A recent experiment by Gizmodo appears to show that Facebook users can be targeted through contact information that they never even shared with the website, sometimes referred to as “shadow contact information.”
A report from Gizmodo recently outlined how Facebook appears to use information collected by advertisers that users may not have shared with Facebook in order to better target ads towards users. Gizmodo states in their article:
Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.
Gizmodo further explains that one of the methods by which Facebook delivers ads to users is through allowing advertisers to upload phones numbers and email addresses of those they wish to target their ads towards, one of the primary reasons that retailers often ask for information such as phone numbers from their customers.
But Facebook doesn’t always use the publicly available contact info you provide the site with to target advertising, it seems that they also use contact information that users provide privately for security purposes and some contact info that users didn’t provide at all. Gizmodo refers to this information as Facebook’s “shadow contact information” and used details from this shadow profile to target ads towards Alan Mislove as part of their investigation.
Facebook has denied this practice according to Gizmodo, but an investigation by Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University and Elena Lucherini of Princeton University, appears to show through a number of tests that information uploaded by advertisers is being linked to these “shadow profiles.”
Gizmodo outlined some of the information in the academic paper stating:
They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. So users who want their accounts to be more secure are forced to make a privacy trade-off and allow advertisers to more easily find them on the social network. When asked about this, a Facebook spokesperson said that “we use the information people provide to offer a more personalized experience, including showing more relevant ads.” She said users bothered by this can set up two-factor authentication without using their phone numbers; Facebook stopped making a phone number mandatory for two-factor authentication four months ago.
A Facebook spokesperson told a U.K. user named Rob Blackie that they could not provide him with his “shadow contact information” because that information is “confidential” and Facebook is “not in a position to provide you the precise details of our algorithms.” When Gizmodo reached out to Facebook they stated that “People own their address books… We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them.”
When asked to clarify why ads were targeted towards Mislove following Gizmodo’s experiment, Facebook said: “It’s likely that he was shown the ad because someone else uploaded his contact information via contact importer.” But Facebook did not dispute the findings of the academic group in their paper: “We outline the information we receive and use for ads in our data policy, and give people control over their ads experience including custom audiences, via their ad preferences,” said a spokesperson. “For more information about how to manage your preferences and the type of data we use to show people ads see this post.”
Mislove commented on the issue saying: “I think that many users don’t fully understand how ad targeting works today: that advertisers can literally specify exactly which users should see their ads by uploading the users’ email addresses, phone numbers, names+dates of birth, etc… In describing this work to colleagues, many computer scientists were surprised by this, and were even more surprised to learn that not only Facebook, but also Google, Pinterest, and Twitter all offer related services. Thus, we think there is a significant need to educate users about how exactly targeted advertising on such platforms works today.”
Read the full article in Gizmodo here.