Tell HN: FB tracked my sensitive buy outside FB, cant delete a suggestion in app
So I bought a rather sensitive item outside of FB on a retailers' webpage. Thought using private browsing was enough (I always do even for trivial stuff).
Now, somehow FB tracked me, found a similar item in FB Marketplace and shows me it in the main app menu as a suggestion next to Marketplace option. Like in this image, but the white Marketplace panel also has a thumbnail: https://brayve.net/wp-content/uploads/2020/03/echo/fb_menu_revamp2.png [1]
I deleted all the stuff from ad preferences, "activity outside FB", turned it off completely. I long-pressed the thumbnail and asked FB not to show it anymore, but it persists.
Does the HN crowd know how to disable this crap if asking FB not to show it doesn't cut it? Now I can't open FB in the public... :/
[1] Won't post my own screenshot, because image censorship is easy to screw up, I couldn't find a screenshot with such thumbnail on the web.
137 comments
[ 0.21 ms ] story [ 227 ms ] threadI do my best to limit my use of FB services
How exactly does this work. No longer having a public page , but people being able to contact me would be great .
I don't have an FB account, and have about ~300 email addresses with different retailers etc. But some of them have my phone out of necessity. And so do my friends who use WhatsApp. Which means FB know my name, and what I buy from those retailers that share their data and have my phone number. I've recently pondered getting a trunk so I can give a different number to every retailer, like I do for emails.
There's very little one can do to avoid FB, when they've managed to turn 30% of the world (literally, and closer to 80% in the west) into snitches on you. Stasi would have been envious. And FB happily provides it to any government who would just ask.
I still interact with their products when I have to, but exclusively from a browser with an adblock.
And Instagram forcing people to install an app to even create an account in its early days was the sole reason why I've never had one.
Step 2. Logout of facebook on your browser / clear cookies.
Step 3. Make all private purchases in firefox.
Step 4. Create a new facebook account telling your friends you were hacked.
Step 5. Never open facebook in public and don't create that expectation with peers.
There's more to staying connected with family than calling them up, a completely synchronous action that interrupts the lives of both involved just to happen. But it's also not scalable to keep a large family or friend group up to date with whats going on in your world, or catch up with whats going on in theirs by calling every one of them up.
A phone call, an email, a Zoom meeting, a Skype meeting, even a letter away for those too far away to meet in person....
Most of my (large, 25+) extended family has done so.
And we've used it too. Fortunately for me, Zoom invites also provide a local call in number and I use that -- not from my smartphone, but from a bog standard cordless phone connected to an ATA[0] situated outside my firewall -- to join Zoom meetings.
No, my family doesn't get to see my shining face, but they already know what it looks like.
I've considered setting up a self-hosted Jitsi[1] instance, but it seems like overkill for my needs.
[0] https://en.wikipedia.org/wiki/Analog_telephone_adapter
[1] https://jitsi.github.io/handbook/docs/devops-guide/devops-gu...
In some circles, Facebook is the only way to communicate and organize events. If you are not there, you are cut out in real life.
Otherwise, sometimes I suspect ads are targeted by IP. Sometimes I see ads for things my wife is interested in.
You might want to try VPN. At least you'll see ads for all the sketchy things other VPN users buy!
Now, to prevent such events in the future I installed Firefox on my smartphone along with uBlock Origin. I use FF on desktop since forever, should have used it on mobile as well.
They're probably tracking you via IP.
Private browsing helps prevent browser-based tracking, but doesn't help at all if both sides are playing together and have ways of correlating your identity.
I find this incredibly annoying, and also pretty spooky.
Instagram, not Snapchat, but yes. That's the main part of how they build "shadow profiles" of people without accounts, afaik.
They got me still.
So they know "John Smith" whose friends with "Joe User" on Facebook, has an email address for "Joe User" that is different than the one listed for "John Smith"'s account; now they have both. That's part of their business.
Personally, I own a domain. Every retailer, website, etc. I interact with gets their own email address. I have no doubt Facebook knows some of them, and can maybe even connect some of them to my profile -- but it's not certain.
P.S: I don't even use facebook myself.
However, I’ve received several LinkedIn and Facebook invites to these emails from businesses I interacted with - so I know LinkedIn and Facebook (at the very least) have — at least in the past — failed to make the connection between identities.
Also, I think FB recognizes residential IP addresses and associates activity from the same IP. I occasionally see Friend recommendations with ppl from ppl that I shared the same IP address with, but normally would not know.
One of Facebook's largest businesses is allowing companies to advertise against first-party data, ie lists of activities the customers upload. Crucially, these don't require a cookie sync; facebook matches against any of name, phone, zip9.
https://www.facebook.com/business/help/2082575038703844?id=2...
Naturally, there's not really a way to buy something without presenting this information to the retailer.
What can help OP is this: if in CA, go to the ecommerce company and submit a Do Not Sell request. If in EU, submit a deletion request. NB: for the latter, they will be able to retain information like shipping, etc. If in none of the above geos, hope the retailer is nice and gives the whole world the same rights.
Edit: You can also go into your FB ad 'privacy' settings and turn off some of the targeting stuff, for instance 'Ad based on data from partners'. You can also dig around there for a log of partners FB thinks you've 'interacted' with. Turning this stuff off gets rid of the spookiest ads and things like retirement facilities ads because you set your age to 103 when you created the account.
This is the problem, so many companies are harvesting our data now it's almost impossible to know how your personal data is being acquired anymore.
That being said, another thing to look out for is sites and apps running Facebook's integration crap. If the e-commerce site in question is running Facebook's code on the site, FB could easily correlate the data (IP address, browser fingerprint, etc.) and connect it back to you even if you are using Private Browsing.
Sure you can. Let your freak flag fly man ... I wouldn't be too worried about whatever it is you bought. You bought it after all, didn't you?
(I am coming at the context of this being an adult purchase, like a dildo or something)
The situation is a bummer, but don't let something in your FB account give you any amount of shame over this.
The argument that if you don't have anything to hide you don't need privacy has been beaten to death already.
And when it comes to sexual preferences there are still many countries/states where being able to hide it is a life or death situation.
I am not invalidating someone's right to privacy.
> The argument that if you don't have anything to hide you don't need privacy has been beaten to death already.
Also not suggesting this at all. I am merely trying to offer a different viewpoint. I interpret the original post as, "I made a mistake, I need need help fixing this so I am not found out" - to which I would say no mistake has been made. That is all I am saying.
If you really value your privacy you don't use Facebook, it's that simple... you can't have one foot in the door and the other outside and think it'll work to your favor.
You are saying that not having the choice to choose what to share is acceptable though. Privacy isn't about having something to hide, it's about having the same rights you have with your day-to-day thoughts; you aren't forced to shout every single thought that pops into your mind, you are able to pick and choose what you would like to express and share. Privacy and encryption aim towards that goal.
I was reading an news article on my phone on NYT just yesterday while someone else in the house was buying things from a big online clothing store (not amazon) on her phone at the other end of the couch. In real time the ad slots on the article on my phone switched to show ads for the site she was buying from and for similar products. The had previously been showing me something i bought a few days ago.
The reverse doesn't happen: my DDG searches and FF browsing never bleed on Youtube.
Google (and many others) doesn't care about private mode, separate accounts, profiles or containers.
Every single ISP available to me advertises it as a feature: “get fixed IP for free when you use IPv6 (usually $5/month for IPv4)”. When I asked if there’s non-fixed IPv6 they were perplexed at my request and said no.
Which does not help at all: https://panopticlick.eff.org.
There are just too many ways to identify you, and therein lies the problem.
If this kind of thing is concerning to you, you have no option but to delete the FB account.
EDIT 1: Removed MAC address from my comment, which was incorrect as noted below.
EDIT 2: This is a test that is available from EFF to test your browser fingerprinting: https://panopticlick.eff.org/
FB used to also websocket portscan your localhost + LAN on login from a fbsbx.com domain that also attempted to load native code/windows media player playlists/SWF/Java/Shockwave
That's straight up malware behavior.
Use Tor Browser.
In these cases private browsing or a VPN or a using Tor would not help. This is a much common vector for interest targeting at Facebook. Retailers willfully share what you believed would be private with ad targeting platforms like Facebook and Google. Twitter has something similar too I think.
[1] https://github.com/fingerprintjs/fingerprintjs
Your browser leaks a lot of information about you
The problem here is that the ads would still show on other devices that have no ad block.
The solution to not seeing ads on Facebook is to not use Facebook, IMO...
Why can't a singular purchase be just that?
What should trouble you, however, is that this sort of correlation is going on all the time in the background. It's not necessarily always the case that the correlation is made apparent to you. Often times (most times?) it will be totally invisible.