Thursday, March 05, 2015

How Does Facebook Know My Browsing History?

Yesterday (March 2, 2015), in a private email response to a friend about a movie actor with which I’d worked, I found a still image of that actor in that movie on Google Image Search. I went off on a tangent about doing lighting in that very scene, and (as I am wont to do) when I made a reference to a specific kind of motion-picture lighting instrument, I looked up that instrument in a Google search, thinking that the friend would be interested in seeing more about the specific device. Not able to find the actual manufacturer’s web page for an “LTM Pepper 100 Watt Fresnel Tungsten Light,” I copied the URL for the top Google match, a page from the online store for photography retail giant B&H Photo in New York City. However, I forgot to include the link in the email (which I didn’t discover until doing some sleuthing today).

So at this point yesterday afternoon, all I’d done was visited that B&H Photo web page, and written and sent some email and NOT included a link to this web page.

Today, when I first looked at facebook on my phone, I saw (see screenshot) the now-familiar image of an LTM Pepper 100 Watt instrument in a thumbnail of a B&H Photo page, and facebook informed me that two of my Friends had “Liked” “B&H Photo Pro Video Audio.”

What? I’d never communicated about that lighting instrument on facebook - only in private email. I looked at my previous day’s email to see where I’d included the link to the B&H LTM Pepper page, and discovered that I’d forgotten to even include the link in that email.


Part of what was at work to produce this result was an HTTP cookie from my web browser. What are cookies? They are little bits of text, stored in a place accessible to the user’s web browser by a website. When the user re-visits a site, the site requests that the browser look for its own cookies in that storage place. What do they store? Mostly information that makes visiting their website a better experience for the visitor. Preferences about which language you’d like to view, whether you’ve visited before, and which of their pages you’ve already view are among the many possible bits of information cookies can store. Websites promise theoretical anonymity about user identity in cookies, and attempt to avoid inclusion of information which users might find an invasion of privacy. (See “More Information About Cookies” below for links to help you control your browser’s behavior with cookies.) Because users can view the contents of these cookies themselves (procedures vary, search for something like “view cookie contents ”), there’s the promise of transparency about what kind of information is shared, and there is risk in giving the impression that user's personal data might be revealed to others (even though that happens all the time).

This was the cookie that the B&H Photo site stored on my computer. (This was viewed in Google Chrome browser at chrome://settings/cookies.) 
I was searching for garbage disposal splash guards earlier this
week, and they just showed up on this tech site's ad insert  
You may have seen an ad for a specific kind of item you’ve previously shopped for online popping up in a frame on another site. Indeed, as I was just researching to write this article, a web page popular technology site displayed an Amazon ad with the very garbage disposal splash guards I was perusing on the Amazon site this week. That’s clearly a customized “drop in” ad which only I will see, and was generated in only two or three seconds (amazing) between the time I requested that page and it actually displayed in my browser. In this case, Gizmodo has deliberately put code in their web page that lets Amazon run their own web browsing session in a little window. From within that session, Amazon can access the cookies they set on my computer in previous visits to their site.


So how does facebook know about something I searched for on my browser? Well, until somewhat recently, how data collected from your online activities crossed between different websites depended upon both of those sites having common ownership, or one selling cookie information and the other buying cookie information, or both sites subscribing to services which aggregated and shared cookies between subscribing businesses.

What’s new here is that facebook made it look like my two friends had an interest in exactly the item to which I had simply browsed on the B&H website at some time in the past, without my posting about it on facebook or even knowing that B&H had a facebook page.

I just wrote the two friends to ask when they "Liked" the B&H page, and whether they actually saw the LTM Pepper page in their facebook feeds. I’ve only gotten one response so far, but he Liked the B&H facebook page no more recently than a year ago, and had never seen the page with the LTM lighting instrument.

Facebook has been trying to make the most of combining its position as the world's largest social-networking site with targeted advertising. Using only the "Like" feature with commercial facebook pages, they claim to have had substantial success in profiling their users for some characteristics, and attempt to use those profiles to present "appropriate" advertising to each user. But among other things, many users don't contribute Likes in their fb activities.

In 2014, facebook began employing a new mechanism to track the web browsing activities of users outside of facebook. It can’t see everything a user does with their browsers - among the techniques employed, facebook takes advantage of a mechanism used for their advertisers to know if people are visiting their website because of facebook ads. So it only works for certain sites. But facebook is so big that few online businesses can resist advertising with them, and therefore using their tracking system.

So just as with the Amazon garbage disposal splash guard ads I saw on a 3rd-party site, I’m the only one seeing the LTM Pepper page at the B&H Photo website on my facebook Mobile wall (I saw no sign of this B&H link on the desktop version of fb). But when facebook finds a correlation between information gleaned from my browsing history with any of my social connections who have "Liked" a commercial site, it looks like my Friends are providing testimonials for an item which I’ve viewed on the Web. In fact, neither of those two fb Friends ever knew about the LTM Pepper; that I had visited the B&H site; or about each other.

Hey, facebook is a for-profit, publicly-traded company, and have a duty to their stockholders to make money. We live in a capitalistic society. Still, in pursuit of a more effective way to serve their advertisers, changes like these which could potentially seem “creepy” or invasive to their users seem like a risk to their user base, and their dominating position in the social-networking world is anything but assured.


If this has made you paranoid about cookies, I wouldn’t be too concerned, just know that they’re there, and that they could reveal something about your online habits. If you’re uncomfortable with the idea, you could try disabling cookies and observing which of your favorite websites no longer work the way you’d like them to. You can then selectively allow sites you trust or can't live without to use cookies to restore useful functionality. (For what it’s worth, I allow full cookie access, and just know that whatever I might be doing online isn’t exactly private.)

There are also ways to browse for a single session or all sessions without storing any information on your computer. Search for “private browsing ” for more information.


If you want to opt-out of facebook’s tracking system, here are some articles which detail the steps required:


Here’s a nice article about Internet Cookies by Marshall Brain.

At the following pages, you can find out how to completely or selectively disable cookie activity, and delete some or all of the cookies already stored by your browsers:

Here is a non-profit site dedicated to the topic: It’s a bit out of date, but the information is good.

Here is a U.S. Government page Cookies: Leaving a Trail on the Web

. . . and here is the page by the non-profit digital rights organization The Electronic Frontier Foundation titled 4 Simple Changes to Stop Online Tracking.