I just finished listening to an episode of Recode Decode in which the authors of the book called The Hive, the couple Lyga and Baden, were a guest. They talked about their Young Adult book in which they explore the idea what the consequences would be for people when acting on social media is mandatory and your behaviour on it has real, think financial or physical, consequences. The book, published in 2019, sounds like something I should read. Its theme fits perfectly within the research I’m doing on Facebook right now. On the to order list. The podcast episode was wonderful to listen to as well, as it was an interesting discussion on whether and how we can fix it for the next generation. A direct link to the episode is not available, so you’ll have to search for it in your podcast app. It’s called Barry Lyga and Morgan Baden: What if everyone had to use social media?
I downloaded my fb data and started digging in the data. The folder ads_and_businesses was my biggest interest. Not very surprising, but there is little data to go through. Five brands under ‘Who Uploaded a Contact List With Your Information’. Seven brands under ‘Your Off-Facebook Activity’. One brand on this list surprised me. Headspace. Headspace is a wonderful service to help me meditate. I’ve been a subscriber to Headspace for six years. It has been a big help to get me through rough patches in life. I pay good money for this service on a yearly basis (just under €45) so I was surprised to see Headspace participating in surveillance capitalism. Also, how could they make a match between my Headspace account and my Facebook account? Time to dive deeper into privacy policies and data collected by Headspace.
Headspace proactively shares data with Facebook, including paying customers
This is what fb logged on my Headspace behavior in the past few months. It does not seem to be a complete list.
1. DATA WE MAY COLLECT
- Facebook profile information, such as name, email address, and Facebook ID, if you choose to log in to the Products through Facebook
9. USES MADE OF THE DATA
- To serve our advertisements to you through third party platforms, such as Facebook or Google, on other sites and apps or across your devices, to the extent that you have provided consent for such uses under applicable law.
11. DISCLOSURE OF YOUR DATA
- With third parties, such as Facebook, in order to serve Headspace advertisements on such third party platforms, to the extent that you have consented to such practices under applicable law.
I’m already a customer, so Headspace doesn’t have to show me ads on fb. If they want to communicate with me, they have a valid email address to connect with me. The only reason I can think of they want a connection to fb through me is to reach my friends. Well, guess what. I already recommend the service to my friends, by telling them in person. Way more convincing than an ad on fb. But knowing what I know now, they make me think twice about recommending Headspace to my friends. They even make me re-evaluate whether I’ll want to renew my subscription.
In a week or two I will file a new data request with fb to see if new data on Headspace log ins showed up or not. I’ll report back on that in a few weeks, when I have a better answer to the more disturbing question:
How does Headspace know who I am on Facebook?
The curious thing about this case is that I have absolutely no idea how Headspace was able to match my Headspace id with that of my fb account. In this article fb explains how businesses can match their clients with fb users. By uploading phone numbers, which will then be encoded, businesses can serve ads to their clients using fb. Fb implies this is done using email addresses, phone numbers or other personal information. Now here’s the thing. I can’t think of a single piece of information Headspace has on me to match me with fb. I use unique email addresses for both Headspace and Facebook. That can’t provide a match. And as far to my knowledge I never provided my telephone number to Headspace. I use a nickname for my Headspace account, and payment for the service is done through paypal, again using an unique email address. So how does Headspace know what my Facebook account is? In order to find this out I sent a data request to Headspace for my full record. Perhaps they know more of me than they show me in my account information. This story will be continued.
As part of my research on facebook, I wanted to know what they still have on record of me. Therefore I made a download request yesterday for my information (report still pending). In the mean time I also dived into my ad preferences. It took a while to find the page as it was not linked to on the settings page as suggested in this help file. Anyway, I found it.
As far as my ad preferences go, fb doesn’t have a lot of info to go on.
During the last period I used fb more regularly, I made it a sport to actively hide all ads they showed me.
I also removed all interests fb used to serve me ads.
It is interesting fb uses the word removed for this, as they clearly have just categorised my interests differently. From allowed to use for ads, to not allowed to use for ads. They have to keep this on record, otherwise they can’t make this distinction for me.
What I hadn’t seen before was this section:
You can now hide specific ad topics. All three of them: alcohol, parenting and pets. The first is probably to serve alcoholics who are trying to stay off it, the second probably introduced for those who are grieving a lost baby and are not interested in ads for the latest and cutest baby things, and there must be a hell of load of pet haters in the world (or grievers for lost pets). You can suggest other topics, but it is not in fb’s interest to make this a long list. (BTW, I would suggest all pregnant women hide parenting ads, as you’re value goes up for advertisers. You’re in need of a lot of stuff and only want the best for your baby. Advertisers know this and will convince you to buy more than you need. The best advice I got was from a friend who said to run all purchases through the Man first (but even he turned out not to be a rational decision maker all the time) ).
