Facebook has a storied history of privacy concerns, especially as privacy relates to advertising. Today, Aleksandra Korolova, a University of Southern California computer science professor, has shared a post on Medium diving deeper into Facebook’s targeted ad technology. Specifically, Korolova focuses on how Facebook is able to deliver location-based ads even if you disable location services.
Korolova says that she has the Location History functionality disabled through Facebook’s website, and has Location Services for Facebook on iOS set to “Never.” She adds that her Facebook profile does not contain her current city, nor has she uploaded photos to Facebook or posted content tagged with her location. Korolova says she also doesn’t share location with WhatsApp, Instagram, or Facebook Manager.
Despite this, however, she says she continued to see ads targeted for “people who live near Santa Monica” and “People who live or were recently near Los Angeles.” Korolova lives in Santa Monica and works in Los Angeles. Further, some of the ads were accompanied by an explanation saying Korolova was “recently near their business.”
With all of this in mind, Korolova dug deeper into how Facebook gathers location data for its targeted advertising. In Facebook’s “How Facebook ads work” explainer, the company says it gathers data from sources including “Where you connect to the Internet” and “Where you use your phone.”
When researching Facebook’s targeting explanation for advertisers, Facebook says it relies on things like IP addresses and WiFi and Bluetooth data. The issue, Korolova explains, is that nowhere does Facebook say that even if you exercise all provided privacy controls, Facebook will continue to be able to track you and present you with targeted advertises.
Korolova goes on to explain that the adverse effects of Facebook not giving users full control over location data are amplified by the tools it provides advertisers for targeted ads:
The possible harms of not giving users meaningful controls about their location data are amplified by the tools Facebook provides to advertisers to target people based on their location. As we’ve shown in a recent academic paper published at the Workshop on Technology and Consumer Protection, Facebook provides advertisers with tools to run ad campaigns targeting people “who live in” or “were recently in” a geographic area as small as a single house.
In response to Korolova’s Medium post and accompanying academic paper, Facebook issued a statement to Gizmodo. In that statement, a Facebook spokesperson explained that there is “no way” for people to opt out of location-based ads entirely. Further, the company confirmed that it does use IP and other data to gather location information, but not WiFi data. Here is the statement in full:
“Facebook does not use WiFi data to determine your location for ads if you have Location Services turned off,” said a Facebook spokesperson by email. “We do use IP and other information such as check-ins and current city from your profile. We explain this to people, including in our Privacy Basics site and on the About Facebook Ads site.”
“There is no way for people to opt out of using location for ads entirely,” said a Facebook spokesperson by email. “We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service—from ensuring they see Facebook in the right language, to making sure that they are shown nearby events and ads for businesses that are local to them.”
The accuracy of IP location data can vary wildly, but the other issue Korolova is trying to point out is that Facebook is not explicit in the fact that even if a user disables all location services settings, Facebook is still able to garner location data and show location-targeted ads. What do you think of this practice? Leave a comment below.