Facebook can track up to 52 percent of the activity of all internet users

Facebook can track up to 52 percent of the activity of all internet users

Facebook can technically understand more than half of the surfing activities of all web users, condense information from it into profiles and use it for targeted advertising, for example. This also applies to Internet users who do not have an account with the social network directly or with the other services belonging to the parent company Meta, WhatsApp and Instagram. This is the conclusion reached by researchers at the German Institute for Economic Research (DIW Berlin) in cooperation with colleagues from the Universities of Zurich, Lausanne and Yale.

In the study that has now been published, the scientists estimate that Facebook and platform operators operating with comparable business methods can technically see and read up to 52 percent of the websites visited by members and external online users and some of the clicks made there. This corresponds to about 40 percent of the time spent by users on the Internet. Avoiding a portal is of little use: Facebook is able to monitor 41 percent of the time users of the platform spend online – and 38 percent of non-members.

It was already known that portals with personalized ads in particular evaluate surfing behavior on a large scale and thus also draw conclusions about individuals who do not use their services themselves. However, the estimation of the quantitative extent of the tracking is new. For the study, the economists calculated what information the platform operator Facebook could theoretically store on the basis of user data from the USA of almost 5,000 representatively selected people from 2016. In total, they evaluated 18.17 million clicks and the time spent on each website.

The scientists linked this Internet usage data with archived information about possible data transmissions to Facebook at the level of individual domains. This enabled them to determine the proportion they were looking for. They also included quantitatively how Facebook obtains personal information in the form of shadow profiles without the explicit knowledge of many Internet users and also uses machine learning methods for this.

To create consumer profiles, services such as Facebook use trackers, which are automatically loaded via Like, Share or Login buttons. This occurs regardless of whether the recorded person is registered with the platform himself or whether he clicks on one of these buttons at all. In this way, the Meta subsidiary could link the pages visited by its members with the user data stored with it and also draw conclusions about other visitors.

According to the analysis, this method can be used to correctly estimate demographic characteristics such as age, gender or the level of education of non-users of the platforms with up to 65 percent certainty. Ads are then sold to desired demographic profiles. It had already become known in 2018 that Facebook even uses telephone numbers that are only entered for two-factor authentication to advertise to user-defined target groups.

The operator routinely creates shadow profiles about non-users using phone numbers from address books that members have uploaded to Facebook. The group defends the practice: It only collects relevant data for security reasons and for “analytical purposes” such as statistics on site visitors in summary form.

According to the researchers, the most common form of data collection with the aim of creating consumer profiles is tracking using third-party cookies for user identification. For companies that promise higher income from personalized advertising, there are “high incentives to create coherent user profiles across contexts such as applications, websites or end devices”.

The European Court of Justice ruled in 2019 that website operators must obtain consent for the transmission of personal information using Like and Share buttons in accordance with the General Data Protection Regulation (GDPR). This also applies to the setting of cookies in general. According to the study, however, it has been shown that users have little knowledge of tracking practices on the Internet and only a few actively refuse to consent to the use of data. From a legal point of view, the procedure by which website providers obtain and store consent is still an open point of contention in the implementation of the GDPR.

With the tightened requirements for personalized advertising in the Digital Markets Act (DMA) and in the Digital Services Act (DSA), the supervisory authorities could penalize violations of data protection guidelines more severely, the authors write. For this, however, the inspectors would have to have “sufficiently qualified personnel to an appropriate extent”. According to the DSA, cookie acceptance buttons must be designed fairly so that users have a real choice in the future. Profiling for the purposes of targeted advertising based on particularly sensitive data, such as political and sexual orientation, is prohibited on social networks.


To home page

Das Webinar von Heise: Als Product Owner in den Scrum-Events Previous post Heise’s webinar: Successful cooperation with stakeholders
Programming quantum computers: Google's framework Cirq is ready for use Next post Programming quantum computers: Google’s framework Cirq is ready for use