Tips 6 min. read

Here’s how Facebook is spying on you, and what you can do to stop it

Here’s how Facebook is spying on you, and what you can do to stop it

Facebook is in a world of trouble. What with lax policies that have compromised over 50 million Facebook users’ data and enabled Russians to influence the presidential election—not to mention the strategic partnerships it has in place to spy on your online activities—it’s little wonder the company’s stock tumbled by almost $50 billion this past week.

Make no mistake, this is a full-on crisis for Facebook, and users are panicking—not because of the company’s tumbling stock, but for fear of what this means for their online privacy.

Keep reading to find out how you can protect yourself.

There have been concerns about how our private data was being used by Facebook for some time (for instance, you may have noticed ads pop up about a product you were just talking about, despite never having searched for said product online). And now we’re getting a glimpse into what’s really been going on—and how exposed we truly are.

Digging deeper

Before we talk about how to protect yourself, first let’s take a deeper dive. Take the Cambridge Analytica scandal, for example, where the data analytics company received access to over 50 million Facebook users’ data. This wasn’t a breach, or a hack. It was facilitated by Facebook’s weak infrastructure and its willingness to turn a blind eye.

As The Guardian learned when it spoke to Facebook’s former platform operations manager Sandy Parakilas, who was responsible for policing data breaches by third-party software developers between 2011 and 2012, the actual number of users who have been affected by issues like Cambridge Analytica is likely to be in the hundreds of millions.

What Parakilas alleges is that Facebook would provide data for external developers. These developers would use Facebook’s API to build things like surveys or pop quizzes (many of which you’ve probably engaged with yourself). When Facebook sent its data off of its own servers and into the hands of the various app developers, there was no oversight, nobody auditing that these app developers were following the terms of service, and that nobody was sending or selling that data elsewhere.

Parakilas says he assumed for years that there must have been a black market for Facebook user data, but when he asked executives if he could dig further, they discouraged him from doing so, saying “do you really want to see what you’ll find?”

“I found that utterly shocking and horrifying,” Parakilas told The Guardian.

Facebook privacy
“Where are my cough drops?”

How Facebook knows exactly what you need

Facebook’s inability to police how app developers use their data is a huge privacy concern. But what does all of this mean in practice? How does it affect you?

This story may be familiar: “Can you pass the cough drops,” you tell your wife. Ten minutes later, your Facebook feed is bombarded with ads for Halls Soothers.

How do they know?

The assumption has always been that Facebook must be listening through your phone’s microphone, but the company denies that and, frankly, experts even call it improbable—both from a technical standpoint and legally. The fact is, though, Facebook does, somehow, know we’re sick and that we’re in need of cough drops.

Experts told the Wall Street Journal that Facebook has become so good at watching and tracking us that it doesn’t need to monitor your microphone. For instance, when you bought those cough drops from the pharmacy, you may have used your loyalty card number. The maker of the cough drops has a deal with the store where it pays them for that data. Using Facebook’s tools, the loyalty card number links to your name and address, and that can then be matched to your personal Facebook account. You then get served ads, almost instantly, for cough drops and other products designed to ease your flu-like symptoms.

According to the WSJ article, Facebook works with six data brokers. The data it buys include email data, recent purchases, and even location history. Walked into a bookstore recently? You may find an ad for a James Patterson novel when you next open Facebook.

And the list goes on. Facebook has a “Protect” feature under the “Explore” section of its app. If you click that button, it takes you to the app store to download their free Virtual Private Network (or VPN) called Onavo. A VPN hides your IP address and lets you browse the web anonymously. It’s the ultimate privacy tool. But because Facebook owns Onavo, it’s actually using the app to spy on what you’re doing when you’re not on Facebook.

What videos are you watching on YouTube, for instance? Facebook can get that data through its Onavo users and utilize it to improve its own video product.

Here’s another example: Let’s say you’re traveling and connect to a hotel’s unsecured WiFi network through Onavo. Facebook will now know precisely where you are, that you’re away on business, and maybe you’ll be looking for dinner reservations. Next time you go to your Facebook feed, you might see an ad for a steakhouse located a few blocks from your hotel.

It’s fair to say, then, that Facebook’s “Protect” feature certainly isn’t there to protect you. It’s actually there to spy on you.

Gathering all of this data is what makes Facebook’s ad revenue model so valuable. Brands pay millions of dollars each year to advertise their products on Facebook, and they spend that much because Facebook is so intimately aware of its users’ habits down to the finest of details.

For instance: Say you have a business that makes dog beds and you want to target single females aged 25-35 who live in Peoria, IL., who went to college, make at least $50,000 per year, and who love dogs and regularly purchase pet-related products? Facebook has that data. And brands will pay top dollar to get access to the precise people they know will buy their products.

What Facebook (and companies like Google) is doing is actually incredibly clever. It’s also immensely profitable. But it all comes at the expense of your privacy.

So how can you protect yourself?

Let’s start with the most important thing: You granted Facebook access to do this. By default, when you sign up for an account, you agree to Facebook’s privacy policy. Did you read the small print? No, of course you didn’t. But it is actually all there.

Here are some things you can do to protect yourself.

Re-register loyalty cards

If you use loyalty cards, like when you shop for groceries, register them to a name, email, and address that you don’t use. Basically, an account that can’t be tracked back to your personal Facebook account.

Turn off location tracking

Make sure Facebook can’t track your location by going to Settings > Account Settings > Location and turning off location tracking. Check your other apps, too; they may be serving you ads via Facebook. Don’t grant location access unless the app won’t function without it. Under Settings > Privacy > Location Services on your phone, the list of apps should read “Never” or “While Using” — not “Always.”

Opt out of personalized ads

Limit ad tracking on iOS by going to Settings > Privacy > Advertising > and then switch on Limit Ad Tracking. Do the same for Google on Android at Settings > Google > Ads > Opt out of Ads Personalization.

For Facebook, go to Settings > Account Settings > Ads > Ad Settings and make sure all the settings on that page are turned off to stop from being retargeted.

Disable microphone access

While Facebook might not be listening through your phone’s microphone, some apps definitely are. On your iPhone, go to Settings > Privacy > Microphone and then disable microphone from all the apps that don’t need it.

Do not click “Protect”

Never click on Facebook’s “Protect” feature. As mentioned, it’s effectively like installing spyware on your device.

Install a trusted VPN

Use a VPN (not Facebook’s Onavo). A VPN will secure and encrypt your private data and protect you from hackers. A VPN will ensure you browse the web anonymously, meaning no one—even your Internet Service Provider—will be able to see what websites you’re visiting online. And a trusted VPN will NEVER share or store your IP address.

Think before you post

Finally, be careful what you post. Many of us post sensitive information—like the names of our kids, where we live, where we went for dinner, where we’re going on vacation—to our social media feeds. The default setting for Facebook is to make your posts public, meaning anyone can see what you’re up to and use that data against you (from hackers stealing your identity to fake profiles of your kids to the sale of that data to brokers). Switch it to private so that only your friends can see what you post.

While we can’t expect to be 100% protected against major corporations like Facebook, we can be more aware of our digital footprint and spend time protecting our data. The web of information that’s flowing between brokers, brands, and corporate giants, is, frankly, alarming. Some are calling for people to #DeleteFacebook altogether, and while that’s probably excessive, use this scandal as a catalyst to start taking your online privacy seriously.

After all, technology isn’t going away. And, as we’ve seen, there’s much to be gained by using it to spy on your activities.

Download Hotspot Shield

Get the latest stories and tips from Hotspot Shield in your inbox