Alana Post

I'm thinking about those beans.

“Facebook will reveal who uploaded your contact info for ad targeting,” Josh Constine, Techcrunch

This is one of the wilder aspects of Facebook Ads in practice, and I’m not sure if the general public is familiar with how bad the process is for everyone involved.

Basically, here’s how i’ve experienced it from the perspective of a nonprofit marketing person. Please note that I am not a power user of Facebook ads. I know how to use the product, build an audience, format media and write copy, debug, build/analyze campaign reports etc but it’s never been my primary focus. (I have been not-so-subtly trying to flee digital marketing for about 7 years, so I have only learned what I needed to remain employed.)

Anway. Let’s say it’s Giving Tuesday.

  1. Nonprofit A wants to do a campaign for donations
  2. A hires Agency B and gives some worker on the agency side total access to all systems that hold supporter information (CRM like Salesforce’s “Nonprofit Starter Pack” assuming they have prior donor info there, email newsletter platform like Mailchimp, social media platforms like Facebook, web analytics platforms like Google Analytics, plus any psychographic info on prior donors). Just a note here that things have already gone terribly wrong. My personal information is now in an Excel file on the desktop of someone, probably in their mid 20s, who has never been trained to handle sensitive data and has zero clue what their legal obligations may be.
  3. A and B decide who to “target” for the campaign* and construct queries to put together “the list” or “the lists” containing the contact info of people they have enough data on to group. Lots of people are usually in every group so you dedupe it a million times; it’s just a brilliant process really
  4. The final list for Facebook is exported as a .csv on someone’s desktop, formatted according to FB’s instructions (sample file: )
  5. Someone from B with a great deal of privileges on A’s Facebook page logs into using their personal profile (there’s no such thing as a “company account” so you have to use your personal FB if you ‘work in social media’ and it’s hilariously bad; I still have access to several former clients’ FB admin areas)
  6. The file gets uploaded and, if you didn’t use their template, you quickly map the fields (mindless work)
  7. The rest is just following FB’s instructions. It can be tricky just like any other hideous product built for enterprise audiences but it’s not very hard to give Facebook ALL your people’s data.
  8. Anyone who used an email address to sign up for Nonprofit A’s newsletter and/or donate to Nonprofit A, who also used that same email address with their Facebook account, is now fair game for the ad. For a small nonprofit, particularly one without a lot of supporters on FB, sometimes you’re not looking at a lot of people. So FB lets you dip into their data. Sure, all I know about this one woman is that she wrote a check for $500 in 2017. But Facebook knows everything about her whole life. So it can go get me 2,000 more users exactly like her. A “lookalike” audience to try to get money from, based on who gave in the past. Perfect!

Nobody ever deletes anything, so The File is not just telling FB about the prospective donors (so it can match email addresses and target those users with this nonprofit’s Giving Tuesday ad), it’s on a stranger’s desktop and maybe already auto-backed-up to B’s Google Drive.

I think a big part of this is bad data handling hygiene. People are not being trained, because their boomer and old gen X bosses see this as wizard magic and don’t realize basic information that would apply to a csv just as well as a manila folder needs to be passed down. Food safety handing and that whole certification process looks like being trained for a Moon landing compared to the training marketers and other workers in that industry receive. Fair enough, I guess we have decided as a society that salmonella is more frightening than spam and identity theft etc.

But part of it, in my scenario anyway, is also a mishmash of unethical decisions made by Facebook, Agency B, and Nonprofit A.

Nobody should be doing any of this, in my opinion. But they do, because FB ads are more effective than email campaigns, and take less work. Nonprofits structurally have no good choices because their whole premise is flawed. Having your entire continued existence dependent on your ability to cozy up to rich old capitalists and their heirs, or extracting money from bleeding hearts, is screwy. I guess I’ll save that particular rant for another morning.

  • “Whom to target” is usually reverse-engineered based on how much content they can produce; because initially everyone’s like “Let’s put together 5 different personae!” and then realize that’s 5 different sets of messaging that has to be translated into ask emails, landing pages, thank-you email, follow-up email, and, oh: what did we want to do with this audience after we get the money? Nothing until next year? Ok, those people definitely aren’t getting much from you but whatever, get that 🍞

Why this comparison

I love beautiful software. I also love security, and prefer to support open source software projects rather than proprietary efforts whenever it's reasonable to do so.

I have ADHD. Note-taking is an enormous part of how I work with my brain; I have tried many systems (physical and digital), and combinations of systems over the years. I am very invested in finding a solution that will hold up, long term, to heavy daily use and is also in line with the preferences I stated above.


The following information is largely copied and pasted from Bear's website, as of this morning.

Platforms: MacOS, iOS, WatchOS Price: Freemium. Free tier: create notes, add tags and attachments, and export to a variety of formats. “Bear Pro”: $14.99 annually / $1.49 monthly: sync between all your devices, over a dozen beautiful themes, and more powerful export options.


  • Formatting: “Advanced Markup” Editor (basically markdown)
  • Syntax highlighting for 20 programming languages
  • Rich previews
  • In-line support for images and photos
  • Cross-Note Links
  • Todos
  • Multiple themes
  • Multiple export options including HTML, PDF, DOCX, MD, JPG, and more
  • Smart Data Recognition of elements like links, emails, addresses, colors, and more to come
  • Hashtags
  • Focus Mode (hides everything in the UI)
  • Notes are stored in plain text
  • Multi-device sync via iCloud
  • Regular updates

Bear is a truly beautiful app and it's very easy to form a habit of using it since it integrates so neatly into other apps one already uses. The price of Bear's deep, seamless integration with Apple's products is lock-in to their ecosystem. Bear becomes more generally useful the more Apple products you own, and less useful the fewer you own. This is worrisome to me; I suspect non-OS software and device hardware shouldn't have their fates so closely bound together.

One thing I'd like to note is that Agenda kind of ripped off Bear's design, added a calendar integration, and focused on event note-taking. If you have a lot of recurring standing meetings or courses, particularly if you are responsible for managing agendas, action items etc, I would recommend giving it a look. It is proprietary and freemium.

Standard Notes

As before, I have largely copied and pasted this information from Standard Notes' website this morning.

Platforms: MacOS, Windows, Linux (AppImage), iOS, Android, web Price: Freemium. Free tier: end to end private encryption, sync all your devices, web and offline access, unlimited notes, unlimited devices. You may self-host this tier. “Standard Notes Extended”: $9.99 monthly, $50.04 1-year (or, $4.17/month), $148.80 5-year (or, $2.48/month), which gives you access to themes and extensions (or plug-ins.)


  • Formatting: Markdown
  • Syntax highlighting for 120 programming languages (via Code Editor extension)
  • Rich previews (via about 4 of the extensions)
  • In-line support for images and photos (via Plus Editor extension)
  • Todos (via Simple Task Editor extension)
  • Multiple themes (via extensions)
  • Export as txt
  • Hashtags (enhanced via Quick Tags extension; also “Smart Tags” [interact w/your tags via JSON] via Folders extension)
  • Focus Mode (via No Distraction extension)
  • Multi-device sync via Dropbox, Google Drive, or WebDAV server
  • Regular updates
  • 2FA
  • All notes, tags, and other data generated using the Standard Notes applications are encrypted using AES-256 encryption[^]
  • Github push
  • Vim keybindings (via Vim Editor extension)
  • Infinite undo / infinite history

Standard Notes is extremely feature-full, but has managed to retain a UI that doesn't feel like Microsoft Word. If you are clever about using all of its features, it can replace several separate applications. The additional layers of security it contains do not result in it feeling burdensome to use.

From this cursory comparison, I can see a few things:

  1. Support for typical activities — text formatting, syntax highlighting, todos, live preview of formatting / images / etc, themes — is covered by both apps. If looks matter to you, Bear might have the better free tier.
  2. Free tiers aside, Bear is significantly less expensive than Standard Notes, even if one pre-pays for 5 years of Standard Notes and thus receives the greatest discount available.
  3. Standard Notes is significantly more secure.
  4. Standard Notes contains key features that primarily appeal to developers.

Ultimately, for the suite of applications and services I'd prefer to use (e.g. Nextcloud), Standard Notes is the better choice for me since it permits a WebDAV sync destination. I also appreciate Standard Notes' extremely privacy-first approach, which appears to be a founding principle and not marketing promises.

I find it interesting that despite being a self-professed note taking nerd (for crying out loud, I was a die-hard Notational Velocity user for years), I didn't know Standard Notes existed before last week — and they've been around since 2017. Maybe this post will expose a few more note-takers to another secure, private alternative.