In the last few months, Facebook has made significant changes to the way advertising works on its site. As some predicted, Facebook’s going public and needing to drum up more revenue has resulted in the company dipping its hands deeper into users’ data to monetize it. More than that, those hands are starting to pull in data from outside of the Facebook kingdom. Privacy engineer Joey Tyson lays out the three big “innovations” in Facebook advertising from the last few months in a Facebook blog post, and argues that the company “carefully designed our versions of the features with your privacy in mind.”
Here’s what’s changed:
1. Advertisers aren’t just targeting ‘your type anymore.’ They’re actually targeting you.
It used to be that advertisers tried to reach a particular audience, i.e., “25-year-old men that like sports cars and Little Ponies.” But now advertisers are finding ways to target specific people, i.e. the guy they know has the email address “IamaBrony@gmail.com.” Thanks to “Custom Audiences,” if a marketer knows your email address or phone number, they can tell Facebook to specifically target you with an ad. Tyson writes:
For example, a shoe store might want to show a special offer to people who have already bought shoes from them. The store can provide us with “hashes” of their customers’ email addresses so that we can show those same people the ad without the store having to send us the actual email addresses. These hashes are bits of text that uniquely identify a piece of data (such as an email address) but are designed to protect against reverse engineering which would reveal that data. Since Facebook and the store use the same method to create each hash, we can compare the store’s hashes to hashes of addresses in our records and show the ad to any group of users that match. If a hash from the store does not match any of ours, we discard it without ever discovering the corresponding email address and without storing any information that we did not have before. And once we no longer need the hashes that do match, we delete them too.
Facebook is not the only tech company making it easier to target specific people with ads. This summer, ProPublica detailed how Microsoft and Yahoo are now allowing advertisers to target specific people with ads if they know their email addresses. That means ads are starting to become like direct mail, except those who see the ads don’t realize it, because their address isn’t on the front of the digital envelope.
2. Advertisers can now target people with Facebook ads based on their Web browsing and searching outside of Facebook.
“Facebook Exchange” lets advertisers target ads at customers who have visited their site. So if you looked at some scandalous lingerie on Sears.com, for example, you might start seeing ads for that lingerie the next time you’re on Facebook, should Sears wish. Writes Tyson:
Facebook Exchange (FBX) gives marketers an opportunity to bid on showing ads in real time. Approved third-party service providers work with Facebook and marketers to enable this process. We agree with a provider on an ID number (separate from your Facebook ID) for each visitor’s browser. If someone then visits Facebook and his or her browser has that ID, we notify the service provider, who tells us when a marketer wants to show a particular ad. This allows marketers to show you ads relevant to your existing relationship with them – and without them needing to send us any personal information about you.
By now, most of us are used to products that seem to follow us around the Web after we look at them once. Now the ads can trail us off-road into the Facebook forest. Users can opt out of this, but not through Facebook. They have to visit the opt-outs of the third party platforms (that they’ve never heard of before) that are doing the ad matching (TellApart, Triggit, Turn, DataXu, MediaMath, AppNexus, TheTradeDesk, and AdRoll).
3. Facebook is tracking what users buy in stores so it can tell advertisers that their ads work.
Facebook has partnered with a Colorado-based company named Datalogix which has a vast database of what we buy thanks to its access to information from stores’ loyalty card programs. Facebook can now tell advertisers that after seeing a specific ad, x% of users bought the product. Writes Tyson:
Because of our commitment to privacy, we had an industry-leading auditing firm evaluate the privacy implications of this process. The auditor confirmed that, throughout this process, Datalogix is not allowed to learn more about you from Facebook profile information. Similarly, Datalogix does not send us any of their purchase data, meaning we cannot specifically tell whether or not you purchased a marketer’s product. Finally, with this partnership, Datalogix only sends the marketer aggregate information about large groups of people. None of this data is attributable to an individual Facebook user.
Tyson ends the post by reminding users that “advertising helps keep Facebook free.” Tyson, known on Twitter as TheHarmonyGuy, appears to be taking questions there about the post if you’re interested.
If nothing else, I’m impressed that “privacy engineer” is a job title that exists now.
Relevant Ads That Protect Your Privacy [Facebook]