
What Data Does Facebook Collect When I’m Not Using Facebook, and Why? - rock_hard
https://newsroom.fb.com/news/2018/04/data-off-facebook/
======
djrogers
If one takes out all of the defensive posturing (entire paragraph explaining
that Twitter, LinkedIn, Amazon, and Google all do the same thing), and the
intentionally simplified (cookies, which are identifiers that websites use to
know if you’ve visited before), we are left with this:

Facebook tracks virtually every website you visit, as well as usage data from
many apps, even if you aren't logged in to facebook or don't have an account.
We use this data, and tie it to your identity whenever possible, so we can
charge advertisers more money.

~~~
spike021
I mean, I interviewed with a company last week for a software engineer role. I
won't name names, but I was basically told a bit more about what they do, and
the idea was "we track customers across shop websites to see what items they
prefer, what types of items, how often, color, etc. etc., and build relations
between all of these attributes to help surface more of what the customer
wants to buy."

And here I was thinking people the past month or so are putting FB at the
forefront of the conversation about the use of what should be private data,
when there are already companies doing this everywhere on the Internet. Any
typical website with a storefront (Macy's, GAP, etc.) track what you buy,
when, why, etc.

It's definitely about more than Facebook. I don't blame FB PR for making sure
to explain other companies are using your data and basically manipulating you
with it.

~~~
tomc1985
I once showed up to one of those MIT Biz-Tech mixers a few years ago and one
of the presentations we had to sit through was an almost appalling peek at one
of these tracking systems through the eyes of its enthusiastic business owner.

Afterwords we had time for open questions, and I joined the line. When it
became my turn, I asked the owner about whether he had any ethical or moral
qualms about what he was doing and he just laughed. He gathers data from
hidden interactions with client websites (fashion brands, for this demo) to
quite literally 'follow the customer around' and 'influence their purchasing
decisions'. He was quite proud of just how deep into his shoppers' lives his
product was integrated.

When I looked around the room during the height of this exchange, most
everyone seemed indifferent and only a few seemed to acknowledge or validate
my arguments. It was a supremely disappointing and depressing experience.

~~~
mlevental
no one is forcing anyone to buy shit. i'm on the internet all day browsing all
sorts of sites and all of these companies are completely powerless wrt to me.
you know why? because i haven't bought anything except underwear from amazon
and groceries from my local supermarket in about 9 months.

~~~
JustSomeNobody
Oh, yeah? I bet you think you picked the brands you bought, too.

~~~
mlevental
brands of what? milk? eggs? cheesy crackers?

------
bamboozled
This is getting so ridiculous, I really dislike how Facebook is using the
issues of late as a way to "reeducate" people on how it's ok to be doing what
it's doing. It's not ok, and not acceptable.

It's a shame we've allowed a web to be built which allows for this kind of
exploitation.

I'm also acutely aware that it's not just Facebook.

~~~
ProAm
> It's a shame we've allowed a web to be built which allows for this kind of
> exploitation.

Allowed? We volunteered for it.

~~~
BRAlNlAC
The same way I 'volunteered' for Selective Service in the US when I was 18.

~~~
ProAm
No, way different.

~~~
stochastic_monk
You can choose to not use the internet, but that's probably akin to choosing
to living in another country to avoid registering for the secret service.

------
Someone
“We give you a number of controls over the way this data is _used_ ”

“You can remove any of these advertisers to _stop seeing_ their ads.”

“Finally, if you don’t want us to _use_ your Facebook interests to show you
ads on other websites and apps, there’s a control for that too”

Reading that critically, there doesn’t seem to be any way for Facebook users
to control what data Facebook _collects_.

I wonder whether that page will change due to the GDPR.

~~~
kristianc
Facebook would legitimately be able to argue that the ad targeting is part of
their core product, the ads are critical to the function of the website, and
that you agree to have your data processed by signing up.

~~~
Angostura
From my understanding of the GDPR, no I really don't think that they would be
able to argue that, actually. Particularly when I'm not logged into their
site.

~~~
zjs
IANAL, but I think it depends on what data they collect.

Part of running any advertising business is accurately billing the
advertisers. To do that, they need to measure enough information to track
viewed impressions, click-through rate, etc.

If they collect only enough information to perform business functions like
these, I believe that would constitute a legal basis for processing under the
GDPR.

They may have a harder time using that justification for information that is
only needed for ad targeting. In that case, consent may be an easier legal
basis for them to establish, for which an account would be useful.

------
aestetix
Two questions Facebook needs to answer:

1\. If I don't have a Facebook account, how can I delete the data Facebook has
collected on me without creating an account?

2\. If Facebook doesn't sell data, what is the purpose of shadow profiles?

~~~
drb91
> If Facebook doesn't sell data, what is the purpose of shadow profiles?

Presumably to sell you ads, which Facebook doesn't consider selling your data
--it's just selling access to you, which is only valuable because of the data.
Does it really matter if they didn't sell your information if they just used
it to show you the same ad they would have showed if they had sold your data?
It seems they're relying on the idea that advertisements are somehow an OK
form of privacy violation.

~~~
aestetix
How can they show me an ad if I don't have a Facebook account?

~~~
bunderbunder
Two ways:

1\. Facebook runs its own ad network, so you might see Facebook ads even if
you never go to Facebook's website.

2\. You might still go to their website even if you don't have a Facebook
account. Many local restaurants and community organizations only have a Web
presence through their Facebook pages.

------
mikestew
All I know is that the Pi-Hole at our house says Facebook domains are blocked
_way_ more than anything Google has running (w/o the numbers in front of me, I
wouldn't be surprised if it's an order of magnitude difference). And neither
one of us has a FB account, that's just from the craplets littering your
average web page.

Kudos to FB for posting this in understandable languague. OTOH, it does have
the scent of trying to get ahead of $SOMETHING.

------
thijser
"When you visit a site or app that uses our services, we receive information
even if you’re logged out or don’t have a Facebook account."

Then at the end under "What controls do I have": "you can opt out of these
types of ads entirely — so you never see ads on Facebook based on information
we have received from other websites and apps." Except that that's only
possible when you're logged in. The link they provide doesn't work for logged
out users. It seems they don't provide any control tools for logged out
users/non Facebook users.

~~~
mgummelt
The type of ads you see on FB is only relevant to FB users.

~~~
gervase
Then I seem not to understand the benefit they see from tracking non-users'
information - how can this be of benefit to advertisers if these users are
never targeted? In particular, what benefits would be generated by linking
this tracking information with the real identify of a non-FB user (that
couldn't also be leveraged in a semi-anonymous way)?

In other words, I see the benefit to FB of being able to say "Person A likes
1, 2, 3; User B likes 1 and 2 - perhaps they also like 3?" where A is a non-
user and B is a FB user, but I don't see the benefit derived from identifying
Person A to advertisers if they can only target that person on FB, where they
aren't a user?

~~~
mgummelt
They don't allow advertisers to target non-users. I'm sure they use non-user
data for clustering, just as you described.

They also probably use it when the user finally does create a FB account.

------
marcell
Contrary to most comments here, it is significant that other companies do.
Facebook competes in the free market. If they scale back on data collection,
that will hurt their offering to advertisers and cost them money that will go
to Google and others. That lost revenue will harm their ability to retain
talent and build new products, and ultimately cost them their user base. “We
don’t track you” is not as compelling a feature as “free video chat across the
globe.” Facebook doesn’t operate in a vacuum. They can’t scale back data
collection unless others do. Moreover, the United States doesn’t exist in a
vacuum either. Scaling back all US companies will give a leg up to competitors
in more lenient jurisdictions.

~~~
raz32dust
This is an important point and I wonder about it often. Especially the last
one about countries that are lax on individual privacy. Imagine what China or
Chinese companies could do with the genetic information they collect from
their population. The lack of regulation is scary, but at the same time, they
will be at the forefront of genetic engineering and designer humans. Can't
think of any solution other than a World government. EU and AU has shown it is
possible.

~~~
jamiek88
Is a world government necessarily a bad thing?

A union of federated states globally could be a significant force for good.

Impossible for the forseeable future of course but why immediately dismissed
as a scary outcome?

~~~
raz32dust
I meant it as a good thing. Some things will need to be regulated at the
global level. We are already seeing global problems - global warming being the
prime example. I think we will end up either destroying ourselves or end up
with a world government. World government will clearly be the better outcome.
How that government works would also be an interesting topic for science
fiction. Hint: I don't think it will be a democracy.

------
creo
There is no option to pay them to not see the ads. There is no option to pay
them so they don't gather information about You. THEY OWN YOU. Even if
Facebook gets out of business, other will do it. Your phone, your TV, watch,
fucking juicer whatever connected to internet is collecting information. THERE
IS NO WAY TO OPT-OUT. It may sound creepy and disconnected from reality, but
in the core that's exactly what it is. You may not like it, You can disagree,
but it happens anyway.

~~~
dspillett
_> There is no option to pay them so they don't gather information about You._

I would absolutely 100% not trust that they wouldn't track me anyway. How
could they not? Even if I trusted them (which I don't) it isn't possible:
they'd at least need to know it was me where-ever I want so they'd know to not
track me as I'd paid...

Would you pay someone to not follow you down the street? If you did you'd have
a queue of people following you to collect their "share".

~~~
creo
Yes. They need to identify You to know that You don't want to be tracked. Also
DNT header is like laughable IT meme.

------
cag_ii
It's interesting that the "Privacy Controls" seem to only change how you see
the data they've collected about you, but doesn't seem to change how or when
they collect data about you. That doesn't sound like privacy control at all!

------
AdmiralAsshat
> What controls do I have?

> As Mark said last week, we believe everyone deserves good privacy controls.
> We require websites and apps who use our tools to tell you they’re
> collecting and sharing your information with us, and to get your permission
> to do so.

Bullshit.

I downloaded Facebook's data on me and found about 40 websites they said they
had shared my profile with. I didn't authorize that. FB doesn't give me the
ability to "revoke" permission to have my info shared with them, either. Nor
does it allow me to request that the information on me given to those third
parties be deleted.

~~~
bertil
Actually, you absolutely can on
[https://www.facebook.com/ads/preferences/](https://www.facebook.com/ads/preferences/)

\- Advertisers you've interacted with

\- - Who have added their contact list to Facebook

Hover over those you don’t know about; the X let you “Remove” those, i.e. ask
Facebook to exclude you from those advertisers’ targeting.

If you are in Europe, you should be able, starting next month, to leverage
that list to ask those advertisers _how_ they got your data, and expose data
brokers. Facebook is simply (finally) offering you the ability to track data
brokers.

~~~
trendia
Once the data has been given to a third party, we can no longer be guaranteed
that the third party will delete it. That was one of the main problems with
Cambridge Analytica -- they claimed to have deleted data but may not have
actually done so.

------
harry8
"other people mug passers by too!"

Can we just avoid this defence. The first one you catch, you prosecute fully
and punish appropriately according to justice. Almost nobody knowingly signed
up to be tracked everywhere they visit on the internet. Hiding it in fine
print is every bit a con. You have ensure your conterparty understands the
full extent of the contract or you have fraudulently obtained consent.

Facebook now. They should be fully prosecuted. Then we catch the next crook,
and the one after until the lawlessness is dealt with.

------
phtrackingthrow
Throwaway for reasons.

My wife and I enjoy porn in our relationship. On my birthday last year, we
were settling in for some, romance, and we open up pornhub only to find ads
trying to entice me into a discount subscription for my birthday. They knew it
was my birthday! Which, really freaked me out because:

1) I don't have or never have had an account with them. I've never given them
my age and birthday. In fact, I _never_ give out my birthday on the internet.
I don't even have a Facebook, twitter, or any other social media account.

2) It was on my wife's tablet. I never ever use her tablet, especially for
browsing porn.

Anyone have an idea the machinery involved in making this determination?

~~~
movedx
If you have two devices in a house and one never accesses Google and the other
does, Google will know it's you using the non-Google device each and every
time.

There's more to mining you then cookies and tracking pixels. They use IPs,
hardware and software profiling, behavioural patterns, and even the way you
type on your keyboard (this is very, very accurate.)

In short: you need a "clean room" (Tails) every time you go online and you
need to change where you're coming online from (VPN). You can also use tools
to change your keyboard/typing "profile" so as to cripple that means of
tracking. Oh and you can't login to virtually any online account at all, ever,
because these cookies can be used too.

~~~
rcraft
So if you use a VPN and incognito mode without logging into any online
account, Google, Facebook, et al can still track you accurately?

Curious any other tools besides vpn and private mode you would recommend?

Any more links to read about these behaviorial, software and and type style
tracking methods?

~~~
movedx
[https://ssd.eff.org/en](https://ssd.eff.org/en) \-- this is a great start and
will lead you down a rabbit hole of links, tools, and intrigue :-)

------
dspillett
_> What Data Does Facebook Collect When I’m Not Using Facebook_

Absolutely everything they possibly can.

 _> and Why?_

Because they want to in order to wring every last fraction of a penny out of
the worth you are as a data point to sell to everyone else.

And because no one is stopping them.

------
herodotus
> As Mark said last week, we believe everyone deserves good privacy controls.
> We require websites and apps who use our tools to tell you they’re
> collecting and sharing your information with us, and to get your permission
> to do so.

I have NEVER been told by a website that they are doing this, let alone asking
for my permission.

------
mhneu
The most important question is about "informed consent".

Yes, users consented to giving data to facebook. But they did so via a
convoluted click-through legal agreement, which almost no one reads, and which
denies Facebook access if you decline. Then they can use your data for what
are human subject experiments.

If any other human subject experiment was proposed to a review board with that
kind of consent form, it would be laughed out of the room, at best. No way
would that be allowed.

"Informed consent" is what Facebook -- and other data companies -- should be
seeking. We already have this concept for data and user protection in
research. We should just extend it to the private sector.

------
WA
Wow, wow, wow.

\- All others are doing it, so we're doing it, too and that's okay.

\- We collect data on you, even if you don't have an account

\- If you want to control your data, you need an account

\- Despite collecting even more (like your phone number, name and additional
info) from your friend's address book they shared with us, we don't inform you
about that and surely, there's no way for you to delete that info.

Fuck you, Facebook.

------
raggi
Not one mention of Adobe here after 12 hours. Y'all ain't seen nothing yet.

[https://www.adobe.com/marketing-cloud.html](https://www.adobe.com/marketing-
cloud.html)

------
mgummelt
> We require websites and apps who use our tools to tell you they’re
> collecting and sharing your information with us, and to get your permission
> to do so.

Am I missing something or does this line conflict with the rest of the post?

~~~
cag_ii
I think the technical term for this is "Passing the buck"...

------
QuadrupleA
Shameless plug, I have a little open-source social sharing icons project that
doesn't allow FB or any other services to track your website's users unless
they choose to share something:

[https://github.com/QuadrupleA/private-secure-sharing-
buttons](https://github.com/QuadrupleA/private-secure-sharing-buttons)

------
makecheck
Whatever we consider “data” right now quite simply needs to be thrown out,
replaced by things that are _MUCH_ more temporary (e.g. where even the largest
“collection” of data becomes useless within a week). And, access needs to be
explicitly revocable at any time by either party. There should actually be a
difference between, say, me giving _you_ “phone number” and me giving anyone
else “phone number” (directly or indirectly). Heck, even for my _street
address_ I’d feel better if I only gave out keys that everyone had to cash in
at the post office and let the post office convert it to my real house number.

There is no technical excuse at this point to have so many different bits of
sensitive information floating around. And many of these pieces of information
are permanently associated with you, meaning that _any_ slip-up _anywhere_ at
_any_ time can create a problem later on.

------
troupe
> In addition, you can opt out of these types of ads entirely — so you never
> see ads on Facebook based on information we have received from other
> websites and apps.

They have this listed as a privacy control, but it doesn't provide any way to
tell them to not compile a list of the other sites you visit outside of
Facebook.

------
paulie_a
Facebook is an outright PR war attempting to deflect their NSA scale data
collection. If Facebook went out of business tomorrow the world would be a
better place.

------
devilmoon
Question: Will I be able to force Facebook to remove my shadow profile once
GDPR goes live?

------
textmode
Up until now, wasn't Facebook collecting large quantities of data about users
from data brokers?

Why were they acquiring that data about users?

In the leaked memo from a Facebook senior executive, what did he mean by
"questionable contact importing practices"?

Do contacts count as collected data?

Why does Facebook collect contacts data, and why does FB collect it in ways
that are "questionable"?

Why are the contact importing practices questionable?

------
marze
They may not know everything about everyone, but they are working on it.

$500B market cap: the market thinks they will succeed.

------
Rafuino
Just spent 20 valuable minutes blocking ads from all the random companies,
political campaigns, and celebrities who've somehow gotten hold of my contact
information and added me to their list. Americans for Prosperity had me on
their list for ~30 states, and that's just one of scores of organizations that
I've absolutely never dealt with or wanted to provide my information. What I
want to know is WHO sold/shared my information to these organizations in the
first place. I'd also love for FB to give me to option to hide all their ads
without clicking on every.single.one (again, there were hundreds of them...)!

------
askvictor
At what point does should web-browsers start to interfere with this data
collection? I'm aware of extensions that do this, but the average user isn't
going to install one (or remember to reinstall it after they've got a new
computer). The Do-Not-Track header seems to be dead in the water - should
browsers make a more aggressive move against this? It's obviously a conflict
of interest for Google (since they both have a competing product to FB, and
like to do a heap of similar data collection themselves) as well as a possible
Anti-trust concern; but Mozilla, Apple and Microsoft could be stepping in
here.

~~~
TheForumTroll
Firefox has containers and a special one just for Facebook. Apple will only do
so if the have a way to get money out of it.

~~~
ec109685
If you never go to Facebook, Safari will prevent Facebook from building a
profile across the sites you visit. For each parent site, Facebook will
receive different cookies, which defeats their system.

------
fenwick67
> Social plugins, such as our Like and Share buttons, which make other sites
> more social and help you share content on Facebook;

It's very disengenuous of them to mention that they collect data on you
_whether you click the button or not_.

~~~
mverwijs
Not to mention having the gal to call it 'being social'.

War is peace. Invading privacy is social.

------
dcow
The comments are full of personal anecdotes along the lines of "I've been to
those meetups.", and "I worked at a place that bought that kind of data.", and
the article: "everyone else does it". What's troubling me is the question,
"what incentives do average employees in the tech industry have to operate in
a morally admirable manner?". It seem very few, if any. Sure we lack explicit
moral guidelines, but what if instead of, or in addition to, focusing on
punishment of companies that get ugly, what if we incentivized employees to be
respectful citizens? This isn't absolving capitalism of its flaws by any
means, more it's acknowledging them. But punishing evil corp is so reactive.
Why is the average employee so willing to sell out their fellow citizens, and
ultimately themselves, for a paycheck? The obvious answer is, "it's a
paycheck". But have we really lost all ability to hold a moral compass? I'd
rather not believe that, so how do we calibrate at least a basic set of
guidelines that actually effect change in a global industry? Other industries
solve this problem with ethics boards and operating licenses. But other
industries are arguably more localized. I also suspect many here would find
such things anti-egalitarian and generally be against the idea. What other
options exist?

Note: I normally prefer reactive punishment because it doesn't impose
worldviews and agendas on people--jury of peers makes punishment human, etc.
I'm also somewhat morally relative, but it doesn't take a genius to understand
that economically viable and moral are not equivalent. The issues of digital
data privacy and data ownership are issues of fundamental human rights, and
many of us operate under governments founded on principles defending such
(point being I concede not everything is relative, and I think socially our
efforts are best served defending things we have very little argument about).

~~~
thinkingemote
Morally one could extend this to average employees in the tech industry whose
work utilises online advertising. Whether buying ads, or putting ads on their
services.

I'm sure there are thousands of active and passionate Hacker News users, many
reading these very words that support online advertising through their job.
Perhaps they are wisely being quiet? Perhaps it's because the whole issue is
murky and morally ambiguous.

Now - one can make the case for ethical advertising... so why don't we?

------
timvdalen
Is it just me or is the tone of that article extremely condescending?

I realize they feel like they are 'educating' people, but is this really the
best tone to take when you are under such scrutiny?

------
denzil_correa
All of this misses the key questions : Where does Facebook use the data
explicitly and for what explicit purpose? Will Facebook notify every time data
is used and in what capacity? Why or why not?

------
muglug
> Ad Measurement. An advertiser can choose to add the Facebook Pixel, some
> computer code, to their site. This allows us to give advertisers stats about
> how many people are responding to their ads — even if they saw the ad on a
> different device — without us sharing anyone’s personal information.

So I can look at an ad in Mobile Safari, and go to the advertiser's website in
Chrome on my mac, and Facebook counts that as a referral, because I'm logged
into FB on both browsers. Makes sense, but sort of creepy.

------
sakopov
They track everything because others do it too. They also seem to imply that
it's a totally normal thing for anyone to be doing this. The tone of this
piece is really astounding.

------
awakeasleep
Nothing mentioned about the fact that with all your friend's address books,
they have a node for you on the social network graph, even if it's implied.

~~~
Angostura
Since FB owns WhatsApp, I'm sure it's pretty explicit, not implied.

------
mirimir
> What controls do I have?

David neglected to mention that one can easily mark facebook.com as untrusted
in NoScript. Ditto for linkedin.com, google-analytics.com, etc.

~~~
cJ0th
> David neglected to mention that one can easily mark facebook.com as
> untrusted in NoScript.

but don't they use hundreds of other domains for tracking that you may not
even know?

~~~
mirimir
In NoScript, I allow only domains needed to minimally render the page.

------
makecheck
The presence of privacy “controls” isn’t very reassuring, even if Facebook
were the most trustworthy organization in existence. Software has bugs. They
can’t really prove that their closed implementation actually works in every
case that it should (or more important, that their “controls” will continue to
work after years of developer turnover, technical debt, etc.).

------
tallanvor
> Ad preferences shows you the advertisers whose ads you might be seeing
> because you visited their sites or apps. You can remove any of these
> advertisers to stop seeing their ads.

I want the ability to have this linkage severed permanently. If an advertiser
uploads lists with my information, I want Facebook to pretend I don't exist
for the purposes of matching me to ads.

------
DavideNL
To get a list of ALL Facebook ip's to block them with your firewall:

    
    
      whois -h whois.radb.net '!gAS32934' | tr ' ' '\n' | awk '!/[[:alpha:]]/' > facebook.list
      whois -h whois.radb.net '!6AS32934' | tr ' ' '\n' | grep '::' >> facebook.list

------
exabrial
I have no commerical interest, but I read [http://MeWe.com](http://MeWe.com)
manifesto on free speech and it's a platform I'm willing to support. If you
guys are looking for a FB alternative, it seems to pass the sniff test. I'd be
interested to hear opinions agreeing or disagreeing.

------
rawland
Can anybody post a pastebin or the the text of the page for the people
blocking everything-FB on /etc/hosts level?

~~~
devilmoon
[https://pastebin.com/NJqLg1Pm](https://pastebin.com/NJqLg1Pm)

~~~
rawland
Thanks.

------
laythea
Everyone keep talking about Facebook, but what about the people who write our
Operating Systems? Microsoft, Apple etc. Imagine the data that they have.
Surely this whole Facebook privacy thing also applies, but I have not heard it
mentioned once. What are we going to/can we do about the operating systems?

------
wollstonecraft
Is there any way to keep the faceberg android apps from starting on their own
after you've force-stopped them?

~~~
junnan
Uninstall and use chrome version.

~~~
milcron
On some phones, Facebook comes preinstalled as a system-level app that cannot
be uninstalled.

Idk what to recommend other than getting a phone that doesn't do that to you.

~~~
jpl56
On my phone, I never logged in to Facebook through the app and deactivated it
and use the website, I hope it's sufficient.

------
intrasight
Even if I keeled over dead tomorrow, FB would be collecting about me via all
my still-living family and friends.

------
jonbarker
I don't see any mention of these URLs anywhere:
[https://github.com/jtbarker/nofbtracking/blob/master/blockfb...](https://github.com/jtbarker/nofbtracking/blob/master/blockfburls)

------
gavreh
To Completely Block Facebook:
[https://github.com/jmdugan/blocklists/blob/master/corporatio...](https://github.com/jmdugan/blocklists/blob/master/corporations/facebook/all)

------
troncjb
One thing missing from this entire conversation: I personally signed up for
Facebook at the age of 14. In fact, my friend made it for me and I took it
over after he successfully harangued me into using it. I never, as an adult,
consented to this statutory data rape.

~~~
devilmoon
This is something really important to consider: Should Facebook be allowed
only for 18+ people? If I remember correctly they allow 13yo and up to sign up
and I don't think they have the legal abiliy to consent to this level of data
sharing

------
JustSomeNobody
When I'm at Target I kinda expect them to keep an eye on things I buy and let
me know of things I might want to buy.

What I don't like is when they follow me over to Panera and look over my
shoulder at what I'm ordering there. I think that crosses a line.

~~~
rootlocus
What if Panera installed special cameras provided by Target?

------
iaskwhy
Very useful link in the article showing some of the things Facebook knows
about you:
[https://facebook.com/ads/preferences](https://facebook.com/ads/preferences)

~~~
hylianwarrior
Only works if you have an account.

------
campuscodi
They could explain it, but I still don't like it. They should provide a
setting that lets me disable off-site tracking. I shouldn't have to use a
Firefox add-on to block their domains.

------
scotty79
I'm very confused about outrage of technically competent people directed at
Facebook now.

It doesn't do anything more than any other large company is doing for more
than a decade, since even before Google bought doubleclick and became ad
company.

I think HN crowd should be aware that Facebook gets this data and keeps this
data in neat package along with all the information you volunteered exactly
the same as any other company is doing starting from simplest e-commerce sites
to huge e-commerce sites to ad networks to all social networks to largest
current social network.

Why the surprise? Why the outrage?

That the data was gathered? That it was kept? That it was leaked? It's all
inevitable.

Next time you'll be angry at the sun.

------
astonex
How can non-users agree to having their data collected and stored.

------
anotheryou
"We use (...) the address of the website or app you’re using to make these
features work."

so basically most of my browser history for whatever things they they want.

------
StreamBright
The real question is not what but why. I can think of several ways how the
entire ad industry could be done without any data collection on users.

------
maxbaines
Interesting the authors Facebook profile does not use default security
settings I.e Friends, Photos and Videos require a Facebook login to view.

------
jk2323
What helps protect you from this?

Ghostery? uBlock? a decent hosts file?

~~~
jan0e
Not sure about Ghostery and uBlock, but what definitely works is uMatrix. It
gives you control over which third-party domain a website is allowed to
contact. It makes browsing the web less convenient, though.

------
lolc
> We don’t sell people’s data. Period.

You just share it for a fee?

~~~
tested24
Do you not understand how platform apis work? If you sign up for a third party
app using Facebook and give them permission to access all your data you should
expect them to capture all of your data

~~~
lolc
Are you sure everybody who clicked "ok" was aware of the distinction?

Pointing the finger at their contractors is an easy way for Facebook to shift
blame. They knew what was going on. And they eagerly participated on their
side of the deal.

~~~
tested24
Shift blame? Facebook created an API that would allow people to create
genuinely useful apps provided that users allowed them to access their data. I
can think of a thousand interesting use cases for the data Facebook provided
through their api.

One bad actor screwed everyone.

I'm surprised at how few people on hackernews have ever built or worked with
apis.

Facebook essentially built an open platform and now they are being punished
for it because people are too stupid to understand what they are signing up
for.

~~~
lolc
I may deplore that people are falling for a fraud, but I will still hold the
fraudster in contempt. Not the people. So please don't call people stupid.
They're up against something they are not prepared to understand.

The Facebook API needs special quarantine whenever I work with it. To protect
my users.

~~~
tested24
If people aren't responsible for who has access to their data who should be?

The Facebook permissions when granting a third party app access to your data
couldn't be more clear

~~~
lolc
Relying on cognitive limitations of your subjects to get agreement you
wouldn't get if the subjects were fully-informed is fraudsters' domain.

And since the article is called "What Data Does Facebook Collect When I’m Not
Using Facebook?" I'd like to point out that I never agreed to Facebook
tracking my browsing habits. I couldn't say they were clear and forthcoming
about their tracking because we never met. Are you saying they wouldn't do it
without my explicit permission? Because that would be news.

------
jonbarker
FB is building rich device profiles in order to crack down on fake profiles,
which they call euphemistically 'security'.

------
suyash
Anyone noticed there comment got deleted from that blog post. I posted my
comment using Facebook login but it's not there anymore.

------
foxhedgehog
FTFY: [https://imgur.com/b3QhEXq](https://imgur.com/b3QhEXq)

------
enesunal
It's shame they didn't answer the question when the rumors came out.

------
natch
“We don’t sell people’s data. Period.”

LOL! They expect users to fall for that line?

------
jumelles
The only possible way a page like this could be a good idea if it just said
"We collect no data" \- otherwise it's a bad answer that just doesn't play
well.

------
shafyy
FB does an amazing job in crisis management.

~~~
cag_ii
How so?

~~~
adventured
I hadn't considered it until that parent post. Compared to what I've seen out
of Wall Street banks during the great recession, Equifax, shady lenders,
mortgage scumbags, politicians, big tobacco, big oil, big sugar, GE & PCBs,
CIA/Bush & torture, various Iraq war scandals, NSA spying scandal, Yahoo,
Target, and about 407 other data, consumer, privacy breaches or abuses I've
seen the last 20-30 years - Facebook gets high marks in this round for being
very public about responding and tackling it head-on, _but_ only after prior
delay & evade maneuvers in the past. Most likely they recognized they were
staring down a serious Congressional legislative/regulatory problem that could
severely damage their business, and had no choice.

~~~
shafyy
Yes, that's what I mean. Thanks :-)

~~~
rawland
FB does an amazing job in crisis management at gunpoint?!

------
antocv
Hey HackerNews

I remember back in 2009, 2010, Facebook was the cool still startup, still no
IPO, tech company. Revolution.

The social network. Social everything.

There was people like me, even in 2007, warning about this.

We said, how Obama got elected by using social media, reddit, twitter,
facebook. Acting all cool. Was not a very transparent or open election, it can
be misused and abused.

Yet we, the paranoid warners, were dismissed as "US has privacy protection
laws, this is a democracy, never would a company allow its data to be exported
out just like that".

Now, Trump is president and _now_ its not cool?

~~~
kaybe
You're preaching to the choir.

------
majordroid
> The browser shares your IP address so the website knows where on the
> internet to send the site content.

Huh?!?

~~~
freeone3000
This is "internet is a series of pipes" logic, but it's technically true -
it's used for TCP routing. Why is it bubbled up the layers? Why does facebook
store it? Well, it's not as if you can do anything with it. It's not even a
great identifier, due to mobile networks, carrier-grade NAT, dynamic IPs...
But it certainly shouldn't be treated as private, any more than your home
address.

------
PapaPug
Curious -- how many here, knowing what they know now, have gone through the
trouble of deleting their FB accounts?

~~~
devilmoon
I did and honestly never felt better - now I'm just waiting to find out if
through GDPR i'll be able to force them to remove every last bit of data they
have about me.

~~~
PapaPug
I did as well.

