They probably intentionally selected things to delete to cripple the experience. It's a way of forcing people bad-mouthing facebook to put their money where their mouth is. If critics don't use this feature, they can put the blame solely on them.
> If critics don't use this feature, they can put the blame solely on them.
Once this rolls out, I'm going to be posting instructions to my feed. One of the only reasons I still keep Facebook around is to publicize articles critical of social media and stuff like this.
Why is this downvoted? The article itself is a demonstration that they really do this.
Case in point: If you're not logged in to the FB tracking network, after 5 seconds of reading, you get surprised by this "funny" jump scare: https://i.imgur.com/PCQOo8N.png
That is deliberately worsening the experience. If you click the close-button (helpfully labelled "Not now"), it is replaced with a sticky footer that takes 33% of your screen (depending on your window size and zoom setting).
Indeed. I've discovered it can make major mistakes on who's "important" to me - I'd thought they'd stopped Facebooking, but it turned out their algorithm had for some reason deemed them not to be a "close" friend and de-emphasized them from my feed.
I agree this probably won't make Facebook as good. I relate this to the time before spam filters were good and 50% of my email was penis enlargement pills and money wire fraud. You dump all this data and we go back to a time where I'm not known, and Facebook shows me my active "friends" and it's just my aunt sharing her latest Bejeweled score.
I'm all for better control of my data, but there needs to be some balance so the ads I see are still relevant and not acai berries super juices and Hot Local Singles In My Area.
Because I want Facebook to be free... just like I want Google to be free and Gmail and Google Maps and my news site and my sports site and my fantasy sports app and...and...and...and...
I understand that an ad model is what allows me to do many things I do on the internet without cost. Now, if I have to choose between an ad model that shows me "Dewalt Tools 25% off" (Something I am interested in) or "Gluten Free Bread" (something I'm not interested in), I will select the former.
Advertising is a race to the bottom. As long as GDPR affects everyone more-less equally, it'll only reduce the current depth of advertising hole. That is, non-targeted ads might become more profitable again.
Likely, you will see a bunch of random ads instead of targeted ones of things that might actually be interesting to you. Whether or not that's better is up to the user.
I'm assuming I will see a lot more posts from old high school friends who I don't really interact with anymore. It would be a fun experiment to try though.
I had the realization a while back that certain advertisers were flooding my Newsfeed with Sponsored posts every time I interacted with them in some way -- on or off Facebook. So I started regularly clearing out the Interests and Advertisers sections of Ad Preferences and now my Newsfeed is almost entirely devoid of Sponsored posts.
The experience using Facebook without them exploiting knowledge of my "preferences" is substantially better.
Granted, I'm running ad blockers, so most of the low-value advertising on FB was already blocked.
People can pin this on Facebook all day, but that's the same bullshit every user-productizing company spews. That the best experience is the one they design, which necessarily includes tracking, ads, and half of the dark patterns in the book.
Some days, I secretly wonder if my experience would indeed be better, because I've been blocking ads and tracking shit for the 20 years I've been online. Because frankly, I wouldn't know, maybe this world of constantly being targeted with advertising is really cool. They keep telling me I'm missing out, you know?
It's a veiled threat, just like when they told you that if you disable facial recognition you're worsening the experience of blind users, and that nefarious people will take your photos and impersonate you.
It might be difficult to catch depending on the how macro attributions they could make on you, depending on the time scale - say over 20 years, if you cleared the history every year, it might give them insights that might be hard to correlate to earlier history.
If there were strong whistle-blower laws and pre-set rewards however, then might get a whistle-blower who could earn themselves say $1B+ (based on size/revenues of Facebook) for outing the deceit - which then Facebook would be fined for.
Is a scandal a huge issue? Despite the recent #DeleteFacebook and everything, Facebook wasn't really impacted all that much and is still making tons of profit even without the 1% of users who did delete it. A future hypothetical scandal where another 1% deletes it would be worth it considering all the data and revenue they made from abusing people's data before the scandal.
I am still not sure if saying and doing is the same thing, specifically in this case when more data means more money for Facebook. And this is not just about Facebook, but to any service that claims they won't log or store my data.
At the end of the day, it's just a claim and I try to minimize harm by giving as less data as possible because once they have it, I am not sure what happens to it and for how long it is retained.
The issue isn't that they aren't honoring requests to delete data. The issue is that they've tied their success and the usefulness of their product strictly to the weakening of user privacy and the necessity to provide them as much such data as possible.
> Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account.
So it's really just a way to de-authorize all apps/sites at once?
> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.
Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Instead of designing facebook features so that they can enjoyed while preserving privacy, Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.
If people use it en-masse, probably negatively, but most likely they're betting few people will use it, just like how few people (almost no one I know) 100% go through with account deletion. The reality is there is no compromise for privacy. They build tools that help you either lose all value from facebook and retain your privacy, or relinquish your privacy to continue using facebook. It's not so much privacy forward tooling as it is a constant reminder they have a gun to your head.
Well, GDPR makes forces them to make the tracking features opt in, so they have to collectively convince EU users to turn on the tracking as opposed to hoping the people won't disable it.
They do this through a few devious practices, such as the spin doctoring discussed here. One other thing that they do is instead of the option being a check box, it is a selection between two radio buttons and you explicitly have to choose one of them. I suppose this is actually a violation of the GDPR, since it should be disabled by default.
You don't lose value from facebook at all by not opting in. "Show ads that are relevant to me," is an arrogant statement. The actual statement is "Track my browsing to show ads that Facebook believes are relevant to me." I don't use Facebook for the targeted ads, I use it to infrequently receive news about people I know spread out across the globe.
What difference does it make? They wouldn't lower their rates and a zillion people are still on FB so advertisers are going to buy the slots regardless. "Ad targeting" is not something that people outside of the niche of advertising economics care about.
Well, I understand that Facebook will try to extract as much value from advertisers as possible as well, testing the price they're willing to pay based on the conversions that advertiser hopefully are tracking accurately.
I more was curious of whether the history cleared with Clear History are primary markers for ad targeting or if other data is used, and in reality if enough users don't clear their data but have similar data fingerprints (the non-Clear History data) then Facebook could still present assumptions to target by for those who do clear their history regularly, e.g. it will be a moot point up until say 40% of people regularly are clearing their history and therefore can no longer accurately enough make those assumptions.
wonder if and how this impacts their ad targeting abilities?
Not at all, the NN that does ad targeting has already been trained on the data. Deleting it will make no difference (assuming you believe they actually will delete it)
I don't know how this could be universally possible. If you don't consent to providing data that is key to enabling features of the experience, how could that experience be provided?
Actually, I can. If you’ve given me your email for some business reason, and for me to conduct that business I need to email you, I can email you. Even if you didn’t explicitly give consent.
What I can’t do is email you marketing newsletters the times a week for the next decade, or sell your email address to ‘specially selected trusted partners’.
Do you know which parts of GDPR specify the concrete limits on things like this? Or is it more a “I’ll know it when I see it” kind of fuzzy boundary for what’s allowed? Would be helpful to know!
"You must balance your interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests."
To be even more precise, you can refer to Article 6, section f) about Legitimate interests.
If you conduct business with an individual, most of time, your legal basis will be the Legitimate interests of both parties, you should only rely on consent for non-necessary part/service (like subscribing to a newsletter, or sharing information for improving the service).
As you say, the boundaries are fuzzy. The more data (especially sensitive data) that you collect and process, the tighter you need to make your boundaries.
Most of the advice I've received is to focus on documenting what data you hold, and what you're doing with it. Just by doing that, you'll probably improve your processes. If you did have any problems with the ICO, those documents will go a long way to showing that you took GDPR seriously.
My, perhaps unfair, impression of GDPR is that it has very little concrete and specific rules, and a whole lot of "you'll know when the court delivers the verdict".
My impression is that GDPR is actually pretty clear, but people involved in PI processing business have a strong cognitive dissonance about it. It's GDPR telling them "don't do that", vs. them thinking "I must do that, so GDPR is unclear on how can I do that".
GDPR is very specific. You must have written policies describing what you do with data, what you do if there’s a breach, how people can find out what data you hold, how people can have their data deleted. And you must have consent to contact someone unsolicited. If you don’t have consent you must have legitimate interest. Legitimate interest includes the words “reasonably expect” but that’s pretty standard for laws.
The GDPR isn't about concrete limits, but concrete permissions. A lot of people have been struggling to make sense of this, because it totally inverts how we currently think about personal data.
The collection, storage and processing of personal data is presumed to be unlawful by default, unless it is for a specific, explicit and legitimate purpose. These core principles are set out in Article 5 and they are well worth reading and reflecting on.
Did the user give you explicit and informed consent for a specific use a specific piece of data? Is your use of data absolutely essential to fulfil your contractual obligations to that user? Are you required by law to collect and store that data? Is your use of data essential to preserve human life? If you can't confidently say yes to at least one of those questions, then you're probably in breach.
You can check whether it not it does if you're interested - it's been published. I can't be bothered to check but I'd be very surprised if they tried to dictate functionality.
I think the intent there would be that you can't intentionally degrade unrelated parts of the service. For example, if Facebook disabled your ability to view or upload photos because you wouldn't consent to sharing your location.
It would be unreasonable of anyone to expect to see location-based content if they'd opted out of location sharing.
Yes, it would make a difference there. My question is in regards to the top-level comment, will people notice the difference?
For example: If my mother "cleared her history", I really doubt she would notice the worse quality of Facebook and regret deleting her data, as the top-level comment implied. So my point is it's not a move to show how effective the algorithms are, but a privacy-conscious one from Facebook.
> Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.
In all seriousness, how is that possible any other way? Take the example he gives about log in. If you want a website to automatically know who you are without logging in, please let me know how that is possible without automatically sending identifying information to the website.
There's not logging in automatically, and then there's using other data they have about you (however limited) to still provide a good experience. The parent comment is clearly talking about the latter (creating experiences that are equally good for privacy minded and open book people) while you're focused on a small feature that isn't really relevant to the bigger picture.
Yes, to offer that functionality it would need a cookie. No, the website doesn't need to correlate that login and all activity related to it to everything else you ever did on the internet to build up a profile about you. It is technically feasible (even easier) to offer the first ("remember me on this one site") without doing the second ("track me across all sites").
Well, technically it's all the same, it's a request to FB servers with an user id and token. Decoupling that relies entirely on Facebook's internal policy. Since they are a public company now, not using that dsta is leaving money on the table.
Yea!? How the hell can a website provide easy automatic login without storing your last 10 years of browsing history , every personal covertion you ever had and reselling that information to third parties that use it to track you political affiliations so they can manipulate you during elections!!?!?!! Do these people even know how cookies work? /s
Privacy and usability are not orthogonal, though Facebook will definitely go leaps and bounds beyond themselves to try to convince the public that it is so.
You're conflating the analogy with what the analogy was about. They didn't say that ten years of browser history was needed for automatic login.
Privacy and usability actually are orthogonal, as the cookie and login issue shows. You will see this again and again in almost every service. People can't offer loans without knowing credit history. Games can't do balanced matchmaking systems without learning about your level of skill. A website can't send you emails unless you give them your email. I could go on, but I think you are upset enough with Facebook that you won't get the point.
Sorry to be "that guy", but just responding because I was confused by your post and the parent's post, because you are both using "orthogonal" to mean the opposite of what it actually means. If two things are orthogonal, it means they are independent of each other, i.e. changing one has no effect on the other.
> Your Facebook won't be as good while it relearns your preferences.
This is an excellent feature. I replaced Facebook time with Twitter time a while back and found it even more addicting (because the talent pool is much better and more real-time, and there's an extra sunk-cost fallacy going on with the amount of work required to find good content).
But even more recently, I've been purposefully logging out of Twitter a lot more (and have replaced that with YouTube). Logging back into Twitter now, I see that the "content" there feels less relevant and more boring. This is great for productivity. I just gotta curb the YouTube now - at least with that I can just shunt everything to "Watch Later".
I thought it was possible they didn't have "safe, secret" backups (the implication here hopefully being obvious from context clues. A general principle of good discourse is to assume the interpretation that makes the most sense instead of picking apart targets you yourself would know how to respond to if you were in the adversarial position)
Another way to put it, "You thought I thought they didn't have backups of their data? your face"
How about a way to delete past activity? The fact that there's no option for "delete all my old posts, comments, likes, and photos" is infuriating. I don't need a record of my inane crap from high school on the same platform as work friends.
I think that's one reason people stopped using LiveJournal/Blogger and other platforms back in the early 2000s. I had countless friends delete or restrict those accounts because there was too much up there; too personal. All modern social media platforms encourage constant posting to quickly bury anything embarrassing.
It's a weird change in dynamic when you think about it, because people were too afraid of the "real" so to say. I wrote a post about this years ago. I'm not sure if I entirely still stand behind it, but I'll leave it here anyway:
This is a pretty difficult problem to solve. Facebook would need to delete your data from production databases, database backups that were made while you had an account, caches and CDNs, etc. But even if they managed to delete the data in every possible place they could find it, a third party might have made copies of your data via Facebook's APIs some time in the past, and they might still have it.
So, even if Facebook offered such a feature, I wouldn't have much faith that it actually worked.
It's a fundamentally important problem to solve. If to get rid of my old and no longer wanted public activity record I have to sit for hours upon hours manually deleting stuff, I'm going to be much more judicious in how I post in the future.
Also, it's Facebook. They can figure it out, they just don't want to.
They have to do this anyways when you choose to delete their account. And according to Zuckerberg's testimony, he is very confident that this functionality works very well currently.
I'm not making a moral point about blame and culpability here. I'm making the practical point that it's impossible to delete all of the data if nobody knows who has it.
Yeah it's really going to suck for FB (boo hoo), they just can't win. It's years past due. The warnings have been on the horizon and they've only amped up their data collection to the point it's become even more unmanageable than it already was.
Curious if this deleting all old posts is related to everything you published - including publicly - or only private posts?
Likewise, if people were friends/connections on Facebook when you posted something to them, would you care if they were findable by them (they presumably could save a record of everything their friends published privately), and new friends/connections are prevented from seeing that past content?
I agree there's value in separating what people in new chapters of your life see vs. the old chapters in your life where you weren't as evolved or nuanced (potentially known as inane crap). Just trying to get an understanding of nuances if you're willing to share your take.
I don't mind too much if some link from a decade ago is no longer findable by someone I posted it to. That's what email is for. Activity records on a shared platform should be batch purgeable.
So there's a difference still from email vs. posting on Facebook - email which is usually 1-to-1 with explicit intent because you are typing in the email of each person receiving it vs. a Facebook post set as private ("Only to friends"), going to a pre-set group of friends in (unless you select to show it as Public). Do you feel there's a difference if old Facebook posts sent to "Only my friends" should still be readable by that pre-set group of friends vs. having the same ability with email?
I wouldn't be satisfied, and I think that's already available. My Facebook posts are my posts, while emails I send you are yours. In my mind, it's very much like the difference between putting up signs in my yard vs. sending letters.
I get that the legal issues are different, and that there's no requirement that Facebook provide this functionality, but they already provide some limited control via deleting accounts and individual posts, so I dont think it's unreasonable to expect.
I get what you're saying. It's interesting that there's a different mindset since they're relatively the same, perhaps the explicit nature of action of inputting an email address is the important piece. Of course Facebook also has options for "Friends of friends" to be able to view posts, and likewise any of those friends (or people you send an email to) can forward the email or a post - or even make it public in part or whole; that explicit action of taking the effort to define who you're sending it to also likely makes receiving the message/post more valuable to the reader. The ability to CC and BCC in email also has some unwritten rules as to the intent of if you're attached as a recipient of either - ability to dictate to show others "you're the main person I'm sending this to", "see who else I've sent this to", "I want you to see this but the others don't need to know that."
It's a negotiable fuzzy boundary. How would feel if your friends made private copies of posts you shared with them? ("Took a photo of your yard sign").
How would you feel if Facebook provided them a tool to help with that?
How would you feel if Facebook did that automatically as a courtesy to them?
Delete your Facebook account, wait 30 days (to get out of the 21 day take-backsie period), and create a new account. All content you’ve created will disappear.
The photos your friends uploaded of you from your college days will still be there, but you will be untagged and can turn on tag approvals.
I did this in December 2016…to this day all email addresses that were tied to that account are banned from FB. I recently created a new FB account using a totally virgin email address and FB locked the account once I started friending my "former" network. They do offer to unlock my account(s) if I upload photos of two government documents, which I decline to do.
This sucks for everyone, but I understand why Facebook did that.
A very real threat against users who delete their accounts is that a scammer will re-create the account, and re-friend your former network, in order to defraud your friends. The account uses your name and photos and is under their control.
FB can't tell the difference between you and an impersonator.
Now, how they even have the data to conclude that you're "impersonating" your deleted self is a fascinating question. Shadow profiles? And yet if FB didn't do anything about this, it would be even worse for people who leave Facebook.
The regulations for handling that kind of data are even more stringent in the EU. Which is a good thing btw. I have no compassion for Facebook, they burned themselves over this years ago, the damage has been done, and there's not much more they can do in my eyes.
I took the time to delete everything manually. I thought it was all gone. Then some stuff started to appear. I have no way of knowing whether I pressed delete on this stuff or whether it didn't appear at the time, but the point is that deleting all your stuff by pressing the delete button and viewing a seemingly blank profile does not mean your stuff is actually all gone. Next step - deleting profile entirely.
Oh, here's the fun part: you can only delete what you can see. If you posted something on a user's profile who disabled their account, you can't delete it until they enable their account again.
So even if you delete everything you see, if an old friend who disabled their account re-enables it, there's a fresh batch of content about you.
Like dleslie said, speculating obviously. However since this is about compliance with EU law, actually location has nothing to do with it. It's about being a EU citizen.
If Facebook refuses to do the deleting thing for an (actual) EU citizen because they claim their location tracking shows they aren't located within the EU, they are going to have a problem.
If, however, the EU citizen selects in their profile that they live in the US, and then FB refuses to delete their data, the courts are probably going to look favourably on them, cause the user explicitly said so.
Since FB most definitely is absolutely, unforgivably, NOT allowed to request or handle the nationality data in EU passports, for purposes of being a EU citizen, they're pretty much going to have to rely that you're whatever nationality you say that you are.
Did they re-appear after you had remembered deleting them, or were they just not fetched when you looked the first time? I think Cassandra might be to blame where it returned a bunch of wall posts but not all of them when you looked back in history the first time.
This too! I've seen in happen as well in my quest to delete a couple years ago.
The UX is useless by design to make it really hard to bulk delete, the backend is shitty and you can't see your content on friend's walls that disabled their account.
It is bad to the point that you wonder if it is on purpose. My guess is that it is. "Shitty product" as a deterrent to deletion.
Try building a scalable database to billions of users on ad revenue and make it retrieve all data from years ago within the time constraints that users want to see newsfeed items in, you'll see ;)
I must have deleted over 10k things, so there's no chance of remembering whether they were on the list of things I deleted or simply didn't appear.
I mostly used the Activity Log (button at the top of your profile page) to do the deletion. There are filters there so you can see the different types of interactions. Removing them is different, e.g. Delete vs Unlike.
During the process, I did notice things appearing which had previously not appeared, so that definitely does happen. I kept going back to see if there was new stuff to delete. The whole process took me about 3 months.
The plot twist is that this all happened over 6 months ago. My profile has been empty the whole time, until sometime within the past couple of weeks, where posts have started to re-appear.
Last year I ran a script to do just this. It didn't get everything, but I eventually gave up. I recently tried Social Book Post Manager to accomplish the same thing.
While it did a better job, despite my activity feed being clear, I'm still seeing a lot of posts.
The rub is that I can delete posts that show up from 2008, but that same post will show up on refresh.
Looks like I'm moving to Europe for a day in a few months.
I think about this and I wonder if they don't add it because no internal team wants to take the responsibility of adding that feature. Imagine, FB source code is >10 year old code base, could there be a delete cascading effect somewhere? You mention posts, comments, likes and photos, what about game activity? Or notes? I think that's what were called. What is all your past information? Who defines what "all" past information is? What about Farmville game activity?
I'm not defending Facebook machiavellian tactics but knowing that no code base is perfect and also that even FB is understaffed, I will give them the benefit of the doubt.
I can imagine this spectacularly backfiring... "Facebook tracked all those sites I visited?!?" (What was the joke about porn videos having "Like" buttons?).
> Zuckerberg also cautioned users against clearing cookies in their browser, saying “it can make parts of your experience worse”, and adding, “Your Facebook won’t be as good while it relearns your preferences.”
I wonder why he's so afraid of people clearing his tracking pixels.
Somewhat relevant: A friend took my phone (playfully) and posted this as a status on my profile a while ago. I left it up because I found it funny. Now that it's easier to delete I may actually just do that.
He says: " … you'll be able to clear this information from your account. You'll even be able to turn off having this information stored with your account."
"your account".
What do you reckon is the chance of them removing this from their ad targeting data set "account"??? They're just going to give you a tool that shows some of it to you, then hides it from you when you click the [fuck me over more] button (and they'll record _that_ interaction too, and sell you to the "tinfoil" and "headwear" segments.
Sadly there is no way to issue an FOIA request to a private company. Possibly only route would be, clear data, notice contain tracking, due for disclosure. Probably the best route for moving forward.
Unless FB seizes to have offices in the EU and stops having an HQ in the EU and also stops doing monitoring of people in the EU and also stops any regular service for people in the EU, the GDPR has teeth and people in the EU can ask facebook to send them all data they have, then ask them to delete it and revoke any future permission to process their data.
Since the GDPR covers people in the EU that means if you're in the US you can take a vacation to Italy or France or Germany and then pull that stunt on Facebook. (technically)
You mean soft delete. I'll eat a sock if FB really deletes all of your history. Another one if they make that the default and you only get the other treatment after opting in.
Not true. You have the right to retain backups and logs etc. as long as they serve their purpose to secure your service for accidental loss of data or other security purposes and they are properly stored and secured.
What if hacker deletes your Facebook account? Under GDPR Facebook has actually obligation to keep your data safe from this scenario. Which means they have to keep logs to investigate what happened and also be able to restore your data.
You should delete backups after certain amount of time and state your policy to users.
Only if you keep them a reasonable time and the backups will gradually be purged.
You can't keep indefinite backups and comply with GDPR.
So if your 5 year old backup, which has no purpose at all, gets stolen, expect a whopping fine for being an idiot. Or your web logs get stolen and it turns out you keep them 2 years, don't expect favourable treatment as that's totally unnecessary data retention.
No, GDPR requires you to delete all the data corresponding to a user within 30 days after the said user requests deletion of account. That includes backups and logs.
The backups that you can retain are hard to justify further back than about a year (if you even manage to do that), and if you ever use them you have to make sure the data that was deleted because of a request before is not in there again.
You try deleting data from a busy Cassandra node. The tombstones, the tombstones!!!
(More than just Cassandra tho, many databases don't actually "delete", at least not immediately. They "mark for deletion", and may or may not _actually ever delete_ anything.)
The later case is different than simply updating the DeletedAt column.
The database not actually deleting is still the application properly deleting it. If the DB eventually carries that out or not is a lesser concern to me, tbh.
The concern here is that facebook doesn't actually tombstone their entries or doesn't even have their DB mark it deleted.
Why do we even use the word "delete" in this forum? We know that (so far) it is NOT deleting anything. It only means "hide from view". Facebook will not forget and will not forgive. Some 10-hour-question-avoiding in front of a committee (irrespective of importance) will not change FB's business model (aka money-maker) overnight.
They'll just delete your user ID field for whatever you posted - so it won't be associated with you any longer, at least on their systems, but they will keep the content for analysis.
If that's true then (1) they're lying and (2) that's not covering it because just a few website visits later they could re-associate your old data with your 'clean' profile because it doesn't take all that many bits to de-anonymize a chunk of data.
That won't work. They also cannot retain data that could be aggregated to identify you as a person. Anonymising by removing an ID is not actually doing that, it's just theater. The GDPR has provisions for that. Bottom line is: if you start fudging things or working around it, you're going to get fined.
He is not afraid of it, any statement he gives along the lines of "Clear your cookies" would be politically damning. An overly dramatic headline could be - 'Zuck, head of evil tracking empire that sells your data, tells everyone that they should clear their cookies which implies tracking is bad'.
Political farce aside, he does have a point, cookies are fundamentally tokens of persistence. Persistent cookies let you configure the websites without creating accounts and stay logged in on the websites you do have accounts on. Loosing that is inconvenient which means it will make parts of the experience worse.
There was an IH podcast where the person being interviewed talked about getting the Facebook pixel up on your landing page as soon as possible.
The idea was that you would have access via Facebook to all the potentially interested people that dropped off because your landing page or product were not yet ready for launch.
From Facebook's perspective, this is data that is valuable to potential customers that want to buy ad space.
> "Your Facebook won’t be as good while it relearns your preferences"
Believe me, "my Facebook" isn't very good with the feed with five years worth of tracking... At least I can have my crappy feed with more of a peace of mind, that's a net win, right?
>I wonder why he's so afraid of people clearing his tracking pixels
Are you being sarcastic? I can think of several reasons Zuck wouldn't want people clearing their cookies. The primary one being the loss (even though temporary) of data resolution for targeting ads.
Somehow I don't think they would do this without their architecture being based on a pre-existing lower-resolution backup layer to maintain information and support. It's not like the model needs every piece of information coming out of Facebook users - they only need the important stuff and could conceivably delete unnecessary information and not lose anything. Given the massive redundancy coming out of thousands or millions of similar people, the global patterns won't change when some subset of users deletes their information. Even local patterns should be filled in by a fresh influx of data fairly quickly.
The unique views problem is interesting from a marketing perspective though. I doubt it will change much but for larger companies it might require adjustment.
Also interesting that they are allowing a theoretical cap on the information they collect. I imagine they'll be moving more into services to avoid future data privacy issues. That means B2B too, FYI...
I wonder why he's so afraid of people clearing his tracking pixels.
Because that would be the end of a gigantic portion of Facebook ad revenue - which should scare users (if they like Facebook) as well. Without the pixel, Facebook ads will be the joke they were when they were first introduced - hardly effective and a money losing proposition for advertisers. A few big brand advertisers that don’t care about ROI might stick around, but everyone else will leave.
Facebook still has a complete image of the things you like, your social graph, intimate details about your marital status, mobility history, personal messaging and so on.
They can still build profiles orders of magnitude more relevant than, say, Google. The web tracking is just an optimization to get the types of data Google has, too.
Most of their advertisers use the pixel to retarget people.
These are by far the most profitable ads for advertisers, and often play a part in a sales funnel in which advertisers may lose money on initial traffic acquisition but make it up and then some through retargeting. Without the pixel, I don't care how many pages as I have "liked," how well they know where I've been, or how many data scientists they hire, they'll never be able to extrapolate that I was considering buying a specific brand of coffee maker at a specific site recently and be able to show me an ad for it.
Retargeting is not just an optimization. For many advertisers, it's the saving grace of the Facebook ads system that produced absurdly poor results before it was introduced. Facebook ads were the brunt of jokes back then, and it will return to that status if too many people use this feature.
> I wonder why he's so afraid of people clearing his tracking pixels.
I know, Poe's Law, etc. etc., but I'm truly surprised at the amount of comments missing the dripping sarcasm from this last line of the post. Especially since the adjective "tracking" was used to describe the pixels. I will say that English is my native language though and HN is a diverse group.
Or that they'll tell the whole truth. The data download option that is supposed to contain your personal profile they store doesn't include searches you've made on Facebook, nor Facebook pages that you've visited but didn't like. I know it was being saved because I'm always being suggested friends based on past searches but I didn't see any of those names in the downloaded report.
> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.
That's not a bug, it's a feature! I've had my browser set up to nuke everything on shutdown as far as I can remember. Yes you have to log back for sites you want to interact non-anonymously but I consider it the sane default.
Tracking and privacy aside, you'll likely save some money too as not being logged into shopping sites raises the barrier to ordering pointless crap.
> I've had my browser set up to nuke everything on shutdown as far as I can remember.
I have this and only log into GMail in a private window (I would do the same for FB if I used it). It's a bit of a hassle, especially since I've enabled 2FA, but it's become a habit and not that much of a hassle (I leave the private window open).
I use entirely separate browsers for that. Gmail logged into my primary account gets its own dedicated browser. Nothing else ever gets opened in that browser and it's never used for "regular" browsing.
It's a failsafe against bugs in the private browser implementation and provides a further separation of authenticated vs anonymous.
What I _really_ want is an option that allows me to prune my Facebook posts. Like if I had a button, or at least some sort of bulk deletion with overview, so I could delete all of my political posts and memes then it would be really handy.
This clear history is handy I guess. Seems kinda shitty to need it, though.
Did you uninstall that after using it? Otherwise that extension still has the ability to "read and change your data on all facebook.com sites." For all you know, it may have uploaded a copy of all your Facebook data to its servers already.
I deactivate the extension after usage. I also looked at the console/source code and the only external urls the extension is calling are google services (Analytics and Chrome Store) I have analytics blocked in the HOSTS file anyway.
This just means facebook will no longer show you or your friends what was in the history. Facebook will still sell advertising based on your private data. It won't be cleared, just hidden from your view.
Weren't they going to roll this out for Messenger at some point? They did it for Zuckerberg, and then mentioned that they were just "testing" it and were going to roll it out generally some time in the future.
You can't unsend an email or text because generally speaking you can't control the other end. SMS was never built with the ability to "recall" a text, so once it's been delivered, it's off the carrier's hands. Email is similar, although with modern mail clients (outside of POP3), you would be able to remotely delete emails in most cases. Exchange recall works exactly like this; if the e-mail hasn't been read yet, then there's a chance for the recall to happen silently. Otherwise, you get a separate "X would like to recall" message instead.
With Facebook Messenger, you're entirely within their platform. You read messages on the Facebook site, or Messenger, and they control it fully. It'd very much be possible to add this functionality.
Have you asked people if they want it? Any time I make a mistake I think about the ability to unsend or edit what was already sent (within a time limit etc etc).
Generally speaking, people aren't going to think, let alone talk to others about a feature that doesn't exist in most platforms they use.
But clearly people do want the ability since Exchange provides that feature, and GMail will delay sending your message for up to minutes in case you want to "Undo" the send.
The gmail case isn't an "unsend" feature, it's just a delayed send.
OP seems to be suggesting you can take back a message once it's sent. This opens up issues since the receiver may have already read the message. Now you get into cases where someone says "Bill threatened me over Facebook messenger" but now Bill has deleted that message.
going by comments I have read here and in reddit, yes I think most people want to be able to delete things they said or posted on fb when they were teenagers
I think deleting posts is different then deleting messages. If I'm having a conversation with you, and make some threat but then delete it. Does it stay in your thread? Get deleted from both threads? What if you screen shot it? If I delete a post, it no longer lives in either feed.
So someone is going to commit a crime, then clears history, asks FB to delete account. Police knocks at FB doors - FB is like "We don't have any information". How is that going to work with GDPR?
> One thing I learned from my experience testifying in Congress is that I didn't have clear enough answers to some of the questions about data
You bet you didn't, Zuckerberg. And those questions weren't even challenging. Imagine if they had grilled you about tracking pixels and cookies and the Facebook login JavaScript snippets that you encourage everyone to put on their website.
This (or any other Facebook feature/change) wouldn’t be such a big deal if Facebook weren’t a monopoly which actively takes steps to remain one. Namely,
- being a closed platform with no easy way to migrate your data to another platform
- buying out the competition
As long as the above is true I consider Facebook as acting against its users’ interests, regardless of any specific feature.
If this is GDPR related then it's to do with privacy, not competition. Suppose you did download a bunch of liked pages, friends comments. What would you do with them? Learn python and import it into, I don't know, Twitter or something? Most people aren't actively looking for a way to do exactly whatever it is on Facebook.com using a different URL.
