Why serious breaches of trust such as this don't immediately receive outside, completely foreign, third party (all of it!) investigation is beyond me. None of this should be news - it should be implied. For the same reasons PDs shouldn't "investigate" their own abuses.
In my humble opinion, this should be the task of the browser, not the task of every site that links somewhere.
Moreover, I always mute the speakers of my computer, for exactly that reason. When I do want sound, I usually connect my headset or an external speaker. The computer's speakers remain muted. In the rare cases where I do want to use the computer's speakers, I unmute them, and mute them when I'm finished. This is so seldom that it's not a big deal.
Back to browsers, I wonder why those implemented auto-play for videos in the first place. More specifically: I wonder why they auto-play audio, as I don't see that issue with animated GIFs. Moving ads are annoying, but not remotely as bad as an unexpected sound.
The upcoming Firefox versions are very promising in that regard:
Even the strongest setting "Document user activation is required" isn't good enough. It means one click in the page will cause the video to start playing, which is annoying and highly game-able. I don't want a click somewhere on the page to cause a video elsewhere on the page to start playing. Every content site is going to do something to require you to click, like not showing the whole article and having "Click to expand".
It is really a pity that there are so many browser extensions who get this right, but the browsers themselves don't.
That's why it is so refreshing to see at least one of them (Firefox) actually trying to get it right.
The technical term for a browser is "User Agent". That naming may be historic and old-fashioned, but it was named that way for a reason. It's time to restore the original meaning, to make the browser an agent who actually acts on behalf of and in the interests of the user, not the website creator.
Not picking sides here in the FB debate, but how can you trust anything that Jim Cramer says? The guy failed spectacularly during the financial crisis. He flips a coin, chooses a view, and goes with it...
Even a broken clock is right twice a day. And I would even go much further by saying that not one Facebook employee should be trusted to handle the fallout.
Well, given that trust is relative, this scandal seems to involve a whole lot of people implicitly saying you should trust them more than Facebook.
And that's the thing. I don't trust Facebook but I would trust less any plan to externally regulate Facebook.
The government already forces Facebook and Google to divulge information to them. No one should trust any public Internet forum with their personal information but there's a lot of "impersonal information" that's still safe to share. The best way to deal the recent revelations is to stop giving up any information online, not to Facebook or to anyone. Posting text to Facebook or whoever is secondary. (browse and post anonymously but keep a "vanilla" social media profile for border and other other fun).
This all comes down to Facebook selling a kind of "privacy" that's been inherently rendered meaningless by the Internet age - privacy where "people know" get your data but somehow this information won't leak beyond this porous group.
This incident by itself is less important than the Equifax leak but the precedent set by it, knowledge that all your FB posts/likes/comments are floating out there independent of FB, is hitting the public consciousness harder, we already knew credit rating agencies had tons of information on our financial decisions, most people didn't think FB was just letting people take their info willy-nilly.
1. Equifax had a security breach. Facebook just had an instance of a 3rd party misusing data they were known to provide to external developers. Aka, Equifax lost data that should never left their servers, vs Facebook found out some data, amongst the ton that leaves their servers on a usual basis, was misused. Don't get me wrong, that's bad, but not "we got hacked and lost a ton of info that should very much be ket secret" bad.
2. Facebook involved 50 million users. Equifax involved 143 million [1].
3. Equifax leaked credit card numbers for 209k people, and dispute documents with personal identifying information of 182k people [1]. It's unclear exactly what info about users was harvested from facebook, but there's no API access to credit card numbers for example.
4. Repercussions; CA claims huge influence elections because that's what they sell, of course they'll market it like that. There's some debate about their effectiveness [2], and it's worth adding they're not the only or the first ones doing it (Obama used micro-targeting with Facebook data too). The way CA got their data is just more sketchy, and of course, involvement with Bannon makes it all the worse.
One can't pinpoint what exactly happened with the Equifax data, but it's clear it could be sold and used for identity theft and other fraud, since it includes SSNs, addresses, and in some cases credit card and license numbers [3].
It's bad that Facebook wasn't quicker to address the issue, inform users or take actions to find other leaky 3rd party apps, but Equifax was IMO definitely much much worse.
Can we stop calling this a data leak? This was business as usual. What Cambridge Analytica did is SOP for almost every organization that's large enough to do their own ad targeting. I know personally of several information brokers that are actively buying and selling these kind of data sets on exponentially larger scales, not to mention hundreds of middlemen in the advertising industry that each have their own databases. I'd be willing to bet at least half the users of HN work at companies with splunk databases that could be used to infer a lot of the same data CA used. I made a Facebook app in college that was used by under a thousand people and I remember being able to scrape email addresses from friends of friends. Am I crazy or does everyone just have their heads in the sand?
Framing this as a "Facebook data leak" makes it seem like the problem was people we don't like got a hold of our precious data, not that our entire industry is funded by the mass harvesting and reselling of personal information.
Yeah, I thought about this, but not calling it a data leak normalizes the activity. ~200k people installed an app that gave up ~50 million users' data. Those users may have consented to handing over their data in the ToS they agreed to, but it still feels icky. I'm perfectly fine calling it a data leak if it means more press coverage about bad data practices at modern Internet companies.
29 comments
[ 2.7 ms ] story [ 77.4 ms ] threadMoreover, I always mute the speakers of my computer, for exactly that reason. When I do want sound, I usually connect my headset or an external speaker. The computer's speakers remain muted. In the rare cases where I do want to use the computer's speakers, I unmute them, and mute them when I'm finished. This is so seldom that it's not a big deal.
Back to browsers, I wonder why those implemented auto-play for videos in the first place. More specifically: I wonder why they auto-play audio, as I don't see that issue with animated GIFs. Moving ads are annoying, but not remotely as bad as an unexpected sound.
The upcoming Firefox versions are very promising in that regard:
"Block video auto-play: Firefox will provide users with a way to block video auto-play that doesn't break websites." https://wiki.mozilla.org/Firefox/Roadmap
"Implement new autoplay policy" https://bugzilla.mozilla.org/show_bug.cgi?id=1382574
Even the strongest setting "Document user activation is required" isn't good enough. It means one click in the page will cause the video to start playing, which is annoying and highly game-able. I don't want a click somewhere on the page to cause a video elsewhere on the page to start playing. Every content site is going to do something to require you to click, like not showing the whole article and having "Click to expand".
I've been using AutoplayStopper and it works wonderfully: https://chrome.google.com/webstore/detail/autoplaystopper/ej...
Once you start using it it's shocking how many (attempted) autoplay videos there are that you never noticed.
That's why it is so refreshing to see at least one of them (Firefox) actually trying to get it right.
The technical term for a browser is "User Agent". That naming may be historic and old-fashioned, but it was named that way for a reason. It's time to restore the original meaning, to make the browser an agent who actually acts on behalf of and in the interests of the user, not the website creator.
It is not like they ever had a different business model than making money out of userdata.
It is just the first time this is becoming a real story because somebody made it a bit too obvious.
And that's the thing. I don't trust Facebook but I would trust less any plan to externally regulate Facebook.
The government already forces Facebook and Google to divulge information to them. No one should trust any public Internet forum with their personal information but there's a lot of "impersonal information" that's still safe to share. The best way to deal the recent revelations is to stop giving up any information online, not to Facebook or to anyone. Posting text to Facebook or whoever is secondary. (browse and post anonymously but keep a "vanilla" social media profile for border and other other fun).
This all comes down to Facebook selling a kind of "privacy" that's been inherently rendered meaningless by the Internet age - privacy where "people know" get your data but somehow this information won't leak beyond this porous group.
I couldn't care less what the hell Facebook does with the data I have given them. I gave it to them willingly.
1. Equifax had a security breach. Facebook just had an instance of a 3rd party misusing data they were known to provide to external developers. Aka, Equifax lost data that should never left their servers, vs Facebook found out some data, amongst the ton that leaves their servers on a usual basis, was misused. Don't get me wrong, that's bad, but not "we got hacked and lost a ton of info that should very much be ket secret" bad.
2. Facebook involved 50 million users. Equifax involved 143 million [1].
3. Equifax leaked credit card numbers for 209k people, and dispute documents with personal identifying information of 182k people [1]. It's unclear exactly what info about users was harvested from facebook, but there's no API access to credit card numbers for example.
4. Repercussions; CA claims huge influence elections because that's what they sell, of course they'll market it like that. There's some debate about their effectiveness [2], and it's worth adding they're not the only or the first ones doing it (Obama used micro-targeting with Facebook data too). The way CA got their data is just more sketchy, and of course, involvement with Bannon makes it all the worse.
One can't pinpoint what exactly happened with the Equifax data, but it's clear it could be sold and used for identity theft and other fraud, since it includes SSNs, addresses, and in some cases credit card and license numbers [3].
It's bad that Facebook wasn't quicker to address the issue, inform users or take actions to find other leaky 3rd party apps, but Equifax was IMO definitely much much worse.
[1]: https://www.consumerreports.org/privacy/what-consumers-need-...
[2]: https://www.theverge.com/2018/3/20/17138854/cambridge-analyt...
[3]: https://www.forbes.com/sites/winniesun/2017/10/02/what-you-s...
I think it may be time to hire a new CEO.
Framing this as a "Facebook data leak" makes it seem like the problem was people we don't like got a hold of our precious data, not that our entire industry is funded by the mass harvesting and reselling of personal information.