Facebook rolls out Off-Facebook Activity controls

Martin Brinkmann
Aug 21, 2019
Updated • Aug 21, 2019

Facebook started to roll out a new privacy tool called Off-Facebook Activity to users from Ireland, Spain, and South Korea earlier today. Designed to give users of the site better control over data that Facebook collects about them while they interact with third-party sites, it is not exactly the tool that privacy advocates had hoped for.

The company plans to roll out the feature to users from other regions in the coming months. Last month, Facebook was told by the FTC that it had to stop certain privacy invasive practices.

First, the basics. Facebook collects data in several ways. It gets data from user activity on Facebook, e.g. what users like, comment on, view, or do on the site, and also from user activity on third-party sites or apps that have integrated Facebook services.

A Facebook user who is browsing NFL jerseys on a third-party site could get NFL jersey advertisement on Facebook if the app or site used to browse the items initially provided Facebook with the data.

off-facebook activity

Facebook notes that Off-Facebook Activity allows users of the site to "see and control the data that other apps and websites share with Facebook".

It includes options to "see a summary of the information other apps and websites have sent Facebook through" various services and tools, disconnect the information from the account, and choose to disconnect future off-Facebook activity from the account automatically.

The word disconnect highlights my main gripe with the tool. The data is not deleted, it is only disconnected. Here is what Facebook has to say about the process:

If you clear your off-Facebook activity, we’ll remove your identifying information from the data that apps and websites choose to send us. We won’t know which websites you visited or what you did there, and we won’t use any of the data you disconnect to target ads to you on Facebook, Instagram or Messenger.

The automated removal of identifying information never managed to protect some of the users whose data is purged from information from being identified; it seems unlikely that Facebook's processing will ensure 100% anonymity.

Facebook's engineering team published a technical overview of the entire process. The company associates actions with SIDs (separable identifiers), and users with UIDs (User IDs). When a user chooses to disconnect the data, the link between the SID and the UID is removed.

Facebook created a Measurement ID (MID) designed specifically to provide reports to businesses. When a Facebook user decides to disconnect off-site information, the mapping between the MID and the UID is removed and a new random MID is generated for that person. If a person decides to block off-site data going forward, a "bucketed MID" is assigned which does not represent individual users.

Facebook will still perform aggregated measurement operations on the data.

With this bucketed MID, we are able to perform aggregated measurement operations — for instance, we can conclude that one of the people in the bucket saw an ad and then visited the target website. We can then aggregate that observation with others who viewed the same ad — without determining exactly which person within the bucket took that action.

Tip: if you use Firefox, consider using the Facebook Container add-on to restrict Facebook's access to third-party data.

Closing Words

Facebook's new Off-Facebook Activity tool allows users to disconnect existing data and future data so that it cannot be associated directly anymore with the account. The data is not gone, however, and Facebook continues to use it for certain purposes.

Now You: What is your take on the Off-Facebook Activity tool?

Facebook rolls out Off-Facebook Activity controls
Article Name
Facebook rolls out Off-Facebook Activity controls
Facebook started to roll out a new privacy tool called Off-Facebook Activity to users from Ireland, Spain, and South Korea earlier today.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Sebas said on August 24, 2019 at 9:28 am

    If you use Brave or another Chrome variant you can install the extension Block Facebook: https://chrome.google.com/webstore/detail/block-facebook/gebclbfnlcebcljmgblacllmjkfidoef

    It has a lot of host file entries, but as it is an extension you don’t need to edit your host file.

  2. 11r20 said on August 22, 2019 at 3:49 pm

    you can block all fakebook tracking,
    with blacklist’s like these…tried and true
    I never see any fakebook IP’s show up on my
    netlimiter connection history list…there
    are many more blacklists like these as well

    put these in yer host file blocker webdav.facebook.com z-m.c10r.facebook.com z-m.facebook.com nl-nl.facebook.com pl-pl.facebook.com edge-sonar-shv-01-ams2.fbcdn.net edge-sonar-shv-01-ams3.fbcdn.net edge-sonar-shv-01-ash5.fbcdn.net scontent-vie.xx.fbcdn.net scontent.fsjc1-2.fna.fbcdn.net scontent.fsnc1-1.fna.fbcdn.net scontent.fams1-2.fna.fbcdn.net scontent.xx.fbcdn.net sonar-iad.xx.fbcdn.net sphotos-a-ams.xx.fbcdn.net z-m.facebook.com beta.facebook.com pl-pl.facebook.com nl-nl.facebook.com scontent-vie.xx.fbcdn.net scontent.fsjc1-2.fna.fbcdn.net scontent.fsnc1-1.fna.fbcdn.net scontent.fams1-2.fna.fbcdn.net scontent.xx.fbcdn.net sonar-iad.xx.fbcdn.net sphotos-a-ams.xx.fbcdn.net

    for unlockoriginal
    copy past this in “my filters”
    * facebook.com * block
    * facebook.net * block
    * fbcdn.net * block

    put this in “3rd party filters”


    for pihole

    1. Peterc said on August 22, 2019 at 10:43 pm


      There’s a much, much, MUCH longer “hosts” file blocklist for Facebook at:


      I assume that list is updated periodically.

      If you’re running an antivirus and you manually edit your hosts file by adding blocklists like the one above, the AV might throw up false positive and delete your edits. With Kaspersky, the only way I have found to avoid this is to exclude the hosts file from protection — a double-edged sword, since the AV will no longer detect when an otherwise unblocked script or program has placed a bogus redirect in hosts. I don’t know whether there are any elegant solutions to this dilemma. If there are any in Kaspersky, Kaspersky hasn’t made them easy to find.

  3. MdN said on August 22, 2019 at 1:59 pm

    Easy solution: use uMatrix or uBlock Origin (or eMatrix on Pale Moon or Basilisk). Block FB globally. Allow FB only when you’re on FB (if you’re a user).

    1. John Fenderson said on August 22, 2019 at 5:47 pm


      That’s good advice, but it remember that doing so isn’t really a solution. It does help, though, particularly if you combine it with deleting your facebook account.

  4. Sebas said on August 22, 2019 at 7:27 am

    “Buried in a Help Center post behind a drop-down menu, Facebook clarifies: “Your future off-Facebook activity will be disconnected within 48 hours from when it’s received. During this time it may be used for measurement purposes and to make improvements to our ads systems.” https://www.wired.com/story/off-facebook-activity-privacy/

    Although I have never had a Facebook account their shadow profiles are still there.

    Over complicated privacy settings like these are all essentially windows dressing and a sure sign Facebook is not changing anything.

  5. Anonymous said on August 22, 2019 at 2:50 am

    Why aren’t people outraged at Google doing far worse than this?

    1. John Fenderson said on August 22, 2019 at 5:45 pm


      They are.

  6. ULBoom said on August 22, 2019 at 1:05 am

    Obfuscation Incorporated. Doesn’t FTC have to approve this shell game when FB tries it in USA? Are the initial four countries going to laugh? Yup.

    Means little to nothing. How big are those buckets full of random MID’s? Ten users?

    FB is still getting the same user info, disconnected or not, just putting it in a bag, shaking it and pouring it out in ways only they understand.

    Nothing Facebook could do would ever convince me to trust them. This maneuver is so typical of entry level engineers using inane complication to fix a mess they made.

  7. Popcorn said on August 22, 2019 at 12:13 am

    I had an account for a couple years but began to dread the potential for invasion of privacy and hit del. Personal interaction is far more rewarding.

  8. Anonymous said on August 21, 2019 at 11:32 pm

    Who still uses fb? pre-teenagers?

    Martin, you could improve the quality of ghacks.net by not reviewing facebook stuff.

    1. Anonymous said on August 23, 2019 at 8:55 am

      A lot of people use facebook products and services everyday. There’s a reason they make billions in revenue everyday.

    2. Sebas said on August 22, 2019 at 12:04 pm

      Disagree. Facebook has a shadow profile of you, me and everyone else.

      1. Peterc said on August 22, 2019 at 8:47 pm

        Facebook has a shadow profile of you, me, and everyone else, *whether you’ve ever had a Facebook account or not.* They’re as relentless at tracking and profiling as Google, and it won’t stop until we have effectively enforced privacy laws with draconian civil and criminal penalties for entities that violate them *and* for any human actors involved (from coders right up to CEOs).

  9. Bluf said on August 21, 2019 at 10:05 pm

    No thanks, I will take a hard pass on anything from FB

  10. John Fenderson said on August 21, 2019 at 7:15 pm

    Even weak sauce is better than no sauce, I suppose, and this is very, very weak sauce.

    It also does nothing to protect those of us who don’t have Facebook accounts. So, speaking personally, this entire effort is without value to me.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.