Does Facebook know what I buy at the grocery store?

Have you ever searched for something on Amazon, only to notice dozens of ads for that very thing all over Facebook? Or perhaps you started shopping online somewhere, decided to not complete your purchase, then got an email from that site telling you there are still items in your cart. Or maybe you bought something at the grocery store, only to see that item you purchased advertised to you on Facebook that day.

We’re all concerned about our privacy on the web to some extent – some of us more than others. It’s easy to feel like big businesses are invading our personal lives when we can’t even go to the store and buy something without Google or Facebook keeping tabs on it.

With privacy being a big proponent of keeping the web free and open, why do businesses like Facebook want to know what we’re doing when we’re NOT using Facebook? Simple: retargeting and remarketing

What is “retargeting”?

Retargeting is a way to get users of a particular website or app to do something after leaving the app or website. In other words, you browse Amazon for something, leave the website, but then see Amazon ads for that thing you were looking for on Facebook.

The “goal” here is to keep you engaged with Amazon regardless of where you are on the web. In this case, Amazon pays Facebook for its retargeting.

What is “remarketing”?

Remarketing is similar in principle: engage with the users who have left your website or app. However, the goal with remarketing is almost exclusively executed via e-mail; in other words, you’ve already engaged with the company in such a way that you would be willing to share your e-mail address, and have agreed to receive email communications from the company.

These are the scenarios where you’ve joined Amazon, and they send you “Recommended products” via e-mail, or you’ve joined Facebook and they send you friend suggestions and recent posts to your inbox. It could even be that you signed up for an online newsletter.

What is the difference between “retargeting” and “remarketing”?

Aside from the fact that one is via email, and the other is on other websites, the primary difference is how this is all accomplished.

With remarketing, you’ve typically agreed to receive communication from the company, and you’ve provided them your e-mail. Sometimes, you don’t even realize you’ve agreed to it.

You know those “I’ve read and agree to the terms of service” and “I’d like to receive updates and discounts from XYZ company” checkboxes you probably overlook thinking, “Well, I can’t really join if I don’t agree, so…agree.” Yeah, those.

Those boxes are usually automatically checked, and are designed to be somewhat less noticeable than other parts of a registration form. Statistically, fewer people are likely to uncheck something that’s already checked than those who are willing to check a box that’s unchecked. In other words, businesses know that, in the moment, you’re less likely to opt-out in the process of registration.

But at the end of the day, from a purely legal standpoint, you agreed to it.

However, with retargeting, you don’t have a say in the matter. Well, for the most part anyway.

You do not need to agree to be included in retargeting campaigns

From a purely legal standpoint, the websites you visit do not belong to you; they belong to the businesses that run them. They’re there for you to access, but you don’t control or have a say in what that company publishes on their website.

So, a company has the right to place retargeting ads on their site in order to make a profit. The idea behind retargeting is to serve you ads that are relative to your online (and sometimes offline) behavior, making it more likely for you to click on them. And if you do click on them, the website gets a cut of the profits, the retargeting service gets a cut, and the company being advertised is one step closer to getting you to buy.

Now, this is a bit of a generalization, because different countries have different privacy laws and are required to notify you that they use cookies for those specific purposes. However, the sites that do notify you tell you that “buy visiting this website, you agree to our use of cookies”. Meaning, if you don’t want to be served retargeting ads, don’t go to that website.

Sounds scary, right? That someone can track what you do on all these different websites in order to serve you ads?

Don’t get too freaked out; it’s important to understand how it all works.

How does retargeting work?

For this example, let’s pretend you’re a business interested in retargeting, and that you decided to go to Facebook for their retargeting services. (Do note that this is an example and purely hypothetical and based on my own experiences dealing with remarketing and retargeting tools.)

A couple things will happen:

Before you’ve even done anything, Facebook has a cookie on all its users devices. This cookie is basically a random string of numbers and letters used as a unique, anonymous identifier that represents you. It doesn’t contain any actual information about you, but it can be tied to you through Facebook’s backend processes.

You’re going to send user activity to Facebook. Doing this is actually really easy – there’s a simple piece of code you’ll drop on every page of your website, often called a “tracking pixel.” This code points to functionality that is actually hosted by Facebook, on Facebook’s servers. That’s all you need to do (at least, that’s all you need to do to start tracking; there’s all kinds of demographic settings, budget, ad designs, etc., you’ll want to work on, but that’s beside the point).

Facebook’s pixel ties users’ activity to the unique ID. In other words, a when user visits your website, the pixel tells Facebook that “User we7rwe7retw99s8g visited this website”.

Facebook targets ads for your business to the user who matches that unique ID. Hence retargeting.

But this is just one of the several ways people use retargeting. Retargeting can stretch to offline activity – like shopping at your favorite grocery store.

You mean websites can track what I do even when I’m not online?!

You betcha, and it’s quite a complicated process. But I’ll try to simplify it.

You know how Safeway, CVS, and other stores have memberships? These memberships typically get you exclusive discounts, reward you for shopping, etc. However, there is a unique account ID for each one of these memberships, and you can bet that ID and the purchase history is sold to advertisers. Don’t believe me?

Ever hear of Datalogix? It’s a company acquired by Oracle back in 2014 that does just this – it buys purchase histories from grocery stores, then partners with advertisers and retargeting services – like Facebook – to share that purchase history anonymously and serve you ads based on what you’ve purchased. It can also be used to determine the influence of ads by detecting if you saw an item in an ad then decided to go out to the store to buy it.

Now, this isn’t a situation where Datalogix could outright tell someone what you’re buying. In fact, Datalogix claims to keep all the activity information anonymous. In fact, Facebook anonymizes your personal information (i.e, name and email) when communicating with Datalogix’s infrastructure.

At the end of the day, though, Facebook – and all other companies that partner with Datalogix – can theoretically see your offline purchase history. Realistically, in order to do that, it would take a ton of work and resources simply due to the vast number of Facebook users that exist, but it’s technically possible for Facebook to see what you buy offline.

And it doesn’t stop there.

Retargeting by IP

There are countless services that utilize IP for marketing. Demandbase is a tool used by businesses to determine what businesses visit a website. It ties public IP addresses to registered businesses by collecting data submitted to businesses that use their services. That’s just one example.

Sometimes, IP addresses are simply tied to user databases, or “customer relations management” systems. For example, if you use Facebook at home and at work, those public IP addresses from both locations can be tied to your account.

Many people fear that Facebook can use voice recognition to target specific ads to you, and as often as people think that’s happening, it’s probably not.

Recently, someone on Facebook mentioned they were having a conversation with someone in person, and they were talking about a specific website this person had never heard of. Several minutes later an ad for that website was on that persons Facebook feed. Creepy right? Well let’s put it into perspective.

Two people are talking in person – both have phones, both have Facebook, both are connected to the same Wifi network, and therefor share the same public IP address. One person in the conversation visits the website frequenty, the other does not. However, due to the activity being associated with the IP address – not just the user – just about anyone on that wifi connection could potentially see an ad for that website. Especially if their interests are generally similar.

Make sense?

Well, I don’t want anyone tracking my information like that!

Don’t worry – you have a way out…sort of. Datalogix allows you to opt out of being tracked by their service at all, while Facebook has its own opt out instructions.

But that’s just two out of millions of online services.

How do I keep my information private?

You’ll need to understand that when you access the web, it’s impossible to keep EVERYTHING entirely anonymous. Your activity is tracked, period. However, it’s possible minimize if not completely block the amount of information collected that can be used to identify you online.

1. Opt out of everything.

This will take some work. Go to the privacy policy of every website you frequently visit, and find the “opt out” section. If they don’t have one, but have an email or phone number, call and ask how you can opt out. If they offer no options, consider not visiting that website anymore.

Yes, this can take a long time, but most major businesses offer this kind of thing, so consider using it.

2. Get an Adblocker.

Most major browsers offer the use of extensions, and one extension you can download and use for free is an ad blocker. Most of them will not only block ads, but they’ll block tracking pixels, social sharing icons, and other marketing tactics that could be used to collect information about you. Note that usually not everything is blocked like this, so you’ll need to check the settings of your adblocker and enable the settings that best suit the level of privacy you require.

3. Join a VPN

There are many virtual private networks that can anonymize all your data. Believe it or not, your internet service provider (I’m talking the Comcasts and AT&T’s of the world) can track everything you do and see online. VPNs can anonymize your activity from them. However, they don’t block cookies, they don’t prevent you from willingly sharing your email with companies, and they don’t stop remarketing or retargeting entirely. They’re just one tool used to help keep personally identifiable information away from the Big Brother.

HideMyAss is a great one, but there are many out there. Do your research and find one that best suits your needs.

4. Be careful what you do and what you share

Read everything in every form you fill out, uncheck boxes you’re not comfortable with, and research alternatives that don’t guarantee a level of privacy you deserve. Snopes is one website I rarely visit because they refuse to let users read their content unless they allow ads and retargeting pixels to fire.

At the end of the day, the line is where you draw it.

Let’s step back for a moment and take a look at what this all really means.

When you shop at Safeway, do you permit them to know what you buy from them? What about where you parked your car? Or perhaps the different aisles you walked through and how much time you spent at the store? What about your credit card information?!?!

Well, in order for a grocer to run their business, they need to keep track of items you purchased. In order to issue refunds, they need to know your credit card number to verify the refund and add funds back to the card. Security cameras are all over the parking lot and throughout the store, so they know where you’ve walked, where you parked your car, and how much time you spent in the store. Oh, they also know your name, because it’s written on your card and kept with your receipt. Oh and God forbid you pay with a check, now they have your bank account and routing numbers. You have the option to opt-out of some of this by walking to the store, wearing a mask, and only paying with cash, but who’s really gonna do that?

All of this is “normal” stuff. We are just so used to it, we don’t pay attention. We allow big businesses to collect our information so we can automate parts of our lives we’d rather not pay attention to, so we can live our lives more conveniently. It’s frustrating not having enough cash to buy the things you need, so we use a debit or credit card.

Every transaction includes the transmission of data that can potentially be tied back to you. It’s up to you to participate in those transactions – on or offline.

In summary

We all need to be cautious; it’s unethical for a business to share personally identifiable information with a third party without my consent or knowledge. I do believe larger businesses like Facebook, Google, Datalogix, and the like should be more public and vocal about how they use our information, and be clear about what’s kept private.

It’s also up to me to set my own boundaries and take the necessary steps to ensure my data is kept private, and that the I choose to only interact with businesses who meet that standard.


The problem with Apple

For the last two decades, Apple has overcome a series of unwarranted hardships in acceptance. Apple was innovating – from the creation of the iMac, to the iPod, to the iPhone—basically, anything new with an “i” in front of it over the last 15 years you could almost guarantee was from Apple, and was something new, exciting and intuitive.

Sure, while many of the things they did wasn’t necessarily the first of its kind, it was always taking what was already in existence, and changing it for the better. Intuitive interactions, seamless UI, clean aesthetic, all with performance in mind. Apple’s attention to detail was unparalleled.

One thing that helped this idea of seamless and intuitive interaction across all devices, was the fact that Apple owned both the hardware and the software of all their products. They were in complete control. Because of this control, they could oversee the performance between the hardware and the software. You could say they were made for each other unironically and unmetaphorically. Their support was – and in many ways still is – seamless. No matter the problem you might have with a device, you could take it to Apple, and they would handle it.

So WTF happened?!

The death of Steve Jobs was, in fact, the death of Apple. It did not take long for Apple to introduce a stylus to the iPad – to which even the slightest of idea of needing to use an accessory to operate a device was borderline insulting to the man. Granted, his idea of the stylus being grotesque was at a time when iPhones were much smaller, and iPads didn’t even exist. Even still, Jobs believed in intuition.

Then you have the 6 Plus. For all intents and purposes, it’s a decent phone – but it’s huge. When asked about the idea making a phone as big or bigger than a Galaxy S phone, he responded that they were “Hummers” and that “..you can’t get your hand around it..no one’s going to buy that.” Boy was he wrong about that.

The thing is, Jobs spent his days at Apple developing a brand people could believe in. People believed Apple would provide them intuitive and innovative experiences for their needs. The “Pro” line of products – the Mac Pro, the Macbook Pro – were for professionals, and while they were loaded with quality hardware only a power user might need, they had the same intuitive experience as any other product. The interaction between devices was seamless.

This brand trust so many of us have had over the years is slowly starting to break, and has been breaking ever since Jobs’ death.

Some very basic examples:

  1. No headphone jack on the iPhone 7 without using an accessory.
  2. No ability to charge your iPhone and use wired (normal) headphones without buying an expensive adapter.
  3. No ability to charge your iPhone on your new Macbook Pro
  4. No ability to charge your new magic mouse on your new Macbook Pro
  5. No ability to charge your new magic mouse and use it at the same time.
  6. Gimmicky hardware with a multitude of UX and UI bugs.
  7. Trackpad on Macbook Pro is so big, it interferes with typing.
  8. Physical function keys are gone in favor of a giant trackpad and a touch screen bar.
  9. High performance hardware, low performance software.
  10. Phones get bigger and harder to carry and operate, “Pro” computers get smaller and less usable
  11. Zero scalability – everything is soldered in. Upgrading your device means buying a new one.
  12. Wireless earbuds – or Airpods – over $200 for shit sound? No thanks…
  13. Late to market on smartwatch device – releases slow performing, low-battery life, overpriced fashion accessory and heart rate monitor.
  14. No standard USB ports on Macbook Pro, so no real way to use any apple devices – or any standard peripheral – on a “professional grade product”.
  15. Macbook Air – the light consumer-grade Macbook – taken off market because it competes too much with the supposed “Professional” grade Macbook.

The list goes on. It seems like Apple is now in the business of releasing gimmicky toys with little thought put into how people would actually use them. The devices run slower and poorer, have shorter and shorter lifespans, become less usable, yet become more and more expensive.

At this point, Apple is using its brand as a crutch and is no longer doing anything to re-enforce it. It’s getting lazy. There are no longer any inventive minds at Apple; they are simply taking what already exists, and transforming it into subpar toys. Nothing useful, just something that warrants nothing more than a glance with a very concerned “That’s interesting” remark.

I miss the old Apple. I miss Steve Jobs and his creative mind. I miss looking forward to Apple’s announcements.

Oh well.


Everything wrong with the new Macbook Pro

Apple just announced the new MacBook Pro in all its sexiness. It looks nice. It has features no other laptop has, like a touch screen interface just above the keyboard. It has the word “Pro”. It let’s you flaunt your high-income lifestyle while you sip your latte at your local coffee shop, because Starbucks stopped being cool once everyone started going there.

But let’s be honest. Something’s wrong here. The MacBook Pro just doesn’t seem worth it. Now, I’ve never used it – so I won’t comment on performance, but I will note some very striking cons that may help you save $1500, or spend it somewhere more worthwhile. So here it is, my list of everything wrong with the new Macbook Pro.

No Standard USB Ports

This might be the most minor of issues I have with this release. USB is the most common interface between your devices. Your iPhone charges and can connect to other devices via USB, your favorite mouse probably connects via USB – if it’s not an Apple branded mouse, that is.Sure, you have USB-C…but…good luck actually plugging anything in. At $1500, I’d expect a laptop to be able to handle the most basic of peripherals without spending $50-$100 for an adapter.

But hey, at least you still have a headphone jack…

The Gigantic Trackpad is TOO CLOSE to the keyboard

Do you have giant thumbs? Or even NORMAL thumbs? If so, beware. This may quickly become a usability issue for you. Hear me out…

I use the previous gen Macbook pro, which has a 3/4″ gap between the trackpad and is maybe 3″ wide. My palms touch my trackpad as I type, and my thumbs occasionally do as well. This gets tedious sometimes when I’m resting my hand to the side of the trackpad and attempting to scroll at the same time – not realizing my resting hand is ever so slightly touching the trackpad.

Mishaps like this will probably be virtually unavoidable without first messing with the trackpad settings. I’d love to be proven wrong here, I just don’t see how the positioning and size of the trackpad is practical.

No Function keys

Someone said “Man, I think it would be great to put all that volume control in a touchscreen above the keyboard.” Someone replied “Yeah, I’d like to get rid of a row of keys so many people use for productivity.” Those two individuals had a brain-baby, which is the new “Function bar,” and, sorry to say, it’s such a stupid idea.

I get the thinking behind multitouch for performing functions like volume control, launching apps, stroking something other than your ego. But – the function keys, or f-keys, serve a multitude of purposes. Many of us, especially those of us who use complex productivity or programming tools, use the keys every day. Many of us also use a VM or dualboot between Windows and OSX on our Macs. The F-keys are crucial here.

While the F-keys are a swipe away on OSX, there’s no physical response – for one, they’re not the default state and may not be able to be permanently left as the default option. Further, there’s no telling whether or not there will be Windows compatibility issues.

Now, you COULD buy the lower-end 13″ model that doesn’t have the touch screen and get your F-keys back, but only at the expense of, you know, more RAM, better drive space, a better processor, more screen real estate, etc. So, basically, if you’re a so-called power-user, you might be f’d.

No 17″ model?

Do you build websites, design high-end graphics, edit videos, or do anything that requires multiple windows to be open at the same time, at home or on the go? Then you probably value screen real estate. Well you’re in luck – Apple does not! In fact, they seem to think you should be more of a one-thing-at-a-time kinda person.

That’s why they’ve done away with the 17″ model. If you really want that screen realestate, you could just buy a larger high-res display that plugs directly into your macbook pro — oh wait, Apple discontinued those, too. So now you have to buy a 3rd party monitor AND the adapter for every monitor you want to use.

This may be the most minor of things I take issue with, but Apple seems to note care about productivity. Removing your standard USB ports that charge your other Apple devices and connect external storage without purchasing a dongle, removing the function keys for those who use them for efficiency in their productivity applications, and now less screen real-estate. Instead buy a larger high-res display — oh wait, Apple discontinued those, too.

In summary…

It really feels like Apple has just stopped caring. They don’t seem to care about productivity, usability, or the needs of the end user. They just seem to care about doing what no one else is doing. “Hey let’s add a touch bar!” “Hey, let’s make a huge trackpad!” “Hey let’s make a darker one!”

All these things are cool, I suppose, but at what expense? I really feel like switching from a Macbook Pro from one or two generations ago to the new Macbook Pro would be more of a downgrade.

But hey…at least they kept the headphone jack.


How to stay safe online and avoid getting hacked

Over the last few years, it seems everyone’s information is getting stolen. People’s Yahoo accounts are getting hacked, their online banking passwords are being compromised, even ATM machines are being hacked to steal credit and debit card information. And with ransomware on the rise, it seems like there’s no other option but to just burn all your devices in a fiery pit and switch back to good old pen and paper.

But we’re not Neanderthals. There’s no need to resort to those kinds of extremes. So below are a few good tips to keep your information safe from hackers.

1. Use strong passwords

“Password123” or “MyName” is not a strong password just because it has letters AND numbers. Hackers aren’t stupid. They wouldn’t be hackers if they were. Passwords work best when they’re complex, using a random mix of numbers, letters, and special characters in all different cases. And the longer and more random, the better.

2. Use two-factor authentication for everything

“What kind of tech hacker babel is this?! Two factor authenty-whaty?!”

It’s really not all that complicated. Single factor authentication is entering your password – you’re the real deal because you know the password. But nowadays, this isn’t enough. Most (well run) websites have the option to enable two-factor authentication which is a second layer of authentication.

The way it works is, after entering the correct username and password for your account, you’re sent a text message with a temporary password. You’ll have 5 minutes to enter that password in to your account in order to successfully log in.

This seems annoying at first, but it’s really a great feature. Even if a hacker has your password, they won’t be able to login without having your phone on hand to receive that passkey. And you’ll know about the hack attempt, because you’ll have received a text. Neat, huh?

3. Never use the same password twice

One thing people don’t consider is if you use one username and password in one place, you’re likely to use it in multiple other places. In fact, according to Naked Security, 55% of net users use the same password for most, if not all websites. And this isn’t news – hackers know this. Ask yourself this – is my facebook email and password the same as my online banking email and password? Probably! So if a hacker gets ahold of your Facebook credentials, you know that bastard is going to use those to get your banking information, as well.

So as often as possible, use different passwords. For everything.

I know, doing this for all your online accounts can seem daunting at the very least. You may ask, in a very Steve-Brule-y tone of voice, “Well, David, how the hhhhhheck am I supposed to memorizes all those stinking passwords?”

Simple, you could…

4. Use a password manager

When it comes to memorizing passwords, what I’ve found useful is to…not memorize them at all. Instead, you can use a password manager, like LastPass.

LastPass is password manager you can use in just about any browser. The idea is that you have one email and password for your password manager that you memorize, and use it to generate incredibly complex passwords on your behalf.

LastPass makes the process easy, by allowing you to auto-login to websites, or auto-fill username/password fields.

5. Change your password frequently

When a website gets hacked and finally announces that your information might have been compromised, it could be days, weeks, even months after the attack already happened. If you change your passwords on a regular basis – weekly or even monthly – chances are you’re information is safe. NOTE: That’s not to say that if your email provider discloses a breach you shouldn’t IMMEDIATELY CHANGE YOUR PASSWORD. Better to be safe than sorry.

6. Backup your files to the cloud.

Cloud storage is becoming more and more affordable. As little as $10 a month you can get 1TB of cloud storage through Google Drive or Dropbox – likely more than enough storage for the average user.

Why use the cloud? Let’s say you get infected with ransomware, and all the files on your computer are locked. Rather than paying an outrageous ransom or risk losing everything, all your files will have been already backed up to the cloud. So now, you could simply take your computer offline, re-install windows or OSX and re-download your files from the cloud

Don’t trust the cloud? Build your own.

7. Get Malwarebytes

Malwarebytes is the real deal – and as far as I know, their anti-malware product is the only product that has the ability to stop a lot of ransomware. Its scanner is heuristic – meaning it essentially learns malicious behavior, and can stop all kinds of malware and viruses before they have the chance to do any sort of damage, and often before that sample of malware has even been cataloged or discovered by anyone else.

Malwarebytes even has an Anti-Ransomware tool in beta that you can download right now (keyword being BETA – it’s a working, but unfinished, product, released for the sole purpose of allowing users to submit bugs to the developers).

8. Check the URL of websites you log in to

Avoid getting “phished”. Phishing is when someone tricks a user into sending them their username and password, usually by creating a fake login page that looks exactly like the real deal. Check out this facebook login page:

fakefacebook

 

Looks legit right? Well it’s not – have a look at the URL.

Some phishing sites are more clever, and will come really close to the URL, like “facbook.com” (missing the “e”).

As a rule of thumb, you should never click a link from someone that looks out of character for that person; but if you do, and you’re asked to log in again, check that URL!!!

9. Don’t share sensitive information online

Never email someone a password. Avoid emailing anyone your social security number, or your credit card number – even if you trust them. They may not be following these best practices like you, and your information could be compromised because THEY got hacked – that would suck, wouldn’t it?

If you need to share that kind of information, write it on something that can easily be shredded and/or burned.

10. Share this information with friends

Keeping these safety tips all to yourself won’t keep the world around you safe. Spread the word, share these tips with your friends so they can be as safe as you!