Hard Questions is a series from Facebook that addresses the impact of our products on society.
Mark Zuckerberg testified in front of the US Congress. He answered more than 500 questions and promised that we would get back on the 40 or so questions he couldn’t answer at the time. We’re following up with Congress on these directly but we also wanted to take the opportunity to explain more about the information we get from other websites and apps, how we use the data they send to us, and the controls you have. I lead a team focused on privacy and data use, including GDPR compliance and the tools people can use to control and download their information.
When does Facebook get data about people from other websites and apps? Many websites and apps use Facebook services to make their content and ads more engaging and relevant. These services include:
Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook;
Facebook Login, which lets you use your Facebook account to log into another website or app;
Facebook Analytics, which helps websites and apps better understand how people use their services; and
Facebook ads and measurement tools, which enable websites and apps to show ads from Facebook advertisers, to run their own ads on Facebook or elsewhere, and to understand the effectiveness of their ads.
When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.
Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them. Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features. These companies — and many others — also offer advertising services. In fact, most websites and apps send the same information to multiple companies each time you visit them.
What kind of data does Facebook get from these websites and apps? Apps and websites that use our services, such as the Like button or Facebook Analytics, send us information to make their content and ads better. To understand more about how this happens, it helps to know how most websites and apps work. I’ll use websites as an example, but this generally applies to apps, too.
When you visit a website, your browser (for example Chrome, Safari or Firefox) sends a request to the site’s server. The browser shares your IP address so the website knows where on the internet to send the site content. The website also gets information about the browser and operating system (for example Android or Windows) you’re using because not all browsers and devices support the same features. It also gets cookies, which are identifiers that websites use to know if you’ve visited before. This can help with things like saving items in your shopping cart.
A website typically sends two things back to your browser: first, content from that site; and second, instructions for the browser to send your request to the other companies providing content or services on the site. So when a website uses one of our services, your browser sends the same kinds of information to Facebook as the website receives. We also get information about which website or app you’re using, which is necessary to know when to provide our tools.
This happens for any other service the site is using. For example, when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.
Providing Our Services
Social plugins and Facebook Login. We use your IP address, browser/operating system information, and the address of the website or app you’re using to make these features work. For example, knowing your IP address allows us to send the Like button to your browser and helps us show it in your language. Cookies and device identifiers help us determine whether you’re logged in, which makes it easier to share content or use Facebook to log into another app.
Facebook Analytics. Facebook Analytics gives websites and apps data about how they are used. IP addresses help us list the countries where people are using an app. Browser and operating system information enable us to give developers information about the platforms people use to access their app. Cookies and other identifiers help us count the number of unique visitors. Cookies also help us recognize which visitors are Facebook users so we can provide aggregated demographic information, like age and gender, about the people using the app.
Ads. Facebook Audience Network enables other websites and apps to show ads from Facebook advertisers. When we get a request to show an Audience Network ad, we need to know where to send it and the browser and operating system a person is using. Cookies and device identifiers help us determine whether the person uses Facebook. If they don’t, we can show an ad encouraging them to sign up for Facebook. If they do, we’ll show them ads from the same advertisers that are targeting them on Facebook. We can also use the fact that they visited a site or app to show them an ad from that business – or a similar one – back on Facebook. (Updated April 16, 2018 at 5:30PM to clarify that people with Facebook accounts will see Audience Network ads from the same advertisers targeting them on Facebook.)
Ad Measurement. An advertiser can choose to add the Facebook Pixel, some computer code, to their site. This allows us to give advertisers stats about how many people are responding to their ads — even if they saw the ad on a different device — without us sharing anyone’s personal information.
Keeping Your Information Secure
We also use the information we receive from websites and apps to help protect the security of Facebook. For example, receiving data about the sites a particular browser has visited can help us identify bad actors. If someone tries to log into your account using an IP address from a different country, we might ask some questions to verify it’s you. Or if a browser has visited hundreds of sites in the last five minutes, that’s a sign the device might be a bot. We’ll ask them to prove they’re a real person by completing additional security checks.
Improving Our Products and Services
The information we receive also helps us improve the content and ads we show on Facebook. So if you visit a lot of sports sites that use our services, you might see sports-related stories higher up in your News Feed. If you’ve looked at travel sites, we can show you ads for hotels and rental cars.
What controls do I have? As Mark said last week, we believe everyone deserves good privacy controls. We require websites and apps who use our tools to tell you they’re collecting and sharing your information with us, and to get your permission to do so.
We give you a number of controls over the way this data is used to provide more relevant content and ads:
News Feed preferences lets you choose which content you see first and hide content you don’t want to see in your feed. You can also view your News Feed chronologicallyinstead of ranked by what Facebook predicts you might be most interested in.
Ad preferences shows you the advertisers whose ads you might be seeing because you visited their sites or apps. You can remove any of these advertisers to stop seeing their ads.
In addition, you can opt out of these types of ads entirely — so you never see ads on Facebook based on information we have received from other websites and apps.
Finally, if you don’t want us to use your Facebook interests to show you ads on other websites and apps, there’s a control for that too.
Whether it’s information from apps and websites, or information you share with other people on Facebook, we want to put you in control — and be transparent about what information Facebook has and how it is used. We’ll keep working to make that easier.