Turning Off Facebook Location Tracking Doesn't Stop It From Tracking Your Location

Even if you explicitly tell Facebook to not track your location, it says it will still use your IP address to track your location. Kashmir Hill, reporting for Gizmodo: Aleksandra Korolova has turned off Facebook's access to her location in every way that she can. She has turned off location history in the Facebook app and told her iPhone that she "Never" wants the app to get her location. She doesn't "check-in" to places and doesn't list her current city on her profile.

Despite all this, she constantly sees location-based ads on Facebook. She sees ads targeted at "people who live near Santa Monica" (where she lives) and at "people who live or were recently near Los Angeles" (where she works as an assistant professor at the University of Southern California). When she traveled to Glacier National Park, she saw an ad for activities in Montana, and when she went on a work trip to Cambridge, Massachusetts, she saw an ad for a ceramics school there. Facebook was continuing to track Korolova's location for ads despite her signaling in all the ways that she could that she didn't want Facebook doing that.

[...] "There is no way for people to opt out of using location for ads entirely," said a Facebook spokesperson by email. "We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service -- from ensuring they see Facebook in the right language, to making sure that they are shown nearby events and ads for businesses that are local to them."

each new revelation is increasingly depraved

[Thud457]

I am disgusted by your half-measures and find them to be ideologically impure.
The obvious only response to "There is no way for people to opt out of using location for ads" is DON'T USE FACEBOOK.


The only useful purpose Facebook serves is a list for the great telephone sanitizer purge.

/s on this whole post because good god, look at what we have been reduced to

Re:each new revelation is increasingly depraved

[Penguinisto]

Pretty much this... I managed to prevent FB from knowing where I am by removing (and previously disabling) the stupid app off the phone.

If I actually needed to be in Facebook, I'd just use the mobile browser and kill that tab before I closed it.

Re:each new revelation is increasingly depraved

All I have to do is connect my tablet to a wi-fi node, and Google knows my location within 50-100 feet. This even though location services and GPS are turned off. While Google is updating their maps, they are also collecting data on all of the wi-fi nodes that they detect, coupled with GPS location data. So when you connect to any wi-fi node, they know where you are by what wi-fi nodes that your phone or tablet can see.

I almost never use my tablet, and a big part of that is that Google (and many apps) track you. I don't have a "smart" phone, don't use Fakebook, TWITter, instagram, or any other data mining site! There is no such thing as "social media", that term is used to distract people from all of the ways that their data is being collected and used against them! Advertisers have become evil, and targeted ads are especially evil!

Re: each new revelation is increasingly depraved

[Zero__Kelvin]

Let's not be so dramatic. A lot of people would not consider presenting ads relevant to their location rather than ads for services unavailable to them in their location "using the information against them." I'm not a Facebook fan, but acting like locale appropriate ads are an assault is a bit over the top.

Re: each new revelation is increasingly depraved

[PraiseBob]

Do advertisers have an inherent right to know the location of the device I am using (and by extension, me), when I specifically want to keep that information private?

Putting ads on billboards, or tv networks may be annoying, but targeted ads are:
* collecting information about me against my will, even when I use numerous methods to try to block them
* using that information to attempt to manipulate my behavior

Good and evil are relative terms, but I consider the majority of the industry to be outright "evil".

Re:You could try not using it as much

[Shotgun]

Apps that aren't installed have an even harder time tracking you.

Duh

[110010001000]

Duh, they know your previous locations and use that as fallback. They also know your IP address. Your network provider always knows your location and might sell that data to advertisers as well. Your phone IS a location tracking device. It has to be in order to work properly.

Really, rape?

[mevets]

One day, with a lot of luck, you will have a partner who can help explain to you the difference between trivia ( oh no, google thinks it knows where I am ) and a sadistic assault.

Re:Really, rape?

[squiggleslash]

Alas you're on a website where being charged $20 for a CD of flavor-of-the-month's latest hits is frequently described as rape. Also apparently George Lucas releasing shitty edits to the original trilogy is EXACTLY like that horrific act of sexual assault committed against children.

I've tried. I ended up just foeing people. And then I gave up even doing that...

Language and location

[mrbester]

> "ensuring they see Facebook in the right language"

That has nothing to do with location and everything to do with the user. Just because I might be in Frankfurt doesn't mean I want to see content in German.

Re:You could try not using it as much

[DarkOx]

Have you tried an iPhone; they are quite popular; and quite free of facebook OOB.

Re:I CAN'T!!!!

Try "Package Disabler Pro". It only works on Samsung devices, but it will disable bloatware packages, without needing root.

Re:You deserve what you get...

[bobbied]

...if you are using Facebook

LOL.. I get what I expect... But I use Facebook sparingly and don't freely share many accurate details of my personal life, mainly because I understand the risks of doing this. But then again, I'm not some naive youngster who was raised with a need for a social network online as I know how to talk to people face to face.

Read the EULIA and Terms of Service people... Think seriously about what they are saying they CAN do with any information they scrape up from you. Then remember that once they have the data, you cannot get it back or guarantee it's erased, regardless of what they promise.

We don't know everything Facebook is doing.

[Futurepower(R)]

See online: The Facebook Dilemma That's an excellent documentary, especially Part 2. The Facebook system is seriously flawed, Part 2 says. In several countries people have died because of Facebook posts by destructive people.

As is explained in the documentary, people are accepting social media as news. But social media has no editor, in many cases. So, often people, especially those with little education, are accepting fake news stories on social media as true.

Problem: Most Slashdot readers are more logical than the average person in the world. Slashdot readers are much more likely to have developed methods of avoiding fake or unreliable news. But, apparently Slashdot readers are unlikely to realize how often it is that other people are not logical.

Social media managers, especially the Facebook managers interviewed for that Frontline documentary, say they have no responsibility.

"News" without an editor is a social problem that existed far less before the Internet became available because it was too expensive to distribute fake news.

Facebook abuse: Look at the 2nd part of the documentary starting at 43:11. Zeynep Tufekci of UNC Chapel Hill (University of North Carolina), Associate Professor, UNC School of Information and Library Science; Adjunct Professor, Department of Sociology says this about deaths as a result of people accepting a Facebook post as news:

"years and years of people begging the company [Facebook] ... and basically being ignored."

She indicates that Facebook cannot be trusted.

Re:We don't know everything Facebook is doing.

[Trailer+Trash]

"News" without an editor is a social problem that existed far less before the Internet became available because it was too expensive to distribute fake news.

The laughter that you're hearing is Dan Rather...

Re:Is it really so hard?

[Solandri]

Facebook has entered agreements with most if not all the major cellular carriers and phone manufacturers to pre-install the Facebook app on your phone. You can't uninstall it. You can disable it, but I've been fighting another preinstalled app called Facebook App Manager which you can't disable. It seems to be re-enabling the Facebook app (every week or so it's active again and has auto-updated to the latest version). I'd been putting off rooting the phone since it voids the warranty, but I think I'm going to have to punt the warranty and root just to kill stupid crap like this.

Facebook is well known for tracking you even if you don't have a Facebook account. Those little 'f' icons you see on websites? They're not an icon; they contain a script which gathers info to uniquely identify your browser, then reports which page you visited back to the mothership. They create a ghost profile for you, then link it to your real identity if they ever get corroborating evidence (e.g. friend sends you a link to their FB page to your email, thus linking your email address with the ghost profile). And if your friend has tagged pictures they took of you, they know what you look like. And now with their app reporting your movements, they know where you live and work and like to hang out. All without you ever creating a Facebook account. I'm approaching the opinion that the only way to deal with them is to nuke them from orbit.

