
Mark Zuckerberg Refuses to Admit How Facebook Works - pdog
https://www.bloomberg.com/gadfly/articles/2018-04-12/mark-zuckerberg-refuses-to-admit-how-facebook-works
======
fixermark
""" Zuckerberg reluctantly acknowledged that Facebook gathers information on
people who aren't signed up for Facebook for what he said were "security
purposes." """

That's a pretty disingenuous way to phrase Zuckerberg's response to a question
of whether Facebook uses cookie tracking for logged-out users. Which of course
it does, and it's of course used for security purposes; one has to be able to
unify sessions from people with multiple accounts to do the most basic of bad-
actor tracking against the most basic of attack scenarios.

~~~
common_
This isn't just basic cookie tracking. They have an actual profile on you,
without your consent, with the people who have you in their address book and
even potentially your purchasing habits, from the data they purchase from data
brokers like Datalogix. They maintain this profile on you separately from
other users, and they make immediate use of it if you create an account.

That's why it's called a shadow profile.

~~~
fixermark
How does such a practice differ morally from consumer credit reporting
agencies?

~~~
mindslight
It doesn't really - we need to get to a point where all of these surveillance
companies are out of business.

Using data about a user with their consent seems perfectly fine. The fiction
where this consent can be granted in perpetuity is not.

~~~
fixermark
Unfortunately, as long as consumers can't be uniformly and universally
trusted, there's but a market and a compelling, morally-acceptable use case
for consumer tracking and reporting in that regard. So if what Facebook
doesn't differ from consumer reporting in some other way, I don't see a
compelling argument to toss it for the same reason I don't see a compelling
argument to toss, say, return fraud tracking.

------
Waterluvian
Is that so surprising? You're asking him to talk about the one thing that
makes Facebook a viable revenue generator. I also feel like the use of "admit"
in the headline is disingenuous.

I have zero expertise in this field but my intuition is that Facebook runs on
an incredibly sensitive business model. Like an animal specialised to a
specific biome. Adjust the conditions a bit and it might perish in a few
generations. Meaningful legislative change to data collection or advertising
laws might out them at risk.

~~~
daveFNbuck
> I also feel like the use of "admit" in the headline is disingenuous.

Yet you seem to be saying that Zuckerberg is trying to hide his business model
to protect it from legislators. Doesn't that make the word "admit"
appropriate? What other word would you use for something someone doesn't want
to say during a hearing?

~~~
Waterluvian
Admit implies wrongdoing. I'm not. I think it can be perfectly fair to want to
be guarded about your secret sauce if that's what you believe it to be.

~~~
daveFNbuck
Admit doesn't imply wrongdoing, except insofar as hiding the truth is
wrongdoing. The phrase "admit you like him" is in common enough use to have
101,000 results in a Google search, similar to "admit you were wrong" or
"admit you did it". Having a crush isn't wrongdoing.

If admit is the wrong word to use here, what do you think the right word
should be?

------
mfoy_
I think the biggest thing is the HUGE disconnect with what people _think_
Facebook is doing, and what Facebook is _actually_ doing.

I think the whole point of this is to raise awareness about of the scope of
Facebook's data collection-- It's unfathomably enormous.

If more average people had a better understanding of what Facebook was
tracking, they'd be outraged. Zuckerberg's goal in this was to keep the wool
pulled over their eyes. That's why he kept conflating post-visibility settings
with privacy / tracking settings.

