Facebook Will Happily Tell Advertisers Whether You’re Gay

We already knew Facebook was surreptitiously leaking private profile data — including personally identifiable information, including your name and age, as well as other publicly available stats — to at least 25 advertiser and data firms working with third-party apps. But is the company also revealing your sexuality to paying clients?

Different advertising appears to different users, depending on what you list as your sex and what sex you are “interested in.” But many of these ads (whether illicitly or in a sign of “gays go mainstream!” progress) don’t have any indication they are gay-specific, which means users like you are unaware they’re being targeted to you based on your sexuality. When you click on them, however, you do alert advertisers to which way you swing, according to researchers at Microsoft and the Max Plank Institute:

[W]e set up six Facebook pro?les to check the impact of sexual-preference: a highly-sensitive personal attribute. Two pro?les (male control) are for males interested in females, two (female control) for females interested in males, and one test pro?le of a male interested in males and one of a female interested in females. The age and location were set to 25 and Washington D.C. respectively.

[…] Alarmingly, we found ads where the ad text was completely neutral to sexual preference (e.g. for a nursing degree in a medical college in Florida) that was targeted exclusively to gay men. The danger with such ads, unlike the gay bar ad where the target demographic is blatantly obvious, is that the user reading the ad text would have no idea that by clicking it he would reveal to the advertiser both his sexual-preference and a unique identi?er (cookie, IP address, or email address if he signs up on the advertiser’s site). Furthermore, such deceptive ads are not uncommon; indeed exactly half of the 66 ads shown exclusively to gay men (more than 50 times) during our experiment did not mention “gay” anywhere in the ad text.

Which means, writes Christopher Soghoian:

that simply by clicking on a Facebook ad, a user could be revealing a bit of highly sensitive personal information to an advertiser, simply due to the fact that the advertiser has only targeted a particular group (gender, sexuality, religion) for that advertisement. Thus, the moment you arrive at the advertiser’s website, they now know that the IP address and cookie value they have assigned to you is associated with someone that is gay, muslim, or a republican.

How to solve the issue? Either disable such demographic targeting, or alert Facebook users how the ad reached them. But don’t expect to see either option implemented: Most of Facebook’s value to advertisers is its ability to target just about any sub-niche, and the site isn’t exactly known for its transparency. What to do in the meantime if you’re worried about advertisers knowing you’re gay — and storing that information in a vast database, and auctioning off that data in real-time to the highest bidder?

Ignore Facebook ads and don’t click on them. Just like we’ve been doing all along.

[Christopher Soghoian, via]