The Other Irresponsibility

Following Mark Zuckerberg’s awkward and tedious testimony before the House and Senate came several great pieces from journalists covering it, as well as Facebook as a whole. I wanted to collect a few of the best that I found as a sort of highlight reel of irresponsibility.

Sam Biddle, of the Intercept, on Zuckerberg’s frequent claims that he didn’t know the answer to a question:

After watching the Facebook founder and CEO’s 48-hour trip to Capitol Hill, there are two possible conclusions: either Mark Zuckerberg deliberately misled Congress, or Mark Zuckerberg knows very little about his own company. Both are bad.

Again and again, before both Senate and House committees, Zuckerberg pleaded ignorance about the company he created and has controlled for 14 years. Zuckerberg wasn’t dodging questions about obscure corners of the company or corporate minutiae, but the most plainly fundamental aspects of Facebook’s business and privacy policies. Rather than the congressional beatdown many had expected, the most striking aspect of Zuckerberg’s testimony wasn’t his painful apologias or excuse-spinning, but his ability to spend nearly 10 hours saying almost nothing. The hearings may prove to be a sea change moment for Facebook and the greater data-mining industrial complex, but it would be hard to say the public learned much of anything.

Alex Kantrowitz, Buzzfeed:

During his two-day marathon testimony in Washington this week, Facebook CEO Mark Zuckerberg looked particularly uncomfortable answering basic questions about how Facebook tracks people when they’re not using Facebook. In case you hadn’t already heard, yes, it’s true: Facebook can track your online activity even if you aren’t signed in to Facebook.

Paris Martineau, the Outline:

Facebook claims that you can download a copy of everything it has on you here. Mark Zuckerberg said the same during his testimony to the U.S. House of Representatives yesterday (“Congressman, I believe that all of your information is in that — that file.”). However, according to Facebook’s own Privacy Operations Team, both of these statements are wrong. Even better, Facebook has told users it cannot give out this information because it’s too difficult to access and package into a readable format.

Alexis C. Madrigal, of the Atlantic, expands on the same topic:

This apparent contradiction relies on the company’s distinction between the content someone has intentionally shared — which Facebook mines for valuable targeting information — and the data that Facebook quietly collects around the web, gathers from physical locations, and infers about users based on people who have a similar digital profile. As the journalist Rob Horning put it, that second set of data is something of a “product” that Facebook makes, a “synthetic” mix of actual data gathered, data purchased from outsiders, and data inferred by machine intelligence.

With Facebook, the concept of owning your data begins to verge on meaningless if it doesn’t include that second, more holistic concept: not just the data users create and upload explicitly, but all the other information that has become attached to their profiles by other means.

Gennie Gebhart, for the EFF:

Facebook’s ethos of connection and growth at all costs cannot coexist with users’ privacy rights. Facebook operates by collecting, storing, and making it easy to find unprecedented amounts of user data. Until that changes in a meaningful way, the privacy concerns that spurred these hearings are here to stay.

Andrew Ross Sorkin, New York Times:

When Google first introduced Gmail in 2004, this newspaper raised questions about the prospect of users objecting to a service that displayed advertising to them based on the content of their email: “For many, the bottom line appears to be that sifting through personal email with an eye toward making a sale is beyond the pale.”

Well, now more than 1.2 billion people have active accounts with Gmail, a service that until the end of last year sifted through your private messages. Apparently, it wasn’t beyond the pale.

For consumers, the transaction has always been pretty clear: The convenience of free service in exchange for information that allowed advertisers to specifically target us. The distinction in that equation was motivation; we figured our data was being used by benign companies seeking to sell us that pair of sneakers we wanted, not by bad actors trying to influence our political votes — or incite violence in places like in Myanmar.

These are all very good points made by astute writers in publications that I trust. Yet, most of these web properties — the EFF’s and the Intercept excluded — use some form of Facebook’s tracking scripts, whether that’s a Like or Share button, Beacon, or Pixel. That means they’re part of the problem; in a way, I am, too, by linking to them but, in my defence, Facebook’s scripts are among the web’s most popular, as are — surprise, surprise — Google’s.

The Outline uses Facebook’s Custom Audience and Pixel tracking, according to Ghostery. However, you may not be aware of that because it isn’t exactly something they advertise. To find it, you’d have to open the hamburger menu on the above linked page, click the small “Legal” link at the bottom, and look under the second section of their privacy policy where they link to a help article about the Facebook Pixel without outright stating that they’re using it.

They’re not alone; many websites don’t fully disclose their use of these trackers, and most do so only in a byzantine and buried privacy policy. The New York Times, for example, has a tiny grey “Privacy” link nestled in their footer. Then, you must scroll about halfway down the page to the “Third Parties” section, where you may “click here” to view a list of third-parties that “may be using cookies”. However, Facebook does not appear on this list despite the Times absolutely using their scripts. I was unable to find a reference on their website to the Times’ use of Facebook’s advertising and targeting scripts.

What’s absolutely clear here is that websites need to stop using Facebook’s tracking scripts — and Google’s too, while they’re at it.

For what it’s worth, users can and should make it harder for advertising companies to collect their browsing data. In iOS, under Privacy in Settings, you can switch on the Limit Ad Tracking option, and turn on Prevent Cross-Site Tracking under Safari settings. The latter option is also available for Safari on MacOS. Zack Whittaker at ZDNet has more information on opting out. You can also use a script or ad blocker to prevent tracking scripts from loading.

I completely understand that these scripts provide many advantages from a marketing and advertising perspective. I also get that the realities of the news business mean that publishers feel forced to make hard choices that increase revenue despite potentially compromising on principle. But websites that embed these scripts are contributing to these privacy-violating platforms. All web property owners — but especially highly-trafficked properties — have a responsibility to their visitors. Participating in a web-wide tracking scheme betrays that trust. It must be stopped.