Facebook's data collection tactics make waves
With Facebook and Cambridge Analytica in the news, Facebook's threat to privacy is finally getting the widespread attention it deserves. Beyond the obvious political propaganda concerns, the wider implications of Facebook's data collection are coming to light, and some of the examples are alarming. Multiple users have downloaded their history and discovered that Facebook had records of all of their phone calls and text messages.
In addition to siphoning up phone-related data, much of the web has become infected with Facebook tracking beacons that collect your browsing history on desktop PCs and mobile devices. When you see a Facebook "Like" or "Share" button on a web page, your browser typically loads these directly from Facebook's servers. Some websites without visible Facebook widgets will instead load a tiny invisible image known as a web bug or tracking pixel. Facebook logs where all of these requests come from, along with enough metadata to identify your specific browser like a fingerprint: your IP address, your browser's name and version, your screen resolution, any Facebook cookies you may have, and more.
This tracking all takes place whether you're logged into Facebook or not, and even if you don't have a Facebook account at all. Facebook maintains "shadow profiles" of unregistered users, and will correlate all of their surveillance with your real identity if they can obtain it through marketing partners or other means.
A comprehensive approach to blocking Facebook is required
Faced with pervasive data collection from multiple angles, what's a concerned person to do?
Abandoning your Facebook account and deleting the apps make a good first step, but this effort isn't sufficient to stop Facebook from watching what you do online. To avoid leaking data about your Internet usage habits to Facebook, a more proactive security stance is needed. I recommend a multi-layered approach:
Uninstall all Facebook-owned apps.
This will end any direct collection of phone data you never intended Facebook to see.
Install privacy-enhancing browser extensions.
These browser extensions can recognize and block specific beacon code.
Block Facebook in DNS.
By sinkholing Facebook's domains, you'll eliminate most of their tracking and speed up web browsing.
- Firewall Facebook from the network.
Firewall rules will catch connection attempts to new or unknown Facebook-owned domains.
Not all of these steps are accessible to everyone. The latter two require some advanced technical skills (or a chunk of time to spend learning), and are easier if you have a computer on your network acting as a dedicated hardware router. Implement the layers you can. Each safeguard you add leaves you better protected than you were before.
Security Layer 0: Uninstall all Facebook-owned apps and disengage
Skill level: Beginner
If you have any of the following apps, consider them tainted and remove them from all your devices: phones, tablets, iPods, everything. Having these apps installed gives Facebook direct access to your device, and may imply legal consent to various forms of data collection.
Start by deleting the Facebook app. Get rid of the others on that list, too; they're all owned by Facebook, and the extent of data sharing between them is unclear. You might also take a few minutes to evaluate settings in your other apps, disabling the "Facebook Connect" feature wherever you find it.
If you're ready to permanently sever ties with Facebook, login to Facebook in a web browser and delete your account.
Many folks aren't ready for this level of commitment, and that's okay. Using a web browser, log in to Facebook and post a "goodbye" status update so people know you're no longer reachab...