61 comments

[ 4.8 ms ] story [ 66.1 ms ] thread
What’s funny about this whole thing is that nobody really cares that their own data may have been accessed by CA, they are just angry that other people, meaning gullible Trump supporters, may have been affected.
Something to consider is that your view might not be as widespread as you think.

It's certainly not a common view among people that I know. My view is probably the other extreme from your view in that I don't have a Facebook account for exactly this type of reason.

I care! And I would care even more if they had my real phone number, birthday, or home town. They still have my real name, college email address, actual friends and family. And photos. I'm actually pretty skeptical that Trump supporters were triggered to vote against their interests because of some crap they saw on Facebook.
Name, email, friend list sounds reasonable, but how do you know they've got your photos? Curious; has it been revealed what information they collected?
(comment deleted)
So nobody (well, no real people anyway) are actually (gullible or not) Trump supporters?
nobody who cares
It’s a ridiculous narrative (the trump thing). Any explanation for behavior of a group that depends on patronizing assumptions rarely reflects a true understanding of that group’s motivations. It’s not a reason to let up on Facebook but it’s always been a stretch to think that in an election with billions spent that Hillary lost because of this shit. Try a simpler explanation: Hillary was a shit candidate who many distrust, and she worked very hard to get that reputation.
> Try a simpler explanation: Hillary was a shit candidate who many distrust, and she worked very hard to get that reputation.

It seems to me that many people who are not Clinton worked very hard at manufacturing this reputation.

A "shit candidate" who received several million more votes than her opponent. :)
(comment deleted)
What about those of us that actually deleted Facebook after the scandal? How are we supposed to check if our data was shared with CA if Facebook requires you to be logged in to check?
If Facebook purged your information, how could they verify your identity? They don’t want to provide the ability to check if an arbitrary person was leaked, because that has its own privacy issues. So in this context I wonder what you expect them to do.
Facebook takes up to 90 days to purge my information from their systems (if ever, I am quite sure a ghost account will always remain and it will be a strong one as well since they've collected so much information on me throughout the years). They have my email address, they could just email everyone whose data was shared.
Depends. Without knowing too many specifics here, I'd argue that if the account was deleted, Facebook should still hold onto basic info like username of the account that was shared with Cambridge. As far as I'm concerned, this is a legal matter now, and information about the parties that were affected are basically evidence.

Clearly there needs to be some line drawn, like not permanently keeping an archival of all information shared with Cambridge, as that would potentially cause more harm than good. Yet, knowing how many people were affected, and being able to identify if you were one of them, seems a permanently useful thing.

This of course is a bit idealist, I'm just answering the question on my idea of what should be done - not what will be done. Tbh, I'd rather see that data be held by some government entity and not FB at all, but I'm not sure who that would be, if they exist at all.

Yeah I am interested, but deleted my account a few weeks ago :(
My info wasn't leaked-- if it had been, I'm not sure if it would tell you how it was leaked (wether it was you who gave access to "This Is Your Digital Life" or a friend).

If you're actually very curious, all I can think of is you could ask your friends if any of them had their info leaked, and if it was through themselves or a common friend. If you're friends with anyone who gave access to the app, you're part of the bunch.

They should still be able to email people even if they deleted. It's the least they could do.
Similarly, some of those that never signed up have got Facebook storing data on them. Facebook knows what I look like, my email, birthdate and that’s just what I know. Would be interesting to see what’s there.
I can understand Facebook knowing what you look like from pictures of you other people upload and your email from others connecting their Gmail address books. How will they know your birth date though?

(FYI, they probably know your phone number and who you made phone calls to, when, and the durations for the last 5 years)

One of the first pieces of info FB asks for is your DOB.
lostlogin mentioned he had never signed up to FB
Am I the only one who puts friends' birthdays in their contact card? I assume birthdays come from the same phone number slurping.
Every year someone shares the fact its my birthday on Facebook. Combined with my physical address from peoples contacts I’m pretty sure there must be complete profiles on many non-users. Slackoverflower, would call duration come the app on Facebook users phones, and knowing who call were to and from?
The cynic in me keeps wondering whether this is a genuine attempt at getting some transparency points or FB wants to more precisely analyze how many people actually care...
Honestly, that's the only reason I'm checking. Even if it was shared, there's not a lot I can do about it now, but I'm hoping it sends the signal that people do care in general.
This only applies to the leak of 84 million profiles to Cambridge Analytica.

This leak was less than 4% of a much larger leak that's not getting much attention.

Why doesn't Facebook alert users if their profile was leaked to "malicious actors" who collected profiles of "most of its 2 billion users worldwide".

https://www.washingtonpost.com/news/the-switch/wp/2018/04/04...

My question is, why do people think it's okay if Facebook has that data, but not Cambridge Analytica? Why does Facebook get a pass storing all the calls you made and all the profiles and webpages you looked at?
I agree with your premise, but it is a bit different though. The user directly engages with Facebook (off course, having read terms and conditions etc), but not any of the companies that used to get data. This level of indirection is what is causing the outrage here. There is a distinction, although I would give none of them my data.
Yes, that's one consideration, but Facebook also has much more data on you than you gave informed consent for. I guess people just haven't realized yet.
This got me thinking whether all my comments on HN are being used by someone/something to build a profile of me? Maybe I should read the small print...
I think the reason this isn't being reported much on is because it wasn't a leak. It sounds like it was just a scrape of data from the site.

Scraping websites to collect public information is nothing new. Malicious actors do it all the time, as do non-malicious actors too. Google literally does it.

EDIT: I'm all for facebook messed up and we need more guarantees but lets be objective though. The CA issue is an issue, this 2 billion thing is just a web-crawler.

No, this wasn't just garden variety web crawling.

Sites can control whether they get crawled or not.

Facebook, for example, stops Google from crawling Facebook profiles.

But Facebook allowed "malicious actors" to access to user profiles for "most of its 2 billion users worldwide".

These 2 billion users didn't choose to expose their personal information to "malicious actors", Facebook did it without their consent.

Hey Facebook, how about you notify people, not other way around?
Everyone who was impacted is getting a notification at the top of their feed. Looks like it isn't showing up for everyone immediately though, I first heard about it two days ago and I just saw it today.
They've got my email. They can send me an email notification.

Methinks they don't want to do that because lawyers.

I won't downvote you, I will just say: duh! the objective is that you spend more time on Facebook, NOT on your mailbox :)
Is "duh" really a meaningful statement here? We're discussing this because Facebook is already in "trouble" for scummy tactics. Doesn't "duh, of course they want you to login" sort of accept one of those tactics?

Imo, yes - email should totally be possible, without logging in ideally, if they wanted to truly save face. The fact that they aren't is, of course, a clear indication that they aren't being honest, instead they're primarily concerned with using this as a scummy tactic to get their hooks into your brain again.

So.. no, not duh, imo. If we accept "duh", we start lowering our expectations, in the same way that American politics has as of late. We lose our base position, indicating when we should be outraged/etc.

(comment deleted)
> at the top of their feed

That presumes that users log in and use facebook regularly, and that a users who's data was leaked 3 years ago still has a fecebook account.

That's not how breach notifications are supposed to work - send me an email for crying out loud! I realize they don't classify this as a 'breach', but come on..

It’s the Equifax method, no?
Because that doesn't get you back in their app
Check, probably not shared for me and my friends.

That's not surprising though as I'm from Germany. And of course it's "not shared" for most Facebook users. However this is highly misleading as this is just one example of data harvesting on Facebook.

>”You must log in first.”
I'm not sure how you expected to avoid this.
(comment deleted)
Because I deleted my account immediately upon learning about the disclosures. I assumed the notifications would come via email or SMS. They've never had trouble doing that before now. For FB to turn this into yet another data collection vector, as well as tricking people who may have “deactivated” their accounts into logging back in and stopping the deactivation process, is just the height of evil absurdity. This is beyond the pale even for them.
(comment deleted)
Is it possible to know if they target democrats?
"you must log in first", er no, I deleted my account, I'd still like to know what they shared, is that possible ?
I think there's no incentive to do that.

- "I deleted my account 3 months ago, so how come my records still exist on your servers"?

- If a class-action or some other litigation takes place, proof that n+1 people's into was shared is worse than n people's info. If an account is deleted, perhaps less risk.

- If the only non-creepy way of verifying who I am is logging in, and I can't log in anymore, any other option is bad PR for FB, and is subject to abuse.

I have not checked, but it would seem likely I still have some rights to know what they know about me, does anyone know their current legal obligation to fulfil my right to be forgotten ?
One thing I find interesting about this is the very cautious wording of the message you get in the "good" case.

'As a result, it doesn't appear your Facebook information was shared with Cambridge Analytica by "This is Your Digital Life".'

They don't say your information wasn't shared with Cambridge Analytica. They don't even say your information "doesn't appear" to have been shared with Cambridge Analytica. They say it doesn't appear to have been shared by this particular route.

Mere caution on general principles? Or do they know or suspect that there may be other means by which Facebook users' data have been shared with Cambridge Analytica?

Step 1) Login to Facebook.

Sorry, that's not how breach notification works. Facebook attempts to continue making money off of their customers data being leaked.

Is there a tool to check if my social graph data was scraped by the Obama campaign? Or is this only a scandal when it helps Republicans?

[1] https://twitter.com/cld276/status/975568130117459975 [2] http://thehill.com/opinion/technology/379245-whats-genius-fo...

(comment deleted)
There is a subtle difference in that the Obama campaign obtained consent from the friend who volunteered their subgraph to use that data for political purposes, whereas Cambridge Analytica’s academic sources obtained no such consent from anyone. One could argue that the distinction is less meaningful as Obama’s usage was not very well informed consent. But it’s a distinction nonetheless. And beyond that, Facebook has no incentive to expand the scope of their PR problem by advertising this lesser known fact.

As the tweet cites, Facebook was politically biased in a specific enforcement action in the past. That does not itself indicate that there is any political reasoning behind the decision not to release an Obama tool today.

I find it very hard to imagine that "This is your digital life" was the only source CA used.

It's more logical that they would have had an ongoing effort to keep collecting data.