This is seriously just a purchase event for a t-shirt that OP got. There is no mysterious Lan Tim 2 its just a random app for a random merchant that uses FB Ads and uses offline conversion / uploads.
Quite simply so that "lan tim 2" can track their customer acquisition, they give the data to FB, FB correlate it with "did the customer see ads on our network, which ones, how often, etc." and give that back to the supplier.
Which means they are sharing their entire customer activity, everyone, including personal data you never forfeited for this purpose (like the phone number / address used for shipping).
"Some chat apps (like Viber and others) have Facebook SDK integrated in them, without any direct Facebook functionality people would use. Discovered after using NetgGuard, and seeing who is calling home, and not only home. (Why viber is making requests to graph.facebook.com anyway?)
Duolingo is a nice app for learning new languages, yet it might be using the same sdk, since it likes to call facebook.com domain.
Netflix is a good streaming service, but it has some option somewhere, which allows them to share data with others, and enabled by default. And yes, it's present in fb activity.
The list can go on...
There are developers who integrate dozens of SDKs, without any specific purpose for users, and not knowing what is happening. We need something like PrivacyBadger/ublockorigin for phones/laptops/routers/homes/cars. It's getting more than creepy.
And why would Facebook allow third-parties/businesses upload into FB info they have on their customers...
You can't really blame developers for this. Most aren't integrating SDKs for no reason at all -- they're integrating them because users are asking for a feature the SDK provides.
For one app I worked on, we made a decision not to include Facebook or Google login and only support email/password login, specifically to avoid leaking information.
A subset of users was not pleased at all -- and they sure let us know about it. Maybe around a third of our support requests were asking for third-party sign-in. People often made privacy arguments in support of it: they'd say "why do I have to give you my email address to create an account?" (though usually much less politely). And they kind of had a point. You may trust yourself more than you trust Facebook, but most people are going to trust Facebook more than they trust [random developer].
Anyway, it takes a lot of effort to deal with these support requests, it sucks getting yelled at (even in text). Some of these users probably went on to give the app a 1-star rating, and just a small percentage of those will really drag down your overall score. Dealing with this was not fun. It would have been much easier to just add FB or Google login.
Sure I can. And I do. Developers are making these choices, after all. I understand the economic drive behind them, but that doesn't get the devs off the hook.
My point is that some users want Facebook or Google login and get mad if you don't have it. Other users don't want them and get mad if you do. Because you have to decide whether to include the SDK when you build the app, it's impossible to make both groups happy at the same time.
Honestly, I don't think that there's a general expectation in the digital or brick-and-mortar world that when you buy something from a merchant the information related to that transaction is "your data" and they cannot use it. Certainly there are businesses that promise discretion, but that's normally a selling point for a particular reason. On the other hand, there is a reason to expect privacy when you are using Facebook for personal communications, photo sharing, etc. This scheme, then, is the more privacy safe way to do it. The T-Shirt company isn't saying "hey, Facebook, can you tell me some interesting personal info about my customers so I can target ads better?" and Facebook isn't responding with "here's all the stuff they're into based on their Facebook activity." Instead, they say "here are my transaction records" and Facebook says "OK, we'll use this to show your ads to people who are likely to want your T-Shirts." So, yes, to some extent Facebook has data on lots of stuff you do in the world because the businesses you interact with opt-in to share the data. This doesn't really bother me, just like my credit card company knowing all of my purchases doesn't bother me. If it bothers you, though, it does really work to a) periodically reset your IDFA/AdID on your mobile device, and b) delete cookies on your browsers.
> Honestly, I don't think that there's a general expectation in the digital or brick-and-mortar world that when you buy something from a merchant the information related to that transaction is "your data" and they cannot use it.
It would be nice if it were, or that they promised that they wouldn't just hand it out to everyone.
> If it bothers you, though, it does really work to a) periodically reset your IDFA/AdID on your mobile device, and b) delete cookies on your browsers.
> I don't think that there's a general expectation in the digital or brick-and-mortar world that when you buy something from a merchant the information related to that transaction is "your data" and they cannot use it.
True, but that's not the expectation in play here. I think there is a general expectation that when you're doing business in a brick-and-mortar store, that store is not going to be reporting your business to the likes of Facebook, Google, etc.
To fix this by the way, just install the Facebook Container in Firefox. Somebody else (presumably a Mozilla employee?) does the extensive curation needed to get this to work and stay working. You are logged into Facebook inside the Container, but everything else is pristine, on the outside of the Container you can log into whatever and it's not connected back to Facebook.
Firefox's Container system is a powerful solution to this general problem, but normally you need to do curation work proportional to the effort being taken to track you. Their Facebook Container though comes with that curation done.
If you use Login with Facebook (you want Privacy, but you choose to Login with Facebook? Maybe reconsider your life choices) the Container puts everything you logged into this way inside the Container too, so that dissolves your privacy but you chose to have it happen.
They even have a better version, the Multi Container plugin. You can separate multiple contexts (fb, goog, banking, memes..), and each lives in a separate container. Takes a little time to get used to, and if used with privacy badger, ublock origin, FF built-in anti-tracking, might give good results in reducing your exposure to online tracking.
It's fine that OP bought a t-shirt, not fine that that is somehow reported to Facebook.