Millions were spent in the 2016 Brexit and Trump campaigns and are now being spent in the upcoming 2017 UK general election on June 8 to analyze the cereal we eat, the cars we drive, our voting records and more, all to custom-design highly targeted Facebook ads meant to sway our votes.
Wouldn’t you like to know which political parties are doing that? Wouldn’t you like to know just exactly who spent just exactly how much to buy the Facebook ads that seem to know you better than your own mother?
Now, thanks to an activist group that’s asking UK citizens to download a free Chrome extension that will crowdsource data to see what demographics are being targeted by what parties, we might be able to find out. Here’s a taste test:
— Who Targets Me (@WhoTargetsMe) May 8, 2017
The group, Who Targets Me? is a citizen-led, non-partisan project founded by Sam Jeffers and Louis Knight-Webb.
Dr Seth Thevoz, a political historian at Nuffield College, Oxford University, pointed out that as it is, knowing who targets you has been impossible.
Targeting the so-called “dark ads” is a black-box decision, hidden away under the covers at Facebook or other ad-serving social media platforms. The platforms make deals with political ad buyers, who in turn are using analytics – your interests, your location, your age, your gender, and far more. One such ad buyer is Cambridge Analytica – the big-data crunching firm that gained notoriety for what its execs call psychological warfare in both the Trump and Brexit campaigns.
The Observer has been investigating the connection between Cambridge Analytica and the unofficial Leave.EU campaign. Also, The Telegraph has reported that the official Vote Leave campaign spent £3.5m on recruiting Canadian tech company AggregateIQ (AIQ), which likewise specializes in this type of highly targeted Facebook advertising.
Who Targets Me? will shine some much-needed light on this activity, said Dr Thevoz:
Traditionally, when you print a leaflet, there’s a physical copy that’s there for all to see. Online ads vanish without a trace, potentially making them a haven for the dark arts of politics. This project shines a much-needed light on the hidden side of electioneering.
Who Targets Me? co-founder Jeffers:
For the good of our democracy, it’s time to throw some light on this dark and unregulated area of campaign spending. Facebook advertising is highly targeted and tailored to the recipient, battle-tested for effectiveness, yet invisible to anyone but the end user. There are no spending limits on digital ads, despite strict legal controls in other areas of campaign expenditure. It gives big money a strong voice in our elections.
The activists are asking UK voters to install a Google Chrome extension to collect data on what ads they see in their feed. It will classify those ads according to party.
The project launched earlier this month. As of May 7, the group was well on its way to signing up participants in nearly all of the UK’s constituencies:
— Who Targets Me (@WhoTargetsMe) May 7, 2017
The intentions of Who Targets Me are laudable. But not all of us at Naked Security love the idea of installing an extension that tracks every single thing we do and every single ad that’s served to us, all of which will get vacuumed up by its API to be shared with heaven knows who.
It brings to mind that fishy term “aggregated”. Even though individual data points are innocuous, they can be enormously powerful and revealing when aggregated.
That is, after all, the essence of big data.
As a US government review of big-data use found in 2014, aggregated data can be used as a tool to discriminate against Americans in areas including housing and employment, as companies such as Experian pull together what we reveal on social media sites and glue it into our profiles along with our location data and online purchase histories.
I’m not saying that Who Targets Me is doing anything weird with aggregated data. I’m saying that a commitment to stay away from PII doesn’t necessarily equate to an absence of being chewed up in the machinery of big data.
Who Targets Me is also promising not to follow us around. The extension is active only on certain sites – typically, social media sites. When it’s active, it only extracts data about what advertisements those sites are force-feeding you. It ignores all non-advert data.
OK, sounds good. But do take note that Who Targets Me? also automatically captures the IP address of your device, which it says it does to prevent spam.
OK. Ummm…. why?
Why should an extension devoted to gathering information on those who target us care about spam?
I can think of at least one example of why it would be nice if it didn’t collect our IP addresses. In the past, our browsing histories have gotten spilled through IP address collection, like what happened with an add-on for Firefox called ShowIP for Firefox.
Why block spam, if collecting our IP addresses has even a remote chance of leading to a privacy leak on our browsing histories?
I asked Who Targets Me? co-founder Louis Knight-Webb that question, and here’s the answer:
For the data we collect to be useful in research, court cases or for the Electoral Commission to take any recommendations that come out of the data seriously, we need to be able to address the possibility that someone might submit spoof or spam adverts. Our spam detection system uses IP address to identify spam complaints.
Although I acknowledge there are risks involved, and there have been leaks from organisations in the past, I am confident in the team’s ability to maintain the security of the dataset.
Fair enough. At any rate, the extension will shut down automatically after the election.
In the meantime, if you’re too paranoid to download the actual app but still want to take part in this worthy endeavor, you can manually upload the political ads Facebook shows you. Here’s the form to use.
Also, follow @whotargetsme on Twitter to keep up with the project’s findings.