Home > Awareness, Data Protection, Facebook, Privacy, Social Media > Profiling and targeted advertising: Like button

Profiling and targeted advertising: Like button

Yesterday, E-Crime Expert presented a special edition on this blog regarding The Privacy Platform: “The Transatlantic Dimension of Data Protection“.   You can read this post here.

Today, E-Crime Expert is resuming to its favorite posts and activities such as offering awareness to the Internet users thorough individual and particular post entries on the most current privacy topics and also providing concrete examples and explanations.

Following a series of several recent posts (Cookie monitoring?! No way…just a “coincidence“, Privacy and the Internet), this post presents in more depth how the users can be profiled and served a very specific targeted advertising. Sometimes the users do not know that they were being monitored and also do not have the opportunity to express their acceptance or to decline being part of a market study. It is uncomfortable for a person to be “watched” without acknowledgment or consent. Furthermore, the advertising delivered based on a user’s profiling and monitoring could be abusive and annoying through frequency and content. Moreover, if a public or enforcement authority wants to start profiling users on Facebook, they can because they have access to users’ private profiles (i.e. befriending someone on Facebook under a different name, etc, or simply through the friends of friends relationship). This could have a negative effect as prosecution already occurred based on other personal data (videos and pictures) displayed on YouTube. Public authorities can monitor and profile users based on their Facebook Groups subscription or visited pages such as “Motorbike enthusiasts and “Liked” websites (i.e. motorbike enthusiasts website). If a user’s connections on a Motorbike Facebook page are determined (based on the social relations and information exchanged among his friends list), from here links and relations to other users subscribed to that particular Facebook page could be retrieved along with possible videos or pictures as explained above. Another concerning issue is that by profiling, someone has real possibilities to capture the user’s real data, information and preferences. A user may be unaware whether their personal data is kept confidential, or by whom it is used, aggregated or stored. Nonetheless, the privacy issues should be addressed as well since this profiling method involves observation, monitoring, filing and data processing with automatic means.Profiling could be useful to determine what role a user has in regards to an activity the user is engaged in, and also her relationship with other users among a group. For example, by profiling a Facebook page and establishing by a users’ geographical group that: he is located in Guadalajara, Mexico (i.e. located in the south of Mexico with a temperate climate), likes swimming, and is part of a certain age group, a swimming gear company would know what to sell him or what are his needs. A company selling winter gear would not send someone with this profile advertising for its products.

A recent personal experiment (following the lecture of an Article) proved that personal data such as at least Facebook unique ID number, geographical location and sex, could be retrieved from any user on Facebook regardless if you befriended him or he is a stranger. On the web browser one could type: https://graph.facebook.com/ (the name of the person they are looking up for, in my case: danmanolescu.) and the result can be seen in the Figure 1.








Figure 1

One could come and say: it is normal as you searched your name while being logged on your account and this is why the information has been provided. This is not quite true. A second experiment revealed the same information regarding an unknown Facebook user by typing: https://graph.facebook.com/joedoe as can be seen in Figure 2. Please note that user’s whose personal data was revealed only as an demonstrative purpose.









Figure 2

If someone as me with average computing skills could retrieve such data (which for me still represents personal data), people with advanced computer skills such as developers could retrieve much more data from Facebook, regarding their users than was done in these two experiments. The data they retrieve could later be used for behavioral advertising, targeted advertising, profiling, and other commercial purposes. The method explained above is available and also explained on Facebook’s website, under the Facebook Developers’ dedicated page. Moreover, according to Facebook, the user identification is associated to a dedicated Cookie. This means that because Facebook always assigns a Cookie to its users (and also to any object on Facebook such as pictures) in order to deliver its service to them, that particular cookie “follows” the user everywhere he goes, and even which websites he visits if it has a Facebook “Like” button. As explained on the Facebook website (i.e. Query Language FQL Cookies), developers also have access to the user’s unique ID and they could also track down the browsing history: sites a user has visited and” liked” by retrieving information from the user’s individual Cookie connected to their unique ID. In this case, not just Facebook, but developers too, could track user’s behavior and preferences, which could be later used for targeted advertising and profiling.

A most recent study of Mr. Arnold Roosendaal, a PhD candidate and research fellow with Tilburg Institute for Law Society and Technology, presented and demonstrated how the Facebook “Like” button (an application which is available on many websites affiliated or non-affiliated to Facebook having as purpose to bring traffic to those websites), it is heavily used to collect users’ private data, browsing history and behavior, without the user’s acknowledgment. The user’s collected data is linked to his Facebook ID, making everyone on Facebook precisely identifiable (beyond the information publicly available under his Facebook profile). The privacy issues occur as pointed out in the article by the author, like this: “First of all, the data collection takes place without the individual web users being aware. As a result, there cannot be consent for the data collection”.

Regarding the collected personal data by third party Advertisers, risks such data security vulnerability can occur. From the security vulnerability perspective, identity theft for example could be performed if the personal data (user’s name, address, phone number, which could be later used for opening a bank account, credit application or obtaining a driver license) get stolen from unauthorized third parties (i.e. Advertisers), which improperly store the data.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever felt profiled? Have you ever fel as a target for advertisers? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: