top | item 24689438

Tell HN: FB tracked my sensitive buy outside FB, cant delete a suggestion in app

145 points| rathel | 5 years ago | reply

So I bought a rather sensitive item outside of FB on a retailers' webpage. Thought using private browsing was enough (I always do even for trivial stuff).

Now, somehow FB tracked me, found a similar item in FB Marketplace and shows me it in the main app menu as a suggestion next to Marketplace option. Like in this image, but the white Marketplace panel also has a thumbnail: https://brayve.net/wp-content/uploads/2020/03/echo/fb_menu_revamp2.png [1]

I deleted all the stuff from ad preferences, "activity outside FB", turned it off completely. I long-pressed the thumbnail and asked FB not to show it anymore, but it persists.

Does the HN crowd know how to disable this crap if asking FB not to show it doesn't cut it? Now I can't open FB in the public... :/

[1] Won't post my own screenshot, because image censorship is easy to screw up, I couldn't find a screenshot with such thumbnail on the web.

128 comments

[+] mcpherrinm|5 years ago|reply

Did you purchase the item from a retailer that you gave an email or phone number which matches the one on your Facebook account? If so, I would suspect such an identifier is being supplied by the retailer to Facebook for ad targeting. It could also be your credit card issuer, potentially.

Private browsing helps prevent browser-based tracking, but doesn't help at all if both sides are playing together and have ways of correlating your identity.

[+] rathel|5 years ago|reply

For FB, I use an e-mail that is no longer my primary one for almost a decade - all other activity is on a different one.

[+] weare138|5 years ago|reply

> If so, I would suspect such an identifier is being supplied by the retailer to Facebook for ad targeting. It could also be your credit card issuer, potentially.

This is the problem, so many companies are harvesting our data now it's almost impossible to know how your personal data is being acquired anymore.

That being said, another thing to look out for is sites and apps running Facebook's integration crap. If the e-commerce site in question is running Facebook's code on the site, FB could easily correlate the data (IP address, browser fingerprint, etc.) and connect it back to you even if you are using Private Browsing.

[+] yumraj|5 years ago|reply

Your IP address, browser fingerprinting (despite the private browsing) and so on.

There are just too many ways to identify you, and therein lies the problem.

If this kind of thing is concerning to you, you have no option but to delete the FB account.

EDIT 1: Removed MAC address from my comment, which was incorrect as noted below.

EDIT 2: This is a test that is available from EFF to test your browser fingerprinting: https://panopticlick.eff.org/

[+] dvt|5 years ago|reply

FB also has "shadow" accounts, so even this may not be super helpful.

[+] dillondoyle|5 years ago|reply

Sure but this is simpler than that. The merchant used their name, address, and email/phone to match to FB. Doesn't really matter what browser/cookies

[+] Balgair|5 years ago|reply

I love panopticlick, but hate it as well. They just tell you ' yup, you're screwed' but they don't tell you how to avoid being so. I get that there are likely some legal reasons, but the tool almost does more harm than good in this way. I don't want to have a browser fingerprint, tell me how to not have one.

[+] elisaado|5 years ago|reply

can Facebook see your mac-address?

[+] jzzskijj|5 years ago|reply

How are merchants and Facebook getting your MAC address?

[+] dillondoyle|5 years ago|reply

To answer your main question go to link below -> turn off ads based on data from partners

https://www.facebook.com/help/568137493302217

[+] zigzaggy|5 years ago|reply

I quit bookface many years ago because of exactly this reason. Well, this and the fact that FB has absolutely blown the trust of keeping all this data on us without it being spilled into the universe every few years. Or worse, used against us politically.

Anyway I wish I had a solution other than "delete the account and don't look back," but I don't. I will say that life goes on and those people in your life that really care will find a way to communicate with you. And the ones that don't? I don't miss them at all, really.

[+] everdrive|5 years ago|reply

As many commenters have pointed out, Facebook (and a lot of other sites) have many myriad ways to track you, and so something such using private browsing mode was insufficient to protect your privacy.

What should trouble you, however, is that this sort of correlation is going on all the time in the background. It's not necessarily always the case that the correlation is made apparent to you. Often times (most times?) it will be totally invisible.

[+] murukesh_s|5 years ago|reply

IP Address.. If my wife browse an item, just browse no need to purchase, i get the ads. Also many track you even if you open private browsing [1].

[1] https://github.com/fingerprintjs/fingerprintjs

[+] nazca|5 years ago|reply

Social cooling, IRL. From just a week ago: https://news.ycombinator.com/item?id=24627363

[+] chsp|5 years ago|reply

It is more likely the retailer uploaded this purchase to Facebook with hopes to target you in the future. If you used the same email address or the phone number associated with your Facebook account at the checkout, Facebook "enriched" your interest graph with this information.

In these cases private browsing or a VPN or a using Tor would not help. This is a much common vector for interest targeting at Facebook. Retailers willfully share what you believed would be private with ad targeting platforms like Facebook and Google. Twitter has something similar too I think.

[+] gwbas1c|5 years ago|reply

Are you sure the data is from the purchase? For example, did you search for similar things before making the purchase?

Otherwise, sometimes I suspect ads are targeted by IP. Sometimes I see ads for things my wife is interested in.

You might want to try VPN. At least you'll see ads for all the sketchy things other VPN users buy!

[+] rathel|5 years ago|reply

I _suspect_ I might have clicked a link for order tracking outside private mode (Gmail's Chrome WebView, go figure...)

Now, to prevent such events in the future I installed Firefox on my smartphone along with uBlock Origin. I use FF on desktop since forever, should have used it on mobile as well.

[+] input_sh|5 years ago|reply

Unfortunately I have no advice to give to you in such a shitty situation, but this is #1 reason why I have never installed any Facebook-owned app on any smartphone I've ever owned (including WhatsApp and Instagram, of course).

I still interact with their products when I have to, but exclusively from a browser with an adblock.

And Instagram forcing people to install an app to even create an account in its early days was the sole reason why I've never had one.

[+] kevin_thibedeau|5 years ago|reply

Facebook worms its way into system apps. Nokia phone camera app pings FB every time you start it up.

[+] justinclift|5 years ago|reply

Delete your FB account? :)

[+] offtop5|5 years ago|reply

I'll do that soon , but too many of my friends ( real life people, I haven't meet anyone from the internet in over 4 years) only can contact me on FB.

I do my best to limit my use of FB services

[+] strunz|5 years ago|reply

I'm pretty sure Facebook does simple IP address tracking to serve ads. I've noticed my wife and I both get served ads for things the other has recently searched for.

[+] amichal|5 years ago|reply

Not just Facebook, lots of folks do this.

I was reading an news article on my phone on NYT just yesterday while someone else in the house was buying things from a big online clothing store (not amazon) on her phone at the other end of the couch. In real time the ad slots on the article on my phone switched to show ads for the site she was buying from and for similar products. The had previously been showing me something i bought a few days ago.

[+] TheHeretic12|5 years ago|reply

>Now I can't open FB in the public... :/

Just poison the data. Break their algorithms by going on a bit of a virtual shopping spree. You wont even have to buy anything, just place in cart and cancel later on. Get those targeted ads replaced with ads for machine parts, woodworking tools, craft supplies, coffeemakers, etc. Make sure you ARE logged in when you do this, so that these results have a higher priority for the algorithm to pull. Some products will also COMPLETELY poison your profile, just like a runaway slave throwing red herring. Anything related to pregnancy or impotence will do this. If they want data, give it to them. Drown them in it.

PS. I wind up shopping for parts for my job on my phone all the time, I know this works. Even when you dont have the accounts connected, they do.

[+] unknown|5 years ago|reply

[deleted]

[+] wing-_-nuts|5 years ago|reply

Full disclosure, I nuked my facebook account in 2016. Having said that can't you just block the ads with ublock origin? If that doesn't work, I'd start going one level deeper and start blocking individual javascript files until I found the one that controlled the adverts. None of this may work, but it's worth a shot?

[+] nneonneo|5 years ago|reply

I don’t know about marketplace ads, but timeline ads are remarkably hard to block. The only differentiator between timeline ads and regular posts is a little bit of text that says “Sponsored”, and FB absolutely goes out of its way to make it very hard to key on the presence of that text (each character in its own span with randomized CSS IDs, interspersed with random characters, with various CSS hiding techniques, sometimes even using the CSS :after properties to inject extra text). That "sponsored" text is present on every timeline post and just selectively hidden on non-ad posts with the same CSS tricks. So, if your filter is even a little bit wrong, it’ll hide every timeline post and make your adblocker look broken.

The solution to not seeing ads on Facebook is to not use Facebook, IMO...

[+] Jonnax|5 years ago|reply

Have a look at these sites: https://amiunique.org/ https://panopticlick.eff.org/

Your browser leaks a lot of information about you

[+] BTCOG|5 years ago|reply

Stop using Facebook. Sinkhole all Facebook domains.

[+] paule89|5 years ago|reply

Try using an adblocker. Never see any suggestions again.

[+] trox|5 years ago|reply

> Now I can't open FB in the public

The problem here is that the ads would still show on other devices that have no ad block.

[+] markosaric|5 years ago|reply

Private browsing doesn't help with this type of tracking. You need to use a browser or a browser add-on that blocks Facebook as a third-party connection. So if any site or app has a Facebook pixel that sends data back to Facebook it will block it from doing so. Alternative is not to use Facebook.

[+] anongoesprivate|5 years ago|reply

i lost hope and started using Mozilla with Ublock origin and privacy badger, i know i can't stop billion dollar companies from collecting my data, but with the above combo , at least i can stop them from rubbing my data on my face