
Facebook Reveals New Security Settings Amid Privacy Concerns - lambda_lover
https://www.bloomberg.com/news/articles/2018-03-28/facebook-announces-new-security-settings-amid-privacy-concerns
======
lukewrites
They absolutely did not "reveal new security settings" – they revamped the
security settings menu & page. From the article:

> Facebook announced on Wednesday that it’s redesigning the settings menu on
> mobile devices, consolidating privacy options in one place, rather than
> sending users to some 20 different screens

There is no indication in the article that they are allowing users more
control over their data, and fb remain free to do what they will with your
data once you sign up for their service.

This does nothing to resolve the problem that people are up in arms about:

> Under the revamp, users still won’t be able to delete data that they had
> given third-party apps on the platform previously, even if it was used for
> reasons other than what was agreed to. That data, generated over years of
> games and personality quizzes that had access to private information, is
> largely still stored outside of Facebook’s grasp by the private individuals
> and companies that built those applications.

~~~
TheSpiceIsLife
> users still won’t be able to delete data that they had given third-party
> apps ... is largely still stored outside of Facebook’s grasp by the private
> individuals and companies that built those applications.

I don't believe it's possible to resolve _that_ problem.

------
kennu
What's really needed is a way to delete old data in batches, like "delete
everything I've posted over 1 year ago".

Currently you have to delete thousands of individual items (like played
Spotify songs) one-by-one, using a tediously slow and inconvenient UI that
individually confirms each delete.

~~~
makecheck
The “tedious to delete, by design” approach crosses all companies (create
account = 1 click, delete account = call this number between the hours of 1:15
and 1:16 on Tuesdays and wait half an hour to speak to a representative,
enduring their sales pitches first).

There should be a simple law: the mechanism for deletion of any user data must
be no more complex than its creation.

It would also be nice to have deletion terms always specified at point of
creation, e.g. “bookmark this link to remove what you’re about to create”.

~~~
parliament32
>the mechanism for deletion of any user data must be no more complex than its
creation

I don't think that'd work too well... indeed, it's already in place. You can
create a single post with one click, you can delete a single post with one
click. I guess we're looking for "batch deletion".

~~~
Implicated
> ...you can delete a single post with one click.

Can you? Or, like the parent states, is there a confirmation for every
deletion, thus two clicks?

~~~
parliament32
Well multiple actions in both cases. If you're making a text post, you need to
1) write the text, 2) click submit. Likewise with an image, 1) upload image,
2) click submit.

I suppose the confirmation isn't strictly necessary but for a normal user's
use-case, but having a confirmation is a good thing (accidental irrecoverable
deletions are bad). But they could definitely have a one-click delete with an
Undo button.

------
jonahhorowitz
The real question is: will they let me delete all the call logs, address
books, and SMS data they've scraped off my android phones over the years? If
they do, will it actually be deleted? How long will it take to be removed from
all backups?

~~~
rmc
GDPR comes in in May. That's the interesting development

~~~
azinman2
What’s gdpr

~~~
grinsekatze
General Data Protection Regulation. I can't wait for it ... and to see how
facebook handles all delete requests.

------
galieos_ghost
What's amazing to me is how the media can stir the public into a fever pitch
with such ease. I've told people about FB and Google data collection for years
and nobody cared, at least not until the talking heads told them to care.

What FB does is innocuous compared to the CIA vault7 leaks, and yet the media
shoved that down the memory hole. The real question is why is this being
pushed now when literally of this has been public info for years?

~~~
parliament32
It's just part of the media machine. FB is currently the "bad guy" so any
media agency who can push the narrative is rewarded with more user attention.
This has a huge snowball effect and will result in FB getting hammered into
the ground until a more interesting antagonist comes around.

Another interesting "bad guy" right now is Russia -- justified or not, notice
how media outlets are trying their hardest to find _any Russian links
whatsoever_ to every bit of political news, even things completely unrelated.
For instance, try searching for "cambridge analytica russia" and look at the
number of results.

------
grinsekatze
Even if they offered a delete button any time before GDPR comes into effect I
would not trust and use it. I also don't like the idea of using one of those
chrome extensions mentioned here. To me, currently this is synonymous to
hiding everything they have on me from myself.

But doing this after May 25 would mean I definitely want it gone for good and
if they don't fully delete what I manually remove, I expect them to get
themselves into trouble.

~~~
g_p
> But doing this after May 25 would mean I definitely want it gone for good
> and if they don't fully delete what I manually remove, I expect them to get
> themselves into trouble.

You're technically right here, but it seems at present that most companies
won't be complying with this for quite some time (perhaps an opportunity for
some litigations?)

Backups appear to be the "black hole" in GDPR, as nobody spent the 2 years
actually planning and preparing. Therefore, most people I've spoken to are
planning to simply add a "gdpr_deleted" flag to each row in the database, and
set it to true when it happens. They don't return those rows in queries. The
inter-dependent nature of many databases (you shared a post with 10 users, you
delete your account now, FB wants to retain the view records), coupled with
nobody taking GDPR seriously until the last minute, means we'll likely see
"soft deletes" for quite some time.

It would be interesting though to make a GDPR request to companies for data
held specifically on backups, and held in databases records that would
normally not be shown (i.e. these hidden records), as that could get them in
trouble if you could prove they lied!

~~~
greenleafjacob
> Backups appear to be the "black hole" in GDPR

To delete backed up data, first encrypt the data with a key. To delete the
data, delete the encryption key, leaving your "backed up data" meaningless
bits.

------
macspoofing
Here's a good security/privacy option: Provide a fully featured HTML5 app
(specifically one that allows you to access the inbox). Then there is no
reason to install the native app or messenger.

~~~
intrasight
I only use my browser to use FB. But I don't message with Messenger - I use
phone's native text message feature.

~~~
macspoofing
I'd still like to access the Facebook Inbox when I'm on my phone and using the
Facebook web page. Right now it forces you to the messenger native app.

------
bogomipz
>"“Last week showed how much more work we need to do to enforce our policies
and help people understand how Facebook works and the choices they have over
their data,” Facebook Chief Privacy Officer Erin Egan and Deputy General
Counsel Ashlie Beringer wrote.

Facebook Chief Privacy Officer. Now there's a job title.

Seriously what does a Chief Privacy Officer at FB do? What are the
responsibilities of a Privacy Officer at a company whose entire existence is
predicated on their users having no privacy? Here's 15 years worth of their
boss's views on privacy:

[https://www.cnbc.com/2018/03/21/facebook-ceo-mark-
zuckerberg...](https://www.cnbc.com/2018/03/21/facebook-ceo-mark-zuckerbergs-
statements-on-privacy-2003-2018.html)

------
prolikewhoa
Who is ever going to trust that these settings actually do anything except for
the button animation after the previous two weeks of privacy disaster for
Facebook?

Probably most of the country, actually. =\

Mark my words, their stock price goes right back to $180 over the next two
weeks.

~~~
djohnston
people who don't wear tinfoil hats

~~~
jimejim
That's kind of a silly comment when we have proof that Facebook's poor design
lead to abuse.

~~~
djohnston
there's a distinction between abuse from a third party and outright lying on
the part of fb. suggesting that deleting data leads to nothing more than a CSS
animation is asserting the latter.

~~~
rhacker
I think the reality is that data will no longer "look" like it's in the data
download, I'm sure FB will keep it to continue performing ML algorithms to
pursue more and more ad revenue. Hopefully they will at least remove the code
that is collecting it so that it stops in the future. No tin foil hat needed
to believe this route.

------
nopacience
Something curious about facebook is, they let anyone access user profile/pages
(or whatever it is called), so visitor can see the user profile picture and
might be able to see other stuff. Facebook "protects" the privacy of the
"visitor" because the user cannot see what visitors have visited their
profiles.

So, users have no privacy, but visitors have their privacy protected.

Facebook should list "who" visited user profiles. I dont know why they dont do
this already. And even more, they could somehow list what photos the visitor
chose to see, how long visitor stayed on user profile, which 'full resolution
pictures' visitor had downloaded. If they only saw thumbnails then no need to
list, but if visitor made the effort to download _all_ full resolution user
pictures then the owner of those pictures should be able to see who has
downloaded them.

So this way, the user would be able to see how frequently visitor X, Y, Z has
stayed on their profiles, and how many/which full res pictures they have
downloaded/seen.

If the user profile is not a person, but a store, then the store would be able
to benefit from this data and send some message saying "We noticed you have
been visiting us lately, and you seem to have a lot of intrest in product X.
Do you want to know the price or make an offer?"

Or, if the user is a person and has seen weird behaviour from weird users,
then user would be able to take precautions.

So in the end, the user profiles are public and have no privacy. But the
visitors/consumer of other people profiles can snoop on other lifes and have
their privacy protected because the page they visited is never able to know
they have been visited by visitor X Ntimes.

~~~
aylmao
This is a pretty interesting proposition. I'm personally not a fan of the
store idea --I'd rather be able to visit business pages anonymously and not
get messages from them-- but I actually think seeing who has seen your profile
could be a good idea, especially in the realm of the picture download/viewing.

------
mtgx
Again, it wasn't "amid privacy concerns". It was because they were trying to
be compliant with EU's upcoming GDPR regulation:

[https://www.reuters.com/article/us-facebook-sandberg-
privacy...](https://www.reuters.com/article/us-facebook-sandberg-
privacy/facebook-to-hand-privacy-controls-to-users-ahead-of-eu-law-
idUSKBN1FC1Q6)

------
quadrangle
What I want is to download my history _including_ the external links I posted.
But they seem to not include that stuff. I'm sure they tracked which links I
posted, but they don't consider that part of the private data I'd own in any
way, so it's not there in the download. Which I means I can't find that
article I stupidly posted to FB and forgot to bookmark otherwise…

------
glbrew
The real problem is data collected about you from other people. For example
all of my lesser friends install the android facebook app which gives them
tons of information about me from my interactions with them. I need a way to
tell facebook to delete and not collect data about me from other people's
devices.

------
benevol
F#ck the hypocrites at Facebook. That's all.

------
feelin_googley
"The Facebook Privacy Setting That Doesn't Do Anything at All

'I really can't make sense of it.'

Gergely Biczok, CrySys Lab"

[https://www.wired.com/story/facebook-privacy-setting-
doesnt-...](https://www.wired.com/story/facebook-privacy-setting-doesnt-do-
anything/)

