Hacker News new | comments | show | ask | jobs | submit login
How To Opt Out of Facebook Ads Based on Your Real-Life Shopping Activity (eff.org)
124 points by marioestrada 1521 days ago | hide | past | web | 96 comments | favorite

Even though I use ghostery and provide unique email addresses to websites I don't trust, I still feel a bit uneasy about voluntarily providing my personal information to these companies just so I can "opt out". I know these sites are legitimate, and I trust the EFF; however, it still feels unnecessary.

Maybe I've just been conditioned by the fake unsubscribe links found in email spam, but I don't want to accidentally give these advertisers more information than they already have. Even if they already have complete information on me (which they undoubtedly do), I don't want to provide them with unnecessary confirmation that the information they have is correct.

I never understood the "fake unsubscribe" thing. In a previous life I did infrastructure consulting for people with ROSKO listings and they collected and processed every single unsubscribe. They even traded unsubscribe lists.

Back then everyone was using pinks (contracts with an allowed quota of complaints per day baked in) for mailing. If you scrubbed your lists against unsubs and bounces, you got less complaints and could negotiate better rates in the future.

I agree, I've seen a few but not many, and when they Email me again I just mark it as spam and never see another one. Email is commanded by algorithms right now, which take a heap of hints from their users, it's seriously stupid not to unsubscribe people kind enough to unsubscribe instead of marking you as spam.

Last year I read an article about someone doing an experiment with unsubscribe links on a very old email address. It got loads of spam, and he clicked all the unsub links (or maybe wrote a script to do it). The amount of spam that address received decreased significantly.

So whether or not the "fake unsubscribe" thing was real (my intuition says yes it was), it appears that times have changed!

There's always the option to delete your FB account. I went nearly 10 months without logging into FB last year, and doing so made it quite easy to delete my FB account at the beginning of this year.

Regular removal of cookies, and LSO cookies, as well as clearing the browser cache, is also recommended.

Then there's the ubiquitous "Connect" buttons which are spammed all across the web. Prudence dictates that we avoid connecting our logins across the net in an indiscriminate manner.

Finally, there are "burner" email addresses which I use only to register with certain websites. Nearly all of the spam that makes it past my filters is from so-called "legitimate" websites.

Caveat emptor.

Deleting your account does not stop Facebook from tracking you, unfortunately.

Does Facebook actually delete stuff yet? For a long time they wouldn't delete accounts, photos, etc.

5 years ago (I had been a fb'er since 06) I deleted every message is ever received - took me an age but finally did it.

Kept an empty inbox for the next 3 years.

2 years ago (or thereabouts) Facebook introduces a new messaging setup (about or a bit before their new interface, I've forgotten what they call it) - all the messages were back, all the way back to my first messages sent jn 2005.


They do allow you to 'delete' your account and data, and they say it becomes unrecoverable at that point, but no one can really be sure that they are actually deleting your data.

That's a good point, regarding whether, or not, FB actually deletes user data after we "opt out." Another consideration is how, when Facebook started out, users were supposed to actually know, IRL, the people on their "Friends List." I adhered to that rule all the way until my account deletion last January, but now a great number of users have people on their "Friends Lists" who they have never even spoken to in real life. This point is illustrated by corporate entities being on people's "Friend Lists."

As for FB allegedly tracking me subsequent to my account deletion, could someone explain to me how it could be so? I never posted my actual DOB, nor my cell phone, the email address I used to register hasn't been logged into for many months, and I'm using a new ISP - which uses dynamic allocation addressing.

A possibility could be if your email shows up in your friends' contact list which FB gets from their email accounts.

FB continuesly harrassing me to give them my email password - of all things to ask for! - is something I will never get. 'We'll check your contact list for friends! We won't save your password!' My email password! You wanna install a camera in my room while you're at it?

But some people apparently actually use the service, and thus FB can find out you exist and who you're friends with. They might also mention you etc.

There is no delete in the cloud.

No, your data is never deleted, only your account is "de-activated".

Incorrect (currently). They allow you to delete after you deactivate, but they make you wait 14 days while deactivated in the hope you realize you need facebook.

Well are you sure, that this is not only, what they tell you. Are you sure there is no table in their database called "deleted_unrecoverable_profiles"?

No one can be sure if it is that way, or if the data is really deleted. And knowing their take on user-privacy, I tend to believe, that data is never deleted by Facebook.

Even if they do delete it and never back it up, it seems very unlikely they'd go through what must be a huge library of backups and wipe you from all of them. Such an expectation would be ridiculous, and I'm sure pretty much no company will do that, but the point is your data won't be deleted from all sources regardless.

No. This is marketing spin. Your data is NEVER DELETED. I'll bet you paychecks that FB has archives of all their users data.

One example: a person committed a crime and stored evidence on FB. FB retains user data forever. They might not make it public, but the data is not deleted.

Sadly that's not always an option, given the proliferation of Facebook amongst the "older" crowd. My entire extended family basically communicates entirely (barring face-to-face meetings) via Facebook nowadays.

Or, just don't use facebook. I'm not trying to be facetious, if you don't trust the company with your most personal information then you probably shouldn't be using their service. Because that is what they trade in.

From what I understand, Facebook builds profiles of non-members as well, so they are still a threat.

I actively prefer ads for things I might actually be interested in purchasing. If there were an option to tell advertisers "Please show me more ads about..." I would take that option. whenever I was waffling on some purchase. Most ads suck even so - they don't actually tell me about a new feature or fact that could potentially change or spark a buying decision - but at least it's not a total waste of time.

The only economically productive use-case of marketing is to lead trades to take place that would not have taken place otherwise, or higher-quality trades to take place; which can have its roots in consumer gullibility, but ideally reflects some new company telling me about a relevant product that I didn't know existed. This happens rarely. Having it happen more often sounds like a good idea to me.

I highly recommend Ghostery. I've been using it for quite a while now and have no complaints.

Lifehacker just did a comparison of popular privacy extensions and called Disconnect the best (over Ghostery and others): http://lifehacker.com/the-best-browser-extensions-that-prote...

Yeah... You really should have put a disclaimer in there to let everyone know that you were advertising your own product.

That makes me never want to try the extension, no matter how good it may be.

Yeah, that left a bad taste in my mouth. Just switched back to Ghostery.

I don't think he wrote the Lifehacker article he linked to.

He was advertising it on HN, not LifeHacker, with that comment.

He tried, but his product is so good that it scrubbed out the identifying information in his post.


Just for everyone to know.

byoogle is the mastermind behind Disconnect. :)

I prefer Conformal's Xombrero browser.


I'm interested in Disconnect. Your FAQ says you don't record personal information like IP addresses but what about statistics? Ghostery, for example, has an opt-in option to submit anonymous stats on blocked content. Do you do the same?

Just installed it. I'd heard of it before but never given it a shot. It's definitely got a nice UI.

Okay, I have used both but didn't find Disconnect(good too) even near Ghostery or ABP(have used this too); ABP is bulky that's true..

Though I've been uneasy since Ghostery went closed source[1] but it's so easy to use and light on the browser. Disconnect is partially open source[2] too, and ABP is fully open source. I guess I might switch back to ABP if complains start for Ghostery.

[1]https://github.com/jonpierce/ghostery [2]https://github.com/disconnectme/

How is browser JS closed source?

Without auditing, calling a server open source is meaningless.

Agree, ghostery is the first thing I install (Safari/Chrome -- don't use Firefox). Only issue, a couple of banking sites I use don't play well with it. On those occasions, pause, reload, do action, reenable ghostery. I only wish Pause was on a per-tab basis.

You can disable specific trackers on specific sites - e.g. unblock Google Analytics on your banking site, or Disqus on a favourite blog, rather than having to temporarily disable the whole extension browser-wide.

> You can disable specific trackers on specific sites

Either you are incorrect, or this functionality is non-obvious. Based on recent experience, I'm leaning toward the former.

When I go to edit my blocking options when a site doesn't play nice with Ghostery, I'm given options either to disable certain tracker-blocking or to disable Ghostery entirely on a given domain. There doesn't seem to be an option to stop blocking a given tracker only when its loaded from a certain site.

There is one tracker I've unblocked because it breaks functionality on one site, and I'm fairly certain I've seen its effects on a different site recently as well. It doesn't seem to have unblocked that tracker only for the one site I need it disabled to use.

The way to do it is not obvious, and varied by browser.

For Chrome and Safari, click on the Ghostery icon to bring up its popup control, then click on the 'Edit blocking options' link which will give a checkbox list of trackers to enable/disable. Click out of the pop-up to close it then, reload the page.

For Firefox, bring up to pop-up, then click on the checkbox to the right of the slider, then click on the reload link to reload the page. The slider enables/disables the tracker browser-wide, the checkbox enables/disables for the current domain.

I don't have Firefox on this computer, so I can't check on that, but you're definitely wrong about Chrome. If you click Edit blocking options and uncheck a tracker, it unblocks it globally.

I wasn't sure of this last night when I wrote the comment, but I just tried it out with Google Analytics (since it's pretty ubiquitous), and it wasn't only unblocked on that domain.

I must be misremembering the behaviour in Chrome/Safari. I guess the site-specific whitelisting must be a relatively new feature of the Firefox version that has not been ported yet.

Huh, I use chrome, I thought unchecking on that popup would allow that third party site globally, not just ont he present site.

You're sure?

It's non-obvious, but if you click on the check-mark instead of the slider button, it'll be allowed on one domain only. Annoyingly, it doesn't use a tooltip but tells you what the button does after you click it.

You can whitelist websites in the main preferences, it's a tab in the "trackers" section.

Even though I still use Ghostery, the fact that it was acquired and went closed source makes me uneasy. I don't see a revenue model here - Ghostery is still free as in beer. So I am a bit wary of the moral hazard this poses to the new owner of Ghostery.

From what I recall of their website, they have an opt-in feature whereby the add-on can send them information about what ads are appearing on what pages and the like, and they anonymise and collate the data to sell it. For instance, you could buy a service off them to the effect of "what adverts are actually appearing on my website when Joe User loads it up?"

And I believe I remember also seeing a statement to the effect of "we don't obfuscate the code in our XPI", so you could just extract the add-on as a ZIP file if you want to audit the source.

Awesome, so their monetization strategy is to undermine the whole product and say "trust me"

Well, it would be that if Ghostery didn't offer you choice. Also, the data collected is about trackers and not the user.

Note: Ghostery dev here.

Jesus H Christ, knee-jerk harder why don't you.

Any browser add-on could be monitoring your entire on-line activity. Why the hell does that suddenly become a problem when one's up-front about what data they collect, when they collect it, and what they do with it?

And no, they don't say "trust me". As I mentioned in my first comment, they say "if you don't trust us, unpack the add-on and check the source yourself". Which you definitely can - I just did it myself to verify, and it looks like easy reading to me.


I have found that I don't need both Ghostery and an ad blocker - simply having Ghostery block the trackers will block the vast majority of ads, and the ones that don't get blocked are inoffensive and/or actually interesting.

Yep, I've unblocked Disquis but everything else is blacklisted, and I've had no problems with things breaking.

One thing this shows is just how powerful Facebook could become/already is. When they connect the dots online and offline of billion user's buying information and habits they essentially can electronically understand who you are better than you do, and can predict what you'll do even better. Just food for thought.

When Facebook connects the dots online and offline of billion users' buying information and habits, they essentially can electronically understand who you are better than you do, and can predict what you'll do even better.

Why are people disturbed by this?

Why are people disturbed by this?

Simply put, because the corner stones of democratic societies are built on the assumption that peoples lives are private.

Take voting without privacy. Can voting work if everyone is fully known by the state? If the people in office known where the oppositions voters are, new actions become available. If you can redirect road work, sporting events, sales, and so on, how much work would it really be to get the oppositions voters to spend the day doing something other then voting on the election day? Knowing who votes for who allows those already in power an unfair and destructive advantage over those not yet elected.

Take politics in general if we have no privacy. What happens to politics if every to-be political rival is known to those threatened? If we can identify which kids are going to be political active, those could be discourage. Alternative, they could be influenced, drag into the party line before reaching a independent view.

Or lets leave politics and go to justice. Can you have a working judge and jury system if everything about their life can be fully known? If one party know that a jury members spouse is cheating, they can rephrase their statements in form of betraying. If someone know about economical troubles, one can redress statements as being "down on the luck". If the judge dreams about leaving the bench and begin some childhood dream project, one could phrase statements in favor of startups. Knowing the dreams and thoughts of people, and you get boundless possibilities to influence others.

Predictions based on partial data could be problematic.

One example: I pay for fresh food and staples in cash, and buy 'grocery' items on a card. A data collection system that tracked only card purchases would give the impression of a very unhealthy diet.

This is how it is for me, too. I buy fresh vegetables, fresh meat, milk, eggs, bread at a local farm shop and pay cash. I buy other things like pizza, coffee, processed foods at a supermarket and pay with card - and also scan my loyalty card.

I regularly get offers from the supermarket for money off yet more unhealthy food - they are blissfully unaware that I eat quite well in reality!

If a person is well understood and their actions can be predicted, they can be manipulated.

The real question is: why aren't you?

If I'm manipulated into buying something that I genuinely want, then I'd be happier for it.

It's not as if seeing an ad for a $100 256GB SSD would make me skip looking up the reviews for it and evaluating its performance before I buy it.

It's mystifying to me why people are bothered by targeted ads. If ads become relevant to me, that'd be a wonderful thing. I'm not saying I'm right -- I'm saying I wish someone would explain why targeted advertising is evil.

It is evil because:

1. I get no say in what information they store and use. If somebody else used my computer, that information is associated with me.

2. The more information companies have about me, the easier it is for the government to gather information without due process.

3. What is gathered about me can be stolen by somebody else.

I agree that, in theory, well targeted ads are far superior to the dating ads I get on Facebook, but with zero control, transparency or accountability, I'm very uncomfortable with the amount if info they are trying to gather from me.

I'm not bothered by targeted ads. I'm bothered by the idea that someone who has amassed all the information about me to show me well targeted ads can do other things as well.

For instance, they could sell pseudo psychological profiles or provide scoring services to potential employers, banks, insurance companies, landlords, users of dating sites or governments.

They could be subpoenaed and hence make me vulnerable to extortion by everyone with a sufficiently large legal budget or a political interest. The data could also be stolen by organized criminals.

In other words, it would give great power over my life to anyone who gets hold of that data, and therefore I do not want this kind of data to exist.

> If I'm manipulated into buying something that I genuinely want, then I'd be happier for it.

But do you genuinely want it? or were you _influinced_ into wanting it? It's the same principle that makes fast food advertisements so profitable for the food industry. The ads are already targeted (most people like to eat tasty food).

Furthermore, if you're truly indifferent with being influenced like this, to what extent will the "influencing" remain acceptable to you? where would you draw the line?

The issues with eroding privacy and with the amount of data needed to create targeted advertising are well explored, thus to expand the discussion a bit, lets talk about the subjects outside the scope of privacy.

Advertising, be that targeted or not, are problematic. In return for redirecting how people spend money, they distract people and steals time.

A child growing up is in average spending 133 hours watching TV commercials[1]. Add that with commercials on the web, games, and other media and the time spent on commercial is maybe longer for a child then what they spend learning a subject like math in school. If you then include the time lost from the distracting effect while reading email, or accessing a news site, and the cost of advertising to the individual goes up. People who's main problem at work or school is the ability to focus should strongly consider using tools such as ad-block. It could be the difference between graduating or not.

In contrast, opt-in advertising like recommendation services do not have those issues, and are in my view the only form of targeted advertising that are morally on the OK side. They use primarily legal methods in their businesses model, and do not need to use exploits and legal trickery to work.

[1]: http://www.statisticbrain.com/television-watching-statistics...

People aren't bothered by the targeted ads. They're bothered by what else can be done with that vast, accumulated store of information and the network that's designed for surveillance, tracking and predicting behavior. For a lot of people, facebook is their identity. It's the way others see them and communicate with them, and their account holds a great deal of personal information which could be used to impersonate, blackmail or profile them.

The whole point of manipulation is to make you go against your own interests and buy things you don't need, at some point down the road. Otherwise it would just be making you aware that something exists (which I agree is fine, targeted or not), not manipulation.

Oh I'm sure governments around the world have been thinking quite hard about that.

Which is why online privacy protection laws are so important for legislatures to pass.

And which is by the way exactly the negative incentive for governments to pass this sort of legislation, as they love to get their hands on this kind of data via legal (or pseudo-legal) means.

Am I the only person who would actually prefer targeted ads based on things I might actually be interested in, rather than the crap I've been exposed to before.

If you're going to use a walled garden like facebook, you expect to see walls now and again.

Since they have proven that they are awful at targeting, I don't want it.

The fact is, 90% of advertising exists because the product is not worth buying in its merits. Word of mouth recommendations and independent research studies are where good jnformarion comes from. Targeting doesn't help that.

I think every effort they make to better target is only a good thing. Attempting to block their efforts will skew their results which could lead to worse ads.

The method I have found to stop tracking is to use /etc/hosts to block all traffic to sites that I don't want anything to do with including Facebook and their CDNs. I based it around https://github.com/leto/Util/blob/master/config/etc/hosts.bl... and have added more tracker/advertisement domains as I have encountered them.

Large host files really slow down browsing in Windows. Is their a solution for this besides clearing the DNS cache every hour?

You can block it on your router.

Using Ghostery over AdBlock is good but I won't recommend using any of such tracker blocking extensions to anyone until I know they understand what it does.

At times these extensions do break websites as they block some vital scripts on the site. You have to manually unblock that to make sure the site runs fine on your browser.

I used Disconnect long time ago, but that time it literally broke all the tech blogs, as its blocking was very crude. The site now looks totally different and so do the screenshots, would give it a shot.

Oh and by the way I use Ghostery now.

Breaking literally every tech blog would be way hard to do. :-)

We've gotten literally two bug reports about broken blogs of any sort in the last year (I just checked; and both are now fixed, btw), so I assume there aren't issues anymore. But if you experience any, let me know!

When the Firefox extension was released ( I remember it was released as a Chrome only solution at first ), I tried and all the famous tech blogs used all possible social buttons and TC had just started with Facebook comments, so for most sites, half the page loaded and other half was stuck.

The new UI looks great, defintely would give it a try. I actually have no problem with Ghostery but I like how Disconnect categories all the tracking.

Oh yeah, our original Firefox add-on was outsourced ... and I think kind of sucked. I learned not to do that (even though the devs were and are great).

Thanks a lot for the feedback on the new UI.

I've said this before and I'll say it again -- why the complaints now, when Google has been doing this for years? Essentially, they can collect your information from emails, purchasing habits & financial information from Google Wallet, income, and combine that with Google+ social data, files you put into Google drive, and you have a complete profile that's ripe for advertising.

Google's marketing has done a better job of presenting themselves as "not evil". I won't comment on the accuracy (or not) of that; I'll just note that I only log onto Google accounts in an incognito window.

I don't quite understand this either. Google have been doing this for ages and no one has said anything, but now all of a sudden its a thing?

I just want people to acknowledge that what Google has been doing and what everyone else is doing is essentially the SAME THING. No reason one company should get a pass over others.

