If the advertisements on your Facebook newsfeed appear remarkably relevant, it's because the social network giant knows better than you might think.
Facebook amassed an estimated $39.9 billion in ad revenue in 2017 by mining its vast troves of data on 2.2 billion users and selling the information to companies that use it to personalise adverts to your individual tastes.
There are also more sinister ways that companies use the data.
Cambridge Analytica harvested data from an estimated 87 million Facebook users and used the information to send them targeted campaign ads that appealed to their personal prejudices. Critics claim that the strategy helped Donald Trump reach the White House.
Such strategies Wikileaks founder Julian Assange called Facebook "the most appalling spying machine that has ever been invented," in an interview with Russian news site RT.
"Here we have the world's most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to US intelligence," claimed Assange.
"Every time you go to a party and take a picture and post that picture to Facebook, you're being a rat," he added at a book launch in 2014.
But even his organisation can't resist joining the mischief. Wikileaks has its own Facebook page with more than 3.5 million followers.
Facebook collects a disturbingly detailed dataset of its users and it hasn't always been transparent about exactly how it's used.
1. Facebook knows the phone number you provide for 2FA
Facebook has admitted that it uses the phone numbers provided by users for two-factor authentication of their accounts to target them with ads.
Researchers discovered that phone numbers and email addresses provided for security purposes, used in Facebook Messenger or included in friends' uploaded contact databases form "shadow profiles" that advertisers can use to target "custom audiences".
"We use the information people provide to offer a better, more personalized experience on Facebook, including ads," a Facebook spokesperson told TechCrunch in a statement.
"We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time."
2. Facebook accused of mass surveillance through its apps
A court case currently taking place in California alleges that Facebook has using its apps to track Facebook users and their friends, including those who don't use the social network.
The charges - which would amount to mass surveillance if proven true - were brought against the company by Six4Three, the producers of a now-defunct app called Pikinis, which let users zoom in on bikini photos.
They allege that Facebook skimmed the information from users' phones for commercial purposes by tracking their calls and locations, reading their texts, accessing and recording from their microphones and monitoring their use of apps.
A Facebook spokesperson was adamant that: "[The] claims have no merit, and we will continue to defend ourselves vigorously".
The case also alleges that Facebook could access all photos on iPhone users (not only those uploaded to the site) and that the company could collect metadata and content from Android users' phones.
In fact, Facebook has recently admitted that it did access and log call and text message data from users, but only after seeking user consent. However, reporting from the Guardian previously discovered this had in fact taken place without the explicit consent of some users.
"Facebook disclosed publicly that it was reading text messages in order to authenticate users more easily ... [but] this partial disclosure failed to state accurately the type of data Facebook was accessing, the timeframe over which it had accessed it, and the reasons for accessing the data of these Android users," says the complaint.
The accusation concerning Facebook's access to photos on users phones turns on the fact that Facebook hasn't fully disclosed how it pre-processes photos on the iOS camera roll.
3. Facebook unveils 'Clear History' tool
The backlash over the Cambridge Analytica data leak scandal is the biggest threat to Facebook since the company was founded.
The #deletefacebook movement has thus far failed to put a dent in revenues, but the social network has already launched new tools and policies to limit the damage.
At Facebook's annual F8 developer conference, CEO Mark Zuckerberg announced plans to build a new tool called "Clear History" that he said would make it easier for users to control and clear their browsing history.
"This feature will enable you to see the websites and apps that send us information when you use them, delete this information from your account, and turn off our ability to store it associated with your account going forward," Facebook's VP and Chief Privacy Officer Erin Egan explained in a statement.
Egan added that the tool would take a few months to build and that Facebook planned to take more steps to improve data protection.
4. Zuckerberg reveals more companies may have been sold the data bought by Cambridge Analytica but dismisses calls from Congress to limit data collection
At a hearing on Capitol Hill in April 2018 called to address the Cambridge Analytica data breach, Facebook CEO Mark Zuckerberg revealed that "a handful" of firms were sold the same data harvested through a personality quiz.
The 33-year-old dismissed the conspiracy theory that Facebook listens in on private conversations by mining audio from smartphone microphones, but refused to commit to reducing data collection.
Congressman Frank Pallone called his stance disappointing, to which Zuckerberg replied that data collection was "a complex issue that deserves more than a one-word answer".
5. Facebook alerts users whose information may have been shared with Cambridge Analytica
On Monday 9 April Facebook began to alert the 87 million users it estimates had their data shared with Cambridge Analytica.
Those affected will receive a message on their news feed that tells them if they or their friends used Facebook to log into This Is Your Digital Life, the app that harvested data and sold it Cambridge Analytica.
All 2.2 billion Facebook users will receive a notice titled "Protecting Your Information", which contains information on all the apps they use and the information they've shared.
The announcements were made the day before Facebook CEO Mark Zuckerberg appears before Congress to answer questions about the Cambridge Analytica scandal.
6. Is Facebook's VPN gathering psychological data?
Facebook's Onavo VPN could be collecting psychological profiles and detailed about personal preferences of tens of millions of its users through a feature called HotKnot, according to VPN comparison site VPNSpecial. This tool could potentially enable tracking of purchases completed with Android devices that have the HotKnot mobile payments chip, the company claimed.
The news was reported by VPNSpecial, whose staff discovered that Onavo contained traces of the HotKnot library while preparing their review.
HotKnot is typically used to exchange data by touching two compatible devices against each other, but can also be used to make a payment.
Integrating HotKnoT with its VPN could allow Facebook to learn the shopping habits of its users, and combine this with their geolocation to develop a detailed understanding of their psychological profiles and personal preferences.
The app's description states that it collects data to improve Facebook and Onavo, which arguably somewhat defeats the purpose of a VPN.
