Facebook today explained in further detail the most troubling revelation from Mark Zuckerberg’s marathon testimony before Congress: that the social media giant tracks users even if they aren’t logged in.
In a lengthy blog post, Facebook product management director David Baser explained the types of data the company gathers and the methods it uses to do so. One particularly concerning detail is that it collects information about people who don’t even have an account.
“When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook,” Baser wrote. “Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them.”
Concern about Facebook constructing so-called “shadow profiles” was renewed when House Representative Ben Lujan asked whether the social network scrapes data on users who had never set up profiles. Zuckerberg admitted the practices, claiming it’s done for security purposes. Yet, the latest post from Facebook fails to describe how it uses data from that particular group of people for security.
But if Facebook is going to be transparent to a degree that will satisfy users—as it said it would—it will need to specify how it applies information about people who aren’t logged in or haven’t signed up for its service.
Later in the post, Baser does explain that data about websites a particular internet user has visited can help Facebook determine if they’re a bad actor. For example, it might raise red flags if someone tries logging into your account from a Russian IP address or if a browser visited hundreds of sites in the last few minutes.
The blog post also throws a handful of its rivals under the bus, explaining how those services similarly gather information about users. That should come as no surprise, but Facebook’s willingness to single out companies may show its desperation to move the conversation about privacy onto someone else. Unfortunately for the social network, none of those other companies admitted to letting a political data group exploit the personal information of millions of users.
“Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google, and Twitter all offer login features,” the blog says.
To its credit, the full blog post explains when and how Facebook collects certain data, and how you can control how Facebook uses your data if you do have an account. You can read it here.