Cybersecurity, Social

The Guardian and The New York Times are part of Facebook’s data gathering mechanism

facebook

The New York Times, The Guardian, The Observer, Wired and Recode are all using Facebook Pixel to collect data on their readership, the tool can be used to trace connections between external websites and Facebook users for advertising purposes.

Facebook Pixel is a piece of code that any Facebook business page can create on the Facebook platform before placing it in almost any website, to track user behaviour whilst also reporting information from your social media, if the user is concurrently logged into Facebook.  Facebook’s Business page, that discloses how the platform’s relationship with business accounts work, states “we’ll compare your data with ours to help you find the people you know on Facebook”, and in a separate section “customer audiences from your website is a targeting option which match people who visit your website with people on Facebook using the Facebook Pixel”.

While it’s not possible to individually target ads, a comment from a Facebook employee on their FAQ states, ”if you used the Facebook Pixel to create a Custom Audience out of your website visitors, we’d only be able to collect traffic into that audience that we can match back to a Facebook profile. Additionally, if you were to create a Website Conversions campaign, we’d only be able to capture conversions that happened as a result of traffic exclusively from Facebook profiles”. With the data routed to Facebook servers, the whole social media profile of a person is incrementally improved with the websites they visit and their behaviour on those sites. 

In a Reply All episode called “Is Facebook Spying on you?” that aired in November last year, the presenters addressed the theory that Facebook was tapping into user’s microphones and listening for advertising purposes. Though the show fails to convince any of the interviewed users that Facebook wasn’t doing that, it made a pertinent point about Facebook Pixel that applies here:

“It watches what you do and reports it back to Facebook. It can see how long you linger on a certain webpage, it can see if you purchase something, it can see if you put something in your cart on a website and decide not to buy it, it’s kind of, like, an internet surveillance camera.” – Alex Goldman

Facebook Pixel gathers data through cookies, which store information about your session on your browser and can identify a user across many sites, it is the pixel, however, that is the trigger which makes the data-grab happen. Through the digital tag, the media giants alongside all third party websites that use the Facebook Pixel code, can collect information about a user and what their areas of interest are, before channelling tailored messages and adverts throughout a Facebook profile. The issue here is that as a result of the Facebook Pixel being back-end code, users will not necessarily be aware that any data is being collected on them or, for that matter, how much data.

EU Cookie Law requires websites in European Union countries to inform users that cookies are being used, but this is not applicable to the wider world audience meaning the data collection occurs without any prompts or authorisation across the United States. Furthermore, there is no notice given that the data gathered on the site is being linked to your social media profile. The cookie notice states:

“[cookies] can also be used to keep track of the pages visited using your browser, which gives site owners important insights into the quality of their services, enabling them to improve and better meet the needs of all their visitors. This information can sometimes be used to present advertising and other messages relevant to your browsing history.”

The story comes shortly after The GuardianThe Observer, Wired and Recode held Facebook to account for Cambridge Analytica’s data harvesting, the UK firm which was caught storing Facebook data which users did not know had been collected. Our reporting found no evidence that cookie data was included in the Cambridge Analytica data. 

As well as picking up how site visitors navigate, Facebook Pixel is also the tool that allows advertising across various websites. It is the mechanism that will place items that were previously searched on eBay, for instance, into the adverts on the Facebook sidelines. Although there is an awareness of this connection, most often don’t think twice about how, or why or more importantly where exactly that information is going especially with so many daily adverts are directed at us online. It is the piece of code which allows behaviour on one site to influence advertisements on another, the reason advertisements seem to follow you around the internet.

Of Facebook’s own pixel version, the entire process is advertised as a seamless, risk-free and easy way to optimise website users, and displays the ability to  “remarket to everyone who visits your site, or just to people who visit specific pages or take specific actions”. Facebook also gives potential marketers the option to “create a lookalike audience” which will collate a selection of Facebook users who have similar tendencies to the users who have previously accessed their website, and allow them to market to you. The pixel itself, accessible only to Facebook Ads users sits on top of the entire ad account, meaning that one code is then powerful enough to track all the adverts sent out. 

The extent of the pixel’s capabilities is then also explicitly detailed on the Facebook Developers page:

“You can pass the customer identifiers, such as email, phone number that you collect from your website during the checkout, account sign-in, or registration process as parameters in the pixel. Facebook then uses this information to match pixel events with Facebook users when the Facebook cookie is not present on the browser that fires the pixel”.

The cookie policy for The Guardian, The Observer, The New York Times, Wired (Conde Nast) and Recode (Vox Media) all describe the kind of data that is collected and the kind of advertising it may be used for. All state that they may pass this information on to third parties and are not responsible for the usages policies of those third parties. Vox Media and Conde Nast are much clearer on passing your data on to third parties which may use it for targeted advertising.

This comes after a long line of revelations that expose Facebook’s underlying code as collecting data and website trends. What we do know is that the mechanism pools personal information alongside knowledge about a user’s interests, ranging from which news stories they read to where they do their online groceries (Walmart uses Facebook Pixel as well as Buzzfeed, Pintrest and Paypal). With few online sources detailing how this mechanism works, or the extent of which this uses data from Facebook friends, it remains a relatively unregulated access point to personal details.

Using marketing tags like this is practised among a range of providers including Google.  The marketing message is simple: the wider the range of sites which use Facebook Pixel the more comprehensive their understanding of a given user. There are now easy ways to view what websites are using tags,  for instance adding ‘Tag Explorer’ to your Google Chrome extension will allow the programme to count and detail how many tags are used on each page you visit. Through such an extension, of which there are many, it was easy to see that Ebay has 16 codes embedded into its page, Facebook Pixel being one of them. When turning attention to prominent media outlets, The Guardian has eleven, technology publication Recode has 18, Wired has 27 and The New York Times comes out on top with 41. All four of these news companies use Facebook Pixel to track which readers to advertise to. The national media companies then use this data to advertise subscriptions but the adverts themselves will also vary depending on how interactive the user was on their original website. 

Furthermore the question of whether this tool can be abused by third parties, to the extent of Cambridge Analytica was alluded to in an article published this morning on Bloomberg. The study documents the seedy underside of Facebook adverts and draws focus to how easy it is for scammers to create bogus tracking software and place fake ads within the Facebook platform. The article details then how easy it is for affiliates looking to promote fake adverts can avoid the few restrictions in place and essentially make profit from Facebook fads. With the knowledge that all of these users can also access Facebook Pixels, this highlights the underlying issue that third parties have the potential to utilise this free access to data and the users connected to it. 

Until recently it appeared that this mechanism is impossible to turn off, however amidst fears of data privacy, search engine Mozilla Firefox will be introducing the ‘Facebook Container‘ to limit the platforms access to data grabbing and deleting your Facebook cookies. However such steps don’t appear to be enough to prevent the external links to your Facebook account, meaning Facebook Pixel can track the device you use on your laptop and tablet to your phone. Although websites sometimes ask for an authorisation regarding the use of Cookies, there is in reality little information about the legalities of Facebook Pixel, where the data is exactly stored, how much of that has been given to other parties and whether that data can be copied onto third-party servers.

A disclosure on Facebook details the platform “typically deletes all matched and unmatched hashes within 48 hours after the matching process ends, unless we need to retain any data for troubleshooting or product improvement.” However in Zuckerberg’s recent Recode interview, he acknowledges that “There’s this values tension playing out between the value of data portability, right? Being able to take your data and some social data … To be able to create new experiences on the one hand, and privacy on the other hand, and just making sure that everything is as locked down as possible”. And CookieLaw.org states, “cookies are used by most websites in many different ways, including… personalis[ing] your web experience.

Facebook makes no attempt to hide information about the Facebook Pixel, but it does require you to know what you are looking for. Following on from this, revelations in recent days which reveal that Facebook has saved the call and message history of some Android users requires Google to take a certain amount of responsibility. And more recently Amazon have been drawn into the situation too. With all the platforms and media websites tied into the mix, it is clear that rather than pointing fingers or deleting Facebook, there is, in fact, a much larger issue regarding the general way we, as users, approach our data. We must wonder if it’s too late to untangle our online, interconnected, presence.

 

We reached out to all of the media outlets mentioned for comment on when they started using Facebook Pixel, what data they take and their relationships with Facebook. We haven’t received responses yet but will update this article as and when we do.

 

Previous ArticleNext Article