Turns out Facebook's data leakage to advertisers could be even more of a problem than first thought. A new report shows that Facebook's targeting systems enable marketers to learn the identity of
users who fall into specific categories -- including ones as sensitive as sexual orientation.
For the report, "Challenges in Measuring
Online Advertising Systems," researchers from Microsoft Research India and the Max Planck Institute for Software Systems created six profiles -- two for straight men, two for straight women, one for a
homosexual man and one for a homosexual woman -- and then compared the ads that those profiles received.
The researchers found that the gay profiles received ads that were targeted based on
sexual orientation, such as ads for gay bars. The gay male profile also received ads that were targeted based on sexual orientation, but that didn't itself obviously indicate that it was being
targeted to a gay audience. The problem with these ads is that people who click on them don't realize that just the act of clicking is enough to link their identities with the gay-male targeting
bucket.
The researchers write: "Alarmingly, we found ads where the ad text was completely neutral to sexual-preference (e.g. for a nursing degree in a medical college in Florida) that was
targeted exclusively to gay men. The danger with such ads, unlike the gay bar ad where the target demographic is blatantly obvious, is that the user reading the ad text would have no idea that by
clicking it he would reveal to the advertiser both his sexual-preference and a unique identifier (cookie, IP address, or email address if he signs up on the advertiser's site)."
Privacy
researcher Chris Soghoian investigated further and has a screenshot showing the tool that
allows marketers to target by sexual preference.
A Facebook spokesperson says the company's ad guidelines ban advertisers from using data collected based on running an ad. "We explicitly
prohibit them from associating that targeting detail with the data collected from the user in forms they fill out, applications they make, or other interactions on their site," the spokesperson says.
"We also require that targeting of ads based on a user attribute be directly relevant to the offer in the advertisement."
The company also says that it takes action when it learns of
violations, but as a practical matter, it's not clear how Facebook can police marketers' use of information.
Even if Facebook stops transmitting users' IDs in referrer headers, advertisers can
still learn personal information about the gay users who click on the neutral-seeming ads if, for instance, they provide their email addresses.
For that reason, Facebook might not be able to
fix this latest problem easily. Soghoian proposes two alternatives: The company could stop allowing
targeting based on sexual orientation, or it could start disclosing to users the specific reason why they're being targeted with certain ads.
Facebook might not be thrilled with those
options, but either one seems like a more realistic way of protecting users' privacy than continuing to rely on marketers to voluntarily refrain from using data they have collected.