First of all, this is not a tutorial on how to update your Facebook privacy settings or how to delete your Facebook account. There is already enough information available on that. Google it. Also, lets be clear that Facebook has your data. There is no doubt around that. Doesn’t matter if you have deleted your Facebook account or uninstalled the Facebook app, there are lots of other apps (WhatsApp, Instagram and a lot of third party apps) that you use on a daily basis which are regularly sending your data to Facebook. Often when concerns are raised around user data privacy with Facebook, people have one of the 2 reactions –
- Facebook is evil. Let’s delete Facebook and a bunch of deletefacebook hashtags start trending on social media for a few days. Then we forget all about it and Facebook gets back to collecting your data like nothing ever happened.
- People feel defenceless against such a big tech giant and they try to hide their helplessness by saying “I got nothing to hide”, “So what if Facebook has my data? I’ll get better ads. Nothing wrong with that”.
And this narrative is fine to a certain extent. I don’t really mind if my data is being used “only” for the purpose of personalizing ads for me. But the truth is, that nobody knows how and when your data can be misused and by whom. I mean who would have thought that taking a simple personality test would end up influencing your voting decision. Remember Cambridge Analytica?
The Problem
Facebook, by itself is using all the collected data primarily to better target ads for you (mostly) and there is not that much of a data privacy concern. The data privacy issues starts when third parties other than Facebook start getting access to your PII (Personally Identifiable Information) or other sensitive information. They usually get this data either due to a policy oversight by Facebook or through some technical glitch or some other security loophole. And these third parties have no credibility at all. Even in the case of Cambridge Analytica, the problem was not Facebook having all the data. Facebook had that data since years and had acquired it with user consent. The problem was that a third party personality test app got access to all that data. And given the scale at which Facebook is at, there will always be some technical bugs every now and then which will leak your data to third parties. Here is a quick timeline of some of the recent Facebook data leaks.
So, long story short, i don’t care if Faceboook says my data is safe and it has fixed all the security issues, i am just not comfortable sharing my data with Facebook. So what can we do? Below are some of the behavioural best practices to make sure that Facebook doesn’t get it hands on your data.
1. Avoid Apps and Use Website
Even when you are on phone, prefer mobile web by opening the company’s website through a browser rather than directly using their app.
You can be tracked on web as well as app. But the tracking on app is far more easy and detailed. Whenever you use any app, your activity is linked with a unique id (IDFA for Apple and GAID for Google). And in just a matter of few clicks, a detailed persona can be built for you. That too on the cloud.
On Web, there are cookies who does majority of the tracking. Cookies usually don’t store any personal information or unique identifier. They are used by websites to track their customers only on their own platform. And most importantly, this data is only on your device. Not on cloud somewhere. You can delete it whenever you want and be assured that there are no copies of it stored in a server at a remote location.
Though i agree that tha User Experience on apps is usually the best, but this may be a trade-off you’ll have to agree to if you don’t want to be spied on all the time. However, some companies don’t want you to use their mobile website and intentionally make their mobile web user experience subpar so that you are indirectly forced to switch to app. Interestingly, Reddit also has been accused of this strategy.
2. Avoid logging in to the app as much as you can
There will always be those weak moments when you trade privacy for comfort and switch to the app. Whenever you do that, you basically allow Facebook to create a file on you which contais all your activites within that app (and probabaly other apps on the same device).
But there is still some hope. Don’t login to the app and avoid providing any PII information (like phone, email) to the app. Until there is a mapping with your PII, the file that Facebook created on you is pretty much anonymised data. Till this point Facebook can’t identify “you” from the data.
This hope is however, short lived. As soon as you use any of the Facebook owned apps (WhatsApp, Instagram, Facebook, Facebook Messenger) on the same device, all of which require you to login to use their service, Facebook will be able to instanly map you with a IDFA/GAID and all those anonymous files on you are not anonymous any more. Facebook now knows that it is “you” who was searching for that leather jacket or who was looking for Chinese restaurants nearby.
Now you know why Facebook spent those billions of dollars in acquiring Instagram and WhatsApp. It got a ready mapping of billions of IDFA/GAID with PII.
