
It’s Time to Make Our Privacy Tools Easier to Find - dombili
https://newsroom.fb.com/news/2018/03/privacy-shortcuts/
======
kenbaylor
I wish they would give more clarity on what 'delete' means. Is it a) It's
deleted from your timeline etc or b) It is really deleted from Facebook's
servers

If it's a) then that's either a 'hidden' toggle which does not meet GDPR
needs. If it's a 'hidden' and do not process further, it is questionable
(unless a right to be forgotten is invoked).

Also if it's a) then everything is discoverable by someone with legal
authority, even years after you believe you have deleted it.

~~~
danso
As U.S. citizen, I'd be interested in hearing how the GDPR enforces an
_actual_ delete. I do think it's intentional that Facebook is so vague about
what "delete" means; in the given article, there is mention of _" delete your
Facebook data"_ and _" delete anything from your timeline or profile that you
no longer want on Facebook"_, but nothing about where the data is _deleted
from_.

You can try to argue that the author wants to keep things simple for a general
audience. Though a cynic would point out that one of the authors is FB's
deputy general counsel, the type of person who we would expect to be
incredibly precise and purposeful about wording.

I looked around on the FB support pages for more clarification and this is the
best I could find:

[https://www.facebook.com/help/224562897555674/](https://www.facebook.com/help/224562897555674/)

> _When you delete your account, people won 't be able to see it on Facebook.
> It may take up to 90 days from the beginning of the deletion process to
> delete all of the things you've posted, like your photos, status updates or
> other data stored in backup systems. While we are deleting this information,
> it is inaccessible to other people using Facebook._

Since it is talking about deleting backup/caches, I think it's reasonable to
interpret that they mean a complete wipeout. Though I assume there's no
_guarantee_ either -- i.e. if FB's deletion process "happens" to not wipe out
the cache or do a real wipe, how can we really confirm?

For a non-Facebook example, here's how Google talks about deletion of search
activity:

[https://support.google.com/accounts/answer/465](https://support.google.com/accounts/answer/465)

It explains that Google will retain the "meta" of your activity, and also says
that the meta will be removed if you delete your account:

 _" When you use Google products and services, we keep some data with your
Google Account, like when and how you use certain features. We keep this data
even if you delete activity or other items. For example, if you go to My
Activity and delete a search you did on Google, we'll still know that you did
a search, but not what you searched for. What you searched for will no longer
be stored with your account...We keep this data as long as it's relevant to
meet uses like those above. If you delete your account, we remove this data
from it._"

~~~
samschooler
In addition to that, that data derived from the data you supply (i.e. a
trained ML model on your preferences or face) aren't deleted even if they do
permanently delete data you've posted.

~~~
colemannugent
Whoa, I hadn't considered this at all. This opens a huge can of worms.

How could this even be enforced? If something like the GDPR gave you the
ability to request that your data be deleted, would that extend to learned
data?

In my opinion, there's no way they could make FB delete that kind of data. How
would you even know they had it? It's not like FB would throw out entire
trained models or attempt to retrain with everyone else's data, that would
never make economic sense.

Could someone with more knowledge of the current data protection laws comment
about how|if this is addressed? To me it seems like companies could just
process all your data into some derivative and then delete the original data
to stay compliant.

~~~
mateo411
I am not a lawyer, but I think that learned or aggregated data should be fine,
however hashed identifiable data is not OK. Identifiable data includes IP
addresses and mobile device ids.

------
danso
It's not clear from the text of the post, but I believe most of these
features/redesigns have yet to be released -- that is, they aren't in the most
recent iOS update, which was yesterday:

> _...we’re taking additional steps in the coming weeks to put people more in
> control of their privacy. Most of these updates have been in the works for
> some time, but the events of the past several days underscore their
> importance._

I guess it's confusing because these updates/steps are talked about in the
present tense, e.g. " _Some people want to delete things they’ve shared in the
past, while others are just curious about the information Facebook has. So
we’re introducing Access Your Information..._ "

Something like, _" Expect to see these updates in the coming weeks"_ would
have made things clearer.

~~~
patja
I just spent 5 minutes hunting for these new capabilities and figured it was
only a change made in the mobile app, which I never install. Figures. It will
be interesting to see how/if they surface this via browsers vs. apps

"It’s Time to Make Our Privacy Tools Easier to Find" (just not quite yet!)

------
natch
Anyone who has requested a copy of "your Facebook data" did the data you got
include a listing of which websites with embedded "Like" buttons you visited?

Presumably Facebook _has_ this data, for people who are logged in with the
same browser at the same time as they visit any page having a Like button. No
need to click the button.

The question is whether Facebook is keeping the existence of this data hidden
from people who request a copy of the data Facebook has on them.

