
Facebook Is Not the Internet's Only Privacy Villain - searchencrypt
https://choosetoencrypt.com/news/facebook-is-not-internets-privacy-villain/
======
Sir_Cmpwn
Companies choosetoencrypt.com sends information to by embedding them in this
page:

\- Facebook

\- LinkedIn

\- Twitter

\- Google

~~~
sheetjs
Is it technically possible to add an image/link like "Find us on Twitter"
without embedding anything that ultimately requests a Twitter-hosted asset?

~~~
Sir_Cmpwn
Yes, you can. But if your message is that social media networks are "privacy
villians" then you shouldn't have a Twitter or a link to it in the first
place.

~~~
confounded
Good point, but for people that will have a link anyway, it at least makes
service-use consensual.

------
notacoward
Many of us, as software developers, are taught to solve general problems
instead of specific instances whenever we can. That's what I see as wrong with
99% of the commentary about this recently. Sure, there might be a bug in
Facebook. Maybe it's a serious bug, and it really needs to be fixed. But it's
a bug that manifests in many other places too. It's even possible that
Facebook is neither the first nor the worst. Facebook doesn't have
"assistants" that listen to your every word like Google and Amazon and Apple
do. It doesn't have all of your email, or your entire search history, or the
very OS on a device you have with you all the time. But I digress.

The real point is that targeting any "fix" too narrowly toward Facebook, or
Google, or any one party doesn't fix it for the others. It might even distract
from or interfere with development of a more general solution. But that's
exactly the path a lot of people seem to be going. By all means, criticize
Facebook if you think they've done something wrong, but _don 't stop there_.
Make sure you understand the full scope of the problem, and the options for
addressing it _in a general way_ , and the benefits or drawbacks of each
approach. Progress doesn't come from everyone saying "me too" on a bug report.
It comes from people talking about and then implementing ideas to make the bug
stop happening _anywhere_. I've seen precious little of that.

~~~
virgilp
Ugh. I hate these sorts of arguments. "ha! you're outraged? Maybe you're not
outraged enough! You do something? Do more, you're not doing enough!". If you
tell people "if you stop wasting water you don't solve global warming!" it
typically won't entice them to do more; most people will hear "I might as well
waste the water, my efforts are meaningless anyway".

> But I digress.

Yes you do. Starting with all that makes the reader feel that "they're not
even the worst offenders, Google/Apple/Amazon is probably worse". Which may be
true but you present no proof for that and it's not even something that you
needed to argue.

> By all means, criticize Facebook if you think they've done something wrong,
> but don't stop there. Make sure you understand the full scope of the problem

Or stop there if you wish - it's still something. It's certainly better than
thinking "I don't have time to understand the full scope, so I'll let others
do the criticism".

> I've seen precious little of that.

Well, lead the way. Show us how to do it. Help us understand the full scope of
the problem and address it in a general way. Don't just chide people for
criticising Facebook.

~~~
JimmyAustin
I don't think he is arguing for more or less outrage, he just wants it
directed better. I'd argue that picking out one offender and focusing on them
is in some ways _worse_ then focusing on the entire issue.

Facebook being slapped with a massive fine/being broken up might not do a lot
to stop the general trading and exchange of users data online, but its enough
to get the politicians to say "job done" and move onto the next issue. We need
to focus on fixing the issues that allowed the FB/CA scandal to occur, instead
of just focusing on the symptom.

~~~
virgilp
> Facebook being slapped with a massive fine/being broken up might not do a
> lot to stop the general trading and exchange of users data online,

Or it might; the other companies are watching, and precedents do matter.

I honestly don't see how bringing Google/Amazon/Apple into this won't do more
harm than good. In fact, if I were Zuckerberg, that's exactly how I would try
to mitigate the issue for Facebook.

------
weinzierl
I have nothing against Amazon and I had been a happy customer, but when I
ponder which company has the most valuable information about me, it's Amazon -
by far.

When it comes to Facebook (or other social media companies) it's all about
self-portrayal and in the end we have control which information we provide. To
some degree at least.

Amazon on the other hand has direct unfiltered buying behaviour data. Isn't
this advertiser heaven?

~~~
Xeoncross
Amazon doesn't have a million photos of me, hourly location data, and lots of
other things freely provided by my "friend" network.

I'm glad there are no friends on Amazon.

~~~
weinzierl
> Amazon doesn't have a million photos of me,

Yes, but what good are they to make you buy stuff or otherwise spend money?

> hourly location data,

Location data is a commodity nowadays, if Amazon want's your locations data,
it can have it.

> and lots of other things freely

Your messages, which are probably much more useful than your photos and your
location, but what else?

My point is that Amazon's data is much more valuable, but I'm neither in
advertising nor data brokerage so I might as well be wrong.

~~~
user404d
You're assuming that targeting people's finances is the best way to leverage
the data collected. In Facebook's case, they are using it to literally assert
influence over masses of people. When other groups get access to that same
data, then they too can use that data to assert influence because that's
literally what the platform has been developed into (not implying this was
Facebook's intent all along).

I think these groups targeting your pocket book may have the most immediate
effect on your person -- however -- I don't think it's the scariest or most
malicious outcome.

~~~
weinzierl
That's a good point, actually.

------
mikehollinger
Databrokers enable this - take a look at something like Acxiom's developer
APIs.[1] You'll find that they have some quite interesting stuff, like whether
someone's interested in gambling.[2] Facebook partners with these folks (as do
many others) to enable them to build this aggregated database.

Interestingly, you can log in and see your own profile there. I did that a few
years ago, and introduced subtle errors into it (e.g. I changed my car to a
different brand of car, and the "extended warranty services" robocalls around
a year later started calling about my nonexistent vehicle).

[1] [https://developer.myacxiom.com/code/api/data-
bundles/main](https://developer.myacxiom.com/code/api/data-bundles/main)

[2] [https://developer.myacxiom.com/code/api/data-
bundles/bundle/...](https://developer.myacxiom.com/code/api/data-
bundles/bundle/gambling)

~~~
m0ngr31
How do you see your own profile?

~~~
mikehollinger
Register at [http://aboutthedata.com](http://aboutthedata.com) to gain access
to your profile.

------
ariwilson
FYI: this article & website are plugs for the owner's "private" search engine:

[https://www.searchencrypt.com/](https://www.searchencrypt.com/)

which seems to be heavily ad-laden (e.g. searching for "free" gets you ads,
which it doesn't on Google).

------
juststeve
Spotify reserves the right to sell your details/listening habits when their
terms of use changed... (ie genres of music you like, the types of musicians
etc)

Is this facebook data being funneled back to the record labels and their
parent companies to sell advertising? my research says its likely, this feels
similar to the CA situation, just not as political..?

~~~
searchencrypt
If you use Facebook to login to Spotify then that information is definitely
available. The information doesn't even need to be sold to the record labels.
If the labels then use Facebook ads, the targeting can be as specific as
someone who likes a particular band or song.

The fact that people use Facebook to login to EVERYTHING, means that Facebook
has access to their usage data.

~~~
dullgiulio
No, that's not true. If Spotify sells the data without anonymizing it, then it
could tracked back to Facebook, but otherwise OAuth only provides them with
your email and Facebook ID: listening data doesn't flow anywhere
automatically.

A different thing is Facebook gadgets on random websites while you are logged
in into Facebook.

~~~
juststeve
Yes i think is correct, so the data could be sold by either Facebook, spotify
(or both) to 3rd parties.

(Direct quotes from their privacy policy below)

"Consistent with the permissions you give us to collect the information, we
may use the information we collect, including your personal information:

1\. to provide, personalise, and improve your experience with the Service and
products, services, and advertising (including for third party products and
services) made available on or outside the Service (including on other sites
that you visit), for example by providing customised, personalised, or
localised content, recommendations, features, and advertising on or outside of
the Service;"

....

And here are some of the parts about data collection:

"We may also collect other information available on or through your Third
Party Application account, including, for example, your name, profile picture,
country, hometown, email address, date of birth, gender, friends’ names and
profile pictures, and networks.

You may also choose to voluntarily add other information to your profile, such
as your mobile phone number and mobile service provider.

...

"When you use or interact with the Service, we may use a variety of
technologies that collect information about how the Service is accessed and
used. This information may include:

information about your type of subscription and your interactions with the
Service, such as interactions with songs, playlists, other audiovisual
content, other Spotify users, Third Party Applications, and advertising,
products, and services which are offered, linked to, or made available on or
through the Service;

The details of the queries you make and the date and time of your request;
User Content (as defined in the Terms and Conditions of Use) you post to the
Service including messages you send and/or receive via the Service; technical
data, which may include URL information, cookie data, your IP address, the
types of devices you are using to access or connect to the Spotify Service,
unique device ID, device attributes, network connection type (e.g., WiFi, 3G,
LTE) and provider, network and device performance, browser type, language,
information enabling digital rights management, operating system, and Spotify
application version. motion-generated or orientation-generated mobile sensor
data (e.g., accelerometer or gyroscope).

You may integrate your Spotify account with Third Party Applications. If you
do, we may receive similar information related to your interactions with the
Service on the Third Party Application, as well as information about your
publicly available activity on the Third Party Application. This includes, for
example, your “Like”s and posts on Facebook. We may use cookies and other
technologies to collect this information; you can learn more about such use in
the section Information about cookies and other technologies of this Privacy
Policy."

------
kromem
To me it's an issue of cost vs reward.

While I would love to see greater privacy awareness and consideration from all
entities I use, the fact is that there are certain web properties that I find
indispensable and without a privacy considered alternative.

Facebook I can live without, likely even happier than with it. I also think
that the social contract of "sell me as a product in exchange for enabling my
social communication" is not the correct paradigm, and once there's a user
friendly alternative similar to secure scuttlebutt (i.e. Mozilla level
friendly), that best represents the proper social contract (I'll provide
hardware resources to enable my social communication).

~~~
gt_
That sounds nice but it’s a pipe dream.

~~~
FridgeSeal
Not with that attitude.

Seriously, writing off any attempt at discussing or fixing the problem because
"it's a pipe dream"/"network effect"/etc will ensure that you do end up going
nowhere.

------
stewofkc
It's not news that Facebook is gathering and storing TONS of information about
its users (and even non-users). Google, Amazon, Apple, Microsoft are all
guilty of the same thing.

~~~
dlp211
The difference is the extent to which those companies make that data
accessible to third parties.

Disclaimer: I work for Google

~~~
ocdtrekkie
What is the _actual_ difference between Google/Facebook and "third parties"?
Google actively uses information it gets about me in ways I don't approve of,
and generally can't opt out of without stopping use of the services entirely.

Sure, Cambridge Analytica was using the data to influence an election, but
Google is not shy about it's own social activism, and it's efforts to
manipulate users into seeing it's view of the world.

Google's only protective of our data for selfish reasons: If you sell our data
outright, the third party doesn't have need of you anymore, but if Google
maintains a tight hold on the data, Google can continually sell the ability to
make use of it (through Google's advertising services and the like) over, and
over, and over.

The harm to me is the same either way.

~~~
thinkling
Google keeps a tight hold on the data, whereas Facebook had APIs that allowed
FB-apps to crawl segments of the FB graph. By doing that thousands of times,
apps could export a large part of the data, and FB lost control over how the
data could be used. By contrast, Google retains control.

I understand your point that we as end-users don't have any control over the
way the data is used in either case. But I do think there is a material
difference between the two scenarios.

~~~
ocdtrekkie
I just don't see why "Google retaining control" is a positive, when Google is
as hostile an actor as Cambridge Analytica. If companies are going to use data
to sway public opinion and tailor advertising, how much does it really matter
which company is doing it?

~~~
skybrian
This is sort of like saying all political parties are the same. We can and
should make distinctions.

~~~
ocdtrekkie
What makes Cambridge Analytica worse than Google, specifically? Is the
distinction you can draw between the two objective, or subjective to your
personal view (or political party)?

(From what I've found, most people upset with "all political parties are the
same" are people who belong to one, and are upset that they get grouped in
with people who do the exact same things they do. Not "all political parties"
are the same, but the two of them I deal with as a US citizen definitely are.)

~~~
dragonwriter
> What makes Cambridge Analytica worse than Google, specifically?

The outright lying about purpose thing, by which CA’s key data was gathered,
for starters.

~~~
ocdtrekkie
I would argue both Google and many other data collection based companies do
this as well. Data is collected under the auspices of being able to "provide
you with better services", even though the actual purpose is to target ads to
you more accurately. (They may have better legal disclaimers and statements of
how data will be used stuffed in their EULAs nobody reads, but I don't feel
that's much less deceptive in reality.)

------
barbs
Completely by the by but is the scrolling on this page screwed up for anyone
else? Seems to have a weird slow non-native scrolling method for me. I'm
running Firefox on Android

~~~
John_KZ
Yeah, looks like custom JS scrolling. I hate people that do this.

~~~
nielsbot
It's the worst. Disabling Javascript temporarily can work around this. Or
using Reader mode... Assuming the content is worth it to you.

~~~
CaptSpify
And disabling JS permanently makes almost all other websites better!

------
kokwak
Recommend this:
[https://books.google.com/books/about/Surveillance_Valley.htm...](https://books.google.com/books/about/Surveillance_Valley.html?id=65WYDgAAQBAJ&printsec=frontcover&source=kp_read_button)

------
thibautg
Most media criticizing Facebook run Google Analytics and many other trackers.
Fortunately HN is clean, according to Privacy Badger.

~~~
ebikelaw
This equivalence is false. Facebook’s business is selling access to your
private data to third parties. Google’s business is not that. They are not the
same.

~~~
CaptSpify
Google's business is tracking me despite me not wanting to be tracked. It
doesn't matter what they do with that data, I don't want them to have it.

There are differences, but they aren't worth worrying about. You are still
vulnerable to being abused by Google's data about you as well as Facebook's
data.

~~~
thibautg
Yes, what’s annoying is that if you are using Gmail, you are automatically
logged in on all other Google services, including Maps, YouTube etc. When I’m
searching a doctor’s address or watching a stupid video on YouTube (most of
the time embedded in some other webpage), I don’t always want it to be added
to my history. [https://myactivity.google.com](https://myactivity.google.com)

Now I’m using Firefox Multi-Account Containers to separate Gmail from the
rest. And I am considering switching entirely to ProtonMail.

~~~
ebikelaw
FYI this isn’t true in all contexts. For example if I log into Gmail for iOS
that does not log me into the Maps app on iOS.

------
zombieprocesses
And Cambridge Analytics isn't the only election campaign "influencers". But
for some reason, the focus is only on facebook and cambridge analytics.

~~~
partiallypro
Probably because, and not to get too political but, the perceived slight from
those two was helping Trump. Though, I don't think there is much data that
supports the notion that data analytics helped Trump more than Hillary. I
think the argument that Hillary's ground game was horrendous holds up more
under scrutiny.

------
amelius
Perhaps the government should protect us more actively. It could hand us fake-
ids we can use when dealing with these companies. And it could give us fake
home addresses, etc. Like a witness protection program, but for everybody. And
it could provide an API for sending (e)mail to real users, using their fake
info. And it could set up a VPN service for everybody to mask IP addresses.

~~~
stewofkc
The internet has been a "wild west" for its entire existence. While this
allowed it to grow and improve freely, it also brought about bigger issues.
Government intervention could work, but the government getting involved in
tech usually sucks.

~~~
amelius
> the government getting involved in tech usually sucks

The internet was built by government organizations (e.g. DARPA, NSF)

------
dna_polymerase
What? Who would have thought?

[https://prism-break.org/en/](https://prism-break.org/en/)

------
davidjhall
Malwarebytes flagged this page as malicious; and umatrix lists a lot of
javascript from elsewhere.

------
bsder
Yes, the other companies are probably just as bad, but one at a time, please.
It is very hard to keep the attention of the man on the street, we should not
split it across multiple companies.

~~~
stewofkc
Only focusing on Facebook's scandal shifts attention away from the real issue,
which is tracking on the internet in general. Most people aren't aware of the
extent to which they are sharing information.

~~~
latexr
Focusing on Facebook gives the benefit of _focus_. Techies have been warning
people for years about tracking on the internet, but “tracking on the
internet” is a vague premisse.

It’s by bringing the actions of popular bad actors to light that we’ll raise
awareness to the rest. People need something tangible that they see is
affecting them, and Facebook’s scandal is just that.

~~~
pessimizer
> It’s by bringing the actions of popular bad actors to light that we’ll raise
> awareness to the rest.

What usually happens is that the one "bad actor" gets turned into a "bad
apple," convincingly repents, is renamed, or is dismantles, other companies
have a quiet period during the media frenzy to avoid being the next focus,
then continue with impunity.

If focusing on facebook brings legislative changes, then good. If focusing on
facebook just punishes facebook, who cares?

~~~
latexr
> If focusing on facebook just punishes facebook, who cares?

Everyone. Punishing one single bad actor (and one of the biggest, at that) is
indisputably better than punishing zero. By having one answer by the
consequences of their actions, the others see the same can happen to them.

The math is simple. A bunch of little people against multiple tech giants.
There’s no way the people have a chance to deal with all the giants at once.
One at a time, maybe.

------
jonbarker
Steve Jobs actually envisioned building an ads product where the ads were
actually beautiful and enhanced the user experience, in his final years. That
was the idea behind iAd. I occasionally get these types of ads from youtube
where I'm actually glad they showed it to me. No other ad product has ever met
this bar for me including fb so that's why I think they deserve the market's
current skepticism, that and allegedly selling political ads at different CPMs
to different parties (this is not legal in other types of media).

~~~
stewofkc
The price gouging is a whole other issue...which is a by-product of the
availability of this data.

If Facebook/Google are really gathering our data to enhance advertising, it
isn't helping the end user. Although it could, if they shifted their focus
from ad revenue to user experience (not gonna happen).