~~~
inlined
And what's worse is that privacy controls explicitly don't control ad
targeting. Years ago I had a long term relationship end. We hid our
relationship status and only ended the status a year later. Immediately after
changing a status marked "only me" in privacy settings I got bombarded with
dating ads. I complained that this was a huge privacy violation and they said
"we didn't share your relationship status with them. We matched you to them
because of the relationship status"

~~~
fwdpropaganda
> "we didn't share your relationship status with them. We matched you to them
> because of the relationship status"

Which I'm sure is acurate, that's how advertising targeting normally works.

Some years ago I read an essay about how the words we have limit the kind of
phenomena we think about. I think the example at the time was about piracy and
"stealing". Before computers existed it was impossible to make exact copies of
something at zero cost. Therefore, stealing was morally wrong because if you
take one of something, the person you took it from will have one less of that
something. With computers the situation is less obvious. If you make a copy of
something (say a movie) A) you're not really taking one copy of a movie from
them; instead you created a copy of a movie for yourself, B) it's not clear
that you're damaging their revenues either, as not all people who make copies
of movies would've bought the movies in the absense of the possibility of
making copies. Probably a more acurate picture is something in the middle, but
the point here was that anti-piracy lobbies knowingly conflated "making
copies" with "stealing". We entered the computer era without a morally charged
word to describe an activity that used to be impossible, and instead they used
one that misrepresents the new situation of things.

I think when it comes to privacy we're in a similar situation. Pre-computers,
"privacy" meant that (phrase A) "people won't know attributes of you", and
that is absolutely equivalent to (phrase B) "people (in this case advertisers)
aren't able to take actions that depend on attributes of you". Post-computers
the two phrases are not equivalent: Facebook didn't tell advertisers
attributes of you, but it gave them the possibility to make decisions which
depend on attributes of you. Conveniently, Facebook understands privacy to
mean the former. I suspect the reason for why Facebook got away with it for so
long is that we don't have two words that differenciate between the two
phrases. We need to once and for all decide if we want the word "privacy" to
mean phrase A, phrase B, or phrase A AND phrase B.

To be absolutely clear, I'm not saying "advertisers can only target you, they
aren't being given your data, and therefore all is good". The _only_ thing I'm
saying is that the word "privacy" is lacking in a post-computers world.

~~~
perpetualpatzer
> "Before computers existed it was impossible to make exact copies of
> something at zero cost. Therefore, stealing was morally wrong because if you
> take one of something, the person you took it from will have one less of
> that something."

I know this wasn't your main point, but I think it's worth rethinking the
basis of your (or possibly, just this essay's) view on copyright.

A "copyright" is so named because it is precisely the right to prevent other
people from making _copies_. When it originated (in the 1700s), its goal was
to prevent the copying of books, even though copying--then and now--did not
deprive the owner of their own access to the work.

What has changed is not the invention of a new fundamental concept (making a
thing like another thing), but the ease with which this can be done by the
unscrupulous. If you really liked a poem in 1720, wanted to be able to read
it, but didn't want to buy a copy, you could get it by copying it word-for-
word from someone else's version. The effect on the author was no different
from copying a friend's MP3 file. The only difference is it feels like "a
smaller act," so it can't be "a big deal."

~~~
fwdpropaganda
Ok, so it's not that we went from non-zero cost to zero cost, but instead that
cost of copy is a continuum and the lower we went the more prevalent it
became.

------
justinzollars
I think the questions were also horrible. Watching two days of testimony it
seemed only Congresswoman Dingell from Michigan had any grasp of how tracking
technology works.

My big takeaway is that we need more engineers in congress.

~~~
gringoDan
One of my biggest issues with the current political system is that - with few
exceptions - only lawyers go into politics.

This means that you have people who have never taken Econ 101 setting fiscal
policy, who don't understand technology trying to regulate tech companies,
etc.

I'm not sure what the solution here is, but I think we're asking for trouble
when our elected representatives lack a basic comprehension of the domains in
which they legislate.

~~~
manjushri
>We’ve arranged a society based on science and technology, in which nobody
understands anything about science and technology. And this combustible
mixture of ignorance and power, sooner or later, is going to blow up in our
faces. Who is running the science and technology in a democracy if the people
don’t know anything about it?

Carl Sagan

------
common_
Here's how Zuckerberg's testimony works:

1\. When he says he doesn't know, he actually knows.

2\. When he says he knows, and that the answer is "more AI," he doesn't
actually know.

~~~
fixermark
> When he says he doesn't know, he actually knows

I don't think we have reason to believe the CEO is deeply familiar with all
the strategies FB uses for session unification and user tracking. It's a fast-
moving field with a lot of technical detail that a CEO doesn't actually need
to keep day-to-day tabs on.

~~~
Slansitartop
Except this CEO has an engineering/development background, and I'd expect him
to be deeply familiar with the criticisms on his company.

------
kurthr
Does he just have some cognitive dissonance, is he covering up, or does he
really not understand how his business operates?

 _I used to say to our audiences: "It is difficult to get a man to understand
something, when his salary depends upon his not understanding it!"_

-Upton Sinclair

~~~
kristianc
It would seem pretty nigh-on inconceivable that someone could build a business
as successful as Facebook in hoovering up ad budgets, but to have no idea how
they did it.

------
kristianc
>Make the most of every campaign with these four strategies. Unlike display
ads which target people based on cookies, Facebook lets you define and reach
the exact target audience you want. You'll get the right eyes on your ads,
while maximizing your time, budget and growth potential.

Zuckerberg is going to lose his shit when he sees what his Digital Ads team
has done behind his back. Facebook is brazen about being a grossly invasive
advertising company, just not when they're talking to their users. [1]

[1] [https://www.facebook.com/business/a/performance-marketing-
st...](https://www.facebook.com/business/a/performance-marketing-strategies)

~~~
tzahola
"behind his back"

------
dlandis
> Zuckerberg claimed not to know what "shadow profiles" are

Did he really claim outright to not know what they are? Anyone have that quote
from the testimony?

~~~
warent
I do recall hearing live that he said he wasn't familiar with the term "shadow
profiles." This may have been honest, I hadn't heard it before this hearing
either, but then again I'm not the CEO of Facebook, so his answer is certainly
troubling

~~~
inlined
Given that employees are told they can no longer use the word "shadow profile"
to describe them, I suspect he knew what they meant.

~~~
dvfjsdhgfv
> Given that employees are told they can no longer use the word "shadow
> profile"

What's the source of this information?

------
TekMol
Is lying in front of congress a crime?

If I was a senator, I would have asked these two questions:

When I look at a product in an onlineshop like Amazon, afterwards I see
adverts for this product on Facebook. How does this work?

When I visit a physical store, afterwards I see adverts for this store on
Facebook. Even on my desktop computer. Even though I don't have any facebook
apps on my phone. How does this work?

If he lies and says he don't know, from then on he would be at the mercy of
many employees at FB whith whom he has talked about this type of data
collection and sharing.

~~~
thaladred
1\. Since Amazon uses Facebook for advertising, they can feed their data to
both Google and Facebook ads. It's easy to do with cookies.

2\. If you don't have Facebook app on your phone or if you did not open your
Facebook app when you are in store, you won't see ads for that store. Unless
you have a loyalty program with the store or the store decides to target
advertise you based on your payment info, etc. In any case, it is the physical
store that shares those information.

~~~
TekMol
1: How is that easy? If I had a cookie on Amazons domain, how would that
enable Amazon to show me personalized ads on FB? I don't keep cookies though.
So the targeting must use other types of user identification.

2: I don't have a FB app nor do I use FB on my phone. But I see ads related to
the places I went to. So the flow of information must be via other channels.
One part is probably Google (I use Android).

~~~
icantgoogle
They can also use Local Storage if necessary. I know quite a few Ad tech
companies were using local storage to get around no 3rd party cookies in
Safari.

------
kerng
Even Zuckerberg doesn't seem to know, he appears to have lost control of
what's going on. Unfortunately, the hearing didn't dive into details to better
demonstrate that he can't tell why somebody sees what they see, and who uses
the data (inside and outside of Facebook). Also, the whole collecting data
"for security purposes" is pretty unbelievable. Does that mean they share
information with governments around the world? This can be interpreted as
anything.

~~~
xaedes
Well.. He did look uneasy when asked about Palantir.

------
AndrewKemendo
Zuckerburg is in the unenviable position of having to defend the entire ad-
tech industry.

If he describes in granular detail how user profiling and ad serving works on
Facebook, then Facebook is going to take the hit on practices that are
basically industry standards. If he obfuscates, and focuses on FB controls
then he seems like a liar.

If he explained how ad-tech works across the internet then it would look like
whataboutism and him invoking the bandwagon fallacy.

At the end of the day it seems like someone/some company is eventually going
to take the fall for the whole ad-tech industry and cause major reform - is
Facebook the one who's going to take the arrow?

~~~
tzahola
Good. The whole ad-tech "industry" should be burned to the ground; the sooner
the better.

~~~
icantgoogle
The internet will be very different if the whole ad tech industry disappears.
It will be driven largely by subscription, but I believe that is the model
that Apple is encouraging.

------
subdane
Facebook has to infer intent, unlike, say Google Search, which can get it
directly from your keywords. FB has built a data halo around its users to try
and infer that intent. Hard to imagine them ever giving you control over that
additional data they collect around you, since it's their competitive
advantage. But also proving to be a double edged sword because it's creeping
out their users and other actors are starting to exploit it for political
ends.

------
alex_young
"I'll have my team get back to you on that" sounds so much nicer than "I plead
the fifth" doesn't it though?

------
thisisit
Given how things are taken out of context in today's media, giving a
resounding Yes to an answer which requires a detailed answer is a bade idea.
Congress/Senate hearings are not exactly CS101 class. So, it is better to be
keeping answers short and maybe it comes off vague.

Politician clue-ness on the issue also doesn't help.

------
lukeschlather
> (Zuckerberg reluctantly acknowledged that Facebook gathers information on
> people who aren't signed up for Facebook for what he said were "security
> purposes.")

This sort of information gathering is necessary for DDoS/Spam/Fraud prevention
and so on. I'm not saying I trust Zuckerberg wasn't hiding something else, but
also I understand why he didn't want to publicly comment on the heuristics
they use to combat attackers.

Although at this point I don't know why Zuckerberg would be obfuscating if
they really have detailed advertising profiles on logged-out users. (What
would said advertising profiles be used for? Selling them to other
advertisers?)

------
Mc_Big_G
If you're still using FB/IG/WA you're complicit.

------
candybar
This particular article from Bloomberg loads (for me this time, it likely
varies from one pageload to another) javascript files from these (and more, I
stopped after reaching m, alphabetically) domains, many of whom are likely
tracking users across sites and Bloomberg is doing so despite having no
affirmative consent from me whatsoever:

    
    
      a.quora.com
      action.media6degrees.com
      ad.crwdcntrl.net
      ads.pubmatic.com
      ak.sail-horizon.com
      amplify.outbrain.com
      amplifypixel.outbrain.com
      analytics.twitter.com
      assets.bwbx.io
      bat.bing.com
      bcp.crwdcntrl.net
      cdn.perfdrive.com
      cdn.taboola.com
      cdn.teads.tv
      cdn.tinypass.com
      connect.facebook.com
      consent.truste.com
      dt.adfaceprotected.com
      horizon.sailthru.com
      in.ml314.com
      insight.adsrvr.org
      js-sec.indexww.com
      ml314.com
      ...
    

It's important to blame the right party here - pubmatic doesn't have a
relationship with you and taboola doesn't have a relationship with you - it's
Bloomberg that is sending your usage data to them. The same is true when
Facebook or Google pixels are loaded (I'm sure they are there) - they are not
tracking you directly, the publishers that are loading those pixels are
sharing your browsing information with them. The media companies, that are
manufacturing lots of faux outrage of how the internet works, largely because
they mistakenly believe that if not for large tech companies, they'd make more
money, which is unlikely to be true, are not only complicit here, but they are
far worse about their blatant misuse of user data.

So however you feel about Facebook or Google or whoever happens to be on the
hot seat at the moment, this is just how the internet works today and says
more about the advertising ecosystem at large. The data collection also
includes offline entities that are selling or at least "sharing" purchase
data, gym check-in data, and so on. It's also important to realize that trying
to stop this through regulations likely kills smaller publishers that cannot
directly monetize their inventory with advertisers (because they are too small
and cannot prove their trustworthiness) while benefiting larger entities that
advertisers can reach directly. Google and Facebook don't need to load all
these third-party JS because they can sell directly to advertisers. Google
also happens to be an ad-tech intermediary but they don't need to be.

So be careful what you wish for here - while some of these privacy regulations
are, in spirit, the right path forward but the articles currently bashing
Facebook largely come from writers whose salaries are paid for by selling user
data without affirmative consent to anyone who's willing to pay. It's likely
that the publishing world won't be able to support the same number of writers
once of some of the ad-tech data pipelines are broken. It's also likely that
lots of people here and elsewhere who are currently complaining about privacy
are likely complicit in many ways. Salesforce? It's a tracking tool where a
lot of this sensitive data ends up. Oracle? Same (through their marketing
cloud). Verizon? It's also an ad-tech vendor. Random Fortune 500? They are
probably both selling/sharing whatever user data while their marketing teams
are busy acquiring data for their campaigns. Small technology consulting firm?
If you deal with lots of data, at least some of the data you're dealing was
harvested this way.

------
shmerl
So why should anyone trust him? People should use open source social networks
that can be audited.

~~~
fixermark
The most fascinating thing about human behavior is that in spite of what
people know, they still trust Facebook.

Hell, I've been a Facebook app developer. I'm deeply familiar with the breadth
and depth of information Facebook allowed an app to harvest ca. 2008 or so.

I still use FB multiple times a day because I don't care about my privacy vis-
a-vis the things I post there and that my friends post there.

~~~
shmerl
I do care, that's why I don't use FB. Problem in using it is the network
effect itself multiplied by the untrustworthy, closed and centralized
foundation. I.e. you don't just harm yourself by using it, you are harming
others by proliferating its use, because by using it, you are encouraging
others to use it too.

~~~
OrganicMSG
I've never used it. For some reason this makes some people extremely curious
as to my reasons and then very angry with me after I state them.

~~~
shmerl
Why angry? In my experience most understand the problem well, but feel too
dependent on FB to ditch it for good.

------
redleggedfrog
Okay, I guess I'm the contrarian here, but I'm not sure why any of this is
surprising, or even a problem.

Facebook users signed up for a free service that allows them to communicate
with other people in an enjoyable manner. Facebook even went so far as to make
it so enjoyable it's addictive. Free online crack. Facebook users, you're
having your fun.

What would you expect Facebook to do to finance all this? They're selling the
shit out of you. They sell you sideways to Sunday, then sell your Mom, too.

Why would you be upset, or even surprised? Facebook should be able to do
whatever they want with your data if you're gullible enough to use their free
service.

~~~
pwinnski
So-called "shadow profiles" are built for people who are not even Facebook
users.

I do not have a Facebook account, and yet my friends and family members have
been prompted to tag photos of me with my name.

I did not sign up for a free service. I am not a Facebook user, I'm not
"having my fun." And yet Facebook has collected enough of a profile on me to
recognize my face in photos and know who my friends and family are.

~~~
boobsbr
Is it a crime to hire a PI to tail someone and log their every move?

Online tracking is basically the same thing.

~~~
pwinnski
Depending on the state, I believe it can be. Many states have "stalking" laws
preventing just the sort of behavior Facebook engages in as part of their
business plan.

In most (or all?) states, PIs are licensed and also have limitations on what
they're allowed to do. There is currently no license for Facebook, nor any
limits that they recognize.

