Buzzfeed knows everything about you thanks to Google, Facebook & Quizzes

Adland: 

Have you ever used the Ghostery add on? You install it in your browser of choice, and it'll show you a list of each ad tracking script or widget on the web page that watches you. Go install it right now, I'll wait. Check out Adland in comparison to your other bookmarked advertising news sites or newspapers, just for fun. Now check out Buzzfeed. You'll soon be familiar with all the big names, Doubleclick, Google analytics, Facebook, Brightcove, Yume, Moat, New Relic, Pointroll, Optimizely, and so on.

Now, what can all these things see when used properly? Dan Barker has picked apart strings over at Buzzfeed and notes in "BuzzFeed is Watching You" that each quiz you do - while signed into your facebook and tracked by Google analytics - reveals a lot about you specifically and can be tied to your digital footprint.

In other words, if I had access to the BuzzFeed Google Analytics data, I could query data for people who got to the end of the quiz & indicated – by not checking that particular answer – that they have had an eating disorder. Or that they have tried to change their gender. Or I could run a query along the following lines if I wished:

  • "Show me all the data for anyone who answered the “Check Your Privilege” quiz but did not check “I have never taken medication for my mental health”.

  • In BuzzFeed’s defense, I’m sure when they set up the tracking in the first place they didn’t foresee that they’d be recording data from quizzes of this personal depth. This is just a single example, but I suspect this particular quiz would have had less than 2 million views if everyone completing it realised every click was being recorded & could potentially be reported on later – whether that data is fully identifiable back to individual users, or pseudonymous, or even totally anonymous.

    It's not just Buzzfeed who can do this, each time you click on that Facebook link your friends shared, to read that article, do that Quiz, watch that film, you're leaving digital crumbs of your privacy all over the place. A Buzzfeed employee was quick to jump in the comments there and clarify they don't know it's you, you.

    ....we do not in fact record that it is “you” browsing the site. The string sent to GA is not your username but an anonymized string that is not linked in any way to your account, email address or other personally identifiable information. Also, about 99% our readers are not even logged in.
    We are only interested in data in the aggregate form. Who a specific user is and what he or she is doing on the site is actually a useless piece of information for us. We know how many people got Paris or prefer espresso in the Which city would you live in? quiz, but we don’t know who they are or any of their PII.

    If the data is "anonymized" why is there a unique string on it? That unique string seems like it would be useful when looking at "stuff this visitor also looked at on Buzzfeed" at the very least. So now they know you like quizzes and posts about puppies. No big deal. But, you know how Facebok and Google can now recognize you without even seeing your face in photos? The small stuff paints big pictures.
    Now Facebook can find you in any photo with 97% accuracy, that's even better than the FBI's own Next Generation Identification system. This is what uploading all the photos in the world to Flickr, Facebook and Google brought us - teaching computers to find things like "delicious", "red", bicycle" and you in photographs. Even when you have your back turned and are wearing a hoodie, because they know all your recognisable traits now such as build and visible tattoos. And users rejoice, because it's so practical when the computers labels all your pictures for you, forgetting the creepy that comes with this gift.

    Buzzfeed says the strings they are are anonymized, but lets be honest, it takes up literally no additional space to make a user ID that can be linked back to personally identifiable information in a database. And what if that link to your real name is created by someone else snooping on the page, say a government entity, hackers, or any one of the groups who have their cookies following you around the web that you see using Ghostery: Facebook, Google, etc. The world was outraged at the thought of NSA's PRISM, but leave all this information willingly to silicon valley hip corporations, worldwide.

    You can't, on the one hand recoil at the idea of NSA seeing metadata, hollering about privacy, while simultaneously giving it away to various tech corporations on the web, whose terms of service you never bothered to actually read. It's only a matter of time before this data can be used in courts all over the world. Data brokers have the FTC issuing new regulations and demanding transparancy but the FTC can barely keep up.

    But what does it matter what you answer on a quiz? Or if you change your profile picture to a rainbow image, which facebook then tracks, just like they did when they tracked your mood and your social influence and political mobilization.

    I used to joke - and I'm sure I've written it somewhere in an article on Adland years ago - that with all this social web tracking happening, it'll become suspect to not have a digital footprint. Looking for the "bad guys" will be a simple matter of looking for "black holes" of no data. When I shut down my Facebook profile (again, my first Facebook infocide was in 2007) last week, my friends didn't raise an eyebrow. But as one of my other friends followed suit, the reactions to his leaving ranged from shocked to bewilderment, and required those left behind in the walled garden to come and explain his absence. Like shutting down a facebook profile is abnormal.

    Considering how many sites use Facebook comments, Disqus comments, Google comments on their sites, which in turn brings the sites extra traffic from the social networks in question, it does seem drastic to shut down a facebook profile. If you've ever used it as a login you may even lock yourself out from lots of accounts that you want to keep. All of these entities keep track of your name and your IP number, over several devices.

    Perhaps that's why I find it just a little ironic that a sites old-fashioned comment-box, that doesn't use a hundred tracking cookies & your usual Facebook/Disqus/G+ comment system is deemed "unsafe" by those who would apparently rather be shadowed by digital corporations across social media than just have a discussion in more than 140 chars. The microwave mentality of not thinking about this has shrunk our vast wild west internet into a handful of corporations who see all that we do and own our data.


    FYI: If you comment here, I, as the site's webmaster, can see your current IP. That's it.

    Comments (1)

    • Dabitch's picture
      Dabitch

      Ironically, this being shared a lot on Facebook.

      Jun 30, 2015

    Leave a comment

    about the author

    Dabitch Creative Director, CEO, hell-raising sweetheart and editor of Adland. Globetrotting Swede who has lived and worked in New York, London, San Francisco, Amsterdam, Copenhagen and Stockholm after growing up in Kiruna, Raleigh and Jiddah.