You can try but you can't hide seems to be the mantra of Facebook's advertising system that utilises users' location to target ads. One American researcher recently discovered that there is virtually no way to stop Facebook from trying to determine your location even if you have turned off Facebook's access to your location every way possible. The inability to stop Facebook from tracking your location for advertisements may not seem as egregious as the company's some other recent privacy mishaps but it certainly cements the increasingly growing concern that Facebook will always put business interests over user privacy.
Aleksandra Korolova, Assistant Professor of Computer Science at University of South California, described on Medium how she found Facebook showing advertisements targeted to her actual location even though she had no location details on her profile and had used all available location controls to stop the social giant from tracking her.
Korolova notes that she had the Location History function disabled on Facebook and Location Data Availability for Facebook set for Never on iOS. Additionally, she had no mention of her current city or any location-tagged photos or content on her Facebook profile. Despite this, Korolova continued to see ads targeted to her home and work locations.
“The Location Controls provided by Facebook give an illusion of control over the data that informs one's ad experience, not actual control,” wrote Korolova.
According to her, when other avenues are unavailable, Facebook will use information like the IP address to deduce users' location and target advertisements based on that.
“We do use IP and other information such as check-ins and current city from your profile. We explain this to people, including in our Privacy Basics site and on the About Facebook Ads site,” Facebook acknowledged to Gizmodo.
The publication writes that Facebook quietly changed an earlier policy as a part of which the company only used the recent location shared via the location services to target advertisements. A (now obsolete) Facebook Business page describing the earlier Facebook policy was updated after the Gizmodo report to note that the policy was changed back in April 2017. According to Gizmodo, Facebook feels that the rough approximation of location provided by IP data is an acceptable usage, leaving the privacy-conscious users to the mercy of VPNs.
When the users have not switched off location tracking, Facebook uses all sorts of tracking signals including Wi-Fi connection and GPS data to gather accurate location about its users. This information is then used to show nearly events, local ads, news stories, and even power the “Safety Check” feature. The company also claims to use the location data to keep the Facebook accounts safe by identifying suspicious login attempts.