This week, Meta — the company that owns Facebook, Instagram, and WhatsApp — announced a quiet but significant change to how it uses information about you. Starting soon, the things you do off of Facebook and Instagram — the purchases you make on other websites, the games you play, your activity on businesses all across the internet — will be used not just to target ads at you, but to shape the actual content you see in your feed and the answers Meta’s AI assistant gives you. Buy a tent on some outdoor retailer’s website, and Meta may start filling your feed with camping content and tailoring its AI’s responses around it.

Meta is careful to point out that you can opt out, and that it is not collecting any brand-new data to do this. Both of those things are technically true. But they sidestep the part that actually matters for you and your business: almost nobody knows the setting exists, almost nobody will ever find it, and that is not an accident. This is a good moment to understand what is really happening with your information online — and why the same quiet, buried-in-the-settings reality is a risk that reaches well beyond your personal feed.

What actually changed

For years, the deal with free social media has been understood, more or less: the platforms watch what you do on their apps — what you like, what you watch, who you follow — and use it to sell ads. Most people made their peace with that. What changed this week is the scope. Meta is now openly using your activity from across the wider internet — the trail you leave on other companies’ websites and apps — to personalize not only ads, but the content and AI answers you see. The wall between “what I do on Facebook” and “what I do everywhere else” has effectively come down, and the combined picture is now being used to shape your experience in deeper ways than before.

The reason this information flows to Meta in the first place catches people off guard. When you buy something or use a tool on many ordinary business websites, that business is often quietly sharing a record of your activity back to Meta in the background — it is how much of online advertising has worked for years. So the profile Meta is now drawing on is not built only from your social media use. It is stitched together from your activity all over the web, much of it shared by businesses you interacted with and never thought twice about. You did not picture all of that flowing into one place and being used to decide what you see and what an AI tells you. Most people never do.

“You can opt out” — and why that line does so much work

Whenever a company makes a change like this, the reassuring phrase that comes attached is always the same: “you’re in control, and you can opt out.” It sounds fair. And technically, it is true — there is a setting. But the entire system is built around a quiet bet that you will never touch it. The control is real; the odds that you will find and use it are deliberately slim. The setting is buried under layers of menus most people never open. It is not presented to you when the change takes effect — you have to go hunting for it. And it is described in vague, comfortable language designed not to alarm you into looking. The result is a kind of consent that exists on paper but not in reality: technically you agreed, technically you could change it, and in practice the overwhelming majority of people will simply be opted in by default, forever, because finding the off switch is more work than anyone has time for.

This is the single most important digital-literacy lesson of the moment, and it extends far beyond Meta. The phrase “you can opt out” is doing an enormous amount of work to make something feel acceptable that most people would object to if it were presented plainly. Once you learn to hear that phrase and immediately ask “opt out how, exactly, and why is it not on by default?” you start to see how much of your digital life runs on settings someone chose for you and is counting on you never to revisit.

Why a business owner should care about more than their own feed

It is easy to file this under “annoying, but it’s just my personal Facebook.” But there are two reasons a small business owner should pay closer attention than the average person.

The first is personal, and it is simple: the more of your life that gets stitched into a single detailed profile — your purchases, your interests, your habits, your movements across the web — the more valuable and more exposed that profile becomes. As a business owner, your accounts and your identity are a more attractive target than most, and a rich, consolidated picture of you sitting in a company’s systems is exactly the kind of thing that does damage if it is ever leaked, breached, or misused. Quiet data consolidation is not harmless just because today’s use is only choosing your camping videos.

The second reason is the bigger one. This is a perfect, real-world example of the exact tactic that attackers use against your business every single day: the quiet default, the buried setting, the change that takes effect unless someone actively notices and acts. The skill of stopping, reading what you are actually agreeing to, finding the setting that matters, and not simply accepting whatever was chosen for you — that is not just good privacy hygiene. It is the same instinct that protects your business from the scam, the sketchy app permission, the “click here to continue” that should have been questioned. Meta’s change is a low-stakes, public dress rehearsal for a habit your whole team needs in much higher-stakes moments. If this setting can be quietly flipped on for billions of people who never noticed, consider how a carefully worded request aimed directly at one of your employees would fare.

What to actually do

On the personal side, the move is straightforward, and worth doing today. Go into your Facebook and Instagram settings and look for the controls governing activity from other businesses and off-platform data, and turn off what you are not comfortable with. It takes a few minutes, the setting is there, and now you know to go find it rather than letting the default stand. While you are in there, it is a good moment to review the rest of your privacy settings, because they tend to quietly reset and expand over time exactly like this.

But the deeper takeaway is about the instinct, not the individual setting. The reason attacks and quiet data grabs keep working is that people are busy, trusting, and trained by a thousand “click to accept” moments to wave things through without reading them. The single most effective protection any small business can build is a team that has unlearned that reflex — people who pause when something asks them to accept, agree, or hand over access, who read what is actually in front of them, and who know how to recognize when a default was chosen for someone else’s benefit rather than theirs. That instinct does not come naturally in a busy workday. It comes from training, and it is the cheapest, highest-return security investment a small business can make.

We build that training around the way your team actually works — in plain language, for people who are not technical — so the same alertness that catches a buried privacy setting also catches the email, the phone call, and the app permission that could quietly cost you your business. Meta just gave everyone a free, real-world lesson in how easily a quiet default slips past us. The question worth asking is whether your team would catch the next one, when it is not a camping ad on the line but the keys to your business.

Sources: Meta Newsroom (“Better Personalization and Changes to Controls for Your Activity From Other Businesses”); The Hacker News, June 2026.