Facebook’s New Privacy Tool Is a Data Landfill
Assume that every website you visit tattles on you to the social-media behemoth.
Updated at 4:36 p.m. ET on January 28, 2020.
Of the 1,081 apps and websites that have been sharing my “activity” with Facebook, Tinder is the chattiest.
In the past 180 days, it has reported 685 of my “interactions” with its app to Facebook, according to Facebook’s new Off-Facebook Activity tool, which CEO Mark Zuckerberg announced in a company blog post this morning. The tool lets any Facebook user go into her settings and see a list of apps and websites that have shared her information with Facebook, organized by the most recent time they shared data, and paired with a number indicating how many “interactions” have been shared. The interactions aren’t specified, but examples of what they could be are provided within the tool: “Opened an app; logged in to app with Facebook; visited a website; searched for an item; added an item to a wishlist; added an item to a cart; made a purchase; made a donation.”
The Off-Facebook Activity tool is the culmination of a promise the company made shortly after the Cambridge Analytica scandal broke in the late winter of 2018. Originally called Clear History, it is only now accessible to all of Facebook’s roughly 2.5 billion global users, including 220 million in the United States. “One of our main goals for the next decade is to build much stronger privacy protections for everyone on Facebook,” Zuckerberg wrote in this morning’s announcement. “You should be able to easily understand and manage your information, which is why strengthening your privacy controls is so important.”
“Easily understand” is an interesting choice of phrase. It implies that the personal information Facebook has about each of its users can be presented to those users in a way that they can readily process and comprehend. It implies a data set that is, at a minimum, literally fathomable—from a company that has only ever been motivated to be unfathomably large, and know unfathomably much. But the amount of information Facebook has about each of its users undercuts the goal to present it in a way that could be useful.
To find out more about what kind of interactions Tinder shared with Facebook, I can’t just turn to the Off-Facebook Activity tool in my browser or in Facebook’s mobile app. It is not immediately obvious, but after messing around for a few minutes, I find I can do so on the general “download your information” page, where all of my personal posts, comments, photos, location data, log-in attempts, and device IDs are also available to download in a massive Zip file, in exchange for just one reentry of my password. That Zip file includes a folder titled “ads_and_businesses,” which has a subfolder titled “your_off_facebook_activity,” which includes links to 1,081 HTML files. They are labeled by numbers only, so I have to click through them at random.
Tinder is, helpfully, first—file “0.html.” The webpage it leads me to shows the 685 times I’ve opened the Tinder app in the past six months (dating is a numbers game!), and each “ACTIVATE_APP” is time-stamped. What would an advertiser do with the knowledge that I opened a dating app at 3:30 p.m. on Christmas Eve? Or 18 times on August 3, 2019—a day that I also RSVP’d on Facebook to a DJ set on a rooftop in Brooklyn? Or 12 times on the morning of my high-school best friend’s baby shower, which I posted about on Instagram?
It took a good chunk of my morning to even uncover the proof that this is information someone definitely has. According to the file labeled “12.html,” Facebook also knows exactly when I did something described as “VIEW_CONTENT” on my credit-card company’s website. Whether someone, somewhere knows what kind of content was viewed is not specified. According to “210.html,” I did something referred to only as “CUSTOM” on Glamour’s website on both September 19, 2019, and November 21, 2019. Facebook does not specify who is doing the customizing—Glamour or Facebook or me. (Later, Facebook told me it could refer to a range of activities, such as signing up for a rewards program or an event. When I asked the company for comment on whether these data were useful and actionable for most users, I was directed to Zuckerberg’s blog post.)
If I cared to click through every single file in my downloaded Zip, I would see similarly vague explanations for what HBO and TikTok and Glossier and the U.S. Postal Service and Amtrak and the Brooklyn Public Library have told Facebook about me. Same goes for ZocDoc, which I recently used to search for a new therapist, and the campaign sites for Elizabeth Warren and Bernie Sanders, which I recently perused to compare their platforms on reproductive rights. I could not see summaries of how many Facebook employees have access to my “off-Facebook” data, or what they’re allowed to do with those data.
This unfathomable bounty of information will likely give plenty of Facebook users a cold, edifying shock—if they can find it. But it is not a service, really. Confronted by thousands of bullet points about the past 180 days of my life, I find the whole collection impossible to derive meaning from. I’m flattened by its completeness; I’m galled by its omissions. The closest reference point I have for its incomprehensibility is a landfill—or maybe Facebook’s notoriously useless political-ad library, which was also, per the company’s rhetoric, built for the sake of transparency.
When the tech journalist Anna Wiener tried Facebook’s original “download your information” tool—which pulls a copy of your profile and everything you’ve ever uploaded, partially uploaded, or uploaded and deleted—in 2018, she wrote for The Atlantic that the downloadable packets were “artifacts of corporate cowardice.” Mammoth and incomplete, each one was a “slapdash, selective assortment of digital ephemera,” and “by no means a complete record of the company’s data-collection practices.” Adding these new packets to the old ones simply dumps even more unsiftable data on top of the pile.
“It’s a disclosure data dump,” Daniel Sauter, director of the The New School’s data-visualization master’s program, told me in a phone call. He thinks the tool was likely introduced to comply with the data-collection disclosure requirement in California’s Consumer Privacy Act, which went into effect on January 1. “There’s no context. It’s not actionable information; it’s information that’s compliant.”
If Facebook is dedicated, now, to giving users “control,” it would behoove someone at the company to define what that means. We all have some control. Thanks to deliberate choices I’ve made about my online life, my personalized list of apps and websites that regularly report on me to Facebook is not as chilling as it might have been. I stopped using a period-tracking app a year ago because of how much it shared with third parties, like Facebook. I don’t have any smart-home devices, which means the Amazon-owned smart security system Ring is not telling Facebook how often somebody is ringing my doorbell. But most of our online choices, like performing a “custom” act on a beauty magazine’s website, are fuzzier and less obvious.
With Facebook’s new tool, I can also make the choice to delete the history I’ve just reviewed and turn off future tracking of my off-platform activity, but this won’t prevent ad-targeting based on other information about me that I’ve made public over the past 10 years by posting and clicking and searching. I could also deactivate my Facebook account, if I wanted to, but that would be a rookie mistake. The only way to control what Facebook knows and shares about you is to be on Facebook, fiddling with the settings.