Skip to content
Naked Security Naked Security

98 things Facebook knows about you

If you're going to get ads anyway...why not targeted ones? How much pigeonholing is too much?

The Washington Post recently published a list of 98 specific user details that it says Facebook keeps tabs on.

The theory is that this helps the Zuckernaut to know enough about your behaviours and interests not only to offer better value to its advertisers, but also to make you happier by showing you ads for stuff you might actually like.

(That’s called targeted advertising, where you’re the target.)

The thing is, the list contains some unusual entries that have understandably put the world into a bit of a spin, such as:

14. Square footage of home
29. Mothers, divided by “type” (soccer, trendy, etc.)
45. How much money user is likely to spend on next car
62. Expats (divided by what country they are from originally)
79. Users who are “heavy” buyers of beer, wine or spirits

Number 92 on the Washington Post’s list is probably the most perplexingly eclectic combination:

92. Users who are interested in the Olympics, fall football, cricket or Ramadan

Of course, for many users, lots of this information, such as:

2. Age 
4. Gender
8. School

…doesn’t need any research or deduction by Facebook, because many people provide this willingly when they create their Facebook profile.

Similarly, information such as:

51. Operating system
59. Internet browser

…is readily gleaned from almost every web request you to make to every site, as it’s tucked into the HTTP headers.

The bad news is that this all sounds very creepy, and perhaps it is.

The good news is that Facebook has a way to review what it thinks you like, although as far as I can see, it’s not as straightforward as simply pulling up a 98-point list and editing or deleting each entry.

I logged in, went to Settings | Ads and then clicked on the Ads based on my preferences option:

There you will find a [Visit Ad Preferences] button that takes you to a page that shows what Facebook thinks you’re into.

On the Business and industry tab, I found out what Facebook thought I might like: apparently I am interested in golf and Sophos:

It would be surprising if Facebook hadn’t inferred that I’m interested in Sophos, but where my supposed interest in the Professional Golfers’ Association of America comes from I just can’t imagine.

I’m sure golf is a wonderful and companionable game, and I’m delighted that Britain won the Olympic gold medal at Rio 2016, but it’s not for me – I’d just tip 13 balls into the lake up front and free up hours of time to do something enjoyable instead.

Clearly, Facebook does figure out a lot about you as you use the service and interact with other people, many of whose interests you may share, but it’s far from precise if it thinks that golf is a key interest of mine.

Fortunately, you can use the Ad Preferences page to delete any or all of the data points that Facebook keeps on you, by clicking on an “interest” icon to bring up a delete option, although that won’t spare you from ads:

If you remove all your preferences you’ll still see ads, but they may be less relevant to you.

What I couldn’t find, but would like to have accessed to from Ad Preferences, was a one-stop page containing all the categories, as listed by the Washington Post, but it seems that until Facebook decides you are interested in X, it won’t tell you that X is one of the 98 categories it keeps track of.

We’re guessing that the Washington Post figured out its 98-point list by creating an new ad, or pretending to, and browsing through all the categories that advertisers can choose from when configuring the targeting of that ad.

Have your say!

What do you think?

Is a list of categories like this (whether it really is 98, or 57, or 242) a step too far?

Or are targeted ads mostly harmless?

After all, you’re going to be getting ads anyway – so what’s the harm in making them at least vaguely relevant, based on information you’ve already revealed to Facebook?


I don’t have a problem with targeted ads, per se, but that trove of information is a very attractive target for misuse by the government, hackers and empoyees of the company that may want to check up on their boy/girlfriensd, coworkers, friends, etc.


I don’t want targeted ads under any circumstances. I prefer a model where I pay for content and there are no ads, no targeting, no Big Data, no government surveillance.


You’re right; paid, ad-free content is far preferable.

However, it’s impossible to predict one’s entire online usage allotment–and let’s face it; web resources need some business model to remain online.

If I’m web searching an I.T. solution or someone sends me a “check this out” link at a service I don’t subscribe to, I’ll hit a page (or fifteen pages) where I don’t subscribe and might not return for a year if ever. I’d rather see a targeted ad than force my friend to steal a video merely to share it–or hit a dozen dead ends because Google thinks subscriber content may or may not help get my system running.


I agree with Wilderness. It’s a highly tempting target.

Of course, using a free service and expecting it to be *truly* free is naive at best; the old saying can be applied to any of them:

“Television doesn’t exist to bring entertainment to the audience; television exists to bring an audience to the advertiser.”


This is just a report about what Facebook, the enterprise, admits to collecting about you. It doesn’t say what information Facebook employees, government agencies, private intelligence companies, your employer, your insurance companies, your employer’s competitors, and any number of interested hackers. It tells you 98 things it admits it does or can know. That list isn’t necessarily exclusive.

Facebook also tells you about what you can do to keep your information private – from their other retail customers. Your “selfie” won’t be passed around the office.

But those options don’t apply to government agencies with subpoenas or spies. And likely they don’t apply to Facebook’s commercial/professional customers like your employer, your employer’s competitors (particularly if the Justice Department shows up with a subpoena), your insurance carriers, or private intelligence companies (companies that do things like personality assessments for prospective employers).

Of course, hackers, foreign government agencies, and many private intelligence companies purchase the same software used by FBI and NSA and don’t bother with the formalities.

Keep in mind that government agencies are both domestic and foreign. You may not care about the FBI or the NSA because you claim not to be a terrorist. How about North Korea? Mossad? Russia? the PRC?

As for your non-terrorist claim, ever “friend” someone really popular? Well if one of their other “friends” is in Yemen or Syria, you’re now a second-level link to a terror cell

You’re a loyal employee. You also travel a lot on business and post pictures of all the wonderful places you visit. Is your employer a major player in its line of business? Is that line of business dominated by a few large players?

You’re probably visiting the same prospective customers, suppliers, and prospective employees as your employer’s competition.

The antitrust division of the U.S. Justice Department will be very interested in comparing the places you visited with places visited by representatives of your competitors. Don’t worry. Your employer’s bylaws inevitably say they’ll pay $1 Mn/month for your lawyer to defend the criminal antitrust claim. But they can’t go to prison for you. That’s federal prison with no probation, no parole and no time off for good behavior.

Now go back and review what you’ve posted on Facebook. Feel safer?




Long before Facebook, or any social media, back in the late 80s a friend at Lotus told us that the only way to be really safe was to stay off the internet. I have two PCs. One never, ever, goes onto the internet.


I just checked my advertising preferences. In Food and Drink, the top 3 are “Stilton Cheese” “Alcoholic Drink” and “Bacon”.



Hmmm. Golf.

Paul, could you have ever searched for any of these?

PGA Pin Grid Array
PGA Power Generating Assembly
PGA Power Grid Array
PGA Program Global Area (Oracle)
PGA Programmable Gain Amplifier
PGA Programmable Gate Array
PGA Professional Graphics Adapter
PGA Private Global Area (Oracle)

…or more tenuously…

PGA Planetary Gemologists Association
PGA Phase Gradient Autofocus (algorithm)
PGA Peak Ground Acceleration (seismology)

…an Ozzy link?…

PGA Pulsar Group of Australia (motoring enthusiasts)
PGA Pastoralists and Graziers Association of Western Australia

…or do you have an interest in chemistry?…

PGA Phosphoglyceraldehyde
PGA Polyglycolic Acid
PGA Propylene Glycol Alginate
PGA Pteroylgutamic Acid – Folic Acid
PGA Prostaglandin Analog (aka Prostaglandin Analogue; molecule)

…failing that, any interest in the US military or the UK Prison Service?

PGA Precision Guided Airdrop (US Airforce)
PGA Prison Governors’ Association (est. 1987; UK)


I don’t delete any data points. Specifying what you don’t want or like leaks just as much data as specifying what you do want or like.


How do we know the Washington Post wasn’t presented only with a subset of categories that Facebook algorithms determined it would be interested in based upon WaPo editorial and credit history and demographics of WaPo management and readership etc? There may be far more than 98. It might be 98*10^32 or something. WaPo is just another target.


As mentioned in the article, the actual count doesn’t really matter…it’s more about the range of market segmentation choices that advertisers are presented with.


What concerns me the most about targeted advertising is not how much they know about me (though that is, as you say, a bit creepy), but rather that there is an underlying assumption that everyone wants to run with the herd. That we never want to confront something or someone outside our current circles. This idea, mostly unchallenged, leads to cohorts who aren’t even aware that there are other likes or opinions out there.
This is most damaging in the political area, where you find yourself in a world where “everyone” agrees with you, and you are shocked (for instance) when you lose an election or find a differing worldview is, in fact, popular.
But it is also damaging in advertising. I have already noticed that, when you look at car reviews, you are inundated with car ads. Well, car ads became irrelevant once I bought a car. I’m not going to buy another anytime soon. That advertising is wasted on me. On the other end of the spectrum, maybe I have no interest whatsoever in football — but that doesn’t mean I don’t know people who are interested, and to whom I might pass on information. I think there is a real value in being exposed to things – even ads – that are from outside your normal set of activities.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!