Re:You could try not using it as much

[morethanapapercert]

I could be wrong about this, but it's my understanding that just because the app isn't open and being used doesn't mean that all components of it are static data in storage. While messing around in the various settings and controls on Android mobile devices, I noticed a curious thing. Go to the apps list, tap any app that you have installed. You'll be given two choices for that app: Uninstall and Force Stop. Force Stop can be greyed out for many of the apps that were pre-installed and the manufacturer judged to be important to basic function of the device. For everything else, clicking that button then changes it to a greyed out state. One would have to assume that if you're given a Force Stop button and it changes state when you use it, then it is actually doing something "under the hood"

Of course, the benign possibility is that the app has some kind of monitor process that phones home occasionally to check for updates. (home being defined as either the app store or the developers own systems) But making that background process also track your location and report that in any of several ways should be trivial for any app developer skilled enough to meet the inclusion criteria of the Android or Apple app stores.

For companies like Facebook and pretty much every free mobile game out there, their entire business model is providing you with a service only as an opportunity to gather every possible scrap of data on you. Just because your phone isn't passing along what it knows about your location doesn't mean that the background app can't determine where you are through a number of other methods. It just means the level of certainty drops a tiny bit.

For example, you go to your favourite caffeine dispensary where they also happen to have free Wi-Fi. You happen to have $shiny_app installed but don't allow it to know your location. But it can still get identifying data for radio sources through the Wi-Fi, Bluetooth and possibly the NFC reader (aka S Beam in Samsung phones, many other phones have something similar). The background process I described already gathers that info and then phones home with that radio finger print. The $shiny_app developer has a data base, purchased from a 3rd party, which lists millions of such fingerprints. Thanks to numerous other mobile users who haven't disabled location data on their devices, the database has a pretty clear idea of where each radio fingerprint is physically located.

It's important to note that deleting an offending app won't solve the problem. MOST of the apps you have installed will be doing this and there are only a handful of providers of that third party geolocation database. Thus the 3rd party database company has dozens, even hundreds of informants at any given time, compiling really massive amounts of data. To me, it is those 3rd party database providers that are the real and pernicious privacy threat.

As far as I know, these data analytic companies collect FAR more than just geolocation data. Many of them also cooperate with programs like Air Miles, store loyalty cards and so on. Which means that not only do they know where you are pretty much in real time, there's a good chance they know your name, credit score, banking information, shopping habits and place of employment. And while there is a tiny minority of people who actually worry about protecting their privacy from these apps (like a majority of slashdotters), very few seem to be taking a step back and worrying about the big picture.

What we need is a way to make protecting privacy more profitable than violating it but I'm certainly not the genius who will come up with one.

Non-consensual tracking

[sinij]

Obviously, you wouldn't get non-consensualy tracked by Facebook if you didn't dress that way.

Re:You could try not using it as much

[morethanapapercert]

As I said above just a moment ago, it's not the app in question that is the problem. The offending app is just one spy among a myriad others that the database compilers partner with. Facebook collects data not only from its own app and site, but also through leasing access to 3rd party geolocation and demographic database providers. So even if you delete the Facebook app and archive your Facebook profile (you can't really delete a profile as easily as you might think) Facebook can and does still track you. Here is the scary part: Facebook is still tracking you and compiling profile information on you even if you have never interacted with Facebook or their services before

There are only a handful of geolocation and demographic database providers and all of them have numerous data feeds. A rough rule of thumb is that if you are using any free digital based service (Air Miles, store loyalty cards, branded credit cards etc) then these companies know who you are and a scary amount about your shopping habits and normal movement patterns.

As in the world of counter-inelligence, the problem isn't the spy. It is the intelligence agency that employs the spy. It's just that the spy happens to be one thing you might catch and defeat. Good counter-inel isn't just making sure you have no spies in your camp. It is also things like making sure none of your people leave useful information left laying around and carefully feeding false information to the other side. Thing is, that is very hard to do even for very good intelligence agencies. It is hopeless to think of the general mass of humanity (most of whom don't care) achieving the same level of vigilance.

So people tell FB their name and address

[nospam007]

...and then complain that they know where they live?

Re:Well so what?

