This may be hard to picture now, but in 2012, Facebook was struggling. The newly public company wasn’t meeting Wall Street’s demands for sales and profit, and the stock price was down from $38 per share at the IPO to $19 per share. Mark Zuckerberg’s ambitions to be a predominant tech company on the NASDAQ were failing. Meanwhile, macro-economic conditions were rosy, so this downturn was especially disappointing to Facebook investors, which in turn, caused mounting pressure for the social network.
It’s important to note that “selling data” is the correct terminology as advertisers buy ads on Facebook for the data, as opposed to print, television or radio ads which are bought based on the content. You are buying the data when you buy a Facebook ad, although Mark Zuckerberg led Congress to believe otherwise.
The betrayal was two-fold. On one hand, a first-party data company boldly entered the third-party data marketplace to broker data, risking the trust of its social media users. Secondly, Facebook did everything in its power to make sure social media users would not find out. Audience Network, which fuels a substantial portion of Facebook’s revenue from the social network, has not been disclosed to the public to this day. It is eerily absent from PR releases and discussions around privacy. Unless a Facebook user was a detective, they would have no reasonable way to know that Facebook operates Audience Network and is selling private data across hundreds of thousands of applications at an estimated 40% of the app market.
Built in 2012, Audience Network went live in 2014, and caused Facebook to stage a remarkable turnaround on the stock market. Facebook has posted consistent returns ever since. This is in marked contrast to the years prior to Audience Network, between 2012 and 2014, when Facebook faltered quarterly, often losing 50% of its stock value due to frequent, disappointing earnings.
The data Facebook had on users was more valuable than previously estimated, and to Facebook’s good fortune, they found other companies were willing to do anything in order to leverage the data. Now, we had mobile application developers giving up their first-party data in exchange for Facebook first-party data, and these mobile app developers followed Facebook’s lead in betraying the privacy of their users (I’ll show you mine, if you show me yours).
Please be aware, there are many laws against first-party data companies entering the third-party advertising market. For instance, HIPAA prevents your health care company from brokering your data, even though this data is highly valuable and could make billions for health care companies on the third-party marketplace (think of all of the audience targeting pharmaceutical companies could do). Your bank and credit card companies, such as Chase, Wells Fargo, Visa and Mastercard, could well eclipse Facebook’s annual revenue if they brokered your purchase data on the third-party market. Advertisers would love an audience targeting feature based on what you already buy on your credit card. The ROI of these ads would be very attractive to advertisers as your purchases tell a lot about what you’ll buy in the future. However, the Graham-Beach-Liley Act prevents the financial industry from becoming third-party data brokers.
Lawmakers have not caught up to the mobile era, nor do they understand how mobile device signals and sensors work, and this has cost consumers dearly (see below).
Why do advertisers pay such high prices for Facebook data? Why are mobile application developers willing to sell out their own app users? Because no other first-party data company was willing to take the ethical risks that Facebook took, therefore, Facebook had the ultimate supply and demand ratio as the only company brokering first-party data in mobile applications.
Keep in mind, that in addition to selling data, Facebook also tracks people in hundreds of thousands of applications. It’s unprecedented to take these risks as a first-party data company and to track people on mobile across hundreds of thousands of applications. “We shouldn’t sugarcoat the consequences,” Tim Cook said in October referencing Facebook. “This is surveillance and these stockpiles of data serve only to make rich the companies that collect them. This should make us uncomfortable.”
By 2016, the number of companies that Facebook sold first-party data to, and vice versa, totaled several thousands of applications and companies. Privacy, as we previously knew it, was completely eradicated.
Meanwhile, Facebook users had no choice in the matter. This was done without any disclosure, and there was no way to opt out. People who are not Facebook users are also being brokered and tracked as of 2016. But Facebook made sure the public (including investors) didi not know about Audience Network. Audience Network is not only eerily missing from public disclosure, but it’s also missing from important SEC earnings calls and documents. Today, even after much privacy scrutiny, what Audience Network is and how it operates is relatively unknown.
Where I Was When Audience Network Launched
I remember very clearly when Audience Network was launched five years ago. I was in the audience at the F8 Developers Conference at the conference center on 8th and Townsend in San Francisco. I was excited when I picked up my plastic polymer badge, and being in the K’s, found my badge next to Guy Kawasaki — Apple’s former celebrity tech evangelist. I was also pretty excited about the freebies the conference handed out, like a Raspberry Pi.
When Facebook’s Audience Network was announced, there was a tremor felt through third-party ad companies. How could third-party ad companies compete with Facebook, who would leverage their proprietary first-party data to broker ads?
To be clear, third-party data companies create a crucial middle man to ads, as there is not the same conflict of interest as a first-party data company that directly collects the data also selling the data. Facebook’s Audience Network got rid of the middle man despite the blatant conflict of interest in dealing and selling your customer’s data directly to advertisers and publishers.
Anyone at that conference would have been remiss to not predict Facebook’s rampant success. We were an invite-only audience chosen for our connections and influence in mobile development. The people in the audience that day knew, perhaps more than any other group of people on the planet, that the mobile device had ushered in a new era of data collection.
Audience Network hinges on the surveillance capabilities of the mobile device. This is critical to understand. Website cookies simply don’t compare and should not be used for reference purposes when discussing data collection on mobile.
Technologists had not seen anything like the data collection capabilities of a mobile device, due to the sheer amount of time people spend on mobile, the information people input, the number of applications used on the device, and most importantly, the sensors and signals the mobile device collects that can be extracted from software development kits (SDKs) installed on the device.
From a data collection standpoint, native mobile applications bear little resemblance to the mobile web or desktop. In other words, the standalone apps you download from the app store come with software that can track you in the background, which is not possible when you access sites from a browser. Cookies cannot track a person.
Developers from forty percent of the highest grossing apps on the market have installed Audience Network into their applications and are allowing Facebook to track their users in exchange for Facebook’s first-party data, which is used to broker ads for a higher payout (CPMs).
Here is the data you can extract from a native mobile application using software like Audience Network.
- Microphone: Used for making and receiving calls, and voice commands
- SMS conversations: Call log and SMS permissions are loose with Facebook Messenger accessing texts.
- Accelerometer: Helps track your steps, tells the phone’s software which way your device is pointed and how fast you are accelerating if you’re in a car.
- Pedometer: Counts steps and accesses accelerometer for movements like running or jogging.
- Gyroscope: Detects orientation with MEMS (Micro-Electro-Mechanical Systems)
- Magnetometer: Measures magnetic fields. Operates in tandem with GPS to figure out where you are located and which way you are pointed.
- GPS: Communicates with satellites to find angles of intersection for exact location
- Barometer: Measures air pressure and can detect weather changes
- Proximity sensor: Can tell when your phone is up to your ear
- Ambient Light sensor: Adjusts the brightness of a screen according to the light in the room
- Heart rate sensor: Measures heartbeat with LED and optical sensors
- Thermometer: Measures the temperature inside the device and battery
- Air humidity sensor: Measures humidity in the air
Is Facebook tracking all of these device signals and sensors? You can be confident this is happening as small, competing startups with very little funding have been able to. One example is Quettra, which was a software development kit that “when a person opens an app with it implemented, that app can make an instant scan of the device, which is then fed back to the developers.” This little startup was a competitor to Audience Network when it was bought out for approx. $10 million in 2015, and had the capability to “chart your (and millions of other users’) app graph” and was “able to build completely new kinds of analytics based on the millions of datapoints that Quettra is looking at on its platform.”
If a startup worth $10 million can do this with a software development kit installed inside relatively few apps, what do you think a $50 billion market cap company can do that is inside hundreds of thousands of applications?
A picture I took when Deb Liu presented in 2014 how Audience Network was targeting at the mobile device level to a room full of mobile app developers and advertisers.
Surveillance on the Mobile Device
According to Merriam-Webster, surveillance is the “close watch kept over someone or something (as by a detective).” Wikipedia states, “In espionage and counterintelligence, surveillance is the monitoring of behavior, activities, or other changing information for the purpose of influencing, managing, directing, or protecting people.”
The problem with Facebook’s Audience Network is that it’s inside so many native mobile applications that it constitutes surveillance. Virtually, everything you do on your smartphone leads back to Facebook through a dark web of software development kits (SDKs). Facebook is tracking what you do in the New York Times app. They are collecting what you do when you watch Hulu. They are collecting data from finance apps, gaming apps, wellness apps, and utility apps. Go look at your smartphone right now and consider that Facebook is tracking you in 40% of those mobile applications with access to powerful device signals and sensors. Again, you do not have to be a Facebook user as this is occurring without consent across millions of applications.
Audience Network software is running inside 40% of the most popular mobile applications on the market today. You only need one of those applications on your device for Facebook to access the signals and sensors of the device. People are spending upwards of four to five hours on mobile. Now, add 10,000 data scientists mining that data and you can easily see why privacy is non-existent.
Mark Zuckerberg continually states that Facebook has to collect data to be a free service. This isn’t true. Facebook was a free service for 7 years before Audience Network was launched. From the beginning of time, millions of companies have supported themselves on ads without selling first-party data or tracking people with surveillance-level software. What Mark Zuckerberg means to say is that Facebook cannot be a $500 billion market cap company on the stock market without tracking you and selling your data. Audience Network was a desperate attempt for a stock market turnaround (which worked beautifully) — but should American citizens be tracked by surveillance software for stock market gains? That’s what needs to be answered.
What Facebook Has Told Us
When Facebook reports the number of users to investors and the press, the company does not report the non-Facebook users they are monetizing, which is 3–4 billion when you include non-Facebook users with a smartphone, versus the 2 billion they report. This also means the average revenue per user on the 2 billion users appears higher than it actually is, because it’s being laundered from the 3–4 billion including non-Facebook users they are actually monetizing so their practices appear more acceptable.
There is one announcement made in 2016 that describes how Facebook tracks people: “Over the coming months we will expand the reach of Facebook-powered advertising on the Audience Network to include people who don’t have accounts.”The point is reiterated again: “This update also offers Facebook advertisers more accurate and more complete measurement of their campaigns, because we are now able to count conversions from people who are not connected to Facebook.”