Facebook App Events: A Many-Tentacled Monster That Means #ZuckMustGo

6 min readFeb 26, 2019


That Facebook tracks us all even when we aren’t using Facebook is at this point an open secret. Anytime you go to a website that has installed a Facebook Like or Login button (read: most websites), Facebook has the ability to communicate with your computer through what are called third party cookies; thus, even if you don’t click on the Like or Login button and even if you haven’t logged into Facebook in years, there is still continuing surveillance! Through these tentacles on millions of websites, Facebook can track your activities online. They may know more about you than even your most intimate partners. You have no secrets with Facebook on the web, even if you setup a Facebook account years ago and even if you haven’t used it since. This recently published paper does a fantastic job of covering Facebook’s history with surveillance capitalism and how Facebook spread its tentacles all over the web to strangle your freedom and privacy.

The recent scandal under investigation by the New York Attorney General around Facebook secretly knowing your ovulation cycle or that home you just checked out on Zillow is an example of this same strategy applied to native mobile apps. Installing a Like or Login button in a native mobile app is one way Facebook can track you on your phone, but App Events shows there are even more invasive ways. It’s the same strategy Facebook mastered to surveil us on our computers perfected for phones.

Any app that uses Facebook App Events (of which there are many!) rightly wants to be able to trigger new experiences and opportunities for users based on actions and events users take in the app. This is yet another example of Facebook using vague language and loopholes to find seemingly legitimate rationales for doing horrible and secretive things that no one ever agreed to let it do — and that you cannot prevent even by not using Facebook and even by removing it from your phone.

The big loophole here can be found in Facebook’s FAQ page for App Events. One of the questions in the FAQ is “How does Facebook use the data that I provide through the SDK or API?” The answer: “Facebook handles your data in accordance with our Data Policy. This information can be used to improve our ads targeting and delivery capabilities, as well as improve other experiences on Facebook, including News Feed and Search content ranking capabilities” (emphasis added). Basically, Facebook does whatever it wants with that data without any consent from the user or even awareness that Facebook is obtaining that data! In other words, we should all assume that every time we use an app on our phones, Facebook is obtaining information about what we do in that app. This isn’t always true, but there’s no way for us to easily verify which apps are using the Facebook SDK or APIs, so it’s better to be safe than sorry.

Facebook will of course deny this by claiming the data is segregated and, as usual, it will ask us to take its word for that. But Facebook’s own FAQ answer contradicts this PR response! Enforcement authorities have the ability to determine this for themselves through their investigative powers. But it will be a tall order for the New York Department of State and Department of Financial Services on their own to get to the bottom of this in light of how effective Facebook has become at giving evasive responses and using its influence to impede investigations.

Facebook has proven time and time again that it is simply one step ahead of the governments trying to investigate it. What happened in our case with the UK Parliament is just one example: Parliament subpoenaed us, we complied, and now Facebook seeks to punish us for doing so — even though Facebook took no action in the UK to protect its documents, and Zuckerberg has refused to travel to London for fear of being questioned over these fraudulent tactics. Just yesterday Facebook filed another motion in our case because of continued leaks of documents that were seized months ago, and now Facebook wants to seek millions of dollars of damages against us. None of this would have even been possible if Zuckerberg hadn’t avoided stepping foot on British soil and evaded lawful requests by Parliament to provide evidence and testimony. This picture tells that story:

So how does the most recent App Events scandal reported in the WSJ this weekend relate to our case at Six4Three? It all goes back to Zuckerberg’s decision to implement “full reciprocity” on November 19, 2012, which was described in detail by the UK Parliament and covered by The New Yorker. Zuckerberg decided in late 2012 that any app that integrates with Facebook Platform (read: pretty much every app!) needs to reciprocate in some way, however Facebook saw fit. One way was to give Facebook all its data. We allege in our case that Facebook began testing this with large developers (you know who you are!) from late 2011 through 2012.

After Zuckerberg made his final decision in late November 2012, Facebook expanded a tool called Action Importers to try to get mobile apps to feed user data back to Facebook. This overall strategy to crawl native mobile apps just like Facebook used Like and Login buttons to surveil the entire web has undergone a number of incarnations since 2012. App Events is one of the tactics towards this goal. It’s a more palatable and effective tactic than some others Facebook has implemented in the past because Facebook has a better excuse for why it exists at all — the excuse is this: tracking events in apps is a common practice in the mobile CRM and ad targeting industries.

What is not common, however, is linking up that data with the largest global surveillance apparatus in human history and using it in nefarious ways to continue to strangle our freedom and privacy and to extract monopoly rents in the advertising, messaging and social media industries. None of us signed up for that. But because Facebook has so many tentacles on the web and mobile, it can build profiles on everyone all the time. There is simply no way to stop Facebook from tracking you on the web or on your phone — and there is no easy way for you to even know what apps on your phone are feeding your data back to Facebook. When our choice becomes to shut out technology altogether or to agree to let Facebook into every aspect of our personal lives, then what we really have is no choice at all. Our governments and enforcement agencies need to take faster action. It is terrifying they let it get to this point in the first place. We have contacted enforcement authorities and provided them with specific strategies to investigate a number of Facebook’s tactics. Let’s hope they have the courage to do so.

So, how can you help us continue to bring to light Facebook’s fraud? Please see our campaign at the link below as it details how we are seeking to enforce your rights and to ensure that Facebook answers all the questions that the UK Parliament has pursued and which Facebook continues to duck while trying to sue us for millions of dollars of damages in California court. #zuckmustgo is our motto. He must eventually face the governments of the world and account for his actions. If Facebook is allowed to exist, it must learn how to do so without violating our privacy rights, without engaging in retaliatory litigation, and without seeking to punish those of us who call upon those with such immense money and power to account for the wrongful ways through which they’ve acquired that money and power.

Please help us protect your rights and your future: gofundme.com/helpsix4three




One of ten of thousands affected by Facebook’s deceptive business practices