Facebook is frequently in the news for data privacy issues especially around the amount of data they collect without their users knowledge. I decided to do some investigation to find out ways to minimize what Facebook could collect by using a VPN.
Can Facebook track me if I use a VPN? Facebook can still track you if you use a VPN if you are logged into Facebook, if websites with Facebook tracking cookies are being visited, if Facebook has permissions to other apps, to Facebook using the location services on phones.
Being logged into Facebook whilst connected to a VPN will not stop Facebook from tracking you, as Facebook will be able to correlate any Facebook code on the websites you visit with you. When a website is visited or an app is used, many people assume the website and the app are just composed of code relevant to keep the website and the app functioning.
However, this isn’t always the case, as the website or the app could also contain code from a third-party or even multiple third-parties, code which isn’t essential to provide the functionality for the website or the app (Libert 2015). Third-party code from the likes of Facebook is common amongst websites and apps.
The third-party code allows the likes of Facebook to develop an understanding of the behaviors of the users using these websites and apps. These behaviors form profiles of the habits of these users and can be used for advertising (Turow 2012), where behaviors can be targeted, for example, viewing websites about cats, results in a profile being developed of a cat owner and subsequent advertising is targeted, such as cat food, cat treats, to even more localized to local veterinarians and pet shops.
Many of the websites and apps enrolled into using third-party code, generally do so as they have advertising revenue sharing agreements and know if any of the adverts are clicked on their websites, they could earn a share of advertising revenue as part of their pay per click agreements. Or even just by displaying the ads they could earn revenue based on the number of impressions, that is the amount of times the advert is shown. (Turow 2012).
Advertising isn’t the only way to track users on websites and apps, social media buttons have become a norm with the likes of Facebook ‘Like’ buttons leading the way. These buttons essentially help Facebook track users habits by enabling web and app developers to include them in their code (Libert 2015). So, when someone visits a website with the Facebook ‘Like’ button embedded in the code, irrespective of whether they are Facebook user or not, this code can aid in building up a profile of person using the website or the app.
Does a VPN stop Facebook tracking?
A VPN could stop Facebook tracking if you are not logged into Facebook and are using a different browser with private browsing enabled but Facebook could use other techniques like fingerprinting to track you by using information about your browser.
By being logged into Facebook makes it easier for Facebook to keep track of what you’re doing, so, to minimize tracking logging out of Facebook makes a lot of sense. Opting to use Private Browsing modes (Incognito in Chrome) in a different web browser could also aid in ensuring tracking is minimized.
I use Mozilla Firefox for my day to day web browsing but if I want to visit a website and don’t want to be tracked, I switch to Chrome and using the Incognito mode along with my VPN switched on, I have some solace knowing tracking is minimized.
As there are no cookies present in the Chrome web browser from previous browsing, I made sure I deleted all the cookies and other information before I started using Chrome in Incognito mode, knowing Incognito mode was designed not to store any cookies.
To make sure I also set Chrome up to delete all cookies and other privacy information when I shut Chrome down. By using this set up of two browsers, I am limiting the effect of techniques like Browser Fingerprinting being used to track my activities.
Browser Fingerprinting is a technique to build up a profile, be it complete or partial, to determine the behaviors of a user. Peter Eckersley in his article ‘How Unique Is Your Web Browser?’ found that only 1 in 286,777 browser fingerprints will be similar. This provides a pretty unique way of identifying users and being able to track their browser fingerprints.
Which VPN is best for Facebook?
A VPN with a kill switch like NordVPN, ExpressVPN and Private Internet Access are considered best for Facebook. These VPNs will provide protection against tracking when used with private mode browsing and being logged out of Facebook.
Find out more information check out my VPN review article, where I look at quality VPN service providers in detail.
The VPNs mentioned above, are also the best VPNs for unblocking access to Facebook when you are using devices with restrictions in place. Such as in the workplace, at a school or college, where restrictions have been set up to stop access to Facebook.
The only caveat in getting these VPNs to work would be having the right privileges on the device you are using to install the VPN, as most corporate and school or college devices are locked down.
How do I know what Facebook knows about me?
Facebook knows a lot of information about its users and to be fair, it needs to know this in order to be able to target advertising and content to its users. Over 90% of Facebooks revenue comes from advertising and by providing targeting information to it’s advertisers, Facebook provides them with a more cost effective approach, giving them an excellent return on their advertising spend. As otherwise, untargeted advertising would not generate as many leads or opportunities to make money.
A lot of information in voluntarily given by Facebook users, such as in the ‘About You’ section, where personally identifiable information like your birthday, home address, phone numbers to even your relationship status can be added.
In the following sections I’ll take a look at information Facebook can glean that isn’t volunteered by their users.
Mobile versions of Facebook can use the location services provided by smartphones to track down the location of their users. I normally don’t have my location services on all the time on my smartphone and only turn it on when I need it, for example if I’m driving and need to use Google Maps to give me directions. However, I still have taken steps to ensure the Facebook app can’t use my location, by removing permissions for the Facebook app to use location services.
I’ve also changed the location services settings in the Facebook app using the following steps and also deleting any location history too:
From the ‘Security and Login’ page in the settings section, Facebook keeps a history of all the devices you’ve use to connect to your account. The information here includes the IP addresses and the locations of where you’ve logged in.
Facebook has information to your call history as Dylan McKay found out, as he was trawling through a data file downloaded from Facebook. Details of the calls made on Messenger, including the who the calls were made to, the time of the call and the duration, were just some of the pieces of information logged by Facebook.
Facebook responded to these logging details by stating the login was an opt-in feature of Messenger and required the users to opt-out using the settings described here.
Text (SMS) Information
Facebook has information about your text history and could read your text messages, as most phone users are oblivious to the privileges given to the Facebook app on their phones.
Facebook Apps likes Messenger could provide Facebook with a treasure trove of information about its users, more so as this app unlike WhatsApp doesn’t do end to end encryption as default. The encryption must be enabled by the user, so potentially Facebook is able to see the messages being passed through the Messenger app.
Facebook Social Logins
Many websites and apps accept the use of Facebook login for authentication instead of having to set up a new user id and password for each website registered. These websites and apps include Facebook code allowing for the integration of the authentication, thereby Facebook authenticates the user and sends a token back to the website or the app to say ‘hey, this person is who they say they are’.
Whilst this makes it easier for people not to have to remember the potentially different logins different websites might require, it also allows Facebook to know what websites and apps you are using. So, even if you’re using a VPN, if you’re using your Facebook Id as a social login, then Facebook can easily track you by knowing what websites you are visiting.
The websites and apps using the Facebook social plugins to allow you to use your Facebook id for login, also end up with information about you. Including name details, email address and a whole host of other information, which you probably wouldn’t want shared anyway. They can then use this information to contact you (you might need to opt-in for this, or some websites sneakily ask for opt-out, knowing you might forget to do this).
Can you use Facebook with a VPN?
In conclusion, you can use a VPN with Facebook but to really protect your privacy, additional steps must be taken to ensure Facebook doesn’t keep a track of your activities like your browsing habits.
By logging out of Facebook, using private browsing and different web browsers for different types of activities, will make it harder for Facebook to build up a tracking profile of your website activities.