~~~
411mrc
In 2016, there was a ruckus about Facebook collecting nonmembers viewing habit
across the internet, so the answer is yes for my case. As far as I know, as a
nonmember, I cannot access my shadow profile unless I join and give them yet
more data to invade my privacy.

Rather than live in George Orwell's nightmare, I have resorted to spending my
time blocking their tracking at the dns request level on my router for all my
devices. The great thing is you can block a bunch of other trackers and
spyware as well.

~~~
soared
There is a page for non-member data requests. (I can't access fb at work, but
there is a page for it)

~~~
411mrc
This is even more highly disturbing and problematic. How do I prove it's me?
How do they keep other people from impersonating my "shadow" and downloading
my data w/o my knowledge?

Face book needs to delete all nonmember data now. My solution is to block
everything they do via dns. I blocked 43 requests from my devices this morning
alone, and I stay as far away as I can, and yet they tried to access 43 times.

My next tactic is to spook them into thinking I moved to Europe and they risk
serious revenue loss if they continue data collection w/o opting in. I will
probably get a euro VPN once the law takes effect and see via dns if they
still collect.

------
web007
I find it somewhere between amusing and disingenuous that their call to action
doesn't link to the tools they are trying to promote.

The only links in the article body are to a post from Zuckerberg and to "Ad
preferences" \- nothing about how to get to the new-and-improved privacy
tools.

------
jonbarker
FB seems to be using these tools as an engagement hook, ie. find the users
they know are not engaged or lurking then lure them in with targeted emails
about face recognition and privacy features. They probably love all the
publicity as it gets people back in app to configure their privacy settings. I
also suspect that the privacy settings' backends are 'being figured out' and
users are just turning knobs that aren't connected to anything.

------
mistermann
"It's time to <blah blah blah dishonest projection of fake sincerity
bullsh*t>"

Whenever I read marketing sentences like this, I can remember sitting in
meetings deciding how we were going to lie, but discussing the topic using
words to make it seem even to ourselves that deceit wasn't our goal. I often
wonder what my life would be like if I'd happened to end up on some sort of a
blue collar path where I just did an honest day's work for an honest day's
pay, my guess is that I'd be much happier, and most likely better off
financially as well.

------
at-fates-hands
So glad I only used FB for a few years before deleting my account. I could see
this stuff coming from miles away.

It just never ends with FB though. I can't tell what's worse though. Them
continually telling their users they care about privacy and then going right
back to taking and using people's data for nefarious reasons; or the users who
continue to put up with it year after year, scandal after scandal and willing
give up their privacy.

~~~
onychomys
Unless that's a blackphone in your pocket[0], you're already giving up
enormous amounts of data to a giant megalithic company. If you're doing it for
one, is there really any harm in doing it for two?

[0]...I suppose I'm assuming here that somebody who has an account on HN has a
smartphone.

~~~
ineedasername
_" any harm in doing it for two?"_

Think of it like the prospect of having unprotected sex with a partner. One
potential partner has always been faithful, another has had a few slip ups, a
few betrayals. Do you see potential relationships with each a little
differently?

Of course, a valid followup question is, "Yeah, but has any data-hoovering
company in SV been faithful?"

------
mashedvikings
Aral Balkan has excellent things to say about charades such as "privacy on
facebook":
[https://www.youtube.com/watch?v=jh8supIUj6c#t=34m10s](https://www.youtube.com/watch?v=jh8supIUj6c#t=34m10s)

All in all, this is a great talk, I highly recommend you watch from start.

------
maxfurman
It's Time to Remind Users It's Your Own Fault

------
amelius
Facebook, if you're reading this, please give me a control that allows me to
automatically delete everything I do on Facebook except for the last N days
(where N can be freely chosen by the user).

~~~
visarga
> please give me a control ...

So you're prepared to believe FB will delete your personal data as promised,
right? This time, if they promise to play nice, it will be great? What I would
believe is a system where data is sent encrypted to the social network and
content filtering is happening locally at the end user - in other words,
something like the internet.

~~~
amelius
You're right, we can't trust them. But at least let me automatically delete
posts for my friends and the rest of the world.

------
kerng
I want a true data deletion feature, ideally via a configurable policy in my
profile (purge all data after x days,...)

------
llao
Oh, so it was us users who were too dumb to find them? Fuck you, fuck you for
this blame-shifting marketing speak.

------
slackstation
This is exactly the kind of mis-handling of situations that invites
regulation.

~~~
jacobush
One can dream

------
IAmEveryone
(2004)

------
mtgx
The irony is that this was built so Facebook can be more compliant with GDPR.

They hinted this January that they would release this soon:

> “We’re rolling out a new privacy center globally that will put the core
> privacy settings for Facebook in one place and make it much easier for
> people to manage their data,” Sandberg said at a Facebook event in Brussels
> on Tuesday.

[https://www.reuters.com/article/us-facebook-sandberg-
privacy...](https://www.reuters.com/article/us-facebook-sandberg-
privacy/facebook-to-hand-privacy-controls-to-users-ahead-of-eu-law-
idUSKBN1FC1Q6)

So I guess the takeaway here is that privacy regulation works?

I also just love how they put it in their post:

> _People have also told us that information about privacy, security, and ads
> should be much easier to find._

Really, Facebook? People have just told you that? Are you freaking kidding me?
People have been telling you that for a god damn _decade_. But you _chose_ to
ignore it, because you didn't care - until this major scandal was created that
_forced_ you to do this. It wasn't because "people told you" and as a company
that "always listens to its users" (ha! good one), you decided to actually do
that. Come on.

Facebook's tone throughout this entire scandal has been nothing but
condescending. And yes, they really do think we're all idiots (as proven by
how they responded on every other past screw-up and how they typically come
out and lie about it):

[https://mondaynote.com/mark-zuckerberg-thinks-were-
idiots-63...](https://mondaynote.com/mark-zuckerberg-thinks-were-
idiots-638c64dfab12)

Remember how they outright _lied_ about the datr cookie being a "bug" for
_years_ , until they finally admitted in a Brussels court that the cookie has
always been there _on purpose_ , but as a "security feature" (another lie) ? I
do:

[https://www.propublica.org/article/its-complicated-
facebooks...](https://www.propublica.org/article/its-complicated-facebooks-
history-of-tracking-you)

Facebook's leadership is full of pathological liars, and they're always
looking for another "angle" to get out of the latest scandal and come out
ahead. Like how Zuckerberg put out full page ads with his "message" in
multiple UK papers, so he doesn't have to go and testify before the committee.
Despicable people. I used to think Uber was alone in its own class of evil
companies, but Facebook is starting to fit the very same class of companies.

------
jacobush
Oh, we not only have free speech corners, we can have privacy corners now.
Thanks, FB!

Make the dissidents tag themselves as such.

------
chasing
Unless this post was written in 2010, it's too little, too late.

------
feelin_googley
"Today Facebook finally started to roll out a new set of privacy controls.
These tools, many months in the making, are designed to help simplify the
site's notoriously confusing privacy options. But alongside them Facebook is
also rolling out a "Transition Tool" that promotes Everyone updates as the
_new default_. In other words, Facebook is giving up its reputation as a
`private' social network - _where the default is to restrict access to
everything that is shared_ \- in favor of something that can challenge Twitter
head on."

...

"If you delete "everyone" content that you posted on Facebook, we will remove
it from your Facebook profile, but have _no control over its use outside of
Facebook_."

Source: [https://beta.techcrunch.com/2009/12/09/facebook-
privacy/](https://beta.techcrunch.com/2009/12/09/facebook-privacy/)

------
Mc_Big_G
Too little too late FB. You knew exactly what you were doing when you made
them difficult to find in the first place. Now you're sorry because everyone
realized it? Get bent. Delete your FB/Whatsapp/Instagram/whatever owned by FB.
It's the only fair response.

