Conspiracy theorists think Facebook has tapped your phone’s microphone to target ads by listening to your conversations. Truth is, it doesn’t have to. WSJ’s Joanna Stern explains how Facebook and its advertisers really keep tabs on you.
“Can I try the Cole Haans in a size 8?”
Later that night on Facebook: An advertisement for Cole Haan pumps.
OK, maybe a coincidence.
“What’s the best high-tech scale?” my wife asks aloud.
Five minutes later on Instagram: An ad for scales.
Wait, are they listening?
“Get the little red Sudafed pills,” my mom says after I sneeze.
That afternoon: An advertisement for Sudafed PE.
Yep, they’ve even wiretapped my bodily functions.
A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads. It’s not.
“Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed,” says Facebook.
Yeah, sure, and the government swears it isn’t keeping any pet aliens at Area 51. So I contacted former Facebook employees and various advertising technology experts, who all cited technical and legal reasons audio snooping isn’t possible.
Uploading and scanning that much audio data “would strain even the resources of the NSA,” says former Facebook ad-targeting product manager Antonio Garcia Martinez. “They would need to understand the context of what you are saying—not just listen for words,” says Sandy Parakilas, a former Facebook operations manager.
I believe them, but for another reason:
Facebook is now so good at watching what we do online—and even offline, wandering around the physical world—it doesn’t need to hear us. After digging into the various bits of info Facebook and its advertisers collect and the bits I’ve actually handed over myself, I can now explain why I got each of those eerily relevant ads. (Facebook ads themselves offer limited explanations when you click “Why am I seeing this?”)
Advertising is an important staple of the free internet, but the companies buying and selling ads are turning into stalkers. We need to understand what they’re doing, and what we can—or can’t—do to limit them.
What You’ve Bought
The story of how that Sudafed ad got to me begins at Walgreens. As I bought tissues and Afrin, I keyed in my phone number so I could get loyalty points.
Johnson & Johnson, maker of Sudafed, paid the data broker for that information. With the use of Facebook’s tools, the information from my loyalty card—email, phone number, etc.—was matched with my Facebook account. (Data brokers run personal information through an algorithm before uploading so it’s not identifiable, Facebook says, but it still can be matched with Facebook account information.)
Then via Facebook, Johnson & Johnson decided to target adults ages 25 to 54 who bought Sudafed or a competing brand. In other words, me.
Of course, it isn’t easy. You need to go to each broker website and fill out your form with, yes, your personal information.
What could be better than your purchase history? Location, location, location. Did you stop by a shop? This ad will remind you to come back! Are you close to one of our stores? Here’s a coupon!
My colleague Christopher Mims detailed in his recent column how advertisers are using all sorts of location signals—your phone’s GPS, Wi-Fi access points around you, IP addresses, etc.— to follow your breadcrumbs.
Do this: Limit Facebook from knowing where you are. In the mobile app (iOS and Android), go to Settings > Account Settings > Location and turn off location tracking. Disable location history, too.
Where You’ve Been
The free version of LoseIt shows ads from Facebook’s Audience Network. Even if you don’t log into the app via Facebook, the companies swap information. In my case, LoseIt’s maker FitNow Inc. used my iPhone’s Identifier for Advertisers (IDFA), a number stored on my iPhone, to match up any other history associated with my IDFA, including my Facebook account.
Do this: Apple gives you the ability to limit advertisers from getting your IDFA. In iOS go to Settings > Privacy > Advertising > switch on Limit Ad Tracking.
Do this: Interest-based advertising is used across the web by the big technology companies. Facebook, Amazon, Google and others offer ways to opt out on their own websites. On Facebook, go to Settings > Account Settings > Ads > Ad Settings and turn off all the settings on that page. You can also delete any interests Facebook may have gathered about you previously.
On your computer’s browser, install the Ghostery or Privacy Badger extensions. Both allow you to see—and disable— trackers that are running on webpages .
The portrait gets clearer with even more information from data brokers: your salary, car preference, home size, political affiliations, spending habits and far more.
It’s what allows any advertiser to log into Facebook Ads Manager and start targeting. Even I was able to log in and laser focus on people in a certain NYC ZIP code who have bought furniture and cooking spices—and who are “likely to move soon.”
Do this: Short of deleting Facebook and living in a bunker, there isn’t anything you can do to stop this entirely.
“When ad targeting is used well, it makes advertising better,” says Facebook spokesperson Joe Osborne. “That’s why we build our targeting tools in a way that doesn’t share people’s personal information with advertisers and that gives people control over the ads they see.”
My problem is, we still don’t have enough transparency about how these ads are getting to us. The more we focus on the realities— how they’re monitoring our app downloads and trips to the supermarket—the more we’ll know where our privacy is at stake.