An interesting pattern I noticed. The first two days I logged into fb I didn’t receive any ads. A wonderful experience I can tell you! However, today my timeline was showing group suggestions and ads again. I guess it is a strategy to not bother you with ads the first time after a long absence. It could also be that it needs to recollect some data points (which posts I’m lingering on e.g.) before knowing what to serve me. I put my money on seduction, though. Anything to lure you back into the stream.
I’m curious to see what the fb files tell me about myself. I just checked, and the file is there to download. I didn’t receive the promised e-mail to tell when the file was ready, though. The file expires on July 5th. In other words, good that I checked for it myself. More on this later.
While I’m diving into the dark side of online advertising, I came across the upheaval three years ago about audio beacons being used to listen to people to, guess what, collect more personal data to, guess what, sell even more stuff to them. Here are some articles to read on that:
And most importantly this paper published in 2017, in which the researchers found 234 Android applications that are constantly listening for ultrasonic beacons in the background without the user’s knowledge: Privacy Threats through Ultrasonic Side Channels on Mobile Devices (2017)
Obviously there was a lot of critique on this technique and therefore it seems to have disappeared from the advertiser’s radar. But I’m wondering whether how much of this nifty technique is currently still in use without us knowing. Just recently a friend of mine had one of those ‘they’re listening to my conversations’-moment. So far the information I can find on this are all from 2017 or still referring to the research paper I mentioned above. If you’re reading this and know more about recent use of ultrasonic or audio beacons, I’m interested!
One of the topics I’m currently working on is how to tackle data obesity. Or rather I’m working on helping small companies and individuals stop feeding the very hungry caterpillars in this world. That is not an easy task, but I strongly believe the world will be a bit better when our personal data is treated with the utmost respect. Most people are sort of aware of this notion, but have no idea where to start. That’s the void I’m aiming to fill.
There are two main themes that I need to address: data ownership and social connection. The data ownership part is pretty straightforward. There are good services available to store your data in a self-hosted cloud, including open source tools to collaborate online. Generally speaking these services are very affordable for even the smallest businesses.
But then the social connection part. Connecting to others online without using the hungriest caterpillar of them all is the tricky part. I want to encourage people to stop using facebook. There. I said it. I’m going to climb the Mount Everest wearing shorts and sandals. On the one hand impossible. On the other hand, absolutely necessary.
Over the years there have been so many twists and turns of this company that it’s hard to begin to explain why I feel the need to show others the non-facebook road. To unravel my thinking I started a map. I wrote down arguments, patterns, concerns and everything else that came to mind when I think about facebook. I also started working on a path towards the other world. The world where we take ownership of our social connections and the data that comes with it. That world exists, but the journey there will be through rough terrain. We will lose some weight along the way and even though for some that will feel like losing themselves a little, as a group we will become healthier.
The map I show you here is by far a finished document. There are many things that I need to research before I can write about it. But writing about it I will. A lot. If you want to chip in with ideas or (re)sources, feel free to connect with me. Leave a comment below, or send me an e-mail.
Ik las met interesse wat Frank eerder deze week schreef over het in gebruik nemen van Mailpoet om z’n nieuwsbrieven te versturen in plaats van via Revue. Mijn interesse is gewekt omdat ik al langere tijd moeite heb met het gebruik van Mailchimp, de service die ik gebruik voor het versturen van mijn drie nieuwsbrieven. Mailchimp is met de jaren niet gemakkelijker geworden in gebruik, omdat het uitgegroeid is tot een volwaardig marketing instrument met toeters en bellen die ik niet gebruik. Simpel een nieuwsbriefje ontwerpen en versturen is er daardoor niet meer bij. Bovendien past het zelf hosten van de nieuwsbrief bij het pad dat ik (net als Frank) in ben geslagen om eigenaarschap te pakken van mijn eigen online data.
Er is alleen één ding dat me tegenhoudt. Door de e-maillijst zelf te gaan hosten ben je ook ineens eigenaar van de persoonsgegevens die nodig zijn om de nieuwsbrief te verzenden. Nu heb ik die verantwoordelijkheid bij Mailchimp liggen. Aangezien dat een grote organisatie is vertrouw ik erop dat ze hun beveiliging op orde hebben. Als ik naar mijn eigen opzet kijk, dan kan ik toch iets minder goed garanderen dat mijn site niet gehackt wordt. Natuurlijk zorg ik ervoor dat mijn site up to date is, maar toch. Ik ben in het verleden al een keer mijn gehele website kwijtgeraakt. Ik let nu beter op, maar ik ben geen IT-er en geen beveiligingsexpert.
Toch duik ik maar eens dieper in de opties van Mailpoet (of andere plugins), want WordPress inzetten als ‘one tool to rule them all’ is ook heel wenselijk.