If you’re gay, as I am, you’re a marketer’s bullseye on Facebook. The ads thrown at you are specific, and, more often than not, stereotypical (Lady Gaga tickets, anyone?). All-gay cruises, all-gay cruising spots, all-gay Tom Cruise … the list goes on.
Understandably, some people are up in arms about marketers swiping their sexual preferences off Facebook without their knowledge, notification, or consent, and using this information to push these behaviorally targeted ads. Our bedroom fun-time is being exposed to faceless entities. It’s a “privacy headache” and “troubling.”
Meh. Not really.
♦♦♦
The fiasco is borne from a study called “Challenges in Measuring Online Advertising Systems” (PDF) by Saikat Guha from Microsoft and Bin Cheng and Paul Francis from the Max Planck Institute for Software Systems. The study found that Facebook ads differed from one profile to another based on sexual orientation.
To discover this, researchers set up profiles for straight men, straight women, a gay man, and a lesbian. Besides gender and sexuality, the profiles were supposedly indistinguishable.
The ad content became more personally directed for the gay and lesbian users, but ads for gay males were significantly different, suggesting “advertisers target more strongly to [gay males].”
The problem was that some ads with neutral, asexual text (e.g. for a nursing degree in a medical college in Florida) appeared only on the gay profiles, indicating … indicating what? That gays, um, must really like medical colleges in Florida?
Researchers conclude:
The danger with such ads, unlike the gay bar ad where the target demographic is blatantly obvious, is that the user reading the ad text would have no idea that by clicking it he would reveal to the advertiser both his sexual preference and a unique identifier (cookie, IP address, or email address if he signs up on the advertiser’s site). Furthermore, such deceptive ads are not uncommon; indeed exactly half of the 66 ads shown exclusively to gay men (more than 50 times) during our experiment did not mention “gay” anywhere in the ad text.
The cookie and IP address part sounds concerning, but remember that whatever hyperlink you click, be it beastly or benign, can cram cookies down your Chrome and log your IP address. This is commonplace. Either you can dodge invasion by putting your browser on lock-down, or you can accept the fact that this leak sounds scary but, in many cases, the information is useless to nefarious forces.
♦♦♦
Adrian Chen over at Gawker writes:
If you’re comfortable enough to put [your sexual preference] on your Facebook profile, you’re probably OK with some people knowing you’re gay. But whereas Facebook’s privacy settings allow you to choose who can see your sexual preference, you have no control over what information Facebook uses to target advertising.
No, sorry, that’s not true. Gawker’s examination of Facebook’s privacy policies are fairly misleading and stink of pay-per-pageview engineering:
Facebook’s privacy policy states that it can even use “information you may have decided not to show other users (such as your birth year or other sensitive personal information or preferences) to select the appropriate audience for … advertisements.”
Nope. Facebook’s privacy policy actually says, “We do not give your content or information to advertisers without your consent,” and that comes from the privacy policy updated on October 5, 2010, two weeks before Chen’s article was printed.
I read through all of Facebook’s policies. None of them contained the language Chen quoted. Am I missing something?
♦♦♦
Still scared of being publicly outed? Change your settings (as you should every time Facebook updates its policies).
“You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us,” reads the policy. “You give us permission to use your name and profile picture in connection with that content, subject to the limits you place” (emphasis mine).
Also, from the advertisers’ guidelines: “Any targeting of ads based on a user attribute, such as age, gender, location, or interest, must be directly relevant to the offer, and cannot be done by a method inconsistent with privacy and data policies.”
While Facebook cannot guarantee advertisers will use collected data appropriately, it does have a channel in which to report privacy violations.
♦♦♦
Another concern expressed by Gawker: the Florida nursing school, for example, can tell who’s gay just by who got there via Facebook:
Let’s say you click on that ad for the nursing school that targeted its advertising only to gay men. You fill out an application and mention that you saw their ad on Facebook. The school now knows you’re a man who is interested in men, even if you’ve hidden your sexual preference using Facebook’s privacy settings.
I don’t buy it. If you’ve “hidden your sexual preference using Facebook’s privacy settings,” you won’t receive “gay” ads.
Another point: Facebook, unlike MySpace, avoids using concrete terms for “gay” or “straight.” It’s a matter of semantics, but it’s purposefully inexplicit phrasing.
Most Facebook users probably take “interested in” to mean sexual preference. And if you’re willing to say on Facebook that you’re interested in men, whether that means locking lips or platonic chest-bumping, you should—if the wording indeed belies sexual preference—be interested in asserting, yep, I’m gay.
♦♦♦
Of course, the Facebook-knows-I’m-gay thing turned into an instant PR mess for the site. A spokesperson for Facebook explained it away to the Washington Post:
Our advertising guidelines prohibit advertisers from using user data collected from running an ad on Facebook, including information derived from targeting criteria. For example, we explicitly prohibit them from associating that targeting detail with the data collected from the user in forms they fill out, applications they make, or other interactions on their site.
White noise aside, Facebook is not, by any stretch of the imagination, infallible. Most recently, Facebook was busted when its online games sent private information to marketers. That sounds a lot like what’s supposedly happening here, but it’s not, and, as always, the amount of information leaked depends entirely on the amount of information you let Facebook share.
Our online security depends on a tenuous trust between us and them, and, all too often, the misconceived idea that our social-media information is our property, no one else’s, and that we have inherent online protection—as though we weren’t the ones flying our flags in the first place.