The curious case of Headspace turning up in my Facebook data

I downloaded my fb data and started digging in the data. The folder ads_and_businesses was my biggest interest. Not very surprising, but there is little data to go through. Five brands under ‘Who Uploaded a Contact List With Your Information’. Seven brands under ‘Your Off-Facebook Activity’. One brand on this list surprised me. Headspace. Headspace is a wonderful service to help me meditate. I’ve been a subscriber to Headspace for six years. It has been a big help to get me through rough patches in life. I pay good money for this service on a yearly basis (just under €45) so I was surprised to see Headspace participating in surveillance capitalism. Also, how could they make a match between my Headspace account and my Facebook account? Time to dive deeper into privacy policies and data collected by Headspace.

Headspace proactively shares data with Facebook, including paying customers

This is what fb logged on my Headspace behavior in the past few months. It does not seem to be a complete list.

Headspace has a well formulated privacy policy. Facebook is mentioned a couple of times.


  • Facebook profile information, such as name, email address, and Facebook ID, if you choose to log in to the Products through Facebook


  • To serve our advertisements to you through third party platforms, such as Facebook or Google, on other sites and apps or across your devices, to the extent that you have provided consent for such uses under applicable law.


  • With third parties, such as Facebook, in order to serve Headspace advertisements on such third party platforms, to the extent that you have consented to such practices under applicable law.

This means Headspace uses my profile information to advertise to me, as long as I have provided consent. I wasn’t aware of my consent, but when I logged in on the Headspace website (I normally use the iPhone app) I got noticed there was a new privacy policy to accept. I clicked through and discovered a section where I can manage my privacy settings. Not a lot of options. Just ‘personalized ads’ and ‘email offers about our partners’. Both were turned on, so I switched them off.

I have to admit after reading Headspace’s privacy policy I felt hugely disappointed. It is fine if they want to track my behaviour on their platform to create a better service, but why do they have to reveal to fb I’m a user of their service? I feel offended that Headspace gives away a tiny sliver of knowledge about me, a paying customer, to a company I’m trying hard to tell as little about me as possible. What makes things worse is that I only know about this information exchange, because I made a data request to fb and dug into the information fb has on record. Strangely enough, Headspace turns up in the data I received through the .zip-file, but there is no mentioning of Headspace on the ads preferences pages accessible when logged in. (By the way, there are more discrepancies between the info in the .zip-file and what available in your profile. That’s for another post.)

I’m already a customer, so Headspace doesn’t have to show me ads on fb. If they want to communicate with me, they have a valid email address to connect with me. The only reason I can think of they want a connection to fb through me is to reach my friends. Well, guess what. I already recommend the service to my friends, by telling them in person. Way more convincing than an ad on fb. But knowing what I know now, they make me think twice about recommending Headspace to my friends. They even make me re-evaluate whether I’ll want to renew my subscription.

In a week or two I will file a new data request with fb to see if new data on Headspace log ins showed up or not. I’ll report back on that in a few weeks, when I have a better answer to the more disturbing question:

How does Headspace know who I am on Facebook?

The curious thing about this case is that I have absolutely no idea how Headspace was able to match my Headspace id with that of my fb account. In this article fb explains how businesses can match their clients with fb users. By uploading phone numbers, which will then be encoded, businesses can serve ads to their clients using fb. Fb implies this is done using email addresses, phone numbers or other personal information. Now here’s the thing. I can’t think of a single piece of information Headspace has on me to match me with fb. I use unique email addresses for both Headspace and Facebook. That can’t provide a match. And as far to my knowledge I never provided my telephone number to Headspace. I use a nickname for my Headspace account, and payment for the service is done through paypal, again using an unique email address. So how does Headspace know what my Facebook account is? In order to find this out I sent a data request to Headspace for my full record. Perhaps they know more of me than they show me in my account information. This story will be continued.

Door |2020-07-03T13:33:02+02:003 juli 2020|datadieet, flow|0 Reacties

Ad preferences

As part of my research on facebook, I wanted to know what they still have on record of me. Therefore I made a download request yesterday for my information (report still pending). In the mean time I also dived into my ad preferences. It took a while to find the page as it was not linked to on the settings page as suggested in this help file. Anyway, I found it.

As far as my ad preferences go, fb doesn’t have a lot of info to go on.

During the last period I used fb more regularly, I made it a sport to actively hide all ads they showed me.

I also removed all interests fb used to serve me ads.

It is interesting fb uses the word removed for this, as they clearly have just categorised my interests differently. From allowed to use for ads, to not allowed to use for ads. They have to keep this on record, otherwise they can’t make this distinction for me.

What I hadn’t seen before was this section:

You can now hide specific ad topics. All three of them: alcohol, parenting and pets. The first is probably to serve alcoholics who are trying to stay off it, the second probably introduced for those who are grieving a lost baby and are not interested in ads for the latest and cutest baby things, and there must be a hell of load of pet haters in the world (or grievers for lost pets). You can suggest other topics, but it is not in fb’s interest to make this a long list. (BTW, I would suggest all pregnant women hide parenting ads, as you’re value goes up for advertisers. You’re in need of a lot of stuff and only want the best for your baby. Advertisers know this and will convince you to buy more than you need. The best advice I got was from a friend who said to run all purchases through the Man first (but even he turned out not to be a rational decision maker all the time) ).

An interesting pattern I noticed. The first two days I logged into fb I didn’t receive any ads. A wonderful experience I can tell you! However, today my timeline was showing group suggestions and ads again. I guess it is a strategy to not bother you with ads the first time after a long absence. It could also be that it needs to recollect some data points (which posts I’m lingering on e.g.) before knowing what to serve me. I put my money on seduction, though. Anything to lure you back into the stream.

I’m curious to see what the fb files tell me about myself. I just checked, and the file is there to download. I didn’t receive the promised e-mail to tell when the file was ready, though. The file expires on July 5th. In other words, good that I checked for it myself. More on this later.

Door |2020-07-02T13:14:30+02:002 juli 2020|datadieet|0 Reacties

Are audio beacons still in use?

While I’m diving into the dark side of online advertising, I came across the upheaval three years ago about audio beacons being used to listen to people to, guess what, collect more personal data to, guess what, sell even more stuff to them. Here are some articles to read on that:

Does your phone listen to you for ads? (Or is it just coincidence?)

How Audio Beacons Monitor You Via Smartphone

And most importantly this paper published in 2017, in which the researchers found 234 Android applications that are constantly listening for ultrasonic beacons in the background without the user’s knowledge: Privacy Threats through Ultrasonic Side Channels on Mobile Devices (2017)

Obviously there was a lot of critique on this technique and therefore it seems to have disappeared from the advertiser’s radar. But I’m wondering whether how much of this nifty technique is currently still in use without us knowing. Just recently a friend of mine had one of those ’they’re listening to my conversations’-moment. So far the information I can find on this are all from 2017 or still referring to the research paper I mentioned above. If you’re reading this and know more about recent use of ultrasonic or audio beacons, I’m interested!

Door |2020-06-30T16:51:13+02:0030 juni 2020|datadieet, flow|3 Reacties

Time to tackle obesity, the data kind.

One of the topics I’m currently working on is how to tackle data obesity. Or rather I’m working on helping small companies and individuals stop feeding the very hungry caterpillars in this world. That is not an easy task, but I strongly believe the world will be a bit better when our personal data is treated with the utmost respect. Most people are sort of aware of this notion, but have no idea where to start. That’s the void I’m aiming to fill.

There are two main themes that I need to address: data ownership and social connection. The data ownership part is pretty straightforward. There are good services available to store your data in a self-hosted cloud, including open source tools to collaborate online. Generally speaking these services are very affordable for even the smallest businesses.

But then the social connection part. Connecting to others online without using the hungriest caterpillar of them all is the tricky part. I want to encourage people to stop using facebook. There. I said it. I’m going to climb the Mount Everest wearing shorts and sandals. On the one hand impossible. On the other hand, absolutely necessary.

Over the years there have been so many twists and turns of this company that it’s hard to begin to explain why I feel the need to show others the non-facebook road. To unravel my thinking I started a map. I wrote down arguments, patterns, concerns and everything else that came to mind when I think about facebook. I also started working on a path towards the other world. The world where we take ownership of our social connections and the data that comes with it. That world exists, but the journey there will be through rough terrain. We will lose some weight along the way and even though for some that will feel like losing themselves a little, as a group we will become healthier.

The map I show you here is by far a finished document. There are many things that I need to research before I can write about it. But writing about it I will. A lot. If you want to chip in with ideas or (re)sources, feel free to connect with me. Leave a comment below, or send me an e-mail.

Door |2020-06-24T15:37:37+02:0024 juni 2020|datadieet, flow|0 Reacties

Weg met die nieuwsbrief service?

Ik las met interesse wat Frank eerder deze week schreef over het in gebruik nemen van Mailpoet om z’n nieuwsbrieven te versturen in plaats van via Revue. Mijn interesse is gewekt omdat ik al langere tijd moeite heb met het gebruik van Mailchimp, de service die ik gebruik voor het versturen van mijn drie nieuwsbrieven. Mailchimp is met de jaren niet gemakkelijker geworden in gebruik, omdat het uitgegroeid is tot een volwaardig marketing instrument met toeters en bellen die ik niet gebruik. Simpel een nieuwsbriefje ontwerpen en versturen is er daardoor niet meer bij. Bovendien past het zelf hosten van de nieuwsbrief bij het pad dat ik (net als Frank) in ben geslagen om eigenaarschap te pakken van mijn eigen online data.

Er is alleen één ding dat me tegenhoudt. Door de e-maillijst zelf te gaan hosten ben je ook ineens eigenaar van de persoonsgegevens die nodig zijn om de nieuwsbrief te verzenden. Nu heb ik die verantwoordelijkheid bij Mailchimp liggen. Aangezien dat een grote organisatie is vertrouw ik erop dat ze hun beveiliging op orde hebben. Als ik naar mijn eigen opzet kijk, dan kan ik toch iets minder goed garanderen dat mijn site niet gehackt wordt. Natuurlijk zorg ik ervoor dat mijn site up to date is, maar toch. Ik ben in het verleden al een keer mijn gehele website kwijtgeraakt. Ik let nu beter op, maar ik ben geen IT-er en geen beveiligingsexpert.

Toch duik ik maar eens dieper in de opties van Mailpoet (of andere plugins), want WordPress inzetten als ‘one tool to rule them all’ is ook heel wenselijk.

Door |2020-06-09T11:36:58+02:009 juni 2020|datadieet, flow|1 Reactie

My mind is full of bits and pieces

I’m currently busy translating all the things I’ve read in recent months about storytelling, surveillance capitalism and conspiracy theory into actionable documents. My goal is to develop material to guide people in making more informed choices when it comes to online interaction. To get there I first need to untangle all the tiny bits and pieces that float around. Luckily a thing like Scapple was developed to assist me in this quest. For instance this is a screenshot of my attempt to disentangle all the reasoning behind not wanting to use Facebook (and the company’s other tools).

If you have strong compelling arguments against or pro feeding Zuck’s empire, feel free to share your thoughts in the comments (or send me an email).

Door |2020-06-08T14:31:38+02:008 juni 2020|datadieet, flow|1 Reactie
Ga naar de bovenkant