
The Creepy Details of Facebook's New Graph Search - petrel
https://www.eff.org/deeplinks/2013/01/facebooks-graph-search
======
brown9-2
_This feature has rolled everyone, by default, into a dating service ("Single
females in San Francisco who like Radiohead") and a marketing database
("People under 25 who like Coca-Cola")._

This assumes that the advertisers didn't have access to searches like this
already. That seems very unlikely.

~~~
Wilya
Did they have access to this, or did they have access to "show my ad to
everyone who matches this query" ?

I don't see why Facebook would allow advertisers to build databases of people
when they can just force them to go through their own tool and keep people
anonymous, like Google does.

Also, this is free, as opposed to advertising tools, which broadens the
audience quite a lot.

~~~
0x0
I don't think they have access to that, and you are right, there's a big
difference between getting search results with actual people links, and
getting your ad anonymously delivered to people matching a given criteria.

By the way, you can click through the "create an ad" process quite far on
facebook before you have to actually pay for it, so for those curious, why not
give it a go and see for yourself what the process looks like? :)

------
Shenglong
I personally think this feature is really cool, and has the capacity to be
really useful. While I don't personally mind people creeping me, it _will_
likely have vast social implications.

For example: <https://dl.dropbox.com/u/46245195/jealousy-machine.jpg>

------
_dark_matter_
Seems to me like Facebook was already using these "creepy details" on a daily
basis in targeted advertisements. I looked through the ad process, and you
could choose any of the options they have in the article (age range, likes,
location, etc.)

~~~
cheald
I think it's quite different for a company to use "creepy details" to deliver
targeting advertising than it is to make that information available to the
public in an easily discoverable fashion.

Graph Search is really interesting from a data standpoint, but I don't at all
see how it's going to mesh with the realities of how people like their data to
be managed.

~~~
lostnet
How can you feel about clicking on an Ad that matches one interest of yours if
you don't know the additional targeting criteria?

The more specific the criteria, the more likely the "advertiser" is a spear
fisher.

I can think of a couple exploits (Err- links) one might pay to send to
"groups" like: All Oracle employees who like sailboats and tennis. All
Universal Health Care employees who like Oracle. All apple employees who hate
google maps.

The total cost of these 3 "campaigns" might be $30. You may hit these targets
with a wider google campaign, but that would cost more and entail greater risk
(i.e. people at mcafee who like nmap and Oracle.)

~~~
cheald
Do advertisers get information on the specific users who click on their ads?
Can you reverse-map an ad click into a Facebook profile?

~~~
joshdotsmith
No, this isn't possible.

~~~
cheald
I get the "technically possible" argument above, but this is what I'm driving
at - targeted advertising is one-way (you can target people, but don't know
who they are), while Graph Search is two way (you can target people, and find
out who they are), which is why I don't think the comparison between the two
is all that apt.

------
spullara
This at least exposes what you could have been doing all along using their
API. If anything it is better that they launch this and people realize the
implications rather than developers being able to do it without people really
understanding the implications.

~~~
smokeyj
And how the law will use it. Seems like a great way to find criminals and
activists at scale

~~~
malandrew
I find it creepy that our impression of the government now has us lumping
criminals and activists into the same sentence and thought.

------
kmfrk
Privacy and utility are mutually exclusive, privacy and utility are mutually
exclusive.

This can't be said often enough.

I personally hate Facebook because of Zuckerberg's disregard for Steve Jobs's
definition of privacy: to know what you've signed up for.

But there's definitely a lot of utility for those who willingly hand over
their personal information. It's a trade-off, and I'm fine with it, as long as
people knowingly, willingly accept that.

------
melvinmt
I really like it. The constantly increasing social pervasiveness is inevitable
and I've made my peace with it a long time ago.

I understand why it took them this long to come out with something like this.
For this to work, you need massive amounts of data, something Facebook has
plenty of after receiving a firehose of data for so many years.

Google has failed in social search, because (ironically) they had the search
first, but not the data. IMHO this is exactly what they were afraid of and the
main reason why they keep pushing on G+ hard.

Most importantly, Graph Search finally "captures the intent" - which made
Adwords so good - that FB Ads was badly missing. Expect to see their revenues
soaring in the coming years.

~~~
SkyMarshal
_> Google has failed_

You say that as if the competition was a specific event with a discrete ending
time, rather than continuously ongoing process that ever ends.

------
betakappaphido
Wasn't it Assange that said fb was the greatest spying machine ever invented?
Why the heck people will continuously give away private information with no
safeguard that information will ever remain private in the future, I will
never understand. Graph Search is just one more example of 'transparency
creep' until there is only a microcosm of privacy left, and even that will
likely be an illusion.

~~~
freshhawk
> Why the heck people will continuously give away private information with no
> safeguard that information will ever remain private in the future, I will
> never understand

I do understand. People don't evaluate risk correctly. They are fundamentally
irrational in all sorts of strange ways. Humans have a strong optimism bias[1]
so even if they know something bad might happen to some people they __know
__that will happen to other people, not to them. The benefit, even when it's
tiny in comparison, they get _right now_.

Thanks to the fascinating new neuroscience around cognitive biases you too can
go from thinking you'll never understand to despairing for the future of
humanity!

At least now someone will probably do a Firesheep-esque [2] "look how creepy
you can be" app that will get some attention. And that kind of attention is
exactly the antidote to the optimism bias as well as many of the others at
play here, it's actually very effective because it plays into other well known
biases [3][4]

[1] <http://en.wikipedia.org/wiki/Optimism_bias>

[2] <http://codebutler.com/firesheep/>

[3] <http://en.wikipedia.org/wiki/Attentional_bias>

[4] <http://en.wikipedia.org/wiki/Availability_heuristic>

------
richardjordan
Think about what this will do for discriminatory hiring. Searches on who has
liked political statements or views that are disapproved of by corporate
policy. Again as others have state - big difference between this stuff being
discoverable and it being easily searched, sliced and diced.

~~~
freshhawk
What's the big difference other than smaller players having access to this
information?

Maybe I'm going to far applying computer security concepts to real life but
this was possible before, so making it easier to access only really changes
how educated the users are about over-sharing. I mean, if you wanted to
educate people in a "wow that's creepy" way like firesheep did you would build
something like this.

If you shared it online and it's linked to your real name then you _have_ to
assume anyone can get a hold of it.

In the practical world you make an excellent point about discriminatory
hiring, but I feel like this was going to happen anyway so better to open
things up now and hopefully scare people into realizing what they are doing
when they post private information publicly. The longer the time until this
happens, the worse it will be when it does right?

~~~
richardjordan
I think this is a classic example of where there's a meaningful difference
between possible and really easy. To use a topical analogy. People in the UK
can do a mass-killing, with knives or clubs. People in the US can do it a
whole lot easier because they have access to high powered firearms.

~~~
freshhawk
I see what you mean, but I don't think your analogy fits. People are only
vulnerable if they choose to be and it's not the difference between knives and
firearms, it's the difference between the powerful with firearms and everyone
with firearms.

I think my Firesheep comparison was better. Firesheep made something possible
easy and the result was not an outbreak of hijacked email and social media
accounts although that certainly happened in cases where it wouldn't have
otherwise. The result was education through surprise and an actual improvement
in online security practices (defaulting to https).

If someone is going to have this level of information more transparency about
what there is and what can be done with it is the lesser of two evils.

------
Techasura
One thing you should know is, the search has become more easy rather than
typing some name in search and selecting "education,location,workplace". SO,
the search i believe has now been turned out more like ruby syntax.

------
mbesto
Just so I understand this correct, if everyone is only sharing things
explicitly with friends or friends of friends, doesn't that render the open
social graph search useless?

~~~
makomk
A lot of the information this searches can't actually be locked down by
privacy settings anymore, as far as I can tell. Facebook made most profile
information public for everyone whether they wanted that or not.

