Facebook tracks virtually every website you visit, as well as usage data from many apps, even if you aren't logged in to facebook or don't have an account. We use this data, and tie it to your identity whenever possible, so we can charge advertisers more money.
And here I was thinking people the past month or so are putting FB at the forefront of the conversation about the use of what should be private data, when there are already companies doing this everywhere on the Internet. Any typical website with a storefront (Macy's, GAP, etc.) track what you buy, when, why, etc.
It's definitely about more than Facebook. I don't blame FB PR for making sure to explain other companies are using your data and basically manipulating you with it.
Afterwords we had time for open questions, and I joined the line. When it became my turn, I asked the owner about whether he had any ethical or moral qualms about what he was doing and he just laughed. He gathers data from hidden interactions with client websites (fashion brands, for this demo) to quite literally 'follow the customer around' and 'influence their purchasing decisions'. He was quite proud of just how deep into his shoppers' lives his product was integrated.
When I looked around the room during the height of this exchange, most everyone seemed indifferent and only a few seemed to acknowledge or validate my arguments. It was a supremely disappointing and depressing experience.
It was the same thing, pre-crisis, in finance. "Of course I screwed him on pricing! He isn't my customer, he's a counterparty. He should have expected I'd screw him."
When an industry is making money to society's detriment, it will not fix itself.
This is something that is wholly uncovered in this whole debacle -- aggregate data (aka "anonymized" data ) is the cake beneath the icing. While Facebook et al may play nicely with regulators (and the general public) by quickly backing away from wholesale "unfiltered" data access, they can skirt the rules by providing "researchers" with anonymized data.
All of them want this anonymized data for their own analytics reporting to measure success metrics and most will walk away when the spigot is closed.
Probably, given the many past cases of academics using this kind of data to demonstrate de-anonymization attacks, with some very special vetting of who the researchers are and where their loyalties lie.
Here's a decent writeup of their first big research-related privacy blunder: https://www.chronicle.com/article/Harvards-Privacy-Meltdown/...
1) industries can evolve to no longer be predatory against their own customers/consumers of their services, or
2) just because one sector participant is behaving in immoral behaviour doesn’t mean all are, and labelling the entire industry as corrupt as a result may not be fair.
People often talk about ethics and values when they expect it from others or wider society. Yet they often fail to act in ethical ways when it comes to them and somehow manage the dissonance.
Our current system incentivizes profit over all else and many will respond to this. If our system rewards unethical behavior we should not be surprised with the results. Regulations around safety, environmental, labour and other ethical issues have to be put in place to temper the worst impulses. If slavery was legal many would be willing justify it as long as they gained from it.
We will have to regulate and disallow micro targeting that drives this insatiable need to stalk users and hoover data to build incredibly invasive profiles. And unless something is done it will keep getting worse.
Can we at least pretend to argue in good faith?
If you put economies on a line between free markets and communism, the economies do better the closer they are to free markets.
> and room for new thinking.
About every mix has been tried already, and the results are clear.
How do you explain to grandma that publishing photos of her grandkids is to the detriment to society as a whole?
I think it's important to remember that Facebook provides a service people really want, which makes it hard to convince them to mistrust it.
Most countries have consumer protection laws to protect the rights of customers and stop deceptive business practices. When a significant portion of a company's customers feel deceived, it's easy to see that the company is not being honest to their customers.
Joe's Ad Tech Shop has a tougher time of that, even though they do build exactly the same profile.
Everyone wants to know what people do on their site, the big technological problem with all of the above is that the same companies do it across everybody's sites.
The level of tracking that happens that people aren't aware of is scary. What Facebook has been revealed to do is pretty low on the creepy scale compared to what is happening.
Walk into a car dealership, and you'll see this blatantly in action.
But yeah, it's very plain that how you are treated by a salesman and what they offer and at what price is very strongly connected with how you dress, are groomed, speak, what car you drove up in, etc.
I’m OK with being shown different products. But not with generic items being marked up.
FB, Google, twitter get data from all the websites which make the error of using their scripts: be it analytics, social buttons or "login with whatever". Everytime you use assets hosted by a third party they get free data about your users. Every time you use a third party service you're giving data about your users.
Facebook's ad/privacy page told me KLM had shared data with Facebook. I don't remember agreeing to that, I'm diligent at unticking the box or whatever, but in any case, I doubt it only goes one way.
KLM's website includes at least 15 trackers.
I'm looking forward to 25 May. I will write to all these companies, and demand that they stop sharing my data.
Even if other sites are doing (fundamentally) the same, they probably don't have such a clear and overarching picture as FB does.
I don't disagree with you though. Having most sites track you sucks.
But on the other hand, any company that can admit to controlling (at least in part) a person's interests, choices of purchases, etc. control a significant more of a person than you'd think.
Said person thinks they're making the decision themselves, but in reality they're being prodded in a certain direction. When they make a purchase and use the item, others see, and they might also be influenced as a third party, and so on.
I'd say it's pretty dangerous, but it tends to be overlooked.
So sure, there's an entire industry built for this, but Facebook has some truly unique properties that make it light-years more dangerous than your typical ad network.
This seems to be news to so many people but marketing and advertising has been tracking and advertising to you this way for centuries including sharing of data.
Marketing and advertising has not been tracking all of us _as individuals_ for more than the last couple of decades. How could they possibly have done this in the previous eras of dumb broadcasting and dumb print media? Newspapers can't follow you around in department stores to see what you like and target future ads to _you_ as an individual. They can advertise in places that make more sense, e.g. kids toys on a kids TV channel.
So yes this is new and yes this is manipulation, and this isn't the only way it has to be. We can still have convenience and better advertising without the mass tracking of individuals. But as long as we have people defending the current status quo as you have here, then nothing will change.
- It assumes this is all that the data is used for and that the data doesn't get a second life with companies that can use the information to punish you.
- It assumes that the data is never stolen by malicious entities and put to use against you
- It assumes that all the data collected is required to provide the information promised
- It assumes you want to buy things from theses stores in the first place (think ideological reasons for not shopping at a place)
- It assumes you knowingly consented to these terms with understanding of the cost
Basically no matter how you shape it, it's the advertisers trying to avoid saying they've entered you into a system and contract without your consent, but it's okay because "you get to see things you want to buy", neverminding that this rarely is the case and the algorithms are hyped up beyond belief, often offering advertisements for items you have already purchased and need to rarely purchase. (e.g., you just bought a water heater, here are some other water heaters you might like)
I'm not really convinced by lengthy Terms of Services and FAQs like Facebook's that they honestly care about people being upset as they miss the point entirely. You still don't know what was collected specifically, you cannot opt out of it from their side (must use blocking tools which companies constantly change their code to avoid), there's no way to verify about any of the information they've collected or whether they've stopped collecting it if you opt out, there's no way to confirm that your data is deleted if you request it, etc.
All this for slightly targeted ads?
The problem is when the business decides to start promoting similar, yet different items, knockoffs, etc. that "match" your profile, yet aren't what you would've wanted to originally buy. So you wind up getting steered to something that may be of lesser quality, etc. This might be the result of the company making a larger profit on the alternate item or something else.
Is that true though? Many sites have Facebook share buttons that don’t actually load anything from Facebook unless you use them - they use a locally hosted button (I do this on my own sites, and got the idea from seeing it on so many other sites). I don’t see like buttons (which are directly loaded from Facebook) with anywhere near the frequency I once did either. In fact, the like button is only used on 0.5% of the world’s websites . Even the Facebook pixel, a common target of the scorn of privacy advocates, is only in use on ~12% of the top 1 million sites .
12% is hardly “virtually every website you visit”. It’s pretty alarmist to say that.
This is incorrect. "When you load up your site with a host of sharing buttons you're – unwittingly perhaps – enabling those companies to track your visitors, whether they use the buttons and their accompanying social networks or not" .
> the Facebook pixel, a common target of the scorn of privacy advocates, is only in use on ~12% of the top 1 million sites
So only tens of millions of people whose browsing history is being siphoned off without their consent?
And yet this is precisely what I do on my sites, and I have seen it done this way on many, many other sites as well.
Tens of millions of people are asking Facebook for the Share button in case they want to share the content they're looking at.
Fixed that for you.
Only the soul-less marketing drones without any sense of morality, ethics or empathy for others are asking for the share buttons, even if the only party profiting from them are the tracking companies.
This can be prevented and in fact, may have to be prevented with the new EU privacy law.
Here is a wordpress plug-in that helps to protect the privacy of your users and helps comply with the new law:
It basically requires you to activate the social buttons first with a click.
Since you seem to have a significant issue with Facebook, I’d suggest that you block all connections to them, which should solve your problem. Most firewalls, including the free Windows Firewall, enable you to easily block all connections to any root domain. You can configure your firewall to block *.Facebook.com for example, and then you will no longer have to worry about Zuck monitoring you.
The idea that our decisions are just independent and everyone can decide for themselves is (A) wrong in terms of how we are affected by decisions made by others (B) anti-social and (C) denies the reality of organized power.
If Facebook had to just be a bunch of unorganized, separate, independent people instead of a company with organized structure, they'd not have the power they have. They have power because of their organized structure. The idea that the other side of thing (the regular citizens) should only act as isolated individuals while the companies act as enormous organized power is ridiculous.
If there are more powerful superiors, then wouldn't the same argument apply? They must be powerful because they have superiors, etc. etc. ad absurdem…
My point wasn't that any ONE person (Zuck or anyone) is all powerful or influential. The point is that SOLIDARITY i.e. ORGANIZATION itself confers power on the organization.
Organized power might be distributed where no one person can dictate the organization's direction. Or it might have an all-powerful-dictator. Either way, organizing confers power to the organized entity.
Corporations are powerful, even though they are constrained in various ways and the power is wielded by a mix of actors within the corporation.
Consumers / citizens who each act unilaterally have less power even though their aggregate decisions can have powerful effects in the market (because they are disorganized, they can only choose from what the supply side offers, we don't get true demand-driven products).
Organized power doesn't necessarily mean top-down either. See the Starfish and the Spider (book about decentralization). Decentralized entities are more persistent (no single head to cut off to kill them), but decentralized ≠ unorganized.
Regardless, it is a moot point because third party tracking is here to stay, even under GDPR - you'll just have another message box to dismiss when browsing. My favorite so far is this one - http://prntscr.com/j67usw . I offered a few ways to slow down that tracking above, but the only true way to not be tracked is to not use the Internet, because none of this even broaches the subject of what data ISPs collect about your behavior.
This is a problematic attitude. It's the car dealer telling the lemon  buyer to "take personal responsibility" for being sold junk.
The point of government is we don't stand alone. Facebook is a menace, and I block them. But I shouldn't have to. And neither should my mother.
> it’s hypocritical to only have a problem with Facebook when Google is doing it on a scale that Facebook can only imagine
Whatabout whatabout ? "You can't arrest me because there is another arsonist in town" isn't a valid excuse.
(In any case, third parties calling out some, but not all, bad actors in a category isn't hypocrisy. It's prioritization. Hypocrisy would be Google calling out Facebook's advertising model, or an Enron executive criticising Facebook employees' complicity.)
That's a flawed analogy. Paying for a car and being defrauded is in no way related to being tracked by websites. A better analogy is walking around naked and then being upset when people look at your bare ass. If you don't want people to see you naked, wear clothes. If you don't want people to track you on the internet, don't expose yourself.
>The point of government is we don't stand alone. Facebook is a menace, and I block them. But I shouldn't have to. And neither should my mother.
That's not the point of the government. Many of us don't want the government to be an all-encompassing nanny state deciding what's okay for private parties to do with public information. Its incredibly disturbing how many people not only tolerate, but openly welcome government regulation of private, interpersonal behavior. You say they should block Facebook. They have already blocked Backpage. What else do you want to give them the power to block? Where do you draw the line? Personally I think Facebook is extremely scummy. I'm not on Facebook, and I block them in every way - but I certainly don't want the government blocking them - or anyone else - on my behalf.
This is incorrect: they're both examples of informational asymmetry being used to disadvantage a consumer. In both cases, that consumer needs to possess technical knowledge in order to understand the ways that the counterparty entity is exploiting them. In the case of the car dealership, at least the consumer is aware of the stakes when they step onto the lot, i.e. they are planning to buy a car. The problem with Facebook is exactly that people aren't aware of how they are being monetized, and that there is an explicit financial incentive to obscure that from them. They are stepping onto a car lot, or more accurately a surveillance operation, that has been made to look like an amusement park. "Personal responsibility" is a convenient fig leaf for people who want to pretend that the amusement park wasn't the sales pitch. If you don't like the original analogy to a used car salesman, consider the need for similar regulation around financial services, clean water, pharmaceuticals, etc. etc. etc.
I think there's an analogy here-if enough people are being successfully abused by private companies it's no longer a matter that you can just pawn off on some sort of concept of personal responsibility. If your beloved private companies are threatening to exploit people hard enough to threaten the very existence of democracy, then it certainly starts to look like something where exploring a government role is worthwhile.
Yours is a technical solution to a human problem. If we care about democracy and the future of the Internet, we will dismantle Facebook. (I expect we will, though in typical democratic fashion, after years of quibbling.)
That's the very crux of the whole "debate" over everything from Facebook to "Russiagate". The bottom line is, you can't fix stupid. We have a very serious problem with stupidity and ignorance in this country. Far too many people lack basic critical thinking skills. You can't childproof society because far too many people are easy to fool. This "problem" won't be fixed until we have a critical mass of people who can think for themselves, be skeptical and aware.
Tl;dr He was trying to sound helpful while telling you to go fuck yourself.
The reality is that you have a choice: use the Internet and have some tracking happen, or don't use it at all. Even the GDPR doesn't stop tracking - it just requires better disclosure of it and mandates certain handling procedures for the data that is collected on the backend.
If you just have a dislike for certain websites tracking you, you can use the Windows (or other) firewall to block specific domains as I stated above.
(I am not talking about criminals here, they wont care)
Effectively this means that if user doesnt want to be tracked you wont track it. And that you cant load facebook button on your page if you dont get consent (or you are liable for lawsuit, by user and, the more interesting part, by facebook as you are providing them with illegal data.
Please read this, you are taking GDPR much too shallow... it is not and quite a few companies will have problems as they were too lazy to read the GDPR but were rather relying on messed up opinions on the internet.
When you visit a website that uses our advertising products (like AdSense), social products (like the +1 button), or analytics tools (Google Analytics), your web browser automatically sends certain information to Google....we may use the information we receive to, for example:
Make ads more effective....
The Google Analytics property owner has to explicitly opt-in to allow Google to do this. And part of that opt in includes the site owner agreeing to an addition ToS certifying that they both disclose they do so and have appropriate consent to do so. You can learn more about that at .
In practice, most site owners toggle this feature on without realizing the liability they've agreed to. Because it enables additional reports in GA (by merging and exposing the demographic targeting data their ad system has), as well as pushes GA data into Adwords and DoubleClick if you want to link your accounts. But, Google does keep the GA data siloed off by default.
12% of 1,000,000 is 120,000.
Not advocating for one side or the other, just correcting the math.
One person commented on 12% of top 1m sites. Another is commenting on 75% of top 100k sites.
EDIT: Checked the source material links and GA is on 65% of the top 1m. That is definitely more, and a more useful comparison I think.
Grandma configuring her what now?
I wouldn’t say that anywhere near most of my browsing originates from Facebook ads...in fact I’m not entirely sure I have ever clicked on one except to view competitors’ landing pages. I’m guessing that most other people don’t limit the sites they visit to those they are shown in paid Facebook ads either. So the overall numbers are extremely relevant.
Therefore most traffic on internet is traceable. Key being traffic not count of sites in my analysis.
> Over the last week ... the Like button appeared on 8.4M websites covering 2.6B webpages, the Share button on 931K websites covering 275M webpages, and there were 2.2M Facebook pixels installed on websites
12% of websites can still reveal a lot about you - a few news sites and they'll know your political leaning and topics of interest. A recipe site and they could deduce your race. A lyrics site can indicate your gender, race and age. Etc.
That have placed Facebook buttons or analytics code on their site, which Facebook has no way of forcing anybody to do. So if you don't like sites giving Facebook your info, maybe you should raise this question with those sites?
poisoned food indeed
They should then hire people who understand it, or not put these buttons on their sites.
Docs for FB pixel say: You can use the Facebook pixel to understand the actions people are taking on your website and reach audiences you care about. "Understand actions" means tracking. Who is doing the tracking? Well, it's called Facebook pixel, how many guesses does one need to get that one?
Pretty much all other FB gadgets download content from Facebook. If site owner doesn't understand that means tracking by Facebook, maybe they need to educate themselves or ask for advice before blindly copypasting third-party content into their site? Facebook button is way not the worst thing one may copypaste from the internet...
I think though they realize it and they are completely ok with it, in exchange for the traffic that gives them.
> Because it's the complete opposite of common sense,
No, it's not - if you put a Facebook button on your site, you are bringing Facebook into your relationship with your site visitors. Then you learn Facebook is part of that relationship - what a surprise! Come on. If you don't want FB as part of the deal, don't invite them in.
Facebook does not warn website owners that adding Facebook button with the official method tracks users (I wonder why...): https://developers.facebook.com/docs/plugins/like-button
From the Facebook docs: "A single click on the Like button will 'like' pieces of content on the web and share them on Facebook. You can also display a Share button next to the Like button to let people add a personal message and customize who they share with."
I see no mention of tracking there. And "people should guess" isn't really a viable excuse to me, it should be stated that their button tracks people and might be unsuitable depending of what they want to do. The documentation should also offer other non-invasive methods to do it.
Bruce Schneier's article on this is well worth reading - he takes a broad view of issues both with Facebook but also with the wider industry. And he discusses it from a perspective of societal benefit and harm, which I think is useful.
But for every article about Facebook's creepy stalker behavior, thousands of other companies are breathing a collective sigh of relief that it's Facebook and not them in the spotlight. Because while Facebook is one of the biggest players in this space, there are thousands of other companies that spy on and manipulate us for profit.
Harvard Business School professor Shoshana Zuboff calls it "surveillance capitalism." And as creepy as Facebook is turning out to be, the entire industry is far creepier. It has existed in secret far too long, and it's up to lawmakers to force these companies into the public spotlight, where we can all decide if this is how we want society to operate and -- if not -- what to do about it.
There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data. Last year, Equifax was in the news when hackers stole personal information on 150 million people, including Social Security numbers, birth dates, addresses, and driver's license numbers.
You certainly didn't give it permission to collect any of that information. Equifax is one of those thousands of data brokers, most of them you've never heard of, selling your personal information without your knowledge or consent to pretty much anyone who will pay for it.
Surveillance capitalism takes this one step further. Companies like Facebook and Google offer you free services in exchange for your data. Google's surveillance isn't in the news, but it's startlingly intimate. We never lie to our search engines. Our interests and curiosities, hopes and fears, desires and sexual proclivities, are all collected and saved. Add to that the websites we visit that Google tracks through its advertising network, our Gmail accounts, our movements via Google Maps, and what it can collect from our smartphones.
GDPR will to large amount take care about 3rd party tracking based on two things: the consent needs to be given for each and every 3rd party tracker site before it is loaded and another thing is that the website owner will be held liable if 3rd party provider will abuse the data without consent or use it for non stated purpose (sell it to someone else f.i.).
If you are more interested into details, here is an excelent explanation:
I'm literally waiting for the day that GDPR comes into force to exercise my right to be forgotten.
 - http://www.europe-v-facebook.org/EN/Get_your_Data_/get_your_...
1. See what data they hold.
2. Have it deleted.
3. Formally withdraw consent to the collection of future data.
4. Follow it up in 6-12 months with a subject access request.
How about just stop exploiting a technically illiterate government that is incapable of regulating you? You know when you're doing it, everyone working on an analytics engine knows exactly what the fuck they are doing, trust me. How about you just stop?
Because I can’t recall a single instance of when Facebook or Zuck lied to the public... but I recall plenty of lies the media has spread about Facebook
How can I know that I'm infected? How to disinfect myself and feed them false info?
And should stop that. Because not the police.
Honestly I think the bigger issue is that Facebook tracks you on third party sites when you are logged in to Facebook - in those cases they easily know your exact identity. Most advertisers can't do that. Google could, but I'm not sure if they do or not.
It's a shame we've allowed a web to be built which allows for this kind of exploitation.
I'm also acutely aware that it's not just Facebook.
Can you justify why we as a society should want companies to operate at a scale like Google or Facebook?
The simple (and inevitable) solution is to break up Facebook. No need to even get that complicated, at least to start: Facebook, Instagram, WhatsApp.
There was a time when anti monopoly laws were taken seriously. That you are the number one social network should not be used to also become a big player on advertising, selling items, casual games, etc.
Letting companies leverage on a monopoly to gain other markets is dangerous for the economy.
Over the past century, economists came up with a measure of firm concentration called the HH Index . The HH Index is "the sum of the squares of the market shares of the firms within the industry (sometimes limited to the 50 largest firms)". (It's derived from the Simpson ecological diversity index.)
Market share is a measure on customers. The DoJ used the HH Index to measure monopolies because monopoly power was understood to result from excessive market share. The case of non-paying consumers was never legally considered.
TL; DR More than apathy explains the delays in bringing antitrust action against Facebook.
Is there an already-available analogous quantity to market share here? Or do you have thoughts about what might be used?
BTW, it's interesting that the HH index uses sum of squares to measure concentration of the distribution, where something like the Shannon entropy seems more natural -- although, "seems more natural" is subjective I suppose.
I only add the latter because it's separate enough already, and you can now sign up "without" a pre-existing fb account.
Is it similar in function to WhatsApp? Yep, but if we split the company along product lines Messenger should be considered a suitable product.
I was involved in the relatively early days of this, so probably techniques have improved. But I worked for a startup that was doing search retargeting, among other things, and when I ran the numbers I just didn't see a huge increase in click-through rates. The data just wasn't there.
Like I said, I'm sure techniques have improved. But I still continually see ads retargeted to me that are both creepy and ineffective. Marketing me things I've already bought. Or lost interest in. I can count on one hand the number of times I've seen an ad based on retargeting that I thought "oh yeah I should pursue that."
Allowed? We volunteered for it.
We let train and oil companies do their thing in the late 1800s - which helped society. And when they got too big and damaging in the early 1900s, we regulated them. We're on the same course again, I think.
“You can remove any of these advertisers to stop seeing their ads.”
“Finally, if you don’t want us to use your Facebook interests to show you ads on other websites and apps, there’s a control for that too”
Reading that critically, there doesn’t seem to be any way for Facebook users to control what data Facebook collects.
I wonder whether that page will change due to the GDPR.
Part of running any advertising business is accurately billing the advertisers. To do that, they need to measure enough information to track viewed impressions, click-through rate, etc.
If they collect only enough information to perform business functions like these, I believe that would constitute a legal basis for processing under the GDPR.
They may have a harder time using that justification for information that is only needed for ad targeting. In that case, consent may be an easier legal basis for them to establish, for which an account would be useful.
so that’s likely a no. you could probably not argue that successfully
*edit: with that being said, i’m almost certain that there will be some way people find to offer ads and targeting with the GDPR
Possibly, but that would mean a narrow interpretation of ”Facebook interests”. Data obtained through tracking pixels on other sites technically could fall outside ”Facebook interests”, for example. I don’t see how that would fall within the GDPR requirement that they must tell users what they do with their data in a language that the users understand, though.
1. If I don't have a Facebook account, how can I delete the data Facebook has collected on me without creating an account?
2. If Facebook doesn't sell data, what is the purpose of shadow profiles?
Presumably to sell you ads, which Facebook doesn't consider selling your data--it's just selling access to you, which is only valuable because of the data. Does it really matter if they didn't sell your information if they just used it to show you the same ad they would have showed if they had sold your data? It seems they're relying on the idea that advertisements are somehow an OK form of privacy violation.
On the surface, that's actually a quite meaningful distinction.
But, less so when you consider that businesses go in cycles, and one day Facebook/Google/whoever could get desparate enough to decide they need some extra cash... or they could go bankrupt, and have it auctioned off...
Data collection as a whole is certainly a booming market, but it allows facebook to bypass the very reasons they were called into congress: mass manipulation. Facebook is a platform of mass manipulation. Ads are just the polite name. All of us realize that CA is a small fish compared to the other data warehousing companies out there. Does congress?
Targeting ads is the tip of the iceberg in terms of what could be done with the data if Facebook/Google/whoever gets more desperate for revenue.
1. Facebook runs its own ad network, so you might see Facebook ads even if you never go to Facebook's website.
2. You might still go to their website even if you don't have a Facebook account. Many local restaurants and community organizations only have a Web presence through their Facebook pages.
If you're visiting a site or using a mobile app served from facebooks ad network, you don't need to be on facebook or have a facebook account to be shown an ad.
They use the data themselves to categorize people and sell advertisers access to the categories. As an advertiser, I don't get a list of people - Facebook keeps that hidden. What I get is the knowledge that my ad is shown to the people I want in the category I want, because Facebook does that part for me. Shadow profiles enable them to do this in a much broader way, and also allows them to build growth engines into their system so if you do decide to join facebook, you see hundreds of suggestions that make you more likely to get addicted.
The wikipedia page doesnt have much:
With apologies to Shakespear:
"What's in a name? That which we call a shadow profile
By any other word would smell as repugnant;"
Why should the burden be on the non-user?
2. Most likely to jump start new accounts. They’ll be able to target ads at your new account better if they already have years of data about your interests.
They have it to finish before the GDPR enforcement date (25 May 2018) - at which time those organizations in non-compliance may face heavy fines.
So, all companies big and small need to have a good data governance that allows to delete data on demand. And, better than that, stop collecting any data that they don’t have been authorized to get.
1. There is no way to delete it. Facebook owns it forever.
2. Owning more data is better, for selling ads, for studying trends and behavior, for purposes as-yet ill-defined, and just cuz. And they don't sell data, they give it away.
I don't think they sell or give away tracking data. All the data disclosures so far has been about social graph data, which is very different data set. Detailed traffic logs from network like FB would be something that is very hard to collect, wouldn't make sense for them to give such a valuable resource out for free.
If the data is only associated with a browser fingerprint then I see the argument for it not being your data; it's just data. It's like saying Google Street view has your data because they took a picture of the front of your business or your house. Does it make a difference if it's your business or your house? If you move out, is it still "your data"?
Next, if they have your friend's contacts, is it "your data"? I sync my contacts with a number of services, but I've tended to think of this as "my data", not my friend's data. Is it because I grew knowing about the white pages; so assuming phone numbers are public, a collection of phone numbers to name is my making therefore of my property? Even if it's a collection of data about my friends?
Lastly, I think we'd all agree that combining your name and your browsing info would constitute "your data". Is it because there's non-public data associated with your name? Names aren't really unique, is it because the combination of your name and your browsing info IS unique?
Also, is facebook capable of doing this? If so how?
Never really thought about this before actually.
Kudos to FB for posting this in understandable languague. OTOH, it does have the scent of trying to get ahead of $SOMETHING.
Then at the end under "What controls do I have":
"you can opt out of these types of ads entirely — so you never see ads on Facebook based on information we have received from other websites and apps."
Except that that's only possible when you're logged in. The link they provide doesn't work for logged out users.
It seems they don't provide any control tools for logged out users/non Facebook users.
Not sure why their site only sometimes shows this link :/.
In other words, I see the benefit to FB of being able to say "Person A likes 1, 2, 3; User B likes 1 and 2 - perhaps they also like 3?" where A is a non-user and B is a FB user, but I don't see the benefit derived from identifying Person A to advertisers if they can only target that person on FB, where they aren't a user?
They also probably use it when the user finally does create a FB account.
We don’t accept mafia escalating violence for profit. I’m OK with facebook (the biggest SNS) losing business because they can’t abuse the system enough.
What about the others ? same can be applied to them, and it doesn’t need to be done in order (no need to wait to regulate Google or twitter to touch facebook)
A union of federated states globally could be a significant force for good.
Impossible for the forseeable future of course but why immediately dismissed as a scary outcome?
(1) Don't buy "smart" devices that collect data. You don't need them.
(2) Don't visit facebook.
It's that easy, and there are tools to help you do (3) such as adblockers and other browser plugins. For (2), even if you occasionally visit facebook, you can minimize information collected by controlling the environment you visit from (e.g. tor browser, VPN, virtual machine, etc).
The more challenging problem is data that your friends give Facebook about you, such as your contact info and tagging your face in photos. I wonder how long under GDPR till someone sues their facebook friends for providing information without permission?
I would absolutely 100% not trust that they wouldn't track me anyway. How could they not? Even if I trusted them (which I don't) it isn't possible: they'd at least need to know it was me where-ever I want so they'd know to not track me as I'd paid...
Would you pay someone to not follow you down the street? If you did you'd have a queue of people following you to collect their "share".
There's a difference between emphasizing something and yelling it.
You can use * (asterisk) or _ (underscore) surrounding a word or words for emphasis. Like this (asterisk) or _this_. As you can see, asterisks get interpreted by HN into italics. So maybe you can think of underscores as _bold_?
> As Mark said last week, we believe everyone deserves good privacy controls. We require websites and apps who use our tools to tell you they’re collecting and sharing your information with us, and to get your permission to do so.
I downloaded Facebook's data on me and found about 40 websites they said they had shared my profile with. I didn't authorize that. FB doesn't give me the ability to "revoke" permission to have my info shared with them, either. Nor does it allow me to request that the information on me given to those third parties be deleted.
- Advertisers you've interacted with
- - Who have added their contact list to Facebook
Hover over those you don’t know about; the X let you “Remove” those, i.e. ask Facebook to exclude you from those advertisers’ targeting.
If you are in Europe, you should be able, starting next month, to leverage that list to ask those advertisers how they got your data, and expose data brokers. Facebook is simply (finally) offering you the ability to track data brokers.
Which section was this in the downloaded archive? I'm not aware of any situations which this would happen except using "Log in with Facebook".
Can we just avoid this defence. The first one you catch, you prosecute fully and punish appropriately according to justice. Almost nobody knowingly signed up to be tracked everywhere they visit on the internet. Hiding it in fine print is every bit a con. You have ensure your conterparty understands the full extent of the contract or you have fraudulently obtained consent.
Facebook now. They should be fully prosecuted. Then we catch the next crook, and the one after until the lawlessness is dealt with.
My wife and I enjoy porn in our relationship. On my birthday last year, we were settling in for some, romance, and we open up pornhub only to find ads trying to entice me into a discount subscription for my birthday. They knew it was my birthday! Which, really freaked me out because:
1) I don't have or never have had an account with them. I've never given them my age and birthday. In fact, I never give out my birthday on the internet. I don't even have a Facebook, twitter, or any other social media account.
2) It was on my wife's tablet. I never ever use her tablet, especially for browsing porn.
Anyone have an idea the machinery involved in making this determination?
There's more to mining you then cookies and tracking pixels. They use IPs, hardware and software profiling, behavioural patterns, and even the way you type on your keyboard (this is very, very accurate.)
In short: you need a "clean room" (Tails) every time you go online and you need to change where you're coming online from (VPN). You can also use tools to change your keyboard/typing "profile" so as to cripple that means of tracking. Oh and you can't login to virtually any online account at all, ever, because these cookies can be used too.
Curious any other tools besides vpn and private mode you would recommend?
Any more links to read about these behaviorial, software and and type style tracking methods?
Absolutely everything they possibly can.
> and Why?
Because they want to in order to wring every last fraction of a penny out of the worth you are as a data point to sell to everyone else.
And because no one is stopping them.
I have NEVER been told by a website that they are doing this, let alone asking for my permission.
Yes, users consented to giving data to facebook. But they did so via a convoluted click-through legal agreement, which almost no one reads, and which denies Facebook access if you decline. Then they can use your data for what are human subject experiments.
If any other human subject experiment was proposed to a review board with that kind of consent form, it would be laughed out of the room, at best. No way would that be allowed.
"Informed consent" is what Facebook -- and other data companies -- should be seeking. We already have this concept for data and user protection in research. We should just extend it to the private sector.
- All others are doing it, so we're doing it, too and that's okay.
- We collect data on you, even if you don't have an account
- If you want to control your data, you need an account
- Despite collecting even more (like your phone number, name and additional info) from your friend's address book they shared with us, we don't inform you about that and surely, there's no way for you to delete that info.
Fuck you, Facebook.
Am I missing something or does this line conflict with the rest of the post?
There is no technical excuse at this point to have so many different bits of sensitive information floating around. And many of these pieces of information are permanently associated with you, meaning that any slip-up anywhere at any time can create a problem later on.
They have this listed as a privacy control, but it doesn't provide any way to tell them to not compile a list of the other sites you visit outside of Facebook.
Why were they acquiring that data about users?
In the leaked memo from a Facebook senior executive, what did he mean by "questionable contact importing practices"?
Do contacts count as collected data?
Why does Facebook collect contacts data, and why does FB collect it in ways that are "questionable"?
Why are the contact importing practices questionable?
$500B market cap: the market thinks they will succeed.
It's very disengenuous of them to mention that they collect data on you whether you click the button or not.
War is peace. Invading privacy is social.
Note: I normally prefer reactive punishment because it doesn't impose worldviews and agendas on people--jury of peers makes punishment human, etc. I'm also somewhat morally relative, but it doesn't take a genius to understand that economically viable and moral are not equivalent. The issues of digital data privacy and data ownership are issues of fundamental human rights, and many of us operate under governments founded on principles defending such (point being I concede not everything is relative, and I think socially our efforts are best served defending things we have very little argument about).
I'm sure there are thousands of active and passionate Hacker News users, many reading these very words that support online advertising through their job. Perhaps they are wisely being quiet? Perhaps it's because the whole issue is murky and morally ambiguous.
Now - one can make the case for ethical advertising... so why don't we?