Cyber Security

Luke Hally

Why you should lockdown Facebook​

July 3, 2021
Categories:
Tags:

I decided to look at the data Facebook holds about me. I was surprised how easy it was to get my information from Facebook and also how easy it is to protect my data. Given the value of the data I suppose they rely on user ignorance/apathy to leave their settings fairly standard.

You can find out about the information Facebook has about you and how to get a copy here: https://www.facebook.com/help/1701730696756992

What I found interesting

Off Facebook Activity

I was already familiar with the Facebook pixel – used for tracking and retargeting of website visitors. I wasn’t aware that I could see where I’ve been tracked. The list is quite long, 801 entries to be exact, but they only go back to July 2019. Some of these have one visit – maybe I clicked an ad to see what a brand was about or was searching for something, didn’t find it and never came back. Others I have multiple events recorded. For example, UNSW.EDU.AU has over 70 visits recorded this year, most in the lead up to enrolling in this course.

Your Topics

This is quite a long list and some of the things on there are things that I am actually interested in. Most of them are things that I have looked up or researched in the course of work or startup endeavours, but not things I’m actually interested in. Somethings I have no interest in whatsoever. My conclusion is that Facebook is very good at collecting and collating data, but not very good at drawing human insights from it. 

Advertising ID

An Id supplied by Apple (Apple’s Advertising Identifier (IDFA)) so advertisers can identify users anonymously. Apple provides information about to how to manage this and the system itself here: https://support.apple.com/en-au/HT205223. I didn’t know that this existed.

Advertisers who’ve uploaded a contact list with your information

This was an eye opener! From Facebook Advertisers who run ads using a contact list they’ve uploaded which includes contact info that you’ve shared with them or with one of their data partners. Many companies here I’ve never heard of, many in other countries. The majority appear to be car dealers from such far flung places as Ontario, Naples and Dakota! Sad to say that the old car salesman stereotype seems to persist in cyberspace.

What I found Disturbing

Browsing through my off-Facebook activity, I discovered records from Woolworths rewards for purchases. I do have a Woolworths Everyday rewards card, but I’ve never used it. So I logged into my Woolworths Rewards account: I have zero points and zero activity – ever; I have no connected payment card; I have no connected social media; I do not have an app on my phone. Through some analysis and cross checking with bank statements, I’ve narrowed it down to my local bottle shop – which has a fine selection of German Witbiers and some interesting local wild ales. 

But it begs the question: how did Woolworths find out about my purchase to begin with?

Recommendations

This comes down to how much of your life you want people and companies to know about you. When you are considering this, ask yourself: “do I want strangers to know about this? And could a criminal use this to steal my identity or track me down? I recommend reviewing the following:

Conclusion

So what I thought would be a fairly informative but banal activity, actually turned out to be quite an adventure! Researching how my data made its way to Woolworths formed my first project, I made some interesting but inconclusive findings involving multiple third parties, data sharing agreements and ownership stakes – this investigation is ongoing. 

I’ve discovered that there is a whole data trading economy and it has made me realise the value of my data and that I need to value it more myself. In light of this I’ve reviewed and locked down my Facebook privacy settings and I suggest you do the same.

Recent posts

© Copyright 2021, Luke Hally