Hacker News new | comments | show | ask | jobs | submit login
Facebook confirms it is scanning your private messages to increase Likes (thenextweb.com)
123 points by neya 1600 days ago | hide | past | web | 77 comments | favorite

To me, this is just standard privacy hyperbole that rears it's head every now and then.

Anyone remember the headlines several years ago when "Google 'scans' your emails to serve targetted ads'? When was the last time you heard someone complain about that anymore? No one does, because it doesn't matter.

Why should me sharing a link via a PM and my action be aggregated into an anonymous number worry me? How is the argument different from Google 'scanning your emails'?

Social networks nowadays seem to be competing on ways of justifying bigger numbers on the counters. It makes sense, the bigger the number the bigger the social proof which will attract webmasters. Scanning PM's for shares isn't something I might of thought they would do, but they do and it makes sense. The whole privacy debate surrounding this particular case is a complete non-issue for me though and will probably fade into insignificance just like Google scanning your emails.

An action from a big company that shifts the boundaries of acceptability in privacy would be a justified concern, but in this instance no land here in the privacy war has been lost. Nothings really happened.

While I don't use facebook's messaging except on the extremely rare occasion that someone messages me when I have their web page open, I don't think sharing a URL with someone means I LIKE the content, there are many different reasons to share a URL.

Right, so people's main problem with this is a semantic issue and not actually anything to do with their privacy.

HN Challenge:

Make a URL shortener service which allows you to send a link to someone from within facebook - but it blocks all known FB domains and IPs from viewing said URL.

It will only take the first click on it then expire. if all the first clicks are from FB - it would mean that FB is pre-emptively scanning and tracking all URL messages - even before users actually visit.

Why would Facebook need to visit your site to record that somebody liked it?

You misunderstood me.

This would not be for likes - but for visits.

Facebook certainly does pull any pages you link to, it scans 'em for images and puts those images into the message too along with a title and excerpt. This is occasionally annoying but makes messages prettier.

I'd forgotten about that somehow. Looks like we have our smoking gun! Hard to claim its surreptitious though.

I guess I don't understand why you think Facebook is scanning/visiting links, nor why I should care about that.

Agreed: Have you see this site (http://sucks.com) it sucks. (PS: I haven't actually checked out that URL. Might be NSFW)

No, I don't want facebook to "Like" links for me if I didn't explicitly say I liked them.

I'm disappointed that http://www.suck.com hasn't been updated recently... I miss the heady days when it was the most interesting daily updated site on the information superhighway!

Then is it safe to assume that you disapprove of their like-counter-increasing when you share a link on facebook? It appears they do then too, and you may be sharing it to say "I hate this".

> When was the last time you heard someone complain about that anymore? No one does, because it doesn't matter.

It's not that it doesn't matter. Just that the people for who it mattered just left/never joined gmail and don't have any reason to complain any more.

For facebook it's the same. People for who it matters will complain now and you won't hear much complaints after they all leave.

It's not the same thing.

Let's say I'm a republicrat and I'm furiously sending private messages with links to democan sites showing my friends how evil I think they are. Except now I'm told every one of my links as just made those republicrat sites more liked an I'm helping make it look like they are more popular than they really are.

Scanning emails to serve you ads does not leak information to the public indirectly. Increasing like counts does.

It does actually leak information in the form of ad prices and view rates. Not directly to he public, but it is leaked.

Is a "share" a subset of a "like"? Maybe they can have links count as shares but not likes.

So your issue here isn't a privacy one at all, it's a semantic one.

Lesson learned: stop linking to evil content.

Wonder if this will exacerbate the effect of everyone only seeing views that agree with theirs and decreasing exposure to different (/evil) perspectives.

Personally I'd be happy with fewer "look at this idiot" links, whether they be on Facebook or HN. If its more of a "something to think about" link, even if I disagree, I think I'm ok if their like count goes up when I share it.

> Anyone remember the headlines several years ago when "Google 'scans' your emails to serve targetted ads'? When was the last time you heard someone complain about that anymore? No one does, because it doesn't matter.

Microsoft begs to differ, at least when trying to sell you Office 365: http://www.youtube.com/watch?v=TDbrX5U75dk

It's called a 'Private Message'. Seems to be misusing the word private.

The gmail analogy is a little off, a closer one would be to compare to gtalk. Do google scan gtalk messages?

Also what if the message is "This is so crap: <link>" does that increase the like?

  > The gmail analogy is a little off, a closer one would be
  > to compare to gtalk. Do google scan gtalk messages?

Unless you specifically select "Go off the record" I strongly suspect that they do.

Since they show up in gmail while you're "on the record", I would assume so.

Wouldn't Facebook chat be the right comparison for gchat?

There's a reason I disable Facebook buttons on my browser and don't stick them on my own sites (including my blog). I don't trust Facebook with my browsing data, and I don't want to subject users of any website I work on to their abuse, either.

"Move fast and break expectation of privacy"

how do you go about disabling facebook buttons?

I use http://ghostery.com as a Chrome extension. There's also http://disconnect.me, also extension based.

Then there's the more extreme route of using Tor for all browsing.

Is there a point to using both of them? I just ended up using only Ghostery a while ago, because running five potentially redundant extensions seemed to do more harm than good with the hits to performance.

For Firefox, there is an Adblock subscription called "Antisocial" http://adblockplus.org/en/subscriptions (at the bottom of the page)

The facebook button is an iframe that links to a particular URL. You block that URL (+wildcard) in your browser.

Ghostery and antisocial are curated fOr you. But if you prefer more control, requestpolicy is recommended.

Run NoScript, never whitelist facebook. Crude but effective.

This only prevents FB scripts from executing, but you still get the images ( and FB the cookies). So this is not the solution for the paranoid.

Using ScriptNo(chrome plugin) in AntiSocial mode works too.

This is known by most Facebook App Developers.

What makes up the number shown on my Like button? http://developers.facebook.com/docs/reference/plugins/like/

The number shown is the sum of:

The number of likes of this URL. The number of shares of this URL (this includes copy/pasting a link back to Facebook). The number of likes and comments on stories on Facebook about this URL. The number of inbox messages containing this URL as an attachment.

From the API you can actually get a breakdown of that number into those component numbers.

Doesn't sound like a big deal at all. There certainly aren't any privacy implications. When you send a link to a website via PM the 'like' counter on that page on that website will increase by one. Makes sense (not perfect though e.g. if you're directing a friend to something you don't like). It's not like the 'like' is then shared publicly to your friends not part of the private conversation.

They know who you are and what link you forwarded. The only thing keeping it out of the public eye is Facebook's discretion, and they have a track record of unpredictably disclosing more data about you without an opt-in.

Facebook would have that data even if they didn't use it for the like button count.

So what? The only thing keeping my emails private is my email provider's discretion.

It's an ontological problem, I think. Things started out with just 'like', but then they added comments, etc.. the modern like counter much more like Tumblr's "note" counter.

Right. To say that FB is "scanning" private messages is pretty misleading. FB is counting shares. Seems quite logical to me.

The difference between Gmail and Facebook is that Gmail did not aim to track who you correspond with. Facebook is focussed on personally identifiable information. They have made it their business from Day 1 to know who your correspondents (friends) are _and_ to exploit that for profit.

To my mind, this is not something Google set out to do. Although to compete with Facebook, I imagine they may have changed direction. We have Facebook to thank for that.

Let's imagine for a second that the future brings us the proverbial "video telephone" that even the most non-technical person expects to one day be standard issue. Crystal clear, real-time communication with both audio and video as available to every person as owning a cell phone is today. Now, hold that thought.

Should companies be invited into every conversation we have on this device? Should they be permitted to show ads to us as we converse?

We never had companies keeping a record of everyone who we telephone and listening in to our telephone conversation to try to figure out what junk postal mail to send us. Would this be different? How?

Ok, now we can return to present day reality. The question is: Where do we draw the line? Should companies be a party to every conversation? What will happen if we leave this question to the unscrupulous kids working and compromised adults working at Facebook? I doubt they would see anything wrong with what I described in the previous paragraph.

Somehow gmail manages to auto suggest and complete email addresses for me. Sounds a lot like they tracking who I correspond with.

Yes. 2s/aim/initially aim/

I rarely use Javascript (certainly not for email) so I wouldn't know about all the latest Gmail "features". :)

What I was hinting at was a sort of evolutionary pressure on Google... to start using personally identifiable information. That pressure being Facebook as a perceived competitor.


Although I still believe google tracks this covertly, FB is overt about it.

So if I send a PM to a friend on FB with a link and note that says, this is the lamest site ever the "Like" counter on the site goes up by one? That makes perfect sense.

Actually it goes up by two, but Facebook claims that's the bug, not the fact that it goes up at all.

You didn't like the site, but you obviously felt it was worth sharing. Perhaps "people who engaged with this content" would be better than "like", but it'd make for a much bigger button.

Even better, I wonder what happens if I send a private message to all my "friends" with a link to my blog in it.

Did the like counter on my blog just go up by 500?

"Private messages" and "Facebook" are mutually exclusive.

Facebook is the antithesis of privacy.

Dreamers think FB has value.

Does the average person, of any age, think privacy has value?

What's more valuable?

Can all value be measured in monetary terms?

Web traffic has value (e.g. we can sell display ads). FB has web traffic. But so did milliondollarwebsite.com.

Privacy OTOH seems a long-lived concept, dating from at least the dawn of civilisation. I'd argue we have a lot more privacy than our ancestors. A trend that has continued unabated for hundreds of years. FB is but a {milli,micro,nano,pico}second in the evolutionary timeline of privacy.

I'm not throwing away my fig leaf just yet.

Why are people still using Facebook anyway? I can only presume people that do simply don't care much about privacy because Facebook has proved time and time again that your privacy does not matter at all to them.

All of their privacy breaches don't really matter if you consider all of the things that you do with Facebook to be explicitly public. My only privacy filters are discretion and sobriety, and they've worked well enough so far.

Agreed. In this day and age it's just asinine to expect privacy from the Internet, no matter what you are promised.

There is not privacy and I do not expect any. That's the way to be happy and care free on the Internet. It's simple: Don't post anything privately or publicly that you do not want the whole world to see.

Are you fine with the whole world seeing all you email and chat history, then?

Yep, I generally don't care about Facebook privacy because I don't place anything on it I'm not comfortable with the world knowing.

Danger is if your friends don't have similar filters and expose your drunk indiscretions

That's a problem with your friend, not with Facebook. As someone wiser than me once said, "you can't opt-out of people talking about you on the Internet"

The users who are okay with Facebook have a different set of priorities than the detractors who have abandoned it.

Asking why people are still using Facebook is roughly similar to asking why people use 123456 as a password.

Your presumption is pretty much all I can think to rationalize it and that's just sad. This breach of privacy stuff is a slippery slope and Facebook will continue to chip away at it until it's gone. To help people remember I've started: http://pleasedeletefacebook.com

Or you could just treat facebook as public... Over reaction much?

> Your presumption is pretty much all I can think to rationalize it and that's just sad.

You need to think harder.

You need to respect privacy harder.

I know FB scans private messages. You cannot send links with certain domains without getting an error message. Sure, they don't have some dude in a cubical looking at each and every message, but if they are scanning for domains, how hard is it to scan for keywords within those private messages? Mention your new iPhone in a message, and you see ads for iPhone cases. Make a Tony Romo joke and you see ads for an RGIII jersey, etc etc.

They scan for even more than that, they'll report you to the FBI if they suspect you of illegal activity. http://www.reuters.com/article/2012/07/12/us-usa-internet-pr...

I mean, Gmail does the same thing....

"Privacy is a relic of a time gone by" -Sean Parker

"Fuck you" -Me, responding to Sean Parker on privacy.

Ditto. Impressive attitude.

No matter how much you curse, it ain't gonna change anything.

Plus LOL at your creating a new HN account for the explicit purpose of putting in your sophomoric response.

I wasn't aware that Sean Parker was a noted expert on privacy and the implications thereof.

One does not need to be to realize there is no privacy to be expected.

the hubbub over "scanning" here is silly. Obviously Facebook's systems scan your everything. The issue is that FB considers a "private mention" as a "Like", but it's old news that a "Facebook Like" is not an "English like"

What about the "ad-likes", where FB shows "Your friend Jill likes ponies. Here's an ad for My Little Ponies" -- are these similarly prevented?

Breaking things tends to make unhappy the people using.

Don't worry, Zuckerberg will write a heartfelt boilerplate apology soon enough. :P

I'd rather be shocked if they don't do it (think viruses, trojans, hoaxes etc)

Facebooks private messages are censored. Here in the western world we can not message one another freely when using this Facebook, of which many think are some kind of nice private messaging system like email. Its not and never was. For example try to send a thepiratebay.org link to your friends as a private message. Who knows what more they censor, perhaps the really interesting bits to censor seem to you like they have been delivered, but facebook never actually shows it to your firend. You would never know.

Also, you cant send life-changing notifications through messages to all your friends, for example there is a cap I think on to message 30 people at once.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact