The curious case of Headspace turning up in my Facebook data

I downloaded my fb data and started digging in the data. The folder ads_and_businesses was my biggest interest. Not very surprising, but there is little data to go through. Five brands under ‘Who Uploaded a Contact List With Your Information’. Seven brands under ‘Your Off-Facebook Activity’. One brand on this list surprised me. Headspace. Headspace is a wonderful service to help me meditate. I’ve been a subscriber to Headspace for six years. It has been a big help to get me through rough patches in life. I pay good money for this service on a yearly basis (just under €45) so I was surprised to see Headspace participating in surveillance capitalism. Also, how could they make a match between my Headspace account and my Facebook account? Time to dive deeper into privacy policies and data collected by Headspace.

Headspace proactively shares data with Facebook, including paying customers

This is what fb logged on my Headspace behavior in the past few months. It does not seem to be a complete list.

Headspace has a well formulated privacy policy. Facebook is mentioned a couple of times.

1. DATA WE MAY COLLECT

  • Facebook profile information, such as name, email address, and Facebook ID, if you choose to log in to the Products through Facebook

9. USES MADE OF THE DATA

  • To serve our advertisements to you through third party platforms, such as Facebook or Google, on other sites and apps or across your devices, to the extent that you have provided consent for such uses under applicable law.

11. DISCLOSURE OF YOUR DATA

  • With third parties, such as Facebook, in order to serve Headspace advertisements on such third party platforms, to the extent that you have consented to such practices under applicable law.

This means Headspace uses my profile information to advertise to me, as long as I have provided consent. I wasn’t aware of my consent, but when I logged in on the Headspace website (I normally use the iPhone app) I got noticed there was a new privacy policy to accept. I clicked through and discovered a section where I can manage my privacy settings. Not a lot of options. Just ‘personalized ads’ and ‘email offers about our partners’. Both were turned on, so I switched them off.

I have to admit after reading Headspace’s privacy policy I felt hugely disappointed. It is fine if they want to track my behaviour on their platform to create a better service, but why do they have to reveal to fb I’m a user of their service? I feel offended that Headspace gives away a tiny sliver of knowledge about me, a paying customer, to a company I’m trying hard to tell as little about me as possible. What makes things worse is that I only know about this information exchange, because I made a data request to fb and dug into the information fb has on record. Strangely enough, Headspace turns up in the data I received through the .zip-file, but there is no mentioning of Headspace on the ads preferences pages accessible when logged in. (By the way, there are more discrepancies between the info in the .zip-file and what available in your profile. That’s for another post.)

I’m already a customer, so Headspace doesn’t have to show me ads on fb. If they want to communicate with me, they have a valid email address to connect with me. The only reason I can think of they want a connection to fb through me is to reach my friends. Well, guess what. I already recommend the service to my friends, by telling them in person. Way more convincing than an ad on fb. But knowing what I know now, they make me think twice about recommending Headspace to my friends. They even make me re-evaluate whether I’ll want to renew my subscription.

In a week or two I will file a new data request with fb to see if new data on Headspace log ins showed up or not. I’ll report back on that in a few weeks, when I have a better answer to the more disturbing question:

How does Headspace know who I am on Facebook?

The curious thing about this case is that I have absolutely no idea how Headspace was able to match my Headspace id with that of my fb account. In this article fb explains how businesses can match their clients with fb users. By uploading phone numbers, which will then be encoded, businesses can serve ads to their clients using fb. Fb implies this is done using email addresses, phone numbers or other personal information. Now here’s the thing. I can’t think of a single piece of information Headspace has on me to match me with fb. I use unique email addresses for both Headspace and Facebook. That can’t provide a match. And as far to my knowledge I never provided my telephone number to Headspace. I use a nickname for my Headspace account, and payment for the service is done through paypal, again using an unique email address. So how does Headspace know what my Facebook account is? In order to find this out I sent a data request to Headspace for my full record. Perhaps they know more of me than they show me in my account information. This story will be continued.

Door |2020-07-03T13:33:02+02:003 juli 2020|datadieet, flow|0 Reacties

Ad preferences

As part of my research on facebook, I wanted to know what they still have on record of me. Therefore I made a download request yesterday for my information (report still pending). In the mean time I also dived into my ad preferences. It took a while to find the page as it was not linked to on the settings page as suggested in this help file. Anyway, I found it.

As far as my ad preferences go, fb doesn’t have a lot of info to go on.

During the last period I used fb more regularly, I made it a sport to actively hide all ads they showed me.

I also removed all interests fb used to serve me ads.

It is interesting fb uses the word removed for this, as they clearly have just categorised my interests differently. From allowed to use for ads, to not allowed to use for ads. They have to keep this on record, otherwise they can’t make this distinction for me.

What I hadn’t seen before was this section:

You can now hide specific ad topics. All three of them: alcohol, parenting and pets. The first is probably to serve alcoholics who are trying to stay off it, the second probably introduced for those who are grieving a lost baby and are not interested in ads for the latest and cutest baby things, and there must be a hell of load of pet haters in the world (or grievers for lost pets). You can suggest other topics, but it is not in fb’s interest to make this a long list. (BTW, I would suggest all pregnant women hide parenting ads, as you’re value goes up for advertisers. You’re in need of a lot of stuff and only want the best for your baby. Advertisers know this and will convince you to buy more than you need. The best advice I got was from a friend who said to run all purchases through the Man first (but even he turned out not to be a rational decision maker all the time) ).

An interesting pattern I noticed. The first two days I logged into fb I didn’t receive any ads. A wonderful experience I can tell you! However, today my timeline was showing group suggestions and ads again. I guess it is a strategy to not bother you with ads the first time after a long absence. It could also be that it needs to recollect some data points (which posts I’m lingering on e.g.) before knowing what to serve me. I put my money on seduction, though. Anything to lure you back into the stream.

I’m curious to see what the fb files tell me about myself. I just checked, and the file is there to download. I didn’t receive the promised e-mail to tell when the file was ready, though. The file expires on July 5th. In other words, good that I checked for it myself. More on this later.

Door |2020-07-02T13:14:30+02:002 juli 2020|datadieet|0 Reacties

Read: Adblocking: How About Nah?

Cory Doctorow writes that we’re on the brink of ‘take-it-or-leave-it’ web browsing, meaning that toolmakers are no longer allowed to create ad-blocking tools. That would seriously suck.

The standard the W3C published—Encrypted Media Extensions (EME), for restricting playback of video—comes with many dangers for would-be adversarial interoperators, notably the risk of being sued under Section 1201 of the Digital Millennium Copyright Act, which bans tampering with “access controls” on copyrighted works and holds out both criminal and civil liability for toolsmiths who traffic in programs that let you change the rules embodied by EME.

One driving force behind the adoption of EME was the ever-tighter integrationbetween major browser vendors like Google, video distributors, and advertising networks. This created a lopsided power-dynamic that ultimately ended up in the standardization of a means of undoing the configurable Web—where the user is king. EME is the first crack in the wall that protected browsers from those who would thwart adversarial operability and take “how about nah?” off the table, leaving us with the kind of take-it-or-leave-it Web that the marketing industry has been striving for since the first pop-up ad.

Adblocking: How About Nah? by Cory Doctorow for EFF
Door |2019-07-30T14:46:35+02:0030 juli 2019|flow, gelezen|0 Reacties
Go to Top