The Day My 67-Year-Old Student Asked If Facebook Was Listening Through Her Phone

For our non-medium friends.

“Elizabeth, I need to ask you something, and I know it sounds crazy.”

Janet hesitated on our Zoom call, clearly embarrassed. She’s a retired administrator, sharp as a tack, and not someone who jumps to paranoid conclusions.

“I was talking to my daughter about needing new running shoes. Just talking. My phone was on the counter. I never searched for anything. And now every website I visit has ads for running shoes. Is Facebook actually listening to me?”

I get this question at least once a month from my students. And the answer is more complicated than yes or no.

The truth is, Facebook probably isn’t listening through your microphone (though they technically could). They don’t need to. They already know so much about you from what you willingly click, search, and share that they can predict what you need before you search for it.

Janet had recently joined a local running group on Facebook. She’d liked several posts about beginner running tips. Her phone had tracked her visiting a sporting goods store. The algorithm simply connected the dots.

When I explained this, her reaction surprised me.

“That’s somehow worse,” she said quietly. “At least if they were listening, I could turn off the microphone. But this… I don’t even know where to start.”

The Privacy Divide No One Talks About

Here’s an uncomfortable truth: while younger generations grew up learning to guard their digital footprints, many people over 50 entered the smartphone era with pre-internet instincts about privacy.

You learned that a phone conversation was private. That mail was sealed. That your location was your own business unless you chose to share it.

The new rules are inverted. Everything is tracked by default, and privacy requires active, ongoing effort.

A 2023 Stanford study found that adults over 55 share significantly more personal information on social media than younger users, not because they’re careless, but because they apply analog-era assumptions to digital platforms. They see Facebook as a neighborhood gathering, not a data harvesting operation with 3 billion users.

When my student Mike (not his real name) mentioned casually that he’d posted photos from his vacation while he was still traveling, I had to explain that he’d just broadcast to anyone watching that his house was empty. The post was public, visible to strangers.

He’d been treating Facebook like showing slides to friends in his living room. He had no idea the door was wide open to the street.

What Your Devices Actually Know About You

Let me be specific about what gets collected when you use everyday technology:

1. Your Physical Location

Your phone tracks where you go through GPS, cell towers, and WiFi networks. Apps you’ve never opened know:

• Which grocery store you prefer
• How often you visit the doctor
• Whether you went to church last Sunday
• How long you spent at your daughter’s house

This data is sold to advertisers, data brokers, and sometimes made available to law enforcement, usually without your explicit knowledge.

Google Maps keeps a “Timeline” of everywhere you’ve been. One of my students discovered hers went back four years. Every coffee shop. Every store. Every address she’d visited. She’d never turned it on. It was simply enabled by default.

2. Your Interests and Vulnerabilities

Every search, click, and video you watch builds a profile. Over time, algorithms learn:

• Your health concerns (making you a target for scam medical products)
• Your political leanings (making you valuable for targeted ads)
• Your insecurities (making you susceptible to specific marketing)
• Your routines (making you predictable)

One of my students searched “early signs of memory loss” after a stressful week where she kept misplacing her keys. For the next month, she was bombarded with ads for memory supplements, “brain training” programs, and senior care facilities. The algorithm had decided she was vulnerable and turned her worry into a marketing opportunity.

3. Your Social Network

Social media platforms know:

• Who you communicate with most
• Who influences your opinions
• Which relationships are fading
• Who might be experiencing health or financial stress

This seems abstract until you realize: when you tag friends in photos, comment on posts, or allow apps to access your contacts, you’re not just sharing your information. You’re sharing theirs too.

4. Your Financial Patterns

Online banking, shopping apps, and digital payment systems track:

• What you buy and how often
• Whether you’re price-sensitive
• If you’re an impulse buyer
• When you’re most likely to make purchases

Ever notice that prices seem to increase when you keep checking flights or hotels? You’re not imagining it. Dynamic pricing algorithms track your interest level and raise prices accordingly.

Why You’re Particularly Vulnerable

The research is clear and concerning.

According to the FBI’s Internet Crime Report, people over 60 lost more than $3.4 billion to online scams in 2023, more than any other age group. But the vulnerability isn’t primarily about tech skills.

It’s about cultural assumptions.

The Trust Gap

You were raised in an era where:

• Institutions were trustworthy: Banks, phone companies, and government agencies generally acted in your interest
• Privacy was default: You had to explicitly share information; it wasn’t extracted automatically
• Scammers were obvious: Fraud looked like a con artist, not a legitimate-looking email from “Amazon”

These instincts are exploited by modern systems. When Facebook asks for your birthday “to celebrate with friends,” it feels like a kindness, not data collection that enables identity theft.

The Overwhelm Factor

Privacy settings are deliberately complex. Tech companies profit from confusion.

I watched my 72-year-old student Nancy spend 20 minutes trying to make her Facebook profile private. She had to navigate through:

• Privacy settings (3 menus deep)
• Profile settings (different from privacy settings)
• Timeline and tagging settings
• Location settings
• Face recognition settings
• Off-Facebook activity settings

Each section had 8 to 15 options, many with unclear descriptions. This isn’t accidental. It’s designed to make you give up and leave everything public.

Real Stories from My Students

Margaret, 64, posted updates about her husband’s cancer treatment, including which hospital and general appointment times. She thought only her close friends could see the posts. They were actually public. A scammer called claiming to be from the hospital billing department, referenced specific details from her posts, and convinced her to “verify” her insurance information over the phone. It was a phishing attack. She lost $2,400 before realizing what had happened.

Robert, 59, used the same password for everything (something like his childhood dog’s name and his birth year “Buddy1945”). When a shopping site was breached, hackers suddenly had access to his email, which led them to his banking, his Facebook, his Amazon account. It took three months and $8,000 to resolve the identity theft.

Linda, 71, didn’t realize that clicking “Allow” when an app requested access to her photos meant the app could upload and analyze every picture on her phone. That included photos of her driver’s license and insurance card that she’d photographed to send to her daughter. The app uploaded them to their servers. She only found out when her identity was used to open credit cards in another state.

These aren’t stories of people who “aren’t tech-savvy.” These are smart, accomplished people who were never taught that the internet operates more like a surveillance network than a communication tool.

Practical Steps You Can Take Today

You don’t need to become a cybersecurity expert. You need to adjust a few settings and change some habits.

Immediate Actions (Do these in the next hour)

1. Review your phone’s location settings

• iPhone: Settings → Privacy & Security → Location Services
• Android: Settings → Location → App permissions
• Turn off location for any app that doesn’t absolutely need it (Does your flashlight app really need to know where you are?)

2. Check what’s public on social media

• Facebook: Settings & Privacy → Settings → Privacy
• Make your profile visible only to friends
• Change “Who can see your future posts?” to Friends
• Turn off public tagging
• Review old posts and change them to Friends only

3. Enable two-factor authentication

• Add this to email, banking, and social media accounts
• This means even if someone gets your password, they can’t access your account without also having your phone
• Yes, it’s one extra step. Yes, it’s absolutely worth it.

This Week

4. Audit your passwords

• If you’re using the same password everywhere: stop
• Use a password manager like 1Password or Bitwire
• Create long, unique passwords for important accounts
• A good password: “Sunset.Walking.November.Coffee.2019” (39 characters, easy to remember, nearly impossible to crack)
• A bad password: “Password123” or something like your pet’s name plus your birth year

5. Review app permissions

• Check which apps have access to your camera, microphone, contacts, and photos
• If you haven’t used an app in 6 months, delete it
• For apps you keep: only grant the minimum necessary permissions
• Ask yourself: Does this game really need access to my contacts?

6. Understand cookies and trackers

• Install a privacy-focused browser extension like Privacy Badger or uBlock Origin
• Use Firefox or Brave instead of Chrome (Chrome is made by Google, an advertising company that profits from tracking you)
• Clear your browser history and cookies monthly
• When you see cookie banners, click “Reject All” or customize to reject everything except essential cookies

Ongoing Habits

7. Think before you share

Ask yourself:

• Could this information be used against me?
• Am I posting my location while I’m away from home?
• Would I be comfortable with a stranger knowing this?
• Am I sharing information about someone else without their permission?

8. Recognize scam patterns

Real companies:

• Never ask for passwords via email or text
• Never create urgent pressure (“Your account will be closed in 24 hours!”)
• Never ask you to verify information by calling a number they provide
• Always let you verify by looking up their official number yourself and calling back

If something feels off, it probably is. Hang up and call the company directly using a number you find on their official website or your credit card statement.

9. Keep software updated

• Turn on automatic updates for your phone, computer, and apps
• Those annoying update notifications? They often fix security vulnerabilities
• An outdated device is like leaving your front door unlocked

What I Wish Everyone Knew

The internet isn’t inherently dangerous, but it is fundamentally different from the world most of us grew up in.

You’re not “bad with technology” if this feels overwhelming. The systems are designed to be confusing because your confusion is profitable. Every time you click “Accept All” on a cookie banner because you don’t understand the options, companies celebrate.

Privacy isn’t about having something to hide. It’s about having something to protect: your autonomy, your security, your right to move through the world without being catalogued and monetized.

You have more control than you think. Every setting you change, every permission you deny, every time you pause before sharing, these actions matter. They make you a harder target and they signal to tech companies that privacy matters to real people.

Asking questions is smart, not embarrassing. When Janet asked me if Facebook was listening, she wasn’t being paranoid. She was noticing something real and seeking to understand it. That’s exactly the right instinct.

The Conversation We Need to Have

If you have parents or older relatives who are online, please: have the privacy conversation before they need it.

Don’t wait until after the scam, the data breach, or the moment when they realize their “private” photos have been public for two years.

Make it a regular check-in. Offer to sit down and review their settings together. Share articles like this one. Normalize asking questions about technology instead of pretending to understand everything.

The greatest gift you can give someone new to the digital world isn’t a new iPad or smartphone. It’s patient guidance about using it safely.

Where to Go From Here

Start small. Pick two things from this article and do them today. Tomorrow, pick two more.

Digital privacy isn’t a destination. It’s an ongoing practice. Like locking your door or checking your mirrors while driving, it becomes second nature once you build the habit.

And remember: asking for help isn’t weakness. It’s the smartest thing you can do.

If you need personalized guidance, whether you’re setting up privacy settings, recovering from a scam, or just want to understand what your devices are really doing, I offer one-on-one consulting. We’ll go at your pace, use plain language, and focus on what matters most to you.

Schedule a 30-minute consultation

Because everyone deserves to use technology with confidence, not fear.

Elizabeth Ndungu teaches digital literacy and privacy to adults over 50. She believes technology should serve people, not surveil them.