Introduction
How Facebook’s Ads Seem to Read Your Mind
Have you ever wondered why Facebook ads feel eerily accurate—almost too accurate? I had the same question for a while but never found the time to explore it. When I finally did, I realized that most of the available information was fragmented—making it hard to see the full picture. Recently, I took the time to dive deep into the mechanics of Facebook ads. By piecing together insights from multiple sources, I built a clear mental model of how everything works—and now, I’m sharing it with you.
Note
Facebook allows us to export a copy of data advertisers share about our activity on their platform with Facebook. I have exported my data in HTML form and shared its screenshots in the article. you can do it as well by exporting the data in Json form instead of HTML, converting it to CSV and perform your analysis either by sharing it with ChatGPT and use its data analysis tool Follow these steps if you want to perform the same analysis as I have done.
https://accountscenter.facebook.com/info_and_permissions > Your activity off Meta technologies > Recent Activity > Recent activity | Click on any business who has sent some data > Transparency > [num] interactions shared with us > download activity details > download or transfer information > select all (or choose one platform) > Next > Specific Types of information > Under Apps and websites off Facebook section (Apps that you own and activity that we receive from apps and websites off Facebook ) check Apps and websites off Facebook checkbox, under Ads information section check Ads information > Next > Next profile Instagram choose Apps and websites off Instagram > Apps and websites off Instagram click on Apps and websites off Instagram >Next > For data range select all time, for format choose HTML if you are non technical, choose JSON otherwise if you want to get raw data and analyze it yourself > Create Files, you can also setup scheduled transfers of this data to DropBox or Google Drive.
The Secret Behind those creepy Ads
Almost every website and mobile applications share our activities on their respective platform with Facebook through either a script on website called Meta Pixel, mobile SDKs or/and their Server-Side API. So, if you visit a website, it will share the exact URL you visited. If you buy the Netflix subscription, Netflix will share this data with Facebook.
If you use a ride hailing service like Careem( A subsidary of Uber), that ride hailing service will share when I open their app and book a ride with facebook.
If you order food online, that app will share what products you add to cart and buy with Facebook.
These are all the companies sharing my data with facebook
| Company Name | Total Events Sent | Top Event by Count | First Event Date | Last Event Date |
|---|---|---|---|---|
| MongoDB | 885 | CUSTOM | 2023-07-18 | 2024-12-11 |
| Indeed | 506 | CUSTOM | 2023-04-05 | 2024-01-01 |
| inDrive. Save on city rides | 116 | CUSTOM | 2023-09-09 | 2024-11-07 |
| LinkedIn: Jobs & Business News | 100 | ACTIVATE_APP | 2023-09-09 | 2024-06-01 |
| Careem â rides, food & more | 76 | ACTIVATE_APP | 2023-09-14 | 2025-02-13 |
| Spotify: Music and Podcasts | 74 | CUSTOM | 2023-09-15 | 2025-03-07 |
| Opera Browser | 59 | ACTIVATE_APP | 2024-02-09 | 2025-02-04 |
| inDrive - Book a Safe Car Ride | 57 | CUSTOM | 2024-11-10 | 2025-03-06 |
| Opera browser with AI | 42 | ACTIVATE_APP | 2023-09-18 | 2024-01-06 |
| upwork.com | 36 | CUSTOM | 2024-03-06 | 2025-02-04 |
| foodpanda: food & groceries | 34 | LEVEL_ACHIEVED | 2023-09-09 | 2025-01-31 |
| Firefox Fast & Private Browser | 31 | ACTIVATE_APP | 2023-09-09 | 2023-09-18 |
| NayaPay | 19 | ACTIVATE_APP | 2024-05-15 | 2024-12-13 |
| Cloudflare, Inc. | 16 | PAGE_VIEW | 2024-03-28 | 2024-06-16 |
| Yango â different from a taxi | 13 | ACTIVATE_APP | 2024-10-18 | 2024-12-16 |
| Yango: taxi, food, delivery | 9 | ACTIVATE_APP | 2025-01-01 | 2025-01-29 |
| DealCart - Grocery Shopping | 7 | ACTIVATE_APP | 2023-10-01 | 2023-10-06 |
| Krave Mart - Grocery Delivery | 6 | ACTIVATE_APP | 2023-11-03 | 2024-02-09 |
| ticketwala.pk | 5 | PAGE_VIEW | 2025-01-08 | 2025-01-13 |
| Bing: Chat with AI & GPT-4 | 5 | ACTIVATE_APP | 2023-09-10 | 2023-12-06 |
| hbl.com | 3 | VIEW_CONTENT | 2025-02-11 | 2025-02-11 |
| My Telenor | 3 | CUSTOM | 2025-01-10 | 2025-02-03 |
| Shopify | 3 | START_TRIAL | 2024-01-25 | 2024-01-25 |
| MAF Carrefour Online Shopping | 3 | ACTIVATE_APP | 2023-10-01 | 2023-10-01 |
| mistore.pk | 3 | VIEW_CONTENT | 2023-10-01 | 2023-10-01 |
| Blinkist: Big Ideas in 15 Min | 3 | ACTIVATE_APP | 2023-09-10 | 2023-09-16 |
| springs.com.pk | 2 | PAGE_VIEW | 2024-12-19 | 2025-01-07 |
| Springs Mart | 2 | PAGE_VIEW | 2024-12-17 | 2024-12-21 |
| Temu: Shop Like a Billionaire | 2 | CUSTOM | 2024-12-14 | 2024-12-20 |
| netflix.com | 2 | CUSTOM | 2024-09-27 | 2024-09-27 |
| matwproject.org.uk | 2 | VIEW_CONTENT | 2024-03-31 | 2024-04-01 |
| doola.com | 2 | PAGE_VIEW | 2023-12-19 | 2023-12-19 |
| Wondershare EdrawMind MindMap | 2 | CUSTOM | 2023-11-06 | 2023-11-20 |
| Be Good Pakistan | 2 | PAGE_VIEW | 2023-11-18 | 2023-11-18 |
| begood.pk | 2 | VIEW_CONTENT | 2023-11-18 | 2023-11-18 |
| taiwantrade.com | 2 | PAGE_VIEW | 2023-10-10 | 2023-10-10 |
| Adobe Acrobat Reader: Edit PDF | 2 | ACTIVATE_APP | 2023-09-18 | 2023-09-29 |
| IQAir AirVisual | 2 | CUSTOM | 2023-09-27 | 2023-09-27 |
| futurism.com | 2 | PAGE_VIEW | 2023-06-27 | 2023-06-27 |
| bata.com.pk | 1 | VIEW_CONTENT | 2025-02-18 | 2025-02-18 |
| sehatyab.com | 1 | PAGE_VIEW | 2025-01-29 | 2025-01-29 |
| oneindia.com | 1 | PAGE_VIEW | 2024-11-23 | 2024-11-23 |
| alignerr.com | 1 | PAGE_VIEW | 2024-09-28 | 2024-09-28 |
| uwaterloo.ca | 1 | PAGE_VIEW | 2024-09-27 | 2024-09-27 |
| remarkable.com | 1 | PAGE_VIEW | 2024-09-26 | 2024-09-26 |
| adminjs.co | 1 | PAGE_VIEW | 2024-09-26 | 2024-09-26 |
| openinapp.co | 1 | VIEW_CONTENT | 2024-07-26 | 2024-07-26 |
| Adobe | 1 | PAGE_VIEW | 2024-07-04 | 2024-07-04 |
| 10times.com | 1 | PAGE_VIEW | 2024-05-16 | 2024-05-16 |
| searchenginejournal.com | 1 | PAGE_VIEW | 2024-03-10 | 2024-03-10 |
| thesocialmanquiz.com | 1 | PAGE_VIEW | 2024-03-05 | 2024-03-05 |
| atlassian.com | 1 | PAGE_VIEW | 2024-02-19 | 2024-02-19 |
| Datadog | 1 | PAGE_VIEW | 2024-02-19 | 2024-02-19 |
| Hotjar | 1 | CUSTOM | 2024-01-28 | 2024-01-28 |
| investing.com | 1 | PAGE_VIEW | 2023-11-20 | 2023-11-20 |
| manascookieco.com | 1 | PAGE_VIEW | 2023-11-18 | 2023-11-18 |
| foodpanda.pk | 1 | CUSTOM | 2023-11-02 | 2023-11-02 |
| reuters.com | 1 | PAGE_VIEW | 2023-10-13 | 2023-10-13 |
| streaks.ai | 1 | PAGE_VIEW | 2023-10-06 | 2023-10-06 |
| Al Fatah Online | 1 | ACTIVATE_APP | 2023-10-01 | 2023-10-01 |
| appnebula.co | 1 | PAGE_VIEW | 2023-09-30 | 2023-09-30 |
| shopgroove.pk | 1 | VIEW_CONTENT | 2023-09-26 | 2023-09-26 |
| Daraz Online Shopping App | 1 | CUSTOM | 2023-09-23 | 2023-09-23 |
| gazbofashion.com | 1 | PAGE_VIEW | 2023-09-10 | 2023-09-10 |
| autogpt.net | 1 | PAGE_VIEW | 2023-09-04 | 2023-09-04 |
| hiddenremote.com | 1 | PAGE_VIEW | 2023-08-29 | 2023-08-29 |
| kylebenjaminturner.com | 1 | PAGE_VIEW | 2023-08-25 | 2023-08-25 |
| hamzads.com | 1 | PAGE_VIEW | 2023-08-25 | 2023-08-25 |
| 7figureemailsystem.com | 1 | CUSTOM | 2023-08-25 | 2023-08-25 |
| adobe.com | 1 | PAGE_VIEW | 2023-08-19 | 2023-08-19 |
| moboreader.com | 1 | CUSTOM | 2023-08-19 | 2023-08-19 |
| loom.com | 1 | PAGE_VIEW | 2023-08-08 | 2023-08-08 |
| Netflix | 1 | PURCHASE | 2023-07-01 | 2023-07-01 |
| nature.com | 1 | CUSTOM | 2023-06-27 | 2023-06-27 |
| moltyfoam.com.pk | 1 | PAGE_VIEW | 2023-06-22 | 2023-06-22 |
| insider.com | 1 | PAGE_VIEW | 2023-06-21 | 2023-06-21 |
| space.com | 1 | PAGE_VIEW | 2023-06-19 | 2023-06-19 |
| bizjournals.com | 1 | PAGE_VIEW | 2023-06-16 | 2023-06-16 |
| appsumo.com | 1 | PAGE_VIEW | 2023-06-15 | 2023-06-15 |
| saasmaster.link | 1 | PAGE_VIEW | 2023-06-15 | 2023-06-15 |
| fullers.co.uk | 1 | PAGE_VIEW | 2023-06-03 | 2023-06-03 |
| Wortspaà mit Freunden | 1 | CUSTOM | 2023-05-30 | 2023-05-30 |
| xbox.com | 1 | PAGE_VIEW | 2023-05-20 | 2023-05-20 |
| thedailybeast.com | 1 | PAGE_VIEW | 2023-04-23 | 2023-04-23 |
| ladbible.com | 1 | CUSTOM | 2023-03-24 | 2023-03-24 |
| thenation.com | 1 | PAGE_VIEW | 2023-03-20 | 2023-03-20 |
| bigthink.com | 1 | PAGE_VIEW | 2023-03-17 | 2023-03-17 |
| windowscentral.com | 1 | CUSTOM | 2023-03-14 | 2023-03-14 |
Facebook does not share all the data these advertisers share with Facebook which includes more granular details about each tracking event like name and pricing of products.
Since I live in Pakistan, most are local businesses but if you analyze your own data, this table would be different.
In general, not are we just being tracked by almost every website and app we visit, but the more serious problem is the centralization of this data by individual players like Facebook and Google. Facebook knows which products I buy, which apps I use, what food do I order online and which streaming platforms I use.
How Facebook Connects Tracking Data to You
How does Facebook link all the events sent from different platforms back to you? The answer is third-party cookies (on the web), the Android Advertising ID (for Android), and Apple’s Identifier for Advertisers (IDFA) (for iOS). However, with iOS 14.5, Apple introduced App Tracking Transparency (ATT), requiring apps to ask users for permission before tracking their data across other apps and websites owned by companies like Facebook. While the tracking methods vary, they all serve the same purpose: identifying you across different apps and websites.
If you use multiple devices and stay logged into Facebook on all of them, Facebook can now track you across devices. For example, it can see what you searched for on your laptop and then track your browsing on mobile.
But tracking doesn’t stop online. Many brick-and-mortar stores share customer details with Facebook—even if you never even visit their website. I personally avoid sharing my contact details at physical stores, which might be why I don’t see this data linked to me. Facebook even provides extensive documentation on how businesses can track “offline” events.
What still doesn’t make sense to me, though, is how websites continue to track me despite my use of multiple privacy tools like uBlock Origin (which recently stopped working), Privacy Badger, and Firefox on mobile.
Retargeting ads
Ever searched for a product online, clicked on a website, and browsed a few items—only to start seeing ads for those same products everywhere? That’s retargeting.
Here’s how it works: When you visit a website and view a product, that website shares your activity (such as product views or items added to cart) with Facebook. Facebook shares this data back with advertisers about people who have added products in their cart but have not bought them. Advertisers can then define an audience based on this criteria and run a new campaign to remind people to buy items in their cart. They can also just target people who have clicked on their ad previously but didn’t buy.
Why businesses share our data with Facebook?
Businesses share our data with Facebook to improve ad targeting and retargeting, the more data they share, the more facebook knows about us and it lowers their customer acquisition cost. So, everyone is incentivized to share more and more data about us with facebook. Facebook uses this data to continuously optimize its ads.
Circumventing Ad blockers
If you think you can block this tracking by using browser extensions? it does noy work, I use two browser extensions, u block origin and privacy badger but how am I still getting tracked?
Server Side Tracking
The concept is simple: Ad blockers prevent tracking by blocking network requests from websites to known tracking URLs like Facebook. They also block third-party cookies, which are commonly used for tracking.But what if, we send conversion data directly from our server to Facebook? For example, when a user clicks a link or adds a product to their cart on my website, a javaScript script sends this data to an API hosted on my domain and then my web server forwards it to facebook instead.
Since this data transfer to trackers happen between servers, not in the browser, ad blockers running on a user’s device can’t detect or block it because my domain is not a known tracker.
Replacement for third party trackers?
While Server-Side Tracking bypasses ad blockers, it doesn’t fully replace third-party cookies when it comes to tracking users across different websites and apps. Identifying users across domains is much simpler with cookies. Additionally, it can’t track conversions unless the user arrives at your website from a Facebook ad—otherwise, you could just pass a query parameter in the URL and send it to Facebook.
So, what is Facebook relying on now?
Your personally identifiable information (PII) — such as your email, phone number, and even IP address. When you make a purchase and the website shares your email with Facebook, Facebook can match it against its database and attribute the purchase to you.
This method also enables Facebook to track offline purchases. If you buy something in a physical store and provide your email or phone number (e.g., for a receipt or loyalty program), that business is likely to share this data with Facebook, linking your offline activity to your online profile.
Hashing – An Illusion of Privacy?
Facebook requires advertisers to hash personally identifiable information (PII), such as your email and phone number, before sharing it. Hashing is a one-way process, meaning if I share my hashed email with you, you can’t reverse it to reveal my actual email.
However, the reality is different in Facebook’s case. Since Facebook already has both your raw email and its hashed version, matching new data points to your profile is trivial. If a website shares new information along with your hashed email, Facebook can easily link it back to you. The only potential issue is hash collisions, but with SHA-256, these are highly unlikely. Additionally, Facebook explicitly instructs advertisers not to hash IP addresses, which can further help resolve any collisions.
Looking at my own data, I found that several businesses share my hashed email and/or phone number with Facebook. For example, Adobe appears to be excluding me from their ads—likely because I’ve already signed up for one of their services, making additional ads unnecessary.
Deleting facebook does not stop the tracking
Many privacy-conscious users delete Facebook, assuming it stops tracking—but this misunderstands how modern tracking works.
Websites share data with Facebook whether you have an account or not. Here’s how:
- You visit Website A, which loads an image or script from Facebook. This saves a cookie in your browser.
- Later, you visit Website B, which also loads a resource from Facebook. Now, the cookie from Website A is shared with Website B.
This is how third-party cookies work, enabling Facebook to track users and even create shadow profiles of people who never signed up for an account.
A similar method is used by mobile apps, which share device identifiers instead of cookies.
And it’s not just Facebook—there’s an entire industry operating in the shadows:
- The Trade Desk ($42B market cap)
- Xandr (acquired by Microsoft for $1B)
- Criteo ($1.7B)
- Taboola ($700M)
- Outbrain ($250M)
These companies build detailed user profiles, then either sell real-time data to brokers or sell ad space directly to advertisers. In short, tracking extends far beyond Facebook—and quitting the platform doesn’t mean you’re invisible.
Device Fingerprinting with First party storage
This is purely hypothetical—I have no evidence that Facebook is actively using this method. However, I’ve been testing it and have seen mixed results.
Server-side tracking and hashed PII can link your interactions on a website only when you’re logged in. (You might notice an increasing number of websites asking you to log in unnecessarily in the coming months.) But Facebook can’t track anonymous actions and tie them back to you—unless it uses a different approach.
One possible method is browser fingerprinting, which allows websites to generate a unique identifiers for your device. A script (like Facebook Pixel) could create this fingerprint and store it as a first-party cookie. The website could then send this cookie with every interaction.
Fingerprinting is already used by many websites but I don’t know if any advertising pixel is using it in a first party context. That is, the fingerprinting script is hosted on the merchant’s domain which calculates a unique identifier for each device regardless of the merchant. If multiple websites use this tracking method, they would generate the same device identifier. Since websites share their conversion data with a single platform (e.g., Facebook), this theoretical tracking system could invisibly track users across the internet—even without third-party cookies.
Currently, no ad blocker can stop this. The only real protection would have to come from browser-level defenses against fingerprinting.
Conclusion
I just wanted to share this for anyone looking to understand how Facebook ads work but struggling to find a clear resource to build a solid mental model.
I hope you found it valuable! That said, I’m not an expert in Facebook marketing, so if you spot any factual errors, please let me know—I’m always open to learning and correcting mistakes.
If you have any questions or feedback, feel free to reach out at [email protected] .