Hacker News new | past | comments | ask | show | jobs | submit login
Facebook announces Clear History feature (facebook.com)
608 points by anigbrowl 10 months ago | hide | past | web | favorite | 344 comments

> after going through our systems, this is an example of the kind of control we think you should have.

No. You didn't 'go through your systems' and you didn't think of this at all. The European GDPR requires you to offer this, at least to EU citizens. Don't pretend that isn't the only reason you even built this feature.

Damn if you do. Damn if you don't.

At least acknowledge and respect what FB is doing here. Over the past month, everyone here was up in arms on how FB was collecting their data from 3rd party sites and there is no easy way to opt out or delete it. Now you have a way to do exactly that.

You can't have it both ways. FB is collecting data to target better ads but they are also providing much stronger controls for users to control what data you want to share. FB could've not done this (at least outside Europe) but chose to do it.

As a contrary example, look at Google or Twitter. They also have to follow GDPR guidelines wrt data erasure from 3rd party sites/apps. THey aren't choosing to offer this functionality outside Europe when, at least in the case of Google, they probably more data than Facebook.

So please acknowledge this effort from Facebook rather than staying on your high horse and being cynical about everything.

It would be so much easier to not be cynical if FB did this more than a month prior to the GDPR deadline.

BTW, picking Google as your example was bad - you could download, remove, modify your Google data since ... basically forever, I think; now that option is in "My Account" - "Personal Info & Privacy", but I remember it being there long ago; I actually did a data science course a few years back where the participants downloaded & explored their own personal information, so I'm quite certain this is not a new feature.

Thank you, Facebook, for not restricting this feature you were legally required to implement to only the users you were legally required to offer it to. That sound better?

>At least acknowledge and respect what FB is doing here

Thank you Master Zuckerberg for doing the minimum.

With Google, you could delete your activity before GDPR requirements


But only if you had a google account. No deleting your shadow profile User:1239875742, that feature is reserved only for those willing to give us their phone number.

Is there any evidence that Google has a shadow profile for people? I know that it was revealed that Facebook did/does and everyone assumed that Google probably does too but I don't think I've ever seen evidence that this is the case.

Disclosure: I work for Google, but I'm genuinely curious. I've seen no evidence of "shadow profiles" but it is a big company so I couldn't say for sure one way or another.

When they launched Wave there were reports of all kinds of chaos because people were automatically added. I don't remember if this was a case of "oh, you had this contact? We'll add them to your friends automatically." or those people crossed some classification threshold, but there were cases of stalkers and abusive exes being added without permission.

I think the chances that Google had some type of profiling system for non users is well above 80%.

I might be missing something, does FB allow you delete the data from your shadow profile if you don't have/create an account ?

Post-GDPR both companies will be required to. GDPR entitles European citizens to go dynamite fishing by sending companies requests to delete any data that is identifiable as being associated with that citizen.

You have to identify yourself to make the request, but the process should be self healing because they are then required to also delete the PII in your request to delete your PII (unless it's required for regulatory reasons, but this applies more to banks than google or facebook).

And before that we were already entitled to request that data, which FB "respectfully" dragged their heels over when people actually tried to use that right.

The criticism was only being leveled at Zuckerberg’s disingenuous claims about this being self motivated.

It's exactly this setting of low expectations from tech companies that work with billions of user's data that has taken us to where we are.

A majority of Facebook user's aren't'techies'. It was Facebook's responsibility to make such features available/easy to access in the first place. It shouldn't have to be a legal requirement. Google/Twitter doing or not doing it doesn't have anything to do with it.

But now they are offering this delete feature. What do you want them to do? Shut down the company because of the mistakes they committed in the past?

Also, Google and Twitter are relevant here since they are collecting 3rd party data and not offering this delete functionality. But no one is taking that up. Sometimes I wonder if this is really about privacy or just about Facebook.

> But now they are offering this delete feature. What do you want them to do? Shut down the company because of the mistakes they committed in the past?

This is indeed what happens to companies that cannot comply with the law because of mistakes committed in the past, yes.

Alright guys, party is over. Lets go home. Facebook is shutting down!

> Over the past month, everyone here was up in arms on how FB was collecting their data from 3rd party sites and there is no easy way to opt out or delete it. Now you have a way to do exactly that.

You mean collecting data FOR third parties for profit and the impact of these tactics of misinformation had real impacts. There is not much to "respect" Facebook for given what (little) we know now.

but it's so hard to plan events

>Damn if you do. Damn if you don't.

You're conflating healthy skepticism with being cynical.

>So please acknowledge this effort from Facebook rather than staying on your high horse and being cynical about everything.

Please acknowledge FB fundamentally doesn't operate with our best interests in mind and this is why the default attitude to the company should be one of being skeptical and cautious.

You can defend however you want. The original comment was a snark and the way it was written clearly showered cynicism when I read it.

>Please acknowledge FB fundamentally doesn't operate with our best interests in mind and this is why the default attitude to the company should be one of being skeptical and cautious.

No I will not acknowledge this. Personally, I like that FB ads are well targeted, that I am able to discover new content, and also the fact that I am able to keep in touch with a number of my friends (who otherwise I wouldn't have) because of it. This is your opinion and you are totally entitled to it.

> No I will not acknowledge this. Personally, I like that FB ads are well targeted

That's cute but as far as I can tell from your comment history, you don't even live in the EU, you don't get to speak for us (I only looked because I didn't want to assume). The laws in the USA must be just to your liking, because for at least the past month, you seem to have been doing nothing but arguing for data collection overreach and against privacy, while simultaneously playing the "what about Google/Twitter/FB/the other one" card.

Well you are advocating for FB to shut the company down! You are the last person to be taken seriously here.

A perfect world according to product50:

A terrorist takes a hostage, and a cop asks the terrorist not to kill the hostage and allows the terrorist to keep causing terror insofar as it doesn't involve killing hostages, and the terrorist doesn't kill the hostage, and the hostage is grateful with the terrorist for not having killed him even when he is kept hostage.

You forgot to mention that the hostage gets a convenient way to plan events for their trouble.

This effort doesn't need to be acknowledged, just like it doesn't need to be acknowledged if you stop for a red light. It's something you should do, nothing more.

I stopped for a red light once. I still brag about it.

What if like, they just respect do not track requests, or something.

> Now you have a way to do exactly that.

How do you know? Did you see the source code? For all I know they can clear it in user-facing UX only but keep it secretly on servers in international waters or wherever and use it batch-wise to compute stuff about you, including sharing it with 3rd parties you wouldn't want to be ever involved with. Those 3rd parties then can use FB Cayman Islands or a similar branch to get dirty data. Do you think all those intelligence and society-engineering think tanks would be happy losing their main source of data and won't try to find a way to continue doing it?


Oh yeah, like if what we learned in the past 6 years about what was going on wasn't sufficient to beat our wildest fears... If something could be done, it is being done by somebody already.

You are conflating the imperfection of a service with malice of the people who build it.

Good luck with that attitude

> FB could've not done this (at least outside Europe) but chose to do it.

Could they, really ? Would it have made a difference ? You can just log in, change your location to a European country and then delete everything.

> As a contrary example, look at Google or Twitter. They also have to follow GDPR guidelines wrt data erasure from 3rd party sites/apps. THey aren't choosing to offer this functionality outside Europe when, at least in the case of Google, they probably more data than Facebook.

Again, change your location and just delete it anyway. Do you expect them to ask for proof of residence ?

Possibly. They’ve asked people for images of their IDs before, supposedly to prove they are not using a pseudonym. I wouldn’t be surprised if they asked you to confirm your location for something drastic and not-desired-by-fb such as account and data deletion.

They will not ask for location like that, because it wouldn't make a difference - EU citizens in a non-EU part of the world still have the rights outlined in the GDPR.

> You can't have it both ways.

I want it neither way. Facebook should delete all data and immediately stop collecting it.

Clarification beforehand: I'm not mad at you, I'm mad at Facebook.

Why the hell do I need to respect Facebook? What respectful thing have they done? You say it as if they have some kind of right to be respected for having to be dragged into following the EU rules on privacy.

Do you remember how much shit they pulled when people tried to use the EU rights we already had before the GDPR? You know the thing where you ask a business for a full report on all the personal data they have on you?

FB was dragging its heels in the sand over that, because ooohh it was too impractical because they had too much fucking data. Well guess what, having way too much data on their user profiles is on them. That is exactly why those laws exist, to deter corporations from collecting ridiculous amounts of data they can't fully inform their users about. Those rules existed already when they started collecting the data and they did it regardless of knowing that they could never comply to the law. Tried to make a big sad show about it when someone called them on it: "look at these gigantic stacks of dead tree paper, are we supposed to mail them to anyone who just requests them?", no you fucks, you should've never let those stacks grow this huge in the first place.

For years, they've knowingly gone way WAY too far in collecting private data from Europeans, and now they're getting burned for that. People, also here on HN, have been pointing out years ago already that existing EU regulations about privacy, let alone these regulations that have been looming on the horizon, when these regulations will be enacted they are going to hurt like hell for FB.

Unlike human rights to life and freedom etc, there's no corporate right to exist as a business.

They could have prepared by taking a good look at themselves, realizing they were collecting way too much data to ever comply to the spirit of the EU regulations, which was pretty damn clearly past any sort of reasonable. But they did nothing to limit the amount of data they were collecting, instead they amped it up! They took that gamble, keep doing what we're doing and hope we'll get away with it. And isn't it crazy how in a functioning regulatory system, when corporations keep sidestepping it, we tend to update the letter of the law to reflect the spirit of it? Sucks for FB, but they already chose the non-respectable route quite a few years ago.

FB did nothing except try to push back when called on it, instead of respectfully listening. Only now, with the GDPR and the fire to their heels, you see them trying all the wrong things. They don't get points for trying any more. They could have, had they tried when the warnings were just warnings. But when the warnings turn law, you're gonna get burned. They should be burning their data centres.

There's no "damned if you do, damned if you don't", there's only a "damned if you keep the data around that prohibits you from following the law".

And now they're forced to play by the rules. Barely. They don't get any respect for that, they get a "well at least you seem to play by the rules NOW" for that. Respect is earned by acting upon that spirit for years, not by grudgingly doing it once.

Even in the linked article, Zuckerberg admits himself, he only learned to listen last week when he was dragged to testify to congress. "Respectfully", that's way too late and FB deserves to go the way of MySpace over that.

There's also some stipulations in the GDPR about having to provide clearly worded language about how they use your data. Except the language I've seen so far is very passive aggressive and emotionally manipulative as hell. It's partially a cultural thing, American customers don't seem to mind being talked down to by businesses (unless you tip them?). And you still have to translate Termsofserviceolese to human language to make any sense of it (even then, I still don't understand all of their wording).

This is on them. They're trying to defend the indefensible. Just asking the users "do you want us to sell your data to advertisers? (click here to read more) YES/NO", nobody needs to read more, and everyone who does, still clicks NO.

They're also supposed to provide clear and easy-to-use controls to control how your private data is used. Except they CAN'T provide these because they've been collecting WAY too much data on you all to EVER be able to provide a clear interface for a single person to manage it. Fact is, the controls are NOT easy to use. They just aren't. Because it's too much channels, data and ways it is sold to whoever. Again this is a hard, near-impossible problem they brought down on themselves. They're not too big to fail.

About the manipulative language I mentioned above; I don't have a FB account myself but I read along with my girlfriends' pop up dialog about "new ways to choose about what data we collect or something", that everybody gets. I simply can't respect any corporation that thinks it can talk down to me like that. The way that piece of garbage was worded was disrespectful as fuck. You know how they tried to guilt-trip her into not disabling face detection?

Repeating, several times, that if she disabled it, it was her fault if blind people couldn't use FB because they wouldn't know about photos she appears in but wasn't tagged in. I gotta give it to Facebook, that is a most creative way to put a positive spin on the word "panopticon".

The other reasoning was threatening her that people would use her photos and likeness to impersonate her if she dared to disable face recognition. Again, repeated multiple times throughout the dialog. Fuck you, Facebook.

I'll respect FB when I hear from my girlfriend that she got a similarly threatening dialog warning her about privacy implications and advising to try to use this Clear History at least once, nagging a few times perhaps. Just to say "we may be passive aggressive emotionally manipulative dicks in our communication, but at least we're respectfully balanced about it". But I don't think regular users are going to get a dialog presenting the existence of this feature at all.

And in the linked article, Zuckerberg warns you that if you clear your "FB history" they will make FB experience worse. They don't have to, but he makes it sounds like they do. The comparison to browser cookies is disgustingly disingenuous: People disable browser cookies mainly because they allow bad actors to do bad things, and have to weigh this against good websites using the same technology for benign purposes. But in this case, there is only ONE actor, Facebook, and it's doing both things. It's not like there's a "bad Facebook" that Zuckerberg can't control (well, unless there is, in which case we definitely should shut the whole thing down).

"But after going through our systems, this is an example of the kind of control we think you should have. It's something privacy advocates have been asking for -- and we will work with them to make sure we get it right."

He does admit it's been asked for in the next sentence.

FB isn’t doing this because people are asking nicely, but because it’s about to become a legal requirement subject to heavy fines if ignored. It’s not like they have a choice here.

Or are you saying the timing is purely coincidental ?

It's something privacy advocates have been asking for, for years, and Facebook have been completely ignoring them. Generally they have responded with the exact opposite of what privacy advocates would wish.

Right. If FB really cared about another thing that privacy advocates asked for for several years, it wouldn't still stick to its harmful "authentic names" policy that affects vulnerable people more. This is just FB doing something because it has to, and is trying to use it to prop up its reputation a bit.

It comes off as someone who thinks they’re above the law.

“We’ll do what we’re told, but only because we want to”

Companies know they’re above the law at this point and are getting more brazen about it.

The GDPR applies to people in the EU. You don't have to be an EU citizen.

I can imagine this spectacularly backfiring... "Facebook tracked all those sites I visited?!?" (What was the joke about porn videos having "Like" buttons?).

I look forward to the even more damage control...

The Guardian coverage (https://www.theguardian.com/technology/2018/may/01/facebook-...) has this quote like a parent explaining to a 5 year old why they shouldn't delete cookies:

> Zuckerberg also cautioned users against clearing cookies in their browser, saying “it can make parts of your experience worse”, and adding, “Your Facebook won’t be as good while it relearns your preferences.”

I wonder why he's so afraid of people clearing his tracking pixels.

> What was the joke about porn videos having "Like" buttons?