Now as for whether privacy is a legitimate concern or not is another matter entirely and I think comes down to a bit of personal preference too.

I for one, don't care about my privacy -- to an extent. There I said it. I don't care if Google knows that I eat somewhere or do something because it's trivial to me as long as my data is SECURE and I have fine grained privacy CONTROLS. If you give me security and control, then I'll gladly hand over my data for a useful service such as mail, or chat, or photos or whatever it may be.

Privacy in 2013 is different, and we must acknowledge that. This is a new generation, a new era. If you want to stay disconnected, then you don't get to experience this new world and if that's your preference, that's perfectly fine. (note: there will always be a subset of vocal technically inclined people like many of us on the forum that will try to resist, but in the long run, we won't prevail; I have ghostery installed for the hell of it, but a large amount of people don't even know what it is).

I think moving forward, every individual is going to have some type of public web presence that will be as much a part of who they are as anything else. Some parts of this presence will be private and tucked away behind anonymous usernames and private content. Other parts will be open for the world to see. To an extent, all of this is already true, but think about all the kids born from 2005 onward. They're only 8 years old now and are going to be part of the new, always connected generation (meaning, they've never known a world otherwise).

Therefore I think security of data is more important than EVER. Every company should make security of user data a TOP priority. In addition, every company should provide FINE GRAINED privacy CONTROL to allow the user to decide what he/she wants to show and to whom. On the other hand, a user should expect that a web company pays its bills through targeting via user data, and should reflect upon his/her expectation of privacy on the web.

The web is the new TV, but different, and more powerful, much more powerful.

Everything you listed is from data you inserted into Google's system, not bought from a third party. But keep digging deeper :-)

Another line of defense it to install an ad-blocker, so even if they somehow know the perfect ad to show you, you probably won't see it.

Another line of defense it to install an ad-blocker, so even if Facebook somehow knows the perfect ad to show you, you probably won't see it.

Why wouldn't you want to see it? A perfect ad is a win for the consumer.

Depends on your definition of "perfect", there are certainly a lot of highly effective ads that persuade people to buy borderline scammy products.

A perfect ad is one I asked for, when I asked for it, like in Google or Amazon search results.

I go to Facebook to check on friends. I don't want a fried-chicken billboard to appear beside the photo of my friend's new baby. It's the wrong context (even if I'm craving fried chicken).

what if it was a baby shower gift? What if they managed to connect enough dots to know that this is what you want, and thus, make the sale via this channel?

I still may not want to make the purchase via that channel. In fact, I find most important to be able to enter any web to read its content without those distractions. If I want to buy something, I'll go to any online store, thanks.

Then I can ask Facebook to show me gifts and stores my friends like, and some general listings.

I love that one crazy tip from a single mom!

But the industry hates her.

if they're using hashed emails for tracking, we're pretty much clucked. There is an option in gmail that can prevent this.

if your email is abcd@gmail.com, use abcd+sitename@gmail.com (gmail will ignore the stuff after the + ). You can also use . separators.

Now, to keep track of that...

Since Gmail's account name semantics are well known, the top data collecting agencies have no doubt adapted by now.

Also, frustratingly, a lot of sites will break, often silently, if you give them an e-mail address with a plus symbol (e.g. it might end up in a GET request to an internal API without proper escaping, and be interpreted as a space).

Yes, the only way to go is your own domain. Use an add-on like Virtual Identity for Thunderbird to keep track of which From address goes with which recipient. https://www.absorb.it/virtual-id (their cert seems to have expired over the weekend)

I do wonder when/if trackers collapse all addresses on a small domain into a glob. They totally could.

Whether this works depends on the site's email validation script: many don't allow the '+' character.

Gmail filters out '.' within usernames (e.g., john.smith@gmail.com and johnsmith@gmail.com are sent to the same account), but this gives you a more limited number of options, and is even harder to keep track of!

> product warranty cards

Why hasn't the FTC shut this scam down yet?

> phone number

Holy cow FB uses my private security tokens as a source of ads?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact