It looks like another project from Fight for the Future [0]. They got their start with the original SOPA/PIPA blackout protests. They've done some legitimately great stuff.
Unfortunately they've clearly listened to the same god-awful consultancies that other major charities have, and gotten really sob-story heavy. They also share your data with everyone else in the non-profit space, who will soon be begging for your time/money.
Letters from the Union of Concerned Scientists, the SPLC, Greenpeace, EDF, etc etc appearing in my mailbox and asking for money, suspiciously about 1-2 weeks after I signed up for an event. That's how.
That barely readable grey-on-white text declaring this use of the data and the pre-checked "Opt in to email updates" checkbox hidden in an expandable element below the form is a dark pattern (1) and a red flag that this "petition portal" and the organization behind it does not care about the core element of data privacy: informed consent. (2)
There are some smaller red flags in the privacy statement and cookie notice. (3) ("As is standard practice on many websites, we may [use] ... tracking technologies") and "(We will only make Personal Information about users available to third parties as [...] permitted under the terms in place with our third-party partners."). Wow such data protection, much privacy ^^ very informed - not.
But it gets even worse, when one looks at the API (4,5). The gist of it: the data a user enters on this page can be seen by anyone responsible for the petition the user engages with - named "sponsors" or "partners" aka "paying clients". The red flag: "unsubscribing" does not delete the data or prevent it from being shared, it just sets a "please don't use this data" bit. At least the partners (hopefully) can only see their own engagements, not which other campaigns a user engaged with.
Looking at the business model (6) it is basically a newsletter service painted blue for ngos and political corporations: and - like many newsletter businesses - it is looking at CRM for features.
The big one however is the integration with BlueLink (7,8) as a message bus that allows their clients to share the user data with other cloud based systems. The red flag here is that the user does not seem to have any say in that: total lack of consent mechanics. The practical implication of the implementation: if you sign a petition the petitioner can use your contact data however they want. For comparison: in the EU this might be illegal.
I wonder: if a consumer/user requests their data, would they get details like "we sent you the A variant of this A/B tested newsletter for our partner xy and you clicked on the link to read more" or "partner foo tagged you as 'potential-volunteer' after you responded to an event invitation" or "partner bar send your data to service Z after you signed their petition"?
Honestly, for me this doesn't really look like a pro-privacy platform at all, which raises suspicion that this is a bait-and-switch and the true intention is harvesting contact data. But it is probably a radical opinion that privacy advocates must use privacy friendly tools for advocacy. Maybe this platform will change as well, if and when congress enacts laws as requested by the petition they host.
Do people not realize the social media panic is exactly the same kind of socially conservative attitudes we used to mock as children? Instead of video games, MTV and rap, we're panicking about social media.
There are two separate issues with social media. Everything falls under one of these two.
1. The effect social media has on people
2. What social media gathers about you
The comparison you made with video games doesn't delve deep into issue #1. With video games you play perhaps a violent game and the argument is that it might make you violent.
With social media the effect is different. Algorithms are affecting what you see, the echo chamber they create around you and can literary change your perception. This isn't even touching psychological experiments being done by companies like Facebook to see the effects to your mood based on what you see in your feed.
Video games haven't gotten there, they don't alter their behavior based on what you look at and do. They don't present other gamers that match your video game playstyle and likes and dislikes. They don't allow advertisements that specifically target your behavior.
How’s that saying go? Just cause you’re paranoid doesn’t mean they aren’t out to get you?
Social media is next level. It enables front row access to: social graphs, voice print, biometric data, subversive content promotion. Mental health with bullying, it’s extremely pervasive with the connectedness afforded by 24/7 networked pocket computers that have cameras. Sexting and revenge porn is a thing. Not to mention FB use in Myanmar https://www.cnn.com/2021/12/07/tech/facebook-myanmar-rohingy...
It is like saying the automobile is just a faster horse and buggy. I mean you aren't wrong.
Of course, pretending there are no sociological effects of the average person traveling 5X faster whenever they want is completely absurd but you are correct in what you said.
Stopping to use Facebook is way harder than you may think.
For example, Facebook is provided as authentification service on a huge amount of websites, meaning those websites send parts of your data to Facebook even if you don't use this authentication.
I don't know any website that uses facebook as its only way to authenticate. I never use the usual suspect for authentication, always choose the regular account option tied to an email address. That is what password managers are for anyway.
Do you mean passive third-party requests I could block on my end, or something built into their backend that exposes their entire registration list? I thought it was only the former.
Both. Facebook scans form fields for content that can be uploaded [0], and a developer can upload hashed data (I believe potentially from their backends[1][2]).
> Automatic advanced matching will tell your pixel to look for recognisable form fields and other sources on your website that contain information such as first name, last name and email address. The Facebook pixel receives that information along with the event, or action, that took place. This information gets hashed in the visitor's browser. We can then use the hashed information to more accurately determine which people took action in response to your ad. After matching, we promptly discard the hashed information.
> The manual method feature enables advertisers to leverage their own customer data, such as email address, phone number and so on. This method allows advertisers to report on more conversions, optimise their ads against more conversion data and reach more people on Facebook with their website Custom Audiences or dynamic ads.
The SDK (recommended for login) is set up by default to collect information and installs handlers for app lifecycle events as soon as the app is installed. The default is to do this without requesting user consent.
A rough summary of the data: (Ad ID, device, locale, phone network, maybe install referrer).
To attribute advert -> install, Facebook ads pass on an encrypted blob containing campaign information to the Play Store, this blob is readable by the app, and is transmitted back to Facebook where it's decrypted.
> shining a light on the way that apps like Instagram and YouTube use algorithms that pick and choose what content to show us (and not show us) in order to keep us scrolling and clicking, to sell more ads. These dangerous algorithms use our own personal data to manipulate us
I think we should start somewhere more practical first. Did you know that Walmart designs their store layout and inventory to maximize purchases? They deviously use our own shopping patterns to manipulate us!! We need to stop retailers from being able to analyze what people are buying right now!
ok, so this is definitely hyperbole, but come on, the fact that Facebook builds its product such that they optimize for the chance that you want to spend time on their platform is not itself evil. If the same sort of simplistic logic had been driving policies back in the “video games are making kids I to violent criminals”-days, the narrative had been just “Evil game developers are making games entertaining in order to get kids to play them! We need to stop this!” And furthermore they would have won that political battle and video games would have been forever outlawed, because apparently the narrative that anything that causes a kid to look at a screen is inherently evil has becomes a given these days, and you don’t even need to argue for anymore you can just assume it.
Now don’t get me wrong, I think that stronger private data laws are a great thing, but you can’t just argue that companies using engagement data to optimize their services is itself evil. They are businesses, of cause they want the better product and of cause the better product is the one that provides what people want. We don’t want congress making it illegal for Walmart to stock more food during Christmas because they know from data that they sell more during Christmas. Now if walmart was asking to see your social security information during checkout, that would of cause be an issue, but that’s an entirely different thing.
websites aren't that much problematic as we can use adblocker easily. But what are you going to do in andriod app? Education app/ bank app were sending a lot of data to facebook which was causing headache to me. I can't even block whole asn because my mom use it to chat with relatives. They literally have integrated in app supply chain which makes the situation abysmal.
dns sinkholes like "pi-hole" can help, but have disadvantages like the lacking user interface: when you open an app and it doesn't work, you have no easy way to see all requests related to that app and whitelist or stub them.
What we need is a containment approach to apps that enables us to configure network settings individually: app1 has no need to connect to FB and is not allowed to do so, yet app2 can use the fb identity provider services. On top of that we must break open some connections and replace the content: app2 gets some don't-crash stub injected when it asks for tracking scripts. There are some obvious problems with "mitm injecting stub code", so containment profiles must be distributed as open source and reviewed. (this is how browser ad-blocker plugins work)
the problem starts when google, apple doesn't provide easy way to control domains app connect to. It would be nice if they provide firewall and allow us to block entire domain like don't allow Facebook or google in this app. Like littlesnitch but for ios and andriod.
But we know companies like Google aren't going to make such drastic step because they themself want data and have 0 incentives. Mitm is not easy in app due to pinning and requires root access which is very hard these days because banking app doesn't work on rooted phone.
And pi hole have stopped working because app's are using 1.1.1.1 or 8.8.8.8. Future looks bleak tbh.
Their pivot to Meta indicates that Zuckerberg knows Facebook is dead. The continued survival of the company now depends on whether they can successfully pivot to something else other than a social network. If they can then they might manage to survive but if not then it's pretty clear Facebook is finished even without people doing anything about it.
Well, we already have people getting groped in the metaverse so that might be off to a rocky start. Maybe they will sell subscriptions to digital metapolice?
Whatever tech you can come up with, people will find ways to use it for bad things. It doesn't reflect on the tech. Just the perpetrator. Did the internet fail because of all the bad stuff happening there?
Facebook already has the ability to view all interactions, even after the fact, which is already pretty intrusive IMO. Of course they're going for child friendly but I hope not all services will be like this. I don't want to be banned every time I say a bad word.
Ps it's also pretty risky for the perpetrator :P You never know if that hot chick is a 300 pound dude named Chuck, to quote ready player one :)
To stop surveillance capitalism more then an email to congress is needed, starting with an amendment to the United States Constitution that declares a human right to personal data and digital privacy (like article 8 of the charta of fundamental rights of the european union.)
Abstractly there are three major ideas related to this: corporations are free to buy, process and sell any data they can however they want, 2) governments have access to all data 3) humans are to be protected from governments and corporations
America does not believe in 3 anymore when it comes to digital data. Changing this will take more then some 1-click-democracy portals sending e-mails to congress - and harvesting contact data for engagement.
