

Go Ahead, Sell My Data - granfalloon
http://www.kevinjcurtin.com/home/2011/10/18/go-ahead-sell-my-data.html

======
Wilya
This is addressing the wrong problem, at least in my view. I don't really care
about what Facebook does with the data I consciously give them. And ads are
just an side-effect.

My main problem is that they actively try to get their hands on data I don't
want to give them. Like, my constantly actualized GPS coordinates, or my
browsing history. And that they store it. And process it. And store me into
some kind of box.

Oh, and it candidly considers that Facebook, or any other person to whom it
sells the data, won't do anything nasty with it. Just serving ads might be
okay. But ultimately, they _could_ do much more.

Do you want to know who the gay people are around you ? We could sell you that
list ! Do you want to know who votes for your opponent ? We could sell you
that list ! And so on.

The day Facebook, or Google, or anyone with a comparable database actually
decides to do something evil, it will look ugly. Will they ? Don't know. Don't
want to find out.

As a side note, I might pay for Facebook. Or I might have paid. Now, they will
just get my money and sell my data anyway, so why bother ?

~~~
bad_user
I also hate the tagging.

For instance you do not usually opt-in to a group by yourself. Instead
somebody else includes you in that group, without your permission. This is bad
because opt-out of a group is an explicit statement that you don't want to be
in that group, versus just ignoring a request which could just say that you
don't have the time for that or you missed the invitation ... and people know
you in those groups and opting-out is just rude.

This is not how real-life works btw.

I also got tagged several times in pictures that I do not like. Those pictures
automatically appeared right on my "enhanced" profile page. When I untagged
myself the person that did it thought it was some kind of technical problem
and tagged me again. Then I untagged myself again, and got tagged again. Then
I told that person that I don't like that picture and she got upset. I don't
want other people tagging me - I want to tag myself in pictures that I approve
of and this is something that Facebook won't allow me to do.

And talk about automatic tagging -- fortunately Facebook allows me to
deactivate automatic tagging (for now), but this feature is just plain evil
IMHO, as it encourages people to tag other people, even though that's not
something they really want to do.

This list could go on and on and yet Facebook provides no means for me to
automatically download the contact details of my friends. How fucked up is
that? These are my friends, and many of them I invited to Facebook myself.

Basically these days I'm only using Facebook when I want to get in touch with
somebody and I have no other way at my disposal OR if I want to spam people I
don't care about ... but the real social networking that I'm doing these days
is through my phone or through my email address.

~~~
drcube
There is a privacy setting forcing all tag requests to come to you for
approval first. Obviously it isn't easy to discover, however.

~~~
RexRollman
Lot of things are hard to find (like deleting your account). And there is the
issue of Facebook periodically changing the settings, knowing that meaning
people won't bother figuring out what the changes mean and how it effects
them.

------
slowpoke
> There is certain information (address, account numbers, ss #, etc.) that if
> obtained by a third party, could result in some real world problems that
> will negatively impact my life. But information social networks sell to
> advertisers doesn't fall into this category.

That's both wrong and incredibly short-sighted.

First, Facebook collects way more data than necessary. In fact, they try to
collect data of people _which aren't Facebook users_. And what's more, in some
cases (facial recognition), _there's nothing you can do against it_. But wait,
you can! Guess how? By _registering on Facebook_ , to remove tags. I don't
know what to call this, but it feels awfully similar to extortion.

Second, the unnecessary data that Facebook collects is dangerous by virtue of
existing. Yes, that data might be safe now. We cannot guarantee this to be
true tomorrow, next month or in five years, actually, we cannot even be sure
if it is safe right now (which is a matter of transparency again). Besides, I
don't see how a detailed (which might be an understatement) biography of my
life is necessary to sell targeted ads.

Third, as rwolf pointed out in another comment, it's not like targeted ads are
the only option. Yes, it might be the best alternative in terms of making
profit, but we cannot ignore the side effects.

Besides, I seriously ask myself when in the hell "profit" became an argument
to infringe on basic rights and liberties (of which privacy and control over
your own data is - or at least should always be - part of). To present a
hyperbole: slavery was very profitable as well. I don't see people arguing
that we should allow slavery again.

------
haliax
While there is nothing inherently wrong with making a profit from data about
users, there is quite a bit wrong with the way it's being done on Facebook,
and much of the rest of the web/mobile for that matter.

For one thing, services fail to properly inform their users of what they're
doing. It's quite common for ordinary users to either not know that their data
is being collected and used in those ways, or the extent of the data which is
being collected (e.g. Location, Phone Identifiers, and sites visited across
the web).

For another, opting out is generally designed to be quite difficult. Unless
you're vigilant enough to know which hosts to block (among other things) it's
almost impossible to keep your browsing history out of the hands of the hands
of third parties (especially with all the different ways browsers can store
information, see, <http://samy.pl/evercookie/>). This is the case _even if you
do not sign up for or use a service like Facebook_.

Also, as someone noted below, there is an issue with the simple fact of the
data's existence, since from that point on it is out of my control, and can be
used by anyone who can get their hands on it, in any way, which may well be
harmful to me.

------
gnaffle
I guess the problem isn't targeted advertising per se. It's that you don't
know what your personal information will be used for in the future. Maybe it
will give you better, more targeted advertising. Maybe it will be used to deny
you an insurance policy or be sold to a recruiting firm that will reject your
job application. I guess Facebooks terms don't allow that, but those terms can
change at any time.

Maybe not next year, but what about 30-40 years from now? Facebook or Google
might not even exist then, but you can be pretty sure that your data will
exist, along with your social graph. That's a tangible asset that can be sold,
no matter what happens to these companies. Or seized by some government, for
that matter.

Is this just being paranoid and obsessed with privacy? Lets hope so.

A german friend put it this way: Most jews in pre-nazi Germany didn't mind
having their religious affiliation listed in their passport. Many were indeed
proud to be jews.

Would anyone of them have been able to imagine what this information would be
used for just a few years down the line? Wouldn't anyone worrying about this
collection of data have been laughed at and called paranoid?

~~~
kcurtin
I do understand concerns over what happens to your data moving forward
(changing laws, organizational/management changes etc.). But again, I can't
think of any of the information on a social networking site being all that
damning. The information that I share on say Facebook or Google+ (at least for
me) never really consists of ultra-private information.

And I think your example is a bit extreme.

~~~
rufibarbatus
> _I think your example is a bit extreme._

The problem is, extreme eventually happens.

Nazi Germany has been such a commonplace rhetorical device on the Internet for
so long [1] that we end up easily dismissing it when it's indeed a useful
comparisson. This, for many reasons, would be one such case (we can debate
that through email if you want), but let's dismiss it anyway.

The important fact here is that bucket loads of (your) personal data are being
processed, correlated with each other and stored into centralized server
clusters — which have become very tangible assets.

If someone ill-intentioned — a government, an interest group, a company — gets
a hold of these assets — through power, through craft, through acquisition —
they can use it to target you for whatever their purpose.

In a warfare scenario, that could mean targeted, granular misinformation;
targeted terrorism through AI-generated blackmailing, tailored on an
infividual level; mass identity hijacking. It could make war a _personal_
matter like it has never been before.

(And on the other side, there's the Nazi Germany scenario where, unbeknownst
to you, you are being blacklisted for a genocide to come — after all, the
first step is classification. [2])

The fact that we're living rather peaceful times doesn't mean that a potential
weapon like these databases should go unregulated; and the fact that we see no
storm in the horizon doesn't mean we shouldn't care about the possibility.

As long as you can imagine what sorts of bad things could be done with that
personal data, the argument is: you should care because you don't know for a
fact what tomorrow will look like.

[1] If Wikipedia is to be believed, it's been 20 years now since Godwin's Law
was first formulated!

[2]
[http://www.genocidewatch.org/aboutgenocide/8stagesofgenocide...](http://www.genocidewatch.org/aboutgenocide/8stagesofgenocide.html)

------
nikcub
I will give you one example. Somebody uploads my picture to Facebook and tags
me in it. Facebook now matches my face to my name - forever. I can't ask them
to forget that they know me, I can't ask them to delete that data, and I can't
get a new face (although sometimes I would like to).

Facebook now has that information forever and I played no part in them
obtaining it. They could launch a feature tomorrow where you can take a
picture of a stranger at a bar and be given their 'closeness' to you, or their
name. Or that data could be stolen, or misappropriated.

This is about companies over-reaching and then either the data accidentally
leaking or intentionally being used without user permission. Most people don't
have a problem with it, until something goes wrong.

