Hacker News new | comments | ask | show | jobs | submit login
Facebook Knows How to Track You Using the Dust on Your Camera Lens (gizmodo.com)
403 points by huntermeyer 11 days ago | hide | past | web | favorite | 218 comments

From a comment I had left on a related thread,

> Though very uncanny, this is rather easy to extrapolate even using the basic facets FB has available. But the most overlooked is photos. They are offline beacons and are to offline tracking what websites are to online tracking. For example you and a group of 10 other people took photos at the same location which FB sees as a small gathering of intimate friends. It will need to qualify the location is not a public restaurant to be sure its an intimate gathering. The chances of you connecting with that person are then really high. And if you are and the other person are in each others photos, then it's almost a certainty you will end up connecting on FB should FB recommend the connection. The more connected FB's network is, the more it can extrapolate based on commonalities from the first degree graph of your network. It's also the reason why Google is betting so heavy on photos and offering free unlimited storage -- remember, there's no such thing as a free lunch. Google wants to build a social network graph based on location and facial recognition to draw on proximity. With AI this will get even more uncanny. For example a wedding will have a certain photography profile (number of pics taken, the time of day, the location and venue based on Google Maps or past photographing histroy, the lighting in the photos, etc). Once you throw AI into the mix you realize Google doesn't need to draw out any conclusions. It can throw all these parameters into the AI engine and draw up proximity. In this case, Google or FB will not be able to tell you how they drew the connection, because even they won't know. All you can assume is the AI engine will take dozens of parameters today and hundreds tomorrow. Google's deep investment in AI infrastructure is a bigger testament to this.

On the exact day when my daughter started first grade this year, Google Photos (which I use pretty often) notified me that it had made a new video montage. It started with a title slide saying "Look how fast they grow", and then showed photos and videos of her (not a single mistake with one of my other kids or any of her friends) growing up from ages 0 to 6, ending with the photo I had just taken of her in front of school. It was really nicely made, but it also freaked me out quite a bit how they not only detect "today is first day of school" and act on that, but also "this photo is of Kid Y, not Kid X" at all ages growing up.

Imagine how much Google, Facebook, et al will know about your daughter when she finally turns 13 and can open an account.

Cradle to grave data collection!

I've had it make me around 3 if those already for my 2.5 year old. It's the same video but they just keep adding a few more months into it. I always save them. It's amazing, creepy and well done. I had a Premiere project where I was painstakingly trying to compile a similar thing and now I just gave up on that.

I have dozens of these videos now for my two kids and even one or two that are called "Dog days" or something like that with my dog featured instead of the kids. They are usually pretty good but every once in a while there's a blurry pic or they include a video instead of photos and there's some background motion that's distracting. They've gotten much better since they were first introduced.

I agree. It's just so convenient to use Google Photos as a backup and method of sharing albums that the threshold for leaving the service is super high, at least in my book.

Google's facial recognition engine spotted me in a photo my partner took months before we knew each other. I was visible in a crowd in the corner of a photo at the Women's March.

Clearly Google knew who I was and only chose to expose this tag info once they knew I had a connection to the person whose photo it was. It'd be amazing, and so so creepy, to see a photo of a crowd with the identification engine run unrestricted. They have the info already.

Can you substantiate any of what you present as facts with actual sources?

I totally buy this

> In this case, Google or FB will not be able to tell you how they drew the connection, because even they won't know. All you can assume is the AI engine will take dozens of parameters today and hundreds tomorrow.

Sure there are ways to implement systems like this where you can't understand what they are doing. Just like you can launch websites and webservices without any metrics, monitors, or logging.

But why would you?

It requires more work, and it makes the underlying architecture more complicated but any sensible organization with a good engineering excellence fundamentals would ensure they can introspect and debug the outputs of any production algorithm.

by comparing the accelerometer and gyroscope readings of each phone, the data could identify when people were facing each other or walking together.

More evidence we need far more privacy controls in mobile operating systems.

I don't want privacy controls, I want complete control.

I'm stoked about the Librem 5 project, and I hope it succeeds enough to not disappear in a couple years. I just bought a phone, but I'll likely buy the next rev if the first one works out. I don't need much from my phone, and as long as I can make/receive calls/texts, browse the web, and can get consistent security patches from the community (e.g. some Linux distro supports the platform outside of Purism), I'm happy.

Android and iOS already support privacy controls (and root to an extent), but you're usually at the mercy of the manufacturer for updates and have to trust them to not remotely access your phone. And many manufacturers just stop sending updates once their new model is out, which is unacceptable for most people for laptops and desktops, so I don't know why it's tolerated on phones and tablets...

If you are paranoid about your location data and security patches you should consider lineageOS and microg [1]. Awesome projects. You can have your location data stored in your phone and not rely on google.

[1] https://lineage.microg.org/

This is just not enough. I want to control the baseband and I want hardware switches on microphones, location and cameras.

Also there is F-Droid (only open source apps for Android) and the Yalp Store (alternative to Google Play with faked account so you don't have to own one).

Hacking my device like with jailbreak (iOS) or rooting (android) is not the way I want to have to go to feel secure and it's nothing I want to have to do before I think I can use my phone.

Perhaps the Librem 5, Necuno or Fairphone 3 will be suffice. We have a currated list of fair devices on the Fairphone Community forums [1].

[1] https://forum.fairphone.com/t/list-of-fairly-fair-electronic...

I understand and agree with your ideas on controlling the device, but I should also point out that the network that you're on is a major vulnerability, and there's little you can do to control that data yourself.

Government regulation on telecom companies is the only way to ensure that there's even a line that they're required to toe.

I definitely agree with you. Nonetheless lineageos/microg are a step in the right direction. No change will happen overnight. I hope more projects like this will pop out in the future.

Yes, except this talk [1] still applies

[1] https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_...

Exactly. We (tinfoil hat's) don't want to go with less.

Google/Apple have enough power etc. and I hope Librem5 will be here to show that it is possible to create a descent smartphone with a REAL linux (no, not android) under the hood.

Freedom is only real if you own & control it - not if someone tells you that you're free to go now (to rise the shares probably) ;-)

> I hope Librem5 will be here to show that it is possible to create a descent (sic) smartphone with a REAL linux (no, not android) under the hood.

That was already proven possible with Ubuntu's smartphone adventure. What we need is a sustainable effort. We've managed on the desktop, hopefully the smartphone is possible too.

Of course there is the problem of all those proprietary IOS and Android only apps…

> You can still preorder the phone today at the reduced early adopter pricing of $599.


LineageOS on a used android phone might be the better solution here.

Complete control is easy. End to end encryption. Don’t let them see what you’re doing.

MAIDSAFE network!

What does this actually mean? No, you're not going to end-to-end encrypt your ... gyroscope data. Those words don't make sense in that order, unless you're sending your gyroscope data to somebody else for some reason- in which case your problem is with them.

This is really easy to do.

At a hackathon in 2012 our team in just a few hours built tech that would detect who you were standing next to or walking past, all while your phone is in your pocket - we were trying to build a tool that would replace exchanging business cards at conferences.

Have you heard of Bump? They were doing something similar until they were acquired by Google: https://www.theverge.com/2013/9/16/4736860/bump-acquired-by-...

They're basically the Google Photos team, now. Have you seen the ads about face recognition and auto-sharing? They've been working on the problem of photo sharing ever since they figured out that people didn't want to share contact info with Bump, they wanted to share photos.

Didn't know that but makes a ton sense. Also surprisingly how Instagram became Instagram when they realized all it was being used for photo sharing. People love their photos.

Can you go into more detail with how that worked?

Not OP, but I'm guessing signal strength measurements, so if 2 devices report similar values they must be close to each other. And then just add the gyroscope info.

That's an interesting suggestion. I'm curious if the body position as it relates to the closest antenna and the phone, particularly if the RF energy has to pass through the owner's body, would add too much noise when compared to the person if they're standing facing the closest antenna.

Or we can not install apps that do this kind of stuff.

That could mean uninstall the entire operating system because this stuff can be done at device driver level, where closed source is king and even the system administrator can do nothing.

I've always been floored that people leave their location services turned on by default. I have mine on for no more than a few minutes a month. I only turn it on when I'm in an unfamiliar location, don't have my bearings, and looking at the map alone isn't enough to help without GPS.

On the other hand, I've had mine on 24/7 for the past 2-3 years and routinely visit my timeline on Google Maps to look back on exactly where I went on particular days.

Looks like this, and I find it extremely awesome/useful: https://i.imgur.com/jxxjg1g.jpg

Might be a good idea to obscure the full URL in your screen shot.

I'm 95% sure that URL is safe.

Fun fact: my Android phone battery was being sucked at a fast pace last month. I don't remember exactly how it presented itself in the UI, but I ended up figuring out that the Google app was the culprit, because it was using the GPS... which I had explicitly disabled.

An internet search showed I was not alone with such problems, and that the solution was to manually revoke some permissions for the app (thankfully it was possible).

I find it amazing that an app can make use of the GPS when it's disabled! I'm actually seriously pissed about it, but there's not much I can do about it.

But you do have the option to purchase phones running operating systems that implement tighter and more credible controls. I believe that companies understand nothing better that consumer dollars.

The fact that I could prevent the app from using the GPS says the OS does have the tight controls already. This is not a problem of permissions model.

Also, the only non Android phones are essentially from Apple, and they are too big for my taste. (also, ridiculously expensive ; also, my wife uses iPhones, they all ended their (short) career with a swollen battery; not sure what she does with them)

iPhone SE is small and fairly cheap.

Its also a redheaded stepchild that Apple has discontinued without a replacement, not a great place to migrate to if you want a new phone of similar size in 3 or 4 years running iOS.

Of course it’s all hypothetical, but many pundits are betting on a comeback of a SE type of iPhone, as the expensive strategy is not working for Apple.

On Android location != GPS.

For location also Wi-Fi is used. So GPS can be turned off but they can track your location by looking at the available Wi-Fi spots around you.

My battery was being sucked by GPS according to the battery usage reporting. And that stopped being the case when I revoked the Google app permissions.

Not only that. The app for route planning with public transportation in my town. Thanks to GDPR I have learned that they are sharing data with 500 trusted partners!

And most of the time you do not need to give the app permission to use the location to do route planning even in unfamiliar neighborhood. You can just input street name or public transport stops have logical unique identifiers.

But of course most people do give permission at some point because it is easier to do so and the app i nagging constantly for the permission.

What are you gaining in exchange for making your life harder?

Above user might not find it to be a hassle at all. I turn GPS off whenever I notice it on as well, but it's pretty far down the list of ux concerns when using my phone. Sometimes an app reminds me I need to turn it on before continuing, but that's all handled smoothly in-app these days. (unlike sibling comment my phone has gps toggle in the slide down menu)

In my case it's a longstanding habit from when I was told that GPS could drain battery faster :p (maybe it still? does, I don't know)

Increased battery life for one. It used to be easier to toggle on older Android phones because there was a default shortcut in the slide-down menu, now it requires going through the settings at least on Google Android.

edit: Huh, turns out you can add a toggle. I can't believe I never noticed that, thanks!

On newer versions of Android, I believe there ought to be an option to edit the slide-down menu in the slide-down menu itself. Expand it all the way, and look for a pencil icon. You should be able to add a location toggle that way.

There is. Invert colors is very useful when reading HN at night.

With something like Tasker this doesn't need to be laborious at all (I have location turn on while certain apps are in use, e.g. Osmand~, and turn off otherwise). And, tin-hattery aside, it has power-saving advantages.

What is an insurance customer getting in exchange for making himself poorer? With respect to privacy, the price of peace of mind is all over the place at this point: the tech-ization is society is recent enough that even well-informed people have big differences of opinion on the likelihood and costs of privacy-related calamities.

If you estimate privacy risk as high, then you're naturally willing to make your life harder to avoid this risk, and you naturally come to regard those with lower risk estimates as reckless. Likewise, if you're in the other camp, privacy-preserving measures look like wastes of time and money.

It's hard to say at this point who's right. We haven't actually seen a lot of privacy-related disasters, the lack of which might seem to promote the low-risk camp, but the high-risk people would reply that the breaches that do occur will only become more damaging over time as we move online.

I'm not in the high-risk camp myself, but I do think that this camp has some valid points, since information is power, and power is ultimately a corrupting force. It should be easier to live a privacy-risk-mitigating lifestyle.

I don't know what you mean about making my life harder. I don't see what I have to gain by using location services outside the rare moments I need it. I'm gaining privacy by not keeping it on.

I think you’re fortunate to not need it, but I lived in an unfamiliar place for a few months and I used my map apps to identify the best routes (public transit, biking, should I walk, or should I Uber?) nearly 3-4 times a day.

Turning it off/on would be difficult, but I do set most apps to only allow location services during use... but the maps I have set to always. I also don’t have the Facebook app installed

The alternative is to keep location on (while in use), but download offline maps.

No idea if the app phones home with all historical location data if you re-enable data though...

Maybe that’s why Google likes to expire it’s offline maps ?

OsmAnd and MapsWithMe are good apps that you can use offline maps on indefinetly once downloaded. They use Openstreetmap of course.

You're probably gaining significant battery life as well.

> I don't know what you mean about making my life harder

You're spending time and effort turning this on and off.

The rest of us don't.

What are you going to do with the additional ~5 minutes that not spending that time and effort has added to your life?

You gain more conscious decision making and that can help you a lot in life.

Sure you could just give in and "go with the flow" because that's what majority does and it's very convenient.

Also people as social beings want to belong to groups and doing the same stuff they do is the easiest way to gain access to groups.

That's the reason why so many use WA and FB and don't even care about their data. They already gave up and make fun about those who haven't.

If you have courage and a strong personality you can withstand this peer pressure. If you are cool enough there will be others to follow you. If not you can also learn to deal with that and in the end it's only necessary to have a few really good friends in your life.

TLDR; You gain more control over your life and strengthen your personality.

How is using location services "going with the flow", but you using the Internet isn't? Are you ceding to the majority rather than having courage and a strong personality?

The problem is how broad the term location services can be. In this context Facebook is using innocuous camera and sensor data to track the same device around. They could well write some code to listen to the microphone only when nobody around is talking, which per se wouldn't raise any privacy concerns, then use it to track laptops and tablets/phones by matching the sound of their fan under load or the spectral content of finger taps on the screen.

Unfortunately I believe there's not much users can do other than stopping using Facebook and any of their and similar products for good, then keep being alert because tracking people is both a business for companies and a tool for governments to suppress dissent, so anyone involved in any technology related to communications will inevitably be incentivized to implement anti-privacy features.

Some people see the glass half full as they have evidence of their movements as an alibi should they need it.

Or half empty -- as evidence they were somewhere unfortunate (doing something totally benign and unrelated.)

Why would this be a concern?

At worst, you're somewhere unfortunate (doing something benign and unrelated) and someone brings you in for questioning about it. Wouldn't they do that in many cases even if your GPS was off (for example, from seeing you on cameras or other means)? It seems better to be able to bring in as many people as possible to get whatever information is needed to help with whatever situation was unfortunate in the first place.

If asked, it's not like you're going to lie and say you were somewhere else if your GPS was off. This way, you at least have proof you were exactly where you said you were.

Broadly speaking though, it is because the criminal justice system in the US focuses on conviction as the metric of success, not whether the conviction is of the correct person -- it is simply whether there is sufficient evidence to convince the jury, or sufficient fear to garner an quick plea bargain.

Tens of thousands of people confess to crimes is because they are given the option:

- 6 months for a plea bargain confession

- 10-20yrs if they "fight the charges" but get convicted in court

Many cannot afford expensive lawyers, so often times, the odds are stacked against them in court.

In more select scenarios, people confess to crimes they had nothing to do with because of pressure applied. One of many examples would be that of https://en.wikipedia.org/wiki/Jon_Burge In summary: [Innocent person] + [cowprod electrocution] = [guilty confession]

Edit: flow

It seems you have not at all dealt with ill intentioned law enforcement entities.

While I would wager that I've dealt with police and the court system _significantly_ more than the average American, I will admit I haven't ever encountered ill intentioned law enforcement entities -- it's hard to believe I'm just lucky, though.

I think it's pretty safe to say bad LEOs make the news because they're extremely rare, and the backlash against each one found signifies that the oversight exists to ensure they don't last long.

Or a fake alibi if you're sufficiently determined.

Go fishing in a secluded area regularly to establish a pattern. Then go hide your phone there one day, do crime, come back and get phone.

I am actually going to buy a separate GPS for the car and disable as much as possible on the phone.

I use location and a dash of IFTTT to auto-fill timesheets. I'm aware it's a trade-off.

Cellular carriers sell your real-time GPS location even if you turn off your phone (GPS chips operate outside the network)

Proof: https://www.zdnet.com/article/us-cell-carriers-selling-acces...

They sell cell-tower data, not GPS data.

The article literally says "cell phone location data from nearby cell towers. It's less accurate than using GPS".

Generally, carriers only have access to the RAN metadata (cell sector, signal strength, etc), not GPS.

And in Europe they can't sell or pass on personal data. They can aggregate it, and sell aggregated data (e.g. for transport planning purposes)

GPS chips are receive only.


A complaint about downvotes getting downvotes shouldn't "scare" you.

I didn't downvote, but if I did it would be for the 'I'm floored that people do [common thing that most people do]', rather than the fact they turn of their location services.

As you said, there's no free lunch, but everyone is different and most people have decided that the benefits still outweigh the negatives.

It's like saying "I'm floored that people go to starbucks when they could save so much money making coffee at home and carry it around in a thermos - that's what I do and it is the only way it should be done"

> As you said, there's no free lunch, but everyone is different and most people have decided that the benefits still outweigh the negatives.

There is an argument to be made most people may have made those decisions without fully understanding what the technologies can do and what the consequences are (e.g. the patents in the article). Case in points: my family.

This is partially the same community that thought these violations would be a good idea in the first place, as long as we get a bit of hamfisted curated content and adtech monetization. Of course some of the invested individuals still want to defend it. Maybe just to maintain the cognitive dissonance and assure ourselves what we're doing to people is okay. Expect to be unpopular, but that's fine--popular is not the same as right.

People are willing to take some outrageous risks in exchange for a trivial amount of convenience. Ever see somebody cut across six lanes on the interstate to make an exit that's about twenty feet away at the very last second? Convenience and speed is everything, we don't give a damn about the consequences. And there are eventually going to be serious issues caused by our wild west data mining. Horrible damages have already happened. It's not just paranoia.

True, not every software company is abusing their default permissions and telemetry. But the fact that default-on is normalized and expected provides cover for many people who do abuse it. It's complicit. Anyone who cares about infosec knows that security has to be the default, not an obscure setting for power users or something that you have to reset and then it always clicks itself back on when you update or use a particular feature. That's wrong and it's very clear why it's wrong. But it's happening more and more often.

Also, security must be the default even if we don't currently see any way for a particular application to be abused, because later there will be attackers more creative than us and they will figure out a way to leverage it. This is like an ironclad law of nature. Pretty much anyone who has made networked software long enough in the past can attest that eventually there's attempts at exploitation that nobody was thinking about at the beginning. I'm sure some of y'all have stories. Every engineer must make it robust at the start, expecting that people will attack and misuse it resulting in damage to real people. Even if we don't see why that would ever happen at the time. We should all responsibly set software defaults to defend the helpless and ignorant, instead of depending on capable people to defend the software.

Thats a pretty bad analogy. Losing the privacy aspect of your location is not the same thing at all as saving a few bucks on a coffee.

I think you're missing the point: that what's important to you is not necessarily important to everyone else.

The fact that Google knows where I work, and what days I work, and uses that information to alert me before I leave whether there's a better route is worth it. That feature alone can save tens of minutes to hours per week, not to mention all the other benefits.

What other benefits do you experience from sharing that information? The traffic alerts was one, but could you elaborate on the others?

Someone already mentioned it, but the timeline feature is great. I can see where I was, what time, how long it took, etc. It also tells me the last time I went somewhere.

I'm sure you believe that corporations are evil and basically out to get you, but the vast majority of people doesn't. I think it's safe to assume that you're the outlier here.

Have you ever tried putting yourself in the shoes of people who leave their GPS on? Can you see how much better the user experience is? Can you understand why someone who never had a negative experience involving their location data might prefer to leave their GPS on?

I leave my GPS on all the time. I love going back in time and see where I was at any given time. I can download the data and correlate it with a bunch of other metrics I keep track on. If it wasn't free, I would pay for it.

I'm not floored that you turn your GPS off. I've met many people just like you. Some of them had traumatic experiences in the past, others generally don't think other people are trustworthy. I can respect that. Just don't assume it's the default sentiment, because it's not.

Here's an interesting survey about trust:


> I'm sure you believe that corporations are evil and basically out to get you, but the vast majority of people doesn't. I think it's safe to assume that you're the outlier here.

I've worked in ad tech before. I used to write code to do some of this tracking and enable analytics on it. Nobody I worked with was out to antagonize users, but in principle I'd rather not feed a master profile about myself that gets matched, bought, and sold between companies and their partners. There's nothing controversial about my movement throughout the day but I feel better not being tracked.

You're being tracked anyway just by having your phone turned on.

Regarding your first paragraph, let me quote from the HN guidelines [1]:

> Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.

[1] https://news.ycombinator.com/newsguidelines.html

It's not about the majority - don't you see that?

It's about the 1-3% who will f* you for being a naive sheep.

That is why we can't trust these corporations and that they get more powerful everyday doesn't ease my mind (accumulation until we only have "the shop").

The problem with our economy is the basis for that. In our world (at least in the west, can't really compare that to the east as I only know it from western propaganda) the biggest goal is MONEY (=POWER).

Ethics, environment and people just don't count in this equation (ok they do if you want to improve your image).

Sure that's not what majority of the people sees but also they don't know anything about computers & software and most of them probably haven't thought much about ethics & philosophy. Just because majority does something is not a very good argument (see lemmings).

I’d also pay for the ability to see where I was at a particular time, as it does seem like a very useful feature. In fact, I did pay for it by obtaining an iOS app that stores location history locally.

Google’s implementation looks really convenient but feels too creepy to me.

this isn't about privacy. I literally charge my phone less, because not only does gps coming on randomly eat up battery - when it has data to collect from random apps they make a data connection and send stuff home. I could care less about going back, tracking my location history, and correlating it with other data. I have a life, and gps on, after a day of the phone sitting there on standby, eats an extra 5% of battery.

turning gps on before i launch maps is 1 extra tap on the toggle on my home screen.

I think the one with a traumatic experience here is you - one that prevents you from seeing very basic logic for the use case of GPS off.

off topic but it always irks me when people get it wrong: it’s “I couldn’t care less”

ask some Rohingya from Myanmar?

That’s a problem with the Myanmar government, not location-based services. People have also been jailed for articles they publish in newspapers or private letters they write. In those cases no one blames the act of writing letters- it’s fairly obvious that the government that’s reading mail is to blame, not the letter-writing in the first place.

I don't see it as inherently bad, though.

I was talking to a friend today who said, fairly succinctly, that Facebook's single biggest problem is that they Totally and Royally Suck(TM) at PR.

I wonder what would happen if they were just straightforward about this. "Friends you May Know is really cool! We use your phone's location data and do cross-checks on your address book to make the most intelligent suggestions. We even use some unique features of your camera to figure out if you know people!"

They don't have to give away the store, but they could certainly avoid the creepy "try and guess what ridiculously creepy stuff we're doing to suggest friends" game.

> Friends you May Know is really cool!

I've got over 9000 suggestions and not a single accurate one. Maybe they have the best technology and all the data out there, but I'm skeptical they can really use all the data they supposedly have on me.

Same goes for any targeted advertisement, not just Facebook. Some come close (based on simple topic preferences), but in all those years I've yet to see any large number of the actually useful ones. All those data mining and AI-driven targeting seem to utterly fail, suggesting me to buy a second TV after I've just already got a new one. Or subscribe to Grammarly (every second YouTube pre-roll, seriously?!), when I've already bought that.

I take it a kind of weird 21st century compliment that my machine learnt ad suggestions are so poor. I think it indicates Google/Facebook don't have that much data for me. Sometimes it's fun game trying to work out how the algorithm possibly thought I would know people from other countries with no mutual friends.

> subscribe to Grammarly

Oh my god. I considered installing it just to stop the ads, but I see that doesn't help.

> Oh my god. I considered installing it just to stop the ads, but I see that doesn't help.

I have mixed feelings about Grammarly. It's a perfect example of a thing that should not be an on-line service, but a fully off-line product. In its current form, it's essentially a keylogger.

They don't integrate with my email clients anyway, and their browser extensions are overreaching. I just use its desktop (Electron) app and website. Copy the text I want to proofread there, edit it, then paste it back.

Wish their browser extensions would have a non-invasive on-demand mode, where the user has to click the toolbar icon to initiate the verification explicitly.

> I considered installing it just to stop the ads

uBlock Origin works wonders in that sense.

Interesting! It works pretty well for me.

At worst it's usually people I don't know but logically could: friends of friends, people who worked somewhere I worked before or after me, people who went to my high school I never really knew.

Occasionally it's full of apparent shady accounts: usually fake looking accounts of attractive women I have no friends in common with, then they'll disappear. I'm guessing scammers upload fake contact lists of random phone numbers to get on people's suggestion lists

It's almost always people I've never ever heard of for me. Just some random strangers that I don't see any connections with. Sometimes those are probably friends-of-some-"friends," but I haven't bothered to check every unknown name and face.

I've recently moved to a different country, and now I get suggestions of some random people supposedly from here - even though I don't know anyone here yet. Well, except a few coworkers and a landlord, who - if they have Facebook accounts - aren't in the suggestions, even though Facebook knows where I live and work (I don't advertise it, but that's not private either).

Paired with the fact that Facebook intentionally spams daily with "you have 20 new notifications", they just train me to filter and ignore their notifications. If someone's going to message me there, I won't see them until the routine monthly check.

Being upfront would bring more press... Alternatively, how many of your friends are going to read this article?

Would it? The press likes to jump on surprising news, and if everything is upfront, there's not much to report on. They could even make a way to opt out if people complain (and few would actually opt out), which would save face in the media.

I don't use Facebook because I value my privacy, and I'd probably have less success convincing people to leave the platform if they were upfront about the stuff they do. People care a lot less about their privacy than PR firms seem to realize...

Actually enumerating what data might be used for strikes me as incredibly unlikely.

They could also come up with a more substantial business model.

Pardon for the somewhat OT post, but the quotes about patent use in the article made me realize once again that I don't get how the patent system works.

> [Facebook:] "We’ve often sought patents for technology we never implement, and patents should not be taken as an indication of future plans."

> “A lot of patents are filed at the idea stage rather than the actuality stage,” said Ranieri by phone. “A tech company that files a patent has, hopefully, at least thought about how to do it. You’d hope they could implement it if asked, but it doesn’t mean they have done so before.”

So if registering a patent neither requires that I actually intend to make use of the idea, nor that I even knew how to do it, what keeps me from patenting moonshots such as "A general framework for DNA-editing based cancer therapies" or "A method to construct a moon base using a mix of on-site material and material sourced from earth" and start raking in cash once someone else figures out the details and actually wants to do it?

You and the person mentioning 1-click are definitely off base on patent understanding.

It's true that you don't have to actually try to do the thing you patent nor that it has to actually work. However, a patent isn't an idea. It's a specific description of HOW to do accomplish something.

So your "general framework for DNA-editing based on cancer therapies" will have to include statements describe the actual process. Sometimes patents have fairly vague statements here, but, those are rarely defensible. More commonly, they balance specificity with generality.

For 1-click have a look at the patent claims https://worldwide.espacenet.com/publicationDetails/claims?CC...

This is not simply saying "oh, we invented the idea of a single click buying experience, nobody else can do it now." It is saying HOW they did (or would do) it and the reason Apple licensed that patent is because they did it the same way.

If someone did it in a way not described in the patent, it wouldn't be covered by the patent even if the outcome was the same. For example, the patent specifically says the server system knows info about the user. Today, you can go to many websites and 2-click order a product using Apple Pay where the server knows nothing about you. If we ignored good security practices, this could be 1 click (just skip the verification pop-up, the rest would work fine.) The patent (if it were still valid, which it is not due to expiration) would not cover this.

Now, one can still always dispute the specificity of a patent. And reading 1-click claims as a software developer, some of it may still feel "obvious," but, the reality is nobody did it before Amazon. So how obvious was it really? They go far enough to describe that the system already knew things about the user, that there was an identifier sent to relate to that info, that a single action of some kind was taken, that the system was displaying info about the product, etc.

So in your cancer therapy example, you would need a similar description of how it would work. Not down to the explicit details, but, enough to set it apart from any other similar method or approach to the same outcome.

Companies do this all the time. Amazon succesfully patented a 1 click buy button, for god's sake.

Though they actually used that one and it worked well. Not to say it wasn't an absurd patent.

What stops you doing that is the organisation trying to construct a moon base has more money than you so your patents don't apply anymore.

What's the news story here? Tech companies file innumerable number of patents without implementing them to cover the space in case they get sued so they can retaliate. Realistically this patent wouldn't actually be useful in practice for the proposed application but would be useful if written carefully enough to countersue for unrelated applications of the tech.

I think what makes a little more sense is to see this as part of a moat-digging exercise.

Building a large user graph from scratch is the major impediment to someone coming along and challenging Facebook. This kind of thing is trying to head off alternative ways to build that user graph.

One scenario that may allow another player to dethrone Facebook is with a service that provides value without absolutely requiring network effects.

What? You're saying companies file patents on tech they don't intend on using so they don't get sued by patent trolls for their non-use of some other preexisting patent? That doesn't make sense on any level.

And if you don't think such a thing would be useful to a company like this (if it could really be made to work) you aren't using your imagination properly.

> What? You're saying companies file patents on tech they don't intend on using so they don't get sued by patent trolls for their non-use of some other preexisting patent? That doesn't make sense on any level.

Why does that not make sense? This has been the case at every job I've worked withe patent filing incentives. You get a few thousand dollars for coming up with an idea and going through the motions of writing the technical parts of the patent. The patent doesn't have to have anything to do with the business, they just want it for defense, and to increase value of a potential sale of the company.

Okay, I get that it adds value to the company. But what do you mean by defense? How is filing patents that you don't intend to produce so you can win legal battles any different from patent trolling?

The "defense" part is that big company X with a large patent portfolio might sue you for infringing on a patent - unless you have a large patent portfolio because then if they sue you, your lawyers can review everything they're doing and compare it to your patent portfolio and find ways to sue them. This is something like mutually assured destruction.

It seems preposterous to me, but this is also the basic idea I've got from working at multiple big companies where they have training meetings to explain these things. You're very much encouraged to come up with ideas and submit them for the lawyers to look at and possibly patent even if it has no applicability to anything you're doing.

Ah I see, that makes more sense. So basically the court case looks at the pool of patents each company has, and one that has a lot of patents related to the industry it's involved in looks more legit than a potential patent troll holding a bunch of totally unrelated stuff. Is that more or less correct?

Sorry for contradicting you earlier. That still seems like a crazy way to manage IP, but after all I haven't got a better solution. Thanks for explaining. In my career I haven't been expected to produce patents very often. I'll try to remain a bit more humble.

The defensive aspect is for companies with real products.

Company A owns patents X, Y, Z. Company B owns patents M, N, O.

Company B sues company A that one of their products infringes on patent N. Company A countersues that 3 products of company B's infringes on X, Y, & Z.

That's the defensive aspect for company A. They won't instigate but they'll retaliate aggressively. This is known as the "nuclear option" as this strategy was employed during the Cold War - build up your offensive arsenal as a defensive measure to protect yourself against a first strike.

Plenty of examples during the smartphone patent wars[1] and perhaps this strategy isn't quite as successful as it once was.

For patent trolls having a large patent portfolio can increase the likelihood that you own a patent that the troll's patent is based on helping you with prior art claims. So having a large patent portfolio improves your defensiveness there. Additionally a large patent portfolio increases the value of your company because those patents are IP that have tangible value in the market; many tech companies choose not to monetize but frequently IP licenses can be bought/sold (or even the patents transferred) and mutual IP licensing is frequently part of lawsuit settlements so there's further value there. Since it's impossible to actually predict the value of almost any given patent in the future, having a large war chest improves your bargaining position/value of the patent portfolio.

[1] https://en.wikipedia.org/wiki/Smartphone_patent_wars

Actually having my name on a few patents I feel like I can speak with a bit more authority. Yes, companies file patents all the time on tech they have no actual plans to implement in production. They may not even have a proof of concept. This happens for all sorts of reasons.

Part of the reason is that companies would rather err on the side of obtaining a patent on something patentable rather than miss it & get sued by someone else. Another reason is that it can easily turn out that there are significant technical challenges in productizing an idea but you don't find out until well after you've filed the patent.

There's also a defensive aspect. For patent trolls you want to beat them to filing the patent so you have a far easier legal defence - America was first to file until very recently so that was also a significant incentive in filing defensive patents. For competitors you want to have the patent so that if it turns out a successful product by another company relies on your product heavily you can use it offensively or defensively in case that competitor comes after you (traditionally the bigger Silicon Valley companies have preferred to stick to defensive use of patents against competitors but that isn't always the case).

Finally there's a financial incentive to this from the employee side. Patents bring you bonuses and prestige. That means you have an incentive to push even questionable patents through the process. The patent filing process is completely divorced from marketing AFAIK (haven't sat on any review boards) so no one ever considers the negative PR risk from articles like this (probably rightly so).

> And if you don't think such a thing would be useful to a company like this (if it could really be made to work) you aren't using your imagination properly.

Of course it would be useful. However realistically the engineer in me thinks that when deployed at scale suddenly it can become a lot less useful than other more straightforward methods; both in terms of compute & memory required as well as accuracy. There are cheaper more accurate ways to solve this so why bother wth something so complex/expensive that carries significant PR risk? In fact, FB owning & not using this patent means they can win PR brownie points suing companies that do attempt to use this technique.

There's an example of this happening in the 2018 book Bad Blood by John Carreyrou. A doctor gets the scoop on what Theranos is developing and files a patent loosely based on what they understand Theranos to be developing. The patent was filed with the sole intention of using it against Theranos in the future when they release their product.

Not trolls. Retaliatory patent infringement suits don’t really work on trolls, because they don’t have a product to accuse.

Think more along the lines of competitor companies that are already operating.

I'm not really sure if that's a scary facebook thing or merely just an inconvenient reality of the world we live in now.

There's quite a few papers out on fingerprinting/identifying cameras from images taken with them using intrinsics (dust, scratches, slight offset of image sensor with respect to lens).

I'm not really sure if that's a scary facebook thing or merely just an inconvenient reality of the world we live in now.

These aren't mutually exclusive. The reality of the world may just be acquiring more scary things, and ones that are created for profit.

Is something being created for profit scarier/worse? I'm personally far more concerned about government surveillance programs that I have no option but to participate in.

I'm always confused by comments like this. Not only is corporate surveillance always one NSL away from being used by the government, but corporations aren't democracies. As a user I can't vote on what data Facebook choses to collect. Facebook's shadow profiles also put to rest the idea that you get to choose whether or not to participate in corporate surveillance.

Ask me and the other citizens of Australia what democracy has done to save us from government mass surveiallance.

It may possibly be one of the worst guards against it. 99% of the population don't understand it and don't give a shit. Co-incidently that's the only reason Facebook and Google get away with it too, or it'd be far more profitable for them to back off and play the "we value your privacy" PR card.

Literally the only difference is that Facebook is headed by software engineers and governments are headed by a bunch of people with tons of power and no knowledge. You tell me which is more dangerous. You can't act ethically if you don't even understand the domain you're acting in.

> Literally the only difference is that Facebook is headed by software engineers and governments are headed by a bunch of people with tons of power and no knowledge. You tell me which is more dangerous. You can't act ethically if you don't even understand the domain you're acting in.

On the other hand, you can do a lot more damage if you have the knowledge, and do not care about ethics.

It's not that I don't think that the government collects the data that Facebook has gathered, it's that I don't have to use Facebook.

By the way, do you see the issue of NSA carpet surveillance coming up on the ballot very often? Democracy sucks. Consensual liberal markets are the secret sauce to the free and prosperous societies humanity has produced, NOT the utter sham that is democracy.

Well I think this specific thing is just an inconvenient reality in that it is finger-printable in the first place - if one notices a distinct image distortion across all sets that would form a 'fingerprint' of sorts like if on one setting a few pixels are always black to oversimplify the principles. Facebook didn't create that reality to be analyzed.

However if Facebook gathers a large data set of known signatures to work with or worse does so from the hardware without your knowledge or consent as opposed to anyone working with your posted photo galleries is a scary Facebook thing.

I don’t think profit motive is the scary second ingredient, but rather the massive centralization of data that Facebook (and a few other tech giants) have.

The centralization itself is driven by the profit motive.

Scary? I think that's pretty cool actually.

The more ways we have to implicitly correlate/extract data using these techniques, the more accurate model of the world we can build.

It reminds me of this pretty cool research about extracting audio from silent videos:


The technology is super cool. As is the stuff where they can reconstruct audio from a video of a potato chip bag that was in the room. Fast computers, DSP, effective pattern matching and reconstruction... some of the most fascinating stuff out there.

Where it gets scary, I guess, is where it upends the standard norms and expectations of privacy. As the tools proliferate, forensic reconstruction type analysis becomes available to almost everyone, which totally opens the doors for new levels of creepiness from all sorts of actors...

The scariest part for me is how it keeps getting cheaper, so mass-surveillance is now possible to do economically at an unprecedented scale. It's awesome power to wield, and I'm not sure any government or company can be trusted with such power.

Also drone swarms. They scare the shit out of me for the same reason.

Reminds me of some side passages in Cryptonomicon which talk about how a clever person could extract so much information from side channels.

I'm pretty sure Google and other large networks also build 'shadow profiles' on users to figure out who they are, who they're connected to, etc. And I wonder if this shady profiling data should be available for users to download under e.g. GDPR. Because it sounds to me like it should, but isn't.

If any europeans with spare time and no Facebook account are reading this, get a lawyer (maybe related to the EFF, or not), and send a GPDR request.

When it comes back “no data”, record yourself signing up for a FB account, since at that point, they’ll list suggested contacts that cover pretty much everyone you know.

(Even if this doesn’t work as I predict, it’d document what they’re doing for gpdr compliance.)

Why does that require having a profile on you in particular? They could be saving all the data from everyone else (e.g. their contacts, their search queries, etc.) and dynamically assembling it when you make an account to make you recommendations. They don't have to be doing anything related to you in particular.

Jokes on them, I have electrical tape on my camera lens. Something I learned from Facebook's CEO, ironically.

The image that's gathered when the camera is completely in the dark, is a unique fingerprint of the camera chip. This is something called "fixed pattern noise."

In that case just put on a few more layers. Shot noise is fairly random.

True. But if you share enough images from the same chip, eventually the fixed pattern noise can be computed to a decent enough accuracy to use it as a fingerprint. Now, you could measure the fixed pattern noise and subtract it from subsequent images. This is a widespread practice in scientific imaging. I'm not devious enough to think of how this could be defeated by someone who really wants to use your camera chip as a fingerprint, but it might be enough to defeat an amateur.

Dark-Signal Non Uniformity (DSNU):


So likely to provide a few bits of entropy.

These make a pretty good cover _and_ support the EFF: https://supporters.eff.org/shop/laptop-camera-cover-set

Same, but I like gaff tape because it peels off easy and re-sticks well without leaving a gummy residue

I use my laptop camera every day. I have a neat little plastic thing that can be easily slid back and forth and I am happy with

That can be potentially even easier; if you have a few specks of dust on the camera and your tape leaks a bit of light, they would have a perfect pattern to detect your lens - the specks aren't moving and there will be only speck effects recognizable on any video frame they capture when they max out contrast.

Facebook is using images that people uploaded, and I doubt parent commenter is taking and uploading many pictures with tape over the lens.

FYI: If you cover it with scotch tape some light gets through and the phone/laptop can still use the auto-brighten feature.

I'd love to see people spending >$1,000 on a new iPhone "for the camera", only to cover it with electrical tape.

This sounds like something out of Silicon Valley.

Yes, it would be absurd for any one person to do both of those things, but I highly doubt that has occurred.

It is rather amazing that smartphone cameras are so feature packed, yet still lack a lens cover. Something as old as cameras themselves.

Old cameras didn't exactly fit in your pocket, and didn't have sapphire glass...

Though I do think it would be nice to have a hardware (iris?) way to close off the camera. Some laptops have this, though I'm sad mine doesn't.

They are available for phones and laptops, e.g. https://www.amazon.com/gp/product/B07B66VZ97/

+1 these are awesome. I have them on all my devices.

That's pretty nice. I'll have to see if I can find some designed for ThinkPads and Samsung phones.

Should work on all Laptops, not sure what's different about ThinkPads. Probably won't work on Samsung phones though.

“Is that a Hasselblad in your pocket, or are just having a really bad day?”

But then can’t they just tell it’s you by the tape on the lens?

Because nobody else tapes up their lens?

Dust pattern on the tape.

> “We’ve often sought patents for technology we never implement, and patents should not be taken as an indication of future plans.”

How is this possible? Wasn't it a requirement of a patent grant that you actually try to put it to use?

This is smart. Unethical, but smart.

Lots of that going around these days.

Always reminds me of part of the speech at the end of The Great Dictator.

"We think too much and feel too little. More than machinery we need humanity. More than cleverness we need kindness and gentleness. Without these qualities, life will be violent and all will be lost."


I'm wishing for a "dumb" social networking company, where the people who run it are idiots and I don't have to worry about this kind of invasive engineering (I long ago deleted my Facebook).

There's always twitter, I suppose.

Can we not have smart ethical people? When did getting away with unethical or unlawful behavior become associated with “smart?”

Seems pretty rare. Most people want the money and prestige that comes from working for Facebook or Google. It's easy to be a rebel when you've got nothing to lose.

It's always been associated with smart?

I think the point you were trying to make is that I shouldn't directly tie intelligence with unethical behavior (i.e. all smart people are unethical), and you're right. That said, my point remains ... in this age the unethical exploits will by definition be discovered and implemented by intelligent individuals.

Mastodon seems to be the balance I've been liking.

Imagine being at a bar, and a guy engages you in conversation. You try your best to indicate you're not interested, and your friends help shoo him away. Then, that night when we gets home Facebook tells him your name and suggests you connect. Creepy AF (and not the guy)

If they are using the dust on your camera apparently you'd have to both take photos with the same camera and then upload them to your respective accounts. Then facebook will correlate the dust and learn you are friends.

I don't see that happening... ever. Even if it were possible (I'm pretty sure dust and scratches on a camera lens aren't in focus...).

It could also be the sensor, say if certain pixels were slightly less sensitive than the surrounding ones. You could run statistical analysis of the image and spot the similarities.

I've come to believe that privacy "by design" is impossible in the hyper-connected age. There are too many vectors for tracking, linking, and de-anonymization and software in general is too insecure.

The only solution to the privacy problem is legislation. My favorite idea is HIPAA type regulations for intimate personal data like audio, location, etc. Leak location data? That will be $10,000 per incident where an incident is one record per person on a given day.

This would transform data like this into a liability rather than an asset, pushing companies to store it only long enough to perform a given service and to develop cryptographically blinded systems whenever possible to cut exposure.

As it stands all the economic incentives encourage all vendors (even small indy apps) to maximize privacy invasion at every opportunity.

I agree with you that privacy is impossible by design.

You're free to take the precautions you deem necessary to prevent others from accessing information you want to keep to yourself. I will defend your right to not be coerced into producing information against you will, but I can't help you once the information is out.

I don't think it's reasonable to expect to be able to stop the collection, analysis, and distribution of data. I don't think you can reliably track the source of all data either, which makes the fine you suggest very difficult to implement. What if an individual collects and distributes the private information of thousands of people (which I don't think should be very difficult)? Are they expected to be able to afford such a fine? Who does the fine help?

I think the best approach for most people is to try to act as if they're always being watched.

Your last sentence is total capitulation to a dystopia.

The psychological effect of knowing you're always being watched could mean the end of any cultural or social innovation.

Look up how rarely HIPAA violations result in fines. Since 1996 when enacted the sum of fines is something like $78 million— and almost entirely to huge insurance companies and university hospitals. Just barely slaps on the wrist.

I usually come down on the libertarian side of things, but given the virtual monopoly by way of network effects, I do think some legislation for user derived data is necessary. These folk are not going to self regulate and waive potential revenue if they are not made to. I’d go so far as declare them “near utilities”.

> I’d go so far as declare them “near utilities”

Plastic surgeons are bound by HIPAA. They do not provide essential services. Similarly, we can regulate social networks without ensconcing them into our society’s fabric as utilities.

Interestingly, though I’m loath to insinuate they are an authority on anything, the UN has declared Internet access and access to information and dissemination a basic human right. “[The UN] condemns unequivocally measures to intentionally prevent or disrupt access to or dissemination of information online”.

It appears they believe it’s close to being a utility, and I’d argue in a way it has become close enough to need oversight as such.

> the UN has declared Internet access and access to information and dissemination a basic human right

ISPs are a utility. Facebook is not.

They are a utility insofar as social graph is concerned.

How about Google?

No. Utilities deliver commodities. Also, if Google Search fails, there are replacements available.

The commodity factor is important because it allows for fragmentation. That controls the power balance between the utilities (important: plural) and the public as a whole.

Nope. Just chose to not use services that suck yourself. It's easy. You can say you peer group or whatever uses them but it is still your choice.

I strongly oppose your suggestion to bring in the government use of violence to impose your ideological goals on others. They have to chose for themselves.

Just chose to not use services that suck yourself

You don't even know which services do that. There are lots of apps out there that use FB's API and send off details of the user's phone and app activity to FB, whether or not the user has an FB account or not.


For example, Kayak sends flight searches to FB. So don't fly maybe?

Your unstated premise is that you have to use a smart phone for everything. Once you free yourself from that restriction and chose to do some things on a desktop computer it is much easier to control what runs on your computing device and what it communicates with.

Nope. Just chose to not use services that suck yourself. It's easy.

Ok let’s test your hypothesis.

Camera noise

Right, I’m tagging you in this group photo and uploading it. Where’s your choice now?

You can't tag someone in a photo if they're not on Facebook.

I don't see the problem. It sounds like I'm in a public setting. If not and this is some friend group gathering I could just ask you not to since we're friends. My friends and family that use facebook know not to include me. But even if they do, so what? It's not like a single photo of me uploaded by a friend impacts my privacy.

It sounds like I'm in a public setting

There's a difference between being a random bystander in an individual's photo and mass surveillance of the public space through millions of photos. Just like lots of photos become something else - movies - lots of photos of public spaces become something else - a surveillance state.

You're sitting on one principle and riding it to the point of absurdity. There are lots of other principles, like the right to live in a free society. Sometimes freedom requires lack of freedom - sometimes we have to apprehend criminals. You can't ride this principle all the way without taking off your blindfold.

As toufiqbarhamov points out, your privacy is being compromised by other people all the time on the social networks you avoid. Facebook, e.g., keeps a shadow profile on you.

When I finally caved and joined (something I hope to undo shortly) I was immediately informed of all the people I know who are already on the network, not from the contacts I explicitly didn’t share with them, but from the people who searched for me before I made an account. I’ve never given FB my phone number, but I’m sure they have it in a database somewhere. They probably knew my face before I ever signed up.

Is this actually a common scenario? Facebook users who aren't friends but upload photos taken with the same camera?

I really don't get these patents. How can you patent ifchecks on data if it is ascribed to an abstract process.

Facebook's Achilles's Heel is it doesn't know the strength of your connections. There's lots of data points, but they currently do a poor job of parsing them. Unfortunately given their recent privacy struggles it may be difficult for them to leverage their dataset to answer that question without driving off users.

New to some but this is regurgitated content as these patents were reported on long ago.

Clickbait headline. The closest they get to it is

>One filed in 2015 describes a technique that would connect two people through the camera metadata associated with the photos they uploaded. It might assume two people knew each other if the images they uploaded looked like they were titled in the same series of photos—IMG_4605739.jpg and IMG_4605742, for example—or if lens scratches or dust were detectable in the same spots on the photos, revealing the photos were taken by the same camera.

ie facebook mentioned the concept of tracking you by the dust on your lens. No evidence that they can actually do it.

> or if lens scratches or dust were detectable in the same spots on the photos, revealing the photos were taken by the same camera.

This seems pretty useless. The only scenario where it gives FB more information is where person A takes a picture, gives it to person B through some route other than FB and then person B posts it on FB. Any other scenario and FB does not need to compare dust specks.

There is another compelling usecase.

I feel there is no reason to expect Facebook would be content with data hosted on just their platform. With camera fingerprinting, they could be relatively sure who you are on other platforms like Twitter, VK, Youtube etc in cases where the user doesn't use the same email/name.

But this happens quite often, like every time people get together.

Your saying people who use FB regularly share photos outside of FB and then upload someone else's photos to FB? I'm not saying it doesn't happen, just that it's not the normal path.

I think people who use FB generally share photos with their friends who are also on FB, through FB.

Not in my experience and I have many friends outside of tech circles, since I'm not living in a tech bubble. When people get together group photos happen, or photos that you want, made with somebody else's phone.

The result is basically dozens of photos out of which only the best 2 or 3 get shared on Facebook.

And in general Facebook is not how those photos get shared. Not even its Messenger because it has annoying size limits, which matter for videos. If I were to guess, out of Facebook's properties, WhatsApp is probably the most popular photo sharing app by volume ;-)

I am going to go out on a limb and say that this crosses the line from "invasion of privacy" to "just plain evil." Seriously: this is the type of stuff that you expect to find in state-sponsored malware, not software that's forced onto the majority of consumers.

> not software that's forced onto the majority of consumers

I agree with you on your other points, but not "forced".

I've left Facebook and encourage anyone who cares about privacy at all to do the same.

Ok, this is definitely bad news upon bad news ... but you have to concede it's pretty cool. Outside the scope of actually doing this: you wish you had of thought of it!

With the gyroscope and accelerometer feature implemented, you will be able to friend with someone who stole your phone.

So we'll regulate facebook maybe?

Disabling locations services doesn't stop all forms of location tracking.

We leave in scary times.

or if lens scratches or dust were detectable in the same spots on the photos, revealing the photos were taken by the same camera

With the prevalence of mobile phones, whose camera lenses are likely to be exposed to a lot more "scrubbing" than a professional/dedicated camera, I suspect this might not work so well.

Wouldn't it possible for it to work better if it is the case that more dense scrubbing patterns are complex enough to differentiate one camera from the other, and that such an algorithm can pick up on that?

I agree. It seems to me that everyone's scrubbing would be different thus pretty unique.

I thought the point was more about variance over time. Surely a camera would need to have consistent patterns over time for this to work?

But it’s more part of an identifying composit “fingerprint” than as an individual unique identifier.

What do you mean exactly by scrubbing?

Gross. Oh well, another one for the already massive pile of unreasonably greasy facebook creeping. Massively parallel automated stalking. This shit needs to be regulated soon. A lot of the people being data-fucked are not actually people who have signed a EULA or anything, and it's getting more and more dubious that this is readily-available information "in the public square" that has no reasonable expectation of privacy. In my opinion at least, as if that's worth anything.

Also forgive me if I don't 100% take their word for it that none of this shit has been implemented except a few tests in 2015. These companies are never forthcoming with the truth around these matters of privacy and security. Ever. Any breach, any shady practice is denied until it's not possible to deny anymore. Why should they be truthful? It can only bring bad PR and there has literally never been consequences for lying about it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact