Following CEO Mark Zuckerberg’s near 10 hours long Congressional hearings, Facebook is now offering details to its users (and US legislators who asked) on how exactly it collects data from people when they’re not logged into the platform.

In a blog post, the company’s Product Management Director David Baser explained the basics of various tools and products, including social plugins, Facebook Login, Facebook Analytics, Facebook Audience Network and Facebook Pixel. “When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.” Baser wrote.

Baser’s goes on to detail the types of tools and services used by other websites and apps,

  • Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook;
  • Facebook Login, which lets you use your Facebook account to log into another website or app;
  • Facebook Analytics, which helps websites and apps better understand how people use their services; and
  • Facebook ads and measurement tools, which enable websites and apps to show ads from Facebook advertisers, to run their own ads on Facebook or elsewhere, and to understand the effectiveness of their ads.

Baser suggests that the only data that the social media giant collects from these tools from third-party sites is standard stuff like IP addresses and browser cookies, this is true for both Facebook users and non-Facebook users. While all of this may be true, this does not go into details about how the company creates “Shadow Profiles” of users who have never signed up for the social media platform. This also fails to address how users are supposed to have “control” over their data.

Baser also wrote that Facebook requires websites and apps which use its tools “to tell you they’re collecting and sharing your information with us, and to get your permission to do so.” This argument holds very little water. While the company may be making its own privacy policy easier to read, it’s unlikely internet users will be clicking on each site’s cookies policy as they browse the web.

Writing for Gizmodo, Kashmir Hill offers a detailed example of how shadow profiles work in Facebook’s ‘People You May Know’ feature. Even if you have never signed up for Facebook you are part of someone’s phone contact list who probably is. All this information is collected by the social media giant and they don’t discard your contact even if they know you aren’t on board. When users sync their email account or phone messages with the platform, more data on non-users is picked up. Instead of discarding their information, the company keeps non-user data attached to something Hill calls a shadow profile — a reliable bank of information held in reserve so that, if you ever do decide to sign up, the company will know exactly who to recommend as friends.All this might seem harmless as it’s just being used to recommend friends who are on the platform to you. But this data is being gathered without your consent and is almost certainly being put to other use, the above use case was only one of probably many that was discovered by a journalist’s investigation.

None of this information makes it into Baser’s blog post. This seems to be a case of the company publicly sharing, only what it wants to share while trying to appear transparent about its data collection policies.

“Did you know, Google and Twitter do it too?”

Apart from offering a peek into how Facebook collects data from users and non-users alike Baser post defends said data collection by basically saying that, other companies take your data too. Baser wrote, “Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features. These companies — and many others — also offer advertising services. In fact, most websites and apps send the same information to multiple companies each time you visit them.” Describing how Facebook receives cookies, IP address, and browser info about users from other sites, he noted, “when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.”

Medianama’s take

It seems Facebook is lashing out at other tech companies after it has been singled out for its privacy and data collection practices. The company has decided to go with the “everyone does it” argument when it comes to defending its opaque data collection practices. This comes across as an obvious effort to normalise such practices, something users and lawmakers should see through. Having is said that this does not change the fact that companies like Google, Apple, Amazon etc. deserve the same degree of scrutiny regarding how they handle user data especially with regards to third-party tools/apps on their platform. Facebook’s data breach was a result of the company being unable to enforce its policies on how third-party apps handle user data. It is unclear whether Amazon, Apple and Google do a better job at this policing. iOS and Android apps routinely ask users to share their contact lists and call logs, and we don’t know if this data collected by millions of app makers have been used maliciously. The fact that these companies have not had their “Cambridge Analytica” moment yet should not stop consumers and lawmakers from asking the same questions to them.