
Facebook showed me my data is everywhere and I have absolute no control over it - hhs
https://www.buzzfeednews.com/article/katienotopoulos/facebook-advertisers-data-brokers-car-dealerships
======
kristianc
> These advertisers are running ads using a contact list they or their partner
> uploaded that includes info about you. This info was collected by the
> advertiser or their partner. Typically this information is your email
> address or phone number.

Newsflash, BuzzFeed's ad networks onboard and sync information about their
readers in exactly the same way. Do people think that BF loads Quantcast,
Scorecard Research etc onto their site for the good of their health?

That's not to mention the viral quizzes and other data gathering exercises
that BuzzFeed invented and sold as a product.

I have no idea why people don't call BS on news orgs that run 'exposes' on
Facebook's ad targeting, when they target, track and follow their readers in
exactly the same way.

~~~
reaperducer
_I have no idea why people don 't call BS on news orgs that run 'exposes' on
Facebook's ad targeting, when they target, track and follow their readers in
exactly the same way._

Three reasons:

1\. In most responsible news organizations, there is a significant firewall
between advertising and news. In two places I worked, the sales people weren't
even allowed to go into the newsroom.

2\. News organizations are not IT departments. A reporter is not involved in
how a web site is built, or what goes on behind the scenes. There are
different people in different departments for that.

3\. Just because a newspaper does something bad with its web site does not
make what happens at Facebook/Google/etc... any less bad. SV needs to get over
the whole "But Bobby jumped off the bridge, too!" mentality.

~~~
djohnston
yes it does. you don't get to criticize someone for an action while performing
the exact same action and expect your argument to have a shred of credibility

~~~
clucas
No it doesn't. The argument speaks for itself. If I murder someone in cold
blood, then get up the next morning and call a press conference saying "Murder
is wrong! We need to put a stop to murder!" no one would chime in and say "No
way, murder is perfectly fine, you just did it last night!"

Call the news orgs out for doing the same reprehensible activity, yes. But
let's judge the arguments about which activities are reprehensible on their
own merits.

~~~
kostogher
Your analogy only makes sense if Buzzfeed stopped using the same practices. If
you continue to murder people while shouting "murder is bad" then you might be
correct but you're still a hypocrite.

~~~
roywiggins
Yes, but the more important thing is that murder is wrong, not that someone's
a hypocrite. Hypocrisy is the most minor of malfeasances.

A smoker who writes a column that smoking is bad is still doing good writing.

~~~
zwkrt
This argument is very common against people with fringe political beliefs. "If
you don't believe in property rights, why do you have a car?"

~~~
Aunche
That's different. If you don't believe in property rights, you think that the
law is fundamentally broken, not that any individual who owns property is
evil. This article is basically doing the latter, which is why it's difficult
to take seriously.

------
bluetidepro
FWIW, I wrote a little script back in Feb that you can use in the console on
that Facebook advertisers page to auto click "remove" on them all for you.

Here is the github gist:
[https://gist.github.com/bluetidepro/bfa60c1d63925180daf3dd53...](https://gist.github.com/bluetidepro/bfa60c1d63925180daf3dd53e5ff48ea)

I run it about every month, and it's crazy how many get added in that time
span. There is literally thousands and thousands from brands/companies/etc.
that I've never heard of it. It's insane.

~~~
john-radio
Nice job. It looks like Facebook Purity has this built in also.

------
bbulkow
The author keeps saying 'my data' when the data isn't theirs. The fact that
they interacted with a party, that interaction, and who you are, is thier
data.

This isn't a theoretical nit pick, this is the law. And it makes sense. If you
and i have a conversation, i am free to tell someone else about that
conversation, because i was part of it. That is my data, as it is also theirs.

In casual use, if we agree not to tell anyone, that is different, but the
default is both parties own it.

This the simple minded use of 'my data' really wrecks what could be a rather
interesting ( but not surprising ) piece.

~~~
cbsmith
> This isn't a theoretical nit pick, this is the law.

Of course, the law is changing... and in fact, under a lot of laws, it really
_is_ "my data".

Much like intellectual property, these laws were established for a particular
context, and we've long since moved past that context, raising reasonable
questions as to whether those laws are really a good idea.

> And it makes sense. If you and i have a conversation, i am free to tell
> someone else about that conversation, because i was part of it. That is my
> data, as it is also theirs.

Are you entitled to a DNA sample from some skin cells that floated in the air
while you were having said conversation? Does that conversation entitle you to
know of every other place that person goes that day? Are you entitled to share
a full recording of that conversation with anyone you'd like?

The lowered price of collecting, aggregating & exchanging information changes
the context under which the existing laws were made, raising questions about
whether we wish to alter those laws.

~~~
tokyodude
> Are you entitled to a DNA sample from some skin cells that floated in the
> air while you were having said conversation?

Yes. Why wouldn't I be. Those DNA are in my body. They might be infecting me
in some way. Why would I not be able to inspect them however I want?

> Does that conversation entitle you to know of every other place that person
> goes that day?

If I'm with them the entire time then yes. If other mutual friends were with
them I'm fully entitled to ask them and they are fully entitled to answer.

I went to Disneyland with my sister yesterday. I just shared with you that my
sister was at Disneyland yesterday. My mom told me she and my sister went to
dinner at McDonalds on the east exit of Disneyland after they got out. I just
shared with you something my mother told me about my sister. I have broken no
laws nor done anything considered wrong AFAIK in any country in the history of
the world up to this point.

> Are you entitled to share a full recording of that conversation with anyone
> you'd like?

Personally I believe the answer is effectively yes and should be yes though I
understand it might legally be no in certain places at the moment I believe
those laws will eventually be overturned. Why do I hold this position? Because
my brain recorded the conversation. So, first off if I have good memory I can
dictate the conversation. Second, if I can make a machine to pull that data
out of my brain it doesn't feel like the law can tell me I can't. It's my
brain and my memory. Further, it's arguably we will enhance brains digitally
at some point. First for people with brain disability. At that time it will be
trivial for them to digitally extract their memories and being their memories
again the law should have no say. In other words, tech will eventually make
this question moot. Conversations will be recorded and just like I can tell
you that while at Disneyland yesterday my sister said she was going to Hawaii
in June (I just shared a lo-fi recording of that conversation with you)
eventually I'll be able to do that with hi-fidelity.

Let me add I'm a little scared of such a world but I personally see it as
inevitable. I believe digitally augmenting brains is inevitable and I believe
telling people what they can do with their personal memories and who they can
share them with is impossible/untenable so that world will come eventually.

Let me add though that I'm not against laws that say such data can not be
collected in mass quantities. I have no idea how to word those laws so as it's
possible for me to share all the data mentioned above with whoever I choose
and yet not allow FB to do the same and also still allow services to help me
share that data with who I choose to share it just like HN just facilitated me
sharing info about my sister with you above.

~~~
mafuy
Regarding "records of conversation": The difference is that when you tell a
memory, it is not proof of it actually happening. If I claim "Hubert said he
stole a car", it is far less relevant to anyone interested than an audio
recording of him saying "I stole a car".

------
p49k
_These advertisers are running ads using a contact list they or their partner
uploaded that includes info about you. This info was collected by the
advertiser or their partner. Typically this information is your email address
or phone number._

I like how they purposely give a couple examples, omitting the targeting
factors that are more likely to freak people out, such as targeting by lists
of names and dates of birth

~~~
Declanomous
On top of that, it's absurd that someone can add my phone number to their
advertising platform to get my name. Unlike email addresses, phone numbers are
rather finite, and the number itself is tied to a particular geographical area
(for the most part).

On a related note, Facebook makes it so difficult to unlike things, unfriend
people, and opt-out of information from individual advertisers. It's obviously
hostile design aimed at making it as hard as possible to reduce your
advertising value to them.

What Facebook is doing might not be illegal, but I think what they are doing
is more unethical than many felonies. The people in charge of these decisions
are getting wealthy from them, and they are never going to face consequences
for their actions, which is a real shame.

~~~
qnsi
Do they get your name? Still I hate it when all sites ask for phone to confirm
my account and then use it to target me.

I use different e-mail for FB and everyday use, yet still there are a lot of
companies that target me

~~~
mic47
This works as contact matching: they provide list of contacts and FB show to
those people ads, so advertiser will not gain access to your personal data.

------
fixermark
It's always interesting to me the number of people who come out on HN to
advocate vociferously for ownership of their private data, given that HN
doesn't even let you delete your account ;)

[https://jacquesmattheij.com/the-unofficial-hn-
faq/#deleteacc...](https://jacquesmattheij.com/the-unofficial-hn-
faq/#deleteaccount)

~~~
Sir_Substance
I can't speak for anyone else, but when I signed up to HN I made the naive
mistake of assuming that of course a pure tech website would be implemented
correctly.

I was surprised and disappointing when I found out it didn't support deletion,
but I'm kind of stuck now. Maybe one day I'll scramble my password and never
come back, that's about the closest I can get to a deletion I guess. I check
all new websites more carefully these days.

~~~
Ndymium
True account deletion was one of the first features I implemented into my web
service. I don't think any non-government site that doesn't offer it has a
valid excuse. For example with npmjs.com you have to contact their customer
support to delete your account, that's just bad UX.

------
apeace
The Cambridge Analytica scandal was super interesting to me because it
reflected an entirely standard and unremarkable data-collection process that
I'd seen several times. And yet it filled international headlines. Congress
was interested.

It's easy to do. You create some app that has "login with Facebook". That's
great for users, right? One less password for them to remember. Then as soon
as they log in you make a quick call to the Facebook API, get all their
friends, and dump it in some database table.

Even if only a few people log in to your app, you can get a database of
thousands of real people.

I don't work for that type of company anymore, but I've been many places where
that was bog standard, the very first code you write for a new product.

Does anyone know if the Facebook API has changed now?

~~~
hallman76
Tangent: This is a side-effect to how Facebook exposes Facebook ids. They
expose system-wide identifiers. LinkedIn's API exposes user ids that are
transformed based on whoever is interacting with the API. My network graph
could overlap with your network graph, but the overlapping people would have
different ids.

~~~
pushtheenvelope
this has been changed for facebook to use app-specific IDs for many years now

------
kevin_thibedeau
Absolutely no control?

Don't use social media and lock down your browser to limit fingerprinting.
Your remaining big threats are phone apps and traditional data brokers
profiling your credit card usage. Cut out all unnecessary apps, block
everything else with a firewall and pay cash. You will then be far more opaque
to the private surveillance apparatus than most first-worlders.

~~~
dzek69
I'm rarely using Facebook. I have an account, even some photos, but that's it.
I may scroll the wall from time to time, usually readings arists posts and
stuff, as my friends are just like me - not posting anything about them
anyway.

I'm a heavy user of privacy extensions. Currently using uBlock Origin +
uMatrix. Most sites I run can't store anything (like cookies) or has access to
scripting. I'm having an unique e-mail address for every service I register to
(thanks to catch-all on own domain).

The above are available to everyone.

Additionally, I'm manually fixing broken websites, that can work without JS
but refuses to - this however requires some skills.

When I really want to see the website that refuses to work with all these
protections - I'm opening it in incognito session.

Result: On my accounts (both fake and real) these Facebook advertisers lists
are empty. The only list that's not empty is advertisers I decided I don't
want to see ads from.

Of course I know this doesn't mean I'm anonymous and nobody knows anything
about me. A lot of services know. These protections listed above aren't the
silver bullet. They can still track me, they just won't tell me everything.
Most of my data are stored with Google. I let them store my location history
(they probably would do it anyway). They know all my searches. They know my
entertaiment interests (Youtube history, likes, dislikes).

Well... You can track me too. I'm not using unique nicknames usually. You can
find my contact info on the internet, on my website and other places. You can
find my home address. You can know where I work.

But these were my choice. But I still have to remember I can't take that back,
"Internet won't forget".

So yeah. You have the control. Just stop giving yourself away, protect
yourself from automation. Share yourself with people offline. That's all.

------
PopeDotNinja
One thing I don't quite understand is why Facebook's data about me is my data?
In my opinion, it's not. I've never put a single thing on Facebook with the
expectation that I'd own it or control it.

~~~
vmateixeira
You know that Facebook still collects information about you, even though you
may not even have an account, right?

[1] [http://fortune.com/2018/04/11/mark-zuckerberg-facebook-
data-...](http://fortune.com/2018/04/11/mark-zuckerberg-facebook-data-
testimony/)

[2] [https://newsroom.fb.com/news/2018/04/data-off-
facebook/](https://newsroom.fb.com/news/2018/04/data-off-facebook/)

[3] [https://www.wsj.com/articles/you-give-apps-sensitive-
persona...](https://www.wsj.com/articles/you-give-apps-sensitive-personal-
information-then-they-tell-facebook-11550851636)

~~~
PopeDotNinja
I understand what you're saying, and you're not wrong. I just find the concept
of data about me being "my data" to be strange. If someone takes a picture of
me, it's their picture. If I use your website, and you collect information
about me, it's your information. Maybe I just don't care what you know about
me. I know the REALLY good stuff about me, and I ain't sharin' that with
anyone!

~~~
2_listerine_pls
It's not your data, but it's data about you and it better be under your
control. Your data might be used to target your with information in order to
change your political views, to increase your insurance pricing, to decline a
loan, etc...

~~~
astura
Why should it be "under my control?" This is not how I understand the world to
work.

If I get caught, say, drinking and driving then I don't get to control if
newspapers, courts, police, etc, share it with others. If I go to a party and
take a shit on the floor I don't get to dictate what the other party
attendants do with that information. I don't get to demand they don't take
that information into account when deciding to invite me to another party.

Also, insurance companies and loan companies don't use Facebook data (nor are
they legally allowed to).

------
austinheap
Acxiom opt-out:
[https://isapps.acxiom.com/optout/optout.aspx](https://isapps.acxiom.com/optout/optout.aspx)

Oracle opt-out:
[https://datacloudoptout.oracle.com/optout/](https://datacloudoptout.oracle.com/optout/)

------
malvosenior
I find it amazing that although my list of advertisers is super long, not a
single company on there provides a service that's remotely relevant to me or
sells something that I would ever buy.

In fact, I've _never_ clicked on an ad on Facebook. Not because I hate ads
(I'm ambivalent about them) but because I've never seen anything relevant.

For all of the hype around how persuasive Facebook advertising is supposed to
be, to me their ads and personalization are no better than random noise.

~~~
ocdtrekkie
I found some interesting points in the list. Bear in mind these are
advertisers who got your info outside of Facebook. So while car dealerships
are fairly prevalent across the board, I found most of them in my list were
dealerships from the brand of car I own. Clearly somewhere along the line of
purchasing my car, my email address got associated with "people who buy that
kind of car", though I found it odd so many dealerships not in my local area
were on the list.

------
beders
The usage of Facebook is free. You uploaded your data voluntarily.

How do people think Facebook pays for running its service?!? Of course you are
the product.

~~~
nukeop
But Facebook also tracks people who do not have accounts, and people who pay
for services. No way out.

~~~
alexkavon
This isn't entirely true. There is a way out. Media outlets who publish things
like "Facebook Showed Me My Data Is Everywhere And I Have Absolutely No
Control Over It" could also remove the Facebook scripts and widgets from their
sites and write articles to the effect that it's a good decision. The way out
of it is to stop with trying to shock people with the fact that they're being
tracked and start taking proactive measures to prevent it in the future.

There's some logical fallacy at play when people truly believe that Facebook
is the sole perpetrator of this issue.

~~~
throwaway2048
The logical fallacy is your own, nobody in the article, or the comments
believes Facebook is the only party doing this.

~~~
alexkavon
No you misread.

> that Facebook is the sole perpetrator of this issue

Perpetrator. I'm saying we should hold the organizations publishing articles
about this kind of stuff accountable as well. They use Facebook tools (like
buttons, share buttons, login integration, etc) and encourage use of Facebook
to interact with their articles. This is how Facebook sips up and tracks a
good portion of the web. The orgs publishing these articles are also
perpetrators.

> The logical fallacy is your own, nobody in the article, or the comments
> believes Facebook is the only party doing this.

I'm not proposing there's a narrative convincing society that Facebook is the
ONLY organization tracking us, that's just silly. I'm saying there's a
narrative that is similar to "tracking people is so shocking we just don't
know what to do!"

Today it's Facebook, tomorrow the article will be about Google, Microsoft, or
maybe Amazon. Can you believe no one's going to budge a muscle about it?

------
_hao
I'm curious if I delete (I mean real delete, not disabling) my FB account, do
they keep it as a ghost profile of me i.e. Facebook still knows that I exist
as a person in the world? I've been thinking about just getting rid of it, not
that I use it a lot, but still... One less thing to worry about and less
clutter in my life.

The downside to this is that FB is my only channel of communication with some
people, but then again if they truly want to contact me they can find a way to
do so, although that's going to increase their inconvenience and they might
decide against contacting me at all haha.

~~~
username223
They probably don't delete your profile, but keep it with a "deleted" flag.
I'd still recommend getting rid of it. It reduces the noise in your life, and
while you will lose touch with a few people, most of the ones who matter will
email you.

~~~
CharlesColeman
> They probably don't delete your profile, but keep it with a "deleted" flag.

I don't like Facebook, but I'm not so sure about that. I read one article a
month or so back where someone paid attention to the targeted ads they were
shown after they'd deleted their facebook account. After a few weeks, the
targeting got _much_ worse.

------
Yhippa
Mildly ironic since this site uses tracking ads that were blinking in and out
of existence all over the page as I was scrolling down the article. I had to
stop reading because it was so annoying.

------
brudgers
Does anyone know if there is equivalent transparency for my Google account?

~~~
nukeop
There's a section where you can download all the data Google has on you.

~~~
dredmorbius
Specifically:
[https://takeout.google.com/settings/takeout/](https://takeout.google.com/settings/takeout/)

------
geekamongus
On that Advertisers settings page, it is really lame you cannot click through
the list of advertisers in one fell swoop, disabling ads from all of them at
once. There is no "select all."

No, you have to click the X in the corner of each one, then click View More
after every 12 you have disabled. I got through about 140 before giving up.

I think this was intentional.

------
maxxxxx
I wonder how it would be technically feasible to instead of copying data to
other parties to just grant them access for a limited time and being able to
revoke that access. This would be perfect for a lot of data sharing but I
guess there is no way to prevent copying of digital data once somebody can
read it.

------
Lowkeyloki
If your data (or at least data about you) is everywhere, there's only one
thing left to do. You'll have to engage in a misinformation campaign about
yourself. Send advertisers so much conflicting information about yourself that
they can't distinguish the signal from the noise. That way they won't be able
to target you.

This may sound ludicrous, but there actually is a browser plugin out there (I
don't have a link handy, unfortunately) that confounds meaningful tracking
efforts by clicking on each and every ad on every page you view. The pages the
ads link to aren't actually displayed to you.

Like I said, it's a crazy tactic but it makes perfect sense. Overwhelm them
with data.

Google strongly opposes it, by the way. So it must be on the right track.

~~~
InternetUser
I think it can be gone quite a lot more simply: Register on each service with
a different first and last name and birthdate, linked to a throwaway email
address with its own different name and birthdate. Then register on another
service with another, and so on. I'm a white American guy, yet because I've
watched some Spanish pop videos and used Google Translate for Spanish
translations (and done other things, not as part of a concerted
mis/disinformation campaign), my Android phone believes I'm a Latin woman, and
I even get a mixture of Spanish and English ads and pre-roll commercials on
YouTube videos, and some of the ads are for women's clothing and makeup.

------
corebit
Because it's not your data. Just because something describes you, doesn't make
it yours.

~~~
svachalek
"Yours" and "not yours" is a really primitive way to look at the problem.
Every camera that you have passed in front of has your image, and we more or
less accept that if it's in a public place that's OK. But that doesn't mean
someone can take that image and put it in a national television campaign for
their product. There are shades of ownership.

~~~
corebit
I agree, ownership is a poor way to look at it. In fact, there is a rich body
of property and tort law that address this whole subject in vast detail and
has identified a large set of principles and criteria that can and is applied.

------
tluyben2
What I never understood, when I still used FB, they knew everything about me
and yet I have not once been presented by ads I was even mildly interested in
while on Google it is always spot on... Not sure how they can be so bad to get
0 clicks from me while having all that info. It is like this person: getting
car and mortgage ads while fb knows i could not care less about either.
Getting rich quick packages, again I do not care about as far as they can see
from comments etc. Flights to Thailand for next week while they know I am
currently _in_ Thailand. It is the worst targetting I have seen: not unlike
the ads of the late 90s.

------
fixermark
If that headline accurately describes the situation, in what sense of the
words is it "my data" instead of "data about me?"

------
makecheck
Data retention and sharing should be illegal because it’s like a dam bursting
when any actor, anywhere, lets your data out.

You could literally do everything right for _decades_ as far as safeguarding
your data, and then _one_ slip-up could leak it ALL and let services connect
you to ALL the other information about you.

------
rogerdickey
Then leave Facebook?

------
quest88
Just like your credit report and score, and that's probably more meaningful.

------
YoyoyoPCP
At what point does the end user feel accountability for giving a free service
all of their information? I get that they employ various unsavory tactics
(especially on mobile), but remember that this _is_ the Internet after all.

------
seoguru
reminds me of this fascinating video about how buzzfeed is playing the system
perfectly:

Capitalism, Cultural Disintegration, and Buzzfeed
[https://www.youtube.com/watch?v=9srhgHzUFd4](https://www.youtube.com/watch?v=9srhgHzUFd4)

------
NightlyDev
The garbage site this content is on is made by idiots. First I get one pop-up,
and as I'm about to cross it out another pop-up appears on top of it with the
accept button at the same position so that I accidentally press accept.

Stop with the fucking pop-ups if you don't know how to do it!

~~~
daphneokeefe
This is why many of us use ad blockers.

------
Causality1
You work for an online magazine and you weren't aware of this? If you're not
the customer you are the product.