7. Facebook knows who you phone and text
Facebook collects and stores years of detailed calls logs and text message metadata from Android devices.
The news emerged after Facebook users who had been unsettled by the Cambridge Analytica scandal decided to download their Facebook data to find out what the social media company knew about them.
They discovered that the social network had records going back to 2015 of their calls that included dates, call durations and the names and numbers of the recipients. Tech site Ars Tecnica published their accounts and contacted Facebook to find out what was going on.
Facebook responded with a blog post that denied any wrongdoing. The company claims it logs this data only after users give their explicit consent through an opt-in feature for Messenger or Facebook Lite on Android. The statement said this helps users find and stay connected with people that they know and improves the experience across Facebook.
It added that while it collects information including when a call or text was made or received, it does not collect the content of this communication or sell any of the data to third parties. Users can turn this feature off in their Facebook settings.
8. Facebook knows what you believe
The Cambridge Analytica scandal has shone a light on the value of Facebook data about your political beliefs.
The British analytics firm gathered personal information on millions of Facebook users to predict how they would vote and target them with personalised political ads.
This could have helped swing the outcome of the US 2016 presidential election and the UK Brexit referendum.
Cambridge Analytica harvested their data from a personality test designed by a British academic called Aleksandr Kogan. Facebook claims that Kogan violated its policies by passing the information to Cambridge Analytica, but the social network also has other ways to work out what you believe.
If you state your political preference, express a political leaning or like a page associated that is associated with one, Facebook can use the information to predict your political views.
The company doesn't only need direct evidence of what you believe. If you like pages viewed as typical of a certain position, Facebook can assume that you share those views. Liking Exxon, for example, may indicate you're more likely to be conservative.
Facebook combines these details with demographic information in order to categorise users as liberal, conservative or moderate. The information is then anonymised and sold to campaign managers and advertisers.
9. Facebook know about who you, your family and your friends are
The basis of your Facebook profile is your on-site behaviour, covering the profile information you provide, the advertisements you click on, the events you create and attend, the items you like and the information you post.
This behaviour helps the company guess your age, gender, language and educational level, the electronic device you use and how you connect to the Internet.
Your posts and profile provide the foundation for your Facebook data footprint, but the company compiles a vast array of information from other sources to add personal details far beyond those you knowingly upload.
Your online behaviour and information from third-party sources are mixed in to tell Facebook about your job, whether you're married, engaged or soon celebrating an event, and whether you're a parent or expecting to be one soon.
It also knows who else is in your family, how far away they live and their coming anniversaries, and who your friends are and which of them is likely in a new relationship or home, or will soon be celebrating a birthday.
10. Facebook know about your finances and spending habits
Facebook pays data brokers such as Experian for extra information they've compiled over years gathering data from government records, surveys and commercial sources such as magazine subscription lists. This can tell them where you shop, what you buy, and whether you own a car.
It also helps Facebook guess the value, size, composition and type of property you live in, and when that property was built.
Facebook not only knows what you have but also what you want, by understanding your tastes and when you will likely be looking to upgrade something.
Your financial information is also up for grabs. Facebook can predict what you invest in, whether you have a credit card and if it's in debit, your income and net worth, and if you are a member of a credit union, national bank or regional bank.
11. Facebook know the websites you’ve visited and the apps you’ve used
Your online activity tracked by Facebook isn't limited to the social media site alone. If you ever visit a web page that uses Facebook technologies such as Facebook Pixel, both the publishers and Facebook can track visits from the users.
Advertisers use the information to craft ads for people who have visited the website or used the mobile app. It covers any page with a like or share button. These tell Facebook where you're browsing, if you've downloaded any of their mobile apps, made purchases from the site or added products to the shopping cart.
The Facebook family of apps and services also includes Instagram and WhatsApp, both of which add to the company's data dossier.
12. Facebook knows where you are and where you've been
Facebook uses location data to help advertisers target people at or near a specific place. This information is revealed by the IP address where you connect to the internet, the GPS and location services on your phone, your check-ins and the listed location on your Facebook and Instagram profiles.
Controversy emerged in June 2016 when Facebook first admitted and then denied it was using smartphone location information to suggest friends. The company ultimately divulged that it had briefly done this in 2015.
13. Facebook knows your secret thoughts
The old adage of "think before you speak" has gained a new lease of life on social media, where the false security shield of screen and keyboard has led to many a regretful tap of the enter key.
Data scientist Vicki Boykis recently revealed that Facebook knows what you were thinking even when you choose not to express it. The company can track your typing to read your mind.
Facebook can collect the text as you type it by sending code to your browser that analyses your keystrokes and reports the metadata. It includes deleted posts, comments and check-ins. The company calls these unpublished thoughts "self-censorship", and has previously used the data to study human behaviour.
The total incoming data adds up to around 600 daily terabytes, according to estimates made in 2014 by Facebook engineers. By Boykis' calculations, this is the equivalent of uploading 193 million copies of the novel War and Peace per day.
14. How to find out what Facebook knows about you
Facebook provides a broad outline of the information it collects in its Data Policy, but doesn't reveal full details of how it works.
You can find out what Facebook thinks about you by going to your ad preferences on the social network. These include your profile information, categories of interests and the advertisers with whom you've interacted as a customer a website user or just by clicking on their ads.
You can also hide advertisements that you'd rather not see by visiting Facebook ads settings.
The only way to escape the clutches of the Facebook data collectors and their partners altogether is by leaving the social network. But even that won't provide you with a truly clean break. Your data leaves an indelible mark, and once you agree to hand it over you're no longer entitled to get it all back. You can, however, download your entire Facebook data history as a ZIP file, using a self-service tool created by the company.