~~~
etha
I met your friend yesterday and he was showing me some pictures from a camping
trip he took last week. I asked "who's that guy standing to your left" and he
told me it was you. Now I know what you look like, forever, and you can't ask
me to forget or delete that either. I don't see the problem here.

~~~
lawnchair_larry
You don't see it because you aren't looking for it, and are probably not
interested in it. You're just unilaterally opposing a viewpoint.

I'll make it easy - you're not an oracle on the identities of 500 million
people, no matter how many camping photos you look at. When you are, we'll be
uncomfortable about you as well.

~~~
etha
Why would you be uncomfortable in that case? How do the potential drawbacks of
such an oracle existing outweigh the potential positives?

------
lukeschlather
>While it is true that "we pay with our data" for many of the free (as in no
monetary cost) social networks we use, what is the alternative? People don't
want to pay money for these types of services and this is a business model
that allows companies to operate and thrive while providing a valuable service
to their users.

That strikes me as a pretty weakly supported argument. Facebook is in a
position where they could do something very similar to Github. Free accounts
that are publicly searchable and paid accounts with strict access controls.
Many people would in fact pay for that, probably to the point that they could
ditch ads on the free version.

Now, they would have to stop rewriting the code that manages access
permissions every six months, but I would bet they could totally do that if
they stopped treating ad revenue as _the only way._

~~~
webjprgm
That would be extortion unless they allow you to completely delete an account
and opt-out (or better yet, require opt-in) of data collection. Because if
not, then the only way to hide your data from the public would be to pay FB.

~~~
gujk
The phone company has been blackmailing the public with its White Pages for
decades. Unlisting a number costs money.

Nothing new under the sun, just bigger and worse.

------
vsl2
I agree that Facebook and other social networks have a right to make money
through their business model. As the article puts it, if they didn't make
money, they wouldn't exist and that would be a loss for many people.

However, there's nothing that says Facebook has the right to become a $100B
company through extreme invasion of privacy and other distasteful tactics
(whatever they may be - I sure don't know what fully goes on over there). Send
me some targeted advertising if you have to, but I will protest against you if
you make new "share-with-others-additional-information-about-yourself"
features a confusing opt-out hassle.

Just recently my wife shared a photo album via Picasa and Google+, and she
couldn't figure out how to restrict who could access the album, though it was
very simply prior to Picasa's integration into Google Photos. Do you think
Google+ engineers couldn't keep the same Picasa privacy functionality as
before or is it because they want to force people to share more than they're
comfortable with?

No one is saying that social networks shouldn't make money through advertising
and most people are probably okay with some personal data being used for
targeted advertising. But given past invasive practices and privacy concerns,
there are definitely valid concerns with regards to the extent to which social
networks are commoditizing/selling users' personal information in an effort to
maximize profits. Furthermore, who knows what happens to sold personal
information down the line?

Simple question: If changing social networks was as simple as changing your
online shopping preferences, do you think Facebook could get away with what it
does? Facebook can obviously take advantage of the fact that its users cannot
easily leave to appropriate user data that other sites could not.

------
budu3
The evilness comes into play when companies are not transparent about what
user data they are collecting and how there are monetizing this data.

------
rwolf
It's not clear to me that ad-supported == targeted ad-supported. The claim
that there is no alternative is false--the alternative is less effective (and
therefore less lucrative) ads.

If you ask a HN-reader to choose either 1) less intrusive data collection or
2) more profits to the website, I think it's clear why the user prefers door
#1.

~~~
kcurtin
Facebook using the information we have made available on their network
("intrusive data collection") doesn't really have a negative impact on us as
users. At least not in any tangible way.

~~~
gyardley
Absolutely. A class-action lawsuit against a mobile analytics company I own a
chunk of was thrown out of court recently for exactly that - failure by the
plaintiffs to establish actual injury or harm.

If there's no injury, there's no standing, and therefore there's no case.

~~~
rwolf
I refer you to the Beacon advertising adventure. Where Facebook was "just
using the data we make available on their network," and users fought back and
won.

You last sentence starts with "If there's no injury," which seems to be the
topic of discussion here.

~~~
gyardley
Users won, did they? How much were they individually compensated? (No need to
look up the answer - users received nothing.)

Facebook settled that particular lawsuit, so no judge had an opportunity to
determine whether there was an actual injury or not. Facebook itself admitted
no wrongdoing - settling this sort of thing usually means you've done a cost-
benefit analysis and it's cheaper and easier to just pay off the lawyers.

As for the independent privacy foundation that Facebook was required to fund -
anyone here heard from it lately? (Anyone here heard of it at all?)

And as for Beacon itself being closed - well, it certainly doesn't look like
it slowed down Facebook much, did it?

The Beacon lawsuit did nothing for anybody, aside from the plaintiffs'
lawyers. Arguing that 'users won' is delusional.

------
davidw
I agree, but most people probably haven't thought it through, or if they have
considered it, they're stuck on the revelation that they are the product, not
the customer. Perhaps some of these companies should be more up front about
'the deal' to their users, and what its boundaries are.

~~~
kcurtin
What is wrong with being both? To me it seems like a mutually beneficial
relationship. I am getting tremendous value from using their site to interact
with and stay connected with friends. They are using my data to make money by
serving me unobtrusive ads that don't really negatively impact my user
experience.

I do think that being more upfront and more transparent would be a good thing,
there are alot of misconceptions out there.

~~~
pingswept
If Facebook were simply showing me ads for stuff I mentioned, or something
like that, I would have no objection. "Hmm, this guy keeps posting about hats.
He must like hats. Let's show him some ads for hats!" No problem. That's
basically what I thought would happen when I signed up.

I did not expect that when I visited cnn.com, after having logged into
Facebook a week earlier, Facebook would log which articles I read. There was
no reason for me to think that clicking "remember me" when I logged into
Facebook also implied "and also remember my browsing history on all of your
partner sites."

That's the behavior that pisses me off, not the targeted ads that you
mentioned.

(I assume it's obvious why logging a subset of my browsing history without my
consent pisses me off, but let me know if that seems odd and I'll explain
more.)

~~~
etha
It's not obvious to me. How were you harmed by facebook logging this data?

~~~
pingswept
I'm not actually asserting that the logging itself harms me, just that it
pisses me off.

The reason it pisses me off is that my browser history reveals things about me
that I'd rather keep private. Facebook is taking that from me without my
consent. I would feel approximately the same if I discovered they were
stealing stuff out of my garage without my consent-- it wasn't part of the
deal I thought I agreed to.

Without getting into the details of my particular situation, I'll just say
that I have political and religious views that I think are unpopular, and I
don't trust the rest of the world to treat me fairly were those views made
public. Also, even my views weren't unpopular now, I want to be judged for
what I do, not what I read about on the web.

(I should also add that I don't think any of the private stuff that I
mentioned is creepy; it's just my private business. For example, I might feel
the same way if I were gay and lived in Mauritania (see
<http://en.wikipedia.org/wiki/LGBT_rights_in_Mauritania>).)

Seem reasonable?

~~~
etha
Not really, no. Please correct me if I'm misunderstanding facebook's tracking
system, but I don't think your browser history is being captured here. You are
viewing pages that have a facebook widget on them, and if you have a facebook
cookie that says "pingswept", this tells facebook that pingswept visited a
page with a specific widget on it (and thus, which page). Facebook is not
taking anything from you that you are not sending them - the issue is that a
website that is not facebook is passing your information on to facebook.
Aren't _they_ the ones that deceived you, not facebook?

~~~
pingswept
I believe you have explained the mechanics of the system correctly.

As to who is doing the deception, I think you're right that (in the example
we're discussing) cnn.com is being deceptive. That's a good point; I hadn't
really considered the complicity of the partner sites.

But in the end, Facebook is producing widgets, building a system to receive
data from those widgets, and working with their partners to deploy those
widgets. This system of data transmission is in no way obvious to normal
people; if I weren't a web developer, I'd just think I was seeing a "like
button image," and that's it. That's the part that pisses me off-- I think
it's sneaky, not just me complaining about something I originally agreed to.

Just out of curiosity, and assuming you actually have a Facebook account, this
really doesn't bother you at all? Should it be obvious to me that buttons I'm
not clicking may be transmitting data to other sites?

~~~
etha
This may not be a realistic expectation now, but I think that as the general
population becomes more technologically literate, for the average person, the
presence of such a button should indicate "this website has some kind of
relationship with facebook/reddit/google - if I care about what data they are
sharing, I should probably check their privacy policy." And I think that 99%
of people won't care. My admittedly idealistic belief is that the solution to
this "controversy" is for everyone to recognize that we shouldn't try to apply
pre-internet expectations and beliefs about privacy to the modern world.

~~~
pingswept
That doesn't seem crazy to me as an expectation for the distant future. Right
now, I'd estimate that 95% of Facebook users would be at least irritated if
they knew the full extent of the data that Facebook collects. I wouldn't be
surprised if that dropped down to 25% 50 years in the future (assuming some
new Facebook-like entity that pulls similar bullshit then).

The good news for me is that I'll probably be dead by then, or at least most
of my friends will be, so Facebook will be of no interest to me.

I'm curious about why you describe your belief as idealistic. Specifically,
what is ideal, or even good, about Facebook logging a subset of my browsing
history? I understand it's potentially profitable for them and their partners,
but that's not a benefit to me.

My idealistic view, which is substantially in conflict with yours, I think,
would be that Facebook just serve me targeted ads and forget about the rest of
it. Why would your ideal future be better? (I'm assuming you don't work for
Facebook or one of their partners.)

------
chris_dcosta
I think what irks me most about this is the laziness in relying on user data
as a means to sell advertising to fund their "services".

The writer poses the question "what's the alternative?" to this business
model. My answer, "Stop being lazy about it and come up with a new model. I
have."

It might work it, it might not, but we all have to keep trying if we don't
want what there is now - and the implications.

We are uniquely positioned to come up with another avenue of generating
revenue so it doesn't have to be this way.

I'm sure if you work at Facebook or Google you see no harm in gathering and
cross-polinating the data, I can see the sheer power of what you can do must
be quasi-orgasmical, and it must almost have a life of it's own. Just how much
can you gather, from how many different methods? It's like a college project
with no limits but it won't last forever, someone somewhere with something
different, will come and take that crown, and maybe, just maybe, it won't be
as clandestine as it is now.

------
kb101
Selling data is not the problem; the problem is the emerging social norm
whereby letting data about your life be aggregated and mined proves you are a
trustworthy person. We are already at the stage where simply not having a
social networking presence makes you suspect.

Eric Schmidt's "If you have something that you don't want anyone to know,
maybe you shouldn't be doing it in the first place" and Randi Zuckerberg's "I
think anonymity on the Internet has to go away" are some choice quotes that
should give anyone pause.

"Go ahead, sell my data" doesn't bother me. "How come you aren't putting
yourself out there and letting your data be sold like the rest of us" bothers
me.

------
rickmb
All the arguments that defend Facebook e.a come down to: "making money trumps
human rights".

There's no arguing about this subject with people who believe that people
should not have the right to control their own data, just as there is really
no arguing with people who don't believe in the value of free speech or the
right to vote.

This is not meant as an insult. Believe what you believe. But if you want to
argue the reality of negative consequences, please pick up some history books
first. And if you do business in my part of the world, respect the local law.

~~~
webjprgm
> There's no arguing about this subject with people who believe that people
> should not have the right to control their own data,

There's no inalienable human right to data about you unless you want to argue
that it's somehow your property. (Or that it relates to life, liberty, or the
pursuit of happiness). More likely data about you is just information on a
public stage.

If I see you walking around town and write it down, is that illegal? Am I
steeling something from you? Is that illegal search or seizure? I'm creepy,
yes, but I'm not infringing anyone's rights.

So we're all just creeped out by Facebook. As yet no one is being harmed.

~~~
merijnv
You seem to be, as are many others in this online debate, using the fallacious
assumption that all of the world is the US.

> There's no inalienable human right to data about you

Eh...yes there is. Maybe not for you, but I, and others who were born in the
EU have quite inalienable rights to data about us.

EU laws quite explicitly state that, yes, I _do_ have an inalienable right to
data about me, unless I explicitly (and possibly temporarily) grant a company
access to it.

A company is legally obligated to provide me a list of all data they have on
me, plus the ability to change this data, including me demanding all of it to
be deleted.

Is this relevant in dealing with US based companies? No. But of course the
EULA of Facebook specifies that European users have an agreement with Facebook
Ireland, meaning all these EU laws apply to this relation.

> If I see you walking around town and write it down, is that illegal?

No, but writing down and storing that you saw me walking is...

Now, maybe you don't care about what right you have to your data. But I do,
and I endorse any action forcing big companies like Facebook and Google to
comply with the EU law, which firmly puts _me_ back in control about my data.

------
MichaelApproved
What if your "private" data were sold on the open market?

What if your boss checked which sites you visited before hiring you? What if
you wanted to keep something from your wife or your children? What if the
person you just met at a bar wanted to find out all the pages you visited?
What if a stalker wanted to know where you shopped and what you bought?

All of the above can easily be done with just the tracking information the
Like button has.

------
jakejake
A typical "evil" example is health insurance companies who may be interested
in your participation in health-related facebook groups.

A good rule of thumb is to just assume that anything you post could be made
available to any company.

------
pothibo
Damn right, I don't understand why people are going all up in arms for privacy
on the Internet, this is _Internet_, you know, the place where everything is
public.

If you want to show your life on the Internet, you have to expect some people
taking interest in it, whatever the intention.

What I can't understand is how we are all upset about Facebook, Google, Apple,
Microsoft and our privacy when we have NEVER given a damn about how credit
card companies profile their client.

And credit card companies are so much worse because they first sell you credit
card (via flat fee or interest rates) and then profile you and use that
information to sell you even more stuff.

~~~
kokey
I actually find it a bit funny when people put up personal data for the sake
of sharing it with others over a public network, then go on complaining about
privacy.

~~~
cbr
These users want to be able to share their information easily with a
restricted set of people they know.

I don't see what's funny about them complaining about privacy when their
information is shared with people they did not intend it to be shared with.

(I'm a heavy social network user, but I mark everything public and don't trust
or expect facebook or google to keep anything private)

------
vorbby
I couldn't agree more. Really don't see what the big deal is. In a perfect
world, they wouldn't be selling my data, and I wouldn't have to pay for all
the services I use.

In the world we have, though, I'll take what I can get.

------
gghootch
A lot of my peers would say this is just one line of code away from a society
in which our every single action or movement is influenced by hyper
personalized advertisements. They fear losing control of their own lives.

I say bring it on. I look forward to the day when an algorithm tells me my
taste buds prefer extra spicy beef panda express, order now and have it air
delivered to you in ten minutes

~~~
viscanti
Relevant advertising is relevant. Everything else is a waste of everyone's
time (yours and the advertisers). Steps should be taken to safeguard privacy
(you should never get a letter blackmailing you because of what you've done in
the past), but if the focus is on making sure you only get relevant
advertising and everything else is filtered before it gets to you, I consider
that a win.

~~~
elehack
One major concern that remains relevant is the prospect of abuse. You can't
steal, misappropriate, or abuse what doesn't exist in the first place. You
can't subpoena or execute a warrant to retrieve data that was never stored.

Privacy laws and rules provide some projection, but that only goes as far as
they are enforced. Nonexistence of data cannot be subverted and is a much more
robust protection against the data falling into the wrong hands.

The issue isn't necessarily who has the data now. It's who might get it later.

~~~
kcurtin
I think the concern over data coming back to bite you in a legal setting is
more valid than others, but is still only relevant in very specific cases. Who
else falls into the category of the "wrong hands" and what harm could they
really do with a list of my interests, preferences and other information I
make available on whatever social networking site I am on?

~~~
elehack
Short version: lulzsec and blackmail/public embarrassment.

Intruders count as the "wrong hands". A future buyer/board/CEO with fewer
ethical scruples than the current managers of a given data set may count as
the wrong hands, or allow it to fall into other wrong hands.

------
youarered
I might agree to let companies sell my data if they told me which data they
were selling, to whom, and asked me nicely first instead of just doing it.

------
Francon
Is this really a problem or are people just reacting to hype? It seems to me
that our data has been monitored for years both online and offline. That data
is used to target businesses marketing messages but its nothing new. For
example, insurance companies collect data on people and re-sell it to
marketing companies. They then use that information to send you custom
messages in the mail or offers based on your demographics. Data on customers
will always be sold to advertisers and frankly, we should encourage this
evolution. Instead of watching advertisements for motorized wheelchairs during
"Murder she wrote" (I cant help it, I love that show) It would be more
enjoyable if I saw advertisements for something like Motorized Dirt Bikes.
People will always have to see advertisements so isn't it better to see things
that interest you? If the product is free, you are the product and I prefer to
be sold to what intrigues me.

~~~
elemenohpee
There would be no problem if advertisements were a good faith effort meant to
inform you about a product you may be interested in. As it stands, they are
attempts to manipulate people into making irrational choices. Giving
advertisers even more tools to get into your psyche and understand how to most
effectively push emotional buttons for their own profit is not a comforting
thought to me. We're assuming that advertisers would just be getting
demographic data, but it would probably go much deeper, and it could be used
for broader purposes. For example, Facebook sees that you're upset about
losing a football game, here's an ad which says that you're not a man unless
you drink this light beer. Or maybe you got dumped by your girlfriend, here's
an ad showing a happy couple drinking Corona. They could also analyze broader
trends. There seems to be a lot of middle school girls talking about this
band, let's use them in our next advertisement for this frivolous fashion.
Yes, this is already happening to some extent, but they could be much more
effective with a data set like this where people assume they are talking to
their friends. I'm not a marketer, so I'm sure someone in the industry could
come up with even more "creative" ways to use the data.

------
jellicle
I'm not sure the poster understands. The information that is sold can be and
is linked up with other information. The big consumer database companies in
the United States maintain databases with thousands of fields of data per
person in the U.S.A. That's today (or ten years ago). Tomorrow, or ten years
from now, it will probably be hundreds of thousands of fields of data per
person in the United States. Your consumer profile, readily available for
sale, will include not only the fact that your favorite tampon brand is Tampax
Ultra with Wings (that's already there) but also that you take medication for
incontinence (that's already there) and that you spend 15 minutes every day at
the local coffee shop during working hours (beep! This app requests to know
your location Y/N?) and that you view a disproportionate number of webpages
dealing with alcoholism and depression on days after days in which you have
purchased 2L bottles of Wild Turkey.

Facial recognition is shortly going to render every digital photo and video
ever uploaded to the net FULLY IDENTIFIABLE as to all of the people pictured.
Coming in 2020: a startup (or Facebook plugin) that traces your entire life
through publicly available photos and videos.

Kevin Curtin has a very limited imagination regarding the privacy apocalypse
that is upon us. The data shadow that follows every person around is already
huge, and will become gargantuan. It's already inescapable and out of your
control.

~~~
gyardley
The first time someone takes facial recognition software and allows the public
to easily apply it to amateur porn, there's going to be some fireworks.

That uber-detailed personal profile used without your consent worries me a bit
less - while we'll get to the same place, it'll be completely because of
_voluntary_ sharing of information. You'll _want_ that profile, because it'll
save you lots of money.

People tend to worry that negative things will happen to them if information
about them is used without their consent - for instance, your example might
worry that his insurance premiums will go up because he's buying Wild Turkey
in bulk and surfing pages on alcoholism.

This will never happen.

In reality, _positive_ things will happen to people when they _freely consent_
to share _positive_ information about themselves - and as those people are
rewarded, the pool of people who don't share becomes riskier and is therefore
economically punished for not sharing.

Two examples that are with us today:

\-- Car insurance. Students with better grades tend to have less accidents, so
you can get a better insurance policy from your provider by voluntarily
turning over your grades. Since turning over your grades is a simple thing,
the result is predictable - if you _don't_ turn over your grades, it's safe to
assume you have bad grades (and therefore are an accident risk). You've kept
your privacy, but your premiums are still going up.

\-- College tuition. To qualify their kids for student loans and aid, parents
have to supply full documentation about their income. Parents do so
voluntarily, because it can only benefit them - but this means if you _don't_
submit documentation about your income, the college can safely assume you have
a lot of money, and you get charged the highest possible tuition. Keeping your
income private could cost you tens of thousands of dollars a year.

When personal information starts being used for things like insurance
premiums, Blue Cross won't be creeping through your credit card receipts
without your permission - instead, they'll invite users to voluntarily share
their web, purchase, or location history, and they'll use it to reward them
with a discount. As more and more users do so and are rewarded for the healthy
lifestyles reflected in their data, the body of people not bothering to share
will get riskier, and their premiums will rise.

Same outcome, no privacy violations.

~~~
Psyonic
That's one side of things. Knowing that you drink heavily on weekends might
raise your insurance premiums as well... every little bit of data can go one
way or the other, and it's not true that they are already assuming the worst
about everyone, or we wouldn't be insurable.

------
sambeau
Very few sensible people are worried about anonymised, aggregated data being
sold in return for a useful free service.

But what of the more specific nature of some of the things you and your
friends discuss on Facebook?

What if bosses or potential employers could pay to look at your timeline? What
if they could ask to see your GPS tracking data? What if Facebook could rent
out user info to advertisers based on like button activity? Ever 'liked'
anything pretty dodgy?

The point isn't that, obviously, they can't and probably won't at the moment.
The point is how far down this route do we want to go and at which point
should we draw the line.

------
csears
I agree with OP. People are mostly over-reacting. Trying to regulate the
collection of personal data is a waste of time.

We should be focused on limiting the 'evil' applications of personal data,
regardless of the source. If an employer, bank, or insurance company
discriminates against you on the basis of personal data they purchased from
Facebook, Facebook isn't the offender.

We regulate the credit rating agencies and how credit scores can be used.
That's sufficient. Why wouldn't a similar model work for personal data?

~~~
DanBC
Facebook is the offender for gathering all that un-needed personal data; and
then for processing it; and then for selling it without the permission of the
data-owner.

To be clear: Gathering too much personal data, and holding it (even when the
user has asked for it to be deleted) _is itself an evil application_ , and
that is why the EU has laws about it.

------
drivingmenuts
Once consequence of them not being able to sell my data is that these
"services" wouldn't exist.

And surprisingly, seeing what they are and are not capable of, I don't have a
problem with that.

------
jonmc12
Its simple - FB is not transparent about the value exchange. Why?

We represent top 1% most aware users here.. most users do not understand they
are exchanging their data / attention for a social networking service.

------
mbeattie
Is personalized data like browsing habits or GPS info or anything else they
collect market on and sell considered intellectual property? If so why can
these companies sell it without compensating me?

~~~
jasonlotito
They do, via their services. You visit X site, and read it's content. Your
browser makes requests for various files, and the server hands it to you. If
site X uses site Y, and you fetch site Y files, you are still using site X.

------
rnrl
the writer must be Canadian to blindly trust the public profit hogs that are
our data keepers. he probably also doesn't lock his front door

