Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Simple script to cripple personalized targeting from Facebook (gist.github.com)
205 points by GeoHubToday 5 months ago | hide | past | favorite | 119 comments



This got a little stuck on a few of the `.click()` calls for me. Here's my version:

    const wait = () => new Promise(resolve => setTimeout(resolve, 1000));
    const getElementsByAriaLabel = (label) => document.querySelectorAll(`[aria-label="${label}"]`);
    const getElementsByRoleAndWidth = (role, width) =>
        Array.from(document.querySelectorAll(`[role="${role}"]`)).filter(el => el.clientWidth === width);
    const getElementsByText = (text) => Array.from(document.querySelectorAll('*')).filter(el =>
        Array.from(el.childNodes).some(node => node.nodeType === Node.TEXT_NODE && node.textContent.includes(text))
    );

    async function clickAndWait(elem) {
        if (!elem)
            return;
        elem.click();
        await wait();
    }

    await clickAndWait(getElementsByText("See more")[0]);

    const ads = getElementsByRoleAndWidth('listitem', 508);

    for (const ad of ads) {
        console.log(ad.childNodes[0].textContent)
        await clickAndWait(ad.childNodes[0]);

        await clickAndWait(getElementsByText('They uploaded or used a list to reach you.')[0]);

        const dont_allow_btns = getElementsByText('Don\'t allow');
        for (const btn of dont_allow_btns) {
            btn.click();
        }
        await wait();

        await clickAndWait(getElementsByAriaLabel('Back')[2]);
        await clickAndWait(getElementsByAriaLabel('Back')[2]);
    }


Lol, I got hit with this: "You're Temporarily Blocked: It looks like you were misusing this feature by going too fast. You’ve been temporarily blocked from using it."

Anyone using this may want to s/1000/2000/ on the first line.


I got this message once without even trying, I was just clicking the button for "see why this ad was shown to you" and it was always "You are in the USA and 18-35" which seemed pretty vague for very relevant ads. I never understood why they give the option if A. you don't want me to actually check B. you're not going to tell me how you knew I was in the market for a vacuum cleaner


For the facade of caring about user privacy - “look regulators, we even go so far as to tell you why you were shown ads!”


Math.floor(Math.random() * 1000) + 2000


Safer bet: 5000ms.


I wonder if hn (or wherever else this was posted) is big enough to register on the ads-vs-adblocker war.

Ads are 509 pixels wide coming in 3 ... 2 ... 1 ...


clickAndWait is always good! :)


Cool script.

My hack is to live in a country where the local language is not my own, and not the one I have set in my Facebook settings.

As a result, Facebook rarely has advertisements that can target me, because my language has been filtered out by the advertisers.

When one does appear, it’s nearly always in the local language, so I’m kind of deaf to it and I’m not going to actively respond to anyway.

Luckily they haven’t figured that out yet, even though I’ve been an Facebook user for many years.


My hack is to live in a country that forces Facebook to give me an opt-out, and then I click "no" when Facebook asks.


my hack is just to not have facebook


My hack is being just young enough that having a Facebook would make me feel old.


You have rather succinctly noted that sodding huge walled off communities come and go, with time. ::FAC3:B00C: is already very old school and largely irrelevant. They just haven't noticed yet.

Whither Geocities and Compuserve?


Facebook makes shadow profiles of you anyway


Then facebook gets to track my shadow self.


Why would a person who objects to Facebook tracking them via their actual profile not object to Facebook tracking them via inferences?


because the far-parent problem was 'facebook has ads that target me.'

an easy way to avoid the problem of seeing ads on facebook is.. to avoid facebook.

yes, this doesn't solve the privacy and ad-affiliate network problem -- but that wasn't the stated problem.


Yea they can track my shadow profile all they want and I don’t care. I don’t visit them so they aren’t showing me ads.


They lease your behavior to other advertisers, insurance companies, loan guarantors…


Source? It's always been my understanding that while smaller players do this, the major ad players - Meta, Google, etc - never do this: Data on everyone is their greatest competitive advantage, and they don't want to give it away!


How do they know what my behaviours are if I don't have Facebook?


You don't have, but many sites you visit have a Facebook code hidden in their pages that sends data about any visitor to Facebook. Thus Facebook knows a lot about you even if you don't have an account.


Fair point!


I'll answer but I don't think you want one/it... They're different. That's why. Simple.

One you're giving them information/still seeing ads

The other, they're guessing and you're free from the mind rot. Distance surely hurts their accuracy.

Can't stop them guessing but you can stop being their authoritative source. You've heard the whole, "we're in charge of our response, not the problem", right?


That's a great answer, thank you! Yeah, "someone non-consensually has low-accuracy information on me" is experientially different than "someone is using (more-accurate) information on me to serve me ads". The former's still not _great_ (they can still pass that information to other people which could lead to bad experiences), but it's still much better than the latter. Thanks for the clarification!


I have a hard time believing that Facebook does a particularly good job with its shadow profiles. They can't even figure out which continent I live on or narrow my age down to more than a couple decades off.

For the times I need to wade thru the muck mbasic + adblock means the only ads I see are recommended groups. Those are usually history geeks focused on cities thousands of miles away from anywhere I've been in the past decade.


But I'm addicted to the feed!


What country has this? Sounds great.


Any EU country. Meta is also forced to ask you before associating profiles between its properties, eg Facebook and Instagram.


Same situation for me. Basically the only ads I ever see in my native language are for American expat tax services (I’m not American, have never visited the continent and have never expressed interest in doing so).

Sometimes I wonder just how good this adtech really all is when the best they can do is figure out I speak English (browser language) and live not in an English speaking country (IP address) and just assume therefore I am American.


That's probably less to do with Meta and their tech than a marketer setting up their ads in the way you describe (language: english, country: yours). I'm not sure you can even target nationality at all.


A lot of the filtering of whom to show ads to is heuristics to try and target 'high value costumers'. Getting target with very irrelevant ads might just mean you are considered low value by most advertisers so you get served ads from advertisers willing to pay very little per impression.

I'd take as a signal your online cloaking is working as intended. I often get very random ads and recommendations in languages I don't even speak so I think my online anonimity fu is working as intended.

Source - worked with ad tech a few years ago.


I set my language to English (Pirate) a long time ago to similar effect.

The option has been removed since, making me part of an ever shrinking community of essentially random people - not a particularly interesting target for advertisers.


Much more entertaining: Get the list of advertisers. Find the ones who aren't allowed to share your data with Facebook, e.g. due to lack of consent or because they're bound by professional secrecy (e.g. banks or health related things). Report to your local DPA.


When it comes to the UK DPA they will only even consider your complaint if you have evidence of trying to resolve the issue with the offending company directly, so it will not have the desired outcome because most companies will opt you out, removing your grounds to complain to the ICO in the first place.

Source: https://ico.org.uk/make-a-complaint/data-protection-complain...

> You'll need: a copy of the complaint you have made to the organisation about how they have used your information


Sounds like the perfect task to automate with an LLM. Companies can't bury you in red tape if you have red tape disposal machine.


What does DPA stand for? Guessing it's not Drug Policy Alliance, the first hit on Google.


Data protection agency. Eg, Australia: https://www.oaic.gov.au/ UK: https://ico.org.uk/ EU: https://www.edps.europa.eu/_en , etc.


Data Protection Authority

"Under the law the Data Protection Authorities (DPAs) should enforce our rights in each EU member state."

https://noyb.eu/en/faqs

List of DPAs:

https://noyb.eu/en/project/dpa


in this context, DPA usually means Data Processing Agreement.

I’m assuming GP meant DPO, for Data Protection Officer, the person responsible for enforcing GDPR (or similar laws) in a company.


What you suggest and what I have are not mutually exclusive, friend :3


Reminds me of a court case [0] proactively challenging Facebook, due to a time the company gave someone a lifetime ban [1] for making this kind of consumer-tool.

[0] https://www.theregister.com/2024/05/02/meta_facebook_tool/

[1] https://slate.com/technology/2021/10/facebook-unfollow-every...


A lifetime ban from Facebook would be a blessing for me :)


LOL a lifetime ban from Facebook?! Whatever will we do with all that better mental health and free time from not doomscrolling all day! Don’t threaten me with a good time!


As someone who has read tons of books, articles, etc, on the addictive qualities of Facebook and the personal harm it can do - and personally observed the effects it was having on me - I STILL only deleted the Facebook app from my phone a few weeks ago.

The dissonance between what we know is good for us and our actual behaviour in the face of addiction is truly incredible.


Reminder to use AdNauseum [1] that will not only hide the ads but also click it, messing with targeting and spending advertisers' money at the same time.

[1] https://adnauseam.io/


What is the motivation to prefer untargeted ads over targeted ones?


My bank telling Facebook that I'm their customer is a breach of privacy. If you care about ethics not law, it's none of Facebook's business to know who I bank with. If you don't care about ethics, only law as written, it's a breach of the law for the bank to share this information with Facebook.

And at least one European Neo-bank no longer does this. I don't think I was the only/first one to report them, and unfortunately I don't think they were fined for doing it, but I sure did report them.


Targeted ads are the ones that are the most likely to make you change your mind, and buy/consume something you didn't need in the first place.


Targeted ads can basically gangstalk you and it's psychologically uncomfortable


And you are using the term "gangstalk", which refers to a specific symptom of mental illness, ironically?


No, I mean the action of gangstalking

If a bunch of people analyze your psychology and then coordinate to use what they find to scare you, that's gangstalking

When an AI does it.... it's expected advertising behavior?

I don't like that double standard. Gangstalking is gangstalking.


"A study from Australia and the United Kingdom by Lorraine Sheridan and David James[13] compared 128 self-defined victims of 'gang stalking' with a randomly selected group of 128 self-declared victims of stalking by an individual. All 128 'victims' of gang stalking were judged to be delusional, compared with only 5 victims of individual stalking."


Yeah but in this case it’s Facebook that is delusional.


Ah, you want to cite hair-splitting

Okay

Give me your identity

Email, phone number, address, family members, etc.

I can show you how gangstalking works with that information

Is that something you'd be willing to share here?


& feeling paranoia is a garantee of having mental disease?


No, but the phrase "gangstalk" refers to a specific kind of persecutory delusion.

https://en.m.wikipedia.org/wiki/Gang_stalking


In the words of Kurt Cobain, "Just because you're paranoid don't mean they're not after you."

But I take your point. Using clinical terms in another context creates an unnecessary/unwanted association for readers.


> Gang stalking or group-stalking is a set of persecutory beliefs in which those affected believe they are being followed, stalked, and harassed by a large number of people.

That is literally true though. Have you ever read one of those cookie banners to see the list of organizations stalking you at all times on the web? It's often in the high hundreds. Nearly every electronic device manufactured in the last 10 years is stalking you at all times. If you don't have an active ad blocker, they also harass you constantly in a personalized way using the information they gather by stalking you.


I'm not personally being persecuted or harassed by any companies.


It's definitely not a sign of mental health...


more or less


Privacy.

Though, if you're into privacy, you're probably not on Facebook.

But a good number of people find the kind of hyper-targeted advertising enabled by the tech industry very creepy.

Anything more granular than a billboard gives me the heebie-jeebies.


Interesting, I guess most people are unaware that running these scripts does not stop the data from being collected, because Facebook is not the one collecting most of it.


Yes, this script disrupts the non-Facebook actors collecting most of the data

It cuts off a refinement step


Untargeted ads are presumably less profitable and thus the preference for untargeted ads is also a preference for fewer ads.


It's the opposite. If untargeted ads generate less revenue per impression, they'll need to show you more ads to make the same amount of revenue.


They’re already trying to maximize revenue and have maximized saturation of ads until their network becomes less sticky by people getting annoyed and not using it.

So you’re getting the same number of ads either way, even if Facebook can’t make more money off you.


That doesn’t really make sense. Publishers will already show you an ad every time doing so is profitable. They won’t show you an ad when it isn’t profitable.

Whatever opportunity you’re imagining where a publisher would a new ad once ads become less profitable, why wouldn’t they be showing a (more profitable) ad right now?


Targeted ads require the collection of personal data that I don't want to be collected. Untargeted ads don't.


I'm worried that if you use this, Facebook will permaban you for something like "using modified or unauthorized clients to interact with Facebook services".


It would still work, technically.


Intresting, for me the link 404's

  This page isn't available
  The link may be broken or the Page may have been removed. Check to see if the link that you're trying to open is correct.
  Go to Accounts Centre

also

  Uncaught SyntaxError: await is only valid in async functions, async generators and modules


I clicked around a little and I think that the correct page for me is this one, perhaps it is the correct one for you too? The script doesn't work, but it looks like it could work with some tweaking. https://www.facebook.com/adpreferences/ad_settings/?section=...


I've updated the script, try again! :D


Separately, Firefox has a feature to isolate Facebook activity from other things you do on the web.


I don't know how well it works in practice. The other day I bought something from a local webshop (bike parts) on my laptop. The next day I'm seeing an ad from the same webshop on my Facebook feed on my mobile. Yes, it could be coincidental though I do see a lot of bike-related ads and practically never this company. (Even though I am a returning, if not very frequent customer of theirs.)


Some companies upload their customer data to FB because Zuck promised them then you can send ads to your existing customers.

I made the mistake of having the same email address for Facebook as for registering to random online shops...


I use a separate email address basically everywhere so this can't be the reason. (I don't even use my main email address for facebook.)


Weirdly, as much as I hate internet ads in general, I actually find the FB ones better. I've even bought some stuff from a few and been happy.


So you are the one i need to be angry at for caving and perpetuating this bs.


For me the correct URL seems to be: https://www.facebook.com/adpreferences/ad_settings/?section=... instead of what you have in the gist. (But the script errs on the awaits.)


Neither the URL in the gist or this one load for me. The one in the gist seems to freeze at trying to load some modal, on fully updated Chrome.


Can you post screenshots of your network tab so I can calculate the intervention actors?


Well I don't even get a chance to run the script.


I've updated the script, try again! :D


I heard that sites like Facebook run A/B tests all the time, and the version you get served at a given time may not be the same others see. I also suppose the version you see may be slightly different on different territories somehow.

Also, these scripts break often as they depend on observable behaviors that are not contracts. It's Hyrum's law again.


Does this just impact ads shown on the site, or does it also cut down on data collection and targeting that occurs when you browse to third party sites who happen to include javascript from Facebook?

How's this technique compare to just staying logged out of Facebook? Or using it solely in a sandboxed browsing environment?


Even if you stay logged out, your data is collected from your mobile devices.

And even if you brick your devices and pull the battery, your data is collected by other people's mobile devices.

It all runs to data brokers in the end, and that data has a reliance on Facebook for additional refinement.

This technique impacts that refinement step.


You sound like you have intimate knowledge of the landscape. What would be a great disruption?


I do

And

It's a -HUGE- surface area to cover

When IoT and IoB comes online, it will be near impossible to stop this kind of stuff


For others like me who hadn't heard of IoB.

> IoB (Internet of Behavior) as an extension of the IoT, which focuses on capturing, processing, and analyzing the “digital dust” in people’s daily lives. The term ”digital dust” is a good metaphor for the traces that users leave behind in their Internet activities. As the collection of digital dust from everyday life increases, including data that spans both the digital and physical worlds, information can in turn influence users’ behaviors.


What's IoB?


Internet of Bodies

Basically, the end of the world


Yeah, that's horrifying.


What's the legality of a script like this? Could this be construed as a violation of the CFAA if you were a motivated/evil enough lawyer?

I recall some surprising legal outcomes in recent years, for example jail for posting fake Yelp reviews. Anyone know of any case law for this sort of scripting?


I truly, deeply, and honestly hope Facebook gets litigious over this

My settlement conditions are already prepared

And they are non-monetary and super simple


The part I'm finding most interesting is that I clicked this link and have never heard of pretty much any of the targeted advertisers listed there.


OP here, I've updated the script for a bit more robust support when dealing with slow/delayed endpoint calls! Thanks for the feedback, HN!


Awesome script! I'm watching it run now :)

Question, could someone explain the exact impact this would have for Facebook & a person's experience with ads?

I kinda have a few guesses, but am curious if anyone can weigh in with more info, how this is crippling and overall what the effect should be. Thanks!


Those third parties upload the data they have about you to Facebook (clicks, cookies, times, geo, non-psychology factors)

Facebook then refines what the third-parties have with what Facebook has (enriches this coarse data with rich psychographic data that only Facebook has)

This cuts off that relationship


What browser is this intended for? The below error comes up on Brave on MacOS. Both most up to date version.

VM172:14 Uncaught TypeError: Cannot read properties of undefined (reading 'click') at <anonymous>:14:71 (anonymous) @ VM172:14


Ah, that's not a browser delay. That's an internet speed issue. I'll have to add more resilience to account for that. Thanks!


2.5Gbps on AT&T Fiber not enough? :)

bqmjjx0kac's edits worked great


yeah, clicking into an advertiser has a ~5 second delay to /api/graphql/ at the moment. I was working on resiliency myself


Lawdy, that's a serious delay!

Okay, I'll see what I can do to wait for NETWORK_IDLE or something


I've updated the script, try again! :D



I get this on Safari on macOS: SyntaxError: Unexpected identifier 'wait'

and this on Chrome on macOS: TypeError: Cannot read properties of undefined (reading 'click') at <anonymous>:14:71


I've updated the script, try again! :D


This doesn't appear to recognize any existing 'Don't allow' selections and fails when you've already disallowed some advertisers.


Godspeed good sir. When those shitheads from PerkinsCoie send you a legal threat make sure to share and shame them for it.


Unbelievable and incredible who hard Facebook makes this to do by hand. Completely unethical


What are the actual steps using the UI if one chooses to do it manually?


About 300+ manual clicks on average :/


This was a dumb question from me. You open each advertisers link and click both buttons, then go back.


and he is banned from Facebook.

(for some that is a relief for others it is serious)


Anyone have something like this for Google?


Thank you OP, you're a mensch.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: