Imagine how many of these companies send 'EVENT' data to Facebook on the backend as opposed to directly from your client. Just like any illegal activity, corporate data privacy violations will keep happening but be pushed further into the shadows.
>When I made the purchase, I expected that my little indulgence would remain between me and Doordash
This is where they went wrong, as unfortunate as it is. Aside from the massive amount of third party analytics and tracking and so on, there's many more out-of-band ways that others will find out about what they did, for example by purchasing credit card transaction history (Google, many other institutions), reading and automatically parsing your receipts sent via email (Google), making generalizations about your Internet activity (phone/Internet provider) and many others.
It's disturbing that it's even legal for essential services like paying for things and receiving messages to be intercepted and data mined for entirely different purposes by arbitrary third parties.
(I assume this is in the context of somewhere like the USA, because it would very clearly not be legal under privacy laws in places like Europe.)
Half of HN personally responsible for doing exactly this kind of thing for a living, shifting in their chair uncomfortably... I umm... just doing my job...
I had a conversation with an exec at a company I worked for in which they expressed pride that our website doesn't track users like those other sites, and I had to break it to them that we heavily used and relied upon every Google ad and analytics product (the latter of which they were obsessed with) and had Facebook "Like" buttons all over the place.
It's easy to go about your daily work and forget about the ways in which you're opted into various data-collection frameworks.
Regarding comments pointing out the Facebook integration on Medium, I think it's okay for people to criticize a system from within the system.
That's not really an excuse. A developer might be asked to implement Facebook tracking code, but a conscientious developer will ensure the browser's "Do Not Track" setting is respected.
Facebook, LimkedIn et al maintain profiles of people who don’t have accounts.
If you subsequently make an account, as soon as they can connect the two you’ll start seeing stuff in your feed based on what they already know about you. Though that’s not the reason they do it, it’s for advertising.
I think it's a very good question, and yes as far as we know, it's still shared. Information brokers aggregate whatever they find, and this includes data from other brokers as well. With Facebook in particular there's a concept called a "shadow profile", which are supposed to be people who haven't registered at Facebook, but some data is still associated to them.
It could be, but in this case it's not, and thankfully the majority of these event integrations are dont via the front-end (via JavaScript) and as such can be blocked using something like DuckDuckGo Privacy Essentials, Privacy Badger, uMatrix etc.
For now. Somebody's going to come up with a library that proxies those requests through the first party's site or CDN, and privacy badger / umatrix won't be able to distinguish them from regular traffic.
The reason they don't do it yet is it's more expensive to host that traffic. The good news is, I don't think enough people will ever use privacy extensions to ever make it profitable for the DoorDashes of the world to go this far.
I could imagine a browser plugin which tells you if a company shares data with facebook (and other ad networks) before you sign up, make a purchase, etc. It could have crowdsourced data based upon these kinds of requests.
I've wanted for some time to see a couple of variations of things like the Fair Tax Mark (https://fairtaxmark.net/ - a cert that a company isn't using tax evasion tactics), especially one for privacy. FTM is trademarked and therefore able to police its logo's usage, a Privacy Mark could do the same, and enhance the market for privacy respecting services.
Maybe it is time to start on efforts like these. Who'd be interested?
Step 1: Build a website that sells things. Step 2: Sell the data about those transactions to anyone and everyone willing to buy it.
After that, who cares what is done with it? Best not think about those things lest it bother your conscious.
Your question probably is more along the lines of why would someone want to buy that data? You add that info to the buyer's enormous trove of data profile. This person bought an Apple device = they have lots of disposable income (send them ads on other superfluous crap). This person bought a baby crib = send this person lots of adds about diapers, formula, toys, etc.
Facebook’s ML can probably use these events and improve DoorDash’s ad delivery efficiency by a significant percentage. It potentially equates to millions of dollars of savings depending on how they use the ad platform. Even just allowing doordash to measure their advertising outcomes is a big deal compared to traditional advertising. You could spend $X million on tv and have no clue if it worked, or spend it on Facebook and use these events to get precise measurement to what degree your ad dollars are resulting in real business outcomes.
Privacy has relied on the good-nature of service-providers for so long, that we don't know half the things that shady operators were upto (fingerprinting etc.).
Apple appears to pushing industry in a direction that's going to change things for the better.
How does facebook accomplish this ? Third-party cookies ? Facebook can't be using this anymore now that Safari (and soon Firefox) are enforcing strict rules regarding tracker cookies.
I blame bad developers for this. Marketers will always pull this shit, but a conscientious developer will ensure the browser's "Do Not Track" setting is respected.
The takeaway I got from DNT is: "It doesn't work, and it just makes it easier to fingerprint you." So I used to do it, but now I don't bother and turn/leave it off.
This assumes we developers have a choice. It goes down like this, product team says “we need to track”, dev says “but these people have asked not to be tracked”, product says “i don’t care, do it anyway” which leaves the developer with a choice, stick to their morals, quit their job and maybe go hungry, or write the code and keep eating. If people want developers to stand up for these types of things then we need protection too
Coincidentally Sleep Cycle iOS app crashed once (can't remember ever crashing before from over 5 years of using it almost every day/night) within the approximate 3 hour time frame with other major apps crashing caused by Facebook SDK.
This, incidentally, is why I strongly resist installing apps onto my phone. Because once you let an app run on your phone, you really don't know what it's doing. At least with a browser, it's somewhat sandboxed/limited. I don't have nearly as much confidence that I've correctly twiddled whatever settings I needed to, to limit data sharing for an app, and even if I did, I don't have any confidence the company didn't find some way to get around those settings.
Yeah, I'm in the same boat. I mean, not only did deleting the FB iOS app years ago actually mess up my phone and necessitate a full system restore (super sketchy IMO), I'm pretty suspicious of how hard some sites pressure you into installing their mobile app (Reddit is a definite offender here). Considering, no, actually just looking at this one search result on a page in the browser I'm already in is _definitely easier and more convenient_, it is not "best in the app!!111"
Reddit is SO irritating with it's constant push to have you download their app. There's nothing on the site that requires it—Reddit is just listed content of text, video, images, and links. They also limit what you can post from their mobile site which I believe is just further pressure to get you into their unnecessary app.
If you're on iOS, try Apollo. It's a third party Reddit app and it's outstanding. Top-notch user experience and an engaged and friendly developer.
More on topic: I'm curious why we tolerate these horrible experiences on the web. Technically savvy people can't be the only ones infuriated by these dark patterns, yet I don't often see my non-tech friends complaining about it.
I also don't understanding the motive on Reddit's part. Let's broadly categorize users into two buckets: those who actively don't want to use the app, and those that do.
In most cases a native app experience "feels" better than a web app experience, so your average user is probably happy to see the "please use our app instead" popup. Those users will probably click it on the first try, and never have to deal with it again on the web.
The remainder who specifically want to use the browser version are doing so probably for technical reasons: don't want to be tracked, etc. Those people are never going to click to download the app, no matter how many times Reddit nags at them to do it. So why continue to force-feed the popup? All it's doing is creating ill will from the people who see it every time, and those people are arguably the more technically savvy and know it's intentionally being annoying. It's just making technical people dislike the platform and the company.
I guess I'm missing where the benefit of trying to force people into the app is. Is the disdain from techies worth the tiny amount of people who initially click no and then eventually click yes?
The funny thing is that web apps were preferred by Apple on iOS pre-App store for this reason. Probably, security was the main driver for pushing web.
I don't know what made Apple switch gears so hard and focus on promoting native. It could be they just wanted that App Store revenue and 30% cut, as well as in-app purchase revenue.
It could also be Apple was interested in promoting apps that only work on iOS, or work best on iOS.
I do think they made the wrong choice for the user's benefit however.
Web apps were promoted because Apple didn't have App Store yet,and Jobs always make grand statements to discredit things Apple doesn't have, until the day they have them, (like mice with two buttons, or phones with working antennas)
> Web apps were promoted because Apple didn't have App Store yet,and Jobs always make grand statements to discredit things Apple doesn't have
In 2007 many developers wanted a native SDK, similar to the one that Apple used internally, and were extremely disappointed at WWDC when Jobs announced Apple's "sweet" solution of web apps on the iPhone. In retrospect, two things have become clear:
1) the iPhone's support for web apps was surprisingly good and pointed to a future of responsive, standalone web apps that look and feel like native apps, and web technology as an alternative for implementing standalone apps
2) devs asked for a native SDK, and Apple said no; a year later, Apple gave them the App Store, which wasn't just an SDK but a new marketplace for mobile apps which led to "there's an app for that", millions of iPhone apps...and eventual complaints about Apple's terms
> until the day they have them, (like mice with two buttons, or phones with working antennas)
The trackpad on my Apple laptop actually has zero buttons. The clicking feature is a haptic and auditory illusion.
Jobs was technically correct that the iPhone 4 antenna worked properly when you didn't bridge it with your finger, and as I recall the low tech fix was a piece of insulating plastic to prevent you from doing so.
Although apps get unique IDs and are isolated from each other. When you use your browser it's much easier to connect the dots.
What you do want to be careful about is following links from browsers that load applications, because they are typically tagged with information that links the app to the browser (and from there to everything else).
Does anyone have any clue what Doordash is paid by Facebook to do this? (Or other sites?)
Is it a straight-up cash transaction, or is it a discount Facebook gives Doordash on its ad spend, or something else?
Or is it just a side effect of using Facebook Analytics, that most companies aren't even aware that they're sharing data that gets used for advertising too? So they're getting free analytics software but that's it?
Just very curious what the business deal structure here is.
I'd see a high probability it's for retargeting customers in ad-spend that Doordash itself uses. So what often happens is people have an interest in using Doordash, don't complete and then pay facebook to "retarget" the user to try and keep them top of mind until they complete the transaction.
DoorDash and others pay Facebook to acquire users and drive specific customer behaviors. This data sharing allows them to optimize and measure the results of their marketing campaigns.
This data is used to create a feedback loop for ML models powering FB's ad auction and delivery. Marketing campaigns all have objectives that can be monitored via this data. FB will adapt auction dynamics to maximize the value for all parties, and this data helps FB properly set the auction bids or artificially inflate/deflate the price for individual users based on the predicted likelihood of a campaign objective being met.
It's used for campaign measurement - DoorDash reports an action in their app, and FB says "that person saw or clicked on a FB ad before taking that action. give us credit for it!" Facebook is effectively grading their own homework here and ignores other marketing campaigns that may have contributed to the action, but there is a deeper science around interpreting this measurement (marketing mix modeling) and third-parties who can help validate.
The data can also be used to create Facebook campaign audiences. "Show this promotion to customers who ordered from DoorDash 4 times last month." "Show this promotion to those customers' FB friends who do not have the app installed." "Show this promotion to users who have installed the app, but haven't placed an order yet."
So no money is being exchanged for the data, but both parties are able to maximize their partnership value from it.
This is correct. Nothing overtly nefarious is happening here (above the baseline level of telling FB who your customers are in order to figure out how much ROI your campaign had).
> Facebook is effectively grading their own homework here and ignores other marketing campaigns that may have contributed to the action
One thing I'd add is that FB is _still_ incentivized to accurately attribute actions. Over-attribution (and thus over-estimation of ROI) would give FB more spend in the short term, but would hurt them in the long term by causing auction inefficiencies.
This is the reason direct action campaigns on Google are perceived to be low(er) value: last click attribution disproportionately favors AdWords.
Just reading this and the parent post it is still amazing to me how much effort we expend to attempt to force a sale/advertise. We’re even calling it “pay to acquire users”, you don’t earn your users anymore, you buy them. Entire, very wealthy, industries exist around this one concept that users don’t want but businesses just love. Ranting yes, but interesting still.
Facebook so frequently breaks the law that the US government would be well within its rights to simply seize the entire operation through eminent domain, freeze all assets, and prosecute all of its executives and senior management.
Blown away by how much they're collecting? Please. We've known about Facebook's fetish for collecting everything they possibly can for years.
What should be shocking is how many people dismiss such information because "I have nothing to hide," or "but Facebook connects me with friends and family."
Saying that drugs make you feel good doesn't make it less bad that the pushers want you to get addicted.
> Blown away by how much they're collecting? Please. We've known about Facebook's fetish for collecting everything they possibly can for years.
Fair, everyone has an approximate idea of how much FB is sucking down about you, but I still get surprised now and then by some of the stuff they do. Like I've always avoided using FB login for anything for obvious reasons, but I never knew that just the act of including a facebook SDK in your app was enough to phone home to that company every time I use it.
I have uBlock, Facebook Container, and pihole set up so I should be good for any FB tracking on my desktop (heavy emphasis on the word "should" there), but my phone always finds ways to surprise me.
DoorDash and others pay Facebook to acquire users and drive specific customer behaviors. This data sharing allows them to optimize and measure the results of their marketing campaigns.
This data is used to create a feedback loop for ML models powering FB's ad auction and delivery. Marketing campaigns all have objectives that can be monitored via this data. FB will adapt auction dynamics to maximize the value for all parties, and this data helps FB properly set the auction bids or artificially inflate/deflate the price for individual users based on the predicted likelihood of a campaign objective being met.
It's used for campaign measurement - DoorDash reports an action in their app, and FB says "that person saw or clicked on a FB ad before taking that action. give us credit for it!" Facebook is effectively grading their own homework here and ignores other marketing campaigns that may have contributed to the action, but there is a deeper science around interpreting this measurement (marketing mix modeling) and third-parties who can help validate.
The data can also be used to create Facebook campaign audiences. "Show this promotion to customers who ordered from DoorDash 4 times last month." "Show this promotion to those customers' FB friends who do not have the app installed." "Show this promotion to users who have installed the app, but haven't placed an order yet."
So no money is being exchanged for the data, but both parties are able to maximize their partnership value from it.
74 comments
[ 4.2 ms ] story [ 60.0 ms ] threadThis is where they went wrong, as unfortunate as it is. Aside from the massive amount of third party analytics and tracking and so on, there's many more out-of-band ways that others will find out about what they did, for example by purchasing credit card transaction history (Google, many other institutions), reading and automatically parsing your receipts sent via email (Google), making generalizations about your Internet activity (phone/Internet provider) and many others.
I love it when companies exclude this info from email and make me log in to see the details, but then run a bunch of trackers themselves.
I wonder if the tracking companies pay more if you exclude the info from emails, which I generally find annoying.
(I assume this is in the context of somewhere like the USA, because it would very clearly not be legal under privacy laws in places like Europe.)
It's easy to go about your daily work and forget about the ways in which you're opted into various data-collection frameworks.
Regarding comments pointing out the Facebook integration on Medium, I think it's okay for people to criticize a system from within the system.
Amen: there'd be virtually no critics left if people couldn't.
It's as simple as:
If you subsequently make an account, as soon as they can connect the two you’ll start seeing stuff in your feed based on what they already know about you. Though that’s not the reason they do it, it’s for advertising.
The reason they don't do it yet is it's more expensive to host that traffic. The good news is, I don't think enough people will ever use privacy extensions to ever make it profitable for the DoorDashes of the world to go this far.
I've wanted for some time to see a couple of variations of things like the Fair Tax Mark (https://fairtaxmark.net/ - a cert that a company isn't using tax evasion tactics), especially one for privacy. FTM is trademarked and therefore able to police its logo's usage, a Privacy Mark could do the same, and enhance the market for privacy respecting services.
Maybe it is time to start on efforts like these. Who'd be interested?
After that, who cares what is done with it? Best not think about those things lest it bother your conscious.
Your question probably is more along the lines of why would someone want to buy that data? You add that info to the buyer's enormous trove of data profile. This person bought an Apple device = they have lots of disposable income (send them ads on other superfluous crap). This person bought a baby crib = send this person lots of adds about diapers, formula, toys, etc.
[1] https://archive.nytimes.com/www.nytimes.com/external/readwri...
Privacy has relied on the good-nature of service-providers for so long, that we don't know half the things that shady operators were upto (fingerprinting etc.).
Apple appears to pushing industry in a direction that's going to change things for the better.
Take note, developers; it's as simple as this:
But my god, they are SO pushy.
More on topic: I'm curious why we tolerate these horrible experiences on the web. Technically savvy people can't be the only ones infuriated by these dark patterns, yet I don't often see my non-tech friends complaining about it.
I also don't understanding the motive on Reddit's part. Let's broadly categorize users into two buckets: those who actively don't want to use the app, and those that do.
In most cases a native app experience "feels" better than a web app experience, so your average user is probably happy to see the "please use our app instead" popup. Those users will probably click it on the first try, and never have to deal with it again on the web.
The remainder who specifically want to use the browser version are doing so probably for technical reasons: don't want to be tracked, etc. Those people are never going to click to download the app, no matter how many times Reddit nags at them to do it. So why continue to force-feed the popup? All it's doing is creating ill will from the people who see it every time, and those people are arguably the more technically savvy and know it's intentionally being annoying. It's just making technical people dislike the platform and the company.
I guess I'm missing where the benefit of trying to force people into the app is. Is the disdain from techies worth the tiny amount of people who initially click no and then eventually click yes?
