How Facebook ads exploit specific user via 'nanotargeting'
Described as "nanotargeting", the potentially harmful practice might be a very powerful tool for attackers willing to manipulate a specific individual and blackmail him or her on Facebook
As governments aim to break the Big Tech and tighten control over social media platforms regarding data privacy of billions of users, significant research has revealed that Facebook advertising platform can be systematically exploited to deliver ads exclusively to a specific, single user.
Described as "nanotargeting", the potentially harmful practice might be a very powerful tool for attackers willing to manipulate a specific individual and blackmail him or her on Facebook, according to the paper written by a team of academics and computer scientists from Spain and Austria.
The paper, titled "Unique on Facebook: Formulation and Evidence of (Nano) targeting Individual Users with non-PII Data" -- describes a "data-driven model" acheived through 21 Facebook ad campaigns.
The researchers showed they were able to use Facebook's Ads Manager to target ads in such a way that each ad only reached a single, specific Facebook user.
The privacy of an individual is bounded by the ability of a third party to reveal their identity. Certain data items such as a passport ID, email or a mobile phone number may be used to uniquely identify a person, referred to as Personal Identifiable Information (PII) items.
The non-PII items are the interests that FB assigns to users based on their online and offline activity. Therefore, since a user can be uniquely identified by a set of interests on Facebook, it may be possible to configure a Facebook ad campaign that reaches exclusively a single user.
The results revealed that the 4 rarest interests or 22 random interests from the interests set Facebook assigns to a user make them unique on Facebook with a 90 per cent probability.
Users' interests represent a very important asset for Facebook since its revenue model is based on delivering relevant ads to users. Many advertisers use the Facebook advertising platform to create ad campaigns to reach users based on their interests.
"To the best of our knowledge, this represents the first study of individuals' uniqueness at the world population scale. Besides, users' interests are actionable non-PII items that can be used to define ad campaigns and deliver tailored ads to Facebook users," wrote the researchers from Madrid's University Carlos III, the Graz University of Technology in Austria and the Spanish IT company, GTD System & Software Engineering.
It is worth noting that "our work has only revealed the tip of the iceberg regarding how non-PII data can be used for nanotargeting purposes".
"An advertiser can use other available socio-demographic parameters to configure audiences in the FB Ads Manager such as the home location (country, city, zip code, etc.), workplace, college, number of children, mobile device used (iOS, Android), etc, to rapidly narrow down the audience size to nanotarget a user," the researchers warned.
The research raises fresh questions about potentially harmful uses of Facebook's ad targeting tools, especially at a time when the social media platform is facing intense scrutiny across the world regarding user data security and privacy.