3. Regularly reset your IDFA/GAID
As mentioned earlier, majority of the tracking on mobile apps happen through IDFA/GAID. These Ids however, can be reset. If you regulalry reset your IDFA/GAID then any info Facebook has on you which has not yet been mapped with your PII is pretty much useless. It can never be tracked back to you. Here is a quick guide to reset your IDFA or GAID. The only minor side effect of this would be that now the ads you see may be a lot less relevant. But hey, this is what we wanted, right? Getting rid of those creepy invasive ads.
However, given the current regulations and policies, this action will not be very effective against Facebook. That is beacuase Facebook almost always has your latest IDFA/GAID through the network of its own apps (WhatsApp, Instagram, Facebook, Facebook Messenger). So by the time you reset your IDFA/GAID, the corresponding information (i.e. the file we were talking about) has already been mapped to your Facebook profile.
But this will change soon with iOS14 where IDFA sharing is not that easy. In our previous post, we talked about the IDFA change and its impact on Facebook. Hopefully Google will also follow Apple’s lead and impose similar restrictions on GAID sharing. But until then, resetting your IDFA/GAID will protect your data from being misused by third party apps at least.
4. Don’t login with Facebook on other apps
Let’s say, you have to login to an app because –
- You want to make a transaction on the platform or,
- The app makes logging in a mandatory requirement before using their services
If you must login, avoid logging in using your Facebook credentials. Prefer signing up separately and then log in through those credentials. I agree that we hate sign up processes where we have to fill in a lot of information or verify the links sent in email. In general UX is not the forte when it comes to signing up. Logging in with Faceboook, on the other hand, is super easy and a great user experience. Many apps also show a nice comforting message saying something like “Don’t worry. We won’t sell your information or post anything on Facebook on your behalf” to address the data privacy concerns. But what it does is, it instantly lets Facebook recognise who “you” are. An even more serious threat of using Log in with Facebook is that, it now also allows the third party app developer to access your Facebook information. This is dangerous. Remember we said above that the real problem is when third parties get access to your data.
5. Don’t use email/phone linked with Facebook to sign up on third party apps
If you must sign up on an app, then don’t use the email/phone linked with WhatsApp, Instagram, Facebook, Facebook Messenger because this is PII information and as soon as you sign up using this info, Facebook can link “you” with the existing profile in Facebook ecosystem. They are not dependent on IDFA/GAID anymore.
Moreover, try signing up with a new email rather than phone number just because it’s much easier to dump an email rather than phone number. Let’s say, due to some reason you have just 1 email and phone number which you have already linked with Facebook apps. In that case use the email to signup for the new app. Avoid using your phone number to sign up as much as you can. That is just because in today’s day and age, out of all the Facebook owned apps, WhatsApp is the one which you use most likely. I wouldn’t be surprised if you don’t use Facebook / Instagram / Facebook Messenger, probably social media is not your thing. But you either are already using WhatsApp and if not, then the probability of you using WhatsApp in future is still way more than Instagram. So, signing up with your WhatsApp linked phone number almost guarantees that Facebook knows “you”. Avoid that.
Again, because we live in a world where cross app tracking is super easy right now, signing up with a new email/phone may not safeguard you for long. As soon as you use WhatsApp, Instagram, Facebook, Facebook Messenger on the same device, you are busted.
However, let’s assume we are in a world where sharing of IDFA/GAID is denied and cross app tracking is history (and that world is not very far away btw). Now, this practice of not using your Facebook linked email/phone to sign up is super effective against data privacy issues. Yes, Facebook may still get your data but they won’t be able to link the data from multiple apps and create a single profile for you. It will just be scattered informaition about you which can’t be stiched together and thus taking any targeted action on you basis this data will be very difficult. Let’s just make this practice a habit from now on itself.
Now Facebook is super smart and even after all this it may still be able to get your data somehow but by following the above pratices, you’ll atleast put up a fight and for sure make it very difficult for Facebook to get your data.
P.S. We talked a lot about Facebook data privacy issues but what about Google? Google has been collecting a lot more data and for far too long than Facebook. The above practices may not work against Google because they own –
- ~86% of the search engine market with Google
- ~87% of the smartphone operating system with Android
- ~70% of the web browser market with Google Chrome
- The hardware also now with Google Pixel smartphones
But more on Google sometime later.