Any business that has a CRM solution (customer relationship management for anyone unfamiliar) like Salesforce for example has a database of prospective customers (who never opted in to create a profile) and as much information as they can collect or infer about you as they can.
They want your name, your company, your title, your industry, your email, your phone number, your address or city or state.
They want to segment you and identify which piece of spam (cough, I mean marketing) will appeal most to you based off your demographic or your pain points or your interests.
They want to figure out which of their regional events they should invite you to based off where you live.
They want to figure out if your company might be a good customer (based on criteria like company size, employee size, annual revenue, goods and services offered, etc) if they are B2B, or they want to figure out as much about you and your income, interests, and background if they are B2C and want to sell to you.
These companies already have these systems, they try to collect as much about you as they can, and there's billions of dollars of investment and spending/revenue in these areas.
You didn't sign up to have an account with them, but they will create one for you as soon as they are able if it helps them better sell to you.
Any time you give your email to a website to sign up, any time you are asked for some personally identifying info at a retail business or swipe a card, a new "shadow profile" about you is created, or your existing "shadow profile" is updated.
So really this practice has been going on for forever.
Before CRM there were files and file cabinets.
Do I support this practice? No.
But if we think more openly about whether shadow profiles are a new invention we can quickly realize they are not.
The new thing is what can be done with the data. Rather than simply deciding how to market your service to the customer, you can use machine learning systems to conjecture the likelihood of that person being, say, a criminal, or an adulterer, or a political dissident. For each category of 'bad person' you can imagine, you can gin up some (almost completely nonsensical, but that doesn't matter) analysis profile and assign a probability score. You can then take the top couple of categories they score in and use that data however they please.
For awhile I've wanted to take all publicly available data about politicians and train a machine learning system on it to predict which pols are cheating on their spouses or engaged in other sorts of elicit activities. I have zero confidence in the ability of such systems to predict human behavior, but that doesn't mean they can't be tremendously powerful tools of intimidation and manipulation. You'll notice after the Snowden leaks, each and every single statement the government ever made was extremely focused on the notion of human analysts reading the fulltext of peoples conversations. Not a mention was given to the automated systems profiling, categorizing, targetting, and producing "summaries" about people. Personally, those blind systems cobbled together by people with too few scruples ('just doing my job' is identical to 'just doing it for money' and those engineers deserve to have their faces spit in) and deployed by those with too much faith in oracular technology scare me far, far worse...
"Why on earth wouldn't you be horrified by a company creating a shadow profile of you?!"
While we know the general class of such malicious activity is happening, the specific domain and scope is unknown to non-insiders. More importantly, the mammalian response actions to the emotion of horror are completely unsuited to the threat model in question. We need to be -completely rational- to have a decent chance of responding to this in a way that serves our general interest.
What possible good would ever come from demanding nobody know anything about me without asking me every single time? From having other people threaten me with weapons adn throw me into cages for DARING to remember something about other people or having a company that remembers things about its customers or potential customers, or offering information services.
Yes -- Sadly this was "confirmed" this week when Zuckerberg said "In general we collect data on people who are not signed up for Facebook for security purposes,"... “We need to know when somebody is trying to repeatedly access our services,”[0]
When a congressmen asked about collecting data on non-users and building "shadow profiles"
> Zuckerberg said he was not familiar with the "shadow profiles" term
Right - you'd want to use a fingerprinting technique (collecting data) to identify machines for rate limiting (security, read: intrusion detection) purposes.
Almost every API of any consequence does this, and it was done as a defensive tactic to reduce costs/load/outages caused by spammers, ddos attacks, crawlers, etc etc etc.
Not sure at what point access logs with cookie data in them becomes a "shadow profile"
Well, right, the embed is hosting on facebook servers, and like I said, they collect access logs... So they are necessarily "collecting information on non-users" if they implement any sort of rate limiting based on fingerprinting for non-users... Which is more or less industry standard...
Not saying any of this is how things _should be_, it's just a little bizarre to make it seem like some sort of stealthy data harvesting scheme.
You have to enable JS to see the form. It looks like this:
Please provide us with the following information and we'll follow up. Alternatively, you can email datarequests@support.facebook.com
Full name: ________
Country of residence: ________
Email: ________
Confirm your email address: ________
Please summarize the type of information you'd like to find: ________
Please note that all fields are required in order for us to process your request. We reserve the right to request further information where a request is incomplete or inaccurate.
By submitting this notice, you represent that all of the information you submit is true and accurate.
I sent a request. I used to have a Facebook account but deleted it about a year ago. I asked for the standard data they give to people who still have accounts as well as any information about me that exists separate from the information I willingly provided.
We've received your request for information about your personal data, but since there's no Facebook account associated with the email address from which you're writing, you'll need to send us a response directly from the email address that's listed on the account you'd like information about.
...
I mean it is is pretty easy to imagine that FBI functions these days may be contracted out to FB who would carry them out probably more efficiently :)
And another scary piece of imagination - watching/listening to Mark in front of the Congress commission, i basically felt like i'm witnessing Octavian in front of Senate from Rome ... The same situation of logic without moral restraints. The same mismatch between illusory and real power balances. Hail Augustus Caesar ... err ... the 50(or even high 40ies)-something President of US. And if we're lucky, there will be another after him...
30 comments
[ 4.4 ms ] story [ 63.5 ms ] threadWhat possible good could ever come of it???
Any business that has a CRM solution (customer relationship management for anyone unfamiliar) like Salesforce for example has a database of prospective customers (who never opted in to create a profile) and as much information as they can collect or infer about you as they can.
They want your name, your company, your title, your industry, your email, your phone number, your address or city or state.
They want to segment you and identify which piece of spam (cough, I mean marketing) will appeal most to you based off your demographic or your pain points or your interests.
They want to figure out which of their regional events they should invite you to based off where you live.
They want to figure out if your company might be a good customer (based on criteria like company size, employee size, annual revenue, goods and services offered, etc) if they are B2B, or they want to figure out as much about you and your income, interests, and background if they are B2C and want to sell to you.
These companies already have these systems, they try to collect as much about you as they can, and there's billions of dollars of investment and spending/revenue in these areas.
You didn't sign up to have an account with them, but they will create one for you as soon as they are able if it helps them better sell to you.
Any time you give your email to a website to sign up, any time you are asked for some personally identifying info at a retail business or swipe a card, a new "shadow profile" about you is created, or your existing "shadow profile" is updated.
So really this practice has been going on for forever.
Before CRM there were files and file cabinets.
Do I support this practice? No.
But if we think more openly about whether shadow profiles are a new invention we can quickly realize they are not.
For awhile I've wanted to take all publicly available data about politicians and train a machine learning system on it to predict which pols are cheating on their spouses or engaged in other sorts of elicit activities. I have zero confidence in the ability of such systems to predict human behavior, but that doesn't mean they can't be tremendously powerful tools of intimidation and manipulation. You'll notice after the Snowden leaks, each and every single statement the government ever made was extremely focused on the notion of human analysts reading the fulltext of peoples conversations. Not a mention was given to the automated systems profiling, categorizing, targetting, and producing "summaries" about people. Personally, those blind systems cobbled together by people with too few scruples ('just doing my job' is identical to 'just doing it for money' and those engineers deserve to have their faces spit in) and deployed by those with too much faith in oracular technology scare me far, far worse...
While we know the general class of such malicious activity is happening, the specific domain and scope is unknown to non-insiders. More importantly, the mammalian response actions to the emotion of horror are completely unsuited to the threat model in question. We need to be -completely rational- to have a decent chance of responding to this in a way that serves our general interest.
What possible good would ever come from demanding nobody know anything about me without asking me every single time? From having other people threaten me with weapons adn throw me into cages for DARING to remember something about other people or having a company that remembers things about its customers or potential customers, or offering information services.
Sounds like a fascist nightmare.
When a congressmen asked about collecting data on non-users and building "shadow profiles"
> Zuckerberg said he was not familiar with the "shadow profiles" term
[0]: https://www.bloomberg.com/news/articles/2018-04-11/zuckerber...
Almost every API of any consequence does this, and it was done as a defensive tactic to reduce costs/load/outages caused by spammers, ddos attacks, crawlers, etc etc etc.
Not sure at what point access logs with cookie data in them becomes a "shadow profile"
Not saying any of this is how things _should be_, it's just a little bizarre to make it seem like some sort of stealthy data harvesting scheme.
Please provide us with the following information and we'll follow up. Alternatively, you can email datarequests@support.facebook.com
Full name: ________
Country of residence: ________
Email: ________
Confirm your email address: ________
Please summarize the type of information you'd like to find: ________
Please note that all fields are required in order for us to process your request. We reserve the right to request further information where a request is incomplete or inaccurate.
By submitting this notice, you represent that all of the information you submit is true and accurate.
[ ] I agree
weaksauce.
Hi,
We've received your request for information about your personal data, but since there's no Facebook account associated with the email address from which you're writing, you'll need to send us a response directly from the email address that's listed on the account you'd like information about. ...
I no longer have a Facebook account or even the email account that the Facebook account was tied to.
They still have data on me though.
I mean it is is pretty easy to imagine that FBI functions these days may be contracted out to FB who would carry them out probably more efficiently :)
And another scary piece of imagination - watching/listening to Mark in front of the Congress commission, i basically felt like i'm witnessing Octavian in front of Senate from Rome ... The same situation of logic without moral restraints. The same mismatch between illusory and real power balances. Hail Augustus Caesar ... err ... the 50(or even high 40ies)-something President of US. And if we're lucky, there will be another after him...