General News

How Facebook Knows Where You Are Without Knowing Where You Are

Over the past few years, there has been a positive drive towards imposing greater regulations on organisations and how and when they collect user data. Users now have more control than ever on being able to consent to the collection of different types of data by apps.

However a recent article by Forbes, written by Zak Doffman has uncovered that organisations, in this case Facebook, are beginning to circumvent these regulations by using multiple, seemingly unrelated and innocuous data points to infer a great amount about their users, without their knowledge. Researchers that the Forbes article cite state that the processes Facebook are operating appears to be only for iPhone users, and with Facebook owned apps being some of the most popular, this will be affecting close to the billion plus iPhone users worldwide, with there currently being no way of stopping it.

One way in which Facebook can deduce a user’s geographical location is by using the metadata in photos, as well as IP addresses. This of course is all done without the user’s knowledge or consent, and even if they have expressly asked Facebook to not track their location, which Facebook have admitted to. It has now been found that Facebook uses the iPhone’s accelerometer and the data they can collect from it to infer your exact location, behaviours, and patterns. It can also be used to match you with people near you, whether you know them or not.

This seems to be a new way in which organisations are looking to circumvent regulations that require them to gain consent from users to track their location. Facebook of course are spearheading it, as they’ve never seemed to let consent get in the way when there’s money to be made from user data. Seemingly innocent features of an iPhone can be used by Facebook, along with other permitted data points to infer so much information about the user, all without the user’s knowledge or permission. On the face of it, Facebook are complying with the rules by allowing users to alter their privacy settings and not share their location as well as other types of data, but then behind the back of the user they’re managing to collect the exact same information through other means. What’s even more worrying is that there’s no setting that allows the user to turn off the accelerometer so that Facebook can’t read it. It gives the illusion of control over your own data, but realistically you have anything but that. 

The Forbes article quotes researchers Talal Haj Bakry and Tommy Mysk who say “Facebook reads accelerometer data all the time. If you don't allow Facebook access to your location, the app can still infer your exact location only by grouping you with users matching the same vibration pattern that your phone accelerometer records.” All Facebook owned apps are conducting this type of data collection, including Facebook itself of course, as well as Instagram and Whatsapp. The researchers quoted above also checked other apps including iMessage, TikTok, WeChat and Signal, and they don’t collect accelerometer data like Facebook does. Mysk also goes on to detail the wealth of information Facebook can infer from just using accelerometer data, such as heart rate, location and precise movements. Even more worryingly, Mysk goes on to say that all IOS apps can read data from the accelerometer without the user’s permission. 

Facebook claims that they use the accelerometer for certain features such as 360 degree panoramic photos, as well as the shake-to-report feature. Now whilst this seems like a legitimate reason for using the accelerometer, it doesn’t explain why Facebook is still gathering data from it even when you’re not using those features. What might give us an insight into the social media giant’s true reasons for reading accelerometer data, is that even when users turn the relevant features off that need to use the accelerometer, whilst those features don’t work anymore, Facebook is still reading data from the accelerometer.

The Forbes article then goes on to detail an example of how Facebook can actually infer your exact location just by reading the accelerometer. If a user is on a bus, and another passenger also has Facebook installed on their iPhone and does share their location, Facebook can deduce that the user is in the exact same location on the exact same bus as the passenger due to the fact that both accelerometers will be giving off the same vibration pattern, for example when the bus stops and starts. Using devices that are near each other to infer location has obviously been a focus of Facebook recently, as they also have a patent application for using wireless phone signals to connect strangers. 

Ultimately, Facebook is in the business of data, that’s how it makes its trillions of dollars. With a seemingly increasing number of restrictions imposed on them, Facebook is coming up with increasingly ingenious and deceptive ways of using any data points available to them, coupled with absolutely any types of seemingly innocuous information to infer absolutely everything about their users. All of this is being done against the wishes of those users, and without their consent, because if you don’t even know about it, how can you stop it? What’s more worrying, even if you did know about it, there are no functionalities on their apps to turn these features off. We recently wrote about

Apple’s new data security focussed software update, which came with privacy reports, email tracking prevention capabilities, and allowing users to prevent apps from tracking their activity when using their device. Whilst this is a great step in the right direction, and Apple seem to be the industry leaders in allowing users to control how their data is used, the next step must be to allow greater functionality in allowing users to prevent apps from taking any types of data, no matter how innocuous they seem, to prevent them from tracking things like their geographical location from simply reading accelerometer data, as Facebook are currently doing.

The full Forbes article can be read by clicking here.