February 17, 2025

How to grey-rock Meta

by Matt May

(This post is structured like one of those recipes where you might not care about the preamble because you came here to make the damn thing. The operational stuff is down here.)

Like a lot of you, I’ve been struggling with where to put my energy into pushing back on… you know, *gestures at everything*. I’ve got posts in the queue about the latest administration attacks on DEI policy, Section 504, etc., and they keep coming faster than I can write about them. But Meta has been standing out to me, particularly as I’m finding their “performance-based” layoffs are landing substantially on people who recently took family and medical leave.

Meta sucks. They’re a part of this whole mess, having enabled Trump to take power dating all the way back to Cambridge Analytica. So this post is about what an individual can do that can impact them, even if you find it impossible to boycott them entirely.

This may come as a surprise to many of you, but I can be a hothead from time to time. No, seriously! For example, I deleted my Facebook account in the wake of the first Trump election, and stayed away for four years. I returned in 2022, not because I really missed it, but because I had moved to a small town on the Washington coast, where everything down to the taco-shack menu was on a Facebook page. I also didn’t like the ethics of just asking my partner to search things for me so I could be Mr. Not-On-Facebook. And that’s why I have a very boring, very locked-down Facebook account which, barring imminent danger, I am not deleting again. But seriously, don’t friend me there.

On the other hand, I dropped Twitter like a hot rock when Elon bought it, and never looked back—and I always liked Twitter more than Facebook and Instagram. So what makes this different?

I think the main argument for staying on Meta platforms is that your family is on them. Mostly the older ones, now. It’s the only platform both of my biological parents are on, for example. And having seen what it’s like to cut myself off from the social graph I created on there, versus the graph of choice I had on Twitter, that’s just not a sacrifice I’ll make again.

Deleting your account, especially if you have lots of friends, can also endanger those around you. Scammers will search for newly-deleted accounts, grab cached follower lists and profile photos, then create a duplicate account and connect with all your old friends. Oh, sorry, my account was hacked, this is the real me. Now “you” are in position to rob all your friends via kidnapping scams, crypto scams, you name it. Good luck getting your impersonator shut down without… a Facebook account of your own. And good luck to those friends who get taken and try to find a human at Facebook who will help them, because they’re virtually impossible to find. What’s not hard to find are fake Facebook “account recovery” groups, who’ll try to rip you off and then steal your account.

There’s another part to think about: the millions of private groups, pages and group chats, most of which you’ll probably never encounter, or need to. Even while Meta is abdicating its responsibility to protect women and LGBTQ+ folks from the basest of insults on public walls, legions of volunteer moderators are working to create safe spaces for kids who think they might be trans, or can’t talk to their parents about contraception, or are warning classmates in the group chat about their creepy teacher. There are a lot of young people, particularly in conservative areas, who use Facebook, Instagram and WhatsApp to find out who they are, while their parents think they’re just posting pics for Grandma. As anybody who grew up going to punk clubs will tell you, even a hellhole owned by a cretin can occasionally be a place of liberation.

What’s grey-rocking?

To “grey rock” is to become as invisible as possible in an environment where sticking out has negative consequences. This phenomenon is common in particularly abusive relationships—not only with partners or family members, but in the working world as well. Grey-rocking isn’t necessarily the healthiest interpersonal behavior, but we’re not talking about your spouse here; this is about protecting yourself from one of the largest corporations in the world, which is also aligned with an authoritarian regime. It’s not you, it’s them.

We can use the mechanism of grey-rocking to keep the stuff that’s most valuable and precious of us from becoming grist for Meta’s attention-stealing mill. We may not be able to escape entirely, but making it a duller place, and keeping our secrets to ourselves, is a useful way to make ourselves less profitable participants in their network. And who knows, maybe sometime in the future we’ll get to reconstitute our social graphs in a less-oppressive place, or at least under a set of rules that is fairer and safer for us. For now, that’s not an option for many of us, so here are some tips for minimizing the risk to yourselves and the people closest to you.

Know your adversary

You’ve probably heard this saying a million times: “If you are not paying for it, you’re not the customer; you’re the product being sold.” The goal here is to deprive Meta of the profitability of your presence on its platforms, as ethically as possible.

The key word is ethically. I am only suggesting actions that I am reasonably certain are both legal and within the Meta terms of service. I am not advising creating sock-puppet accounts or lying about the data you provide, much less anything like distributed denial-of-service (DDoS) attacks.

Meta platforms derive most of their income from selling three things:

• ads, both on and off Meta sites and apps
• users’ demographic and behavioral data (these two are linked, and amount to over 99% of their revenue)
• commissions on third-party transactions (e.g., Facebook or Quest games)

Meta also sells hardware like the Quest VR headsets and the Ray-Ban sunglasses with surveillance gear inside them, but at this point these are mostly a loss leader for them: Meta’s Reality Labs took in about $1 billion in 2024 while spending almost five times that. Their long-term purpose is to keep you plugged into the platform, where they can extract more money and data from you.

Here’s a good place for one of my favorite axioms of all time:

When you find yourself in a hole, stop digging.

If you have a long-running account, there’s no clawing back your list of connections and behaviors from Meta’s monetization machine. But what you can do, moving forward, is be as boring as possible, as far as Meta is concerned. Boring users are unprofitable users.

Here’s how you can do that.

Reduce your surface area

• Remove Meta apps from your devices and use only the mobile web versions. Mobile apps have greater access to your personal data, provided the app requests those privileges, and Facebook and Instagram in particular (more so than WhatsApp, another Meta property) request the vast majority of those privileges. This includes precise GPS data on where you are, whether or not you are using the app.

Here’s a demonstration of just how pervasive Meta’s surveillance is. This is the list of what data the Facebook app asks iOS/iPadOS to access: In other words, almost anything it can. All the time. (That's more than TikTok!) I haven’t had a Meta app on my mobile devices in years, and deleting them is the first thing I recommend when friends and family have battery trouble. My 18-month-old iPhone still has 70-80% charge after a full day of use, and that’s at least partly because it’s not waking up all hours of the day to communicate my GPS coordinates, Bluetooth beacons I’ve come across, apps I’ve used, resting heart rate, etc. to Meta.

• Use a privacy browser like Firefox Focus, preferably with a VPN (I recommend Mullvad) that you will only use to connect to Meta sites. This will prevent Meta from tracking you across the web because you use the same browser for both. (Using the privacy mode isn’t as effective, because it’s still possible to fingerprint a browser based on its scripting capabilities, languages enabled, and so on.) Short of that, use a different browser entirely (e.g., Firefox if you use Chrome, or vice versa) for Meta sites. It’s also a good idea to wipe cookies from Meta domains periodically: facebook.com, instagram.com, fbcdn.net, cdninstagram.com, etc.
• Use an ad blocker and a privacy tracker. I use uBlock Origin and the EFF’s Privacy Badger. There’s some overlap between the two, but together they do a good job of making the web a little safer and a lot more usable. I have seen Privacy Badger block literally hundreds of tracking bugs and scripts on a single page, not just from Meta but, like, everybody.
• Don’t interact with ads, sponsored posts, Reels, etc. This one takes some practice. Meta’s wily when it comes to getting around ad blocks, as you’d expect from a company who makes 99% of its revenue from them. See something you want to look into? Type it into a search engine like DuckDuckGo and keep it out of Meta’s view. If your friends list is short (mine is around 100), you’ll find that they’ll fill it up with sponsored posts and other “suggestions” to keep you scrolling. Take that as a sign that all the interesting stuff is gone, and reclaim your time.
• Avoid posting original content to Facebook, Instagram or Threads. If you want to share something important with your networks, post it elsewhere and link to it. Everything you post to a Meta platform will be used to attract more traffic, sell more ads, and collect more social graph and affinity data.
• Avoid posting anything set to Public. Marking your content as friends-only reduces the number of times Meta can show it from potentially billions, to maybe a few hundred or thousand. Sure, your content won’t go viral that way. That’s good. You don’t want to give Meta the chance to sell more ads or track more user data.
• Trim your Pages and Groups. It’s a good time for spring cleaning. The fewer sources for content in your feed, the less material Meta has to blast at you, and the less it knows about you and your interests in general. If your organization uses Meta platforms for community or publicity, it's a good time to re-evaluate that decision.
• Don’t use Facebook Messenger or direct messages on Instagram or Threads. Move private conversations off to Signal where you can, SMS if you have to. Meta can track who you talk to, how often, and even what you say. A conversation with a family member who’s got an unwanted pregnancy, or is questioning their gender or sexuality, is a real security risk right now.

  WhatsApp is a slightly different story. For one thing, in some places, especially where SMS isn’t cheap, it’s pretty much unavoidable. And for another, WhatsApp collects a lot less information from your mobile device. Meta makes its money on WhatsApp on business-to-customer APIs, not on your own activity, so end users are still mostly free-riding. Just be aware that WhatsApp is still Meta, and even though they generally operate as a separate organization, that may not always mean your communications are safe.

Don’t use your Meta account to log in to or pay for anything

Fortunately for us, Meta lags behind many other providers (Google, Apple and Microsoft among them) for third-party authentication. While I won’t fully vouch for one over the others (though I think Apple’s is the least-worst), I will say that Meta has the most obvious interest in cataloguing what sites you use how often, and logging in through your Meta account is handing them a detailed activity log. You should look in their preferences to see if you’re using your Meta account this way, and if so, I suggest doing what you can to migrate third-party accounts to other authentication providers.

You should also avoid ever paying for anything directly inside a Meta app. Yes, even charity links! Once you’ve given a Meta app your payment information, they can unlock all of the behavioral information your credit card company has on you, further weaponizing your data against you. (The same is true for your phone number, which they will use for targeted advertising unless you follow a very specific process to use it solely for two-factor authentication.) Do what you can to avoid giving Meta your personally-identifying information (PII), even if that means jumping to another browser to read up on that cool thing you just saw.

Meta is trialing a WhatsApp Pay tool in India and Brazil, and if that ever shows up for you, just don’t use it. There are way too many alternatives out there to have to use Meta for payments.

(Facebook Marketplace is basically free to list and reply, with these caveats: “Ships to home” listings are paid for by the seller; and Meta will obviously use info on what you search, browse and contact people for to add to the behavioral data you sell. If you start shopping for used baby supplies, for example, you may end up getting nursery catalogs in your snail mail.)

Make your own data invisible to others

Last month, the EFF posted a pretty comprehensive list of settings to dig through in the shared Facebook/Instagram privacy site. To the greatest extent possible, you should make your profile as private as possible. Hide your friends list, limit your photos to friends only, and don’t allow people to tag you in their photos. Rooting around the Accounts Center ad preferences should be enlightening: the “Manage info” tab will show you not just what companies have accessed your information, but what categories Meta has associated with you. You can block most if not all of this, along with ad tracking across the web.

While you’re at it, you can cleanse all those books and movies you volunteered 15 years ago. It was fun and cute to hang all your likes out there for everyone to see. It is now a liability.

Finally: Don't go work for Meta. Obviously.

The aftermath

It turns out that being boring on a social network makes the network more boring. If the ads you get afterward sound irrelevant and generic, that means it’s working. Closing off a lot of Meta will open up free space in your day, even if it’s just doomscrolling somewhere else. You’ll still get to see your friends and family and their updates. But shifting from a share-first mentality to a protect-first mentality may begin to show you exactly how social media—not just Meta—exploit our desire to connect.

We let Meta go too far for too long without getting protection for ourselves in the deal (and to be clear, they’re not alone, just among the worst). I don’t want them to get any larger or more predatory than they are, so I’m trying my hardest to limit their pull on me. Maybe someday we’ll have some comprehensive privacy laws in the US, like many other countries do. For now, though, at least around here, we’re on our own.

If you have any suggestions or corrections, please let me know.

Office hours

I keep my calendar open on Thursdays for people who want to talk about working in DEI roles in tech, especially given, you know, all this.

Calendly - Matt May

My office hours are for people with questions about: product equity, inclusive design, accessibility in general careers in all of the above dealing with depression/anxiety/stress due to all of the above Free sessions are available on Thursdays. If these times aren't convenient for you, please

That’s it. Have a good week.