
Facebook has always sold data to advertisers, and it probably always will - kareemm
https://www.nytimes.com/2018/12/12/opinion/facebook-data-privacy-advertising.html
======
underwater
I disagree with the premise. The accusation only holds if your definition of
"selling data" includes any transaction where data is leaked as part of a
transaction. Importantly, in the ad model the information leakage is an
unintended (but unavoidable) side effect. If Facebook could sell ad slots
without revealing information about you they would. In fact over the years
they've tightened their constraints around targetting to ensure that
individuals cannot be targetted and data about individuals can't be derived by
targetting hacks.

If you asked an average person what "selling data" means, they would describe
a much more straightforward exchange: you pay me, and I tell you the names of
woman interested in skiing.

Consider a real world comparison. You run a ski class for woman. I pay you
$100 to distribute vouchers for a range of ski equipment at my store. If a
customer shows up with a voucher then I know that they're taking your lessons.
I can infer their skill level and that they can afford to pay for private
lessons. Was that an instance of you selling your customer's data?

~~~
Arnt
You're entirely right and I quite agree.

Except that I'm not sure I do, now that computers are involved and can pick up
every scrap of maybe-data and correlate sets of maybes into probable
identities. Twenty years ago walking into a shop with a voucher wasn't an
identifying action, now it may be. Twenty years ago what the shop owner got
from the voucher distributor wasn't a list of names, now it may be.

If the shop owner gets a list of names at the end of the day, then arguably
that list is what Facebook sold. Maybe Facebook sold it with plausible
deniability, maybe Facebook would prefer not to sell it, but the shop owner
paid money and got something in return.

~~~
ironSkillet
Companies exist solely to gather and de-anonimize this data to the fullest
extent possible. As an example of what you can do, in Google Adwords, you can
download multiple aggregated click/cost reports across many dimensions (age
range, zip code etc), set up and solve a mixed integer linear programming
problem, and get detailed information about every click. Not sure if Google
ever caught on or cared enough to fuzz the data.

~~~
zonethundery
Would you mind naming some players in this space?

------
harryh
This essay is just wrong.

Just because a person ends up on an advertiser's site after clicking on an add
targeted to [whatever] doesn't mean the advertiser has the data. It doesn't
know the identity of the person that clicked on the ad.

~~~
Quanttek
Of course it does. That is the whole point of the article. By clicking on a
targeted ad, the info used to target you can be and also is very much
transferred. Just imagine a string attached to the ad URL containing the
characteristics of the targeted group:

    
    
        &woman=1&age=24&location=Seattle&sexor=bi&interested=[cars,skiing,succulents]&relstatus=single&...

~~~
harryh
"It doesn't know the identity of the person that clicked on the ad."

------
cerved
You probably could use this type of granular targeting described, and infer
personal data from Facebook users using UTM codes on your campaigns.

But it doesn't tell you who this information is about. You'd have to trick the
user to reveal their identity on the attacker website.

I guess this could happen if the victim had previously visited the attacker
website and identified themselves using say their email. Store a cookie of
this user. Then when the click the information leaking ad they identify
themselves on the attacking website with this cookie. Now you can link the
information leaking targeting with the user and potentially leak data.

It's misleading to say that Facebook is selling data to advertisers. Rather
they might leak personal data through covert channels.

------
nitrogen
A lot of comments are missing the fact that there are data sources other than
Facebook that can turn a click into an identity, or near enough. Facebook
can't claim ignorance of all of those.

See [https://panopticlick.eff.org/](https://panopticlick.eff.org/) for one
conceptual demo.

As an innocuous example, have you ever noticed that Maps seems to show the
right neighborhood when you connect a non-GPS laptop to a friend's wifi?

~~~
nodja
> As an innocuous example, have you ever noticed that Maps seems to show the
> right neighborhood when you connect a non-GPS laptop to a friend's wifi?

Isn't that just matching the IP to the correct town? Using a database like
maxmind's.

~~~
nitrogen
There are databases with much higher accuracy. I once had a pizza delivery
website I had never before used pre-populate the complete address for my
location (on a desktop PC with no GPS). They don't do that anymore though, so
I can't take a screenshot.

Retailers buy and sell customer data as part of "data cleanup" efforts, that
data can be correlated with geo-IP and third-party cookies, etc.

------
bertil
Real question: Should opinion editors be judged by the practice of the journal
that publishes them?

The NYTimes does admittedly worst than Facebook on that front (the key aspects
for me: I can’t see the targeting for their ads before clicking on it, refuse
some ads on their website, I can’t access, edit or delete what their partners
know about me; I can do all that on Facebook). That makes the claims of that
editor seem very disingenuous.

Should we judge him based on that? Or is he a user of NYTimes and a victim of
their disputable privacy practice, like he is a user of Facebook and an avowed
victim of the Mark & Boz’s decisions?

------
sbhn
Its not only advertisers buying your data. I had a boss who paid a
subscription to a service that monitors as much of your internet activity as
possible. He got alerts everytime i and other colleages did anything public.
He bought it cause he was paranoid, or a voyer. Stuff that you do that is
public, is more than just a facebook post, it is slso a google+, steam,
wordpress, gravatar, linkedin, discuss, readdit, and loads more. The more you
can link up a particular person, the more you can track across domains, the
more its worth, even to the person being tracked. Think credit scoring
companies who sell there tracking back to you and also to banks. Your
governments pay billions to security contractors to collect your data.
Newsagencies that suggest your data is only valuable to adveriserz are
engaging in distraction.

~~~
TallGuyShort
One of the many benefits of a full-time job doing open source development: it
has absolutely flooded out everything else about me on the Internet. My Dad
used to have a service like this alerting him about anything I did. He turned
it off because he got sick of all the notifications about my work. If you
Google my name now, it takes until like page 10 before you find anything
remotely personal.

~~~
sbhn
Yes, i had a similar perspective, ive also posted a lot of open source and i
thought if you are still inclined to be following me with your draw dropped in
awe, then youd need to be getting yourself a life. Surely im not that
important. But actually, my data and activity genrates enough money amongst
those who sell security to the government, that it would contribute a
significant part to my weekly wage. If only we knew how much our data was
really worth.

------
jeromebaek
This is tricky. I sort of agree with the author and sort of don't.

It boils down to: if you own an algorithm f: H->R^n and show m number of (k,
v) pairings such that f(k) = v, does it follow that you have revealed all or
part of the algorithm? (Where user data is folded into f.)

This would necessarily have to do with how big m is and whether it is enough
to infer a f with reasonable accuracy. Not sure what are good metrics for
"reasonable accuracy" though.

------
randaouser
How is ad matching performed exactly? Is a users data profile basically
matched against some set of ad network defined properties and then served to
the end user?

------
humbermetallic
I agree with this article, thanks for sharing. With the advent of big data and
capabilities to draw conclusions from what seems like an anonymous information
Mr. Zuck sill goes for the simplified explanation "but we're not giving it
directly..." The violence case in Myanmar showed that Facebook has much
broader consequences without directly doing anything. The same goes for third
party involvement, they can deny it and it makes me question do they
themselves understand the scope of the problem and manipulation.

------
soft_dev_person
This is so on point that even Congress should be able to understand it.

~~~
JBiserkov
Upton Sinclair: “It is difficult to get a man to understand something, when
his salary depends on his not understanding it.”

~~~
ardy42
That's a nice quote, but I don't think it applies here in that way. I don't
think any Congressman's salary actually depends on not understanding
Facebook's business model.

~~~
michaelmrose
Facebook doesn't individually contribute much but it did contribute a total of
7 million over 12 years. If they were smarter they would kick in more.

------
yosito
As a culture, we all signed up to participate in a business model funded by
collecting our data and selling it. The natural outcome is that people with
money would use that money to influence public opinion. We walked straight
into this trap.

------
delhanty

      >Please disable your ad blocker
      >
      >Advertising helps fund Times journalism.
    

No I don't think so - uBlock Origin all the way.

Internet advertising fuels the Facebook problem.

The smaller we can make internet advertising, the smaller the Facebook problem
becomes.

~~~
ForHackernews
Pay for a subscription, then. Journalism isn't cheap.

~~~
setquk
Or just not bother reading the thousands of syndicated bits of crap and
opinion pieces which is what "journalism" is mostly these days.

~~~
yostrovs
Thanks to the big tech companies and ad blockers.

------
known
[https://en.wikipedia.org/wiki/Targeted_advertising](https://en.wikipedia.org/wiki/Targeted_advertising)
is included in
[https://www.facebook.com/about/privacy/update](https://www.facebook.com/about/privacy/update)

------
taude
I don't know why we pick on FB for this practice, just because they're better
at it than existing marketing data out there that's been accumulating for the
past 40 years on people. Companies like Axciom, Experian, etc. have been doing
this far longer than FB...

