In computer security, every time machines become fast enough to breach the limits of an algorithm we invent something new so that “hard” problems remain “hard” and therefore encryption is still secure.
There has been no corresponding increase in the difficulty of invading privacy. 30 years ago, even though you probably “could” observe somebody for a long time and eventually connect some dots about them, it would not really have been worth your while (and you certainly wouldn’t have been able to do it for thousands or millions of people). Now, it is ridiculously easy for computers to dredge up information and instantly transmit it, slog through it and basically connect every imaginable dot. There needs to be a new standard for privacy: just like you want a 2048-bit key, you want the equivalent of a “make life a pain in the ass for Facebook” key on EVERY DETAIL of your life.
I would love if someone made a Chrome extension that encrypted all the posts and messages you put on Facebook. That is, any post you made would be made as a ciphertext, the extension would swap keys with all your friends in the background, and would decrypt their posts when displaying them to you.
Sure Marky Mark still sees when you post, who you send messages to, etc. but it's a much better situation than what's going on now. Plus it would probably put a dent in their bottom line, and so send them the message that privacy matters to people.
You're so close to what I am currently building that I feel like I have to chime in. I left Apple's security team a few months ago to go solo and build an app that is similar to Facebook/Instagram and Snapchat in terms of functionality and UX but uses the Olm protocol (similar to Signal) to protect all content. So, fear not - something is being done, and I'm sure I'm not the only one working in this problem space. I think it's ripe for innovation, counter to popular belief; the trick is to do it in a way that doesn't require a PhD in computers to operate the damn thing, as was the issue with previous attempts.
I'm skeptical as to how worthwhile your effort is as long as the outcome is just another alternative to FB. We've seen countless examples of how these alt-social nets failed. But I do see a lot of value in the tech you might be developing, and if in some way we could embed it into existing social nets, that would be amazing. Fingers crossed!
How easy would it be for Zuck to just update the TOS to say "encrypted content is against our TOS" and ban you?
Zuck can't add any encrypted content to your personal profile, which means he doesn't make any money off you. And Zuck can do pretty much whatever he wants in his castle, I'd say.
Content is mostly irrelevant, metadata is way more interesting. In other words they do not care what you say, but who you say it to, when you say it, from where, at what time, and so on.
I run design collective (group of designers and design students) we have been looking for social media projects to help. Is your project aimed to be opensource or it is comercial bussiness?
We could might be able to help. Even just with small things like design analisys and testing.
You just killed your project. Nobody is going to use a security centric product littered with ads. Ads are exactly what people should be worried about, tracking their tabs and browsing activities.
> the trick is to do it in a way that doesn't require a PhD in computers to operate the damn thing, as was the issue with previous attempts
This sounds similar to the story of PGP. Many attempts have been made to get people to use it, but it just didn't catch on (on a big scale). So I'm curious: how will it be different this time?
I see the problem with this is gaining traction. With no users on board you'll have no users on board.
Unless ofc you're just building this for yourself and your friends, which is something I thought about doing myself but then realized that even my friends cba to install yet another chat app.
> I see the problem with this is gaining traction. With no users on board you'll have no users on board
That's the same reason Facebook would never beat MySpace and MySpace would lose out to Friendster.
Metcalf's Law and initial traction are real challenges to achieving critical mass of users, but it has been done. I'm biased to hope for @ghughes success and that enough people care about privacy to give it or similar services a shot.
How are you going to recreate the main selling point of facebook, i.e. the Newsfeed ? If things are encrypted, how are you going to determine relevance, etc.
> How are you going to recreate the main selling point of facebook, i.e. the Newsfeed ?
When you post, the content is sent as an encrypted message that can only be decrypted by people who should be able to see it (either all of your friends or just a subset of them). The client automatically takes care of key management and is responsible for keeping track of sent & received posts, comments, etc; it renders a news-feed-like UI on top of that data. The end result is a familiar UX on the surface, but the underlying mechanism for transmitting data between users is far more secure than the traditional approach of using a monolithic database that contains everyone's data in plaintext.
> If things are encrypted, how are you going to determine relevance, etc.
The client is solely responsible for that. For now the "news feed" is strictly chronological, but I plan to augment it later by prioritizing posts that might be particularly interesting to the user. There are plenty of ways to make those decisions locally.
hey, im going to implement something similar as well, and your idea gave me an idea - id 'like some help getting started - grappling with crypto since im new.
can we get in touch somehow ? too bad hn doesn't allow private messages.
Exactly. I also think that encrypting data is a smokescreen to gain brownie points. Yes, it is more secure than not encrypting messages but the effect of message encryption on your privacy is very low.
If you have out-of-band connections with all your friends and you have friends who are willing to jump through weird, nerdy, technical hoops, what do you need Facebook for?
There would be no out-of-band connections. The extension uses Diffie Hellman or something to swap keys with your friends over Facebook (or maybe through a server run by the extension provider.)
This is missing the point as metadata is way more sensible than actual message content. Besides, being contrary to ToS you'd get your facebook account blocked or banned.
Look at how fast AdNauseam got the boot from google to get an idea.
Don't know how many will read this now, I'd just like to point out that since you can only message addresses/accounts you're "friends with" on Fb AFAIK, you can effectively broadcast to all your friends without Fb knowing the plain-text recipients.
It is simply necessary to have the plain-text in a publically known format, e.g. prepended with date or name or whatever. Then you post the cypher-text to your "timeline" (or whatever it's called) and try decrypting all your friends' posts to find which one is meant for you.
To get around Fb-imposed usage restrictions use a steganography or obfuscation tool. https://seecret.io is already linked to somewhere on this thread.
I agree strongly with you that the direction to be taken is independent messaging clients for existing messaging channels as long as those channels allow third party API use.
What channel would you use to share the keys on FB? The Facebook API simply will not let you do that anymore. Direct messages have a character limit and you can't just post to someone's wall anymore.
I tried working on something like this for seecret.io but was confounded by the Facebook API's limitations.
Twitter is much better for that. Probably other network too.
You use Diffie–Hellman. "Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel." (https://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange)
I had thought something similar, but with Google drive instead of Facebook. To create a rogue client that encrypts my files, uploads them to Drive encrypted, but presents them nicely unencrypted in my local machine. That way I get the free (as in beer) cloud storage, but google doesn't spy on my files.
How would you finance and support this endeavor? Also, why wouldn't Facebook ban all such users? Facebook is a private platform and they make the rules on how you get to play with it.
The main issue is that there is no reason for companies like Facebook to fully adopt it, since it doesn't benefit them and there is no outside pressure forcing them to do so.
May be I'm the only one but how is the parent referring to Differential Privacy? Differential Privacy is "one way" to achieve privacy. The parent comment talks about a different standard for privacy the moment computing power increases.
How about a Scramble Suit as in a Scanner Darkly ? A browser extension that supplies fake events to all the tracking scripts. Fake website visits, fake clicks, fake session duration. Couple this with a network of VPN so that you are appearing in multiple locations, scrambled with everyone else using the service.
Security breaches are bad for one party's capital, good for another party's capital.
It's interesting to contemplate WHY is there a difference between the two. Security and Private both nasciently have something to do with "info I'd like to keep to myself", but I'm not sure I can come up with a hard delineation between the two, at least when you try to go above "A/S/L" and below "user/pass".
Exactly. Once we can understand P vs. NP completely, all cypto algorithm today will be obsolete since crypto algorithm today ONLY rely on that "hard" problem.
It terms of a hostile 3rd party and not an automated system? 5 times.
Snoopy relatives of women I have dated a couple times, a couple times by PIs paid to track me down, and a stalker once.
So...yeah. It's a real problem and none of these people had a legitimate cause to do so. Even beyond FB, etc. I don't post my face online because of shit like that.
Other people have stopped posting pics of me as well, a couple people have been called based on my name being tagged to things on social media.
I went in and untagged myself from a bunch of stuff my parents posted after my online friend commented on one of the pictures. It wasn't that it was super problematic, it's just I realized I really didn't want family pictures broadcast to my friends.
The bigger problem for me is how facebook tracks and identifies even people who do not have a facebook account. They simply infer such a person exists from photograps, contacts and other one sided activity and can start to track that person, tie all this information together and then target them with ads even though they never signed up for Facebook.
Such shadow profiles are a much larger problem to me than people who are happy to fork over their private lives themselves.
Nothing will change until the law cracks down on this. The people who work on these systems are smart enough to comprehend the wider consequences, but they do it anyway because money. Without significant external pressure, there will always be a long line of engineers willing to dial their cognitive dissonance up to 11 and build software that is clearly unethical in exchange for a fat paycheck.
In the EU the law just did crack down on this with the new EU Data Protection Directive[1]. The DPD covers not only EU based companies, but also any company that provides services for EU citizens in the EU (so, Facebook, LinkedIn etc. are covered by this..but also e.g. your little weather app).
The new DPD is strict compared to previous regulation, but there are two parts of the directive that a particularly interesting:
- The Data Portability concept: A company covered by the DPD is required to deliver to the user all data the company has on the user, in a standardised format. That means Facebook now has to hand out all your data (information, pics, likes, posts,...) for you to use freely - also in other services. I think this in effect means you own your data. I'm excited to see the effect of this one.
- The right to be forgotten: A company is required to delete all data they have on a user, if the user requests. Actually, if the user invokes this right, the company is not allowed make public, <b>store or process</b> any data related to the user.
From what I hear in discussions between american colleagues, american companies have no clue whats about to hit them. I know there is a mild panic here in Denmark, and the DPD is the most talked about subject in IT at the moment - and we've always been rather anal with the privacy stuff (e.g. cookie-law).
Edit: Oh, I forgot the fun part; this gets a lot of attention due to the sizes of the fines companies get for not adhering to the directive. Fines are up to EUR 20.000.000 or 4% of the company's global annual revenue, whichever is higher. Facebook made USD27.638.000.000 in 2016, so thats a fine of USD1.105.520.000 for not playing nice.
(I posted this in reply to another post, but seems relevant here too)
> The Data Portability concept: A company covered by the DPD is required to deliver to the user all data the company has on the user, in a standardised format. That means Facebook now has to hand out all your data (information, pics, likes, posts,...) for you to use freely - also in other services. I think this in effect means you own your data. I'm excited to see the effect of this one.
The problem here is that those companies use fingerprinting to collect data. This means that in theory they are not 100% sure who is the person they are collecting data from, but in practice they could be 99.99% sure. Still, this makes it impossible to hand out all this data, because there is still a 0.01% chance that the data does not belong to the person who requested it.
Not disagreeing, but I would certainly like some references if you could provide us any. In fact, it would be genuinely troubling if you cannot find any good sources. Here is why: this notion of fingerprinting seems to be an invention of the legal wing, to be brought out as a CYA when these requests were inevitably going to be demanded.
Time for some math:
Since it is only a 0.01% chance, it means you need 10000 discrete pieces of information collected on a single individual before there is a chance of error. If a company indeed has that many pieces of information on you, you first of all need to know that for a fact.
There is a chance the company will counter that this is aggregated probability, as in, with an uneven distribution of errors. If it is indeed aggregated probability, the companies which advertise on these platforms need to demand their money back because for all you known, none of the folks they are targeting are actually correct fits for their ads. Fingerprinting puts the burden of proof on the shoulders of the company that they are indeed allowing advertisers to target the audience they want. How can they be so sure if the errors are unevenly distributed?
In any case, everyone should demand the information anyway, and let us start using this fingerprinting theory as an excellent opportunity to get deeper into the practices of these companies.
Moral: of, relating to, or concerned with the principles or rules of right conduct or the distinction between right and wrong
I think it is "clearly wrong" that Facebook creates shadow profiles, because it is violating the freedom of people who have not signed up for their service, in the same way that it is clearly wrong for me to take away your favorite pet for ritualistic sacrifice against your wishes, even if "everyone" in the community agrees that it has been a consistently effective method for pleasing the Gods.
Of course, you know these analogies are tenuous, and you will eventually go into very precise definitions of words (or worse, you will actually start taking my pet sacrifice analogy and dissecting it). Perhaps you could tell us about something you think is clearly unethical, and we will try and draw the connection for you.
I doubt that he doesn't understand what "unethical" means. The question is how does what Facebook is doing qualify? You've said it is because it violates the freedom of people Facebook is making inferences about who are not users of Facebook's services.
That just shifts the question to how does it violate their freedom? That is not at all obvious to me. (NOTE: this does not mean that I'm saying it is OK...just that I don't see how it is a freedom violation).
My computer desk at home is near a large window, which I often look out while I am using the computer. From this window I can see people from my street walking dogs. I can see kids going to and from school. I see cars coming and going. My street is a dead end street about 1 km long, and I'm about 200 meters in. The street bends a little way past my place, so the last 700 meters or so are not visible from my place.
By casually observing people walk by, I've gathered data to make several inferences about people who live beyond the bend. I've figured out when some people are having house guests (by seeing people I've never seen before walking dogs that I recognize).
I've inferred sibling relationships among some of the children who walk by (by noticing dress and equipment patterns that clearly indicate that the same person is shopping for both).
I've figured out what kind of cars the parents of the some of the children drive (by seeing those cars stop when passing the children on the way home, and the children getting in, or seeing a strong correlation between days when particular children who walked by to school in the morning do not walk by in the afternoon and days when particular cars drive by in the afternoon).
Am I violating these people's freedom by making these inferences from what I see out my window?
If not, what is the fundamental difference between what I'm doing by observing people that walk or drive by on my street and what Facebook does by observing what its users do on its site?
You would be more like Facebook, if you 1) would publish your observations or otherwise provide it to third parties 2) sit at nearly all streets all the time, e.g., observing whatever those house guests are up to the rest of their time.
Imagine, you share your observations with, say, a PI who was hired by a paranoid spouse or by someone's employer.
Facebook is like a vast and far reaching network of nosy neighbours of whom you do not know who they are chatty with. Maybe someone who likes to jump to conclusions?
Answer is, that its not clear cut. What is the difference between a private investigator (working for a single party) and the government investigator (working for the city, state or federal level)?
I would think, that advertising in the local press or, having a sign outside the window to the effect that you were able to sell personal and assumed to be private information about the people who lived in the street would provoke an unpleasant reaction.
Doing something purely for your own benefit that you know will cause significant distress to others is sociopathy I think. Perhaps 'unethical' is the wrong word. 'antisocial' definitely covers it though it might not be strong enough.
I used the private investigator here as a middleman, a third party. Just like law enforcement or a data broker would be. My concern (in this argument) is less that of the ethics of each single act, but rather the consequences of setting up such a service. You don't know what you are enabling.
Imagine a gentleman decides to follow you for the rest of your life. He is always wihtin a distance but when you leave your home, there he is and see you him with his pen and paper recording your every move. You get it you car, he gets in his and follows. You stop by your lover's home. There he is the back recording. You go pick your child, save. You go to the grocery store, there he is recording again. So on and so forth.
Would you say there is absolutely nothing wrong with this?
> If not, what is the fundamental difference between what I'm doing by observing people that walk or drive by on my street and what Facebook does by observing what its users do on its site?
The expectation of privacy. The window analogy may seem very clear to you, but a lot of people see Facebook as a sort of postal service carrying their enveloped messages to their friends, and they have to trawl through a pretty large document of legalese to find out how it isn't. Facebook is more like one-way mirrored glass.
Not OP, but I think the fundamental difference is that you are, presumably, not selling everything you know to potential stalkers that wish to know everything about the people you mentioned.
It's not just that. GP's analogy would only make sense if one of your neighbors was a superintelligent alien whose larger motives are hidden from you, whose livelihood lies in having an intimate understanding of your psychology and how to manipulate you, and who never misses any detail or forgets anything. Ever. It's fucking creepy.
I can't claim it's wrong because I'm not a good ethicist. But I can say anecdotally that I feel upset and disgusted by the idea that even though I don't have Facebook, they may have a dossier on me. Simply because friends use my name or share photos including me.
It's upsetting because I don't know what I can do about it. How do I protect my privacy in this world? Do I stop having friends? Do I wear a mask everywhere?
It's like finding out that the Stasi had an extensive file on you, even though you never travelled to the GDR or were an interesting target. The only connection is that friend of your's who once visited their uncle on the other side.
The difference is, the GDR is gone and none of this has any consequences anymore. However, the consequences of Facebook et al. are yet to be seen.
> I can't claim it's wrong because I'm not a good ethicist.
Even the best ethics expert in the world would just be one who knows how to describe a bunch of ethical systems and ideas that exist currently and historically. Other than that, they can help you exactly zilch with such decisions. I'm not a psychologist, but I'll claim if it makes you feel upset and disgusted, that means you did decide you consider it wrong. And if it helps, I agree.
As for how to change things, well, ask the EFF for example? There's things you can do which, apart from being a real help, also help you with the dread of this free floating vague blob of worries that you sometimes look at but as you said feel you can't do anything about.
One thing you can always do, is that not giving in. It just takes one person to prove the claim that everybody accepts or wants X wrong. When being that person seems scary, personally, when looking around, I'm not convinced at all that the people who fight no or trivial battles are less scared. It's not actually safer on the side of thugs, generally speaking, and life isn't more fun at mindless parties either, only those who don't have the comparison would think that. I'd rather say that's all built on sand, on holes that have to be temporarily filled with more and more material.
So keep on hanging on, because there might come a point where you feel less upset, more grounded, and the people who drift along will become more and more confused. Real things can hurt, sometimes badly, but real things also have longevity, they bring their own means and nutrients for growth.
At least, that's how I answer these questions for myself, that's how it ended up working out, and while I know that can't be generalized, sometimes it does get darkest before dawn. Don't let it drag you down (Sophie Scholl's outlook = best outlook).. but what you can shoulder, do shoulder. The only way out really is through, ultimately.
If worst comes to worst, don't get crushed when the screeching narcissism machine attempting to eat the planet drives itself and billions of people against the wall and implodes. Easier said than done, but change will come one way or the other. I'm not convinced it would leave spots of unscorched Earth, but that hope dies last, anyway.
Well, your moral principles are very different from mine. I don't feel like I (or the state) should have a say about what goes on inside of Facebook's servers, they can do whatever they want with the information they have as long as the don't use coercion (to me, freedom is the lack of coercion).
That said, I do believe that there's a practical problem, but it's us that must try to solve it, we must educate people, we must ask our friends not to post our photos or personal info on social media, etc.
> they can do whatever they want with the information they have
What if they decide to publish online your computed profile? Maybe they know you better than yourself.
> as long as the don't use coercion
Isn't influence or suggestion a kind of coercion? Why do you think they spend so much resources on profiling everyone?
> That said, I do believe that there's a practical problem, but it's us that must try to solve it, we must educate people
My country used to have over 6000 people killed on roads out of about 60M people. The state tried to "educate" people about not driving while drunk, not driving fast, using seat belts, etc. But in the end, what actually worked was more policemen on the roads.
You say freedom is the lack of coercion but you fail to realize that you are coerced into being part of FB, and your only opt-out is drastic measures like using a blocker.
FB probably has more intelligence capabilities about mere people than any past or present intelligence agency of any country ever had. That raises a lot of questions, the first of them being to make sure that they don't use it against people.
I'm not being coerced to use Facebook, there's not threat of physical violence involved. I choose to use the web, if some site has fb trackers I can disable cookies, I can disable JS, I can do whatever I want with my computer in order to not give them my info.
Yes, there is influence, and I would certainly prefer it to no be like that, but freedom of people to use a lousy service as fb is still freedom, and freedom is more important than my feelings.
The state is the collective will of a relatively small group of people with money and power. Most people have no influence at all. That's how it always has been. I think the only way to maximize freedom is to support small, local governments.
According to Max Weber, Something is "a 'state' if and insofar as its administrative staff successfully upholds a claim on the 'monopoly of the legitimate use of physical force'. I am not part of the state, the state is the president, the congressmen, the taxman, but not "us".
> because it is violating the freedom of people who have not signed up for their service
That's your interpretation of their reasoning, Facebook's interpretation could assume that they haven't signed up for service yet.
Also, how exactly is their freedom violated? Let's say they could do a certain set of actions on a given day prior to Facebook violation. So if a government violated their freedom (e.g. by putting them under house arrest), a certain subset of those actions, like walking to a store or a park, would be impeded.
What would be an example of actions that would be impeded by Facebook's violation?
The law will not crack down on this. The politicians stand to gain too much. See The Dictator's Handbook (which is as relevant to democrats as autocrats).
That said, I'm personally certain the laws will evolve rapidly in a favorable manner. Privacy issues resulting from Facebook/Google and co are becoming increasingly unacceptable for the society.
I was referring to the one by Mesquita, but because my brother, an attorney, recommended it, not because of a GCP grey video. Perhaps you meant "I think it's because..."?
The thought that Mark Zuckerberg might one day run for president, and actually have a chance, is absolutely terrifying to me. If this happens, kiss the concept of personal privacy goodbye forever.
I've just finished that and second the recommendation - while the ideas have been around for a while, the presentation of them in that book is outstanding.
I think it is more likely that the market corrects this well before the law. How much longer can the status-quo of online advertising remain intact? Do these targeted ad's really work? There is a ton of time and talent being poured into hyper-advanced targeted advertising systems, how long can this be sustained?
We're talking about a monopoly and you think market forces have any fundamental effect here? The data exists. Facebook is not going to abandon this trough just because they can't monetize it right away.
Buyers have access to a detailed audit trail of their ads and campaign activities. They see where ads they bought ran, the number of people who were able to see their ads, and clicks and other interactions with their ads.
If "these ads are working" is defined as "these ads are accomplishing what they were intended to when purchased," peoples' spend is founded more in data than belief.
Buyers have access to ~2BN people and tools to target them by age, interest, and geography -- much of that demographic and psychographic data is explicitly and freely given by those people themselves; tons more are derived and inferred. Buyers repeat their buys because these ads accomplish what they intended at purchase -- they can effectively drive traffic or commerce or whatever else.
This real power to generate revenue makes the issues around privacy, security, transparency, awareness, responsibility, ethics, laws, oversight more important than if it was created by ignorant beliefs. The latter would be temporary; the former generally strengthens as more data gets into the system.
Every so often there is a post that makes it to the top of HN about how Facebook ads aren't worth the money at all. And that other ads aren't much better. Marketing departments are completely insane (look at the leaked pepsi logo manual) and exist only to continue their own existence. Many corporations don't even bother to test their ad campaigns to make sure they are effective.
The fact that people buy ads is not at all evidence that they are effective.
So facebook finally has a massive income ? How did they manage to turn the tables around ? Last time I heard of them they were having a very hard time making more than pocket change and almost all the revenue was limited to the US.
They were steadily losing users in the very significant 13-17 years demographic, had a CTR one fifth of the rest of the web. Several reports of brands quitting facebook or advertising on facebook because it is expensive and does not seem to be effective on a background of unstable rules and "quirky" system with some overcharging and ads not displayed.
Facebook built itself on investor story time, with promises of better targeted ads in the future, and up to now is still selling the idea that at some point in the future it will succeed at this. It has yet to deliver on this promise in a consistent way.
"...are smart enough to comprehend the wider consequences"
Smart is not wise. Just complicate what you think people would hesitate to do, and they will get fooled into dong it. Especially if it challenges their intelligence (e.g. algorithms).
People don't seem to realise the ecological harm (privacy wise) in using those services. They don't realise that by using those services, they not only harm their own privacy (which is their to shed), but also other's.
The sentence "I have nothing to hide" that often gets thrown about has two problems. The first is obvious: whoever says it most probably do have something to hide, and are not quite realising it. The second is much more insidious: it frames the debate individualistically. This is a common flaw in our western societies —see for instance copyright debates talking about one artist and one consumer or pirate.
People should realise, as you did, that it is not just about them. I would go even further: using Facebook is not just a personal choice. It's a political one, that affects all around you.
Last year for instance, I was forced to use Facebook by friends from my orchestra. I reluctantly set up an account, and kept up for a while. Then I turn off email notifications because they were so annoying. Then I learned, several times, of decisions or events that were discussed only on Facebook, (without my knowledge since I hardly logged in). When they clued in on my ignorance, they said "but I sent the mail" (no you didn't).
(I have since "deleted" my account. I won't use that crap ever again)
The choice is often between giving up your privacy on Facebook, and being ostracised by such and such group of friends. Disgusting.
And how are they hitting that person with a tracking pixel and associating it with the pseudo-account?
It's still creepy, but it's likely more about determining knowledge of the friend graph (i.e. suggesting 2nd degree friends via a connecting pseudo-account) than about ad targeting.
Though yes, as soon as that pseudo-account could be tied to an actual account, Facebook could use passively gathered info to target you.
The creepiest part about Facebook is the sheer volume of facial data paired with social connection data. With access to that, even if you have never been online in your entire life, there's a good chance I could take your driver's license photo and know who you associate with.
> And how are they hitting that person with a tracking pixel and associating it with the pseudo-account?
That's the easy part. There are companies that specialize in this sort of thing, as well as in merging profiles from several devices (pc, tablet, smartphone), you can bet that if two-bit advertising technology companies know about these tricks that Facebook does too, and they probably know a trick or two that has not become mainstream yet.
If you want an explicit explanation of how such a link could be made it's a hard choice: too many possibilities.
I've done technical due diligence on about 10 advertising technology companies, node identification in a graph gets easier through two things:
- more known nodes in the graph (Facebook has many)
- more activity by the unknown node (just wait and track)
Sooner or later there is a moment where just for an instant that node can be strongly associated with a real world ID, for instance, a contact in someone's address book, a tag in a photograph and some shared online activity or something as simple as a phone call. At that point it is game over, the contact can now be associated with the device ID on the other side for instance through some running app.
Apropos games, many games monetize by embedding a library supplied by an advertising technology company that wishes to gain access to devices without waiting for the user to visit a website. These libraries leak information all over the net.
Is one example by FB, there are many more and some of those require permissions that make no sense at first sight until you realize what is happening under water. If you ever wondered why some shitty game requires access to your contacts, location and other interesting bits of data this is it.
It is very hard to stay off the radar of the likes of Google and Facebook, I have a pretty good idea of how this stuff works in the background and I have no clue how I could not leak enough bits for those two companies to tie my online activity to my real world identity in a single profile.
With the new EU Data Protection Directive[1], I think they do, since the DPD covers not only EU based companies, but also any company that provides services for EU citizens in the EU (so, Facebook, LinkedIn etc. are covered by this..but also e.g. your little weather app).
The new DPD is very strict, but there are two parts of the directive that a particularly interesting:
- The Data Portability concept: A company covered by the DPD is required to deliver to the user all data the company has on the user, in a standardised format. That means Facebook now has to hand out all your data (information, pics, likes, posts,...) for you to use freely - also in other services. I think this in effect means you own your data. I'm excited to see the effect of this one.
- The right to be forgotten: A company is required to delete all data they have on a user, if the user requests. Actually, if the user invokes this right, the company is not allowed make public, <b>store or process</b> any data related to the user.
From what I hear in discussions between american colleagues, american companies have no clue whats about to hit them. I know there is a mild panic here in Denmark, and the DPD is the most talked about subject in IT at the moment - and we've always been rather anal with the privacy stuff (e.g. cookie-law).
Edit: Oh, I forgot the fun part; this gets a lot of attention due to the sizes of the fines companies get for not adhering to the directive. Fines are up to EUR 20.000.000 or 4% of the company's global annual revenue, whichever is higher. Facebook made USD27.638.000.000 in 2016, so thats a fine of USD1.105.520.000 for not playing nice.
I foresee a long drawn out nasty international legal fight about this. In the same way the EU authorities have been very weak dealing with the car companies and emissions e.g. dieselgate, the US authorities refuse to see the problem with privacy and data. The governments are going to blame each other for stifling competition (companies from their country) etc.
I think the practices of online tracking joined up with offline tracking, as Google is now doing is going to be forbidden unless you consent.
This was exactly my point a while back. That the default option should be to get explicit permission for each piece of data you collect AND infer, even if the inference is being done in situ as the code executes (otherwise it will become another out clause). Of course, the geeks who get all delirious by seeing a mountain of data to analyze would not want that kind of friction in the process.
I wonder what would happen if someone would spend the time to completely dissect and reverse engineer exactly how lookalike profiles are being generated. My guess is that it will expose data collection practices which will confirm our worst fears.
The safe harbor agreement allowing EU citizens' data to be sent to the US was invalidated by the European Court of Justice and hastily replaced by the EU-US privacy shield which is effective since february 2017 and is already under attack and possibly on the way out while trump took a strong stance to not give any privacy to non-US citizens.
Then there is the secret negotiation of TAFTA where the US wants to siphon data without providing privacy and Germany refuses to let TAFTA go on until there are adequate privacy measures.
So yeah, this battle has been an ongoing one for years now.
By law you should but it will be an uphill battle.
Technically each and every advertising agency that creates a profile on you, gives you a cookie and stores your IP address is in violation of the law. (IP addresses count as PII, Personally Identifiable Information).
I don't see the legal hammer coming down on the advertising industry (of which Facebook and Google are the major players) any time soon if ever.
>IP addresses count as PII, Personally Identifiable Information.
One way hashed (that can't be rainbow tabled) are not however PII afaik however, so it's quite easy to turn an IP address into a "net location ID" or something similar that can't be tracked back to a physical IP for analytics.
If you're going to add a unique salt every operation you just destroyed the value of that IP address for tracking purposes. Which was the whole point of the discussion to begin with. By your scheme you might as well store a random number. So, either you store the IP in such a way that you can later re-associate a new call with the previous IP or you might as well not have it.
> However at that point surely you just add a salt?
How would that work? You'd have to use the same salt for every IP (which completely negates any benefit of the salt), otherwise how do you know that bcrypt(salt_1, IP_1), which you stored in your database yesterday, refers to the same IP as bcrypt(salt_2, IP_1) that you stored a month ago?
It's enumeration through 32 bits of 0-4294967295. There are only so much IPv4 addresses.
If you add a salt, then that "net location ID" becomes of very limited use. You won't be able to grep through the logs for request from specific IP, you won't be able to tell how many distinct IPs are accessing your services, etc etc. The only use I can see is keeping it in the session to check if IP address had changed, as a security measure.
In principle yes, in practice Facebook does not follow the EU laws. For example, they are required to provide you with all the data they hold about you. I requested this data (shadow profile) from them multiple times, they never responded. The next step would be to contact the Irish authorities responsible for overseeing FB, but from what I read they don't process complaints against FB, and the next place would be some EU court to force them to do their job.
Facebook sometimes submit to European laws. Facebook turned off their facial recognition after Germany made it illegal, registered used data has been made available for download among a few other cases.
Recently Facebook got fined 110 millions by France for lying to antitrust regulators during the vetting of the whatsapp deal, a few days before it got fined the maximum of 150k euros for repeated infringement to local privacy laws (maximum has since been raised to a percentage of the worlwide revenue) and a few days later it got a 3 millions fine in Italy for a similar privacy offense.
I'm not sure shadow profiles are covered by the legal obligation as facebook never acknowledged the existence of those for they are illegal in the EU.
Mentioned shadow profiles and some other of their shady practices to an acquaintance recently, he uses fb and wanted to stay in touch using it. He chose not to listen to my critique of fb calling me a "tinfoil hat" (whatever that even means).
An easy disarm is "You are confusing privacy with secrecy. It is no secret what happens in the bathroom. It doesn't mean we are going to remove the doors because people still want privacy"
There are ways to counter this. For example, it can be said that Facebook isn't your bathroom. (Yes, this isn't exactly solid argument, sure.)
Still, I'm absolutely sure it's best to keep private stuff to oneself, and parties you trust. With understanding of full consequences of doing so. If one trusts Facebook, they'd better think why do they do so, as their trust may be misplaced.
I think one of problems is that when users post data they don't even think they send it to Facebook - they believe they send it to their friends there.
"great, I'll put up a camera so I can watch even when we're not together! I'll share the vids on your FB wall, in case our other friends also want to see"
I've been thinking about this. Having to prevent being observed is not without cost and many time is inconvenience and annoying. Why do I even need the door closed in the first place ? Because other people will I think I'm weird ? Is it cultural thing? Why do I have to feel embarrassed/ashamed when people see me in the bathroom ? What if as the society changes to become more open, the more people leave the door open, the more it become the norm, then I don't even need to care anymore whether the door is open or close when I'm using the bathroom.
Ha - if anybody says that, ask them if they can kindly lend you their phone for a few minutes, so you can browse through their photo gallery, browser history and emails.
"Oooh! How much do you make? How many sexual partners have you had? Have you ever cheated on any of your partners? Ever had an STD? Whom do you secretly dislike even though you don't show it? I've never met someone with nothing to hide before, this is so exciting!"
Calling someone a tinfoil hatter is a way for someone to dismiss your argument without them actually having to think about something that makes them uncomfortable.
No idea, any evidence that Google uses email content do generate external profiles (vs. the user who received the message)?
If I write "Leroy Jenkins likes rushing" in an email, does Google create a persona called Leroy Jenkins, assigns a quality "likes rushing" to it and tries to match it to other data?
I always heard that user data is firewalled by default inside Google (PII data from one user isn't used on other users, unless explicitly shared).
Even on Photos Google seems to only allow you to appear as a suggestion on your contact's photos after you explicitly opt-in and explicitly selecting "which one is your face":
They can build up a graph and they'll see your emails when sent to a gmail recipient or from a gmail originator to you.
With a very large fraction of all email now passing through Google's servers you can expect them to be able to piece together the missing bits with high fidelity.
How come we have clowns getting elected, terrorism and financial meltdowns then? There are so many interesting things one can do with this power beyond monitoring what the plebs are upto. No great evidence exists that the power is being used despite the data and computing power having existed for 15 years now.
It can be used in many ways that do not stop clowns from being elected, from terrorists to be able to carry out their act and to protect you against financial meltdowns.
The clowns are being elected by the voters, not by companies, terrorists will always be able to do their deeds in an open society, if some fail just throw more bodies at the problem, and financial meltdowns can be prevented by banking oversight (and a lot of that oversight just got canceled by the stroke of some clowns pen so you can brace for the next round in ~5 to 10 years from now).
One small difference is that the activity on GMail or large email providers is generally two-way and it becomes clear when you understand that clicking "Send" sends your mail away to be stored in GMail forever unlike where photos somebody would be taking with their friends are not aware if it is put in Facebook or similar social places.
That isn't true. Many domains are routed through Gmail where you have absolutely no way of knowing up front that you are going to be sending that mail through Google. It looks like any other email address on a private server.
> Does Google use my organization’s data in G Suite services or Cloud Platform for advertising purposes?
> No. There are no ads in G Suite Services or Google Cloud Platform, and we have no plans to change this in the future. We do not scan for advertising purposes in Gmail or other G Suite services. Google does not collect or use data in G Suite services for advertising purposes.
> We do not scan for advertising purposes in Gmail or other G Suite services. Google does not collect or use data in G Suite services for advertising purposes.
You could drive several trucks sideways through the holes in that statement.
How about generating a "lifestyle profile" (or psych profile).
They could sell that to a third party, then buy back the profile compounded with other third parties's data to use for advertising. Bonus points if Alphabet (aka Google) control all the companies involved.
Right, what's the last time you checked the recipients domain MX record before sending an email?
That's just nonsense, nobody does this, people just send mail through some client and never ever check MX records by hand unless they are trying to debug some kind of problem, in fact, the vast majority of people have no clue that something like an MX record even exists. To them email is roughly equivalent to magic.
Perhaps its just the ex-sysadmin in me, but I've done it pretty frequently over the years. Pop open a terminal, host -t mx example.com, done. Mostly I do this when I think there's any chance that my email will get routed to a server in China (pipe the result of the host query through nslookup and eventually to a whois against ARIN to see whether the IP is allocated by APNIC), since I'd prefer to avoid that.
I get that it's not common or simple, but "absolutely no way" doesn't mean absolutely no way that's common and simple. It's doable and, if you want to avoid it, there's plenty of ways to ensure that you never send directly to a Google server.
That's your problem right there. The general population has no way of knowing this, you do, but that's only because of your professional background.
So, for lay people there is absolutely no way and that's the vast majority of them, for us internet techies there are ways but they are moderately involved and too impractical for everyday use. And even then, you've established that you will send your email through google, what are you going to do now? Ah yes, send it anyway.
you basically hit the nail on the head. And if Obama did nothing about it, you can sure expect Trump to follow suit with inaction as well. The consumer's only hope here is the EU.
Sometimes they do the right thing but I most certainly wouldn't bank on it! If we want change there has to be grass roots movements I think. If tech people would find a way to use word of mouth to convince people not to use FB then FB would collapse. Something along the lines of "Won't somebody please think of the children!" might do the trick ;)
That's actually why I gave up on avoiding it (after leaving my fb account dormant for ~5 years). If I'm being tracked anyway I might as well enjoy the social benefits of the platform, which are not insignificant.
FB absolutely knows more about me than any individual person at this point. I've decided, for good or ill, to accept that and leverage it; rather than feeling upset about my inability to enforce a right to privacy, I've decided it's more important that I should be able to enjoy being myself rather than having to hide everything. If powerful forces wish to abuse that, they can, but I'm happy to have that moral argument.
There is no way I will go down that route. That's defeat and it simply will not happen with me being an enabler. If that means I'll miss out on the occasional party then so be it.
How is that defeat? I have no desire to waste my precious time in an unwinnable arms race. My freedom of action and self-expression are my primary operational need, and I don't want to spend my life creeping around trying to conceal every fact about myself that might be employed as an attack vector. That's not liberty.
Don't you get it? It's not just about you. It's about all around you.
When you're using Facebook, you are doing 2 things: first, you reveal the personal information of everyone around you (bit by bit, each time you reveal your personal information). Second, you strengthen the network effect that incite, sometimes even force people to cave in, use Facebook themselves, and thus reveal their private information.
You don't know it, but using Facebook is not just a personal choice. It's a political choice.
Who are these people around me whose information I'm revealing, pray tell?
You don't know it, but using Facebook is not just a personal choice. It's a political choice.
I do know that, I don't know why you would think otherwise. Whether you understand my political motives is another question, though it's clear you don't agree with them.
I assumed your self-centred argument (your freedom, your needs…) stemmed from an oversight. I assumed you didn't know, or consider, the effect you have on others by using Facebook (specifically, giving up information about them, and strengthening the network effects that sometimes force people to use Facebook even if they don't want to).
But now you're telling me you're aware of these issues… I don't want to assume, but you sure look like an egotistical bastard at this point. Or a cynic. I'm not sure which is worse.
> But now you're telling me you're aware of these issues… I don't want to assume, but you sure look like an egotistical bastard at this point. Or a cynic. I'm not sure which is worse.
That seems a bit extreme... The effect on others is pretty minimal, what is so bad about using Facebook just because you like it, despite the small side effects on others? So your saying that anyone who uses Facebook after hearing about shadow accounts is a 'egotistical bastard'?
Depends on the expected magnitude of the effect. If small enough, you're still good. There are also ways to mitigate those effects, such as lurking only, never tag anything, use the "like" wisely…
It's not just about shadow accounts, by the way. There are more direct effects. For instance I was once forced to set up an account for logistic reasons (they used Facebook extensively, if not exclusively). Worse, when I tell them I didn't got some news (because I didn't check that account very often, and I turned off the very annoying notifications), they say "but I sent the mail" (they only used Facebook). I have since "deleted" my account, good riddance.
So, the effect on me was direct and significant. Depending on how you use Facebook, you can have a similar effect. The worst you can do is set up events and invitations on Facebook only, forcing your friends to either use Facebook, or drift apart.
But I'm under no obligation to limit my own utility so as to maximize the pool of people who are not on FB so that your digital footprint is proportionately more shallow, Jacques.
Suppose, in any case, that I persuaded my valued social circle (perhaps 10 intimates, 40 casual friends, 150 acquaintances) to move off FB to some other platform. This is unlikely as I'm not the only or most important reason reason they're on FB, but anyway: what would be different? OK, there would be less commercial exploitation of our information, but that doesn't seem like your primary concern. The NSA would, doubtless, still be vacuuming up our conversations just as the NSA vacuums up all the discussions we have here, and can easily cross reference our HN handles with our more detailed and specific identities on other platforms. I could posit a secure platform where everything was encrypted and all interpersonal communications metadata on said platform was cryptographically obscured, but then we'd have 200 going to the same site every day, presumably to communicate with each other in secret. That in itself would be of interest to intelligence gatherers, and how difficult would it be to social engineer oneself into a group of 200 people? Not very, and once inside one has most of the access one needs already because otherwise where is the utility?
I can't help feeling that you're arguing for a very highly highly elaborated version of security through obscurity. I prefer the security of knowing that if anything happens to me it will upset enough people to have negative ramifications for my antagonist. I find the conceit that we can have a situation where private actors enjoy all the benefits of instantaneous and frictionless communication but government actors are enjoined from participating even at the user level by virtue of the political authority they wield neither theoretically nor practically sensible.
> OK, there would be less commercial exploitation of our information, but that doesn't seem like your primary concern.
I wouldn't be so sure. Ads make money for a reason. I'm not sure I want giant corporations to play tricks with my mind so I by their products.
> we'd have 200 going to the same site every day, presumably to communicate with each other in secret.
If all communications were end-to-end encrypted, it wouldn't even look suspicious.
> how difficult would it be to social engineer oneself into a group of 200 people? Not very, and once inside one has most of the access one needs already because otherwise where is the utility?
Consider the costs and the scale. Unencrypted conversations can be archived and indexed at negligible cost. This is what enables mass surveillance. Social engineering however requires that an agent spends time on it. This is expensive, and thus only enables targeted surveillance.
I don't use Facebook either, and I've suffered for it, but I find your analysis here both overly simplistic and hampered by an obsolete framework.
With a billion daily active users, the problem is well beyond the individual human scale. Facebook lives, in its own right. If those users were cells, Facebook would be an organism of quite respectable size. There's only one action I can see, on the part of the individual, that poses a credible risk to the health of the whole.
Find a way to give Facebook cancer, and we can talk about individual actions affecting the problem as a whole. Until then, I don't see what it helps to throw around ultimata, especially ones like yours which in the past have embodied a significant threat of politically motivated violence - not, to be sure, something of which I accuse you, but connotations do matter, and those in particular are not conducive to worthwhile discussion in any way I can see.
I agree with this. Google and FB are semi conscious artificial intelligences. I further doubt that the chief executives or technologists at either firm enjoy direct conversation with said entities - they can communicate with them, but only in the crude reflexive manner of a doctor hitting your knee with a hammer.
I don't think they are conscious, i.e. self-aware, at even a minimal level; it's a human conceit to imagine that such awareness is other than orthogonal to intelligence. And even as intelligence goes, I should have to think theirs, whatever there is of it, is akin to that of an ant colony, rather than anything more like we'd recognize as resembling our own selves - and even that is really something of a philosophical point.
In any case, I'm less interested in parsing details of precisely which speculative definitions of artificial intelligence Facebook taken as a whole might satisfy, than taking the view (if perhaps only for the sake of this argument) that it does certainly satisfy at least some definitions of life based on its behavior, in particular its evident tropisms toward growth and self-preservation, for which no particular intelligence is even necessary - kudzu need not be intelligent to be a pestilential and highly effective thief of the resources required for a proper ecology to thrive.
Facebook's dominance is even more pronounced in parts of the developing world. I've met people in Asia (Myanmar and Nepal) who have just accessed the internet for the first time in the past 12-24 months (through their Android smartphones).
But they don't know the true internet - they only know the internet through the Facebook app. They use it like we use Google and web browsers.
To them, Facebook is the internet. They don't have email accounts. They don't use the browser. They don't search. I met someone in a small town who never even used the maps feature. I tried to think of what value the true internet might bring them, but when I suggested that "you can search for news and read other things", the response was that they already did that with the Facebook App.
One guy handed me his phone, so I could add myself as a friend on his Facebook. While I started typing my name, I noticed his search history... and to him, Facebook was even a substitute for what people in the USA might use Incognito mode for!
I would call Facebook their internet portal, but it's not really a portal to anything - Facebook is just the entire internet to them.
Buzzfeed (yes, Buzzfeed) did an excellent writeup of Myanmar, that mirrors what I saw there:
“Nobody asks, they don’t care about the email,” he said, explaining that most don’t know that creating an email address is free, and easy. “No one is using that. They have Facebook.”
Email also isn't very popular in China. I'd surmise it has something to do with the popularity of instant messaging in the new generation internet users.
Using email feels cumbersome compared to WeChat. Of course, you pay the price of having a single app do everything but most people don't even register that as a potential threat.
Yes. Also the fact that half of the west's trigger-happy sysadmins banned all Chinese IP addresses from virtually any cross-border SMTP activity because 'spam'.
wow. this is disturbing when you consider the original intent of the WWW, the evolution throughout the 90's and 00's. Only to end up with Facebook being the gateway for potentially billions of people from developing nations.
Google does some pretty scary stuff too.
I made a point of never giving them my mobile number or any "real information" about me.
When a friend of mine added me to his contacts, on his Android phone, he also added one of email addresses to the contact, which is the same one I used to register my Google account.
The phone automatically connected the mail address to my Google account and now every time I call him the (anonymous) picture of my Google profile shows up on his phone. Which I guess means that Google now also connected that phone number to the mail address/Google account.
Tbh that's really offputting: You can be as careful as you want and it will still be all for naught because friends&family just end up leaking your details everywhere without even noticing it.
The phone automatically connected the mail address to my Google account and now every time I call him the (anonymous) picture of my Google profile shows up on his phone.
That behavior doesn't require Google to have associated your phone number with your account; the mapping could be happening entirely on your friend's phone.
True, but it's still scary how the phone seems to be able to reverse lookup my email address to come up with the matching Google account. Which, I might add, originally started out as a YouTube account.
Considering how much Google tracks, I find it hard to believe they wouldn't save that mapping somewhere besides my friend's phone because this is exactly the kind of data aggregation and mapping which is driving large parts of Google's ad business.
I admit this might just be paranoia, tho this wouldn't be the first time my paranoia ended up being justified.
I had a similar realization when I found a private photo, so private that I had deleted it from everywhere in some Google's "backup" sites. I am very careful disabling every feature that could mean that personal images or text from my phone will end up "in the cloud" and still it got there through an accident... and a lot of Google's disregard for my wills. It's almost impossible to stop them.
The photo being private is most likely not what you think :)
I deleted it from the phone and my hard disk. I use to take photos with the phone, move through usb to the disk and never publish any photo anywhere.
Where I found it I don't remember because it was some Google site that I hadn't signed up for. I know, they're all connected, but I didn't even know it existed, much less that personal photos could go there.
My frustration comes from the fact that I had already visited several timesevery configuration and options page of the products that I use, choosing not to share anything anywhere with anyone and, god forbid, never backup phone and still it got there.
I have an idea why it could happen: a combination of "sync" option in the phone being activated by an accidental click with a lot of "creativity" in Google's part.
I'm done with this shit. When the time comes to buy a new phone, I will take some drastic measures. Maybe a dumbphone with tethering paired with a tablet, I'm not sure, but not this again.
Could you help me understand why you find that scary? It's not giving him any information which wasn't previously available to him. I think you're concerned that people are overlooking his screen, and you'd rather he explicitly choose everything that pops up when you call? Do you think he wouldn't have included any identifying information about you?
As a user, I'd rather have not only a name but also a picture of a person pop up when they call me, and I'd rather it happen with as little work as possible on my part.
(disclaimer: I work for Google, although I had nothing to do with how this works)
OP desired to keep his Google associated email and non Google associated phone number separate, and behaved as such. That's a very reasonable thing to want and do.
But Google used OP's friend's phone, bought from them, to surreptitiously acquire the connection between his email address and phone number.
That was against OP's desire, and his friend never explicitly agreed to provide that information. I fully understand why he would be upset.
I think everyone is misunderstanding the complaint. Google does not link phone numbers to accounts based on being added to he same contact. The poster is just complaining that it shows the photo from his Google profile (attached the the email his friend already knows) and shows that when he calls from his phone number (that his friend also already knows and added to the same contact).
Oh, yes, I missed a sentence: "Which I guess means that Google now also connected that phone number to the mail address/Google account." So I suppose freeflight's concern is what information the friend gave to Google, not what Google gave to the friend or what the friend's phone is displaying to onlookers.
This is how cloud services work. Google stores the friend's contact data, which has a contact with both freeflight's phone number and email address.
What is it you fear that Google is doing with this information? And what would it take for you to be comfortable?
Not OP, but: it would take for cloud services not to work this way. Regardless of whether Google is going to do anything with this data, the fact that tech-literate people aren't able to prevent just this from happening even when trying really hard makes one wonder how any one could avoid anything.
It occurs to me that I'd like to see some reportage on which parts of the TOS cover these evergreen frustrations. Is it the "share your information with third parties" clause? Is it "to improve Google services?" Something else? Surely every element of surprise can be responded to with "Oh, well you gave them that permission in Section F, subsection 3(n)."
Usually its to the tune of 'by using this service you agree to grant Google a non-exclusive royalty-free worldwide license to reproduce and redistribute' etc.
I wonder if I could exploit this to make false associations, e.g. save an email address with someone else's number to make that profile pop up whenever that person calls someone.
Sure, I mean one way to combat this is through data warfare and sabotage. If enough people behave erratically and poison the well of data it will make it harder for these companies to infer as much as they do now.
For example, click, view, watch, like at random ads and if enough people do this inference will be harder.
On the other hand, whatever brings power away from large telecoms is good for all of us, even it means integration with Google makes calling simpler and easier.
None of these companies are our friends. Not even in the 'enemy of my enemy...' sense, as these companies happily partner with eachother whenever it makes sense financially.
"All of us, when we are uploading something, when we are tagging people, when we are commenting, we are basically working for Facebook,"
Tapping, scrolling and even just having the app with Location Services installed means we are actively working for Facebook, and Facebook is actively working on us.
We are effectively lab rats to this self-perpetuating Orwellian superbeing. Nothing will stop it. It will use any means necessary to increase its yield of attention spend. Increases in HCI bandwidth will only extend its tentacles, eventually digging an orifice into our brains, Matrix/Neuralink-style, to run tests on us about how to better harvest us.
Before that, some of us will already be living on Planet Oculus.
The next Trust has earned that status like 5 years ago, yet here we are, still just gathering data.
The resource it trades in is intrinsically more valuable to Man than Oil. How much do you value your time, considering that is how you measure life? 2B users, people. How many lifetimes are spent a second on Facebook?
Ted Kazinski (the Unabomber, who tried to slow technological progress through terrorism) tried the path of regret and it didn't work out well. Is there another branch on that path that you think works better?
My attitude is: let's accept that things are changing, but try to build tools that make people better equipped to deal with the bad stuff we anticipate happening.
I've posted it before, and I'll post it again. I've never been a big fan of facebook, having deleted it for years after I started dating my first girlfriend, but unfortunately it is the only way to access Tinder now that we are broken up.
Facebook is addicting. I would scroll, like, and get into political arguments. They knew how to play me.
About five months ago I went in and unfollowed literally every single person on my facebook. I deleted every post I'd ever made. I locked down every privacy setting I could.
Since then, besides messenger, I have spent probably a total of an hour or two on facebook (in five months!). I can not heartily enough recommend doing the same to every person who might so read this.
Social media has done some amazing things in terms of coordination of people's who might not otherwise be able to connect. But their addictive algorithms which concentrate and sell information on billions of human beings are presumably a threat to us all.
It annoys me how much I want to leave Facebook (if only to stop them gathering MORE data on me - I can't erase what they have) but don't because of the convenience of getting in touch with or finding out more about whoever I meet in meatspace.
The fact that they try to force me to install their messenger app by making messaging through a mobile browser difficult is particularly infuriating and reveals how much they have their intentions at centre and not the benefit of their users/products/suckers (whatever you want to call us) now that they have the critical mass that people like me don't leave because everyone else is on it.
> The fact that they try to force me to install their messenger app
Treat it as asynchronous communication, using a client like Swipe for Facebook (for Android, don't know about iOS alternatives) to look at messages when you feel like doing it.
Use another app for synchronous purposes. Facebook's own WhatsApp is a lot more secure, for starters.
If you have the option, hosting your own bitlbee instance with bitlbee-facebook plugin [1] could be even better, since you can access it with any irc client you like. The additional benefit of always being logged in (and messages being marked read as soon as the come) is that facebook has no way to monitor your passive usage of their chat service.
I did it two years ago. Never been a problem. Sms and calling still exist. People started to write me nice emails. The feeling you are missing something is gone arter two weeks.
Actually only thing that is somehow annoying are events. Its facebook secret sauce. They limit the api (you cant add events through api > no automatic repost) so every event around me ends up only on fb. I am talking about public events, concerts, lectures etc. Venues are using fb as calendar so much that many of them dont even put it on their own site anymore.
Yeah, the way they prevent you from reading public posts, sometimes cutting them off half way through to demand you make an account really pisses me off.
Same for Yelp who makes you install the app if you want to view more than 10 photos.
On Android there is the app Metal, which is basically a browser that shows the facebook page. It has a few tweaks to improve the user experience and because its a browser facebook cannot access contacts, gps etc. Messaging works. It's great.
Is it ? I read the article and was pissed that there was no link to the actual charts or source.
I'm not sure what you're referring to with big data phobia, computer related privacy concerns have been around for a couple decades before facebook beginnings, IIRC it was a thing a few years before zuckerberg's birth. Then privacy concerns about facebook have existed a little while before its conception with Facemash.
It doesn't read as sponsored, it'd be more circumspect. More like, the reporter found it and thought it was cool so he interviewed "Dr Julia Powles" about it so he could write an article on it. You can ask him on Twitter: https://twitter.com/joemillerjr
When Facebook has pwned everything that's left to pwn, are we going to look back and say, oh, we were warned, why didn't we heed the warning of all those writers... who had "like" links on their page before the content even started. No.
I thought NSA was supposed to be limited to foreign intelligence, facebook has no such limitation. Besides IIRC CIA's IN-Q-TEL is among the first investors in facebook.
So facebook is much more that NSA, though they probably provide the NSA. AFAIK the "social media website" label is the PR/marketing way to say "global tracking/surveillance tool fueled by exploiting its registered users".
I don't know where you got this idea. The NSA is known for being close to useless in terrorism matters and champion of industrial espionage and spying on political leaders.
I read the Share Lab metadata report, based on an examination of the metadata in the headers of the emails exchanged between Hacking Team members. The level of detail this provides on the network and on the individual members of the team is extraordinary. Now in the case of Facebook, imagine that times 100, then add AI to slice and dice the data better than a team of the world's top 1000 data scientists working on the analysis of some tiny portion of the data for some particular purpose, for a year... Just one consequence: think of what Facebook and Google have on every politician in the United States, in the world.
There was an interesting article published on arxiv 10 days ago titled: Social Media-based Substance Use Prediction or as MITTechRev titled it: Your Facebook activity can reveal whether you are a substance abuser..
I signed up for facebook two years ago, didn't put any real information on there, then haven't touched it since. I still get emails about "people you might know" that they have absolutely no business knowing about and aren't in any way connected to my immediate family. It's creepy and I don't want them storing that information about me, but there's nothing I can do. I've been cautious about putting my information on the internet since I got my first computer in 1995. But that information got out there somehow anyway.
I created a Facebook account because I was doing something with a Facebook API, long enough ago that I have forgotten the details of the project. However, lurking in my spam folder there is always 'you have more friends than you might think' as a subject line in there somewhere, from Facebook, trying to lure me back in.
The thing I find funny about this is that they only send out emails with that one subject line. I don't open the emails so the suggested 'friends' might be different with each email, however I am curious why they don't change the subject line, to 'A/B test' me into being part of the known universe of Facebook. Clearly 'you have more friends than you think...' has not worked.
If they had bothered with the 'shadow account' then they would have targetted me a bit better, if they found a Facebook group that was likely to appeal to me then they could theoretically lure me in with 'Cats with Facebook accounts in your area' or 'Today's pictures of squirrels enjoying lunch...' but no, let's just try the email that didn't work last time or the time before.
Sure they have surreal algorithms that are totally creepy in a stalker way that is totally Peeping Tom and should gross people out, but, as per the dumb emails there is nothing that smart about what they are doing.
That's the beauty of it, the useds themselves are snitching on their friends. Not only are facebook useds working for facebook for free exposing themselves and others, they also provide troves of metadata.
I think this should be analyzed in connection with Uber's GreyBalling (https://www.google.pl/search?q=greyballing), and maybe also with the diesel emission cheats. Corporations are gaining power and sooner or later they'll start disregard the law - because states will not be able to enforce it.
you are about a century late here, the whole 20th century was about democratic and freedom progress, a shift of power from politician to corporations and corporations using the acquired power to fight against and protect themselves from the democratic progress.
So the American TV show "Person of Interest" really isn't that far off the mark. If FB is a known and readily available commercial product, imagine what DARPA, NSA, NGIA, etc. must have.
I do not use any Facebook mobile app (may track my microphone, location, etc...terrible!). I use Facebook's site in a browser (usually Chromium) in which I don't otherwise browse the net or do anything else except email. For browsing, I use the Epic Privacy Browser.
The is some kind of disconnect happening here. The tone and content of many comments here reflect an attitude that it's a given that FB having data about, anything, is bad. (Not universally in this comment thread, there are some dissenting views, but I'm reference what I see as the general rhetorical tone.)
My guess is that your average civilian does not view the fact that FB is acquiring vast amounts of data about them, and their social networks, as an a priori "bad thing."
I do hear non tech people make comments that the targeted advertising is creepy. But I doubt many people lose any sleep over this, let alone take dramatic action, like "quitting social media."
So, if one is concerned, on a civic level, that the growing datasets of personal information is a genuine threat to some particular community, and one wanted to act against it, the most important action would be to develop, and share, persuasive arguments to support this point of view.
I do not see such arguments being made. That can persuade an average person that all of this personal data being collected is going to hurt them and/or their community.
On the contrary, there is ever increasing participation in social networking. Many people do not crave privacy: they crave an opposing instinct, which is to be known, and to know about others. A lot of others.
The amount of personal information being actively shared, to as wide of an audience as possible so, on YouTube is astonishing.
In the proverbial "real world" the most dramatic and obvious potential for "cyber-hsrms" are the result of criminal activity.
When is comes to actual and potential threats to individuals and organizations well being, the second largest institutional force would be government. So far, for US citizens, the government has not been causing disproportionate harms from the IT realm, as compared to benefits.
On the other hand, If you were a peasant maimed in an incident of "collateral damage," from a US drone strike, the real world, personal, harm would be immense.
When it comes to the corporate realm, there is a financial-military-intelligence-political complex that is a far greater threat to everyone's life and liberty than FB.
At root, the business of FB is about making connections and sharing information, There are two main realms of activity, which symbiotically support each other. That is, the social realm, and the commerce realm.
These are essentially constructive activities.
There really is a need for companies to market their wares effectively, and FB have created a viable platform to do so.
The value of FB is not just all the user created data. A lot of work and resources go into the technical, marketing, and managerial challenges of building such a company. For many people, trading their personal data to get the social benefits is a "no-brainer."
Personally, I prefer the tracked advertising, as it actually is far more relevant to my interests. I often find interesting products and services, that I might never have otherwise found.
I can certainly imagine scenarios where the hegemony over mass personal information datasets, held by the big tech companies, does in fact lead to objectively bad outcomes for the users of these social networks.
Where I see the biggest threat,that derives from sharing so much personal data with a company like FB, actually relates to the threatening activities of the two large social forces I meantioned above, the government, and criminals.
The government, especially in the US, has vast resources, as well as the exclusive monopoly on legal violence. if it was decided by the executive or legislative branches that it was absolutely essential that Facebook turn over all their data to the intelligence agencies, due to the need to crack down on dissent, social unrest, then, yes this could be bad.
Obviously, if hackers managed do to breach some of these massive datasets, then there could be some very damaging effects.
It's interesting to note that so far FB and Google haven't suffered massive data breaches.
Fundamentally, a company like Facebook does not want to do its users harm. They actively resist efforts by both the government and hackers to get their hands on these datasets.
I am very curious to hear if anyone has articulated a narrative by which the "dark side" of of the big data companies actually starts to cause harm to people. (I mean in a statistically significant way. There are bad outcomes for people that relate to the social network companies, but these tend to one-off."
In my mind, it's one thing if FB collects data on people who are actually users of the service and collecting data on people who don't use the service at all. People who don't use the service haven't agreed to any FB terms of service at all, but FB acts the same way about people who agree and those who haven't even seen a FB ToS.
> if it was decided by the executive or legislative branches that it was absolutely essential that Facebook turn over all their data to the intelligence agencies, due to the need to crack down on dissent, social unrest, then, yes this could be bad.
This already exists, it's called the patriot act. Snowden showed that the US government has its hands in facebook and google's data. And you may have heard of the foreigner who got refused entrance on US soil at the border based on their facebook private messages.
> It's interesting to note that so far FB and Google haven't suffered massive data breaches.
More like such data breaches have not had much if any media exposure. IIRC gmail suffered a few of those from China and Russia alreaddy, and both facebook and google were tapped by the US agencies.
They have shadow profiles of people not on the service. It's more like "don't like it hope nobody socially linked to you uses it" which is pretty much a zero percent chance unless you are a Sentinelese fisherman.
There has been no corresponding increase in the difficulty of invading privacy. 30 years ago, even though you probably “could” observe somebody for a long time and eventually connect some dots about them, it would not really have been worth your while (and you certainly wouldn’t have been able to do it for thousands or millions of people). Now, it is ridiculously easy for computers to dredge up information and instantly transmit it, slog through it and basically connect every imaginable dot. There needs to be a new standard for privacy: just like you want a 2048-bit key, you want the equivalent of a “make life a pain in the ass for Facebook” key on EVERY DETAIL of your life.