   I don't use Facebook. I'm not technophobic — I'm a geek. I've been using
   email since the early 1990s, I have accounts on hundreds of services
   around the net, and I do software development and internet protocol design
   both for work and for fun. I believe that a globe-spanning communications
   network like the internet can be a positive social force, and I publish
   much of my own work on the open web.

   But Facebook and other massive web companies represent a strong push
   toward unaccountable centralized social control, which I think makes our
   society more unequal and more unjust. The Cambridge Analytica scandal is
   one instance of this long-running problem with what I call the
   "surveillance economy." I don't want to submit to these power structures,
   and I don’t want my presence on such platforms to serve as bait that lures
   other people into the digital panopticon.

   But while I've never "opted in" to Facebook or any of the other big social
   networks, Facebook still has a detailed profile that can be used to target
   me. I've never consented to having Facebook collect my data, which can be
   used to draw very detailed inferences about my life, my habits, and my
   relationships. As we aim to take Facebook to task for its breach of user
   trust, we need to think about what its capabilities imply for society
   overall. After all, if you do #deleteFacebook, you'll find yourself in my
   shoes: non-consenting, but still subject to Facebook’s globe-spanning
   surveillance and targeting network.

   There are at least two major categories of information available to
   Facebook about non-participants like me: information from other Facebook
   users, and information from sites on the open web.

  Information from other Facebook users

   When you sign up for Facebook, it encourages you to upload your list of
   contacts so that the site can "find your friends." Facebook uses this
   contact information to learn about people, even if those people don't
   agree to participate. It also links people together based on who they
   know, even if the shared contact hasn't agreed to this use.

   For example, I received an email from Facebook that lists the people who
   have all invited me to join Facebook: my aunt, an old co-worker, a friend
   from elementary school, etc. This email includes names and email addresses
   — including my own name — and at least one web bug designed to identify me
   to Facebook’s web servers when I open the email. Facebook records this
   group of people as my contacts, even though I've never agreed to this kind
   of data collection.

   Similarly, I'm sure that I'm in some photographs that someone has uploaded
   to Facebook — and I'm probably tagged in some of them. I've never agreed
   to this, but Facebook could still be keeping track.

   So even if you decide you need to join Facebook, remember that you might
   be giving the company information about someone else who didn't agree to
   be part of its surveillance platform.

  Information from sites on the open Web

   Nearly every website that you visit that has a "Like" button is actually
   encouraging your browser to tell Facebook about your browsing habits. Even
   if you don't click on the "Like" button, displaying it requires your
   browser to send a request to Facebook's servers for the "Like" button
   itself. That request includes information mentioning the name of the page
   you are visiting and any Facebook-specific cookies your browser might have
   collected. (See Facebook's own description of this process.) This is
   called a "third-party request."

   This makes it possible for Facebook to create a detailed picture of your
   browsing history — even if you've never even visited Facebook directly,
   let alone signed up for a Facebook account.

   Think about most of the web pages you've visited — how many of them don't
   have a "Like" button? If you administer a website and you include a "Like"
   button on every page, you're helping Facebook to build profiles of your
   visitors, even those who have opted out of the social network. Facebook’s
   “Share” buttons on other sites — along with other tools — work a bit
   differently from the “Like” button, but do effectively the same thing.

   The profiles that Facebook builds on non-users don't necessarily include
   so-called "personally identifiable information" (PII) like names or email
   addresses. But they do include fairly unique patterns. Using Chromium's
   NetLog dumping, I performed a simple five-minute browsing test last week
   that included visits to various sites — but not Facebook. In that test,
   the PII-free data that was sent to Facebook included information about
   which news articles I was reading, my dietary preferences, and my hobbies.

   Given the precision of this kind of mapping and targeting, "PII" isn’t
   necessary to reveal my identity. How many vegans examine specifications
   for computer hardware from the ACLU's offices while reading about
   Cambridge Analytica? Anyway, if Facebook combined that information with
   the "web bug" from the email mentioned above — which is clearly linked to
   my name and e-mail address — no guesswork would be required.

   I'd be shocked if Facebook were not connecting those dots given the goals
   they claim for data collection:

     We use the information we have to improve our advertising and
     measurement systems so we can show you relevant ads on and off our
     Services and measure the effectiveness and reach of ads and services.

   This is, in essence, exactly what Cambridge Analytica did.

  Consent

   Facebook and other tech companies often deflect accusations against
   excessive data collection by arguing "consent" — that they harvest and use
   data with the consent of the users involved.

   But even if we accept that clicking through a "Terms of Service" that no
   one reads can actually constitute true consent, even if we ignore the fact
   that these terms are overwhelmingly one-sided and non-negotiable, and even
   if we accept that it's meaningful for people to give consent when sharing
   data about other people who may have also opted in — what is the recourse
   for someone who has not opted into these systems at all?

   Are those of us who have explicitly avoided agreeing to the Facebook terms
   of service simply fair game for an industry-wide surveillance and
   targeting network?

  Privilege

   I don’t mean to critique people who have created a Facebook profile or
   suggest they deserve whatever they get.

   My ability to avoid Facebook comes from privilege — I have existing social
   contacts with whom I know how to stay in touch without using Facebook's
   network. My job does not require that I use Facebook. I can afford the
   time and expense to communicate with my electoral representatives and
   political allies via other channels.

   Many people do not have these privileges and are compelled to "opt in" on
   Facebook's non-negotiable terms.

   Many journalists, organizers, schools, politicians, and others who have
   good reasons to oppose Facebook's centralized social control feel
   compelled by Facebook's reach and scale to participate in their practices,
   even those we know to be harmful. That includes the ACLU.

   Privacy should not be a luxury good, and while I'm happy to encourage
   people to opt out of these subtle and socially fraught arrangements, I do
   not argue that anyone who has signed up has somehow relinquished concerns
   about their privacy. We need to evaluate privacy concerns in their full
   social contexts. These are not problems that can be resolved on an
   individual level, because of the interpersonal nature of much of this data
   and the complexities of the tradeoffs involved.

  Technical countermeasures

   While they may not solve the problem, there are some technical steps
   people can take to limit the scope of these surveillance practices. For
   example, some web browsers do not send "third-party cookies" by default,
   or they scope cookies so that centralized surveillance doesn't get a
   single view of one user. The most privacy-preserving modern browser is the
   Tor Browser, which everyone should have installed and available, even if
   it's not the browser they choose to use every day. It limits the
   surveillance ability of systems that you have not signed up for to track
   you as you move around the web.

   You can also modify some browsers — for example, with plug-ins for Firefox
   and Chrome — so that they do not send third-party requests at all. Firefox
   is also exploring even more privacy-preserving techniques.

   It can’t be denied, though, that these tools are harder to use than the
   web browsers most people are accustomed to, and they create barriers to
   some online activities. (For example, logging in to some sites and
   accessing some web applications is impossible without third-party
   cookies.)

   Some website operators take their visitors' privacy more seriously than
   others, by reducing the amount of third-party requests. For example, it's
   possible to display "share on Facebook" or "Like" buttons without sending
   user requests to Facebook in the first place. The ACLU's own website does
   this because we believe that the right to read with privacy is a
   fundamental protection for civic discourse.

   If you are responsible for running a website, try browsing it with a
   third-party-blocking extension turned on. Think about how much information
   you're requiring your users to send to third parties as a condition for
   using your site. If you care about being a good steward of your visitors'
   data, you can re-design your website to reduce this kind of leakage.

  Opting out?

   Some advertisers claim that you can "opt out" of their targeted
   advertising, and even offer a centralized place meant to help you do so.
   However, my experience with these tools isn't a positive one. They don't
   appear to work all of the time. (In a recent experiment I conducted, two
   advertisers’ opt-out mechanisms failed to take effect.) And while
   advertisers claim to allow the user to opt out of "interest-based ads,"
   it's not clear that the opt-outs govern data collection itself, rather
   than just the use of the collected data for displaying ads. Moreover,
   opting out on their terms requires the use of third-party cookies, thereby
   enabling another mechanism that other advertisers can then exploit.

   It's also not clear how they function over time: How frequently do I need
   to take these steps? Do they expire? How often should I check back to make
   sure I’m still opted out? I'd much prefer an approach requiring me to opt
   in to surveillance and targeting.

  Fix the surveillance economy, not just Facebook

   These are just a few of the mechanisms that enable online tracking.
   Facebook is just one culprit in this online "surveillance economy," albeit
   a massive one — the company owns Instagram, Atlas, WhatsApp, and dozens of
   other internet and technology companies and services. But it’s not the
   only player in this space. Google’s business model also relies on this
   kind of surveillance, and there are dozens of smaller players as well.

   As we work to address the fallout from the current storm around Facebook
   and Cambridge Analytica, we can't afford to lose sight of these larger
   mechanisms at play. Cambridge Analytica's failures and mistakes are
   inherent to Facebook's business model. We need to seriously challenge the
   social structures that encourage people to opt in to this kind of
   surveillance. At the same time, we also need to protect those of us who
   manage to opt out.