Its fast and lightweight. A superb third party reddit client.
I don't know what made Apple switch gears so hard and focus on promoting native. It could be they just wanted that App Store revenue and 30% cut, as well as in-app purchase revenue.
It could also be Apple was interested in promoting apps that only work on iOS, or work best on iOS.
I do think they made the wrong choice for the user's benefit however.
In 2007 many developers wanted a native SDK, similar to the one that Apple used internally, and were extremely disappointed at WWDC when Jobs announced Apple's "sweet" solution of web apps on the iPhone. In retrospect, two things have become clear:
1) the iPhone's support for web apps was surprisingly good and pointed to a future of responsive, standalone web apps that look and feel like native apps, and web technology as an alternative for implementing standalone apps
2) devs asked for a native SDK, and Apple said no; a year later, Apple gave them the App Store, which wasn't just an SDK but a new marketplace for mobile apps which led to "there's an app for that", millions of iPhone apps...and eventual complaints about Apple's terms
> until the day they have them, (like mice with two buttons, or phones with working antennas)
The trackpad on my Apple laptop actually has zero buttons. The clicking feature is a haptic and auditory illusion.
Jobs was technically correct that the iPhone 4 antenna worked properly when you didn't bridge it with your finger, and as I recall the low tech fix was a piece of insulating plastic to prevent you from doing so.
What you do want to be careful about is following links from browsers that load applications, because they are typically tagged with information that links the app to the browser (and from there to everything else).
Is it a straight-up cash transaction, or is it a discount Facebook gives Doordash on its ad spend, or something else?
Or is it just a side effect of using Facebook Analytics, that most companies aren't even aware that they're sharing data that gets used for advertising too? So they're getting free analytics software but that's it?
Just very curious what the business deal structure here is.
This data is used to create a feedback loop for ML models powering FB's ad auction and delivery. Marketing campaigns all have objectives that can be monitored via this data. FB will adapt auction dynamics to maximize the value for all parties, and this data helps FB properly set the auction bids or artificially inflate/deflate the price for individual users based on the predicted likelihood of a campaign objective being met.
It's used for campaign measurement - DoorDash reports an action in their app, and FB says "that person saw or clicked on a FB ad before taking that action. give us credit for it!" Facebook is effectively grading their own homework here and ignores other marketing campaigns that may have contributed to the action, but there is a deeper science around interpreting this measurement (marketing mix modeling) and third-parties who can help validate.
The data can also be used to create Facebook campaign audiences. "Show this promotion to customers who ordered from DoorDash 4 times last month." "Show this promotion to those customers' FB friends who do not have the app installed." "Show this promotion to users who have installed the app, but haven't placed an order yet."
So no money is being exchanged for the data, but both parties are able to maximize their partnership value from it.
> Facebook is effectively grading their own homework here and ignores other marketing campaigns that may have contributed to the action
One thing I'd add is that FB is _still_ incentivized to accurately attribute actions. Over-attribution (and thus over-estimation of ROI) would give FB more spend in the short term, but would hurt them in the long term by causing auction inefficiencies.
This is the reason direct action campaigns on Google are perceived to be low(er) value: last click attribution disproportionately favors AdWords.
What should be shocking is how many people dismiss such information because "I have nothing to hide," or "but Facebook connects me with friends and family."
Saying that drugs make you feel good doesn't make it less bad that the pushers want you to get addicted.
Fair, everyone has an approximate idea of how much FB is sucking down about you, but I still get surprised now and then by some of the stuff they do. Like I've always avoided using FB login for anything for obvious reasons, but I never knew that just the act of including a facebook SDK in your app was enough to phone home to that company every time I use it.
It's used for campaign measurement - DoorDash reports an action in their app, and FB says "that person saw or clicked on a FB ad before taking that action. give us credit for it!" Facebook is effectively grading their own homework here and ignores other marketing campaigns that may have contributed to the action, but there is a deeper science around interpreting this measurement (marketing mix modeling) and third-parties who can help validate.
The data can also be used to create Facebook campaign audiences. "Show this promotion to customers who ordered from DoorDash 4 times last month." "Show this promotion to those customers' FB friends who do not have the app installed." "Show this promotion to users who have installed the app, but haven't placed an order yet."
So no money is being exchanged for the data, but both parties are able to maximize their partnership value from it.