When I wrote last year about Online privacy, the message was that our perceptions of online privacy revolve around the use of information we consider private or personal in a context we weren’t expecting. This post will take a look at how our offline behavior and information is being used to influence the advertising we see online – in particular, ads on Facebook.
Your first reaction may be that there’s no way that your Facebook identity can be connected to your offline activities, but that’s not correct. There are a large number of companies, called data brokers, that gather information from a variety of sources, and link that information to create a profile of an individual. Once these data brokers have an email address linked to an individual, they can use that to create targeted advertising campaigns through Facebook.
What kinds of information do data brokers collect?
To understand the kinds of information that data brokers collect, it’s instructive to take a look at the company Acxiom. According to their document, Understanding Acxiom’s Marketing Products, Acxiom has both household and individual data, including name, address, telephone, email, gender, education level, occupation, voter party, date of birth, marital status, number of children in household, children’s age ranges, household interests, home owner status, home purchase date, home loan amount, home market value, and much more. This data comes from a variety of sources, including public records (marriage licenses, property transfer and tax records, etc.), self-reported survey information, purchase information, etc. Axciom then uses this information to provide services to its customers including targeted or addressable advertising. Axciom states that they don’t share sensitive data, that any individual record contains only a subset of data that they collect, and that data may be combined to create “inferred elements.”
How can this information be connected with my Facebook profile?
The Electronic Frontier Foundation EFF) recently wrote about the details of how data brokers are able to partner with Facebook to show you targeted ads. In brief, data brokers provide Facebook with a hash (a hash is derived summary of an original value that is not reversible, so the original value is obscured) of an email address for each user they’d like to see a particular ad. Facebook then compares that hash to the hashes of the email address of each Facebook user. When there is a match, the two parties can be confident that it is the same person, even though they didn’t share the actual email address with each other. Facebook is then able to present the purchased ad to the user. In turn, Facebook provides information back to the broker about the success of the ad and aggregate demographic information about the viewers.
A simple, contrived example
It may be easiest to get a sense of what’s happening through a fictitious example: A data broker would like to advertise dog food on Facebook, but only display that information to dog owners. In their dataset, the broker has stored publicly available dog license information and associated that with particular individuals whose email addresses they have also determined (through surveys or commercial entities.) The broker gives Facebook a list of hashed email addresses (they don’t share the actual email address) and Facebook compares that list to their own list of all hashed email addresses associated with Facebook accounts. The dog food ad is displayed to each user who is on both lists. So, even if a user has never posted about their dog on Facebook, they could see ads that are targeted to them based on offline information.
Is this a privacy violation? It likely depends on your perspective. Data brokers would contend that the information they gather is publicly available or shared by the individual. Facebook would contend that the resultant ads have greater relevance to the user, and are more desirable than displaying random ads to each user. The individual may find it creepy that Facebook appears to “know” about things that they did offline and did not intend to share with Facebook. The user may not have thought that licensing their pet would lead to them getting pet supply related ads on Facebook.
As technology makes the sharing and combining of this sort of data easier, we can expect to see more examples like this. I remember a conversation from 15 years ago with a friend that sold life insurance. He would hire a college student to go to the county records office and get the information on marriages and births, so he could send the people letters offering his services. Now that large companies are combing through and digitizing these records, they are public in a way we may not be thinking.
How can I stop it?
The EFF article has information on how to opt out and what that really means. Unfortunately, there is no central clearinghouse where you can opt out from all data brokers at once, and opting out does not mean that data brokers will stop collecting your data. Opting out only affects how the data broker will use your data.
Sign of the times
Many people have had the experience with physical junk mail, of suddenly receiving a flood of mail related to something they’ve done, like receiving extended warranty offers after purchasing a car. It appears that online ads have become the analog of junk mail, targeting you based on information gleaned elsewhere. As long ago as 1999, Scott McNealy, then CEO of Sun Microsystems, was quoted, “You have zero privacy anyway…Get over it!”
The only things that are truly private are those things known only to you. Once others know our actions, behaviors, or information, it is no longer private and we are confronted with how that information is used and in what context. Controlling our expectations and how others use the information we leave scattered in our wake is a challenge we will continue to face.
– An excellent explanation of the technical aspects of the data broker / Facebook relationship – Security Now podcast Epsiode 404 with Steve Gibson from the TWIT Network.
This article was originally published Tuesday May 21, 2013 on the Military Families Learning Network blog.
This work is licensed under a Creative Commons Attribution 3.0 Unported License.