by Martin Brinkmann on August 21, 2019 in Facebook – Last Update: August 21, 2019 – 3 comments
Facebook started to roll out a new privacy tool called Off-Facebook Activity to users from Ireland, Spain, and South Korea earlier today. Designed to give users of the site better control over data that Facebook collects about them while they interact with third-party sites, it is not exactly the tool that privacy advocates had hoped for.
The company plans to roll out the feature to users from other regions in the coming months. Last month, Facebook was told by the FTC that it had to stop certain privacy invasive practices.
First, the basics. Facebook collects data in several ways. It gets data from user activity on Facebook, e.g. what users like, comment on, view, or do on the site, and also from user activity on third-party sites or apps that have integrated Facebook services.
A Facebook user who is browsing NFL jerseys on a third-party site could get NFL jersey advertisement on Facebook if the app or site used to browse the items initially provided Facebook with the data.
Facebook notes that Off-Facebook Activity allows users of the site to “see and control the data that other apps and websites share with Facebook”.
It includes options to “see a summary of the information other apps and websites have sent Facebook through” various services and tools, disconnect the information from the account, and choose to disconnect future off-Facebook activity from the account automatically.
The word disconnect highlights my main gripe with the tool. The data is not deleted, it is only disconnected. Here is what Facebook has to say about the process:
If you clear your off-Facebook activity, we’ll remove your identifying information from the data that apps and websites choose to send us. We won’t know which websites you visited or what you did there, and we won’t use any of the data you disconnect to target ads to you on Facebook, Instagram or Messenger.
The automated removal of identifying information never managed to protect some of the users whose data is purged from information from being identified; it seems unlikely that Facebook’s processing will ensure 100% anonymity.
Facebook’s engineering team published a technical overview of the entire process. The company associates actions with SIDs (separable identifiers), and users with UIDs (User IDs). When a user chooses to disconnect the data, the link between the SID and the UID is removed.
Facebook created a Measurement ID (MID) designed specifically to provide reports to businesses. When a Facebook user decides to disconnect off-site information, the mapping between the MID and the UID is removed and a new random MID is generated for that person. If a person decides to block off-site data going forward, a “bucketed MID” is assigned which does not represent individual users.
Facebook will still perform aggregated measurement operations on the data.
With this bucketed MID, we are able to perform aggregated measurement operations — for instance, we can conclude that one of the people in the bucket saw an ad and then visited the target website. We can then aggregate that observation with others who viewed the same ad — without determining exactly which person within the bucket took that action.
Tip: if you use Firefox, consider using the Facebook Container add-on to restrict Facebook’s access to third-party data.
Closing Words
Facebook’s new Off-Facebook Activity tool allows users to disconnect existing data and future data so that it cannot be associated directly anymore with the account. The data is not gone, however, and Facebook continues to use it for certain purposes.
Now You: What is your take on the Off-Facebook Activity tool?