Facebook Has Watched You Browse The Web For Years. And No, “Clear History” Won’t Really Stop It.

“When you see what they see, it’s going to be very terrifying for everyone.”


Facebook, under massive public pressure for years of privacy breaches, won praise earlier this month when it said people would soon be able to “flush your history whenever you want.”

Except the new feature won’t exactly do that.

To understand what’s at work here, you need to know that Facebook collects user information in two ways. First, through info you put into its website and apps. And second — and this is what we’re going to talk about in this article — through information Facebook sucks up about which websites you visit while you’re not on Facebook. It even collects this information from people who don’t have a Facebook account.

For years, the company has used little bits of invisible code and data files to log the websites and apps you’ve visited, what you’ve purchased, and what you’ve clicked on — and then had that information sent right back to the mothership. When Mark Zuckerberg was asked about this in front of Congress, he dodged and claimed he “didn’t know all the details.”

Facebook has long hidden the specifics of what data it collects from users in the second category. When you use Facebook’s Download Your Data tool, this category of data is not there. It’s not apparent what information, exactly, is being collected.

Facebook says this will all change soon. It claims “Clear History” will finally reveal what that off-Facebook browsing data looks like. And yes, it claims it’ll allow users to “clear” it from their profiles.

But privacy experts warn that the feature won’t actually do what it promises — it won’t delete your history from Facebook’s servers, and it won’t allow you to opt out of Facebook’s tracking. It will only remove your profile from the data. Clear History, experts say, is designed to minimally satisfy user outcry over privacy failures, but won’t fully stop the company from tracking you.

"When you see what they see, it’s going to be very terrifying for everyone."

In an emailed statement, a Facebook spokesperson wrote, “nothing to add beyond the post at this time,” and pointed to a recent “Hard Questions” blog post about Facebook’s data collection outside of Facebook.

It’s possible that Facebook has denied users access to this information because, well, it’s creepy.

“When you see what they see, it’s going to be very terrifying for everyone,” said Jean-Paul Schmetz, CEO of Cliqz. “Because for any normal person, it’s going to be thousands and thousands of pages.”


So how does Facebook follow your travels on the web?

It offers an ecosystem of digital tools to website administrators and app developers. If you visit any site that features a Facebook Like button, a share button, an ad bought through Facebook, or a bunch of other stuff, the company may insert cookies onto your browser.

This is essentially a tradeoff. These trackers let Facebook give companies more data about the people visiting their websites. And in return, those companies help Facebook follow those people around the web.

These cookies can can detect whether you’re logged into Facebook or not. And researchers commissioned by the Belgian Privacy Commission in 2015 found that Facebook keeps tabs on both Facebook users and people who don’t have accounts.

Facebook did not detail what information is transferred through its cookies. In its cookie policy, the company says only that it “receives information … including device information, and information about your activity, without any further action from you. This occurs whether or not you have a Facebook account, or are logged in.” In an emailed statement, a Facebook spokesperson claimed that the information stays anonymous for nonusers: “If you aren’t a Facebook user, we can’t identify you based on this information, or use it to learn who you are.” The company also said that it uses the cookie identified by the report’s researchers to track users for security- and site integrity–related issues.

At minimum, experts say that the information sent to Facebook would likely include a unique identifier associated with you, plus the URL that contains the Facebook social plug-ins. That’s significant: If they know the URLs you visited, they know what you look at online.

“There’s a reasonable assumption that you don’t want to be spied on.”

Your browsing history is very personal. Have you ever looked at websites related to “hangover cures,” “HIV test,” or “am I pregnant” when you thought no one was watching? “There’s a reasonable assumption that you don’t want to be spied on,” said Schmetz.

This kind of information is also used to target advertising toward you — that creepy thing that happens when you search for “new bed” on one website and Facebook serves you ads for mattresses on another.

And more importantly, the information can be added to other data that Facebook already has on its users to create very detailed profiles of you. In their "Hard Questions" blog post, the company admitted that cookies “help us recognize which visitors are Facebook users so we can provide aggregated demographic information, like age and gender, about the people using” a website or app that uses a tracker called Facebook Analytics.

“The problem is that it’s beyond the expectations of the user,” said Günes Acar, postdoctoral researcher at Princeton University’s Center for Information Technology Policy and coauthor of a 2015 study about the trackers. “They think they are reading a news article but they aren’t aware that information is being collected [about them].”

Nearly a third of all websites include a Facebook tracker, according to several studies. To put a more personal touch on this stat, BuzzFeed News took a look one day’s worth of reporter Nicole Nguyen’s browsing history, and found that, in fact, at least 27% of the websites she visited had Facebook trackers on them. (The majority of the pages visited were buzzfeed.com, which is unsurprising, since she works there.)



So where does Facebook’s Clear History feature come in?

Users will be able to:

1. see their web browsing history

2. clear the history from their Facebook profile

3. opt out of Facebook’s ability to store the browsing data associated with your account going forward.

In other words, while Facebook is increasing the transparency around what data it collects from its users, it isn’t exactly removing that browsing history information from their servers. They still have it. And “we’ll still provide apps and websites with aggregated analytics,” wrote Erin Egan, Facebook’s chief privacy officer, in a blog post.

What Egan is implying is that, if you opt out, your data will be unidentifiable.

But Michael Veale, a privacy researcher at University College London, doesn’t believe browsing history can ever be truly anonymous. “Very, very detailed data, like browsing history, that’s truly anonymized,” he said, “it just doesn’t exist.”

Facebook has not specified how it will treat your browsing history once it’s no longer attached to your Facebook profile. But Schmetz believes that Facebook will treat users who enable the opt-out option the same way the company treats non–Facebook users: “If you don’t have a Facebook account, they still have a unique identifier number for you.”

This tracking, Schmetz says, is evident when someone signs up for a new Facebook account today: “See how quickly Facebook will know what they want and like.”

Clear History, he says, ultimately wouldn't stop Facebook from recording your browsing history, and is "designed to satisfy user demands in light of the [Cambridge-Analytica] scandal."

Clear History won’t be available for a few months, and Facebook hasn’t elaborated beyond Zuckerberg’s and Egan's posts on how exactly the feature works.

In the meantime, if you are a Facebook user, you can go to your Ad Preferences to turn off all sorts of data on that front. If you are not a Facebook user in US, you can go to YourAdChoices, scroll down to Facebook, and prevent Facebook’s cookies from tracking you. European citizens can go to YourOnlineChoices and do the same.

And look, this type of tracking isn’t exclusive to Facebook. Many online services, primarily Google, track the same information with their own cookies. But privacy advocates are paying particularly close attention to Facebook, because as Ashley Boyd, VP of Advocacy at the Mozilla Foundation, notes, “Facebook has a mixed track record on following through on pledges to secure user privacy.” ●

Topics in this article

Skip to footer