Hacker News new | past | comments | ask | show | jobs | submit login
Facebook: The Normalization of What Should Never Have Been Accepted as Normal (forbes.com)
190 points by theBashShell 52 days ago | hide | past | web | favorite | 75 comments



A simple test for figuring out which of Facebook's arguments are sensible is to substitute "Facebook" for a different entity such as, say, a neighborhood association, the phone company, or a government agency. For example, take the subtitle of Zuckerberg's op-ed in the Wall Street Journal: "We need your information for operation and security, but you control whether we use it for advertising." Substituting:

* Would you be OK with your neighborhood association installing spyware on your cellphone because they "need your information for operation and security, but you control whether they use it for advertising?"

* Would you be OK with the phone company installing spyware on your cellphone because they "need your information for operation and security, but you control whether they use it for advertising?"

* Would you be OK with a government agency installing spyware on your cellphone because they "need your information for operation and security, but you control whether they use it for advertising?"


Yeah but fb didn't install spyware on my phone. I intentionally give data to fb so that they can share it for me...


No, you intentionally give fb a photo or a piece of text to share. They hoover up everything else.

For example, they will record your physical location when you send a message or share a post, as well as randomly several times per day. They will also record which photos, posts, and ads you linger on as you aimlessly browse.

This is information that most people are not sharing intentionally, and it's not optional. Fb uses this information to build a profile on you that's separate from anything you share intentionally.

It's being referred to as spyware because most users aren't aware that Facebook does this, and wouldn't have agreed to it had they been offered a choice.


If I say "no" on iOS when the FB app asks for location how are they exactly recoding my location?

P.S. No idea about Android.


Theoretically (i don't work at facebook) there's a number of ways you could go about it.

- Geocode down to the lowest applicable level of IP address

- grab it from the photo metadata

- Piggyback off of similarities to other people obtaining similar photos or activity

- grab it from other database sources that do have your location

- correlate it to your interactions with other hardware/infrastructure with known locations

- transitively deduce it from your friends and acquaintances who share their location and tag themselves and reply to your stories/photos

Theoretically you could try to train some neural nets on images themselves. Geoguessr.com is a fun game website where you can try to do so as a human, and you can usually get pretty damn close. Images themselves leak a tonne of information on time/place: clothing styles, fonts and languages on signs, shadows, light colour, fauna/flora, asphault + stone types, arichtecture and design quirks. In many ways the neural net might even have some advantages over humans, because not many humans memorise the thousands of minutae: eastern USSR uses this particular kind of road barrier and reflector type and this kind of font on its road signs.

But aside from a research activity, i imagine facebook already has the data it needs most of the time...


I once posted a shot including a friends daughter. FB tagged her mother before I shared the post. We were all creeped out.


Geo IP is a reasonable last resort; it'll usually show at least what city you're in.

The images you upload may have location data on them.

If you're using a wireless hotspot then your location is correlated to anyone who also used it while sharing GPS data.

And so on.


"If you're using a wireless hotspot then your location is correlated to anyone who also used it while sharing GPS data."

That's a clever one I hadn't thought about. I guess for a service like Facebook/Instagram/Google it can work decently well given the scale/adoption.


That's in fact how your GPS works most of the time. They triangulate it based on a scan of SSIDs assuming access points are usually fixed. Both Apple and Google use this method.


fun fact - I changed my hometown to Timbuktu on facebook. yet when I click on Why Am i seeing This Ad, I am told it is because the advertiser wants to reach people who live in (not are in or have been in) my actual home town. huh.


Honest question, I don’t know the iOS APIs very well, can they (if you have given the app permission before) check geotags on your photos without you explicitly uploading that photo?


I believe if you give access to "Photos" on the device, they can. Otherwise by giving GPS/Location permission - no. They are two separate things.


Not to mention that you share the photos you don't post.


You can disable FBs access to location services.

And photos.

And contacts.

It was offered as a choice, because when you install the app, it asks for permissions to access those things.


But the choice looked (worded?) like it was required for the feature you're using.


When you grant those once (eg upon installation), they never have to ask you (or notify you) again... even for updates.


You're still giving all of that information out. Or your device is, but that's still under your control and thus you're the one giving it out.

>It's being referred to as spyware because most users aren't aware that Facebook does this, and wouldn't have agreed to it had they been offered a choice.

Then they need to control their data better. Facebook is an easy target because they do all of this in the open. There are probably untold number of bots online that vacuum up this information and you'll never ever know about it and legislation will never stop it because it's running on some server in China or something.


> You're still giving all of that information out. Or your device is, but that's still under your control and thus you're the one giving it out.

This is utter BS. I'm technically savvy and pretty privacy conscious, but the Facebook app still manged to hoover up my address book without me being aware. Facebook will be less than honest and mislead you to get you to accidentally give them more data than you likely intend, and that's not a voluntary disclosure.

PSA: If you still have a Facebook account, go to https://www.facebook.com/mobile/facebook/contacts/ to delete the your address book info that they've hoovered up. They keep this page well-hidden. When I found it, it wasn't linked from the settings, only from an obscure help page.


>This is utter BS. I'm technically savvy and pretty privacy conscious, but the Facebook app still manged to hoover up my address book without me being aware. Facebook will be less than honest and mislead you to get you to accidentally give them more data than you likely intend, and that's not a voluntary disclosure.

You installed an app that can basically do anything onto your device and you're surprised that it did something? You basically fell for the modern version of the Ask Toolbar. Stop installing things you don't trust. Better yet, don't use Facebook in the first place. But your unwilling to give that up. You want them to provide their service to you, but you don't want to pay the price for it.


> You installed an app that can basically do anything onto your device and you're surprised that it did something?

I'd also be surprised if someone who I let get near me then turned around and punched me and stole my wallet. I guess in your book it's my bad for letting them get so close. In real human society, there are norms of behavior one expects others to follow, even though they have the physical ability to violate those norms at any time.

> Stop installing things you don't trust.

So, basically I should burn my computer because I haven't audited all the code that runs on it? Facebook is a Fortune 500 company, they should behave in a trustworthy manner.

> You want them to provide their service to you, but you don't want to pay the price for it.

If they want my phone's address book to be the price, they need to be up-front about it, which they were not and likely still are not.

And I'm pretty sure your next line of attack is to criticize me for not carefully reading every line of their terms of service and not keeping up with all the un-advertised updates they make to it. After all, if you don't spend your life keeping up with legalese, you deserve whatever you get, right?


Facebook is a Fortune 500 company, they should behave in a trustworthy manner.

That train left the station a long time ago.

Facebook will never behave in a trustworthy manner, since it's completely against their business model.

My family scoffed, when I told them that there is no friggin' way that I will ever use WhatsApp. Recent development just proves how right I was.

While I had a FB account until I "deleted" it ca. 2013 I will never again come near any Facebook property, no matter what! This company and it's management is the epitome of scum.


What’s the story with what’s app? Had that installed 4 years ago in Brazil since everyone uses it.


> Facebook will never behave in a trustworthy manner, since it's completely against their business model.

Yeah, I agree Facebook's fundamentally broken and I think it's going to take some kind of GDPR-type regulation to fix things (and hopefully "creatively destroy" it).

The idea that I was arguing for is that their untrustworthiness means Facebook is in error, and it's not the user's error for trusting them at some point and having that trust abused. It's only the former that will justify the kind of regulatory response to bring them to heel, and the latter is mainly a reaction to prevent that reckoning.


Facebook is in error, and it's not the user's error for trusting them at some point and having that trust abused

We have absolutely no argument about this point.

Cutesy passive aggressivenes also doesn't really help their case. It was that, which really turned me off. I couldn't have imagined at that time how dirty that company really is.


Most people are entirely unaware of how much data Facebook is collecting about them. Raising awareness about that is a noble goal, but it's not mutually exclusive with stopping Facebook from exploiting their naivety.


But it's a temporary measure that only works against Facebook and maybe other companies that do it above the board. In other words, you're kicking the companies that are honest about it in the teeth. Meanwhile the really shady companies will continue doing it, because they are outside of the jurisdiction. This is like trying to provide security through obscurity. Yes, it works on a large scale, but it's not really security.


In other words, you're kicking the companies that are honest about it in the teeth.

Where exactly was Facebook's ever honest about what data they hover up?

Want just but two examples from dozens?

That cutesy rabbit and the super shady patterns used for permission to suck up all your communication on Android would be exhibit #1

I would add the fact that they abused the phone number provided for two factor authentication to spam you with adverts. A clear abuse of its intentions and a kick in the teeth of security in general.

There are dozen more examples. If in doubt search for "The apologies of Mark Zuckerberg" on DuckDuckGo.


Nope, they at one point just stole your address book, without consent. Later they added consent, but the UI is still sketchy and tries to trick people.


Sometimes this is true, however many phones come with fbook preinstalled and some make it very difficult to remove it.

Another recent story showed how fbook is embedded with many other apps, at least api calls and such. so even if you don't install the fbook or messenger and never visit the site on that deivice, sometimes installing other apps that make api calls and send tons of data to fbook on thier (your behalf) -

so it's not so cut and dry.

I'd also argue that most people do not know how fbook gets and uses data on your device that you are not explicitly adding - they also don't know how this can affect other people in their vicinity or included in pics or contacts for example.

fb's spying is more pervasive than most know, and it's added by other apps without notice as well sometimes.

Is it spying if they record your info when you browse webmd or some other site that has beacons there? It may not be installed on your phone in that case, bit it's certainly spying imho. So is Big g analytics and others in many of those cases for that matter.

I don't think there any users who can truly control / stop this kind of thing (maybe .001% ?). There is virtually no education on these things. Short of a host file blackhole for known urls / ips - the normalization of this level of data collection and spying is amazing.


Aside from the great comment below there is another reason why this is unfair. A new technology emerged. Society so thoroughly embraced it we may as well call it a utility. Now, they monetize it in ways which - had they done before they established market dominance - would likely have made society flee Facebook instead of embrace it.

Society was conned. Suckered in and now — once our society has become almost dependent on FB - we are being exploited!


Was society really conned with Facebook? I can understand if you are talking about MySpace, but it was very obvious what Facebook's monetization model was going to be ever since they opened up globally. This is why I never signed up and was confused when so many people freely joined and gave up all of that information.

The other part is that if Facebook doesn't monetize things in a rather shady manner then we probably wouldn't have Facebook at this point or it would be operating at a loss like many of the other social media sites, eg reddit.


> Was society really conned with Facebook?

No. It's just gotten to the point in society where individual decisions are becoming eroded to nearly meaningless and it is now only safe to assume that the average person is a complete idiot and not in control of their own faculties.


It doesn’t matter how much individual responsibility you take, you can still be betrayed. That’s what Facebook has done.


Their VPN app kinda did function shoddily least

https://www.cnbc.com/2018/08/22/apple-removes-facebook-onavo...


To be fair they did (still do on Android?) have a VPN that functioned as spyware, which seems like something people don't intentionally install a VPN for.


You sure do, if you installed their app:

Your full calendar

All your accounts and all of their contacts

Your precise location at all times you have Location services on

Storage, including accessing your files without notification

Etc.


I mean, if the phone company said I no longer had to pay the bills, they can have it. If the government agency let me keep my taxes, I'd be fine with it. I haven't interacted with any neighbourhood associations (they sound like a right pain in the ass) so I can't imagine I'd be happy to even listen to them whether or not my data is involved.

In fact, I'd also venture to say most people would make the same choices I have here.


This exercise shows the ridiculous amount of power people have seceded to companies like Facebook over their personal lives, and how little awareness of it exists.


It's not as much of an awareness issue as it is an apathy one. You can't make people care no matter how many of these crap articles are written. People need to just recognize people have different cost/benefit values concerning their data, the companies they give it to, and the services they receive. And that's ok, their opinion is no more wrong than anyone else's.


That's a huge assumption that people are informed on the issues, a thing a lot of people have been dishonestly pushing for a long time.


Not everyone is completely informed on either side of the issue, and there are those that are informed that simply disagree about the scope of harm and scale/approach of solution. The huge assumption is that being informed makes a difference in people's stance. What those that claim they are informed need to do is recognize that while they are more informed about uses of the data, they are often less informed about the plight of the users and their preferred benefits.


Ah yes, very convenient, they aren't informed but they would agree to my use of their data anyways.


I'm not sure what is unclear about "they don't care"


My problem is that activists and certain politicians want to make these decisions for me. GDPR already has done so to my detriment and the detriment of the online EU sector.


I doubt I'm the only person in their 30's+ who can remember warning people that giving so much data to Facebook is a bad idea, and the response was just outright, sanctimonious screeching and accusations of unreasonable paranoia. I'm talking borderline religious zealotry from hipsters who consider themselves progressive and free-thinking.


I think people don't understand the power of that data. I think they also believe that organizations only have the data they explicitly give. I think this, because this is what others convey to me when I talk to them about data. People are realizing now the extent and power. I talk about why Facebook doesn't need to listen to your conversation to make those creepy ad suggestions. This is the best way I've found to explain it


Personally I don't find any kind of ads creepy. I would prefer highly relevant ads to spam.


Sadly such an opinion as yours would be deemed, as the GP mentioned, as just not understanding. Those that willingly accept the tradeoff are often assumed to be ignorant and most don't voice their opinions online making the narrative appear one sided.


The tragedy is that even now some are arguing that this is all perfectly okay...


I've heard so many creepy Facebook stories by now.

I know a psychologist who is well aware of privacy, which created a pseudonym account only to avoid her patients, which had the whole thing blown in her face when she installed Facebook app which then immediately suggested those patients she tried to avoid just because she had their phone, and those patients could briefly see her as a suggestion too. Nothing could help at this point, it didn't even need her permission for the phone contacts, just her phone number was enough for Facebook because it had already gotten the contacts of her patients which contained her number.

Just think about how ridiculous this is for a moment: anyone, including that shady taxi driver you ordered, or the plumber, or whatever, can suddenly get you as friend option in Facebook because you happened to call each other the other day and you're living in the same city. It gets super creepy really fast.


Similarly I visit mental health hospitals and facebook recommends patients of those hospitals to me as new friends.

It's really fucking creepy.


> anyone, including that shady taxi driver you ordered

Wouldn't you have to save the shady taxi driver's number to your contact list for this to work?


For context, I have a stub facebook account with practically no activity, mainly just to show people in our society i exist. I don't like social media and i think the whole phenomenon is a net negative for humanity.

Professionally, people might call me a data analyst or a data scientist, but to the layperson in terms of describing 'what I actually do for money', I think its basically 'imagine sherlock holmes grew up being able to program'.

There's an element of those 'what I think i do' memes in that statement, but I think there's an important philosophical concept I've been dealing with lurking under all that and I'm not sure how our society is going to deal with it.

Excluding those instances of 'actual spyware', people just ooze and leak information perpetually throughout the day. This information is being put out there whether they are aware of it or not, but its primarily the reciever's sensitivity, infrastructure and use of that information that determines whether its:

a) perceived as information at all

b) is captured

c) is then used for some purpose of the capturing entity

The character of sherlock holmes gets away with it because he's an anomaly, because people perceive him to be good and working against the 'bad guys', and honestly, because people just don't really think about the privacy and lifestyle implications of being in his presence.

Now however, we're at this point where corporations have an ability to collect the information that exceeds the average person's ability to comprehend/process that information. Its not as good as sherlock, buts its above that of the average person. Part of that is just because our educational systems do such a piss-poor job of getting people to interpret or analyse information, but part of it is just the natural evolution of systems and infrastructure now being able to capture, process and use the information being output into the world that's always has and always will be there.

A power company doesn't need to install any spyware: you just need to look at the patterns in your power consumption to determine what a person is doing at what times.

A phone company doesn't need to install any spyware: they need your hardware details, your physical location, metadata to serve you websites, metadata to provide you calls, your billing details and identity.

Your grocery doesn't need to install any spyware: they know the product mix in your trolley tells them everything they need to know, and if you pay with non-cash means or have a loyalty card, they also have sufficient identity and personal details as well.

Your bank doesn't need to install any spyware: they know the merchants, time, place, amount, and identity details of your transactions.

A government agency doesn't need to install spyware: you have a birth certificate, (will have) a death certificate, and you verify your identity each time you interact with them.

If you think those companies aren't doing this already, congrats, you're living in ignorance.

Facebook doesn't need to install spyware (whether they are or not is another question). People are participating in their ecosystem and on top of that, providing huge amounts of additional information out into the public stream in a systematic way that previously was not previously available and not previously being shared on such a scale.

The existence of facebook and social media (the structure of the thing itself, as an instance of a particular phenomenon on a certain kind of telecommunications and tech infrastructure, rather than the individual instances of companies) leaks and necessitates this information being put out there to be used.

Now, we can say to people 'i don't like that they're doing this with that information', but its important to separate that from the actual information being put out there, and from the fact that there are many individuals who can use and successfully interpret that information, whether they work for facebook or not.

You can try to ban facebook from using that information (god knows what that would look like, i imagine it would be a horrible set of laws), but its like trying to ban sherlock from having thoughts and piecing together the mud on your shoe from the footprint in the lobby: only there's a lot more sherlocks running around out there now and people are voluntarily putting cameras into their own home and broadcasting it.


Everybody always told me I’d always make a good private investigator - thanks for selling me on data science!


You sir win the internet today!

Thanks for posting


> When all is said and done, advertising is also the basis for Google’s business model; with one fundamental difference: advertisers on Google choose their segmented targets based on many variables, but Google will never give them the identity, address or personal data of its users, which it zealously guards, applying far superior security to do so than most of its competitors.

This article starts off well, but then it reveals its true colors.


> I still believe social networks have a future, but that this future will have to be based on radically different business models, ones that do not see users as a commodity to be bought and sold, and that instead, respect them.

I don't accept the assumption that a social network must have a business model, or that it must be a business.


Listen, FaceBook monetizes social interaction. It is completely normal and good to socialize, but Facebook is like someon read your mail and sold it. Oh wait, that’s GMail. My point is that they montitize and manipulate and obfuscate the real truth of their platforms.


Except that FB now has a consistent track record of leaking those "mails" (or friend lists, or interactions, or whatever) to 3rd party entities that I've never authorized to have that data.

Gmail on the other hand has one of the best security track records in the industry, minus state-sponsored snooping (but that's a bit of a different issue, I think). There's zero instance of my Gmail mails being used by Google in anything other than algorithmic ad targeting.


Even algorithmic ad targeting can be dangerous. If you are writing love letters to your secret gay lover then that should be between you two and you shouldn't get gay ads during other browsing activity, which might be in presence of others like your employer or family.


Exgoogler here: they have list of sensitive do-not-cross-ad categories that will not show up on your other devices or networks you are or been part of.

Example: google “buy lawnmover” on your cellphone. Most likely other participants of the same LAN will sooner or later experience ads for lawnmovers. Now, google “Best online dating apps” or “im HIV positive how to protect my environment”, noone else than your own device, in limited scope, will see a followup-ads.


Facebook definitely does not. I got an ad to join a Facebook group for bisexuals despite not having any information on my profile or in my post history to that effect.


> Example: google “buy lawnmover” on your cellphone. Most likely other participants of the same LAN will sooner or later experience ads for lawnmovers.

I've spent my whole life sharing a wifi network with housemates, family, etc. and I've never once noticed this.


Is there a public list of what Google does and doesn't consider sensitive?

Or is that - just guessing here - considered too sensitive to share with the public?


That's a good point. The presence of the list is only beneficial when people don't know it exists: then everyone acts as if they wouldn't know it existed, so all its doing is preventing those sensitive details to be leaked. However, if you know that the list exists, but you don't know what's on it, you might trust it too quickly... and might only find out that something is NOt on the list if it's too late. So then the existence of the list also contributes towards exposure of private details in some instances, while preventing exposure in many others.


How did this somewhat laudable practice emerge? Was there some internal ethics review that created this solution?


That's very cool. Great to have this!


Just that Facebook doesn’t use the content of messages to inform ads or ranking!

Gmail does btw


Gmail doens't do that anymore. https://news.ycombinator.com/item?id=14620608


That sounds oddly specific that it is only for "gmail ads".


Let's look at the bright side of this article: (almost) nobody cares.


what an accurate, non-clickbaity and non-karmawhoring submission


If you don't like Facebook don't use it, it's that simple. Social networks need a critical mass of people to run, even a naive user would stop using Facebook when most of his friends aren't there.

Facebook isn't the first social network and it isn't the last. It gained the most momentum, sure, but it will eventually fall. The trend is already downward. Anything other than just moving on not using Facebook is half measure. If you're still using Facebook by now, either you are naive or misinformed.


In some places, saying "If you don't like Facebook don't use it, it's that simple" is akin to "If you don't like Facebook don't use the Internet, it's that simple"

https://qz.com/333313/milliions-of-facebook-users-have-no-id...

https://www.theguardian.com/technology/2017/jul/27/facebook-...


I don’t think it’s that simple. For many, some of these social network products (ie Facebook or Instagram) have become deeply engrained in their lifestyle. Yes, they can still stop using them, but it is not that easy to because of the immediate consequences. If all of your friends and family use a product and have grown accustomed to communicating with you via that channel, it is difficult to offer alternatives — it’s completely feasible yes, but nevertheless still difficult. There is a psychological ball and chain effect that these networks create, which, in my mind, is one of the biggest dangers. That a corporation has enough leverage over your behavior to make leaving it’s product a psychologically or physically tough decision seems dangerous and wrong.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: