Hacker News new | past | comments | ask | show | jobs | submit login
Facebook has asked U.S. banks to share financial information about customers (wsj.com)
597 points by tysone 9 months ago | hide | past | web | favorite | 213 comments

Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties.

“We don’t use purchase data from banks or credit card companies for ads,” said spokeswoman Elisabeth Diana. “We also don’t have special relationships, partnerships, or contracts with banks or credit-card companies to use their customers’ purchase data for ads.”

How do journalists expect me to interpret this? The first sentence says Facebook made a promise, and the second paragraph reads like a supporting quote. The quote doesn't make the promise claimed in the first paragraph. Should I assume that a Facebook representative made the promise, but the actual quote got cut. Or should I assume that three different authors can't critically read a sentence to tell that the quote only makes statements about current practices? Why do we accept articles from major outlets without publishing the full text of the interview with Facebook?

"We're not doing X for purpose Y!" (translation: "We're doing X not for purpose Y, we do X for other purposes. Luckily, nobody thought to ask us about those, and we certainly won't mention those purposes ourselves, heh, heh, heh.")

Technically, telling the truth, in a weasely way.

Freedom of the press as commonly understood in the US is a misnomer. Today we are most limited by access-based journalism. Journalist careers generally depend more on access than anything else. As such, their subjects have tremendous power if wielded smartly. PR departments are tasked with wielding this most efficiently.

By being vague in the pretense of that power-wielding landed this subject the benefit of the journalist doing the last mile dirty work of being specific. The hope is that this will buy her another interview, and another interview, and so on. They (the journalist) may have another plan in mind, but their power to execute it is limited by their professional mobility and utility to the subject.

>"Freedom of the press as commonly understood in the US is a misnomer.

No "freedom of the press" in the US is commonly understood to mean that the press is free to publish any opinions they wish without being subject government censorship. It is codified in the First Amendment with:

"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press"

"Freedom of the press" has absolutely zero to do with freedom of access to subjects the press might be reporting on. And it certainly has nothing to do with PR flaks at powerful companies. These are not even a common misconceptions either. So no "Freedom of the press" is not a "misnomer" at all.

That's almost as useless as the FB statement.

"The freedom of the press is currently not being limited, directly, by laws, made by the government"

Just makes it sound like powerful corporations are beyond reproach, no matter how influential.

I think my elaboration would have been sufficient for you to realize there is no disagreement here.

My point is just that a free press, as commonly understood and as in the constitution, is not free. Americans are quick to get upset when legal regulations are placed on press freedoms but slow to recognize the less obvious.

I’m not interested in discussing any further. You appear to just be looking for a disagreement. Good luck.

>"My point is just that a free press, as commonly understood and as in the constitution,"

And your point is patently untrue. Freedom of the Press is not "commonly understood" in that incorrect way in the US.

Honestly it sounded like you yourself didn't understand the meaning of the phrase "Freedom of the Press." You even called it a "misnomer." Accusing people of "looking for a disagreement" simply because they corrected you seems kind of lame and uncalled for.

the OP's post, and your post are not mutually exclusive. I think you both point out inherent flaws in the term "freedom of press" as it is currently understood in society. His point is that they are incentivied not burn bridges with large corps, and your point is they can say whatever the f* they want with zero governmental oversight.

Journalists need to be asking what these companies are using X for, rather than specifics.

It's very easy to get around those questions. Facebook is great at it. There is usually a customer-friendly reason, which is the one they answer with publicly. For example, "we collect your information to serve you content that you like". But the real reason is, "We collect your information, because your information can be sold in many ways, indirectly and directly, to make us money".

Both are arguably true. But for a publicly traded company, the "Why" must always come back to the bottom line. The ultimate goal is to build value for shareholders. Any answer that doesn't include some reference to the bottom line is utter BS.

It makes perfect sense with the little bit of contextual knowledge that credit card companies sell your purchase data to whoever for whatever reason today, and I'm pretty sure Google uses buys and uses this info.

So - the first sentence refers to the potential program in question i.e. FB doing some kind of financial integration. The second part I think is FB's 'furthermore' in reference to the fact they don't seem to buy data from VISA to integrate into ads. Since the later is a rather common thing, I guess they felt the need to clarify.

It's funny that everyone is up in arms about FB using FB data to make ads ... when VISA, MC and AMEX basically sell all transactional data to pretty much anyone for any purpose. And this has been going on for some time and there doesn't seem to be a big fuss over it.

Personally I think the sale by Visa of all your transactions is a much worse violation of privacy because it's financial info, there's no overt 'opt in' for this, and it's sold and used willy nilly for whatever.

But to your point I don't think that too many people are aware that Visa is selling data so the context required for the later comment may not be obvious.

> It makes perfect sense with the little bit of contextual knowledge that credit card companies sell your purchase data to whoever for whatever reason today, and I'm pretty sure Google uses buys and uses this info.

Any way to opt out of this?

Start a Twitter campaign and get CNN to act against their best interests by taking on an important story that risks upsetting some of their major advertisers.

Without an 'event' like Cambridge Analytica and without some kind of underlying momentum (ie FB appearing in front of Senators) it's probably difficult for the story to catch fire. Then you have to get the press to ignore their business folks who will want to never talk smack of some of their revenue sources ...

But with Visa we can opt-out by using monero instead, what are we supposed to do with facebook?

.. not use Facebook? It's really not necessary.

But if Facebook is building shadow profiles out of your data sourced through means outside control (can you not use banks?!) what's your recourse?

Notice the direct quote says "don't", not "wouldn't". Obviously they "don't" at the moment, because they're probably building it right now. Doesn't mean they "wouldn't" in the future.

We do not "wittingly" use the data for targeted ads.

And furthermore, “don’t” can be as of this second, but we are knowingly launching something next week that will.

I think it means they are open to doing it, and will be happy to do it in the future as long as they don’t get caught.

Update from Facebook that sounds more reasonable. Seems like the journalists kinda bungled this one.

"Facebook says it doesn’t plan to build a system to let US customers review their checking accounts; the company also claims it’s not seeking access to credit card usage data; Facebook suggests it’s interested in offering transaction alert tools and other services via Messenger; the firm already provides similar features in many other countries"


As a side effect, of course we will have a profile of your purchase patterns to correlate with your social behavior.

Don't worry, what could go wrong?

I would be surprised if signing up for those alerts didn't also constitute an "opt-in" for advertising sales based on your purchase information.

Last I heard Facebook was working with First Data for ad-targeting insights based on purchase behavior. That partnership is what enables their advanced targeting based on in-store purchasing data (look at the CPG targeting categories available in Facebook ads, for example). While First Data is not technically a bank or credit card company that's a very misleading and disingenuous statement for Facebook to make.

In this day of easy information sharing source transparency sounds like a great tool for democracy.

I am more inclined to believe that marketing spin, lawyer-approved press releases, and asymmetry of resources for vetting (reporter)/preparing (Facebook) lead to spun views for normal reasons; not to speak of other pressures and less friendly corruption that might occur.

It appears that it would be opt-in, and even then, the data would not be used for ad targeting. One of the suggested ideas is that you’d be able to see your account balance and receive fraud alerts from your bank within Messenger. I would actually love a chatbot that would let me clear a debit card fraud alert, rather than having my card shutdown and being forced to call in when my usage goes up (usually when traveling).

The fears here seem to be somewhat overblown and misrepresented by the article - certainly by its headline.

My fraud alerts come via email. A simple click to approve or denyz No way in hell would I want Messenger to be sending me stuff from my bank.

Simple solution: don’t opt-in. But I wouldn’t mind it being an option.

To be charitable: colloquially, "we do not" can mean "it is against our principles or practice to do so." E.g. "we do not put our customers' safety at risk" implies "and we will continue to do so in the future," not "but that may change at any time."

Right, but the second sentence says they don't have special agreements with the banks. But the whole article is about how they are requesting new agreements with banks that have been turned down by the banks for vague "privacy" related reasons. It is not colloquial to say "we don't have agreements" when you are referring to a future agreement that hasn't been signed yet. You would definitely say that as "we are not discussing agreements for ad purposes."

This is so over-the-top that I really don't know what to think, except WTF? But banks already monetize customer data, so I suppose that it's not unprecedented.

Still, what can Facebook be thinking? Given all the controversy over Cambridge Analytica etc, you'd think that they'd be pushing some privacy PR. But no, they're digging deeper. What is up with that?

They might be perfectly happy to be the dominant player in a regulated industry.

Who is going to stop them? Twenty furrowed brows in a congressional hearing? Of course not, and facebook knows this.

Governments have been known to shut down criminal enterprises. But maybe too many have been paid off. Time will tell.

Also, at some point, you'd think that people would just stop using it. Again, time will tell.

> The social media giant has asked large U.S. banks to share detailed financial information about their customers, including card transactions and checking account balances, as part of an effort to offer new services to users.

s/offer new services to users/increase revenue per user/

Once you've reached the levels of market saturation that Facebook has the only way to grow is value per-user, specifically in 1st world countries where there's actual value to be had.

> One large U.S. bank pulled away from talks due to privacy concerns, some of the people said.

Good for them. I wish I knew which one.

> Banks face pressure to build relationships with big online platforms, which reach billions of users and drive a growing share of commerce. They also are trying to reach more users digitally. Many struggle to gain traction in mobile payments.

That's an industry problem, not an individual bank problem. Also, credit cards are already very convenient and near universally accepted. It's hard to compete with that. Only the uninformed would use a different payment technologies with less convenience and weaker chargeback/fraud guarantees.

> Bank executives are worried about the breadth of information being sought, even if it means not being available on certain platforms that their customers use. It is unclear whether bank customers would need to opt-in to the proposed Facebook services or what other privacy protections might be offered.

It's unclear to me what segment of bank customers would knowingly agree to anything remotely close to this.

> Once you've reached the levels of market saturation that Facebook has the only way to grow is value per-user, specifically in 1st world countries where there's actual value to be had.

I remember a few years ago some hedge fund friends pitching Facebook as a digital age "value investment" because of its competitive moat and compounding returns. Idea being the more users you get the more revenue you get, and these benefits compound.

The issue with that is, as you mention, they already have most of the users they'd plan to get. To continue to grow, they need to better monetize users by 1) more ads per user or 2) higher price per ad

Seems like they tried 1) the last few years and it failed. Now maybe they are trying 2), but the best way to get higher price ads is through better targeting, which will require deeper privacy intrusions

#3 Drain all value around you. Increase price of same data / data-supported services you've been selling third parties, as they have no alternate seller to choose.

I suspect this is why Facebook is so insistent on the "free" price point. Less from a revenue perspective than to make it impossible to stay in business long enough to compete with them.

> Also, credit cards are already very convenient and near universally accepted. It's hard to compete with that.

Oh, come on. Maybe it's a US thing, but credit card is the last but one (just before a manual transfer) payment method I use (in Europe, Poland most of the time). It requires providing full credentials to every merchant you transact with on-line. It requires taking out your wallet and typing all this data in. Or taking out your wallet and taking photos of both sides in some modern apps, then checking for correctness. I actually use PayPal as my card payment gate to minimize the number of parties that see my complete set of payment authorization data. Credit cards are moderately convenient when used off-line and completely unadapted to being used on-line.

Credit cards have section 75 protection, PayPal does not. It’s certainly convenient to use, but comparatively unwise.

Edit: except for small transactions when 75 doesn’t apply. Also I don’t know if it’s in Poland too, but I’d guess so.

I interpreted the post to mean Paypal is the poster's preferred choice for using as a credit card processing gateway. Merchants can sign up with Paypal to handle all card transactions, and buyers don't need a Paypal account to use it. From the buyer's perspective, this is just an ordinary credit card transaction, it just shows up as being directed through Paypal as a middleman. The convenience is when buyers do have a Paypal account, then they no longer have to re-enter CC# details even on sites they've never purchased from as long as they support Paypal-processed credit-card payments.

FWIW I take the same option, because it does feel nice to buy from a website without typing credit card information into some ad-hoc javascript form they came up with.

Note that this is not the same thing as making a payment from a Paypal account.

Just out of curiosity what do you use to capitalises your PayPal account? For me it’s linked directly to my credit card so it’s basically a shell of convenience above that. What do you use when a vendor doesn’t support PayPal? I still encounter these regulalarly

PayPal (linked to my credit card as well) is #2 for me. Most of the time I use instant transfer services (there are quite a lot of them in Poland, integrated with most banks in the region). My favourite one is Blik (founded mainly by the biggest Polish bank PKO BP, but also supported by most of the others): you start a session, generate a one-time 6-digit code in your bank's mobile application, enter that on the payment site, confirm transfer information on your phone and it's done. I also use it to withdraw cash from ATMs and on some occasions have used it to help my friends pay in emergency situations (they've just called me, I've given them a code, they've entered that, I've confirmed et voila).

That sounds pretty cool

One of the banks here, mBank (leader of online banking as it advertises itself for years) rolled in its usual countless cycle of TOS, table of fees changes an entry saying that starting from month Y on day X all ATM withdrawals below 100PLN (approx. 23€, 27USD) will be charged with 1,30PLN fee unless operation is done with mobile application and Blik system. Prior to that, it was just an alternative for fee-less card withdrawals (well, you had to pay 5PLN for access to ATMs outside mBank network). Other banks got similar rules.

So technically speaking it is cool idea but some of us are forced to use it and if you don't, you're risking withdrawing all money really fast from your account (e-payment may be not available in small cities or in the countryside) or face risk of being eaten by fees. Cashlessness is popular in Poland but it's always good to have real money with you because you never know what may happen.

> ill be charged with 1,30PLN fee unless operation is done with mobile application and Blik system

Over on the Western fringes here, we had a similar push behind "contactless" payments. We also have Apple and Android pay, but nothing as slick as this.

I hope you didn't get me wrong: 1,30PLN is just for ATM withdrawals below 100PLN. You can still pay for stuff with card free of charge (all 3 ways - magnetic stripe, chip or contactless; tho, I won't be surprised if they will start charging fees for card operations in the future).

Apple Pay works here since June 19th, Android Pay since 2016 but since Blik was first (2015) it gained naturally more popularity. We'll see how it withstand Apple Pay as competition

Transaction fees for all payment types except contactless.

My order is:

• iDeal (convenient Dutch banks' system)

• PayPal linked to bank account

• I've usually paid at this point

• cryptocurrency

• credit card because it's such a pain in the ass

Why is a credit card a pain in the ass you just type in your pin or use contactless and in many paces credit cards have greater protection than cash or debit card.

Why trust PayPal which has nugatory regulation and is prone to freezing account's on a whim

For websites that support it, Apple Pay is faster and safer than all of that.

Cryptocurrency? Ah come on you’re just being facetious now

Why? I’ve paid for computer equipment and plane tickets using cryptocurrency several times. Just scan a QR code and press send.

Man I’ve literally never encountered this

I’ve also encountered friends at lunch using mobile crypto wallets to split the bill. “Can I just send you some dai?”

I can tell you that if you tried that out my way you’d just a quizzical look (-:

Kinda like when someone from the U.S. mentions Venmo to a European. :)

I'm a European.


It's one of the dozens of proprietary corporate mobile payment systems that only work in specific nationalities and only in conjunction with bank accounts...


I guess that’s the kind of thing that PSD2 will enamel on a pan European scale

"including card transactions and checking account balances,"

It's hard to imagine how anyone could even consider this being OK without the user being asked and being able to revoke permission anytime.

> Good for them. I wish I knew which one.

Don't ask me how I know, don't believe me, but its Wells Fargo.

> It's unclear to me what segment of bank customers would knowingly agree to anything remotely close to this.

Customers would not agree much, correct. However since credit cards are not your money, you are limited in the ways to tell the bank how and what to share or not to share with other players on the market, since its bank's money you operated with, and bank's goal is to make as much money off of lending it to you as possible. (of course I don't like; jsut so you know before you downvote)

This is in fact even right in your face. Any new card (or renewal you got in mail) has a few pages attached to it, called something like "what do we do with your information and how can you stop us", where it clearly draws a matrix table with YES/NO of what information they share, with whom, and in which example you can change their default behavior (hint: not always)

Your unsourced assertion does makes sense. WF isn't well positioned to survive any further SNAFUs — technical ones in particular. Plus I don't think of them as being primarily focused on their CC business in a way Chase, Citi or Amex are. More a complement of their retail banking and mortgage businesses.

>Don't ask me how I know, don't believe me, but its Wells Fargo.

I'd be surprised if it wasn't. Wells Fargo is still asking for forgiveness in their Jon Hamm narrated Earning Back Your Trust[0] commercial. It would be incredibly stupid of them to engage in another scheme to take advantage of their customers at this time.


Funny enough I had no idea that Wells Fargo was mixed up in any scandal before I saw these ads. Even then I didn't know what scandal was about, and finally this comment prompted me to look it up. :)

US media has more important issues to cover than major banking scandals.

Huh? The Wells Fargo stuff was all over the news.

"Don't ask me how I know" often means that the speaker is an insider who must remain anonymous.

> However since credit cards are not your money,

How would this translate to debit card transactions? That is my money. I'll tell the bank exactly what do with my money including give it all back to me, right now, so I can put it somewhere else. I have been on the fence about doing this anyways in favor of a credit union, but laziness always wins. This would be the absolute last straw for me if my bank shared anything with any social platform.

It was Chase, not Wells Fargo. Also, Amazon and Google are apparently seeking similar information. https://www.wsj.com/articles/facebook-to-banks-give-us-your-...

Don't ask me how I know, don't believe me, but its Wells Fargo.

I'm asking anyway because a statement like this absolutely demands more than what you're offering for anyone to take a statement like this, in this context remotely serious.

Not even an article or something published from WF to support the claim, that the rest of us may benefit from?

> s/offer new services to users/increase revenue per user/

Well, in theory, offering "more aligned" (eyeroll) products to users is technically 'new services', but ugh.

> as part of an effort to offer new services to users.

Sorry. The "users" are not you. They are advertisers.

This article has many, many problems, and misrepresents what's actually being proposed. No data is shared in either way without clear consumer opt in. No bank is randomly giving data to Facebook. Facebook is not buying data from the banks.

The totally misconstrued experience the article appears to be about is primarily for messenger chatbot approaches that are already in use for paypal and a few banks (BMO, Wells Fargo to name two) across the world. The user has to volunteer to start the chatbot in FB messenger, then go through a myriad of permission screens (including an oAuth) to give permission to the chatbot to see some transactions and answer a few other basic account questions ("How much do I spend on groceries?" "When is my payment due?"). Privacy policies for existing chatbots describe all data usage. Users can easily revoke their permissions and remove the chatbot.

This is the same level of data you've given to various PFM apps like Clarity or Mint. And if you haven't, cool, you won't want to do this with Facebook either, no problem. It's with clear and conspicuous permissions. Facebook has publicly and clearly said that they won't use the data to target ads, and they would be sued by everyone if they turned out to have lied about something as important as credit card or bank data. Not to say they won't get caught a year from now abusing the data, nor can anyone say that banks won't abuse any data they get from FB... but if you believe this, don't use the chatbot and they won't see your bank data nor let the bank see your FB data.

Facebook has done and facilitated some dreadful things, but letting folks access their banking data with permission via chat is the US catching up to what WeChat already has: millions of people accessing their banking via chat.

If thats the case then the article is very wrong. Its like saying telco providers ask banks for banking data when you receive SMS notifications of transactions or use SMS banking.

However the devil is in the details - and there are a few tricky details here:

- Why would FB be talking to banks about a chat bot integration? Surely the banks can just integrate to FB messenger for business like every other provider. This is pretty standard fare for e-banking as you mention, its been around for years.

- Why is it valuable to them? Their share price climbed. If its a straight out chatbot integration then FB cant benefit much - You cant leverage that. Its not an interface into the bank that facebook itself can use to build services on top of and the users data will be covered by banking privacy regulations. At most it increases user retention a little.

- Then there is the usual tricky language. “We don’t use purchase data from banks or credit card companies for ads” => Then why am I able to target "online shoppers" as a category in an ad campaign?

Overall I think your right though. Even if they are looking at deeper banking connections its all standard with other wallets/platforms like alipay/wechat etc. These platforms are light-years ahead of FB in that respect. They will struggle to catch up in no large part due to the lack of trust after all the privacy issues.

The problem with Facebook chat access to banking is Facebook. I don’t want Facebook to become just like WeChat where you pretty much have to have WeChat to engage in many forms of commerce in China. I want less Facebook pervasivness — not more of it. iMessage for Businesses is far better from a privacy standpoint as well as usability. Facebook apps on iPhone are notorious battery hogs not to mention have a history of very sketchy practices. Facebook lost my trust long ago. The only way I’d use Facebook again is if Tim Cook ran it. In the meantime, I can simply open the Chase app and see my balance in literally one-tap (assuming FaceID is turned on.) Much faster than typing a Messenger message. I don’t want Facebook having access to my bank balances either.

That's fine, you don't have to use the feature.

The point is that the issue is being misrepresented, not how popular or not FB is.

If you don't trust them, don't use it.

Also Tim Cook is doing the same thing FB ever did, it's just that Apple has the advantage of making $$$ by selling hardware, not personal information. They are in the enviable position of not primarily selling ads.

that may be true now but I think its fair to say that the fear is it will lead to banking data being sucked into the FB ecosystem followed by any number of scary scenarios.

if your argument is 'oh you dont have to use it', that doesn't works either because they can offer you a slight service/rate discount depending upon the desperateness of you situation. remember FB already has access to a lot of your data through FB/whatsapp/insta & pretty pervasive tracking everywhere. they are rapidly achieving monopoly status in many communication forms so some panic is warranted when they go after your banking or healthcare data.

let me paint a picture not too implausible for you. you walk into a hospital, as it stands today there is no way you can find out the costs of services you are gonna consume without having to go through the complicated dance of billing/negotiation/copays etc. Now say there is a tie-up between FB/Banks/Insurance companies (and hospitals because why the heck not). they can track you, find exactly how much money you have & what your cash flow looks like. you have to be incredibly naive to think they will not use this information to create some kind of 'adaptive pricing' to squeeze every last penny out of you before they let you go. now let take this a step further, how about FB turning into a kind of payday lender for your unpaid hospital bills? All you need is one in-elastically priced service to monetize the shit out of that.

this is just one example that took me 2 minutes to think, it can get WAY worse!

the bigger issue that (IMO) bothers people deeply but they are often dont articulate is tech used to be about building bridges but now tech is basically trying to turn everything into a toll-booth.

"ou have to be incredibly naive to think they will not use this information to create some kind of 'adaptive pricing' to squeeze every last penny out of you before they let you go."

No, you have to be highly conspiratorial to wrap up hospitals, Facebook, the banking system all working together to concoct an illegal, real-time price discrimination scenario.

What you described is not plausible, moreover, if you don't want your finances integrated into your social feed ... then don't integrate. I'll imagine that most won't.

"No, you have to be highly conspiratorial to wrap up hospitals, Facebook, the banking system all working together to concoct an illegal, real-time price discrimination scenario."

If you go read the comments on the original WSJ story you'll notice a pattern, not a single comment echoing your sentiments, in fact, most of them fear almost exactly what I described. so basically the whole world has become conspiratorial.

Given the casualness of your response to something so serious, it makes me think you are a Fb shill or somebody who has invested a lot in FB stock. BTW since the announcement FB stock is up 5pc+, that makes me think market is pricing in such predatory scenarios.

Yes, populism is like that - people are conspiratorial and easy to rile up by the press who are always looking to spook us a little bit.

To the point wherein if someone doesn't buy into their conspiracy, they immediately call others 'naive' and then claim they must be 'paid secret plants' by said organization.

The scenario you described is not going to happen, and analysts are not remotely 'pricing it in'. They're not even thinking about that.

They are however thinking that if FB gets into 'current account banking' for folks ... then that could be a very popular thing.

You may be surprised to find that most product managers and analysts are surprisingly normal people.

This is so nutty, that all our private matters are just being bartered about without our explicit permission. All because we don't have any good regulation in the US regarding data sharing.

This is not the same as Plaid and Mint, where we explicitly give those services access to our accounts in exchange for direct benefits to us.

Can’t read paywall.

Does the article discuss the bank account owner’s permission? I don’t see how this could be done without explicit permission.

Easiest way is to change wsj to fullwsj.


Unfortunately, fullwsj seems to take you to a redirect through Facebook, making it a pretty bad option when it comes to protecting your privacy.

If you are concerned, use privste browsing. I have to do that anyway for nytimes articles.

Just an FYI, if you are reading on a mobile device and have the WSJ app installed, you’ll never hit the paywall if you allow WSJ links to be automatically opened in the app. For desktop, see https://news.ycombinator.com/item?id=16906571

And a couple of months ago HN was full of entrepreneurs leaving EU because GDPR makes it hard to do business. Yeah, if that's your idea of business, you're welcome to leave, please don't bother coming back.

Please excuse my tone, I'm literally (a tiny bit) and figuratively (much more so) sick with disgust.

I'd much, much rather they all go out of business than buy my health data because they think they can make a buck off it, thanks. https://news.ycombinator.com/item?id=17700500

Unfortunately, with how Google/Facebook works, if someone else posts or sends a message to me regarding a life happening, it still tells Goog/Book my data. If I have a profile on those sites, the data is added to my account. If I don't have an account, then its added to my ghost profile.

I can't get away from any of the major data collectors while living in the US. I couldn't even get away from the data collectors living in Europe - I have so many friends here in the US. Their communications aren't subject to the GDPR.

I wonder what the average American citizen could do that would help to get such legislation passed. Any ideas?

Monitor and lobby congressional reps, and vote or campaign against them in the primaries if they don't behave. They count calls, and for the most part, not many people contact them. You may find a little effort here is quite rewarding.

Talk to your local state representatives. They're often far more accessible than your congressperson or senator.

We can start by voting against every incumbent on the ballot this fall. Congress continues to act against the public good, except for a few (mostly) Democrats, and they all deserve to be fired.

Take it a step farther and vote against anyone with a (D) or (R) next to their name on the ballot.

This will not work. You can not expect to achieve your ends by acting in random fashion. You're going to actually have to do the hard work of figuring out who's good on this issue and who's not.

Everyone needs to run for office and vote for themselves. Failing that, find out who is running that most faithfully represents your interests, and vote for them.

The current federal government is so far out of step with the populace that a blanket anti-incumbent rule doesn't seem all that bad. The only real question is whether to vote against them in the general election, or just the primaries.

There is a very real possibility that someone else on the ballot is actually worse than the incumbent, which barely seems possible, yet here we are.

Furthermore, you can have an outsized impact by letting your congressperson know why you're voting for / against them. Better yet, form a group with like-minded colleagues and speak as a group.

A vote "against" without communicating intent doesn't drive recourse in the way you would like.

"X is the most important issue to me this election cycle, and will determine whether I vote for you and donate to your campaign" is clearer and more powerful.

Its not that difficult - just be sure to vote in every primary and always oppose whichever candidate has the support of the RNC and/or the DNC, which are both wholly owned subsidiaries of Wall Street.

I like the sentiment, but the current campaign infrastructure makes the labels a bit misleading. There will be some valuable candidates with a (D) next to their name. My recommendations are as follows:

1. Refer to https://www.justicedemocrats.com for a voting guide.

2. Register and participate in local DSA. Sign up here: https://www.dsausa.org

Replace the system with another.. system.

Voting for a third party is the most effective strategy for keeping incumbents in power.

It'd suggest reading the article before spreading harmful misinformation.

Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties.

Why on Earth would/should anyone believe this after Cambridge Analytica?

They absolutely should not. FB is either lying to the public, or to itself. It has shown zero capacity to self-regulate, and as soon as someone there has a monetization scheme sufficiently powerpointed out, its a toboggan run down a mountain of turd to the result.

Moreso, why on earth would they then need this data in the first place?

They will use the data for ads.

Then in a few years when we discover it, they'll say they're sorry and they're trying to do better.

Facebook is changing.


Just like they repeatedly say "we don't sell your data!" they will come up with their own meanings of words and phrases to try to pacify people.

Probably not directly, but I can't imagine what purpose this would be except to sell ads. That's what Facebook's business is all about.

I wouldn't be surprised if they were trying to run some sort of regression of behavior against bank balance and debt load. So sure, they're not using your bank account for ads, just a proxy of your bank account for ads.

Finding proxies for income is decades old (zip code and magazine subscriptions being the classic example), but I'm not aware of anyone doing at this scale and with direct input from banks as opposed to volunteered information.

To launch a paid subscription version of Facebook with loyalty discounts?

Get in Facebook, get your LinkedIn subscription 50% off for coming 20 years! (this is made up)

Disclaimer: Not a Facebook employee.

And their CEO will write a blog post about how they are "asking themselves hard questions." Followed by an FB advertising campaign stating "financial fraud is not your friend."

Well, did Facebook ever say it wouldn’t share data with third parties prior to Cambridge Analytica?

My own impression is that they were always very open about reserving the right to do whatever they want with all data, until the CA scandal first caused an actual nontrivial number of people to care.

I'd love to be pointed to relevant facts I might be missing.

On the one hand, that's probably a valid point-if a very dangerous game of technicalities to be playing.

On the other hand, I'm less perturbed by what Facebook says it will do-and what Facebook actually does in the absence of a governing policy to begin with. Like, for example, not vetting applications that utilize the swaths of data it consumes from its users


Exactly. I mean, what use of the data does it have otherwise?

I’d believe it. There are plenty of other ways to make money off private data. This sounds like they were specifically saying they don’t use data in a that particular way.

Reminds me of that line from the show Narcos that translates to, "Silver, or lead."

What is a retail bank but some product ledgers and user identities? Banks understand that they are rapidly being reduced to artifacts of regulation. The ones I have spoken to have a primary mandate to "preserve the business model."

The identity information FB has is often more reliable and valuable than the documents governments provide. Perhaps to coin a phrase, what FB and other social platforms have is "collateralized identity," where your relationships and personal behavior data are the collateral on the assertion of identity. The documented one relatively is just a "registered identity."

Difference is the amount of friction, authentication, and recourse you have to each of them. A registered identity is mainly for legal recourse (tax, travel, and law enforcement.) What FB has might lack a bit of recourse, but it has anti-gravity frictionlessness, and a high degree of authentication.

The point at which an institution becomes indifferent to the level of recourse in the identity and switches to one with less friction, more data, and more authentication - looks pretty similar. In fact, the ones who demand registered identity are at a structural disadvantage to orgs who provide services using collatoralized identity.

There is very little to keep FB from becoming a global bank, and current banks will have the option to participate, or compete against the ones who do. It's strategic in so many ways. I don't think this is a normal business arrangement. It may more resemble offering terms on which FB will accept the banks' surrender.

  Reminds me of that line from the show Narcos that translates 
  to, "Silver, or lead."
In case someone misses this meaning, silver or lead refers to either accepting a bribe (silver, money) or taking a bullet (lead).

And the original (pre-translation) version is, I believe, "plata o plomo".

thanks. i was assuming it was referring to which material for the bullet you were inevitably going to take.

Silver bullets are only needed for shooting werewolves. :)

I always wondered about the stake through the heart for vampires. Like, "why specify 'for vampire'? Fairly certainly that kills anything."

In French, the word for money is the same as the word for silver (argent). Is it the same in Spanish by any chance?

Depends on the country. The regular word is "dinero". In Spain it's not common to use "plata" (silver) for money, but in Argentina it's what everyone uses. In Mexico they use "lana" (wool).

What about Colombia?

No idea...


In modern Chinese and Japanese, the first Chinese character for the word "bank"(银行)means "silver".

Perhaps Facebook should also scoop up my medical records, so drug companies can improve the way they advertise to me. I'm sure all those posts about my beer reviews will help my doctor diagnosis my chronic gout. Seems like a 2-sided deal.


They already do.

My wife had a very early ruptured ectopic pregnancy (which she wasn't aware of), which nearly killed her. On the week that the baby would have been born, Enfamil launched an acquisition campaign targeted at expectant mothers that month, kicked off by a Fedex package containing bottled/powered formula (worth about $60) and including Facebook campaign targeting new mothers.

This was very upsetting to us, so I dug in, found out from the company where they obtained out information, and obtained the list. I spoke to a couple of physician and nurse friends who are pretty confident that it was a combination of the ER admission, an imaging claim, and a drug that was prescribed and filled in the hospital that made it highly likely to an observer that she was pregnant -- but didn't provide enough detail to determine that she left the hospital not pregnant.

It turns out that information regarding hospital admission, insurance claims and prescription fulfillment is available and slurped up by various parties, who are able to de-anonymize it. It contained alot of information, including accurate salary history, cars we owned, approximate credit score, where we bought baby stuff for our previous child, etc.

I make it a point to share this whenever appropriate, as it was a very painful violation of our privacy, and really threw me for a loop, as I couldn't fathom that our medical providers were selling our data to help pitch diapers and formula. Facebook and many other companies either has access to this information by buying lists, or can extrapolate by looking at advertiser patterns.

While there are multiple steps and items that can be combined together in your example, it does reinforce why I make sure to use cash for some transactions. I really don't want my ad targeting profile to change to "likely has children" when I buy things for my nieces and nephews.

A few years back there was the case where Target was using mailed ads specific to the profile they'd built for the recipient, and a man went in angry about the pregnancy stuff being advertised to his daughter. He went into the store outraged. Turns out, she actually was pregnant and hadn't yet told her father.

Ever since then, I've been more conscious of my purchasing patterns. I'm sure there are still technological advancements to track cash transactions, but it at least makes it more difficult.


If your photo has been associated with an other than cash transaction, pretty much game over. You will have to up your game and put on zebra makeup when out making cash purchases

I'll consider dressing in drag, bringing along masks, or buying a large number of Halloween costumes. Surely if enough people went to the store with a Donald Trump parody mask on they couldn't trace us all!

...though the anonymous mask would work just as well.

Not sure if you are shooting the messenger or riffing but start here [1]

[1] https://www.facefirst.com/

Thanks for the link. I always thought that story was urban legend.

That is a very upsetting story. Thank you for taking the time to share it. It serves as a pertinent example of how cold and calculating advertising can be - especially with regards to intimate, personal life events.

Facebook still seems to misunderstand its role as a communications platform funded through adtech and data harvesting. And as a company with 2 billion+ customers ('users' in reality, as their customers are actually advertisers), they need to understand that they have an ethical role to play in using technology (yes, even communications technologies) and need to address their Orwellian bones.

IMO mass communications vehicles like Facebook and Twitter need to be regulated with a regime similar to a phone company. There needs to be a firewall between the communications and tooling portion of the business and advertising business.

The obligation to maximize shareholder value for companies like Facebook (or legacy AT&T doesn't align with the public interest). You also have companies controlled by small numbers of people with unusual world-views. (Remember when Twitter was bragging about sparking the arab spring?) You need distributed regulatory force to compel behavior, just like how many aspects of electrical rates are governed in the US by state commissions.

I largely agree; although I ‘fear’ that the regulation will take the form of the competition authorities rather than say, a communications authority (FCC in the USA [1], ACMA in Australia, relevant bodies in European nations). Why such a ‘fear’? Because it is the wrong way to regulate in my opinion and proves that the ‘horse’ has bolted.

I can’t remember the source but I recently read that Facechook has a PR team of 1,100 (WTF?!) and that even The Zuck (™ pending!) has a personal media team of 15-20 making him look like a Saint. Spoilers: outside of HN and many tech sites, it’s working - even in the light of Cambridge Analytica, et al.

The real issue stems from the fact that very few elected Politicians or Technocrats understand technology and its implications, OR, are too fearful to attack the FANGs as they are very powerful, OR are susceptible to soft propaganda efforts; otherwise known as lobbyists.

It’s clear to me at least that an unregulated Facebook is a potential danger in many parts of the world: USA elections, Myanmar, etc. It obviously has great utility too - hence its absolute success - but the days when Google, Apple, Facechook, et al, say they are not media companies are hopefully in the past.

[1] although not under the current FCC regime!

Thank you for sharing. And then people say GDPR is overreach. It is precisely to deal with these type of issues and the type of issue described in the OP that we don’t want. Time will tell if it works, but I have hope.

>I spoke to a couple of physician and nurse friends who are pretty confident that it was a combination of the ER admission, an imaging claim, and a drug that was prescribed and filled in the hospital that made it highly likely to an observer that she was pregnant -- but didn't provide enough detail to determine that she left the hospital not pregnant.

That would be a very serious breach of HIPAA.....and wow turns out I am wrong, after a quick google search, I'm now afraid you may be right- that they did not de-anonymize you but somehow botched a targeted anonymous profile. Absolutely bonkers.


Physician data is not anonymized, so correlation is pretty easy.

With drugs, physicians are treated like sales representatives by the pharmaceutical companies, who get real-time data from the pharmacies about prescriptions as they are filled. They are assigned quotas based on demographics and "education" or other programs are targeted based on how they prescribe.

I was less successful in learning exactly what information was shared re: the medical treatment, but because my employer administers hospital coverage separately from physician billing, we believe that only hospital related claims were used. The folks who I spoke to theorized that if I used an HMO, the anesthesia would have lowered my wife's "score" for further marketing.

The hospital network is good at not answering questions and I've gotten very little from them over 3 years -- I'm now thinking about lobbying a state legislator(s) about it.

They also have information about the doctors that allows them to tailor the marketing message.

This might be a good place to start learning more: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2517975/

You could conceivably sue all involved parties for libel from passing around lies about your wife's medical status. Probably easy to add in some HIPPA violations too. That's why the hospital isn't going to be forthcoming because they know they're on shaky ground.

Can you share details about who provided the actual list and how you went about obtaining the details of your profile?

news has been out about facebook seeking access to medical records for a while now


Google is doing this in the name of research.

gout is amazing, isn't it?

Any bank that gave my information to Facebook without my explicit, opt-in consent would immediately lose me as a customer.

(Heck, I might switch just for asking.)

Luckily I bank with a credit union (not for profit) which does not constantly try to monetize me.

This spring, Facebook committed to ending their third party merchant data integration with advertisers.[0]

Now they are directly partnering with the banks to gather this data and more, with the stated purpose of offering products based on this data.

Why is it OK for Facebook to use this data to sell things directly, but not when they partner with external advertisers? Why should the public trust Facebook with this highly sensitive data?

[0] https://www.washingtonpost.com/news/the-switch/wp/2018/03/29...

> Why is it OK for Facebook to use this data to sell things directly, but not when they partner with external advertisers? Why should the public trust Facebook with this highly sensitive data?

It's, in theory, vaguely better. When partnering, they have a contract with the external party, and not you. So there's nothing stopping their partners selling it to whomever.

That being said, Facebook is already on 'thin ice' with me. But it doesn't seem to deter them too much, other than feel good ads about how Facebook loves us all.

Good way to trigger a bank data run, where customers remove their money & data en-masse from the bank that leaks their info to Facebook.

I'm going to say something terrifying, and it should cause you terror indeed: Most people don't shop banks.

Ask random coworkers why they use the bank they do - "Well, that's what my parents used" or "that's what was convenient" is the usual reply.

Anytime I ask people if they pay fees for regular banking, they look at me like I'm a crazy person - "of course I pay fees all the time, but I don't pay very much..." Most banks are terrible and treat you terribly unless you keep enough money with them to get the special treatment.

> I'm going to say something terrifying, and it should cause you terror indeed: Most people don't shop banks.

I work for a bank, and I want to confirm this. Banking relationships are astoundingly "sticky". The bank that I work for tries hard to compete by offering better products and treating customers fairly, but it is difficult because customers so rarely move to a new bank.

Seriously, folks: if you are unhappy with your bank OR IF YOU ARE HAPPY WITH IT, go ahead and look at the offerings from some of their competitors. You might find that someone else offers better rates, lower fees (or no fees), or treats you more fairly. And if you happen to bank where I work, please do the same thing... if our competitors are treating the customers better then I WANT to lose customers (what else will pressure us to keep our standards high?).

Support your local credit union! Though it's still worth shopping credit unions for ATM coverage and fees, just to be sure.

I don't pay fees on either my checking or savings accounts unless I need to withdraw cash from a competitors' ATM or if I were to overdraw an account. I haven't paid a fee in years. There are still some decent banks out there that offer free checking and savings.

This is correct, and why cities like New York are literally becoming infested by banks on every corner. For every branch they open they can count on some kind of percentage of the people that live in a close radius to end up with accounts.

I think even more terrifying is that most people might need to "shop" banks. I say that because in reality for your standard checking bank fees are non-existent if you have over $1000 in the account even at the worst of banks (some much less).

For savings accounts the value of shopping becomes more apparent. But if you are getting hit by bank fees then savings account APY is really not a primary concern.

Yeah the difference you see between the banks that actually give good rates and not is amazing.

Ally is offering 1.80% on savings right now. Wells fargo is offering at most 0.15%.

Wells Fargo has obviously done the math and realized that their customers simply do not care to switch accounts even though the interest they offer is abyssmal. Pretty weird stuff. As rates rise slowly it will be interesting to see whether the frogs finally get hot enough to jump out of the pan and abandon wells fargo, forcing them to raise rates.

https://www.wellsfargo.com/savings-cds/consumer-account-rate... https://www.ally.com/bank/view-rates/

Or there are people like me who hold their business & personal accounts at wells fargo, but have savings accounts at banks such as ally & citizen's access. You don't have to go all in on a single bank.

I've noticed this with several friends who complained about the fees their bank is charging them on a simple savings or checking account. It is like people don't realize that banks pay to borrow your money and anything else is a naive perversion of the concept.

Not to mention 7% of households are unbanked or underbanked https://www.fdic.gov/householdsurvey/

I'd be happy to move away from banks that buy in on this.

You'd think with all the privacy pledges it's made over the past few months, that FB would think twice about doing something like this.

Facebook, why don't you focus more on developer relations and the community that made FB a platform and worth what it is today. Go on forums and the developer Pages and you'll see how strained and alienated developers are. From instant API shutdowns (Instagram) to turning off access to apps that have paying clients that rely on FB API because the app review failed (thanks to reviewers who often don't read the testing notes) and sudden rate limits or access restriction without prior notice, developing on the FB platform has been frustrating.

Who would I go to instead? I have no idea if my current bank buried a line somewhere in the terms of service I agreed to that allows them to sell my account information to third parties. If I wanted to move to a different bank I'm not sure how I would determine their stance on selling information to third parties either.

If you believe that a company whose whole purpose is to use data on you to sell ads won't use data on you that it collects to sell ads then I have a bridge to sell you.

Funny that people complained so much about GDPR being bad for business and then get upset when things like this happen. It's almost like the two are related or something...

> If you believe that a company whose whole purpose is to use data on you to sell ads won't use data on you that it collects to sell ads then I have a bridge to sell you.

On this particular case I would probably agree with you, but I'm not sure it's true in general. From what I understand, for example, Facebook doesn't use your messages for ads. It seems unlikely but not 100% implausible that it could be the same here.

Depends on what you mean by "ads". I stopped using FB since April but still use WhatsApp because my contacts use it. In the last 2 weeks, I've been getting email spam notifications to check what these WhatsApp contacts are doing on FB. i.e. FB has been sending me notifications about people who are both on FB and on WhatsApp, and only those with whom I message on WhatsApp on a regular basis. The likelihood of this being entirely coincidental is probably close to 0.

They may not use the content of the message but all its metadata which may even be more valuable, alone because it's easier to process automatically.

If Facebook could give the banks sufficient reason to actually develop an api for exporting data in a granular way, that would be a good thing.

I don't like entering my bank password in mint just for it to scrape the account balance. There should be a separate read-only service with a token that can send that information to services I want to have it. Coinbase seems to manage to do this pretty well.

WF can go build a bridge and then jump off it, but they do at least have a thing where you can create an additional read only log in.

If you bank in Europe, look up PSD2 :-)

How is it legal for the banks to share this? I'm confused.

Mint and a host of other financial dashboard products allow you to plug-in account credentials and see balances in one place.

Most of those services are probably using Plaid to connect to customers' online banking accounts, which is always done through an explicit, user-driven auth. In fact, it has to be done this way of necessity; Plaid has traditionally used scraping to get data.

Facebook, however, is trying to go in through the backdoor. From the article: "It is unclear whether bank customers would need to opt-in to the proposed Facebook services or what other privacy protections might be offered."

So are you saying that idiots will knowingly link their bank accounts to Facebook and star in their own Black Mirror episode? Sounds amazing.

"idiots" willingly and knowingly already do this with Mint. And Quicken; and other financial services sites.

The only question is if Facebook develops a sufficiently compelling financial product for the mostly not concerned to share this data.

You might not think it is a good idea. I don't think it is a good idea, but plenty of people will determine that the tradeoff is worth it.

Mint and Quicken are financial services so I can see how people would fall for that.

You're assuming here that the "tradeoff" will be clearly presented, which we know it will not be. The "tradeoff" will only be realized when it is too late and the multi-national advertising corporation called Facebook, Incorporated is caught (again) mishandling user's data, except it will be financial.

“There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again.”

Idiots. no quotes.

I use Mint. I willingly and will full consent give them my data so they can provide me with a service. I'm ~okay with them having and using the data to market to me because the service is valuable enough to me.

I have no reason to give FB my data. I've never consented to give them the data. There is no product they could offer that would encourage me to give them more data.

It's two entirely different things.

They are trying to develop a product that competes with Mint.

I get that you would never consent to sharing, even if they competed well with Mint.

But their goal here is at complete odds with your comment, "It's two entirely different things." They are hoping it will be "two products similar enough to be considered competitors."

Mint and Quicken have legitimate reasons to access your banking data though, and provide you value in exchange.

I wonder what kind of value would Facebook provide you if you give them their financial data though.

I don't use facebook much, and what I do use is under a false name, not linked to anything real about me--I use it to access certain non-local groups).

But the kind of thing they could provide would be just like any other financial service like Mint.

It isn't in countries with sane privacy laws.

The likely argument would be that within the TOS or elsewhere there is (broad) language granting them the ability to do so. Of course, because users dutifully accept/sign the documentation placed in front of them, such practices are legal, at least until users 1) strike such language from the contracts before consummating the relationship(s); or 2) successfully challenge such practices in court. However, users have most likely also agreed to settle their disputes in arbitration, thus waiving their right(s) to sue (in court). So, really the should be reverting to option 1 if they are going to "use" such services.

Please tell me how to strike such language from any electronically-presented contract whatsoever.

I am approximately 100% certain that attempting to modify the contract you sign with a retail bank (short of being a private-client customer) will be met with an offer to consider other banks that might have a contract you agree with.

Ah, down voted for provided facts again. Excellent.

To mortenjorck and inetknght, I've not said that the typical individual user would have an easy go of things. What I did do was present options for userS to employ, en masse, in attempts to effect the changes they desire.

It's funny to me how people bother to coordinate efforts for all sorts of essentially meaningless events, but when it comes to things that they profess are important they suddenly decide that they'll wait around for someone (who probably doesn't have their best interests at heart) to swoop in and do the hard work for them.

To borrow from a post above "don't ask me how I know" but, your elected officials and "regulators" are unlikely to change these things unless business needs or public sentiment require it. That leaves the onus on you to make it happen.

If you don't like the terms presented to you by a service provider, try to negotiate them anyway. If the provider is unwilling to accommodate, go elsewhere. Worst case scenario, create your own solution. Isn't that one of the big things about this whole tech/hacker scene, creating solutions to unaddressed pain points?

And to the simpler question about striking language from electronic contracts, try paper(?) or making a PDF and amending it(?) You'd be surprised what serves as a passable solution because, as someone mentioned in another thread, a lot of people just don't put much effort into their work.

I now humbly await your down votes.

Paywall bypass: http://archive.is/uTZHO

Facebook has to stay on top of competitors like WhatsApp and Instagram, which they ended up buying, and now they’re worried about competing with services like Venmo. They have to or they’ll lose marketshare. Although the market mechanism usually creates the right incentives for companies to act in their customers’ interest this could be a new type of market failure. Imposing a cost on customers that wasn’t agreed upon by reducing the cost of surveillance for hackers and governments. The "cost" is lower because the information is already collected and just needs to be obtained.

So how can we fix that? Putting the data in the hands of government, where it’s probably more likely to be stolen? I assume that facebook has better cyber security than any government agency and a better incentive to keep their customers’ data secure. Or maybe breaking facebook up into multiple companies in an anti-trust litigation that will take a decade to settle?

I might end up sounding like a blockchain proponent here. To be honest I think that most blockchain applications are scams or an overly complicated solution where an old fashioned data base would be totally sufficient. I actually think that blockchain technology has a very big draw back, because ownership is an important part of markets and creating the right incentives for companies. I’m very convinced that the majority of people who are working on some blockchain project don’t have a clue about what they’re talking about. I can’t claim to really understand blockchain in every detail either. My credentials are that I studied undergrad economics at Columbia and helped found a bitcoin exchange software company in 2013 and worked there until last year.

So from an economics point of view, my guess is that blockchain, despite the drawback of eliminating ownership, could be a solution to this specific type of market failure. Here's a video that explores the trade off between ownership and censorship resistance in a bit more detail: https://youtu.be/pHOYORGZrps

Perhaps relevant [0] another looney EU initiative /s

“Net neutrality” for the banking sector. [0] https://en.m.wikipedia.org/wiki/Payment_Services_Directive

IMO a clarion call to do one of two things: Either stop using Facebook. Or start pushing politically.

We either need people to have either greater control over the data companies have retain and use (Europe's approach). Restrictions on what that data can be used for and the ways in which companies and people may treat you differently due to that data.

Once banks share the info with FB, expect more prosecutions by "parallel construction" using FinCEN databases, etc.

Metadata about who talks to who when, along with when cash is withdrawn, can likely pinpoint drug dealers. It likely isn't even that hard - a dumb algorithm of something like "rank people by how often their friends withdraw more than $100 of cash within a day of talking to them, divided by how often their friends withdraw more than $100 of cash" would hit a good number of them.

Right now, they are catching medium level drug dealers, prostitution rings, massage parlors, etc using SAR reports filed by banks. Basically, when someone deposits $4000 cash every month for a couple of years; expect him to get busted.

Once the guy gets busted, he must be thinking about how he got caught. It is banks' active spying: under regulation, banks have become active spies. It is a new way of spying: force private entities to comply for suspicious activity, with a huge discretion given to regulatory bodies on the scope of what the word 'suspicious' entails.

>"“We don’t use purchase data from banks or credit card companies for ads,” said spokeswoman Elisabeth Diana."

This sounds to be like typical FB weasel-wording. "We don't" as in "we don't currently"? Which is not the same as "We won't." But even if this statement lacked ambiguity does anybody believe anything FB says at this point?

We already know that FB purchases "offline" third-party data from data brokers[1], so why else would an advertising company buy even more data from if not to make more money from advertising?

[1] https://www.propublica.org/article/facebook-doesnt-tell-user...

Now politicians will be able tug at the precise, dollar amount your heart needs to get you to vote for them.

Facebook has also tried to get its hands on hospital data [1]. Add this to that and these are clearly the actions of a bad actor.

Its difficult to believe there are groups of people working on these kind of programs who do not see anything wrong.

At this point shaming will not work, people know what they are doing and can't claim ignorance. Perhaps there must be a wider acknowledgement of the ethical vacuum in technology, and we do not deserve the public's trust and are actively building the very dystopia some of us postured so heavily about.

[1] https://www.cnbc.com/2018/04/05/facebook-building-8-explored...

"Facebook said it wouldn’t use the bank data for ad-targeting purposes or share it with third parties."

Feel like this only pertains to time of publishing. They will just wait a month or two until everyone forgets and do it anyway.

Who gives FB the right to even ask for such information in the first place? So they don't see any legal challenges could arise from such request? Seems ridiculous to me.

And its not like FB arn't in trouble all around the world. Mark doesn't need some idiot manager in the company pinning please kick me sign on his back.

I where him id start firing one or two board members

Another paywall bypass as I'm having issues with the archive.is service...


I think Facebook has basically reached the “do whatever we can imagine and occasionally apologize if it goes too far” phase.

When software can implement ideas in a short period of time, we need laws that can work even faster. Speed up the process somehow, and “default answer: No”, or something...

Could they be trying to build a payment service, something similar to PayPal or ApplePay or TenPay?

cant the loophole here be simply that you have agreed to a TOS with FB, where they said they wont be sharing data, but you may have agreed to the TOS of the bank who says they share with third parties to determine credit worthiness etc.

so then FB pay the bank for your financial data anf FB then mines said data they purchsed from entity you authorised to do so... then FB "anonymizes" data which it in turn sells as a product whereby the completeness and/relevance value of the productized FB data is higher as it is informed by the data that they purchased.

pluas it is trivial for facebook to correlate you with your bank and etc...

so, yeah, looks like fb can evily get around stupid TOS checks.

And here is when everyone's insurance premiums go up. It will work kind of like shadow banning on Twitter. The rates will go up based on your past purchases. Especially now that most credit cards provide level 3 transaction details.

I wonder if the banks are going to provide enough meta-data about their customers that FB will be able to know which bank you bank at, what type of accounts you have, etc. no matter what, ahem, privacy settings you have enabled in FB?

It's going to wind up as a targeting option. You can sell a million impressions by people with a household income over $100k for far more than the untargeted impression.

How it currently works is that Chase etc knows how much money you make and other banking information, so they can upload your contact info and run targeted campaigns with a combination of Chase's information on your banking & credit card info and Facebook's targeting. The change would allow Facebook to categorize you based off your Chase financial info and let other companies start paying a premium to advertise to you as well.

In practice, it means that when you get approved for an auto loan and start shopping around, you'll magically start getting advertisements for cars and dealerships, since there's now something like an "approved for an Auto loan in the last 30 days" category that these businesses can target with their advertising. Or when you open a business checking account you'll start getting advertisements for point-of-sale systems.

Privacy settings don't make any difference to what FB can see on your account, only other people (that don't have special access from Facebook)

This is so creepy, but expected.

Banks will say they are only handing over antonimized data... and Facebook will find away to pair spending with location and de-anonymize the data —- a move the banks anticipated and agreed to all along.

So shady.

Goodness, why can't Facebook just be a site used to connect people together? Nothing more, nothing less.

How is sharing financial information helping me to connect with my high school buddies?

If you value your privacy, use cash.

or bitcoin?

Anymore bitcoin is getting harder and harder to obtain without some kind of paper trail to your real identity. The only bitcoin I'd consider to be private and untraceable right now would be bitcoin that was mined directly to a wallet. Cant follow the thread past its end.

It seems that in Finland, and I'm sure they're not alone, that isn't a wholly viable option for many. [1]

As was said above, cash is probably one's best bet, which is part of the reason that there is currently so much talk among gov't officials about doing away w/it.

[1] https://metropolitan.fi/entry/tax-authorities-in-finland-mat...

The usual Facebook move! Why are people surprised here?

Are they trying to build something like Apple Pay?

Now all my friends know my meager salary thanks to the latest breach at Chasebook.

How can we determine which banks are participating?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact