How Facebook’s Nanotargeting Ad Tool Can be Exploited by Attackers to Target Individual Users

Recently, researchers demonstrated the potentially harmful uses of Facebook’s ad targeting tools and questioned its legality. Read on to know more about it…

As governments seek to tighten control over social media platforms in order to protect the privacy of billions of users’ data, extensive study has proven that the Facebook advertising platform may be systematically exploited to serve adverts solely to a individual user.

Nanotargeting
According to a research paper written by a team of academics and computer scientists from Spain and Austria, the potentially hazardous practise known as “nanotargeting” could be a highly powerful tool for attackers eager to control a specific individual user and blackmail him or her on Facebook.

The research paper, titled “Unique on Facebook: Formulation and Evidence of (Nano) targeting Individual Users with non-PII Data” details a “data-driven model” that was developed using data from 21 Facebook ad campaigns.

The researchers demonstrated that they could use Facebook’s Ads Manager to target ads so that each one only reached a single, specific Facebook user.

Non-PII Data
The ability of a third party to reveal an individual’s identity limits their privacy. Personal Identifiable Information (PII) items are data items that may be used to uniquely identify a person, such as a passport ID, email address, or mobile phone number.

The interests that Facebook allocates to individual users based on their online and offline activity are the non-PII items. As a result, because a user’s interests on Facebook can be used to individually identify them, it may be possible to create a Facebook ad campaign that only targets a single specific user.

The research findings found that a user’s four rarest interests, or 22 random interests from the interests set Facebook assigns to a user, make them 90% unique on Facebook.

Users’ interests are a valuable asset for Facebook because its revenue model is dependent on delivering relevant ads to users. The Facebook advertising platform is used by several advertisers to create ad campaigns that target users based on their interests.

The researchers from Madrid’s University Carlos III, the Graz University of Technology in Austria and the Spanish IT company, GTD System & Software Engineering, wrote “To the best of our knowledge, this represents the first study of individuals’ uniqueness at the world population scale. Besides, users’ interests are actionable non-PII items that can be used to define ad campaigns and deliver tailored ads to Facebook users,”

It is worth noting that “our work has only revealed the tip of the iceberg regarding how non-PII data can be used for nanotargeting purposes”.

The researchers warned that “An advertiser can use other available socio-demographic parameters to configure audiences in the FB Ads Manager such as the home location (country, city, zip code, etc.), workplace, college, number of children, mobile device used (iOS, Android), etc, to rapidly narrow down the audience size to nanotarget a user,”

Legality of Ad Targeting
Facebook used to claim that users have given their consent for their personal data to be utilised for ad targeting. On the other hand, users are not given a free, specific, and informed choice as to whether they want to be profiled for behavioural ads or simply connect with their friends and family. The GDPR criteria for consent is free, specific, and informed.

If you want to use Facebook, you must agree to have your data used for ad targeting. This has been branded “forced consent” by EU privacy campaigners. In other words, it is not consent, but coercion.

A Brief Conclusion

The latest research study raises new concerns about the potentially damaging uses of Facebook’s ad targeting tools, particularly at a time when the social media platform is under fire around the world for user data security and privacy issues.

Related posts

Advancing IT Support to the Next Era: TeamViewer Integrates Microsoft Teams into its AI-Powered Insights

“Automation Anywhere: Pioneering the Transformation of Enterprise Business Processes in India”

Accenture Expands Generative AI-Powered Cybersecurity Services and Capabilities to Accelerate Clients’ Resilience and Reinvention

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More