The best way I know of to combat Facebook is to poison their data. Which means taking the effort to "friend" strangers across the world, "like" random things, visit websites you don't care about and basically blur your profile to the point that Facebook can't tell who you are or what your actual interests are. It's quite an effort over years.
But no. Everyone wants a button. Which is how we ended up in this situation to begin with.
"Deleting" only gives the database owner one more piece of information about you: that you wanted to delete that record.
I was thinking of having it run as a cron on my laptop. Log in via chromedriver, accept a random couple of suggested friends. Download some random images and upload it tagging myself. Grab some random comments off twitter and post it as my own. Like random posts. Remove a few real friends. Repeat.
Maybe even Facebook Munging as a Service. :D
Train a NN/markov chain on enough of my own and publicly available facebook posts and comments that I can make it spew out realistic-looking posts and comments on demand.
Make another script that likes and unlikes pages, joins and leaves groups.
Make another that uploads random photos (or randomly generated image content) and tags me in them.
Stitch them all together into something that runs all of those on my account, generate so much noise that it becomes a tedious exercise to identify real comments and posts simply by virtue of volume.
For bonus points, run it from my home computer.
Would it be perfect? Probably not, there's probably way more you could do to simulate a real user, but it'd make a fun project if nothing else.
Seriously though, Subreddit Simulator is probably actually a pretty good idea: a lot of them come with a handy image/gif attached and occasionally you get results that could pass as being written by a human.
It is someones daily job to try rand enrich the data they are getting from you, you are working on your bot(s) on your spare time. You just purely can not spend as much resources to keep ahead of the algorithm.
EvilCorp™ will always gain more benefit out of adapting the algorithm to even include/exclude your bot since they get profit gains across the board.
More over you need to spend a lot of time on your bot(s) to make them blend in. I'm not saying; "don't do it", I'm saying; "it is going to be hard to get real benefits"
There might be swaths of teams all focused on enriching the data, but you eventually can't derive more information out of a deliberately flat information graph, and all it takes is a few extreme data points to distort the average.
Yeah, Oauth and events is the only thing keeping me on FB. Although, I believe they opened up their event system to non-fb users, probably so they could build shadow profiles.
Not sure what you are gaining with this.
There are plenty of cases where a system would not function correctly if you are actually erasing DB entries when a user clicks the delete button. In many cases, even the users themselves might expect to be able to undo or go to a delete list and see entries that were deleted.
In my layman's opinion pressing that button is an explicit request to delete the data. Also the kind of behavior you are suggesting is not private-by-default and goes against the spirit of the law. I don't think that a judge will look kindly on it.
I am not a lawyer. I am not your lawyer. I suggest that you consult a lawyer.
That being said, the jury is still out on whether the EU can successfully collect fines from exclusively US based companies.
Large corporations like Google or Facebook have a presence in the EU and can be fined directly. Good luck in the courts enforcing gdpr to US only companies who have no servers or physical presence there. I imagine it will be a difficult process and not worth the effort in most cases.
Wouldn't leaving personal data lying around in your database like this technically leave you liable to massive fines?
This is based on my personal layman's understanding. I am NOT a lawyer. I am NOT your lawyer. If you need legal advice consult a competent lawyer in your jurisdiction.
It is to prevent people going to their Bank, where they have a credit card or a consumer loan, or a mortgage, and say "can I please be forgotten/be wiped from your systems - oh and the loan too!".
You just store the keys separately, assuming one-way encryption (losing the key) counts as deletion.
But... if deleted data is no longer processed, does that mean it can not longer be used for targeting etc?
Your backups should be cycled after a few months and the deleted data will eventually not be present in any backups.
Data could be thought of as radioactive so long as it has a unique identifier. If you can aggregate your fraud detection data in some way to remove the pseudonymous/personal identifiers then you should. If you can’t, then your usecase needs to justify the risk of keeping that radioactive material around.
Watch out that your aggregates can’t be reverse engineered though. There’s a reasonableness test around how easy it would be to recompile a users profile etc. As technology advances things that were once unreasonable become reasonable think md5). I find it helpful to think of reasonableness being connected to the best 10 people you recently interviewed, or the actions of any competitor in the space. If a prosecutor can point to the competitor and ask why you didn’t do what they did, you need a very good reason to pass reasonableness.
I also strongly suspect that in cases like FB or Google, the judges will happily go for the 4% mark if possible.
Yes, this is a good thing, in opinion. There was a case where a Finnish man was fine 54,000 Euro for speeding, where the fine is calculated based on income. I think this seems like a reasonable way of metering our penalties.
It seems reasonable to me companies should be treated in a similar manner.
I'm sure the EU will find some way to spend 2 billion € for something useful. (13% of their net income btw)
If facebook discover a backup from 2012 on a tape that hasn't had items deleted, and adapt their processes so it doesn't happen again, they won't be hit with a $1b fine. If they deliberately refuse to delete people's data as a policy, they will be.
I'm sure Facebook would do anything it could to work around these regulations and lobby as much as possible to have them overturned but I doubt they're reckless enough to simply ignore them and hope for the best.
No human ever directly accessed data so they don’t “know” it exists.
Ad targeter or whatever needs the data keeps working.
This seems like a trivial programming problem. I’m confused by the confusion.
And again, all that for what? Keep profiles on the small minority of users who bother to scrub their profiles, even though these same users are probably not very good targets for ads in the first place? I don't think it would be very rational for Facebook to try something like that unless they're trying to be evil for the sake of being evil.
The onus should be on you to prove you did.
One thing that is cool about all these pushes to teach every kid programming is that it might help instill “data values understanding.” Or whatever you call the source->object->runtime. And how data works.
Too many people confuse software with data “the data is in the app” and confuse it all with a book in a library. You just burn the book and it’s gone. Or you transfer the book from one library to another. This is a good metaphor for usage, but falls apart if you have privacy or security concerns.
Logic that seems natural and instinct to whatever you call people who program/use tech, is incorrectly understood by others. Especially “digital natives” who always had computers and Internet.
My kid has all of his files in google from forever. This breaks down in situations where Google’s interests are out of sync with his own.
Because of the round trip fallacy: People equate the absence of evidence as evidence of absence P(E|A) != P(A|E)
What it does is basically to hide the adds from you, but clicking all of them.
This is so messed up for add companies, that Google removed it from their App Store.
But I agree that it's pointless to delete visible data about yourself, because statistics are already stored somewhere else and you don't have power over it.
It might well be useless to start today with your existing accounts. But it's a principle worth knowing about nonetheless. It's certainly possible to poison data from the beginning of your contact with a service - especially for ones less pervasive than Facebook. An account that never sees entirely true data may not be able to build up an accurate profile.
Having said that, providing false information does violate the ToS for most sites. Which probably isn't a federal crime, given US v Lori Drew, but it's certainly not a good idea for an account you can't afford to have suspended.
Call it Social Chaff as a Service (SCaaS).
note: I know that some people actually would. but philosophically speaking I just don't get it, it's almost like its missing some kind of deeper point.
You give them too much credit. This would require some PLM being concerned with such activity enough to add the anomaly detection. Unless they are way proactive over theoretical issues.
Starting salary for a postdoc is a bit less than $50k, and this is after 5+ years of grad school, during which you make even less (often $20-30k) One can expect to be a postdoc for 3-5+ years before becoming remotely competitive for an independent (faculty) position, and another 5 years before the job is relatively secure. The competition for these jobs—and the remaining industrial ones—is savage and unpredictable.
This is bad for so many reasons: frantic people don’t do careful experiments or do good science, very smart people opt out all together and figure out how to make you click on ads instead, and a lot of time, money, and effort gets wasted in the churn.
If you want more cancer research and less ad optimization, nag your reps to improve how we fund research!
The gist is social media posts can be used as a unique fingerprint to correlate your whole browser history. Unless you are willing to spam your friends with useless links....
Researchers discovered a politician had a certain medical condition and a judge had "interesting" habits, even in privacy centric Germany. All from publicly available apis and data for sale.
They specifically say their algo is immune to data poisoning.
> I know I cannot close the barn door on any data of mine that's already out in the wild, but I can control any further scrapes of my Facebook data by manually removing as much of my Facebook Activity as I can. Unfortunately, and not unexpectedly, Facebook do not give you a simple way to do this.
I always come back to structural regulation works best. At the end of the day, we just need to make it very costly to keep too much information. We set rates for personally identiftying attributes (e.g storing a birthdate costs x, a partial ssn Y, etc). The charge is per attribute per person per day. This should incentivize the tech companies to develop and store broad scores (e.g scores high for likes sports and classic rock, low for opera) rather than personally identifying info
> When you use Google products and services, we keep some data with your Google Account, like when and how you use certain features. We keep this data even if you delete activity or other items.
> For example, if you go to My Activity and delete a search you did on Google, we'll still know that you did a search, but not what you searched for. What you searched for will no longer be stored with your account.
> We keep this data as long as it's relevant to meet uses like those above. If you delete your account, we remove this data from it.
In the Bin folder, right clicking a file gives the option "delete forever"...whether that is actually the case or not I don't know.
Easy enough. More than half of the people that Facebook recommends to be as "friends" are people whose language I don't speak in countries to which I've never been.
Nice AI, Zuckerbean.
Perhaps having a dense graph is simply more profitable for FB?
Sure they won't know who you know, but they can send their messages (ostensibly "on behalf of") that person you know/friended.
Sure, poison your personal data (get your Fakebook on), but going out and spamming connections may not exactly hurt FB.
No, all I've thought is that the AI sucks and is broken and for a company that's supposed to have the smartest people and unlimited money it should know better.
Beyond that, no.
All of this is of course a designed test to see how accurate the model is, to see how ordering of suggestions influences behavior, to see effects of noise, etc.
They aren't stupid and they aren't bad at their jobs. It's just a test.
Data Subjects have the right to obtain erasure from the data controller, without undue delay, if one of the following applies:
The controller doesn’t need the data anymore
The subject withdraws consent for the processing with which they previously agreed to (and the controller doesn’t need to legally keep it [N.B. Many will, e.g. banks, for 7 years.])
The subject uses their right to object (Article 21) to the data processing
The controller and/or its processor is processing the data unlawfully
There is a legal requirement for the data to be erased
The data subject was a child at the time of collection (See Article 8 for more details on a child’s ability to consent)
If a controller makes the data public, then they are obligated to take reasonable steps to get other processors to erase the data, e.g. A website publishes an untrue story on an individual, and later is required to erase it, and also must request other websites erase their copy of the story.
some strategies for poisoning data sets are described here https://iotdarwinaward.com/post/improve-your-privacy-in-age-...
Just because the marketers don't have your name as "John Argano", they still know everything about your handle "pishpash".
Even if its not your name, its not anonymous. The same profile can be targeted by political parties and manipulated in ways that we are coming to see as problematic.
Add-ons like Privacy Badger or Ghostery can block those though, right?
You can block that with e.g. a hosts file blocklist that blocks all Facebook related domains.
I'm on the verge of deleting my Facebook account, but for the same reasons as given by OP i'm hesitant. Facebook is the only platform with i use to connect to some of my closest friends on the other side of the planet. Also staying up to date with events/parties. If there was an alternative for these, i would've ditched Facebook yesterday. I've wasted too many hours of my life scrolling through the feed, being subjected to all kinds of psychological manipulation. Not to mention that Facebook probably knows more about me subjectively than any other person. I'm done.
I'm in the same boat. Here's a suggestion:
1) Keep your Facebook account.
2) Uninstall all their apps.
3) Replace your profile pic and cover photo with big banners saying you're no longer using Facebook and encouraging others to contact you elsewhere. The text should be big enough it's still readable which your pic is the smallest size.
4) Hide or delete all of your posts, photos, and likes.
5) Make a few posts over a period of time letting people know you're leaving.
6) Specifically contact your closest friends and ask them to keep you in the loop.
7) Bonus points: like random things that are uncharacteristic of you and upload and tag yourself in stock photos (e.g. from https://www.shutterstock.com/). I made all the poison data private to keep from annoying anyone.
This is what I did. I'm no longer on Facebook, but my profile is still up as a reminder to friends. If they're organizing an event, they have a reminder to message me outside of Facebook, and if they don't, I still get the notification.
Just be warned. Facebook will act like a needy ex for awhile, trying to get you back. You just have to unsubscribe from the needy notifications.
Using the "Hide" button instead of the "Delete" button I think works on untagging.
I keep saying this over and over. If you can't keep in active touch with someone (phone, email, IM, text, Skype) then they're not that important to you. It doesn't even need to be very frequent - once a quarter, every six months.
If you can't manage that level of contact with someone* then there's little point hanging on to the feeling that you're still somehow connected with them. Every generation prior to ours accepted this as their reality and yet we feel we're different somehow.
*Exception: everyone has friends that they may not talk to for years but as soon as you see them or get on the phone with them you can pick up the relationship effortlessly.
You need to contact people directly in order to preserve meaningful relationships with them.
Facebook makes it too easy to keep passive relationships with friends around the world, liking status's and photos are not meaningful interactions in my opinion...
Unfortunately, this is how I no longer connect with a lot of my long distance friends.
Worked very well for me. No reason you can't spin up an older version of FF (or 52 ESR) just to use this add-on.
I cleaned out all of my account's information first, and then slowly weaned myself off of use of the News Feed when I had free time. Eventually I wasn't even logging in once a week and just up and deleted my account.
If they don't let advertisers query deleted data - my original proposal would be effective at preventing third parties from getting your data.
If they DO let advertisers query deleted data - you can 'poison' you account by posting and deleting a huge volume of misleading advertiser-relevant data.
I really haven't used FB much over the last few years, but there's plenty of embarrassing high school posts/comments I'd like to remove without purging everything. Doing it by hand isn't really feasible (we're talking a few thousand items here).
I am using this extension right now after reading that comment.
Well, it does something: it erases your public comments on FB, and even more so, shows in a few steps how a programmer can go about doing so. Not everything has to be about what FB knows.
Your stuff may still be there but with that much noise it would make the data useless.
They could choose to ignore low confidence measurements and still assume you are the same person from that point in time last year. Given that they can measure the standard rate of change in people’s interests (per interest even), and how quickly interests fall out of style, they can then extrapolate how relevant certain ads might be for you today based on your old data.
Imagine that. They don’t just own your data today, they own all the forecasts of your data for years to come. Go home and sleep on it.
Better if you can get your account suspended for something that doesn't provoke a law enforcement response.
If you already use FB services, stop using them and don’t give anymore data. They will still know about you, but at least you won’t give them any new information.
Maybe so, but the success of marketing has different probabilities for different individuals. So, if you're Facebook, it wouldn't make sense to invest in de-poisoning poisoned tracking data if they'd have a low chance of success with their marketing messages. Also, I'm doubtful any de-poisoning technique is perfect, so the resulting profile is probably worse for targeted marketing, all else being equal, as well.
Isn't that like NP-hard or something?
Furthermore, would they care? Realistically, you're padding their numbers. Things can be popular simply because they're liked (whether it's synthetic or not).
If you do it all at once it’s trivially easy. They know a person doesn’t just become a new person overnight.
If you commit to creating an elaborate fake personality by doing things your fake self would do, it can be harder, but not impossible. Certainly not a problem for some of the greatest minds in Silicon Valley.
For many years Facebook thought I was Jewish and was spamming me with ads to become a rabbi and move to Israel, but I am the least Jewish person you'd ever meet. And that could easily be determined by publicly searchable data about myself.
You’ll probably get ads for people who are paranoid or security conscious.
- Seed a crawler with your own profile (or any other). Make it find 50~100 public contacts with public timeline in your network. Scrape their shares along with their timestamp deltas to their corresponding previous shares. Omit the very first, for that it lacks a proper timestamp delta. Put them all in a collection.
- Pick any one by random, post it all the same, after the same amount of delay as the original share against its previous share. Repeat.
You may shuffle the sentences whenever there are more than just one sentence, to obfuscate things a little.
How would it handle historical data? I don't think you can backdate messages and photos.
Also could you use ML to be more discrete to avoid the spam flag?
Too much trouble to even start that.
For example, the Hola "unblocker" C&C people have this service.
Do it progressively enough, and when would FB know the difference?
At the very least, it helps break the habit of visiting Facebook.
UPDATE picture SET date_deleted = now() WHERE picture_id = ?
I also imagine with all the data that FB has, they probably have a legal obligation to keep data as it can be useful in solving crimes or gathering evidence. In fact their TOS explicitly states that they will preserve data: "We may access, preserve and share your information in response to a legal request"
The event source can always be replayed to see the data at any point in time, including recreating stuff.
Yes. Facebook does. There's a quora question that asks "Why does Facebook provide an edit/revision history for edits made to comments?" https://i.imgur.com/GW0x500.png https://archive.fo/EKzQx
One answer says:
> I think its simply so you can see what was their originally. People are allowed to edit their comments now and they could write something one minute, get alot of likes and totally switch it to something else. If the comment starts off with something nice like "Have a nice day" and people like it and afterwards the person who wrote the comment comes back and changes it to something negative, then that would make you look bad. So it is there to make sure everyone can see what was originally there.
Another answer says
> Yes. It allows the audience to keep the content editor accountable for their actions. The transparency in information sets clear expectations for both the content producer and consumer.
Also deleted all albums and photos that I could. (leaving a few cover photos and a single profile picture)
I know there'll be backups and it's probably just a soft delete. But it was still an enjoyable process.
By default, facebook should allow you to keep a tailing delete of everything older than XX days if wanted.
Do you think you will share the code on github or something similar? Great writeup.
There's likely data retained in backups (unless they have some way of pruning your data from backups), and it's likely that your data already sits on an external platform OUTSIDE of Facebook.
Unless Facebook requires apps that you connect to to delete your information gathered from Facebook when you delete your FB account or when you disconnect an app, you're likely to have your personal data and likes and comments already somewhere else.
Just never publish anything you wouldn't be comfortable sharing with the World.
(for sure, the process is only a "soft-delete")
And yes, I intend to use FB in 'read-only' mode from now on.
If you visit a profile, view a video, open a group or message it's all recorded. I'm betting that they can even tell the probability you read an ad just by seeing if you stop scrolling on it and then start scrolling again.
If I can write to google to not appear in google search results, would it be possible to write to google and ask not to appear in their results when people search my name?
Other systems have handled this gracefully in the past. I hate when somebody decided to wipe all evidence out and put hours of life into the trashcan.
If you want Facebook to be responsible, set an example, and be responsible and respectful of other people's time and effort!