How does a credit score service know which of the dozens of John Does you are on Facebook?
The only ways in which this can work is a) you have a pretty unique name on FB or b) you have to give your FB name on your credit application (if I'd see this on a form, I'd just tell the bank guy to forget everything and walk out).
Of course, this opens a possibility for manipulation - either you use someone else's clean FB page, or a malevolent entity creates a profile in your name, or you yourself have one "clean" profile and one "real" profile which many people already do to hide their pot smoke pics from potential employers.
The credit score service doesn't know, but FB does.
Can you imagine that FB sells this information anywhere in the near future? I bet they can make great profiles of you, and compared to a big pile of people with similar profiles, the bank can see what profiles predict risk.
First, the bank might not care whether it's really you. If there is someone with "bad behavior signs" who is sufficiently similar to you the prudent thing to do if you want to minimize loan risk is to assume that it's you. Secondly, it's really simple to deanonymize data. Check for example
As the site name implies, you need just 33 bits of good information to distinguish every person on Earth. It's not hard to get enough bits from your Facebook timeline to cross-correlate it with other stuff the bank might know about you.
I am one of three people in the entire world with my firstname, lastname combination. One of the other two goes by a different name, and the other is Portuguese.
1) That would be why they are trying to push their irresponsible "real names" policy.
2) Let's not forget they have more than your name. They can geolocate your IP, for example, to get an approximate location. If I remember correctly, name and zip alone has something like an 85% chance of uniquely identifying someone. If you tell them your birthday, that chance goes up into the high 90s.
3) Once you have their cookie, they have many other sources of information thanks to "beacon"[1]. Identification becomes significantly easier when they have other businesses adding data.
Why would you keep your FB posts public and not limited to your friends or to some subset of those (depending on what you are posting)?
Comments here seem to once again indicate as if everything posted to Facebook was automatically and irrevocably public. I don't really see that going on at least on my group of friends.
If FB couldn't figure out who you are, they locked your account and required a photo of your driver's license or other state/national ID to verify identity.
It seems unlikely that this process will involve a human to intervene. Bots could do this easily, and could exploit things your friends share without you knowing. "I got super wasted with x last night" being posted or...
Or worse. They get access to those Facebook Messages?
You can create user groups or G+ style circles on FB. For instance, I've got posts that only my friends see, most of them are also visible to my parents and very few are visible to acquaintances.
Add the representative of the bank to one of the limited visibility groups.
A rare outbreak of common sense in US labour law, although I suspect Facebook also lobbied for it - it's against their TOS to give your credentials to the interviewer.
Because _everyone_ has a facebook account? Bank/work somewhere else if the prerequisite is to have a facebook account that is accessible to people who are not your friends.
Alternatively, if you are genuinely worried about being able to do this, I would advise setting up a public profile separate from a personal one (cpt obvious).
I remember when it was a faux pas to put your real name on the internet - long live the days of having an alias that you can make a whole bunch of mistakes to a private group of friends without being publicly remembered for it.
I could see this starting as an opt-in for a little bump (of rate, score, etc.) in your favor, like how the car insurance companies give you a discount if you let them log your driving and it shows safe behavior (e.g. https://www.progressive.com/auto/snapshot/)
I post default-public, on purpose. I welcome everyone to stalk me on Facebook as much as they like and to comment on anything that's interesting for them. I have very little personal secrets I want to limit access to, and generally live a single life. I understand it's a privileged position, as I'm just a pretty average straight, white, male, cisgendered, neuro-sort-of-typical Western geek, but I see no reason to post private when I don't need it.
I understand most people limit posts to friends or friends-of-friends (the latter is I think the default setting on Facebook now), though this kind of annoys me when I want to learn something about a person I'm not friends with and see an empty profile, or when I want to share a post from one friend to another friend (usually in a private message, in the form of "look at this insightful post or funny picture I saw on my timeline"), but the former has the post visible to his friends only, and the latter isn't friend with them. There are trivial workarounds for last case though.
EDIT: I'm not telling anyone that they should go full-public. But OP seems to be bewildered by the fact that some people do in fact keep full-public profiles on purpose.
In threads about Facebook I see people so focused on various minorities and corner cases that they act surprised by behaviour of people on Facebook, even though said behaviour is perfectly ok for the vast majority of Facebook's users. I think it's good to remind everyone that not everyone wants everything they do to be as private as possible, or has a reason to. In fact, most users don't.
It's people like you who are telling the US government that it's ok to surveillance citizens. With your logic, you are saying you have no reason to hide anything, so the government can keep tabs on you. Just because you have nothing to hide doesn't mean you can become a victim of an error as well. Take this story http://www.wired.com/2015/10/familial-dna-evidence-turns-inn... where a man who "has nothing to hide" and innocent became the suspect in a murder due to him sharing similar DNA It could be you one day, you don't know.
Hey, I'm not telling the USGOV anything. I'm also pointing out that a lot of people have perfectly good reason to have default privacy level set to "full public", and it's neither weird or wrong. I responded to a HNer apparently bewildered by that fact.
I support you keeping whatever privacy level you like, but don't force me to hide things if I consciously, in full physical and mental capacity, decide I don't want to.
You can also be tagged in other people's posts, which you have to actively remove from photos (and I don't think it's possible to remove name-references in text at all).
Your group of friends is not a representative sample, and neither is mine.
There's a setting that makes tagging require you verify and accept the post/photo. I.e. when I turn it on, you can type the letters making up my name, but without my explicit consent given on a case-by-case basis, the name won't turn into a link to my profile. Not everyone enables it, but it's not an obscure feature either. Also, some combinations of privacy settings make you disappear from the tagging suggestion lists completely, but I haven't figured out how it works yet.
there's Timeline review (though I don't think it's exactly what he's saying, it lets pictures tagged with you avoid your wall unless you explicitly accept it)
Went and checked. There are two things you can do:
1) The second option on Settings/Privacy page controls how things you're tagged in end up on your timeline. On my account there's a link that to the Timeline Review page[0], on which you can enable or disable reviewing things before they become visible on your timeline.
2) There's a whole Settings page for Timeline and Tagging[1]. There you can control who can post on your timeline, how tagging you will work, whether your friends will see posts you get tagged in and whether or not you appear in tag suggestions. The tagging options work across Facebook, not just for your timeline.
I can't tag you if you don't have a Facebook account. What are you proposing? That typing someone's name without their consent should not be allowed? I think that would be seriously infringing on the right to write things.
> Putting the responsibility on the named person is just another form of victim blaming.
Victim blaming is quickly becoming a term for "I don't like how the reality works, so I'll just throw a temper tantrum".
> I can't tag you if you don't have a Facebook account.
I have no idea if that's true now. Historically, this was encouraged. I know my name has been added on pictures by my sister, at a minimum. I've never had an account at FB and never will. I'm assuming it is common knowledge on HN that just because you haven't registered an account with facebook doesn't mean your account doesn't exist.[1]
> That typing someone's name without their consent should not be allowed?
Obviously not. This thread is about credit scores, which facebook shouldn't be influencing based on hearsay. The bigger point is that "failure to opt-out" is not consent.
> Victim blaming is quickly becoming a term for "I don't like how the reality works, so I'll just throw a temper tantrum".
Absolutely not. Just because technology has allowed a power shift away from individual rights doesn't mean that's the way "reality works". The entire point of law is that we shape these aspects of society. It is not a "temper tantrum" to point out that responsibility doesn't fall upon the individual just because a rent-seeking corporation framed the discussion in that manner.
An easier to understand variant of this problem is so-called "identity theft". Nobody can steal your identity. They can impersonate you, but you still are the same person. The actual problem is e.g. banks giving loans to people without properly verifying the identity of the person. As a 3rd party, the bank has no valid reason to involve you in their, but by calling it "identity theft" they re-frame the situation as if was the your responsibility to keep your identity from being stolen (which is basically impossible).
Facebook is gathering, processing, and storing my personal information (my name, my face) without my permission, and not acting when people ask them to stop processing and storing information about me.
Facebook never deletes anything. An object (account, photo, posting, comment, like, etc) may no longer be visible, but it still lives on in FB's massive data repository.
There's so much potential for mis-scoring here. Take the 'wasted' example. You can't just grep for the word, it depends on the context. e.g. What if someone is a big fan of the GTA games? The game uses the phrase 'wasted' when you die - so if you happen to be posting GTA videoe, your descriptions might end up lowering your credit score!
Credit scores at the moment at least can be queried and mistakes corrected. This new kind of scoring will be opaque and unaccountable.
50 comments
[ 3.7 ms ] story [ 108 ms ] threadhttp://webcache.googleusercontent.com/search?q=cache%3Ahttp%...
The only ways in which this can work is a) you have a pretty unique name on FB or b) you have to give your FB name on your credit application (if I'd see this on a form, I'd just tell the bank guy to forget everything and walk out).
Of course, this opens a possibility for manipulation - either you use someone else's clean FB page, or a malevolent entity creates a profile in your name, or you yourself have one "clean" profile and one "real" profile which many people already do to hide their pot smoke pics from potential employers.
Can you imagine that FB sells this information anywhere in the near future? I bet they can make great profiles of you, and compared to a big pile of people with similar profiles, the bank can see what profiles predict risk.
http://33bits.org/2011/03/09/link-prediction-by-de-anonymiza...
As the site name implies, you need just 33 bits of good information to distinguish every person on Earth. It's not hard to get enough bits from your Facebook timeline to cross-correlate it with other stuff the bank might know about you.
It must be nice to have a common name.
2) Let's not forget they have more than your name. They can geolocate your IP, for example, to get an approximate location. If I remember correctly, name and zip alone has something like an 85% chance of uniquely identifying someone. If you tell them your birthday, that chance goes up into the high 90s.
3) Once you have their cookie, they have many other sources of information thanks to "beacon"[1]. Identification becomes significantly easier when they have other businesses adding data.
[1] https://en.wikipedia.org/wiki/Facebook_Beacon
Comments here seem to once again indicate as if everything posted to Facebook was automatically and irrevocably public. I don't really see that going on at least on my group of friends.
Could they do that? You'd probably have to read (and keep up with) the T&Cs.
Same as for us foreigners who don't have any credit rating records valid in US. Meaning you get the crappiest deals and worst apartments.
Or worse. They get access to those Facebook Messages?
Add the representative of the bank to one of the limited visibility groups.
Not sure how that works when FB API is used.
I seem to remember a lot of articles about that and then it just stopped.
A rare outbreak of common sense in US labour law, although I suspect Facebook also lobbied for it - it's against their TOS to give your credentials to the interviewer.
Alternatively, if you are genuinely worried about being able to do this, I would advise setting up a public profile separate from a personal one (cpt obvious).
I remember when it was a faux pas to put your real name on the internet - long live the days of having an alias that you can make a whole bunch of mistakes to a private group of friends without being publicly remembered for it.
I post default-public, on purpose. I welcome everyone to stalk me on Facebook as much as they like and to comment on anything that's interesting for them. I have very little personal secrets I want to limit access to, and generally live a single life. I understand it's a privileged position, as I'm just a pretty average straight, white, male, cisgendered, neuro-sort-of-typical Western geek, but I see no reason to post private when I don't need it.
I understand most people limit posts to friends or friends-of-friends (the latter is I think the default setting on Facebook now), though this kind of annoys me when I want to learn something about a person I'm not friends with and see an empty profile, or when I want to share a post from one friend to another friend (usually in a private message, in the form of "look at this insightful post or funny picture I saw on my timeline"), but the former has the post visible to his friends only, and the latter isn't friend with them. There are trivial workarounds for last case though.
EDIT: I'm not telling anyone that they should go full-public. But OP seems to be bewildered by the fact that some people do in fact keep full-public profiles on purpose.
In threads about Facebook I see people so focused on various minorities and corner cases that they act surprised by behaviour of people on Facebook, even though said behaviour is perfectly ok for the vast majority of Facebook's users. I think it's good to remind everyone that not everyone wants everything they do to be as private as possible, or has a reason to. In fact, most users don't.
I support you keeping whatever privacy level you like, but don't force me to hide things if I consciously, in full physical and mental capacity, decide I don't want to.
Your group of friends is not a representative sample, and neither is mine.
Where is that?
1) The second option on Settings/Privacy page controls how things you're tagged in end up on your timeline. On my account there's a link that to the Timeline Review page[0], on which you can enable or disable reviewing things before they become visible on your timeline.
2) There's a whole Settings page for Timeline and Tagging[1]. There you can control who can post on your timeline, how tagging you will work, whether your friends will see posts you get tagged in and whether or not you appear in tag suggestions. The tagging options work across Facebook, not just for your timeline.
[0] - https://www.facebook.com/INSERT_PROFILE_NAME/allactivity?log...
[1] - https://www.facebook.com/settings?tab=timeline
> Putting the responsibility on the named person is just another form of victim blaming.
Victim blaming is quickly becoming a term for "I don't like how the reality works, so I'll just throw a temper tantrum".
I have no idea if that's true now. Historically, this was encouraged. I know my name has been added on pictures by my sister, at a minimum. I've never had an account at FB and never will. I'm assuming it is common knowledge on HN that just because you haven't registered an account with facebook doesn't mean your account doesn't exist.[1]
> That typing someone's name without their consent should not be allowed?
Obviously not. This thread is about credit scores, which facebook shouldn't be influencing based on hearsay. The bigger point is that "failure to opt-out" is not consent.
> Victim blaming is quickly becoming a term for "I don't like how the reality works, so I'll just throw a temper tantrum".
Absolutely not. Just because technology has allowed a power shift away from individual rights doesn't mean that's the way "reality works". The entire point of law is that we shape these aspects of society. It is not a "temper tantrum" to point out that responsibility doesn't fall upon the individual just because a rent-seeking corporation framed the discussion in that manner.
An easier to understand variant of this problem is so-called "identity theft". Nobody can steal your identity. They can impersonate you, but you still are the same person. The actual problem is e.g. banks giving loans to people without properly verifying the identity of the person. As a 3rd party, the bank has no valid reason to involve you in their, but by calling it "identity theft" they re-frame the situation as if was the your responsibility to keep your identity from being stolen (which is basically impossible).
[1] http://arstechnica.com/tech-policy/2015/03/report-facebook-t...
That's probably not legal in EU.
Credit scores at the moment at least can be queried and mistakes corrected. This new kind of scoring will be opaque and unaccountable.