I drank hot chocolate at the Facebook pop-up and learned horrifying things about my privacy
It took 10 minutes of waiting in the snow, two hot chocolates, one Facebook employee, and five separate clicks for me to discover on Thursday the list of advertisers who had access to my contact info.
Some 2,220 items long, the list of advertisers included a car dealership in Wisconsin — a state I've never been to — and the AARP (I'm 26). The friendly Facebook employee who was walking me through my privacy settings informed me that I couldn't remove myself from the lists unless I contacted each of the advertisers individually. Um, excuse me?
This, believe it or not, was the company's idea of triage. Welcome to Facebook's first American privacy pop-up event.
To put it mildly, 2018 has not been a great year for Facebook. In March, the company admitted that the personal information of some 87 million users had been improperly shared with data firm Cambridge Analytica, a political consulting firm with ties to President Trump. Then, in September, news broke that a network attack had exposed some 50 million Facebook users' private data, including mine. In a recent survey by Quartz, almost 80 percent of readers said they don't trust Facebook with their personal data — and frankly, who can blame them?
This is not the sort of oopsie you can resolve with free hot chocolate and F-shaped marshmallows. But on Thursday, Facebook tried.
At its first U.S. pop-up privacy event in New York City's Bryant Park, company employees in a seasonally-appropriate trailer handed out booklets of "tips and tricks" to help "control your Facebook account" and served thumb-sized pumpkin pies. Decorations included miniature trees, a sign announcing "feedback is a gift," and a TV display that misspelled the company's name as "Facebok."
Almost immediately, one of the employees pulled me aside and prompted me to open the Facebook app on my phone. Together we walked through my privacy settings, most of which I was familiar with, and then moved onto the advertising tabs.
This is where things started to get interesting: My "interests" included "food" (sure), "trousers" (I ... guess?), and "automobiles," even though I don't own a car and can't tell one midsize sedan from another. Asked how such a category had appeared in my data portfolio, I was told I'd at one point clicked on a car-related ad. Seemed pretty doubtful, but perhaps once, by accident?
Next we looked at "advertisers whose website or app you used," where I had 362 entries, many of which were companies I'd never heard of or knew I never would have interacted with (Again, "Driving Academy?" And why would I have ever visited "NFL UK"?). When I protested that the entries seemed strange, I was told that the advertisers were listed because I'd at some point logged into a website or app through Facebook — something I consciously never do.
Finally there was that terrifying category of companies "who have added a contact list with your info." Facebook explains this section as advertisers that are "running ads using a contact list they uploaded that includes your contact information," which was obtained "after you shared your email address with them or another business they've partnered with." Eek. Sketchiest of all, this information is housed under a Facebook tab misleadingly titled "advertisers you've interacted with," even though I can confidently say I've never knowingly interacted with hundreds of them — if not most of them.
So what is a social media mammoth hemorrhaging trust and users to do? "There's no silver bullet," said Erin Egan, Facebook's chief privacy officer, who attended the event in New York. She emphasized, though, that "we want people to use these [privacy] tools."
And transparency is great — I appreciated it and said as much to the friendly people who had helped me locate Facebook pages I didn't even know existed. The problem, though, is two-fold. First, there is the question of accessibility to this information, which is hidden behind a labyrinth of folders. I required a literal Facebook employee to walk me through it, something that clearly isn't feasible for most of the website's millions of users.
Most important of all, though, is the question of what to do with all this transparency. It's one thing to see the hundreds of advertisers leeching my data off of Facebook; it's another to weed through it all, clicking "hide ads" on every creepy advertiser that somehow discovered or bought access to me. I now know I need to police my data better, but I'm not entirely sure how. As Alex Hern puts it at The Guardian, knowing all this information can make you feel even more powerless: "I cannot tell Facebook that the vast majority of these companies cannot possibly have acquired my email address legitimately; I cannot opt out of them all at once, defenestrating advertisers in their masses with a single click; and I certainly cannot request that no company be able to target me simply by uploading an easily guessable address to the site," he writes.
Facebook's New York pop-up event lasted just 10 hours, most of which was during the middle of a workday. There is almost a comical element to the whole affair — a laughably impractical form of outreach to a user base that barely trusts the company to be telling us the truth this time around.
The pop-up, rather, was like the hot chocolate they were putting in our hands: digestible, photogenic, and full of empty calories.