[morethanapapercert]

And don't forget radio signal fingerprinting. There is the cell tower, the free Wi-Fi at your favourite coffee shop, Bluetooth, S beam (or equivalent) and NFC . As I've said above, demographic and geolocation companies use more sources of information than just the apps you chose to install. Check your email at Starbucks? One of your apps, maybe even a vendor installed and non-removable app reports your location. Pay using your phone? The credit card company might be sharing your location into. Use Air Miles? You're definitely being tracked, that's how Air Miles can afford to give you those travel points, ditto for most store loyalty cards. Using ANY Android or Apple mobile device? The apps store itself knows your location and this function cannot be disabled. Google at least doesn't typically share this info directly. The deal it makes with advertised is : Tell us what demographic slice you want $ad to be shown to, frequency etc and we'll pass it along to the appropriate eyeballs.

However, thanks to things like beacon pixels and very carefully selected demographic criteria, it is fairly straight forward for an advertiser to discover your location. e.g. "show Ad_A to people within this zip code, show ad_B to people who have their credit card tied to their phone, show ad_C to someone who has paid with their phone at a Starbucks in the last 30 days" Do enough of these, constantly sharing the results with those back end database companies and you end up with a scarily accurate and damn near real time profile on individuals.

Re:VPN?

[morethanapapercert]

A VPN only masks your IP from the destination web site and the routers your packets pass through. Your phone always knows where you are. It knows what cell towers are in range and relative signal strength from each, that right there can locate you within a hundred meter radius or so. The Android and Apple OS'es themselves know your location from the Cell towers, GPS (accurate within 8 meters) available Wi-Fi sources (~50 m), Bluetooth(100m), NFC (10 cm) and things like Samsungs S-beam (combines NFC and Wi-Fi). By combining these sources of location data, you can come up with a surprisingly accurate estimate of location for a given device. After all, even if you don't use Apple pay (for example) your phone can still "see" the Apple Pay reader device on the Starbucks counter while you're paying for your latte with cash. That device location is known and certainly isn't prone to moving around much.

None of that can be completely disabled. This information then gets shared with a handful of OEM apps and the application stores. On the back end, there are a handful of demographic and geolocation data base providers collating, cross referencing and compiling all the data from a myriad sources. Some of those sources include data like name, address and phone numbers. (shopper loyalty cards, Air Miles, store specific free draws etc)

Having Facebook know where you are at all times and showing you ads based on what they know about you is scary enough. But it gets worse when you realize that Facebook is tracking you and adding you to the databases they use even if you've never been a Facebook user. The real worst though is that these backend databases aren't really subject to any oversight and are accessible to any one willing to sign a contract with the analytics company. From time to time and in various places, laws have been passed that say marketers cannot collect certain kinds of information in certain ways or do certain things with that information. But it is rare for a law to take a holistic approach, starting with privacy and working from there. And I've NEVER heard of a law that banned certain data practices and required that all existing data gathered that way be purged

The ads have to ad

[AHuxley]

Thats the people who pay for using social media get.
A setting on some "GUI" will not change the ads.
The users are the product and cant escape with a setting in a GUI.

Re:Not really

[nukenerd]

Which does not stop you from gettings ads, you just get ads for the wrong location.

That's fine, I find that funny, and it is satisfying to know that the admen are wasting effort on me and that their data well is poisoned. Almost as good as getting a live sales phonecall - my pretending I'm interested then leaving the handset on the table squawking away for the next 5 minutes to no-one.

For some reason ads on the web have got the idea that I live in Uxbridge, a suburb of London 200 miles from me, and that I need laser surgery on my eyes. That's just funny, not that I see ads very often anyway. OTOH if an ad were to come up that was relevant, like I really did want laser surgery on my eyes, I'd find it intrusive and sinister; and anyway I'm perfectly capable of seeking providers myself so it's patronising.

Re:Well so what?

[Miamicanes]

AFAIK, it's never been done... but if you had low-level programming access to the radio in an 802.11ac chipset (enough to detect TDWR radar bursts as they sweep by) and a source of extremely accurate timestamps, you could probably combine that with tower data and external data-aggregators (who, among other things, would have to monitor the radar beam's sweep) and obtain EXTREMELY accurate location data, even without involving GPS or wi-fi at all, and even if you were in an area that had access to only a single cellular tower.

Actually, if you had a local source of extremely stable, high-precision timestamp data, you could even probably log the radar bursts offline (along with their local timestamps), then LATER (when you GOT network connectivity of some kind), correlate those local timestamps to some "global" timestamp reference (and external log of observed radar beam rotations with their own accurate timestamps) & figure out with some degree of confidence where the user was at the time the radar bursts were noted. If you were in an area with multiple TDWR sites, you could probably narrow it down to an area roughly 1x3 kilometers. If you were in an area with three or more TDWR sites (basically, South Florida and Washington DC), you could probably narrow it down to a square kilometer or less (depending entirely upon the precision of your timestamp).

That said, I'm not confident you could actually DO this with a production mobile phone (at least, not without having access to programming and component information not generally available to the public, and not necessarily even readily available to phone manufacturers), but AFAIK, chipsets like the ones used by Broadcom are little more than software-defined radios with fairly open-ended capabilities that are more like a "blurry bucket" than a bright line (ie, some things work better than others, and not all frequencies have equal performance, but the Venn Diagram of "things that kind of work unreliably if you're really stubborn and willing to accept flakiness" is likely to be HUGE compared to "things that are certified to work reliably".

Personally, I'd LOVE to find a way of at least sniffing LTE tower data (tower id, reported signal strength, observed signal strength). It's still mostly a theory, but I suspect that you could probably use observed differences between reported & observed signal strength to detect rain nearby... especially if you had a phone that was built to work on multiple networks & could monitor towers from many networks on diverse frequencies (because not all frequencies are attenuated by precipitation... a fact you could use to disambiguate and distinguish moment-to-monent signal strength variance from variance due to falling raindrops attenuating signal strength). Basically, a form of "passive weather radar".

I got the idea a few years ago when I noticed that the signal strength of Sprint's ~3.5GHz WiMax was PROFOUNDLY reduced by rain. I'm not sure how much lower frequencies are affected by rain (Sprint WiMax was kind of an aberration... I'm not even sure WHAT is using Clear's old WiMax license anymore, if anything), but with new 5G service using higher frequency bands, it might become viable in the near future even if the death of Sprint WiMax made the approach temporarily moot.

Re:You could try not using it as much

[hey!]

Apps that aren't running have a real hard time tracking where you are.

No they don't. Not if by "running" you mean having some kind of user-facing UI. Apps run services in the background all the time and yes, they collect information about where you are.

The line between app and malware is shockingly blurry, since app vendors fell free to collect, transmit and share data about you without your awareness.

preinstalled, not

[mcswell]

My Windows phone (Nokia Lumia 950) doesn't have an FB app, and never did.

Re:Well so what?

[morethanapapercert]

I'm no radio engineer, but it seems to me that you could duplicate some of that functionality without having to dive down to bare metal in your exploit. There are already "network analyser" apps for mobile devices. Those provide signal to noise ratio information already. Rain kills signal through two methods that I know of, simple attenuation and increased backscatter. If you already have clear weather reports from that already established location, a simple statistical comparison to your baseline (harvested from many devices at that location over time) should give you a good idea whether there is precipitation going on or not. You may not be able to get high accuracy, but even a rate of successful guesses in excess of 75% could be extremely useful. As something of a sanity check, you can compare results from known indoor and outdoor hotspots. Someone in a park using a municipal hot spot is going to be more affected by weather than someone sitting in the local McDonalds.

As low quality confirmation information, on the back end you can look at otherwise unexplained slow downs in traffic speed. The key would be to make sure to evaluate traffic in both directions. Some yahoo cutting you off triggers a slow down for you and every one behind you that can persist as a ripple in traffic speeds and moves backwards through the traffic at some speed related to traffic forward velocity. (I think it's called the slinky effect and I do not remember the math behind it, but it was something like a ripple in traffic moves back through the traffic at half of the average forward velocity) But that yahoo, unless he triggers an accident, doesn't affect the traffic going the other way. A slow down in both directions, with no construction or accident to explain it, could well be rain causing skilled drivers to slow down and open up their following distances.

Re: Is it really so hard?

[astrofurter]

"contact Google"

Wouldn't shaking my fist and shouting at the sky have greater likelihood of being effective?