Sophos Cloud Optix
Post-Cambridge Analytica/Cubeyou/et al. privacy-stress disorder, privacy advocates, members of Congress and users told Facebook that we wanted more than the ability to see what data it has on us.
We wanted a Clear History button. We wanted the ability to wipe out the data Facebook has on us – to nuke it to kingdom come. We wanted this many moons ago, and that’s kind of, sort of what Facebook promised us, in May 2018, that we’d be getting – within a “few months.”
Well, it’s 15 months later, and we’re finally getting what Facebook promised: not the ability to nuke all that tracking data to kingdom come, which it never actually intended to create, but rather the ability to “disconnect” data from an individual user’s account.
The browsing history data that Facebook collects on us when we visit other sites will live on, as it won’t be deleted from Facebook’s servers. As privacy experts have pointed out, you won’t be able to delete that data, but you will be getting new ways to control it.
Facebook announced the new set of tools, which it’s calling Off-Facebook Activity and which includes the Clear History feature, on Tuesday.
Facebook Chief Privacy Officer of Policy Erin Egan and Director of Product Management David Baser said in a Facebook newsroom post that the new tools should help to shed light on all the third-party apps, sites, services, and ad platforms that track our web activity via Facebook’s various trackers.
Those trackers include Facebook Pixel: a tiny but powerful snippet of code embedded on many third-party sites that Facebook has lauded as a clever way to serve targeted ads to people, including non-members. Another tool in Facebook’s tracking arsenal is Login with Facebook, which many apps and services use instead of creating their own login tools.
It’s tough for users to keep track of it all, the Facebookers said:
Given that the average person with a smartphone has more than 80 apps and uses about 40 of them every month, it can be really difficult for people to keep track of who has information about them and what it’s used for.
So as of Tuesday, we’ve got Off-Facebook Activity to help. It lets users see a summary of the apps and websites that track you online and report back to Facebook. You can “clear” the information from your account if you want to, Facebook says, which is “another way to give people more transparency and control on Facebook,” along with recent updates to Ad Library, updates to “Why am I seeing this ad?” and the launch of a new feature called “Why am I seeing this post?”.
Using the Clear History tool, you can “disconnect” that data from your Facebook account. Doing so will mean that the company will no longer be able to use that information for targeted ads, including on its other products, such as Instagram or Messenger.
But that won’t stop Facebook from squeezing that data – including your browsing history, search terms, and online purchases – for other business purposes. A spokesperson told Consumer Reports that Facebook may still use the data in analytics reports for other websites, for example, and for providing advertisers with information about the effectiveness of their campaigns.
Even though you won’t be able to entirely wrestle your data out of Facebook’s maw, the Off-Facebook Activity controls are still going to usher in an unprecedented view of the information Facebook collects about us and what tools – Pixel or Login, for example – that it uses to get it, regardless of whether you actually interact with a given entity or not.
Justin Brookman, Consumer Reports’ director of privacy and technology policy, is one of the experts Facebook consulted about the tools as it was developing them over the past year. He said that the new tools aren’t perfect, but at least they’re a step in the right direction – as in, a step away from third-party tracking, which he called “the original sin of the web.”
There are some shortcomings here, but giving consumers the ability to separate that tracking from their real names is a major step in the right direction.
What would make this more of a real leap instead of a baby step: giving users the ability to wipe the slate clean. Brookman:
You should be able to delete this data entirely and stop Facebook from collecting it in the first place.
…which is why there’s still plenty of room and plenty of reason for regulators and lawmakers to take action, he said.
Consumer Reports also spoke with Casey Oppenheim, co-founder of data security firm Disconnect, who had a particularly salient comment: namely, don’t rely on the fox in the hen house to “disconnect” from the hens. It’s our data, and it’s on all of us to protect it. But how many of us ever bother to change our settings?
Facebook isn’t making any changes to what it does with your information by default, and that’s a big deal. Most people don’t log on to Facebook just to monkey around with their settings. Each additional step users have to take makes it less likely that they’ll actually use these tools.
What to do?
Not much, unless you’re in Ireland, South Korea or Spain. Facebook is gradually introducing Off-Facebook Activity in those countries and plans to keep rolling it out everywhere “over the coming months to help ensure it’s working reliably for everyone.”
Months? Is that Facebook speak for “Over a year?”
Whatever! Why wait? If you want to sharpen your privacy lockdown skills, please do head on over to this walkthrough Naked Security’s Maria Varmazis put together a few months ago.
It’s for those of us who still haven’t joined Team #DeleteFacebook. It’s a nicely comprehensive look at the important settings you can change and behaviors you can implement to lock down your privacy on the social network.
If the clear history doesn’t clear anything, how do we know for sure that the “delete account” option actually removes the data from their servers? Or is it still used in a disconnected mode to keep on tracking non/ex-facebook users?
Dear Anonymous, I can see you did delete your account, and all the post about your cat, including the one from 4 years ago with the funny hat on, were all deleted last month. We did not track you here, we just noticed the post and thought why not answer you here,,, since you can’t access your account (as noted that you deleted it) to reply to you.
(Disclaimer, at FB “Delete” means ran though extreme analytics and backed up to permanent storage as potential evidence against you)
Thank you,
FarceBook Hydra team
We don’t know, and there should be no expectations that they do honour the removal of our data. Simply because their infrastructure is so vast, even they struggle to manage it appropriately. There was NS article in the past (around 2012) that highlighted a similar issue (photos data retained for over 3 years). Of course, FB later stated they remedied it…. but old data, particularly back then (pre GDPR & CA scandal days, retained much value for them.
I bet delete account does the same thing. It probably removes the directly identifying information but keeps everything else as a shadow profile and continues to track the former user. Also I doubt this change will have much impact since it only disconnects the data from the specific user’s FB profile..so it does nothing for all the people who don’t have facebook accounts to begin with but have shadow profiles with all that tracking info. Users that choose to use it might see fewer targeted ads, but that’s probably about it. There needs to be a way to make them remove all data about you, including the supposedly anonymous shadow profile they’ve built from tracking you, and make them never record anything again. That will never happen of course, so I guess we’ll have to keep finding and blocking the ad servers and trackers.
So Facebook announced a clear history button over a year ago and now says that it actually doesn’t actually clear history, won’t be available to most users for months, and we have to take their word that it actually “disconnects” tracking.
“Do you ever get the feeling you’ve been lied to” Johnny Rotten
Installed uMatrix and just reject anything *.fb.com?
Hopefully that stops my browser ever trying to contact that domain.
Presumably though if some people have server-side processes that auto report all calls on their server to fakebook, there is not much you can do – your traffic goes into the fakebook privacy busting bin?
You’re probably not aware, but FB owns dozens of smaller advertising and tracking companies that use other domain names. And they buy new companies every year, which all share their data back to FB. Same story with Google. You could block every FB and G domain and still be tracked by them.
Zuckerberg (eyes bulge and stare, head whips left, head whips right): “The future is private.”
Us: “The past was private, too. Before you showed up.”
Does having Ghostery help from Facebook tracking me all over the web? Also, I noticed that clearing “Off Facebook Activity” is not available for home computer users at this time. Nice. I just assume deleting means nothing, and that Facebook watches, and data mines regardless of what users say.