What's the issue here? Selective information distribution is rooted in the society, people are O.K. with some information to be known to some people while kept secret from others due to implication differences.
I.E. I'm fine to be profiled for selling me chocolates but I'm not O.K. to be profiled to be manipulated to select public officials or to make my mind about controversial topics like the god, abortions, guns etc. I expect to be exposed in a proper way to these topics, i.e. proper journalism and discussions.
This can be changed, regardless of whether any of us is ready to throw up our hands about the whole situation as it stands.
Look at health records. HIPAA is rather successful at keeping your health data narrowly confined to those that need it. There is nothing that prevents similar laws to work for financial data, location data, etc.
The only roadblock is people saying they “don’t personally think legislation is the answer”. Because there is literally nothing but law that can have an effect.
The sales director for a drug manufacturer knows that you’ve filled a prescription before the claim is filed.
Enfamil and Gerber knew the estimated due date of our baby — although the only interaction we had with anyone was a miscarriage at 8 weeks and a near fatal complication.
I agree that HIPPA is technically very weak.
But let's also agree that preventing gossip about private health info is a good thing -- a definite step in the right direction.
Laws are about building and reinforcing the culture we want to build. In that light, HIPPA is a long way from a failure: it sets the standard that "health care privacy is to be taken seriously, and as a society we believe it is important enough to legislate", if nothing else.
Are you sure it wasnt something like this?
See, for example, GDPR.
Facebook lets companies bid for ads to show you, based on Facebook’s data about your interests and demographics. If you never engage with the ads there is no information leakage.
It’s the difference between telling a random person “I’ll tell my gay friends about your party” and “Did you know that Bob is dating Steve?”.
So if you believe Facebook sells your information, then you also believe that Facebook is directly lying about it on a help page about that specific topic. Sometimes conspiracy theories are true, so it's not impossible that that's what happening, but it's not like Facebook is openly selling your information.
Until 2014 or so an app could request permission to view almost any data a user stores on Facebook. That's not great, but hey, you could argue it's not Facebook's fault that people don't understand permission prompts (I'd disagree with you, but...). But those same prompts allowed users to give away their friend's data, so absolutely anyone you're friends with could take some stupid personality test and give away your information in the process, and there was no way you'd even know.
Facebook said that they don't sell your information. Which is true -- they aren't a data broker. But they implicitly state that your data is shared, subject to the limited controls available. You cannot stop Amazon and Facebook from sharing, for example.
But what if you do?
That's not true.
I have never seen Facebook allowing large scale harvesting of their data.
And it would qualify as data breaches in places like EU which do not tolerate this sort of thing.
I'm no facebook fan by the way, but there's no reason for facebook to sell their most important asset when they can allow you to pay to use it, without ever seeing it
Not only conglomerates but anyone with the money and know-how. Example P&G proxy fight:
Neubecker said he has seen several ads on his Facebook feed that link to Trian’s “Revitalize P&G” website and to videos of Peltz and former P&G Chief Financial Officer Clayton Daley, who is advising Trian.
The video of Peltz features him sitting in Trian’s Park Avenue, New York City headquarters, discussing P&G’s future, gripping a Trian-labeled coffee mug that reads “Sales up, expenses down.”
In response, P&G has called upon more than a century of product marketing experience with its own “Vote Blue” campaign.
One YouTube video begins with an image of P&G’s blue logo and a banner proclaiming “Every Single Vote Matters!”. A narrator and series of slick images offer step-by-step instructions, ending by asking viewers to vote for the blue proxy card and to throw Trian’s white card in the recycling bin.
Trian won this fight.
Please provide some evidence that anyone with money and know how can harvest tens of millions of accounts from Facebook.
Your example does not address this and seems just like normal Facebook targeting to me.
I don't think Facebook has a section where someone can talk about what stocks they might hold. So, if the HF was able to target specific people who owned P&G stocks then I think it was an efficient targeting, maybe not as much of scale of US elections but enough to turn the voting in their favor.
The data that this app obtained was far deeper than what Google can crawl e.g. what a person liked.
Even so, there is a significant difference between Coke trying to sell me a flavored soft drink and a firm tweaking my emotions to get me to abstain from voting with false information or to vote against my best interests with false information.
There are definitely people who are susceptible to psycho-graphic warfare and we need to protect them in order to protect our democracy.
This makes "enforcement" basically impossible because you can't have a news outlet without editorial decisions. A better way to go about it would be to try incentivize media outlets to make a good faith effort at "both sides" journalism, but members of both political sides have been attacking the media for doing just that since the 2016 election season.
Don't you think it would be better for you to take more than a cursory glance before commenting ?
Breitbart has had significant issues with fake news over its lifetime. Far more egregious and consistent than other any other news organisation not that I would necessarily call it one.
Where is this line that should be drawn, and who should draw it? Breitbart may have a higher frequency of “oops someone gave me bad info, or my reporter/editor made an unsubstantiated inference” events, but their audience is much smaller than the large outlets.
Better ban 24 hour news networks then. And any form of political advertising.
1. It is not normal marketing to have tens of millions of Facebook account data on your own private server. This isn't standard practice by any company large or small. Standard practice is to use Facebook's advertising system which does not reveal this data.
2. The wrongdoing wasn't just "breaching the terms of service" it was the transfer of account data from one party to another for the purposes of influencing an election.
3. It is not innuendo.
Only apps have limited access to the data that you agree to share in the app install dialog.
The article you linked does not even mention any of the companies.
You should read this:
Three particularly important points:
The guy who was contracted by CA to steal the data is from Russia.
He had previously undisclosed funding from the Russian government.
CA later tried to do business from a Russian oligarch.
"There are other dramatic documents in Wylie’s stash, including a pitch made by Cambridge Analytica to Lukoil, Russia’s second biggest oil producer. In an email dated 17 July 2014, about the US presidential primaries, Nix wrote to Wylie: “We have been asked to write a memo to Lukoil (the Russian oil and gas company) to explain to them how our services are going to apply to the petroleum business. Nix said that “they understand behavioural microtargeting in the context of elections” but that they were “failing to make the connection between voters and their consumers”. The work, he said, would be “shared with the CEO of the business”, a former Soviet oil minister and associate of Putin, Vagit Alekperov.
“It didn’t make any sense to me,” says Wylie. “I didn’t understand either the email or the pitch presentation we did. Why would a Russian oil company want to target information on American voters?”"
Sources on this?
Not hard to find information, although it is typically couched as brand reach and advertising spots. The big data sales side of FB and other sites is more sensitive and less overt
'Politicians running for office can be lucrative ad buyers. For those who spend enough, Facebook offers customized services to help them build effective campaigns, the same way it would Unilever NV or Coca-Cola Co. ahead of a product launch.
While Facebook declined to give the size of its politics unit, one executive said it can expand to include hundreds during the peak of an election, drawing in people from the company’s legal, information security and policy teams.'
It is harder to find information about FB's data sales policies (which are very opaque unless you speak to people high up in marketing large companies and their activities). FB's ad platform information is pretty transparent, but the quarterly numbers don't really add up for me based on spend by large firms like Procter & Gamble etc in those areas...
So you’re explicitly agreeing that you have no proof that Facebook is offering data for sale.
The quote you cite has nothing to do with the initial assertion: providing consultants that teach people how to use the ad manager is something completely different than selling PII.
Trump, Cambridge Analytica and how big data is reshaping politics - Gillian Tett in the FT
The linked article, once again, provides no proof (or even mention) of any data being sold by Facebook. I have no idea why you keep piling on irrelevant articles.
That’s the exact opposite of Facebook selling them the data.
At the bottom it says to reach out to https://aboutthedata.com/ to see what data they have on you.
So I did. Then I scroll down to see "See and Edit Marketing Data about You. CLICK HERE" only to be redirected to a registration page that requires my US-based address and last 4 of SSN.
Talking about misled communication, or rather blunt deception, otherwise how the heck "click here to see data about you" lands me on registration page? I don't want to register, I want to see the data!
I’ve spent lots of time and money getting data out of FB.
You can pay to get anonymized topic data via DataSift and others, you can pay to run ads against users you have email addresses for (but you don’t get their data) or you can scrape (which is against the terms of service and they have an aggressive anti bot system to stop it - unlike Twitter).
Their political support systems are analytics support to ad buying.
That is an egregious violation of the guidelines and a bannable offense on HN. If the rest of the internet is losing its mind, that makes following HN's rules more important, not less.
> Let's not forget about that one time you
This also crosses into personal attack, which is not ok. Heated political arguments are bad enough without users trying to take each other out like this. Please don't do it on HN, regardless of how strongly you disagree.
Edit: your account history unfortunately contains many examples of personal abuse. You've also broken the guideline against using HN primarily for political or ideological battle. We ban accounts that do these things, so would you please re-read the guidelines and use HN as intended from now on?
To those of you who disagree with me, keep this idea in the back of your mind for a while and remember it as you read comments. Make a serious effort to notice how many people know what other people's motives are for their beliefs, how they know the real reason for certain policy decisions, how they know what Putin or Trump are thinking and what they are going to do in the future, how they know China is going to fail now that they've gone full-on communist dictatorship (because history "guarantees" it), etc.
I honestly don't think I am imagining this, I think something very historically significant is happening to the psychology of the public.
Isaac Asimov, Column in Newsweek (21 January 1980)
I worked for a company crawling Facebook data by creating viral apps the year the original API came out. By now I am sure this is done by many companies.
Why is any of this news? My understanding is that companies harvesting social networking data via viral apps and then reselling it to perform targeted voter advertising is literally a 10 year old concept. Were any laws broken here? Were there any techniques used here that were novel or done by one political party and not the other? Why are we talking about this one firm and not the many others that surely exist that are trying to do the same thing for <insert political candidate of choice>
Obama used it to inform people about his polcies and get the out to vote. Trump used it to spread lies, falsehoods and half-truths. Essentially any media that was outlandish enough to become viral was promoted and promoted to hapless people who probably might have wondered why they were seeing so many distressing articles about America in "Carnage" (as Trump puts it).
At most this is your own political standards. Not anything that can be neutral and objective. Claiming one set of political ideas to be "right" is very dangerous.
Just because something is political and not neutral does not mean that there are no facts associated with it. We may disagree on them, debate them, but to take the stance that there are none at all is the kind of tactic used by people who do not wish to debate the actual validity of their viewpoints.
Technically, there might be little difference, but Bannon clearly excels at using this tool to a greater effect, and the result is far more impactful and outreaching, even revolutionary. Guaranteed, other groups will take notice and trying to replicate their success, to feed their version of personalized agenda to your month.
And now we have the Chaotic President, thanks, Bannon.
If advertising isn't manipulating and brainwashing, what is it? As far as I can tell, advertising is precisely that.
This has changed a lot in the last few years though, which might explain why the news agency now have to work through (at least!) 10 years of tech news backlog. I'd definitely like to see coverage of these topic from 'traditional journalists' who then bring this stuff into context and link it with politics for instance. It's a little sad that we needed the politic right and their friends to bring these things to public attention.
> Were any laws broken here?
In Germany they would have broken it by that. At least here every website needed already 10 years ago not only Terms of Services but also a data privacy section/page. Such a page would be of no use if you could collect data from people before they even visit your website.
This 100% untrue:
These are only two links but let me assure you if you're interested google is full of articles from the 2008 election talking about how vital the internet and data was to the Obama strategy.
I very clearly remember these articles and many others at the time talking about the new "big data" strategies utilized in both 2008 and 2012. To me that is what makes this whole "we scraped data and stole the election for trump" narrative seem extremely suspicious.
Suspicious of what? Be more clear about what you're trying to say here please.
Because I hope it's not that people didn't complain enough when Obama did it, and therefore now nobody can? (aside from the fact that I did complain, because I complain about all advertising, but that's not the point)
On the other hand all journalists become more technical at the same time, so they have to digest some stuff from the past. Obviously even older news...
I guess it's fair to say that Techcrunch or ZDNet are not exactly great sources for usage of Big Data in politics...
If you go back to 2008 election, the media was praising Obama as the first social media president. Remember how well obama used youtube, myspace, facebook, reddit and the burgeoning social space during his election? It's strange how the media is now attacking the social media space they loved so much because trump won the election.
> Why is any of this news?
I think it's because the media and the democrats and a large segment of the elites need something to blame for trump's win. They don't want to blame hillary or themselves for the loss, so they attack social media.
During the 2016 election, Trump was complaining about foreign interference in the elections. And Obama stated there was no foreigner interference and that Trump was whining because he was losing in the polls. Back then, the traditional media was backing obama and mocking trump. Now that trump has won, the traditional media is the one pushing the foreign interference narrative.
But I guess it is all conjecture. But ever since trump won the election, there has been a relentless propaganda campaign against social media by the establishment. You can't go a day without seeing a propaganda piece on traditional or social media about how bad social media is.
There is still no evidence that 2008 had any foreign influence. The tactics used in 2008 did not include the sort of misinformation information warfare now being conducted.
In contrast, in Brexit and Trump's wins this article is claiming that there is conclusive foreign interference.
Regarding the establishment, the only propaganda campaigns I can see being waged are against the mainstream news (the ongoing fake news propaganda) and against the tech companies who I suppose are "new money" and not in with the oil and finance czars funding this sort of thing.
The article is really interesting, you should read it. It basically suggests that democracy has largely failed in the age of information warfare. Targeted campaigns by rich elites and foreign governments can now influence votes and psychology on a massive scale. It's no longer about "my side and their side." All of us are on the losing side here.
- The advertisements were not overt ("fake news")
- It raises the barrier of entry to the political process
- Filter bubble effects
Or you can believe a story about "elites" and "biased media".
I suppose. Why weren't people worried about this during obama's campaign?
> - The advertisements were not overt ("fake news") - It raises the barrier of entry to the political process - Filter bubble effects
If filter bubble effects are a problem, then we should be looking into traditional media, not social media. I'd say there is more of a filter bubble issues in CNN, NYTimes, WashingtonPost, Foxnews, etc than in social media. When nearly 100% of the largest media organizations are endorsing one candidate and/or espousing one type of ideology, maybe we should be looking at that.
> Or you can believe a story about "elites" and "biased media".
It's not a matter of believing. It's a matter of fact. Foxnews and the right wing were also whining about social media when obama won. Now it's the media and the left wing whining about social media because trump won. The only difference is that the leftwing has a much greater media presence.
It's so funny how both sides are the same. When it looked like trump was losing, he was blaming foreign interference and biased media and fake news. And the media/leftwing was mocking him for being paranoid and a sore loser. Now that trump won, it's the media/leftwing whining about foreign interference and biased social media and fake news. The hypocrisy displayed by every side is rather disheartening.
2. Why is whatever Obama did relevant to this story? Do two wrongs make a right?
3. Where in the linked article does the journalist inject their own opinion? I couldn't find any instances. The opinions came from the interview subjects, and are reported by the journalist as they should be.
This should be the main takeaway from this article--that Facebook relies on the honor system for protecting user data.
Breaking a company's TOS isn't a crime in and of itself, and social media data has been used for political targeting for years now. Insinuating that Trump won because of a nefarious brain control operation fueled by data from a "data breach" is irresponsible.
Facebook gives companies access to the data (e.g., "for research") but they're not allowed to sell or provide that data to third parties (which is what these people did).
IMHO, but I am not a lawyer - clearly the law was broken, Data Protection Act.
I think the clue is in the article:
> ... Russians ... had used the platform to perpetrate “information warfare” against the US
I understand that Hacker News has been accused of turning into reddit since reddit became a thing, but when the top most comment is from a guy who didn't even bother to read the article linked, there is a very little in the way distinction between the two sites.
If this incident helps protect user privacy further it would be great. However I doubt it would happen at all. Most likely they'd just take this opportunity to aim another round of barrage at Trump instead of talking any substance about the issue itself. The purpose of this reportage is political attack against Trump instead of any concern for privacy in the first place.
Using fb to advertise for Obama, Trump, etc, is ok
However that's not what has been done, but the a) use of shills and fake personas to pump up opinion b) creation of fake "grassroots movements" and "news articles" with a divisive purpose
>The Obama campaign's chief strategist is a master of "Astroturfing" and has a second firm that shapes public opinion for corporations
Every presidential election cycle I can remember was full of rhetoric and outright lies persuade voters. Does no one remember all of the hilariously terrible chain letters from past elections that claimed all sorts of nonsense? I just don't understand why people are running away with this idea that somehow facebook/twitter have changed the game when it comes to brainwashing people to vote conservative.
Politics is and always has been a no holds barred competition where anything goes that isn't straight up illegal. History books praise JFK for utilizing the television in 1960 to win his presidential election. I'm starting to think that if they had today's political climate he would be remembered as a manipulator rather than being savvy.
> However that's not what has been done, but the a) use of shills and fake personas to pump up opinion b) creation of fake "grassroots movements" and "news articles" with a divisive purpose
This has been done since forever. People supporting Obama did in 2008. Those supporting Ron Paul did it. Bernie sanders supporters did it and so did hillary supporters.
Also, "Ad-Hominem and Whataboutism" is the easiest way to spot shilling. The fact that it is capitalized makes me believe it was copied and pasted from a list of talking points.
If you truly believed shilling was bad, you wouldn't support russianlago or thinkprogress. But the fact that you linked to those two makes me believe you actually support shilling. Just the shilling you agree with. Just an observation.
And it doesn't help your point that you conveniently ignored the point these two websites are making, and that have been reported by others as well.
"Everybody knows this" is a cop-out.
Shilling is bad, but water is still wet regardless if it's reported by TP or FoxNews or Breitbart, as opposed to you who prefers to shoot the messenger and has a 32 day old account. Just an observation
See my post: https://www.facebook.com/mstefanow/posts/10156280067194886
Since when NO NEWS is NEWS?
"Why is any of this news? My understanding is that companies harvesting social networking data via viral apps and then reselling it to perform targeted voter advertising is literally a 10 year old concept."
Other team didn't realize such thing as the internet exists?
(I'm outraged that this thing hit the news, as if it wasn't something already known)
When did Obama’s campaign ever do that?
No he didn't. On purpose
Users don't comprehend what permissions they are giving to apps they run. A quiz site getting full access is not surprising.
Once an app has any amount of access the only thing stopping them from harvesting their own clone of your data is an agreement in the ToS that you won't store PII for more than x hours.
These rules are like the bare minimum to stop good actors. If you're a bad actor fb does not do a single thing to protect users from you. As evident in this report fb is also not above blaming the users for the hostile environment fb created and placed them in.
There must be countless copies of harvested fb data out there. My employer at the time once realized we were accidentally storing some PII permanently in a derived field. If good actors can't even keep above the law what do you think the ecosystem looks like in the shadows?
IMO we aren't having the right conversation with fb over how they mistreat our PII and we should loosen the definition of that term when companies like the one in the article can infer our political preferences from the innocuous bits of our lives we tag on facebook.
We should be asking why even an authorized API that can't stop you from copying the data doesn't count as a systemetized data breach.
Is your argument that no company should offer any developer APIs at all? It's impossible to stop apps from storing data that they have access to, given malicious intent.
This is like saying that the existence of the Google Calendar API is a "systemetized data breach" because an app could copy data from it once authorized by a user.
FB provides since ~10 years widgets for showing who else is liking xy. I know these Social Widgets are not so customizable and thus not pretty enough to match some custom design but at least they provide some safety nets.
Maybe Facebook could just provide more Social Widgets/CSS customizability instead of letting people write their own "Facebook Extensions".
This puts Google on the wrong side of the line, wherever it is, next to other big offenders - fb, twitter, linkedin.
To waffle less, I would absolutely be very cautious with who you give access to your gcal. You can tell a lot about a person knowing their schedule, who they meet with, where they meet, when they fly, etc. Lots on a calendar
But yes, you are right that I’m sure lots of apps kept that data and sold it.
It sounds like they never had full access to the Facebook profiles beyond the 270k who installed the app, but just harvested the friend lists of those 270k. This doesn't give the app developer full access to the friends' profile data, but I guess once you have the network of friend connections you can use other public data sources to fill in or infer the gaps. And of course some of those 50M will have FB profiles that are fully public open books ready for anyone to harvest.
I will say as someone who has developed Facebook apps, the whole ecosystem is pretty much on the honor system for protecting user data. There are some seemingly random and capricious (and often erroneous) abuse detection algorithms, but once an app has access to user data who knows what they do with it and whether it was kept secure -- surely Facebook has no idea unless they perform invasive manual physical audits.
I was possible to use the v1.0 API until Q2/2015 if I remember correctly (only if you had a v1.0 app though)
There has never been substantial control on profile data harvest on fb. It was whatever you could get users to okay, which was a lot given the value your app had to appear to provide.
Hence why the researcher who created it decided to kill it.
That's completely speculative, and we don't need more speculative information ... I'd much prefer to wait for evidence.
As far as I can tell, there is no data breach, right? It sounds like CA got facebook data through an app they wrote, thisisyourdigitallife, which did some shady things.
Also, "The New York Times is reporting that copies of the data harvested for Cambridge Analytica could still be found online".
The link is: https://www.nytimes.com/2018/03/17/us/politics/cambridge-ana...
Anyone know what they're talking about? I haven't heard of any 50-million-profile data dump, and I really like collecting corpora...
Basically FB gave the data away. Apps have access to the data but they're not allowed to give/sell it to third parties. In this case the rules were ignored. Probably many other companies with API access have also ignored the rules. In this case FB didn't make much of an effort at all to prevent it from happening so it's reasonable to assume the practice is rampant. There's likely many copies of large parts of FB data out there (left on laptops on trains or on unprotected FTP/HTTP servers, etc.).
It's a 'breach' from the users' perspective.
Maybe that's legally actionable.
If we keep consuming news like this, and do nothing, it's going to scalate massively. Same way as when Snowden told people they were spyed on and they collectively shrugged and continued with their lives as if nothing had happened.
We, people in tech, have a massive moral burden to educate 'normals' on the meaning of news like this!
Remember that Facebook gives you zero access to users’ data just for being an advertiser. This scheme relied on users granting access to an app.
Data access by apps was curtailed two or three years ago to no longer include friends’ data. The permissions dialog has also become far more granular. From my observation, apps seem to mostly respect facebook’s rules on data scarcity, i. e. asking only for the data they actually need.
GDPR will enshrine this principle in law at least for European citizen, and it’s somewhat likely that it will have some effect far beyond the borders of Europe.
Regarding elections, first steps will likely align the law with that for TV advertisement. Clear information about an ad’s sponsor should be required, as well as the selectors used to target you. I’ve also heard some chatter about requiring a public repository for all ads. Right now, there might be waves of, for example, racists ads that never get reported in the news because the targeting never hits those people that would consider the ad problematic. The Atlantic is running a pilot program with a chrome extensions that records all advertisement you see on Facebook for such a repository.
In the current political climate, it’s unfortunately unlikely that the US will lead with new regulation. But there are a few decent agencies in the US that can squeeze a lot of mileage out of laws already on the books (the special prosecutor, and even the FEC). Social media companies are also quite scared, both because they fear a hit to their business, and because most of their excecutive do retain some humanity. You can also expect individual European companies to get out the big guns, seeing Trump and other Russia-backed populists rattling the core of the current consensus on liberal, open, civil societies.
As an advertiser you can target users based on very specific details, and track any user that responds to your advertisement campaign.
You get all the access (AKA, you know which part of your customer base resulted from targeted ad campaigns, so anything you can target on, you can attribute to that subset).
Regarding elections and digital platforms, a Dutch policy advisory states that the government should disallow non-transparent political advertisements (all advertisements should clearly state who sponsored them and to promote which political cause, if any), and to ensure that political parties can not hide their trade-offs, they shouldn't be able to micro-target people with a different message (increase taxes vs. decrease taxes, depending on what makes the user more likely to vote for you).
Arguing that only some advertisers get access to the tools required is bullshit: this is saying that Facebook won't tell you directly who is such and such, but will give you access to tools to bypass their own rules. I hope you see how idiotic arguing for such a case is.
Almost literally right now, IETF 101 is starting in London, and one of the things presented will be a series of proposals by people who claim they (or organisations they work for, the IETF is only for people, corporations can't participate they can just send people to it) have a legitimate reason to snoop on TLS traffic. TLS 1.3 is designed, following BCP#188, to make such snooping impossible without ongoing assistance from one of the endpoints (if the endpoint is co-operating with the snooping there's mathematically nothing anybody can do) and they would dearly like to return to an era when they could snoop with just a little one time assistance. Now, maybe this would have been stiffly resisted anyway, but BCP#188 means anybody who isn't sure has an existing IETF document telling them exactly why this is a terrible idea.
This will not be the end, and has been like this from the very beginning. If foreign companies can get access to this information, then intelligence agencies certainly can too.
We need to find a new way to communicate before this cancer becomes so widespread that the last bastillions are lost.
People still socialize and discuss issues in the real world. Having a Facebook group for a church or neighborhood doesn't preclude anyone from going to church or physically interacting with their neighbors. People also still take collective action in the real world - Antifa, BLM and the Tea Party are three modern examples, but there are countless others which simply don't get media attention.
And, all else aside, social media is still perfectly adequate for enabling communication between most people.
I'm sorry, but your comment seems more rooted in hyperbole than reality.
This is increasingly true. Actions are increasingly recorded. Privacy is increasingly undermined. We have a big problem on our hands.
Have email, chat, forums, physical letters, meetings, etc gone away for some reason?
It was extremely attractive. It could also be deemed illicit, primarily because Kogan did not have permission to collect or use data for commercial purposes. His permission from Facebook to harvest profiles in large quantities was specifically restricted to academic use. And although the company at the time allowed apps to collect friend data, it was only for use in the context of Facebook itself, to encourage interaction. Selling data on, or putting it to other purposes, – including Cambridge Analytica’s political marketing – was strictly barred.
It also appears likely the project was breaking British data protection laws, which ban sale or use of personal data without consent. That includes cases where consent is given for one purpose but data is used for another.
So I, like, need to collect some data, lol
Sorry, can't do that
But I'm like, uh, an academic, this is for great science, see my Cambridge page here, lol
Ah, ok, just don't share it, k?
Yeah, yeah, no prb
In a data breach, someone would have used a technical vulnerability or some other (e.g. social engineering) vulnerability of Facebook to get illegitimate access to the data.
In this case Facebook simply gave them access to the data and took their word that they won't misuse it.
Now maybe the latter situation might not be a data breach in the classical sense, but I don't see how it makes it any better for the victims. If anything it seems worse -- Facebook didn't even try to protect their data.
I mean, in the case of traditional phishing the user is tricked to provide the password by impersonating a banking site, getting their funds stolen and in the case in question, the users are tricked to provide personal information by being promised some kind of personality analysis but their data is used for political propaganda that they didn't asked for resulting in life-changing consequences du to politics.
Many apps didn't get updated to work with the new API though (most hilariously, the NYT refused to let me create an account without my friend list in early 2015).
It totally breaks the CNNs for face detection.
I worry that "not tagging" is somehow adding sparse data which can later on be filled in.
The fact that 90% of your friends upload contacts/emails is plenty of information about you.
(not sure if you meant /s)
> A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so.
I'm imagining the crux of the CA issue is that they saved stuff.
If you redefine a concept and use it against your political enemies don't be all that surprised when they turn around and use it against your political allies.
> This wasn't a data breach
Yes it was.
> it was a misuse of data by a third party.
So a bank robber who gets into the vault just misused the locks? Or the security guard misused his eyes? This was a data breach. Your language makes it sound less serious than it is, and you are wrong. This was a data breach.
Edit: Less than 30 seconds in, this post is already downvoted. I won't complain about downvotes of course, but it's insane that no conversation is actually allowed to happen on this site without burying one side. I spoke with a neutral tone, didn't do any name calling, I'm not looking for a fight. But downvotes within seconds! You can't silence me HN. I'll keep commenting my opinions and facts no matter how much you don't like what I'm saying.
Nitpicking breach or misuse is silly and distracts from the actual substance of the article. It was a breach, by the way.
I'm no fan of any politician (or really of "tyranny of the majority") but I was kind of impressed at how well it all worked out last time. An "unpopular" candidate won and the ruling elite turned over the reigns just like they're supposed to do trusting the checks and balances in the system to work.
The quickest way to get a dictatorship is to go against the legal results of an election because the unpopular candidate won based on some metric of "unpopular" like "kids rioting in the streets".
If you are impressed with the level of functional elections and government in the US since the last election, I'm shocked. It is not a functional system. It is clearly disfunctional.
Indeed, it was the only election since I've been alive that the losing side rioted in the streets calling for the overturning of the election results.
> He called on gun owners to shoot and kill his political opponents who he has also been trying to jail for the past many years.
Fake news much?
The case is more like the bank manager allowing the robber into the vault, with full knowledge that the robber wants to and could easily make off with all the valuables, then asking the robber to please not do that before heading back to work, leaving the thief unattended in the vault.
Edit: it's a breach of contract, maybe; but not a "data breach" which I think everyone understands to be more like the case where the vault is forcibly broken into.
Facebook was authorized to have the data. CA was not authorized, at least not to retain the data. Therefor, it is a data breach. Facebook was the breachee, CA was the breacher. And Billy-Ray was a preacher's son.
I'm definitely not disputing the fact that FB is an evil entity that only cares about making profits off your personal information. But, they haven't suffered a data breach in the same way as, say, Equifax; and it seems to me that choosing to use the word "breach" here must be in an effort to get more clicks; because "breach in the Equifax sense" is what the author knows most people will assume is meant.
The democracy we are concerned about protecting presupposes rule of law, and precision when discussing laws and crimes.
What I didn't understand is why Facebook would grant this - maybe at some point they needed viral apps on the platform and giving user data away encouraged people to make them - but why did it still work a few years ago? But this article made it click: all you can really do to monetise or use millions of profiles of Facebook users is target them with ads, and Facebook is the only place you can target those ads effectively given Facebook user data, and the more data you have the more effective those ads are, the more you pay Facebook.
Facebook don't sell user data, they've long said that - and it's true. They sell the ability to target advertising to their users, and you can do that a whole lot better if you have their user data. So they don't sell it, they give an API for their users to freely give it away, knowing that once you've done all your analysis on it you'll conclude that you should spend money paying Facebook to actually deliver your messages to those users.
This is exactly how Facebook was designed. You get a stupid quiz or photo frame in exchange for a copy of your friends list. It's always worked that way, and it's why Facebook OAuth was more popular than Google+ and other Oauth since 5+ years ago -- because app devs can make more money from Facebook OAuth since it comes with a copy of your friends list, so they prefer to integrate Facebook.
The /friends endpoint only returns friends of the user who have also already installed your application.
One of the worst things Facebook did was to just destroy any expectation of privacy.
Require the user to "connect with Facebook" to see their result. Give them the result, but quietly siphon off every bit of data you can with the access token.
I still run several games on Facebook platform. It’s much easier to acquire and retain users than on mobile and it’s much more profitable because there seems to be a higher propensity for users to pay.
This comment is from the “Duped” article that has a different headline and more detail.
At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential US voters.
At the time, more than 50 million profiles represented around
a third of active North American Facebook users, and nearly
a quarter of potential US voters.
The real scandal is that such data is so easily harvested and freely available.
I'd be interested in seeing how much of facebook's data repository was used in targeted political ads by all parties. Including Russian agitators who have been shown playing both sides.
So, no: “They are all the same” isn’t just cynical and useless. It’s also wrong.
>They are all the same” isn’t just cynical and useless. It’s also wrong.
Please do not put words in my mouth. All I am asking for is journalistic integrity. Media in the U.S. has proven repeatedly to be partisan, which, to a rational person, makes it very difficult to separate fact from propaganda. This article is a case in my point.
Unethical politicking is not an excuse for spread of misinformation.
I'd argue that this article pretty well encapsulates all of the various "scandals" the Trump administration is being bombarded with: breathlessly exaggerated so that people whose mind is already made up can scan over it and add another tickmark to their list of "scandals"
This is part of a consistent pattern. Our media has become as hopelessly partisan as our unfortunate two party system, and unethical behavior on one front does not justify the same on another in response.
>But it is unethical to exaggerate and hold only part of the political system accountable
Please consider what I wrote in sum. Partisanship and exaggeration are antithetical to trust.
From your original post:
> The only reason this is exaggerated as a "data breech" is because of the connection to the Trump campaign.
You have provided no evidence of this, and until you do, your comment is read as a case of whataboutism. Because we are not shoehorned into the pursuit of a unilateral solution, we can both [A] call out Trump's unethical engagement of Cambridge Analytica (CA) and [B] lobby for more stringent privacy regulations, like the EU is doing.
Given the, as a prior commenter said, 25 scandals, along with string of accusations of indecent conduct, collusion, etc. that Trump is clouded with, the conclusion being made is that his engagement is not the unknowing of an unethical actor acting on his behalf, rather the turning of a blind eye.
So given the inflammatory nature of the original comment:
> Let's be realistic here. This headline is nothing but partisanship.
So in sum, on first glance your comment leads me to assume you have an agenda.
Assuming that this isn't true, lets talk about main issue here: the micro targeting of ads, and the usage of this "data breach" in the Trump campaign.
Frankly, this scares me. The power this data provides and the way that it can be wielded should scare people - who wants to live in a world where the government/corporations/people can induce people into certain behaviors? Whether Trump or Clinton uses this information would result in people bringing up their pitchforks.
I don't think that we're exaggerating here calling it a data breach - it is a gross misuse of personal information, however gained. And while I'll admit the term data breach is a bit of a stretch, the connotation of the word fits perfectly with the situation. People downloaded an app for a survey, had their
entire social network scraped, and then had that information used for an ulterior motive, without them knowing at all. We should be holding them accountable for their scummy behavior. Facebook already is starting to.
We've already seen the GOP bring up the email campaign and Benghazi for the entire length of the Clinton campaign. Note the irony here as the GOP is almost completely silent over America's current president's daily antics. It is the lack of response from the GOP toward any of the recent political events that is characterizing HN's response toward CA as overblown.
So with that said, why do you believe that it's unethical to call out Trump and by extension CA's actions.
Nothing in that wall of text justifies your twisting of my words.
>I don't think that we're exaggerating here calling it a data breach...And while I'll admit the term data breach is a bit of a stretch
If you weren't in such a desperate rush to misconstrue my argument, perhaps you would be able to maintain consistency in your own.
Once again, I am speaking of the ethics of exaggeration and selective accountability in journalism. My point is not that it is unethical to call attention to this misuse of data, but that the post title likely deliberately misleading because of enablers like yourself, who selectively turn a blind eye to such embellishment at any mention of Trump or the GOP.
Interesting side note .. in Australia we assign school funding based on the highest education received or wage class of the parent (classes A, B ... E or such).
Also, do you genuinely not find it disconcerting that Facebook leadership go to great lengths to avoid discussing the privacy implications of their service? And the only person in that group who puts herself "out there", so to speak, is instead writing "success literature"?
> Also, do you genuinely not find it disconcerting that Facebook leadership go to great lengths to avoid discussing the privacy implications of their service? And the only person in that group who puts herself "out there", so to speak, is instead writing "success literature"?
So you’re angry because they don’t talk about privacy. And you’re especially angry at her because ...she doesn’t talk about privacy?
That argument also doesn’t make much sense when comparing her to Zuckerberg explicitly, who’s at least as “out there” as she is. Didn’t he go on a “50 states listening tour” last year?
If there would be someone in Facebook leadership that writes about privacy and political implications for it, it would absolutely make sense to single out that person. Success literature is irrelevant to topic.
But, I think she was single out, because she is only name besides Zuckenberg the parent knows. Never underestimate ignorance on discussion forum.
It's actually far easier to create ads targeted at segments with likely political beliefs, and Marketers have access to aggregate numbers of niche segments today.
There's no need to scrape people's profiles or get down to the individual level.
My original comment was more in response to user vs segment level targeting.
You people should pick your battles. It would help if you knew the battlefield first.
I am so glad you know more than the UK, EU, US etc governments who have identified Russia as the primary source of instability for elections.
And since when has this been an either/or scenario. You can focus on both Russia and China.
You really think governments wouldn't have checked this ?
How did they identify with certainty that they are Russian? Is there any way for someone without top secret clearance to verify this?
Presumably Mueller used that subpoena on Facebook and internet providers and the Russians didn't try to hide very hard and used mostly Russian ip addresses.
There's also the fact Facebook admitted it sold ads and post promotion to Russian agencies and told Congress the reach of those ads and posts. Recently Facebook revealed to all users in North America whether or not they had interacted with those ads/posts. Several news organizations have independently found the data from other sources including actual interviews with the people working in Russia.
One technique the Russians used was to impersonate Americans of some extreme view to stow discord and inflame the other side of some debate.
There was also several different Facebook campaigns where they got Africans with pidgin English to pretend to be Americans and try to inflame white nationalists and latent racists fears.
> Presumably Mueller used that subpoena on Facebook and internet providers and the Russians didn't try to hide very hard and used mostly Russian ip addresses.
So on one hand, article after article tells us how sophisticated these hackers are, yet these very same hackers didn't hide their ip addresses, and also openly posted links on twitter that were supportive of Russia. Doesn't something about that seem a little off to you? If it does, you'll be the first person I've encountered who think it does, everyone else is completely confident that this is an open and shut case. Yet, none of these same people can point to any specific evidence that could convince me. Sure, everyone has some articles full of juicy stories, usually containing confident statements from high ranking government officials assuring us crimes have been committed and they have proof, but I've never been able to find a person who could point me directly to any proof.
1/3 of the way through https://www.justice.gov/file/1035477/download, rather than having my mind changed, my skepticism is stronger than before.
This feels a bit like some things we've experienced in the past, where the "facts" about an enemy, that we're are assured are 100% completely true and verified, trust us turn out to not be true several years down the road. But by then, we've already spent trillions of dollars and waged a war killing thousands of innocent people.
I'd rather not go down that path again, so I'm sorry if I can't join in the party vilifying the evil Russians, because based on the information I have so far, it seems like classic misdirection with the primary beneficiary once again being military budgets, and everyone is just a bit too enthusiastic to believe anything they're told.
EDIT: There is no shortage of internet downvotes for people like me who aren't willing to go along with this story, but there is a severe shortage of people who will put me in my place with actual content. You can probably imagine the effect this might have on the certainty I feel in the correctness of my stance. Unlike others, I'm open to having my mind change, but for some reason no one can muster any effort beyond a condescending and intellectually lazy "let me google that for you".
From your own example which I presume is about the Iraq war, there is nothing that an ordinary citizen can do to prove that powers in the US, UK, and Kuwaiti governments (and Iraqi agents working in favor of an attack on Iraq) falsified the evidence they presented to the public for a compelling argument for invading Iraq without relying on sources that cannot be verified by an ordinary citizen without access to the journalists/non proliferation experts/government agents responsible and nothing an ordinary citizen can do to prove US claims that Iraq had an active WMD program and mistreated Kuwaiti babies as claimed at the time (by what we know now was a state actor who lied for Kuwait) in congressional testimony after the Iraq invasion of Kuwait. Even the New York Times and that one reporter famously lied flat out about Iraqi weapons programs and abuses in the build up to the war. But there were plenty of people who were investigating the claims of Iraqi WMD who said there was nothing there and that led to a lot of people protesting against the war. I don't see any investigators for the FBI or NSA coming out and being a whistle blower and saying this Russian thing is faked, on the contrary, the only whistle blower who came out so far, actually showed the internal NSA documents that said the USA elections was under cyberattack by Russia. The most reputable guy who came out for the Iraq WMD was possibly Colin Powell. Less well know is that he was also the first US Army investigator who looked into the My Lai massacre and he found that nothing was done wrong, so he was kind of used to this type of thing by then. It took a second Army investigator to reveal what happened there.
Or more contemporaneously there is nothing a citizen can do to prove that the recent Russian spy who was released to the UK and attacked was poisoned with a Russian only sourced nerve agent. And if it was the Russian nerve agent (that the Russians offically proclaimed to have destroyed all stockpiles of), there's no way for a citizen to prove it was Russian government behind it or that some other power was responsible for usage of it.
I didn't vote either way on your comment, it just seems like an impossible standard.
This is incorrect. The indictment explains it. They routed their connections through US-based VPNs to appear as if they were American users.
I don't doubt at all that there is a government sponsored organization in Russia that promotes Russian interests via cyber operations, as I'm sure there is in the United States. I'm looking for proof that:
a) this isn't a 3rd party posing as Russians
b) The harm or danger of this meddling is proportional to the airtime and Very Serious Tones of Voice we've been subjected to 24x7 for the last year.
Do you know of any compelling (and verifiable by a civilian) evidence that could help me with that?
b) I have no idea what effect it had. I personally am not sure it did have any effect that made a difference. Coverage is still warranted because attacks from foreign nations are newsworthy regardless of success.