it really so hard?

[scsirob]

If you do not want Facebook to track you, then GET OFF Facebook!
Facebook provides its 'services' to you for free. That means *YOU* are the product.

Re:Is it really so hard?

[Solandri]

Facebook has entered agreements with most if not all the major cellular carriers and phone manufacturers to pre-install the Facebook app on your phone. You can't uninstall it. You can disable it, but I've been fighting another preinstalled app called Facebook App Manager which you can't disable. It seems to be re-enabling the Facebook app (every week or so it's active again and has auto-updated to the latest version). I'd been putting off rooting the phone since it voids the warranty, but I think I'm going to have to punt the warranty and root just to kill stupid crap like this.

Facebook is well known for tracking you even if you don't have a Facebook account. Those little 'f' icons you see on websites? They're not an icon; they contain a script which gathers info to uniquely identify your browser, then reports which page you visited back to the mothership. They create a ghost profile for you, then link it to your real identity if they ever get corroborating evidence (e.g. friend sends you a link to their FB page to your email, thus linking your email address with the ghost profile). And if your friend has tagged pictures they took of you, they know what you look like. And now with their app reporting your movements, they know where you live and work and like to hang out. All without you ever creating a Facebook account. I'm approaching the opinion that the only way to deal with them is to nuke them from orbit.

Re:Is it really so hard?

[squiggleslash]

I disabled FAM, what problem are you having? The issue with FAM is that it's not obvious it exists and needs to be disabled too, not that it can't be disabled.

If you genuinely have a phone that doesn't allow you to disable it, contact Google, I'm about 90% sure they'll either have a fix or they'll have a word with the manufacturer for violating their Google Play licensing agreements.

Re:Is it really so hard?

[WorBlux]

Rooting does not void the warranty, and the Carrier is a liar is they say it does.

Re:Is it really so hard?

[smi.james.th]

My solution to this is, never buy a phone from a carrier. I always buy mine outright from an independent seller, and usually a model that I know beforehand that I can use a custom ROM. There are hardly ever locked phones for sale in my country, that isn't even an issue.

Re: Is it really so hard?

[astrofurter]

Yup. Who can stop Faceboot? The Air Force, that's who!

Re: Is it really so hard?

[astrofurter]

"contact Google"

Wouldn't shaking my fist and shouting at the sky have greater likelihood of being effective?

Re: Is it really so hard?

[squiggleslash]

In this instance, I'd say no, because Google and Facebook do not exactly get on, and the notion that Facebook might be crippling an Android feature and stealing your data is something I can see Google being pissed about.

Really, rape?

[mevets]

One day, with a lot of luck, you will have a partner who can help explain to you the difference between trivia ( oh no, google thinks it knows where I am ) and a sadistic assault.

Re:Really, rape?

[fustakrakich]

In this case, one can lead to the other. It is stalking. And you don't even need to use facebook. They get the info from Google

Re:Really, rape?

[squiggleslash]

Alas you're on a website where being charged $20 for a CD of flavor-of-the-month's latest hits is frequently described as rape. Also apparently George Lucas releasing shitty edits to the original trilogy is EXACTLY like that horrific act of sexual assault committed against children.

I've tried. I ended up just foeing people. And then I gave up even doing that...

By all means

They take privacy, seriously.

Language and location

[mrbester]

> "ensuring they see Facebook in the right language"

That has nothing to do with location and everything to do with the user. Just because I might be in Frankfurt doesn't mean I want to see content in German.

Can it get much worse?

[XxtraLarGe]

First they repealed Net Neutrality, and a year after that, this is happening. How many people have we lost this year to pre-existing brain cancer caused by cell phones, because evil ISPs have teamed up with Facebook to use IP tracking to block people from accessing their local Obamacare online exchanges? Not that it really matters. We're all doomed thanks to global warming. And when we go, nature will start over. With the bees, probably. Nature knows when to give up.

Re:You could try not using it as much

[fustakrakich]

You hardly need to download anything to be tracked. The phone does it on its own. You cannot turn off location tracking without turning off your phone and removing the battery.

Re:Try This

[vux984]

That's great (assuming you actually want to use facebook for some reason); but it does nothing to hide your location or ip address from them.

Re:You could try not using it as much

[damn_registrars]

Apps that aren't installed have an even harder time tracking you.

Good luck finding a smartphone that doesn't have facebook pre-installed in a way that prevents uninstallation. You can of course choose to not use it (and even go so far as to never sign in to it) but finding one that doesn't have it is nearly impossible.

Not a big problem

[Murdoch5]

You should always be using a VPN and if possible TOR, across all your platforms. VPN's have become so common place that even technology illiterate people know they should be running one. A website should be allowed to track what you let them, and if you give them your IP without any filtering, they should be collecting that and preforming analytics on it. In my case Facebook gets confused constantly as my VPN switches my location every 15 - 30 minutes, and it notices, usually kicking me out and asking me to approve the location change.

Re:Not a big problem

[KlomDark]

How to know which VPNs are trustable and not just a honey pot for some unscrupulous operator that sells your info anyway?

remember when

[bobmagicii]

remember when geoip was like the fancy new shit just becoming mainstream in teh intarweb? and then a few months later your boss heard about it and all the sudden wanted it in all the things? 1995 was nuts.

Re:You could try not using it as much

[DarkOx]

Have you tried an iPhone; they are quite popular; and quite free of facebook OOB.

Re:I CAN'T!!!!

Try "Package Disabler Pro". It only works on Samsung devices, but it will disable bloatware packages, without needing root.

Re:You deserve what you get...

[bobbied]

...if you are using Facebook

LOL.. I get what I expect... But I use Facebook sparingly and don't freely share many accurate details of my personal life, mainly because I understand the risks of doing this. But then again, I'm not some naive youngster who was raised with a need for a social network online as I know how to talk to people face to face.

Read the EULIA and Terms of Service people... Think seriously about what they are saying they CAN do with any information they scrape up from you. Then remember that once they have the data, you cannot get it back or guarantee it's erased, regardless of what they promise.

We don't know everything Facebook is doing.

[Futurepower(R)]

See online: The Facebook Dilemma That's an excellent documentary, especially Part 2. The Facebook system is seriously flawed, Part 2 says. In several countries people have died because of Facebook posts by destructive people.

As is explained in the documentary, people are accepting social media as news. But social media has no editor, in many cases. So, often people, especially those with little education, are accepting fake news stories on social media as true.

Problem: Most Slashdot readers are more logical than the average person in the world. Slashdot readers are much more likely to have developed methods of avoiding fake or unreliable news. But, apparently Slashdot readers are unlikely to realize how often it is that other people are not logical.

Social media managers, especially the Facebook managers interviewed for that Frontline documentary, say they have no responsibility.

"News" without an editor is a social problem that existed far less before the Internet became available because it was too expensive to distribute fake news.

Facebook abuse: Look at the 2nd part of the documentary starting at 43:11. Zeynep Tufekci of UNC Chapel Hill (University of North Carolina), Associate Professor, UNC School of Information and Library Science; Adjunct Professor, Department of Sociology says this about deaths as a result of people accepting a Facebook post as news:

"years and years of people begging the company [Facebook] ... and basically being ignored."

She indicates that Facebook cannot be trusted.

Re:We don't know everything Facebook is doing.

"News" without an editor is a social problem that existed far less before the Internet became available because it was too expensive to distribute fake news.

That's not the issue here. The real issue is people believing their own bias and prejudice to be true instead of the facts of the issue. They do this because it makes everything simpler to understand. (I.e. It's much easier, and computationally cheaper, to create a new row of data in an existing table than to store an entirely new column's worth of data, or indeed an entire new table's worth. As well as to create and implement the new codepaths needed to handle them.)

You cannot completely correct this issue, as it's part of human nature. Applying an editor with their own bias and no accountability as the "authority" of truth however, is also not the answer. The best you can do is educate those who are ignorant, but that requires a level of trust on the individual level with said ignorant people to accomplish. A faceless corporation does not and cannot have the level of trust needed to do that. (Unless you are a shareholder that is, but even then that trust only applies to you individually.)

Re:We don't know everything Facebook is doing.

[Trailer+Trash]

"News" without an editor is a social problem that existed far less before the Internet became available because it was too expensive to distribute fake news.

The laughter that you're hearing is Dan Rather...

Re:We don't know everything Facebook is doing.

https://www.nytimes.com/2018/12/18/technology/walt-mossberg-quit-facebook.html

The more we learn about Facebook...

[QuietLagoon]

... the worse Facebook looks.

What do you mean by tracking?

[frank_adrian314159]

The vendor accumulating GPS location datapoints in order to do something, that's "tracking" and should be able to be circumvented. If the vendor notices the IP you're at to provide more localized service and then immediately forgets where you are, I wouldn't call that "tracking" - not to mention that IP addresses are not particularly good location correlates.

I know it's fun to bash Facebook, but if this assistant professor is so paranoid, why is she on Facebook at all? This article is nothing but troll bait.

Re:You could try not using it as much

[morethanapapercert]

I could be wrong about this, but it's my understanding that just because the app isn't open and being used doesn't mean that all components of it are static data in storage. While messing around in the various settings and controls on Android mobile devices, I noticed a curious thing. Go to the apps list, tap any app that you have installed. You'll be given two choices for that app: Uninstall and Force Stop. Force Stop can be greyed out for many of the apps that were pre-installed and the manufacturer judged to be important to basic function of the device. For everything else, clicking that button then changes it to a greyed out state. One would have to assume that if you're given a Force Stop button and it changes state when you use it, then it is actually doing something "under the hood"

Of course, the benign possibility is that the app has some kind of monitor process that phones home occasionally to check for updates. (home being defined as either the app store or the developers own systems) But making that background process also track your location and report that in any of several ways should be trivial for any app developer skilled enough to meet the inclusion criteria of the Android or Apple app stores.

For companies like Facebook and pretty much every free mobile game out there, their entire business model is providing you with a service only as an opportunity to gather every possible scrap of data on you. Just because your phone isn't passing along what it knows about your location doesn't mean that the background app can't determine where you are through a number of other methods. It just means the level of certainty drops a tiny bit.

For example, you go to your favourite caffeine dispensary where they also happen to have free Wi-Fi. You happen to have $shiny_app installed but don't allow it to know your location. But it can still get identifying data for radio sources through the Wi-Fi, Bluetooth and possibly the NFC reader (aka S Beam in Samsung phones, many other phones have something similar). The background process I described already gathers that info and then phones home with that radio finger print. The $shiny_app developer has a data base, purchased from a 3rd party, which lists millions of such fingerprints. Thanks to numerous other mobile users who haven't disabled location data on their devices, the database has a pretty clear idea of where each radio fingerprint is physically located.

It's important to note that deleting an offending app won't solve the problem. MOST of the apps you have installed will be doing this and there are only a handful of providers of that third party geolocation database. Thus the 3rd party database company has dozens, even hundreds of informants at any given time, compiling really massive amounts of data. To me, it is those 3rd party database providers that are the real and pernicious privacy threat.

As far as I know, these data analytic companies collect FAR more than just geolocation data. Many of them also cooperate with programs like Air Miles, store loyalty cards and so on. Which means that not only do they know where you are pretty much in real time, there's a good chance they know your name, credit score, banking information, shopping habits and place of employment. And while there is a tiny minority of people who actually worry about protecting their privacy from these apps (like a majority of slashdotters), very few seem to be taking a step back and worrying about the big picture.

What we need is a way to make protecting privacy more profitable than violating it but I'm certainly not the genius who will come up with one.

Re:So

[Oswald+McWeany]

Cancel your account. Or did you expect to get things for free.

That's a great step to take, but Facebook is tracking your location even if you don't have a Facebook account. Facebook knows who you are, where you live, and quite possibly how much money is in your checking account (revealed earlier in the year they had deals with several banks), even if you don't have a Facebook account.

Non-consensual tracking

[sinij]

Obviously, you wouldn't get non-consensualy tracked by Facebook if you didn't dress that way.

Phrasing

[jbmartin6]

This whole thing is just a misunderstanding of what the location permission on the smart phone does (and does not). You can bet your sweet bippy pretty much everyone does some sort of IP location based correlation. That's why you should never give your Ip address out on the Internet. Try opting out of that.

Re:You could try not using it as much

[morethanapapercert]

As I said above just a moment ago, it's not the app in question that is the problem. The offending app is just one spy among a myriad others that the database compilers partner with. Facebook collects data not only from its own app and site, but also through leasing access to 3rd party geolocation and demographic database providers. So even if you delete the Facebook app and archive your Facebook profile (you can't really delete a profile as easily as you might think) Facebook can and does still track you. Here is the scary part: Facebook is still tracking you and compiling profile information on you even if you have never interacted with Facebook or their services before

There are only a handful of geolocation and demographic database providers and all of them have numerous data feeds. A rough rule of thumb is that if you are using any free digital based service (Air Miles, store loyalty cards, branded credit cards etc) then these companies know who you are and a scary amount about your shopping habits and normal movement patterns.

As in the world of counter-inelligence, the problem isn't the spy. It is the intelligence agency that employs the spy. It's just that the spy happens to be one thing you might catch and defeat. Good counter-inel isn't just making sure you have no spies in your camp. It is also things like making sure none of your people leave useful information left laying around and carefully feeding false information to the other side. Thing is, that is very hard to do even for very good intelligence agencies. It is hopeless to think of the general mass of humanity (most of whom don't care) achieving the same level of vigilance.

So people tell FB their name and address

[nospam007]

...and then complain that they know where they live?

Re:So people tell FB their name and address

[prshaw]

My name is my personal information and I do not want anyone else knowing it!

Re:The Facebook spokesperson is wrong

[ctilsie242]

If you are technical, you can build a VM, use Chrome Remote Desktop to remote in from anywhere you are to that VM, and have Facebook goodness anywhere. Plus, if Facebook compromises the VM via malvertising or some other means, a restore from a snapshot is a click away.

Re: You could try not using it as much

[Colourspace]

Being in the Apple ecosystem has different, but equally shitty problems.

The ads have to ad

[AHuxley]

Thats the people who pay for using social media get.
A setting on some "GUI" will not change the ads.
The users are the product and cant escape with a setting in a GUI.

web bugs still work?

[ebyrob]

Who would have thought that web servers hosting text and images would *gasp* get your IP address...

It's not like we have any geo location technology to find out location by IP or anything, especially here in the US.

Don't track doesn't mean has *never* tracked

[Zero__Kelvin]

Facebook knows where she lives. Did she really think that it would forget just because she isn't being tracked currently? If she goes on vacation elsewhere and FB starts sending ads tied to that location let us know, but her "proof" that they are still tracking her is not proof at all.

Re:You could try not using it as much

[fahrbot-bot]

Apps that aren't installed have an even harder time tracking you.

Good luck finding a smartphone that doesn't have facebook pre-installed in a way that prevents uninstallation. You can of course choose to not use it (and even go so far as to never sign in to it) but finding one that doesn't have it is nearly impossible.

My Kyocera Hydro VIBE didn't come with the Facebook app.
I'm sure there are many second-tier phones (ie: not iPhone or Galaxy, etc...) w/o Facebook pre-installed.

"Facebook in the right language"

[sacrilicious]

"... we collect from IP addresses... to ensure we are providing people with a good service -- [like] ensuring they see Facebook in the right language"

Riiiiiiiiiiiight. Because I should always be served ads in whatever language I'm geographically surrounded by, rather than the language I speak natively and could easily specify via preference. I *totally* buy it.

Simple fix

[erp_consultant]

Use a VPN and connect to a server in another State (or even another country). You should be using a VPN anyway just to be on the safe side.

Right language my ass

[ukoda]

Want make my blood boil then say stupid shit like " We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service -- from ensuring they see Facebook in the right language ". The right language is NOT related to where I am, it related to my OS and browser. It pisses me off that some smart ass has decided that because I am visiting some countries that I have instantly become fluent in the local language and no longer want to use the language I chose when I set up my device. Facebook are not alone in this shit. I though these companies employed clever people so why can't they work this out?

Re:You could try not using it as much

[dryeo]

My cheap Moto E didn't and doesn't have Facebook on it. The only extras were a file manager, FM radio app and a lost device locator app, none of which run in the background, well the FM radio can.
It does have too much Google crap on it though.

Re:You could try not using it as much

[hey!]

Apps that aren't running have a real hard time tracking where you are.

No they don't. Not if by "running" you mean having some kind of user-facing UI. Apps run services in the background all the time and yes, they collect information about where you are.

The line between app and malware is shockingly blurry, since app vendors fell free to collect, transmit and share data about you without your awareness.

Not just Facebook!

[antdude]

Many companies do this too. :(

preinstalled, not

[mcswell]

My Windows phone (Nokia Lumia 950) doesn't have an FB app, and never did.

Re:I CAN'T!!!!

[mcswell]

I'll sell you my Windows phone. Cracked screen, but otherwise good. So long as you don't want a bunch of games, etc. ... and you don't want FB.

Re:I CAN'T!!!!

[WorBlux]

have you tried via the debug bridge?

Re: You could try not using it as much

[astrofurter]

"The line between app and malware is shockingly blurry"

By the standards of early 2000s, when I had my first job in network security, every app on my Android phone - as well as the OS itself - is malware.

Re: So

[astrofurter]

Or better, send your congressman a suitcase full of cash and ask him to please ban Faceboot's cyberstalking-based business model. (You can also write to your congressman without sending a suitcase full of cash, but don't expect him to give a fuck what you say.)

Re:You could try not using it as much

[drinkypoo]

Good luck finding a smartphone that doesn't have facebook pre-installed in a way that prevents uninstallation. You can of course choose to not use it (and even go so far as to never sign in to it) but finding one that doesn't have it is nearly impossible.

Easy, and wrong, respectively. Also, irrelevant. You can disable apps so they don't function. But also, it's trivial to find such a phone. Just buy one that hasn't been raped by a carrier. They don't have any non-removable bundled apps. Also, it's irrelevant because you're already a fool if you buy a phone whose bootloader you can't unlock, so that you can replace the OS install entirely. If you can't be arsed to do the research ahead of time, you'll get what you deserve.

Piece of cake.

[jcr]

"There is no way for people to opt out of using location for ads entirely," said a Facebook spokesperson by email.

Of course there is. You can just delete your FB account.

-jcr

There's a Fix

[dragon-file]

The solution to this problem is quite simple. Start by taking out your sim (if you have one) snap it in half. Throw your phone on the ground, and smash it. Now buy a dumb phone. You won't be able to access facebook, but then you won't get adds and if the phone is dumb enough it won't even have GPS capabilities. Problem solved.

Re:There's a Fix

[negan16]

we already know that even without localization some applications can still locate us, and facebbok is not the only one. https://showbox.red/ https://tutuapp.win/ https://mobdro.onl/

Re:There's a Fix

[negan16]

I think it's an excellent initiative, practical at the same time. https://showbox.red/ https://tutuapp.win/ https://mobdro.onl/

Re:You could try not using it as much

[morethanapapercert]

Oh, there are many companies that give at least lip service to human value. But, except for a small subset of investors who are deliberately choosing ethics over profits, the vast majority of investors are going to put their money into things that generate the best returns. The reason Mark Zuckerberg is rich is because his company stock is highly valued in the market. The stock is highly valued because Facebook generates a shit load of ad revenues, both from the direct display of ads and the back end analytic services that alarm me so much. The ad revenues are so high because Facebook is, for the most part, able to deliver on its promise to deliver better targeted ads and better market penetration than anyone else in that space. (recent exaggerated metrics scandal aside) While there is probably a fair bit of advertising on Facebook simply because it is the biggest, most well known platform for doing so after Google, at the end of the day the majority of advertisers are seeing actual returns on their marketing dollars spent on Facebook.

Facebook could be dead in the water for all intents and purposes by the New Year of there was some kind of sea change in how ads on Facebook are viewed. If people en masse decided to hard boycott every advertiser there, the ad companies would yank their ads pretty damned quick. Facebook has enough cash reserves to outlast most boycotts, but of everyone stuck to the boycotts and contacted vendors directly and explicitly said the boycott is because Facebook has proven itself to be fundamentally hostile to the very concept of privacy and by extension, any one who advertises there is going to be assumed to be equally evil.

But as I said before, most people just don't care even when some outrageous violation hits the headlines. At best you see a slump in Facebook use and a small bit of boycotting, a boycott that also doesn't last for more than a month or two.

As I see it, our best and perhaps only hope is for a legislative solution. Fines with real bite to them, laws written with an eye to recruiting the public as eager informants. For example: Facebook took in over 40 BILLION dollars in gross revenue for 2017. Doing a cursory Google search, I find that most fines that Facebook has been handed are in the one million U$ range. That's ten minutes revenue. Another way to put it? Using 100U$ bills, their fines would be a large briefcase each. Meanwhile FORTY tractor trailers full of cash are backing up the Facebook loading dock every year. (35% of which is profit) There just is NO way the kind of fines we're seeing are going to effect change. The EU might fine them a billion or so, but based on past results, Facebook likely won't have to pay anything that large.

What I'd want to do is write a law that ALL profits resulting as a result of a privacy violation are forfeit. Moreover, that the entire amount then be handed over to all the registered users affected by the breach. In other words, the recent Cambridge Analytica scandal would cost Facebook roughly 14 BILLION. Now, Facebook has a LOT of users. Recipients might see 5 or 10 bucks, but it would utterly cripple Facebook. NO Internet advertising platform in the world would dare risk that, no investor would put money into a company that didn't give good assurances that the company has done everything possible to mitigate that risk. They would not only have to take real steps to guard user privacy, it would be sound financial sense to spend good money on proper tech and admins to protect that. As a bonus, it means every user would then have a real (albeit small) personal stake in keeping an eye on those platform's behaviour. (the sound of investors screaming as their expected dividends evaporated would be music to my ears)