(1) This is probably a project by a small "research" group at Facebook. The goal of that group is probably to publish papers in a Psych journal or something like that about how they were able to correlate anonymized medical data with Facebook feed updates. Tech companies have these research groups for prestige, they are not central to the company mission.
(2) According to the article, the project was never actually started. So it sounds like a bit of a non-story.
(2) Yeah, but it wasn't started because of the pile on. You can't give Facebook credit for not starting this.
too late (2014)
This has got to be a new Facebook apology meme: the pile-on.
Until Facebook and privacy is regulated in the US, like GDPR does it for the EU, the pile-on should continue. Must continue, no matter how uncomfortable it is for the pro-Facebook, pro-ads or pro-spyware people.
Yes, it is boring, yes it is repetitive. And it will continue to be that way until facebook gains a shred of decency. But I guess that we should just forgive and ignore because there are too may of them?
Maybe you are not the target of these stories, the public at large do feel that they are surprising and shocking.
> the public at large do feel that they are surprising and shocking.
Not OP, but I don't think the point is that its a non-story to the public at large, I think the point is that its a non-story to anyone reading HN, which is decidedly not the public at large.
I get where they're coming from. If I go to reddit or local news and see a bunch of Facebook non-stories I would tend to discount that as the public finally waking up to this. When I come here and see a Facebook article I immediately assume it is important and I need to pay attention because the audience here is so different than reddit/local news. If I can't trust HN to filter for only truly important stories then I'll start to treat it like Reddit and look for a better source for truly important news, which would be a shame.
The HN frontpage is a pretty poor proxy for "importance." It's simply whatever the users of HN find interesting. AFAIK, there is no "only upvote truly important" stories rule.
Facebook PR strategy is now coming straight out of the Trump’s PR book.
I'm guessing for being a pro-Facebook shill and/or an anti-Facebook zealot.
People share data with Facebook for a particular, immediate benefit to themselves. I share my location so my friends can see where I am, I post my photos so my friends can see what I'm doing and who I'm with, I share my contacts so I can find my friends, etc. In and of itself, this should be fine and safe to do. The problem comes when Facebook takes the data that was given to them for one purpose, in one context, and they use it for another purpose now or in the future.
I can't make informed consent when it comes to data, because the real value of data only comes from when it's aggregated with other data -- either my own over time, or other peoples'. I can't know what incremental effect this datum has when it's combined with everything else Facebook knows about me, and all their other users, and run through their current or future machine learning algorithm. So, it's impossible to know whether it's in my interest to disclose any particular bit of information to them.
Details that are innocuous to human eyes can be very salient to algorithms. I might disclose a set of data points and never make any connection between them. I might mention I feel tired on one day, and write with a negative tone on a few other days, and wake up (i.e, open Facebook for the first time in the morning) later than usual. Without knowing this, that's enough information for Facebook to make a confident inference that I'm depressed, an inference that amounts to discovering private information I never intended to reveal. Of course, they don't disclose that they know that about me, but they do use it against me. They may target ads for anti-depressant drugs, or they may invisibly bias my news feed to have more negative content.
That's even assuming I'm aware that I'm disclosing information at all. If I log into Facebook to see what my friends are up to, then close the tab and start browsing the web, Facebook knows where I go on the web any time I visit a page with Facebook comments even if I don't post any comments. The content of the page, combined with other data they know about me and the other visitors to the site, can be combined to make inferences about me, my interests and hobbies, my sex or sexual orientation, race, socioeconomic class, medical conditions, vices, and so on.
We can't expect every person to become experts on data analysis so they can fully understand the implications of disclosing their data.
Yes there's some responsibility due them as well, but perhaps we can remain civil to our silent peers?
Didn't we establish that "just following orders" doesn't cut it decades ago?
If FB started hiring unskilled laborers and promised to train them up to be a software dev, I could see this argument having some weight. But, AFAIK, they don’t.
This is what many of us have been suspecting for some time so this confirms our suspicions. I don't think it's a non-story.
I feel that if such research was genuine, I see no reason why medical professionals couldn't get this information in a wholly transparent manner without a middle man selling your data about potentially sensitive issues.
Quite telling that it has been 'put on hold'. That in itself is a story.
It's been put on hold because Facebook PR knows that people don't read the details of stories. By and large, they read headlines - and many of those are misleading at best. The issue with CA, for example, wasn't a data breach - the data they had was collected in compliance with Facebook's rules at the time. Yet many headlines and soundbites have used the term "data breach" throughout this incident.
So, when 90% of the population incorrectly believes, based on some soundbites and a couple of headlines, that Trump hired CA to hack into Facebook and steal their data, read their minds, and steal the election, you don't want to go forward with something else that might sound scary in yet another mischaracterized headline or soundbite. If putting this project on pause is a story, that story is that Facebook has a PR department that understands its audience....I don't think it says anything one way or another about this project.
"Data breach" means an unauthorised access or use of data. Cambridge Analytica was not authorised to access or use the users' data. Therefore, it's a data breach.
It makes no difference if the breach uses a zero-day exploit to access FB's database, or if it uses social engineering to get someone at Facebook to send them a hard drive, or if it's some researcher being given access under false pretences.
"Data breach" is a catch-all like "homicide": that term encompasses murder but also involuntary manslaughter, euthanasia, and capital punishment.
It makes an enormous difference because it affects what the public should reasonably be afraid of in the future.
Scenario 1 (what actually happened): Facebook used to have bad app policies that were too permissive, and political candidates like Obama and Trump abused data obtained under those policies. They were changed 4 years ago, and this behavior has not been possible since then.
Scenario 2 (what the media is implying to get clicks): Breach! Breach! We have a breach! Highly paid hackers are breaking into Facebook, stealing your data, and using it to brainwash you! Facebook is incapable of securing your information and therefore we must ensure that they never get any information about anyone ever again!
So, your personal definition of a “data breach” notwithstanding, it is both alarmist and inaccurate to use that term in describing the CA situation. Where news headlines are concerned, the most commonly accepted definition of that phrase, which is being intentionally used to conjure up false images of scenario 2 above, is the only thing that matters.
On the other hand, it's hard not to get conspiratorial, given https://www.cnbc.com/2018/02/12/facebook-rupert-murdoch-thre...
According to the article the reason for why it was never actually started was because of the "Cambridge Analytica data leak scandal". Very important distinction.
I don't mean "identify" as in, de-anonymize them, but to use data to figure who may need help (or advertised to -- same difference really).
This actually sounds like a good idea if that's the purpose.
It's not any different than retailers identifying cohorts they can sell to.
It also sounds very similar to what a lot of AI research does (in my limited understanding of it). Take known samples and use that to identify/predict other things...
You may very well be correct, but how do you know that?
> because insurers don't have the means or know how to.
Again, where do you get your insight on the inner-workings of insurance companies in general from?
I'm not disagreeing with you outright. I just wondering if you're guessing or you have actual knowledge to the one or more health insurance companies and their actuarial and analytics processes.
Why are we still giving this company the benefit of the doubt after years of blatant abuse?
Advertising corporations shouldn't be anywhere near my medical records, period.
With blessings from on high, no doubt.
(2) According to the article, the project was never actually started.
Oh yes it was -- the FB spokesperson said it was in the "planning stages". That's quite definitely a form of "starting" (especially for large companies).
If a local waste disposal company were to acknowledge that it was in the "planning" stages of, say, a major incineration facility on that vacant lot down the street your kids used to play in... you wouldn't say this was "a bit of a non-story", now would you?
The more this keeps up, the more concrete privacy issues will be in the minds of many.
And yet, HN is full of dismissals. I've decided that to many here, the idea of being in an "elite", informed group is more important than the actual issues.
Given that you are not the target audience of these stories, are you really in a position to judge whether they have reached "dead horse" status?
They want the stories to stop because they fear the general public may finally be gaining awareness of the abuse they're being subjected to.
Do you mean to say it's voyeurism, i.e. the draw of being "informed"? Sitting in the eye of the panopticon?
I think people just have a tendency to focus on the positive things that might be gained from data mining. There's just a lot of naivete about how compromised an ad-supported business ultimately is.
Isn't that an argument for not having HN filled with these articles?
HN is just for "breaking news." It has an established culture of re-posting "old" stories if they're interesting or informative in the context of more recent events.
I don't think it's a non-story.
At least for me it reinforces my reading of this company's attitude and hangling of their user's (and the population's) privacy.
It's a datapoint. It's not everything, but it's not nothing either.
"In times like these, the most important thing we at Facebook can do is develop the social infrastructure... "
"For the past decade, Facebook has focused on connecting friends and families. With that foundation, our next focus will be developing the social infrastructure for community -- for supporting us, for keeping us safe, for informing us, for civic engagement,"
" I have long expected more organizations and startups to build health and safety tools using technology, and I have been surprised by how little of what must be built has even been attempted. There is a real opportunity to build global safety infrastructure, and I have directed Facebook to invest more and more resources into serving this need."
This is barely a year old. Did he not lay out a vision where FB powered our civic, social & community services?
(1) There is no guarantee they will accurately associate that "anonymized" data with my profile.
(2) There is no guarantee they will "do no harm" with that data. It's a way to run-around existing HIPAA protection and something a lot of organizations would pay for if they could.
A couple points of speculation:
* Facebook may possess a machine learning algorithm which can estimate weight from pictures. Getting within 5 pounds would eliminate most other people.
* Facebook could make photos of you and estimated weights into a time series, and pair up appointment dates with photos shared.
* Given enough photos with you and other people, they could probably estimate your height reasonably well. We know height distributions by age and race. If you're a Caucasian 21 year old female and consistently on average 10% shorter than the Caucasian males you're standing next to, that gives some info.
* Many people have willingly given the familial relationships to Facebook (tagging people as mom, dad, cousin, etc.) which will only help in being confident of race and the various risk factors which are higher in each race.
* Facebook knows your gender, which cuts out about half of the people. Such a basic fact would almost certainly be shared by the medical community.
* Facebook either has your birthday or could estimate it based on how you look. Again, being 98% confident of your age +/- 3 years cuts out most people.
All these fuzzy signals added up could lead to a reasonably confident matching up.
Anonymous data release is difficult. About 87% of people are uniquely identifiable by their date of birth, zip code, and gender.
But Facebook has the source data from which hashes were generated so they can alway reverse them.
Furthermore, if you take a hash from name and surname, it can be easily reversed because the set of names and surnames is relatively small.
The problem is that the number of inputs is limited and it's trivial to enumerate over the input values. Let's take a contrived example: We have the data of a small, entirely made-up island where only two families live, so we have two surnames. Let's name them Foo and Bar. Now, they have an entirely funny tradition, they all get first names based on the order in which they were born (1). So we have Firstborn, Secondborn. Let's also, for simplicity assume that each couple gets exactly two children. That gives us the following 4 possible combinations of names:
So no, salt's won't save you here.
(1) This is not entirely fictitious: https://nowiknow.com/wayan-balik/
(2) See for example the hashcat benchmarks http://thepasswordproject.com/oclhashcat_benchmarking and https://blog.codinghorror.com/speed-hashing/
I am sure that the privacy issues could be overcome with a properly run experiment, however there probably needs to be some rigour around that (possibly more than what was going to be provided given FB's history).
Facebook is about "connecting people" to ads and companies that want their data.
Would FB actually ask the users if they wish to opt in to this sharing? Does FB ever care about its 'products'? Sorry I meant to write 'users'.
I'd find another doctor if Facebook ever showed up on there.
I would think it would be illegal for the medical side to share and for Facebook to use their massive data collection in this manner if it's not buried in their impenetrable privacy statement.
In the days of crypto currencies, brute forcing the hashes (imagine names, day of birth, city) is a trivial task.
They might have a lot of data on people by now as many of my ex-classmates joined for blood donation drives.
People don't care about privacy anyways(At least where I live until some one explains them the implications of it. :/
I cant prove that they collected the volunteers data though as I didn't take part in it.
Stanford School of Medicine Ombudsperson:
email@example.com / 650-498-5744
CEO Stanford Healthcare: 650-723-4000
Some free things are actually wholesome. So we have to learn how to discriminate between whether something free is actually good for us.
The previous director quit after less than two years. There are videos on YouTube of motivational speeches for Building 8 projects. I watched one; it felt like cult-like.
One of these Building 8 projects, Aloha - a video chat device, was set to launch next month but they have sidelined it, for obvious reasons.
Apparently they took surveys and users did not trust FB; they were worried the device would be used to spy on them.
Then they considered marketing it as "a device for letting the elderly easily communicate with their families." They also considered selling it under a name other than Facebook.
It discusses the issue of "the creepy line" and how to manage it in terms of getting informed consent to use electronic patient records.
He suggests NHS has "25 years of data on 50 million people" but because consent is required they cannot extract much meaningful information from it.
He tells that in an effort to "get around" this problem, the government proposed the concept of "implied consent".
A former shipyard worker in one of the authors workshops evaluated this concept plainly as thus: "Clearly some London-based bollocks. Nobody implies my consent."