Did you know that your Tweets are delivered to the Library of Congress, which archives them for historical purposes? Or that Facebook tracks and receives data about you when you visit any website that uses their platform, even if it’s just a social plugin? Or that Google not only collects your device information, but may also log its location, search queries, and all kinds of telephony information including calling-party phone numbers and the time, date and duration of the calls?
I recently took it upon myself to read through the privacy policies of the “Big 3” social sites: Facebook, Google, and Twitter. In the process, I’ve gained a better understanding about what information is collected (personal and non-personal) and how/where it’s used.
I have also been appalled by what I have learned. And I think you will be, too.
Please Note: The intention of this article is not to scare you away from using social media sites, or to bash the “Big 3” social sites for their tracking practices. Rather, it’s meant to be an honest, informational article to help you become aware of the types of tracking and monitoring activities that social sites take part in. There are even some practical tips included that will help you better understand and protect yourself from unwanted tracking.
Listed below is a summary of what was found in these policies, and what to beware of when using these sites.
All of the “Big 3” social sites receive data about you all the time, such as when you use their website or app, and when you post an image/video with metadata. They get data about your computer and mobile devices, sometimes including things like your phone number, location, browser/device information, and sites you visit. Google actually takes it a step further and can associate your unique device identifier with your account, and can track details about your device including search queries, location, and all sorts of telephony information like phone numbers and the time/date/duration of calls.
Additionally, these sites know when you use a game/application/website that simply uses their platform (e.g. a social plugin), and can glean details such as the time/date of the visit, web address, IP address, browser and operating system, and your user ID.
It’s no wonder people suspect these websites to be in cahoots with the NSA.
Online advertising is huge. It’s an absolutely enormous source of income for these (and many other) websites. And to help them make the optimum amount of money, and to “help deliver tailored ads and understand online activity”, they get and share user data with affiliates, advertising partners, and other third parties. As one example, Facebook shows you relevant ads based on data you give them, such as posts, things you share, prior ad interaction, apps used, keywords from stories, and “things we [Facebook] infer from your use of Facebook.”
This said, it’s worth noting that these sites claim that they only provide data to outside partners after they remove your PII (personally identifying information), or have combined it with other data in such a way that it’s no longer identifiable to you. I sincerely hope this is true.
Cookies, pixels and local storage aren’t all bad. Almost every website out there uses one or all of these. They’re helpful for lots of things. They help create a better, faster experience for users. They allow you to stay logged in to a website, even after closing your browser. And they help keep track of other information like your browser and language preferences. So it’s no surprise that each of the “Big 3” sites have entire sections of their policies dedicated to their use of these tracking technologies.
That said, I recently ran a quick test where I visited some of the most popular websites and checked to see how many cookies each site placed in my browser after performing one simple action: Logging in. The results of the “Big 3” sites?
- Google: 20
- Facebook: 18
- Twitter: 16
Again, not all cookies are bad. Many of the cookies used are useful for better user experience and storing preferences. And these numbers are really not so bad compared to other popular sites I tested (full results available in the article Cookie Monsters).
Just remember: Though helpful, some cookies and other tracking methods offer the ability to know who you are (even if it’s not explicitly PII) and where you go on the Web, and report back to these sites.
Twitter: The Worse Offender
- “What you say on Twitter may be viewed all around the world instantly.”
- “Most of the information you provide us is information you are asking us to make public.”
- “Our default is almost always to make the information you provide public for as long as you do not delete it from Twitter, but we generally give you settings to make the information more private if you want.”
- “Your public information is broadly and instantly disseminated. For instance, your public user profile information and public Tweets may be searchable by search engines and are immediately delivered via SMS and our APIs to a wide range of users and services, with one example being the United States Library of Congress, which archives Tweets for historical purposes.” (emphasis mine)
That last one really got me. All Tweets are delivered to the Library of Congress for archiving?!?
As you can see, Twitter is essentially saying, “Our default is to make everything you do public.”
Putting the Pieces Together
OK, so these sites track us and learn a lot about us and our behaviors. That’s not necessarily all bad, is it? Not necessarily. After all, it’s helpful for these sites to know about us so they can show us relevant information, such as suggesting people we may know, what local events may be happening, and as much as I hate to say it, show us ads tailored to our interests.
With that said, let me hit you with a statistic about social plugins and widgets:
Of the top 10,000 websites out there, 24.3% integrate with Facebook, 13.3% integrate with Google+, and 10.0% integrate with Twitter.
Source: Pingdom, 2012
These numbers aren’t that startling at first glance. After all, social media is huge. So it’s no wonder so many sites integrate with the most popular social sites.
But remember this: The privacy policies of these websites admit that they may receive data when you use a website that merely use their services, such as social plugins and widgets. By putting the pieces together, it’s plain to see the glaring truth:
Every time you visit a website that contains a social plugin or widget, you can be (and are) tracked. Not only by that website, but by any social site you are simultaneously logged in to.
I don’t know about you, but that level of tracking is borderline creepy.
Some Practical Tips
As stated above, this article isn’t meant to scare anyone away from using social media sites. But if you’re worried about the amount of tracking that these social sites do, there are a few easy, practical things you can do to help reduce the amount of information gathered about you.
- Consider using a separate web browser for your social media sites than you use for your general web browsing (e.g. use Google Chrome for your social sites, and Firefox for general browsing). In this way, when you visit sites that have social plugins, it will be in a browser in which you aren’t logged in to your social sites, and therefore, you won’t be tracked as obtrusively.
- Be smart about what you share. While it might be tempting to share personal details about yourself, how many people really need to see what city you live in, your phone number, your home town, or where you have lived and/or travelled? By leaving out PII, you help protect yourself from websites knowing too much about you.
While this information about tracking and collecting/sharing data may or may not be surprising to you, it’s at least good to know. And it’s worth taking a few minutes to carefully consider what information you are sharing on these sites. Even if you think you have your privacy settings set correctly, there’s a good chance that your words, pictures, videos and actions are still being tracked.
Information used and quoted above are taken from the privacy policies (and containing legal pages) of Facebook, Google, and Twitter. Listed below are links to these policies: