Facebook’s Surveillance-Like Software Is Called Audience Network
This may be hard to picture now, but in 2012, Facebook was struggling. The newly public company wasn’t meeting Wall Street’s demands for sales and profit, and the stock price was down from $38 per share at the IPO to $19 per share. Mark Zuckerberg’s ambitions to be a predominant tech company on the NASDAQ were failing. Meanwhile, macro-economic conditions were rosy, so this downturn was especially disappointing to Facebook investors, which in turn, caused mounting pressure for the social network.
It’s important to note that “selling data” is the correct terminology as advertisers buy ads on Facebook for the data, as opposed to print, television or radio ads which are bought based on the content. You are buying the data when you buy a Facebook ad, although Mark Zuckerberg led Congress to believe otherwise.
The betrayal was two-fold. On one hand, a first-party data company boldly entered the third-party data marketplace to broker data, risking the trust of its social media users. Secondly, Facebook did everything in its power to make sure social media users would not find out. Audience Network, which fuels a substantial portion of Facebook’s revenue from the social network, has not been disclosed to the public to this day. It is eerily absent from PR releases and discussions around privacy. Unless a Facebook user was a detective, they would have no reasonable way to know that Facebook operates Audience Network and is selling private data across hundreds of thousands of applications at an estimated 40% of the app market.
Built in 2012, Audience Network went live in 2014, and caused Facebook to stage a remarkable turnaround on the stock market. Facebook has posted consistent returns ever since. This is in marked contrast to the years prior to Audience Network, between 2012 and 2014, when Facebook faltered quarterly, often losing 50% of its stock value due to frequent, disappointing earnings.
The data Facebook had on users was more valuable than previously estimated, and to Facebook’s good fortune, they found other companies were willing to do anything in order to leverage the data. Now, we had mobile application developers giving up their first-party data in exchange for Facebook first-party data, and these mobile app developers followed Facebook’s lead in betraying the privacy of their users (I’ll show you mine, if you show me yours).
Please be aware, there are many laws against first-party data companies entering the third-party advertising market. For instance, HIPAA prevents your health care company from brokering your data, even though this data is highly valuable and could make billions for health care companies on the third-party marketplace (think of all of the audience targeting pharmaceutical companies could do). Your bank and credit card companies, such as Chase, Wells Fargo, Visa and Mastercard, could well eclipse Facebook’s annual revenue if they brokered your purchase data on the third-party market. Advertisers would love an audience targeting feature based on what you already buy on your credit card. The ROI of these ads would be very attractive to advertisers as your purchases tell a lot about what you’ll buy in the future. However, the Graham-Beach-Liley Act prevents the financial industry from becoming third-party data brokers.
Lawmakers have not caught up to the mobile era, nor do they understand how mobile device signals and sensors work, and this has cost consumers dearly (see below).
Why do advertisers pay such high prices for Facebook data? Why are mobile application developers willing to sell out their own app users? Because no other first-party data company was willing to take the ethical risks that Facebook took, therefore, Facebook had the ultimate supply and demand ratio as the only company brokering first-party data in mobile applications.
Keep in mind, that in addition to selling data, Facebook also tracks people in hundreds of thousands of applications. It’s unprecedented to take these risks as a first-party data company and to track people on mobile across hundreds of thousands of applications. “We shouldn’t sugarcoat the consequences,” Tim Cook said in October referencing Facebook. “This is surveillance and these stockpiles of data serve only to make rich the companies that collect them. This should make us uncomfortable.”
By 2016, the number of companies that Facebook sold first-party data to, and vice versa, totaled several thousands of applications and companies. Privacy, as we previously knew it, was completely eradicated.
Meanwhile, Facebook users had no choice in the matter. This was done without any disclosure, and there was no way to opt out. People who are not Facebook users are also being brokered and tracked as of 2016. But Facebook made sure the public (including investors) did not know about Audience Network. Audience Network is not only eerily missing from public disclosure, but it’s also missing from important SEC earnings calls and documents. Today, even after much privacy scrutiny, what Audience Network is and how it operates is relatively unknown.
Where I Was When Audience Network Launched
I remember very clearly when Audience Network was launched five years ago. I was in the audience at the F8 Developers Conference at the conference center on 8th and Townsend in San Francisco. I was excited when I picked up my plastic polymer badge, and being in the K’s, found my badge next to Guy Kawasaki — Apple’s former celebrity tech evangelist. I was also pretty excited about the freebies the conference handed out, like a Raspberry Pi.
When Facebook’s Audience Network was announced, there was a tremor felt through third-party ad companies. How could third-party ad companies compete with Facebook, who would leverage their proprietary first-party data to broker ads?
To be clear, third-party data companies create a crucial middle man to ads, as there is not the same conflict of interest as a first-party data company that directly collects the data also selling the data. Facebook’s Audience Network got rid of the middle man despite the blatant conflict of interest in dealing and selling your customer’s data directly to advertisers and publishers.
Anyone at that conference would have been remiss to not predict Facebook’s rampant success. We were an invite-only audience chosen for our connections and influence in mobile development. The people in the audience that day knew, perhaps more than any other group of people on the planet, that the mobile device had ushered in a new era of data collection.
Audience Network hinges on the surveillance capabilities of the mobile device. This is critical to understand. Website cookies simply don’t compare and should not be used for reference purposes when discussing data collection on mobile.
Technologists had not seen anything like the data collection capabilities of a mobile device, due to the sheer amount of time people spend on mobile, the information people input, the number of applications used on the device, and most importantly, the sensors and signals the mobile device collects that can be extracted from software development kits (SDKs) installed on the device.
From a data collection standpoint, native mobile applications bear little resemblance to the mobile web or desktop. In other words, the standalone apps you download from the app store come with software that can track you in the background, which is not possible when you access sites from a browser. Cookies cannot track a person.
Developers from forty percent of the highest grossing apps on the market have installed Audience Network into their applications and are allowing Facebook to track their users in exchange for Facebook’s first-party data, which is used to broker ads for a higher payout (CPMs).
Here is the data you can extract from a native mobile application using software like Audience Network.
- Microphone: Used for making and receiving calls, and voice commands
- SMS conversations: Call log and SMS permissions are loose with Facebook Messenger accessing texts.
- Accelerometer: Helps track your steps, tells the phone’s software which way your device is pointed and how fast you are accelerating if you’re in a car.
- Pedometer: Counts steps and accesses accelerometer for movements like running or jogging.
- Gyroscope: Detects orientation with MEMS (Micro-Electro-Mechanical Systems)
- Magnetometer: Measures magnetic fields. Operates in tandem with GPS to figure out where you are located and which way you are pointed.
- GPS: Communicates with satellites to find angles of intersection for exact location
- Barometer: Measures air pressure and can detect weather changes
- Proximity sensor: Can tell when your phone is up to your ear
- Ambient Light sensor: Adjusts the brightness of a screen according to the light in the room
- Heart rate sensor: Measures heartbeat with LED and optical sensors
- Thermometer: Measures the temperature inside the device and battery
- Air humidity sensor: Measures humidity in the air
Is Facebook tracking all of these device signals and sensors? You can be confident this is happening as small, competing startups with very little funding have been able to. One example is Quettra, which was a software development kit that “when a person opens an app with it implemented, that app can make an instant scan of the device, which is then fed back to the developers.” This little startup was a competitor to Audience Network when it was bought out for approx. $10 million in 2015, and had the capability to “chart your (and millions of other users’) app graph” and was “able to build completely new kinds of analytics based on the millions of datapoints that Quettra is looking at on its platform.”
If a startup worth $10 million can do this with a software development kit installed inside relatively few apps, what do you think a $50 billion market cap company can do that is inside hundreds of thousands of applications?
Surveillance on the Mobile Device
According to Merriam-Webster, surveillance is the “close watch kept over someone or something (as by a detective).” Wikipedia states, “In espionage and counterintelligence, surveillance is the monitoring of behavior, activities, or other changing information for the purpose of influencing, managing, directing, or protecting people.”
The problem with Facebook’s Audience Network is that it’s inside so many native mobile applications that it constitutes surveillance. Virtually, everything you do on your smartphone leads back to Facebook through a dark web of software development kits (SDKs). Facebook is tracking what you do in the New York Times app. They are collecting what you do when you watch Hulu. They are collecting data from finance apps, gaming apps, wellness apps, and utility apps. Go look at your smartphone right now and consider that Facebook is tracking you in 40% of those mobile applications with access to powerful device signals and sensors. Again, you do not have to be a Facebook user as this is occurring without consent across millions of applications.
Audience Network software is running inside 40% of the most popular mobile applications on the market today. You only need one of those applications on your device for Facebook to access the signals and sensors of the device. People are spending upwards of four to five hours on mobile. Now, add 10,000 data scientists mining that data and you can easily see why privacy is non-existent.
Mark Zuckerberg continually states that Facebook has to collect data to be a free service. This isn’t true. Facebook was a free service for 7 years before Audience Network was launched. From the beginning of time, millions of companies have supported themselves on ads without selling first-party data or tracking people with surveillance-level software. What Mark Zuckerberg means to say is that Facebook cannot be a $500 billion market cap company on the stock market without tracking you and selling your data. Audience Network was a desperate attempt for a stock market turnaround (which worked beautifully) — but should American citizens be tracked by surveillance software for stock market gains? That’s what needs to be answered.
What Facebook Has Told Us
When Facebook reports the number of users to investors and the press, the company does not report the non-Facebook users they are monetizing, which is 3–4 billion when you include non-Facebook users with a smartphone, versus the 2 billion they report. This also means the average revenue per user on the 2 billion users appears higher than it actually is, because it’s being laundered from the 3–4 billion including non-Facebook users they are actually monetizing so their practices appear more acceptable.
There is one announcement made in 2016 that describes how Facebook tracks people: “Over the coming months we will expand the reach of Facebook-powered advertising on the Audience Network to include people who don’t have accounts.”The point is reiterated again: “This update also offers Facebook advertisers more accurate and more complete measurement of their campaigns, because we are now able to count conversions from people who are not connected to Facebook.” source: Facebook
The last time Facebook reported Audience Network numbers, it served advertisements to over 1 billion people per month at the end of 2016. That’s more than Instagram today, and this incredible base should be more like 2 billion in 2018 assuming it followed the same trajectory of adding 1 billion users every 2 years (Audience Network was launched in 2014).
“We talk about reaching a billion people every month, and these are real people,” said Brian Boland, VP of publisher solutions at Facebook. “We’re not talking about cookies or browsers or devices or ID, where one person can look like six things. We’re talking about legitimately 1 billion people that can be reached on the audience network.”-Q4 2016
Below is a graph from CB Insights showing how often Facebook mentions each app in earnings calls. Audience Network reached 1 billion unique users by 2016 — more than Instagram today and 3 times larger than Whatsapp at the time of acquisition, yet there is no reasonable mention of it.
In fact, the story as to how Facebook was making this revenue is consistently buried beneath the Facebook “family of apps.” (Family of apps is how Facebook refers to Instagram, Whatsapp, and Oculus Rift). Facebook’s public relations term “family of apps” is a farce. Facebook makes money from brokering data and tracking people across millions of applications, and they are careful to not disclose this — to consumers, to investors — and more importantly to Congress.
More Reasons Why You Should Care
I admit, I’m a privacy advocate and this kind of thing might bother me more than the general population. Maybe you don’t care that Facebook is running surveillance on nearly everything you do on your mobile phone, and while you watch OTT television at night, and then selling your information in ways that are illegal for other industries.
Okay, that’s fine. Then consider this.
Consumer debt is at an all-time high, and precision ad targeting has most certainly contributed to consumer spending. For the first time in history, advertisers have been able to prompt you to buy products based on who you are and by essentially reading your mind. They can get you to buy things you don’t want or need through artificial intelligence. Remember, Facebook is collecting data across millions of applications and serving you ads because this level of targeting can influence you behaviorally.
It doesn’t matter which side you are on politically, we can all agree that Facebook was used to target and influence voters. Both Republicans and Democrats have at agreed on this. Imagine how your purchases are being influenced, which is going on daily — and not only in election years.
They do this because the return on investment for advertisers is higher, and therefore, there is actual proof you are purchasing more things because of precision ad targeting. You do not need to have bought something in the Facebook “family of apps” to have been targeted or converted into a sale because Facebook is inside millions of apps.
Advertising is a necessary part of life. With that said, advertising should be based on the content you are consuming. This creates a fair playing field. Knowing who I am and what I’m thinking from a first-party relationship, and then selling me as an audience to advertisers on a third-party marketplace so that I see ads off Facebook and Instagram, is not a fair playing field.
To illustrate, Budweiser and Pizza Hut can buy ads based on content like the Super Bowl. This is what is meant by “selling ads.” But these companies should not be able to serve me ads based on my private activity on my smartphone. This is “selling data,” and at the level of ubiquity that Facebook has in the mobile software market, it also constitutes surveillance.
The unfortunate part is that a company running software surveillance for precision targeting, with proven negative behavioral effects, is now attempting to introduce crypto payments to the public. Facebook is reckless and will do anything for stock market gains. This does not make for a good candidate for bringing crypto to the masses. In fact, if and when Facebook deals in crypto, the company will be in violation of the Gramm-Leach-Bliley Act, which was enacted in November of 1999 and requires consumer financial privacy. Because Facebook is sitting on large amounts of data that was collected without consent, the company would be in violation of consumer financial privacy rules by becoming a transactor of financial payments.
Another reason to be concerned is that artificial intelligence will create a privacy catastrophe if we are not careful. AI is slated to drive a $15.7 trillion economy by 2030. To put this into perspective, tech’s top 5 companies are worth $4 trillion today (Apple, Amazon, Google, Facebook, and Netflix). This means, over the next decade, data will be driving 400% more profits than Big Tech combined. We need to make sure AI does not become the wild west with surveillance-like software tracking us without our consent.
The solution to the current privacy issues is obvious. First-party data companies should not be able to deal in the third-party ad market. This is especially important with the advent of the mobile device and the near-term AI economy.
Creating ways for social media users to opt-out of tracking is not enough. We can’t place the onus on citizens who are not aware of what a software development kit (SDK) does and how precision targeting may be harmful.
Facebook has set a dangerous precedent and laws like we have in health care (HIPAA) and finance should be emulated. Facebook was given the opportunity for disclosure of Audience Network, but this did not occur during Mark Zuckerberg’s testimony last year’s congressional hearings. Safe to say, self-regulation to protect privacy is idealistic and counter-intuitive to the ambitions of a corporation.
In my opinion, this is what should happen:
1. Facebook is either a first-party data company or a third-party marketplace. It cannot be both. This conflict of interest has been regulated in other industries and should be regulated for the mobile device.
2. App stores should test Software Development Kits and require the software to pass privacy testing and to be certified against tracking users unless they opt-in. App stores should also be liable for offering apps that track users without consent like Audience Network.
3. Opt-out should not be the responsibility of social media users or app users. The reverse should happen with an opt-in feature.
4. The mobile industry should be governed like the health care industry and finance industry as the ambitions of corporations are in conflict with the right to your private thoughts and private GPS location.
5. Google and Twitter are also guilty of tracking users outside of the apps they own and also sell data as first-party companies on the third-party market. Facebook’s private data is more powerful because it is a social network where people share their personal lives.
6. Any company that has taken data for the purpose of advertising should be prevented from dealing in financial services, including crypto, per the Gramm-Leach-Bliley Act enacted in 1999, which is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information.
Data collection has become complicated but privacy is simple. Remove conflicts of interest, where they exist, and regulate industries that have access to private data.