Facebook Tracks Your Location Even After Opting out (Here’s How to Avoid It)

By now it should come as no surprise that Facebook is doing everything possible to track as many of your activities as it can — the company is infamous for its lack of respect for user privacy — but what you may not realize is that Facebook has many ways of tracking you that bypass the privacy features that Apple has built into your iOS device.

The social media giant has in fact just admitted to this in a letter to two U.S. senators, noting that it can and does track your location even when you’ve switched Location Services off entirely on your iPhone.

To be clear, Facebook isn’t magically bypassing Apple’s security and privacy settings here; turning off location services in your iOS Settings makes it impossible for the Facebook app to access the GPS and other location technology in your iPhone, but there are lots of other tricks that Facebook can — and does — use in order to figure out where you are.

Facebook Is Tracking You

Senators Christopher Coons (D-Del) and Josh Hawley (R-Mo) had asked Facebook to explain how it learns the location of its users and whether it continues to track that information even after users have opted out. In a response obtained by The Hill, Facebook admitted outright that it not only tracks users even after they’ve specifically said they don’t want to be tracked, but that it actually makes money from that information.

Rob Sherman, deputy chief privacy officer at Facebook, wrote that the social media company still uses the user’s IP address and looks at their behaviour on the platform, even if they’ve turned off location services entirely on their iPhone.

When location services is off, Facebook may still understand people’s locations using information people share through their activities on Facebook or through IP addresses and other network connections they use

Rob Sherman, deputy chief privacy officer at Facebook

While it should be obvious to anybody that Facebook knows where you are whenever you check into a specific location — or if a friend checks you in — it can also often surmise your location simply by looking at the location data found in photos that you upload to the service — although Facebook says it strips out the EXIF data before a photo is posted, there’s nothing preventing it from reading that data first for its own purposes — and you can be sure that it does.

Tracking users based on IP address is also a common tactic used by many online services, although this isn’t something you should normally need to be too concerned about; it rarely provides a very precise location, but it can certainly let Facebook know what city you’re currently in, and it can be used to narrow your location down to a specific area like a shopping mall, coffee shop, or school campus if you’re using Wi-Fi in those places.

In the letter, Sherman also added that Facebook “always serves ads based on location information” regardless of whether a user has opted out or not.

By necessity, virtually all ads on Facebook are targeted based on location, though most commonly ads are targeted to people within a particular city or some larger region.

Rob Sherman, deputy chief privacy officer at Facebook

The two senators castigated Facebook for continuing to make money from personal information that users have explicitly said they don’t want the company to have. Senator Coons, who heads the Senate Judiciary Committee’s tech task force, called Facebook’s efforts “insufficient and even misleading.”

Facebook claims that users are in control of their own privacy, but in reality, users aren’t even given an option to stop Facebook from collecting and monetizing their location information.

Senator Christopher Coons (D-Del)

What Can You Do About It?

If you absolutely want to prevent Facebook from tracking as much of your location information as possible, we strongly recommend using a VPN to mask your IP address. This is in fact the only way to prevent Facebook or any other site from tracking your location based on your IP address. A VPN, or Virtual Private Network, not only encrypts all of your traffic, but passes it through a “tunnel” that exits through an IP address that has nothing to do with your actual location. You could be in New York, but the exit point of your VPN could be in Los Angeles, Berlin, or even somewhere like Bangladesh, and with many VPNs, it changes every time you connect to it (and in some cases, you can even change it yourself).

Obviously, checking in to specific locations is something you can simply avoid doing yourself, but be sure to tell your friends not to check you in either. Unfortunately, there are no privacy settings on Facebook that will prevent Facebook from knowing when your friends check you in — the “Timeline and Tagging” settings only prevent check-ins from showing up on your timeline before you’ve approved them, but you can bet that Facebook already knows about them.

Lastly, when sharing photos to Facebook, we recommend sharing them from the iOS Photos app rather than the Facebook app in order to ensure that your EXIF data is stripped out before the photo is uploaded. There was a time when Apple didn’t allow third-party apps to access EXIF data in photos, but that hasn’t been the case for years. However, the Photos app in iOS 13 does allow you to ensure this information is removed before you share a photo.

1. Open the Photos app
2. Select the photo(s) you wish to share
3. Tap the “Share” button in the bottom left corner
4. At the top of the share sheet, where it says “X Items Selected” tap the Options button.
5. On the next screen that appears, tap the switch beside “Location” to turn it off.
6. Tap “Done.”
7. Proceed to share the photo as you normally would.
   

This works not only when sharing photos to Facebook, but also other social media services such as Twitter, or when sending them out via iMessage or email. Note that the “Location” switch is not sticky, and it defaults to on, so you’ll need to do this each time you share a group of photos if you want the location data excluded.