"I don't understand why porn websites have a +1 under the videos? Why would I want anyone to know I use Google+?"

Somewhat relevant: A friend took my phone (playfully) and posted this as a status on my profile a while ago. I left it up because I found it funny. Now that it's easier to delete I may actually just do that.

You mean soft delete. I'll eat a sock if FB really deletes all of your history. Another one if they make that the default and you only get the other treatment after opting in.

You try deleting data from a busy Cassandra node. The tombstones, the tombstones!!!

(More than just Cassandra tho, many databases don't actually "delete", at least not immediately. They "mark for deletion", and may or may not _actually ever delete_ anything.)

The later case is different than simply updating the DeletedAt column.

The database not actually deleting is still the application properly deleting it. If the DB eventually carries that out or not is a lesser concern to me, tbh.

The concern here is that facebook doesn't actually tombstone their entries or doesn't even have their DB mark it deleted.

Well, now it'll have to, at least in Europe, GDPR requires that.

I mean, I am sure they will delete one of the copies of your data they have.

I am sure they aren't purging backups of the data.

Actually, to comply with GDPR, they have to (for people affected by GDPR).

Or have a documented retention policy for backups and a procedure to redelete data when those backups are restored.

Not true. You have the right to retain backups and logs etc. as long as they serve their purpose to secure your service for accidental loss of data or other security purposes and they are properly stored and secured.

What if hacker deletes your Facebook account? Under GDPR Facebook has actually obligation to keep your data safe from this scenario. Which means they have to keep logs to investigate what happened and also be able to restore your data.

You should delete backups after certain amount of time and state your policy to users.

Only if you keep them a reasonable time and the backups will gradually be purged.

You can't keep indefinite backups and comply with GDPR.

So if your 5 year old backup, which has no purpose at all, gets stolen, expect a whopping fine for being an idiot. Or your web logs get stolen and it turns out you keep them 2 years, don't expect favourable treatment as that's totally unnecessary data retention.

The backups that you can retain are hard to justify further back than about a year (if you even manage to do that), and if you ever use them you have to make sure the data that was deleted because of a request before is not in there again.

No, GDPR requires you to delete all the data corresponding to a user within 30 days after the said user requests deletion of account. That includes backups and logs.

Why do we even use the word "delete" in this forum? We know that (so far) it is NOT deleting anything. It only means "hide from view". Facebook will not forget and will not forgive. Some 10-hour-question-avoiding in front of a committee (irrespective of importance) will not change FB's business model (aka money-maker) overnight.

That's not the sort of thing you can hide. One disgruntled employee would cost FB 100s millions over-night by just reporting it to someone.

Hm. Interesting. How about a 'leak bounty'? Or would that be problematic in the eyes of the law?

I'd happily put down $50 for whoever spilled the beans on what is really going on at Facebook and other companies in that vein.

The SEC does something like that already:


Nice. Pity they put a lower bound in but I can see why they would do that. Too many small investigations would eat up their time.

We can only hope then..

They'll just delete your user ID field for whatever you posted - so it won't be associated with you any longer, at least on their systems, but they will keep the content for analysis.

That won't work. They also cannot retain data that could be aggregated to identify you as a person. Anonymising by removing an ID is not actually doing that, it's just theater. The GDPR has provisions for that. Bottom line is: if you start fudging things or working around it, you're going to get fined.

If that's true then (1) they're lying and (2) that's not covering it because just a few website visits later they could re-associate your old data with your 'clean' profile because it doesn't take all that many bits to de-anonymize a chunk of data.


He says: " … you'll be able to clear this information from your account. You'll even be able to turn off having this information stored with your account."

"your account".

What do you reckon is the chance of them removing this from their ad targeting data set "account"??? They're just going to give you a tool that shows some of it to you, then hides it from you when you click the [fuck me over more] button (and they'll record _that_ interaction too, and sell you to the "tinfoil" and "headwear" segments.

> What do you reckon is the chance of them removing this from their ad targeting data set "account"???

is there a chance smaller than zero?

Sadly there is no way to issue an FOIA request to a private company. Possibly only route would be, clear data, notice contain tracking, due for disclosure. Probably the best route for moving forward.

I wonder if the GDPR will have sharp enough teeth to force FB to disclose what it's doing with EU citizen's data here?

Unless FB seizes to have offices in the EU and stops having an HQ in the EU and also stops doing monitoring of people in the EU and also stops any regular service for people in the EU, the GDPR has teeth and people in the EU can ask facebook to send them all data they have, then ask them to delete it and revoke any future permission to process their data.

Since the GDPR covers people in the EU that means if you're in the US you can take a vacation to Italy or France or Germany and then pull that stunt on Facebook. (technically)

The classic switcharoo

He is not afraid of it, any statement he gives along the lines of "Clear your cookies" would be politically damning. An overly dramatic headline could be - 'Zuck, head of evil tracking empire that sells your data, tells everyone that they should clear their cookies which implies tracking is bad'.

Political farce aside, he does have a point, cookies are fundamentally tokens of persistence. Persistent cookies let you configure the websites without creating accounts and stay logged in on the websites you do have accounts on. Loosing that is inconvenient which means it will make parts of the experience worse.

Yep. His announcement was reasonable and as expected.

> "Your Facebook won’t be as good while it relearns your preferences"

Believe me, "my Facebook" isn't very good with the feed with five years worth of tracking... At least I can have my crappy feed with more of a peace of mind, that's a net win, right?

There was an IH podcast where the person being interviewed talked about getting the Facebook pixel up on your landing page as soon as possible.

The idea was that you would have access via Facebook to all the potentially interested people that dropped off because your landing page or product were not yet ready for launch.

From Facebook's perspective, this is data that is valuable to potential customers that want to buy ad space.

Yes, retargeting campaigns are typically amongst the most effective. Hitting people with ads after they have visited your website

IH podcast?


Are you kidding ? Imagine the crazy boost to unique views after this!

> I wonder why he's so afraid of people clearing his tracking pixels.

I know, Poe's Law, etc. etc., but I'm truly surprised at the amount of comments missing the dripping sarcasm from this last line of the post. Especially since the adjective "tracking" was used to describe the pixels. I will say that English is my native language though and HN is a diverse group.

>I wonder why he's so afraid of people clearing his tracking pixels

Are you being sarcastic? I can think of several reasons Zuck wouldn't want people clearing their cookies. The primary one being the loss (even though temporary) of data resolution for targeting ads.

Somehow I don't think they would do this without their architecture being based on a pre-existing lower-resolution backup layer to maintain information and support. It's not like the model needs every piece of information coming out of Facebook users - they only need the important stuff and could conceivably delete unnecessary information and not lose anything. Given the massive redundancy coming out of thousands or millions of similar people, the global patterns won't change when some subset of users deletes their information. Even local patterns should be filled in by a fresh influx of data fairly quickly.

The unique views problem is interesting from a marketing perspective though. I doubt it will change much but for larger companies it might require adjustment.

Also interesting that they are allowing a theoretical cap on the information they collect. I imagine they'll be moving more into services to avoid future data privacy issues. That means B2B too, FYI...

Not parent, but this was sarcasm.

I wonder why he's so afraid of people clearing his tracking pixels.

Because that would be the end of a gigantic portion of Facebook ad revenue - which should scare users (if they like Facebook) as well. Without the pixel, Facebook ads will be the joke they were when they were first introduced - hardly effective and a money losing proposition for advertisers. A few big brand advertisers that don’t care about ROI might stick around, but everyone else will leave.

Facebook still has a complete image of the things you like, your social graph, intimate details about your marital status, mobility history, personal messaging and so on.

They can still build profiles orders of magnitude more relevant than, say, Google. The web tracking is just an optimization to get the types of data Google has, too.

Most of their advertisers use the pixel to retarget people. These are by far the most profitable ads for advertisers, and often play a part in a sales funnel in which advertisers may lose money on initial traffic acquisition but make it up and then some through retargeting. Without the pixel, I don't care how many pages as I have "liked," how well they know where I've been, or how many data scientists they hire, they'll never be able to extrapolate that I was considering buying a specific brand of coffee maker at a specific site recently and be able to show me an ad for it.

Retargeting is not just an optimization. For many advertisers, it's the saving grace of the Facebook ads system that produced absurdly poor results before it was introduced. Facebook ads were the brunt of jokes back then, and it will return to that status if too many people use this feature.

Just because we now get the opportunity to tell Facebook to clear the data, doesn't mean we'll get to see it.

Or that they'll tell the whole truth. The data download option that is supposed to contain your personal profile they store doesn't include searches you've made on Facebook, nor Facebook pages that you've visited but didn't like. I know it was being saved because I'm always being suggested friends based on past searches but I didn't see any of those names in the downloaded report.

He's not wrong. If I'm going to be advertised to, I would prefer for it to be targeted.

I hate how Facebook announces that they're going to release a privacy feature before they actually have.

It's like they're trying to trick the press into covering it before anyone can actually test it -- while reducing the actual amount of coverage it gets when it's finally available to real users.

It's frustrating to distracted readers too. I read the headline and logged into FB on the spot, for the first time in years, with the intent to flush all of that data. But no amount of searching allowed me to locate the button.

Spot on. In marketing, it's called "teasing". Definitely generates more hype and makes them look like heroes...

>It's like they're trying to trick the press into covering it before anyone can actually test it

Yep, when big guys like the NSA claimed to delete all data collected without releasing any details, I'm sure at best they drag and drop a few files into Recycle_Bin.

> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.

Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Instead of designing facebook features so that they can enjoyed while preserving privacy, Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.

> Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.

In all seriousness, how is that possible any other way? Take the example he gives about log in. If you want a website to automatically know who you are without logging in, please let me know how that is possible without automatically sending identifying information to the website.

Yes, to offer that functionality it would need a cookie. No, the website doesn't need to correlate that login and all activity related to it to everything else you ever did on the internet to build up a profile about you. It is technically feasible (even easier) to offer the first ("remember me on this one site") without doing the second ("track me across all sites").

Well, technically it's all the same, it's a request to FB servers with an user id and token. Decoupling that relies entirely on Facebook's internal policy. Since they are a public company now, not using that dsta is leaving money on the table.

Technically, at least for EU users, whether they do this or not should now be a switch on the GDPR panel.

Not using that data also makes the ads expierence for people significantly worse.

And I prefer seeing good ads over bad ones

There's not logging in automatically, and then there's using other data they have about you (however limited) to still provide a good experience. The parent comment is clearly talking about the latter (creating experiences that are equally good for privacy minded and open book people) while you're focused on a small feature that isn't really relevant to the bigger picture.

Yea!? How the hell can a website provide easy automatic login without storing your last 10 years of browsing history , every personal covertion you ever had and reselling that information to third parties that use it to track you political affiliations so they can manipulate you during elections!!?!?!! Do these people even know how cookies work? /s

Privacy and usability are not orthogonal, though Facebook will definitely go leaps and bounds beyond themselves to try to convince the public that it is so.

You're conflating the analogy with what the analogy was about. They didn't say that ten years of browser history was needed for automatic login.

Privacy and usability actually are orthogonal, as the cookie and login issue shows. You will see this again and again in almost every service. People can't offer loans without knowing credit history. Games can't do balanced matchmaking systems without learning about your level of skill. A website can't send you emails unless you give them your email. I could go on, but I think you are upset enough with Facebook that you won't get the point.

Sorry to be "that guy", but just responding because I was confused by your post and the parent's post, because you are both using "orthogonal" to mean the opposite of what it actually means. If two things are orthogonal, it means they are independent of each other, i.e. changing one has no effect on the other.

> and you may have to reconfigure things

Too bad Facebook couldn't figure out a way to remember I prefer a chronological news feed even with cookies.

How do you judge how "good" Facebook is, in order to evaluate this? I'm having a hard time thinking people will notice either way.

There probably will be a difference, but I think in actual use, for most people, it will be very small.

I don't know... personally my Facebook experience improved dramatically after I deleted my account in 2013 :)

I can see it having to do with the ordering of timeline events, the ads you see, and the news visible in the top right corner.

Yes, it would make a difference there. My question is in regards to the top-level comment, will people notice the difference?

For example: If my mother "cleared her history", I really doubt she would notice the worse quality of Facebook and regret deleting her data, as the top-level comment implied. So my point is it's not a move to show how effective the algorithms are, but a privacy-conscious one from Facebook.

They'll do what Google does, and impose barely-justified punishments on any users who try to deviate from their preferred flow.

Wouldn't GDPR say that user experience shouldn't be dependent on the consent given by the user?

I think the intent there would be that you can't intentionally degrade unrelated parts of the service. For example, if Facebook disabled your ability to view or upload photos because you wouldn't consent to sharing your location.

It would be unreasonable of anyone to expect to see location-based content if they'd opted out of location sharing.

Surely there are many areas of functionality that depend upon gaining GDPR consent?

Trivial example: I can't email you if you withhold email consent.

Actually, I can. If you’ve given me your email for some business reason, and for me to conduct that business I need to email you, I can email you. Even if you didn’t explicitly give consent.

What I can’t do is email you marketing newsletters the times a week for the next decade, or sell your email address to ‘specially selected trusted partners’.

Do you know which parts of GDPR specify the concrete limits on things like this? Or is it more a “I’ll know it when I see it” kind of fuzzy boundary for what’s allowed? Would be helpful to know!

The GDPR isn't about concrete limits, but concrete permissions. A lot of people have been struggling to make sense of this, because it totally inverts how we currently think about personal data.

The collection, storage and processing of personal data is presumed to be unlawful by default, unless it is for a specific, explicit and legitimate purpose. These core principles are set out in Article 5 and they are well worth reading and reflecting on.


Did the user give you explicit and informed consent for a specific use a specific piece of data? Is your use of data absolutely essential to fulfil your contractual obligations to that user? Are you required by law to collect and store that data? Is your use of data essential to preserve human life? If you can't confidently say yes to at least one of those questions, then you're probably in breach.

"You must balance your interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests."


My, perhaps unfair, impression of GDPR is that it has very little concrete and specific rules, and a whole lot of "you'll know when the court delivers the verdict".

My impression is that GDPR is actually pretty clear, but people involved in PI processing business have a strong cognitive dissonance about it. It's GDPR telling them "don't do that", vs. them thinking "I must do that, so GDPR is unclear on how can I do that".

GDPR is very specific. You must have written policies describing what you do with data, what you do if there’s a breach, how people can find out what data you hold, how people can have their data deleted. And you must have consent to contact someone unsolicited. If you don’t have consent you must have legitimate interest. Legitimate interest includes the words “reasonably expect” but that’s pretty standard for laws.

As you say, the boundaries are fuzzy. The more data (especially sensitive data) that you collect and process, the tighter you need to make your boundaries.

Most of the advice I've received is to focus on documenting what data you hold, and what you're doing with it. Just by doing that, you'll probably improve your processes. If you did have any problems with the ICO, those documents will go a long way to showing that you took GDPR seriously.

well article 6 is as concrete as it gets:


(and maybe article 9) https://gdpr-info.eu/art-9-gdpr/

To be even more precise, you can refer to Article 6, section f) about Legitimate interests.

If you conduct business with an individual, most of time, your legal basis will be the Legitimate interests of both parties, you should only rely on consent for non-necessary part/service (like subscribing to a newsletter, or sharing information for improving the service).

For a good summary of that, I would recommand this ICO document: https://ico.org.uk/media/about-the-ico/consultations/2013551...

You can check whether it not it does if you're interested - it's been published. I can't be bothered to check but I'd be very surprised if they tried to dictate functionality.

I don't know how this could be universally possible. If you don't consent to providing data that is key to enabling features of the experience, how could that experience be provided?

> Your Facebook won't be as good while it relearns your preferences.

This is an excellent feature. I replaced Facebook time with Twitter time a while back and found it even more addicting (because the talent pool is much better and more real-time, and there's an extra sunk-cost fallacy going on with the amount of work required to find good content).

But even more recently, I've been purposefully logging out of Twitter a lot more (and have replaced that with YouTube). Logging back into Twitter now, I see that the "content" there feels less relevant and more boring. This is great for productivity. I just gotta curb the YouTube now - at least with that I can just shunt everything to "Watch Later".

Alright, time to log out of hacker news too.

Sounds a lot like "guys, you should NEVER delete cookies or the world would crumble."

It's exactly what Zuckerberg added as a disclaimer if you were to choose to use their new feature.

I wonder if and how this impacts their ad targeting abilities?

If people use it en-masse, probably negatively, but most likely they're betting few people will use it, just like how few people (almost no one I know) 100% go through with account deletion. The reality is there is no compromise for privacy. They build tools that help you either lose all value from facebook and retain your privacy, or relinquish your privacy to continue using facebook. It's not so much privacy forward tooling as it is a constant reminder they have a gun to your head.

Well, GDPR makes forces them to make the tracking features opt in, so they have to collectively convince EU users to turn on the tracking as opposed to hoping the people won't disable it.

They do this through a few devious practices, such as the spin doctoring discussed here. One other thing that they do is instead of the option being a check box, it is a selection between two radio buttons and you explicitly have to choose one of them. I suppose this is actually a violation of the GDPR, since it should be disabled by default.

You don't lose value from facebook at all by not opting in. "Show ads that are relevant to me," is an arrogant statement. The actual statement is "Track my browsing to show ads that Facebook believes are relevant to me." I don't use Facebook for the targeted ads, I use it to infrequently receive news about people I know spread out across the globe.

Thanks for the reply. Instapainting looks like a great service btw.

What difference does it make? They wouldn't lower their rates and a zillion people are still on FB so advertisers are going to buy the slots regardless. "Ad targeting" is not something that people outside of the niche of advertising economics care about.

Well, I understand that Facebook will try to extract as much value from advertisers as possible as well, testing the price they're willing to pay based on the conversions that advertiser hopefully are tracking accurately.

I more was curious of whether the history cleared with Clear History are primary markers for ad targeting or if other data is used, and in reality if enough users don't clear their data but have similar data fingerprints (the non-Clear History data) then Facebook could still present assumptions to target by for those who do clear their history regularly, e.g. it will be a moot point up until say 40% of people regularly are clearing their history and therefore can no longer accurately enough make those assumptions.

wonder if and how this impacts their ad targeting abilities?

Not at all, the NN that does ad targeting has already been trained on the data. Deleting it will make no difference (assuming you believe they actually will delete it)

How about a way to delete past activity? The fact that there's no option for "delete all my old posts, comments, likes, and photos" is infuriating. I don't need a record of my inane crap from high school on the same platform as work friends.

I took the time to delete everything manually. I thought it was all gone. Then some stuff started to appear. I have no way of knowing whether I pressed delete on this stuff or whether it didn't appear at the time, but the point is that deleting all your stuff by pressing the delete button and viewing a seemingly blank profile does not mean your stuff is actually all gone. Next step - deleting profile entirely.

Oh, here's the fun part: you can only delete what you can see. If you posted something on a user's profile who disabled their account, you can't delete it until they enable their account again.

So even if you delete everything you see, if an old friend who disabled their account re-enables it, there's a fresh batch of content about you.

Is there a way to get them to delete everything? Under GDPR, Europeans certainly can, but then they also lose all of their Facebook friends?

Change your location in your profile to Luxembourg and then avail yourself of the GDPR compliance features?

Are you speculating or does that actually work to enable some controls that are location-based?

Like dleslie said, speculating obviously. However since this is about compliance with EU law, actually location has nothing to do with it. It's about being a EU citizen.

If Facebook refuses to do the deleting thing for an (actual) EU citizen because they claim their location tracking shows they aren't located within the EU, they are going to have a problem.

If, however, the EU citizen selects in their profile that they live in the US, and then FB refuses to delete their data, the courts are probably going to look favourably on them, cause the user explicitly said so.

Since FB most definitely is absolutely, unforgivably, NOT allowed to request or handle the nationality data in EU passports, for purposes of being a EU citizen, they're pretty much going to have to rely that you're whatever nationality you say that you are.

Speculating, the controls are still forthcoming aren't they?

Fun. The posts that reappeared for me were my posts on my wall, so it's not even that complicated.

Did they re-appear after you had remembered deleting them, or were they just not fetched when you looked the first time? I think Cassandra might be to blame where it returned a bunch of wall posts but not all of them when you looked back in history the first time.

This too! I've seen in happen as well in my quest to delete a couple years ago.

The UX is useless by design to make it really hard to bulk delete, the backend is shitty and you can't see your content on friend's walls that disabled their account.

It is bad to the point that you wonder if it is on purpose. My guess is that it is. "Shitty product" as a deterrent to deletion.

Definitely doesn't have to be on purpose.

Try building a scalable database to billions of users on ad revenue and make it retrieve all data from years ago within the time constraints that users want to see newsfeed items in, you'll see ;)

Purposefully prioritising "everything but".

Yeah that's my opinion too.

I must have deleted over 10k things, so there's no chance of remembering whether they were on the list of things I deleted or simply didn't appear.

I mostly used the Activity Log (button at the top of your profile page) to do the deletion. There are filters there so you can see the different types of interactions. Removing them is different, e.g. Delete vs Unlike.

During the process, I did notice things appearing which had previously not appeared, so that definitely does happen. I kept going back to see if there was new stuff to delete. The whole process took me about 3 months.

The plot twist is that this all happened over 6 months ago. My profile has been empty the whole time, until sometime within the past couple of weeks, where posts have started to re-appear.

Last year I ran a script to do just this. It didn't get everything, but I eventually gave up. I recently tried Social Book Post Manager to accomplish the same thing.

While it did a better job, despite my activity feed being clear, I'm still seeing a lot of posts.

The rub is that I can delete posts that show up from 2008, but that same post will show up on refresh.

Looks like I'm moving to Europe for a day in a few months.

I think about this and I wonder if they don't add it because no internal team wants to take the responsibility of adding that feature. Imagine, FB source code is >10 year old code base, could there be a delete cascading effect somewhere? You mention posts, comments, likes and photos, what about game activity? Or notes? I think that's what were called. What is all your past information? Who defines what "all" past information is? What about Farmville game activity?

I'm not defending Facebook machiavellian tactics but knowing that no code base is perfect and also that even FB is understaffed, I will give them the benefit of the doubt.

I think that's one reason people stopped using LiveJournal/Blogger and other platforms back in the early 2000s. I had countless friends delete or restrict those accounts because there was too much up there; too personal. All modern social media platforms encourage constant posting to quickly bury anything embarrassing.

It's a weird change in dynamic when you think about it, because people were too afraid of the "real" so to say. I wrote a post about this years ago. I'm not sure if I entirely still stand behind it, but I'll leave it here anyway:


Delete your Facebook account, wait 30 days (to get out of the 21 day take-backsie period), and create a new account. All content you’ve created will disappear.

The photos your friends uploaded of you from your college days will still be there, but you will be untagged and can turn on tag approvals.

I did this in December 2016…to this day all email addresses that were tied to that account are banned from FB. I recently created a new FB account using a totally virgin email address and FB locked the account once I started friending my "former" network. They do offer to unlock my account(s) if I upload photos of two government documents, which I decline to do.

This sucks for everyone, but I understand why Facebook did that.

A very real threat against users who delete their accounts is that a scammer will re-create the account, and re-friend your former network, in order to defraud your friends. The account uses your name and photos and is under their control.

FB can't tell the difference between you and an impersonator.

Now, how they even have the data to conclude that you're "impersonating" your deleted self is a fascinating question. Shadow profiles? And yet if FB didn't do anything about this, it would be even worse for people who leave Facebook.

> FB can't tell the difference between you and an impersonator.

They should get you to send a picture of your passport on signup to verify that it's you.

The regulations for handling that kind of data are even more stringent in the EU. Which is a good thing btw. I have no compassion for Facebook, they burned themselves over this years ago, the damage has been done, and there's not much more they can do in my eyes.

Yes, sorry. It was a poor attempt at sarcasm.

I've used https://github.com/spieglt/fb-delete to most success (although there is an issue with removing items from the current year, see issues).

Curious if this deleting all old posts is related to everything you published - including publicly - or only private posts?

Likewise, if people were friends/connections on Facebook when you posted something to them, would you care if they were findable by them (they presumably could save a record of everything their friends published privately), and new friends/connections are prevented from seeing that past content?

I agree there's value in separating what people in new chapters of your life see vs. the old chapters in your life where you weren't as evolved or nuanced (potentially known as inane crap). Just trying to get an understanding of nuances if you're willing to share your take.

I don't mind too much if some link from a decade ago is no longer findable by someone I posted it to. That's what email is for. Activity records on a shared platform should be batch purgeable.

So there's a difference still from email vs. posting on Facebook - email which is usually 1-to-1 with explicit intent because you are typing in the email of each person receiving it vs. a Facebook post set as private ("Only to friends"), going to a pre-set group of friends in (unless you select to show it as Public). Do you feel there's a difference if old Facebook posts sent to "Only my friends" should still be readable by that pre-set group of friends vs. having the same ability with email?

I wouldn't be satisfied, and I think that's already available. My Facebook posts are my posts, while emails I send you are yours. In my mind, it's very much like the difference between putting up signs in my yard vs. sending letters.

I get that the legal issues are different, and that there's no requirement that Facebook provide this functionality, but they already provide some limited control via deleting accounts and individual posts, so I dont think it's unreasonable to expect.

I get what you're saying. It's interesting that there's a different mindset since they're relatively the same, perhaps the explicit nature of action of inputting an email address is the important piece. Of course Facebook also has options for "Friends of friends" to be able to view posts, and likewise any of those friends (or people you send an email to) can forward the email or a post - or even make it public in part or whole; that explicit action of taking the effort to define who you're sending it to also likely makes receiving the message/post more valuable to the reader. The ability to CC and BCC in email also has some unwritten rules as to the intent of if you're attached as a recipient of either - ability to dictate to show others "you're the main person I'm sending this to", "see who else I've sent this to", "I want you to see this but the others don't need to know that."

Thanks for responding.

It's a negotiable fuzzy boundary. How would feel if your friends made private copies of posts you shared with them? ("Took a photo of your yard sign").

How would you feel if Facebook provided them a tool to help with that?

How would you feel if Facebook did that automatically as a courtesy to them?

Ok, meh, hostile

This is a pretty difficult problem to solve. Facebook would need to delete your data from production databases, database backups that were made while you had an account, caches and CDNs, etc. But even if they managed to delete the data in every possible place they could find it, a third party might have made copies of your data via Facebook's APIs some time in the past, and they might still have it.

So, even if Facebook offered such a feature, I wouldn't have much faith that it actually worked.

"it's hard lol" is not an acceptable answer from a company worth billions when it involves data kept on their servers.

The problem is Facebook data is on a lot of other companies' servers at this point, and nobody knows who has what data.

I fail to see why determining where it lives is anyone's problem other than Facebook's, and why they should not be held culpable for it.

I'm not making a moral point about blame and culpability here. I'm making the practical point that it's impossible to delete all of the data if nobody knows who has it.

Yeah it's really going to suck for FB (boo hoo), they just can't win. It's years past due. The warnings have been on the horizon and they've only amped up their data collection to the point it's become even more unmanageable than it already was.

I really don't think that's a good excuse

They have to do this anyways when you choose to delete their account. And according to Zuckerberg's testimony, he is very confident that this functionality works very well currently.

It's a fundamentally important problem to solve. If to get rid of my old and no longer wanted public activity record I have to sit for hours upon hours manually deleting stuff, I'm going to be much more judicious in how I post in the future.

Also, it's Facebook. They can figure it out, they just don't want to.

I have my doubts about this feature. In the case of Russian bots, having access to their data is critical.

That’s assuming “delete“ actually removes the data from Facebook‘s servers rather than just hiding it from you and ignoring it for ad targeting.

Like it or not, the right to proper, permanent deletion is enshrined in GDPR.

Stuff can still be deleted, it just has to happen one item at a time (which is stupid and user hostile).

I'm not really sure what people want from Facebook at this point - it's clear that Zuckerberg is genuinely trying to respond to critical feedback, but there's no pleasing anyone apparently.

People want Facebook to stop following people, especially those signed out or without an account to begin with, around the internet in a creepy way. How hard can it be really? Is it too much to ask that some company I don't have business with doesn't spy on my web surfing habits?

The announcement also reads to me as if the "clearing" doesn't even do what people may expect it to do:

> Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account.

This sounds to me as if they still keep the information and just don't associate it with your account anymore.

Their hands were forced by law, which is why they implemented this. The law itself was created because of Facebook Actions (being one of the main reasons).

You are making it sound like he is doing it because of the goodness of his heart, or to please his user. He literally didn't have any choice.

It's reaaaaaaally hard to believe he is genuine when the response looks like this: https://i.imgur.com/PCQOo8N.png

I want them to piss off.

If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

Most people likely don’t remember this, but Facebook ads were a joke among the marketing community when they were first introduced. I’d have to find it, but one study produced before the Facebook pixel was introduced showed that less than 6% of Facebook advertisers had any kind of ROI from their Facebook ad spend. The pixel is one of a handful of things they created that turned this around - all of a sudden, people saw ads for things they were already interested in. If the pixel is effectively gone, much of Facebook’s revenue will go with it.

The recent upheaval over privacy didn’t make me worry about Facebook’s future or the stock price. Revenue was still coming in, and as Eric Schmidt says, “revenue solves all known problems” [1]. But this marks the beginning of Facebook’s end as a cash cow. What does a post-revenue Facebook look like?

I would short the stock - now.

[1] https://twitter.com/ericschmidt/status/507219358246903809?s=...

I respectfully disagree. Very few people will ever clear their history.

The paragraph literally starts with "if"...

And then the author goes on to say "I would short the stock now".

Which is why I used the caveat “if a significant percentage of users” do this. If not then fine, but if they do, I don’t think it’s an exaggeration to say that we can all say goodbye to Facebook. That’s how big of a problem this would cause.

They apparently announced that they’re getting into online dating today. Maybe the plan is to knowingly decimate the ad platform and charge for dating at some point. They’ll have massive layoffs and have to sell datacenters, but could at least keep the lights on for a few remaining employees managing the dating service.

> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

They'll make the "Clear History" feature a multi step process that's tucked away in a configurations pane, miles away from what the common user will seek out and use on a regular basis.

Also, for "technical reasons", using the feature will somehow result in FB Events no longer working properly.

And, like this article does, they'll randomly pop up Zuckerberg's face at you.

> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

I don't think it would have a significant negative impact on Facebook at all. I see the value of ad networks as primarily resulting from two features: Having a large audience (network), and knowing the audience well (targeted ads).

Facebook will still have a large audience if people keep using it, even if they all delete their information, so a large audience is a given.

Knowing an audience has two large pieces, identity (i.e. you're user X) and derived identity data, i.e. people interested in HN are interested in tech. The biggest use of all this data is associating users together. If all my data across all the internet was deleted immediately, I bet Google et. al would be able to uniquely identify me within a few days, they wouldn't know I'm the same person whose data was just deleted, but they'd know a wealth of targeting information about me again, and within a few years I'd bet they'd know me just as well as they do now.

My web usage is pretty routine, and humans in general are pretty routine, so I would expect it to generally hold that, without explicit effort to the contrary, we'd all be pretty easily re-identified (at least as much as advertisers are concerned) after deleting our information, and sure, I won't be searching for that exact search query because now my git-fu has improved, but I'm still going to be doing things that identify me as someone interested in and/or using git.

Facebook is going to keep all the derived data from people, and that data is going to allow them to very easily re-target anyone once they have a good feel for what their interests are. And I can't imagine a more transparent display of interests than activity on a social network, it's almost explicitly interest-bound.

I don't think it would have a significant negative impact on Facebook at all

All I can tell you is that Facebook had a large audience before the pixel, and few advertisers were able to generate ROI from Facebook ads. Now he is suggesting that we will return to this state. Showing irrelevant ads to people based upon basic things - like being one of 150 million people that like Coke’s Facebook page - just flatly doesn’t work.

But you're not stopping pixel. You're going to be tracked again. All you're doing is resetting the clock. How long after pixel was implemented did it take for the value of Facebook ads to skyrocket? A few years? And Facebook gets to keep all that they learned during that time, just not the original data they've derived all that wealth from. It's like losing training data for ML. It's not a big deal when you get 10s if not 100s of millions or more data points every day.

> It will decimate revenue.

So it will remove a tenth of the revenue? (decem = "ten")

Huh? I did spell it correctly.

dec·i·mate /desəˌmāt/ verb

1. kill, destroy, or remove a large percentage or part of. "the project would decimate the fragile wetland wilderness"

The OP is pedentically referring to the original Roman use of the word, which mean to kill/remove a tenth.

Nobody uses the word in that way anymore, but some people want to show how clever they are, so they bring it up.

> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

That's what he meant when he said it will worsen your experience right? :-)

We need browser extension that clears facebook history every 15 minutes.

If that gained widespread use, you wouldn't need it anymore because Facebook wouldn't have enough revenue to keep their servers running.

I would be happy to donate for such an extension after the feature ships!

My understanding is user activity and user data are distinct, and I'd imagine by now Facebook has enough user data that this might not be as huge a concern as when they were getting started.

No. They announced that people can remove themselves from the custom audiences created by the Facebook pixel. No custom audiences, and the effectiveness of Facebook ads drops dramatically along with Facebook ad revenue. The pixel has become standard operating procedure in most marketing plans and conversion funnels. Many companies lose money on initial traffic acquisition but make it back plus a profit through retargeting. That ability would be gone.

What choice did they have? Either do this or be regulated and forced to do this.

Said another way: when you become successful enough, the government becomes a stakeholder in your business.

Looking at the 2008 crisis debacle and “too big too fail”, maybe it wouldn’t be that bad. If your company has an impact on the level of a public utility, maybe it should be regulated like one.

And God knows that Zuckerberg’s lifestyle wouldn’t change much if he was only a “simple” billionaire instead of a multi-billionaire ;)

I imagine regulation is coming. If not specifically for Facebook, then changes in privacy law in the US to edge closer to what the EU enjoys are forthcoming as soon as the US elects a Democratic House.

The US is a capitalist country. It will see how much negative impact the GDPR has on businesses and consumer choice, as websites block EU traffic in droves, and will not make that same mistake.

All developed countries are capitalist.

And I really want to see how many websites block EU traffic :)

Let’s not even go down this road, it has been the source of very long discussions. I’ll just say that nobody in the US wants the liability of EU traffic under GDPR except for very large companies with expensive legal teams.

That follows from "successful enough" meaning impacting a large fraction of society in some way - which is the government's area of competence. So they definitely will be interested in your impact, and whether or not your market-driven priorities are at odds with well-being of society.

Money quote: "Your Facebook won't be as good while it relearns your preferences."

I bet that depends on how you define "good".

Likely, you will see a bunch of random ads instead of targeted ones of things that might actually be interesting to you. Whether or not that's better is up to the user.

I'm assuming I will see a lot more posts from old high school friends who I don't really interact with anymore. It would be a fun experiment to try though.

the two systems are probably unrelated.

muddling newsfeed and ad targeting would make both systems unnecessarily complicated.

I had the realization a while back that certain advertisers were flooding my Newsfeed with Sponsored posts every time I interacted with them in some way -- on or off Facebook. So I started regularly clearing out the Interests and Advertisers sections of Ad Preferences and now my Newsfeed is almost entirely devoid of Sponsored posts.

The experience using Facebook without them exploiting knowledge of my "preferences" is substantially better.

Granted, I'm running ad blockers, so most of the low-value advertising on FB was already blocked.

Indeed. I've discovered it can make major mistakes on who's "important" to me - I'd thought they'd stopped Facebooking, but it turned out their algorithm had for some reason deemed them not to be a "close" friend and de-emphasized them from my feed.

He meant 'my Facebook won't be as profitable'.

I agree this probably won't make Facebook as good. I relate this to the time before spam filters were good and 50% of my email was penis enlargement pills and money wire fraud. You dump all this data and we go back to a time where I'm not known, and Facebook shows me my active "friends" and it's just my aunt sharing her latest Bejeweled score.

I'm all for better control of my data, but there needs to be some balance so the ads I see are still relevant and not acai berries super juices and Hot Local Singles In My Area.

Why do you want to see ads?

Because I want Facebook to be free... just like I want Google to be free and Gmail and Google Maps and my news site and my sports site and my fantasy sports app and...and...and...and...

I understand that an ad model is what allows me to do many things I do on the internet without cost. Now, if I have to choose between an ad model that shows me "Dewalt Tools 25% off" (Something I am interested in) or "Gluten Free Bread" (something I'm not interested in), I will select the former.

Advertising is a race to the bottom. As long as GDPR affects everyone more-less equally, it'll only reduce the current depth of advertising hole. That is, non-targeted ads might become more profitable again.

It won't have that "tailored experience".

People can pin this on Facebook all day, but that's the same bullshit every user-productizing company spews. That the best experience is the one they design, which necessarily includes tracking, ads, and half of the dark patterns in the book.

Some days, I secretly wonder if my experience would indeed be better, because I've been blocking ads and tracking shit for the 20 years I've been online. Because frankly, I wouldn't know, maybe this world of constantly being targeted with advertising is really cool. They keep telling me I'm missing out, you know?

It's a veiled threat, just like when they told you that if you disable facial recognition you're worsening the experience of blind users, and that nefarious people will take your photos and impersonate you.

I read that sentence as you can try to get rid of us, but we'll be back!

They probably intentionally selected things to delete to cripple the experience. It's a way of forcing people bad-mouthing facebook to put their money where their mouth is. If critics don't use this feature, they can put the blame solely on them.

> If critics don't use this feature, they can put the blame solely on them.

Once this rolls out, I'm going to be posting instructions to my feed. One of the only reasons I still keep Facebook around is to publicize articles critical of social media and stuff like this.

Why is this downvoted? The article itself is a demonstration that they really do this.

Case in point: If you're not logged in to the FB tracking network, after 5 seconds of reading, you get surprised by this "funny" jump scare: https://i.imgur.com/PCQOo8N.png

That is deliberately worsening the experience. If you click the close-button (helpfully labelled "Not now"), it is replaced with a sticky footer that takes 33% of your screen (depending on your window size and zoom setting).

The sentence should be rendered as: "Your Facebook won't be as good [for us] while it relearns your preferences."

> One thing I learned from my experience testifying in Congress is that I didn't have clear enough answers to some of the questions about data.

Mark, I can't believe this. Some of the questions you were asked were 'yes or no' questions and you couldn't even do that.

While, yes, some of the answers (not the 'yes or no' ones) could have been clearer, there were some questions you just didn't answer at all.

Mark is suffering from a pretty classic engineer's problem. Somebody asks what they think is a simple yes or no question, but they either don't understand the complexities of the question, or won't be able to properly understand the implications of the yes or no.

For instance: are whales fish? That's a simple yes or no question, right? http://inference-review.com/article/on-being-a-fish

I felt the same. I've never been a fan of his but I have to say, after watching bits and pieces of the testimony, I felt sympathetic for his position. Senators pushing for yes/no answers to questions where there are many many variables and different situations to consider.

Pretty much any question on the topic is too complex for a simple yes/no. And it's abundantly clear to me that 99% of the general public just do not understand that at all. Most people (senators included) were just looking for him to say something damning which they can endlessly bring up in the future.

I don't believe Mark got into this position out of malice. Facebook just grew naturally over time and turned into the beast it is today. How many times have you been building an app and thought "If only I knew <x> about my users I could provide <really cool feature>"?. Each one of these little steps encroaching on user privacy is small and hard to notice for the users and even for the engineers. But over time they add up and at some point there is an "oh shit" moment where you realise what you have.

Yes, some of us have been warning about this for _over a decade_. But the benefits clearly outweighed the costs in the eyes of the users. Only now are the general public starting to realise what the actual costs are.

> For instance: are whales fish? That's a simple yes or no question, right?

You make a good point. While Mark was presented with a similar situation, the answer to the question, "Are whales fish?" could be, "That isn't a 'yes-or-no' question because [reason]," as opposed to, "I'll have my team follow up with you after my congressional hearing."

The latter is safer. I guess it's kind of the same thing as "don't talk to the police" meme in US - everything you say can, and will, be used against you. So correcting malformed/misinformed questions is dangerous, because you may trip up when explaining - or say something that will be misinterpreted.

> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.

That's not a bug, it's a feature! I've had my browser set up to nuke everything on shutdown as far as I can remember. Yes you have to log back for sites you want to interact non-anonymously but I consider it the sane default.

Tracking and privacy aside, you'll likely save some money too as not being logged into shopping sites raises the barrier to ordering pointless crap.

> I've had my browser set up to nuke everything on shutdown as far as I can remember.

I have this and only log into GMail in a private window (I would do the same for FB if I used it). It's a bit of a hassle, especially since I've enabled 2FA, but it's become a habit and not that much of a hassle (I leave the private window open).

I use entirely separate browsers for that. Gmail logged into my primary account gets its own dedicated browser. Nothing else ever gets opened in that browser and it's never used for "regular" browsing.

It's a failsafe against bugs in the private browser implementation and provides a further separation of authenticated vs anonymous.

For me there is a not a technical fix for the problem. The fact that my feed fills up with ads for something I Googled immediately prior to alt+tabbing to FB is creepy and annoying, but it's not the real problem. The real problem is that I know they have the data (and they still will after I "clear" it) and it can be used for a lot more than advertising. I don't trust them. That's the problem.

That would be illegal (in the EU, at least). Why would a successful business risk that?

It would, they already did, pure audacity, and they're getting burned for it.

Meanwhile, a loud minority (mostly from outside the EU) complains "why don't you respect their best efforts?" -- because it's too little, too late, this law has been on the horizon for years, but instead of preparing they've been increasing their data harvesting efforts, only making it harder for themselves to actually comply when it finally passed.

When has success ever stopped business breaking the law?

Well, you've described a problem for which this isn't a technical fix, but for which there is a technical fix: a decentralized open source social network on which you retain complete control over which of your data ever enters its ecosystem.

And it will come. It will take years, but it will come.

Absolutely. A distributed system where each user controls their data is theoretically an architectural fix. But not one that is an option for FB since owning my data is the core of their business model.

Fortunately "existing as a for-profit corporation" is not a fundamental right to FB.

Yep, that's how I see it too. It's becoming increasingly obvious.

And then Facebook will buy it and change it.

Great feature, but not major in the big picture.

This (or any other Facebook feature/change) wouldn’t be such a big deal if Facebook weren’t a monopoly which actively takes steps to remain one. Namely,

- being a closed platform with no easy way to migrate your data to another platform

- buying out the competition

As long as the above is true I consider Facebook as acting against its users’ interests, regardless of any specific feature.

If this is GDPR related then it's to do with privacy, not competition. Suppose you did download a bunch of liked pages, friends comments. What would you do with them? Learn python and import it into, I don't know, Twitter or something? Most people aren't actively looking for a way to do exactly whatever it is on Facebook.com using a different URL.

> If this is GDPR related then it's to do with privacy, not competition.

Yeah but they're very obviously refraining from outright stating "we only do this because GDPR forces us to".

> What would you do with them?

Federate it in a privacy-respecting way among different services, obviously.

And you won't need to learn python, because cool tools to do cool stuff with your facebook data will be popular enough to download as apps.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact