
Facebook to ask everyone to accept being tracked so they can keep using it - phrygian
https://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-gdpr-latest-data-ad-tracking-opt-out-stop-ads-marketing-a8310031.html
======
panarky
_The screens will not give Facebook users the option to hit "decline."
Instead, they will guide users to either "accept and continue" or "manage data
setting."_

Also known as "Hobson's Choice": a free choice in which only one thing is
offered.

[https://en.wikipedia.org/wiki/Hobson%27s_choice](https://en.wikipedia.org/wiki/Hobson%27s_choice)

Naturally the vast majority will just click through and accept the defaults.

But what if a small number does not? Could Facebook see 6% or 4% or 2%
attrition because of this?

2% attrition of 2.2 billion users is like the entire population of California
and Oregon.

This many people leaving the network makes it a little less connected and a
little less valuable for the 98% who remain.

That's a lot of people wandering about, discovering new alternatives to
connect with their friends and family.

Facebook will be with us for a long time, but reducing their influence would
be a big net positive.

~~~
nkkollaw
I don't know if Facebook's influence hasn't been reduced already, and how many
users it actually has.

I still have an account for instance, but I log in only once/mo. and keep it
solely for the API keys.

My friends seem to be a little less active then 10 years ago, as well.

~~~
product50
Don't relate your experience to everyone else's. My friends are more active
than ever on FB today for instance.

Also, FB revenue and users are increasing - which indicates they are not
seeing any downturn like what you are talking about here.

~~~
wolco
More active? Really?

The number of facebook user accounts never goes down with new bots getting
accounts constantly but people activty logging in and sharing, posting or
caring is down.

~~~
product50
Yes - more active.

You are suffering from confirmation bias at this point. What data apart, apart
from your anecdotal experience, do you have which shows that sharing and
caring about FB post is down?

~~~
nkkollaw
You seem great at diagnosing why what we're saying doesn't make sense, but you
don't have anything to back whatever your point is.

Since we don't have access to Facebook logs and can't know how many times
people sign in and to what percentage are bots wandering around the site, we
can only talk about our impressions.

~~~
product50
They have public data which clearly states that their monthly active users and
earnings are trending positively.

------
lolc
I think a lot of lawyers are poring over provision 42 of GDPR these days:

"(42) Where processing is based on the data subject's consent, the controller
should be able to demonstrate that the data subject has given consent to the
processing operation. [...] For consent to be informed, the data subject
should be aware at least of the identity of the controller and the purposes of
the processing for which the personal data are intended. Consent should not be
regarded as freely given if the data subject has no genuine or free choice or
is unable to refuse or withdraw consent without detriment."

Are people free to leave Facebook?

Me, I need an account with Google for my job. Will they now only be allowed to
demand I consent to the parts of the data processing necessary to provide the
services I use? Or in other words, since I don't rely on their advertising,
does GDPR mandate that opt-in to tracking for ads must be optional?

~~~
garmaine
You can delete your account, yes.

~~~
lolc
I can't delete my account with Google without detriment.

~~~
eitally
Your employer will agree to their terms on your behalf, and if you are not
comfortable with either that process or the terms, you are welcome to
terminate your employment. This is no different from companies accepting
ToS/EULA from any other technology vendor.

FWIW, Google's commercial terms are not the same as consumer terms ... again,
like every other software vendor.

~~~
ben_w
> you are welcome to terminate your employment.

That fails the test:

> Consent should not be regarded as freely given if the data subject has no
> genuine or free choice or is unable to refuse or withdraw consent without
> detriment.

~~~
perl4ever
I suspect "genuine" and "free" are _terms of art_. Not to mention "detriment".
Reading it with common sense in mind may not be productive.

~~~
ben_w
While this is certainly possible, I would have to see a (legal dictionary?) to
change my mind.

Any links?

~~~
nkristoffersen
The words are probably defined within the document, not in the legal
dictionary.

------
epiapp
My adblocker detects approximately 44 trackers on that page, including one
from connect.facebook.net.

~~~
craftyguy
The article isn't "Independent to ask everyone to accept being tracked".

~~~
gowld
bottom of the page says:

> We use cookies to enhance your visit to our site and to bring you
> advertisements that might interest you. Read our Privacy and Cookie Policies
> to find out more.

~~~
vm
Ironically, the FB opt-in approach from the article is more privacy-forward
than the publisher's automatically implied consent...

------
_o_
This action directly violates GDPR, the consent is not freely given and as
such not valid. Trackwall is not acceptible, that's why "freely given" is
written in Article 7.4.

Bottom line, even if you give them consent in such forced manner, they will
pay the fine if they use the data. Not only that, I bet that in this moment
there is a lawyer preparing class action against FB for forcing the consent
(And they will win! After 25th of May, FB is breaking the EU law). Max Schrems
gave FB hard time before and I bet he is just waiting for new chance, this is
his site [https://noyb.eu/](https://noyb.eu/) , check it and check how many
donations he got. I am stockpiling myself with popcorns as this is going to be
fun to watch. I really thought that FB is going to be smarter, probably Zuck
got another of his tantrums and did another really stupid business mistake,
that will cost him a lot.

But, as FB user, please consider something else: Facebook is trying to
downplay your rights, which directly proves that don't care about you. Do you
really want to continue using such service? Do you really value yourself so
low that you are prepared to bend over?

~~~
_o_
Just to back it up, I have missed this in news, Max Schrems already tryed
(with class action of 25000 FB users), but had no legislation to back it up,
with GDPR he got the green light:

[https://www.politico.eu/article/facebook-ecj-european-
court-...](https://www.politico.eu/article/facebook-ecj-european-court-
justice-max-schrems-austria-lawsuit-classaction-privacy-data-protection-max-
schrems/)

"Europeans will in future be able to bring US-style class actions for
(alleged) privacy violations, instead of having to sue individually and
expensively. It’s thanks to a little-known clause of the EU’s GDPR, which
comes into force in May."

And maybe for non-EU users, don't complain about GDPR, back it up, you will
give your legislators a powerfull signal and you might also get the protection
of your fundamential human right.

------
johnny313
This does not discuss whether nonusers will be asked to opt-in. Curious how
GDPR will change tracking people w/out FB accounts.

~~~
downandout
You can already see it on many sites. They're basically just a more forceful
version of cookie notifications with language about third party tracking
thrown in that force you to say "OK" or tell you to leave. Here's an example:

[http://prntscr.com/j67usw](http://prntscr.com/j67usw)

FB, as with all third party trackers, isn't the one actually responsible for
notifying you about the use of their pixels etc. on third party sites. The
site operator using it is. See
[https://developers.facebook.com/docs/privacy](https://developers.facebook.com/docs/privacy)

~~~
maximente
this is fundamentally insufficient, though.

if there's a hosted image from a facebook domain (e.g. a like button), unless
that image is loaded after consent is given, facebook can already associate
that users' IP address with having visited that web site by nature of sending
the image over. in other words, facebook is tracking pre-consent (unless those
images are loaded post-hoc, which is just not happening in today's world)

as a result, it's fundamentally impossible to consent before visiting a
particular website, because there's no way to know what other domains will be
triggered by visiting that website.

the only way i've found to defeat this behavior is by using ublock's origin's
default deny policy which prevents all 3rd party domains from being accessed
by default. it's a bit of a usability pain as one often has to add e.g. stack
overflow's CDN to use its website "well", but does prevent visiting a website
which has an embedded image hosted on a FB domain from being loaded, which
defeats the more nefarious FB tracking.

[https://github.com/gorhill/uBlock/wiki/Dynamic-
filtering:-de...](https://github.com/gorhill/uBlock/wiki/Dynamic-
filtering:-default-deny)

~~~
downandout
Yeah, but that's easy enough to deal with. You simply don't load any third
party stuff (or allow them to see your content) until they click "OK". Some
simple javascript is all it takes to delay loading of everything not on the
current server.

So basically prior to serving any content, you do an IP check. If they are
from a GDPR country, you serve the delay loading script. If they aren't, you
just load as normal. Pretty straightforward. I don't think you'd want to do it
universally for all users, as you'd be at a competitive disadvantage to other
sites. But you can easily enough just do it for EU countries. The other option
is to just block them entirely if you have no need for EU traffic. Many sites
- US local businesses etc. have no use for EU traffic or the liability that
comes with it.

On a side note, with all the walled garden stuff that will be going on due to
GDPR, I'll be interested to see how badly the SERPs get fractured, since every
site will have a different scheme to require consent and not all of them will
have people behind them that are savvy enough to make it not ask Googlebot for
affirmative consent. This will put smaller businesses in the EU that don't
have the resources to hire someone to deal with these issues at a serious
disadvantage if they can no longer be indexed.

~~~
maximente
what you've suggested seems OK technically, but i feel like you're making an
assumption that originating source of traffic determines citizenship of the
user.

it could very well be that an EU citizen in Asia or the US is collected upon
given your algorithm. if that's the case, are you not in violation of GDPR?

but, at the risk of rabbit-holing, your suggestion would be a pretty
fundamental change to how the web works. in effect, you'd be moving toward a
splintered web, where content is basically region locked.

to be fair, i don't have anything else to offer here; it just doesn't seem so
easy to me.

~~~
downandout
_but, at the risk of rabbit-holing, your suggestion would be a pretty
fundamental change to how the web works. in effect, you 'd be moving toward a
splintered web, where content is basically region locked. _

I think you're spot on, but that was the danger of implementing heavy-handed
legislation like GDPR all along. I believe that EU citizens are going to find
themselves locked out of a whole world of content. But that's the world
they've chosen to create for themselves. Further, if the overwhelming support
that GDPR has on HN is representative of that of the entire EU population,
they welcome this newly splintered world and its consequences - both good and
bad (though I believe that this support is the product of the mistaken belief
that the world will simply play ball and be dictated to by the EU, rather than
the rest of the world simply taking their ball and going home).

~~~
freehunter
Hmm. I'm not sure about that. If Apple and Google won't pull out of China even
though China makes them do all sorts of business stuff they disagree with, I
highly doubt they (web companies) would pull out of the entire EU.

It would be absolutely incredible if Facebook et al "took their ball and went
home" throwing away _500 million customers_.

~~~
downandout
Of course not, because Apple, Google, Facebook et al have the resources to
spend millions on attorneys to implement the GDPR. My comment comes from the
perspective of an operator of several small sites that get a total of a few
million visitors per month combined. I'm not spending millions on attorneys,
and EU traffic is only incidental to my sites anyway, so I am indeed taking my
ball and going home.

This will make a difference for some users on some of the forums I run, as
they will be banned with an apology and an invitation to come back if they
ever move out of the EU. But it's not worth taking on the liability of
potentially millions of dollars in fines for accidental non-compliance with a
heavy handed, massively complex law that is up for different interpretations
in the courts of no less than 28 unique countries. Unless you're in the EU or
are a multi-billion dollar company with a large legal department, accepting EU
traffic post-GDPR is an act of insanity.

~~~
KozmoNau7
Are you hosted in Europe, and/or do you do business from the EU?

No? Don't bother instituting a stupid ban like that, then. And stop
scaremongering.

GDPR applies to _businesses_.

Besides, compliance isn't too bad for something like a forum. Just purge the
relevant user records and posts, if requested to or when a user deletes their
account.

Source: I am doing GDPR compliance on web applications for a major telco.

~~~
downandout
_GDPR applies to businesses._

I have a business. And yes, I have spoken to GSPR compliance people, so GDPR
has already cost me enough money. Compliance is a murky proposition at best,
since this law can be interpreted in different ways in 28 different countries
- all of whom will be looking for ways to maximize the fines they collect
under it from foreign companies.

Since you are in the GDPR compliance space, surely you know that it does apply
not just to businesses that are hosted in the EU or do business there. Rather,
anyone that knowingly accepts traffic/data from the EU is vulnerable to it.

~~~
KozmoNau7
And that's a _good_ thing. Privacy is a basic human right, and it's about time
we got some regulation of this area.

------
inetsee
I just added the "Facebook Container" extension to my Firefox browser. I am
hoping it will prevent most of Facebook's tracking, but I do know that it
probably won't block all the tracking.

~~~
jmngomes
Won't ublock [1] solve that by blocking that kind of scripts from loading?

[1] [https://www.ublock.org/](https://www.ublock.org/)

~~~
julioneander
I recommend Privacy Badger, sponsored by the EFF, which is supposed to block
trackers. I prefer it over Ghostery, which is backed by some company.

uBlock Origin is great for blocking Ads though. If you really need to block
scripts, there's NoScript.

I recommend using at least the adblocker and the tracker blocker, even if only
to reduce memory usage of the browser and take back a couple of CPU cycles
from your computer stolen by pesky ads.

~~~
MandieD
uBlock Origin + Privacy Badger are my combo of choice. They play nicely
together, and are easy enough to deal with that my non-web-savvy father-in-law
surfs comfortably with them. Privacy Badger's most glaring weakness is that it
takes a new install of the plugin awhile to learn that Facebook, fbcdn, etc
are up to no good, but once it catches on, it’s great.

~~~
redwall_hp
Privacy Badger is also based on AdBlock Plus's code, which is a weakness in
itself. The entire reason uBlock Origin exists is because of inefficiencies
with ABP that the author thought could be avoided.

I just check the privacy list options in uBlock Origin.

[https://github.com/gorhill/uBlock/wiki/uBlock-
vs.-ABP:-effic...](https://github.com/gorhill/uBlock/wiki/uBlock-
vs.-ABP:-efficiency-compared)

------
fuscy
Considering that Facebook makes its revenue from ads and that providing
relevant ads needs data and tracking, this move is not so bad.

Users that don’t accept the terms or use various tech to block this, would
receive misappropriated ads. Bad ads make companies lose revenue while
annoying the users with extremely irrelevant info.

This method should be extremely effective in removing false positives.

Personal observation: ads are never going to go away and I personally prefer
receiving ads about some local beer brand and not about lipstick or sake in
Japan.

~~~
Guest9812398
Why can't we simply choose relevant ad categories that we would prefer to see?
Why do the options need to be (i) see random advertisements that are likely
irrelevant, or (ii) allow us to track your every move, including your
location, each site you visit with the Facebook widget, your message and call
history, and your every click.

Or non-Facebook related, why can't my smart TV just let me choose PC Gaming,
Technology, and Concert advertisements as highest priority. I might actually
look forward to watching an Oculus or Vive advertisement, instead of putting
the TV on mute, or leaving the room when I see another health insurance
commercial for someone 60+.

~~~
SmellyGeekBoy
Why can't ads be relevant to the content of the page like they used to be in
the good old days?

As an example of stupid targeted ads: I bought a Casper mattress a couple of
months ago and pretty much every single ad I've seen since then (on devices
where I don't have them blocked) has been for mattresses. How many mattresses
does the internet think I need?

If I'm reading about something on the internet it's generally because I'm
interested in it. Why not try to sell me something related to that rather than
something I already bought!?

~~~
Guest9812398
I see these all the time too.

1\. I bought one of those spinning face brushes for my girlfriend. A few
minutes after purchasing online, I started seeing advertisements from that
same store, for the same exact brush. Literally 90% of the page views were
showing that advertisement.

2\. I was browsing Airbnb accommodation for a trip to let's say Mexico. I was
checking apartments on and off for weeks. I didn't see any Airbnb
advertisements during that time. The minute I book that accommodation, Airbnb
starts showing advertisements for rooms in Mexico.

3\. I'm browsing barbers in a new city. No advertisements until I book an
appointment with one online. Then, I start seeing advertisements for the same
barbershop. Now, that has potential, but the advertisements stopped after a
week. Why do I need to book a second hair appointment in the same week? Why
not recognize I booked a men's haircut, and start showing me ads in a few
weeks?

For all the tracking, privacy invasion, and fancy "machine learning",
advertising sure is dumb.

~~~
username223
Maybe it's optimizing for the wrong thing. Maybe the goal of targeted
advertising is to find the people who were about to buy something anyways,
shove an ad for it in front of them just in time, and take a cut[1]:

> Our results indicate that more sophisticated targeting algorithms might not
> gain, and might even harm, the advertiser as those seeing the ad would
> convert in the absence of advertising.

There are a bunch of ad-tech people on this site; maybe some of them could
chime in and share how many more sales they make using total surveillance
versus basic keyword-in-page.

[1]
[https://poseidon01.ssrn.com/delivery.php?ID=7020000840130690...](https://poseidon01.ssrn.com/delivery.php?ID=702000084013069010070108023069026065061037007020071061119066025014064121077101112101058020007125050109119004024119006119116008030071029038092100112009121006071007120062020054099017030090086016084011091006005014090089066121107124081027066026064068111112&EXT=pdf)

------
dingaling
Nicely juxtapositioned with the Independent's ad for their Facebook Bitcoin
group. Facebook groups really are the antithesis of the Internet, being closed
and unindexable.

Anyway perhaps these no-decline 'permission' screens will cause a few people
to reconsider their presence on Facebook. After all the company's Chief
Privacy Officer endorses it! “People can choose to not be on Facebook if they
want"

~~~
nathanaldensr
"Chief Privacy Officer" at a company that wouldn't exist were _real_ privacy
to be present in their products.

~~~
muro
Heh, funny. Unfortunately also nonsense. A CFO also exists and not because a
company doesn't handle finances responsibly. Or a CEO implies no engineering?

~~~
matrixagent
I think you misread. The implication was that Facebook would not exist with
real privacy in the product, not the role of CPO within Facebook.

~~~
nathanaldensr
Yes, this is correct. Thanks for clarifying.

------
femto
Australians may wish to refer it to the ACCC if Facebook offers them a "take
it or leave" choice. Even if the laws regarding unfair consumer contracts turn
out not to apply, it would be interesting to get the ACCC's formal response on
it.

[https://www.accc.gov.au/consumers/contracts-
agreements/unfai...](https://www.accc.gov.au/consumers/contracts-
agreements/unfair-contract-terms)

------
harry8
They track me. I don't accept it. I have no facebook account. They are crooks.

------
everyone
I'm a member of a facebook group for Irish game developers. Very good group,
pretty much the only reason I use fb. Though I am logged on all day as I dont
want to miss anything on it.

I tabled the idea of the group leaving fb for somewhere else, as now would be
the time people would be receptive to that idea.

The consensus was, nah, dont bother, this is fine... welp.

~~~
elliottcarlson
Unrelated to your post for the most part, but just to clarify for readers;
tabling an idea in American English is to postpone a decision (potentially
indefinitely), while in British English this is the exact opposite and means
that the idea is being presented for review at the current moment.

~~~
oddity
I've lived in America most of my life, but I've only ever heard (or assumed?)
the latter usage, which I assumed related to the phrase "is on the table". I
wonder what the origin of the former is.

edit: I suppose it comes from how optimistically/pessimistically you view
someone saying that a decision is on the table, I guess. Funny.

------
d6de964
Google already does this anytime I clear my cookies. Why would they allow
someone using the service if they didn't get something back?

~~~
xg15
Good question - though half of the internet has been built by pretending to
offer your service for free. So either we keep doing that or we have to admit
that our whole industry has been lying to their users.

~~~
harry8
The mental model for most people for so called free media is broadcast tv.

Yes there are ads. Yes I dislike those ads but they pay for the tv programming
and broadcast.

No, broadcast tv does not keep a massive dossier on me or even know I exist.

Almost nobody expected nor understood that they are now "free from having
privacy." It's not usual nor expected nor was it ever made clear. It was also
done where there was no consent (shadow profiles for people without facebook
accounts) and where consent was expressly withdrawn ("I now know what facebook
does and would like you to close my account and delete all data and all
backups of data relating to me"). Wildly evil stuff going on there, argue
about what the law "says" all you like it's foul and should be illegal. It
probably is illegal too if you haven't got billions to buy out of the problem.
Que the apologists...

There are plenty of other media consumption businesses paid by advertising
where you aren't being monitored in a manner the stasi could only dream of.
Free printed newspapers supported by advertising have been around my entire
life. This was the expectation.

Could facebook and google have grown if they had stated on their front page,
every login that they were keeping records of everywhere you went on the
internet? They wouldn't have got any traction whatsoever so they lied. Android
will keep track of everywhere you go physically and add that to our file on
you. Apple are better is just _such_ BS you have to be a huge fanboy to
swallow it.

Everyone concerned should be facing criminal charges for that kind of lying.
Trying to claim they didn't know they were lying at the time and it was a bait
and switch fraud instead.

------
FullMtlAlcoholc
Facebook was already on a decline as it was becoming the social media platform
for senior citizens.

I do wonder how this will affect Instagram, which is where most of my peers
and friends are.

------
merrywhether
Does the GDPR allow sites to have a “pay real money or subsidize your
experience through tracking” option?

------
paulie_a
Where is the "go fuck yourself mark zuckerberg" option

------
modzu
so whos tried mastodon?

