[dillondoyle]

Any developer can still send almost any data they want into FB to track basically anything.

'offline conversion' still allows you to send in names, age, bday, gender, etc for matching, IP, UA.

Though now it's hashed before going to FB.

And you can pass almost whatever custom data you want in. So I can in my industry optimize for a long term political donor, or potentially an early vote. Or someone accidentally sends in 'this person bought hepatitis meds'

This still exists despite what someone below said, unless I'm totally missing or misunderstanding something.

However it is not as valuable, and shrinking audience able to do deliver to because of iOS restrictions. And likely with Chrome too eventually

FB used to have more detailed interest/demographic buckets to target that they supplied. Used to be able to type in basically anything from what someone likes ___ very niche page to engages liberal political. There are still interests but there are fewer of those 'sensitive' ones. Still lots of stuff like works at ___. of course age, gender, geo.

But more fine grained interest targeting seems like going away pretty soon it's just going to be broad demographics.

The ROI is just not as good without iOS fine grained targeting FB is having to do a bunch of tricks with AI/modeling to try and make it perform but it's not as good.

I'm for targeted advertising. I think what iOS is doing is uncompetitive and bad.

But I do think there should be some sensible regulation. Like no healthcare or sensitive topic data (LGBTQ, dating, etc).

** ADDITION sorry this is long but one additional thing I think people also confusing the ad product with the old FB api.

The old FB api was an absolute sieve you could get basically any data a person has on their profile and also their friend's data. This is what happened with Cambridge Analytics.

All that has been shut down even login with fb they are way more strict about actually testing sites etc

[Nextgrid]

> Though now it's hashed before going to FB.

It is however an easily-reversible hash, by design as that's how FB can correlate between the different datasets. When it comes to finite sets such as phone numbers or dates of birth it's also trivial to search the entire space by bruteforce.

[dillondoyle]

IIRC it's sha256. Is that really reversible now?

For sure on a rainbow table for something like cell phone. but i don't know why that would matter? Anyone can generate all the possible phone numbers.

The whole point is that it is matchable. Like if they already have my email then they know if it's a match, but if they don't have my email they don't know what the missing email is.

Like what's my email from this (without knowing my email) below: 2c03e4a168bed89f5208250cdefbe97d4d87ba7812df896311676acc2ddfcdb4

[Nextgrid]

Depends, for DOB and phone numbers the search space is finite and very small for a modern computer (especially so for a big tech adversary having access to near-infinite computing power) so you can just enumerate all the possibilities.

Names and emails can be bruteforced with various lists from existing data breaches or data brokers and you'll probably reverse 80% of them.

However reversing them is not even necessary - an adversary like Facebook can infer it based on other data, for example, let's say they know your phone number but not your email - now you buy/sign up to vendors providing both that phone number and email and they provide it to Facebook - now Facebook knows that you signed up to those vendors with your number (as they have the plain text value, can hash it on their side and compare), but they also see that there's a mysterious email hash - they don't know its plaintext value, but it perfectly matches the same vendors that have your phone number. They can infer that it's probably your email address, and while they still don't know what it is, they can use the hashed value to track you across other vendors without ever having to know the plaintext value.

[dillondoyle]

Right. That's kind of the whole point of FBs value. Or at least used to be before iOS started killing that targeting and conversion tracking.