I hope clearing this history would give me back the chronological feed, would maybe make me use Facebook more than once every month. I completely missed that one of my old friends graduated, another friend moving to a different country for a new job and I missed one of my childhood friends mourning his lost mother. All three of them had posted updates about it on Facebook but since I didn't interact much with their updates Facebook drew the conclusion that I couldn't give less of a shit.
I hate how Facebook announces that they're going to release a privacy feature before they actually have.
It's like they're trying to trick the press into covering it before anyone can actually test it -- while reducing the actual amount of coverage it gets when it's finally available to real users.
It's frustrating to distracted readers too. I read the headline and logged into FB on the spot, for the first time in years, with the intent to flush all of that data. But no amount of searching allowed me to locate the button.
>It's like they're trying to trick the press into covering it before anyone can actually test it
Yep, when big guys like the NSA claimed to delete all data collected without releasing any details, I'm sure at best they drag and drop a few files into Recycle_Bin.
you should always delete all cookies on browser close, there’s a setting to do this automatically. also never accept 3rd party cookies. if you want convenience of easy logins save the passwords into your browser
What? Noo... When you consider the chrome password manager you must consider the chrome binary as a whole. Chrome has had significantly more security issues than 100% of password managers. Of course -- its a more complex set of code.
Its about surface area. A password manager that has no browser integration is by its nature less likely to be compromised, as there are far less vectors of exploitation.
Don't store your passwords in the browser. Use a proper password manager. How its gets from PM to B is up to your risk appetite.
Not really. For one, anybody that can use your computer can see a plaintext list of your Chrome passwords directly from the Chrome options menu. It's an incredibly primitive system.
this part though we usually have good defense against. how many people are using your computer? do you have a login with a password? do you have FDE? when was the last time you handed your laptop over for someone to use without you being right there?
the browser password managers are good enough for most uses
I can almost guarantee that this will end up in FB recording my entire browsing history every-time I use it. I wonder how would the congressional apology for being 'careless' with this feature would go.
I don't get it, how does sporadically deleting cookies help? Sites don't, I assume, store significant amounts of data in them that would get irrecoverably lost. And even for cookies identifying you it should not be too hard to stitch two histories connected to two different cookies back together on the server based on your IP or browser fingerprint. And if they were actually worried about negatively impacting the user experience, why would you not selectively destroy the cookies? Just keep my preferences and give me a new authentication token so that I remain logged in and don't loose my preferences, the browser already has a feature to delete everything. So what am I missing, how is this a useful privacy feature?
If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
Most people likely don’t remember this, but Facebook ads were a joke among the marketing community when they were first introduced. I’d have to find it, but one study produced before the Facebook pixel was introduced showed that less than 6% of Facebook advertisers had any kind of ROI from their Facebook ad spend. The pixel is one of a handful of things they created that turned this around - all of a sudden, people saw ads for things they were already interested in. If the pixel is effectively gone, much of Facebook’s revenue will go with it.
The recent upheaval over privacy didn’t make me worry about Facebook’s future or the stock price. Revenue was still coming in, and as Eric Schmidt says, “revenue solves all known problems” [1]. But this marks the beginning of Facebook’s end as a cash cow. What does a post-revenue Facebook look like?
Looking at the 2008 crisis debacle and “too big too fail”, maybe it wouldn’t be that bad. If your company has an impact on the level of a public utility, maybe it should be regulated like one.
And God knows that Zuckerberg’s lifestyle wouldn’t change much if he was only a “simple” billionaire instead of a multi-billionaire ;)
I imagine regulation is coming. If not specifically for Facebook, then changes in privacy law in the US to edge closer to what the EU enjoys are forthcoming as soon as the US elects a Democratic House.
The US is a capitalist country. It will see how much negative impact the GDPR has on businesses and consumer choice, as websites block EU traffic in droves, and will not make that same mistake.
Let’s not even go down this road, it has been the source of very long discussions. I’ll just say that nobody in the US wants the liability of EU traffic under GDPR except for very large companies with expensive legal teams.
That follows from "successful enough" meaning impacting a large fraction of society in some way - which is the government's area of competence. So they definitely will be interested in your impact, and whether or not your market-driven priorities are at odds with well-being of society.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
They'll make the "Clear History" feature a multi step process that's tucked away in a configurations pane, miles away from what the common user will seek out and use on a regular basis.
Which is why I used the caveat “if a significant percentage of users” do this. If not then fine, but if they do, I don’t think it’s an exaggeration to say that we can all say goodbye to Facebook. That’s how big of a problem this would cause.
They apparently announced that they’re getting into online dating today. Maybe the plan is to knowingly decimate the ad platform and charge for dating at some point. They’ll have massive layoffs and have to sell datacenters, but could at least keep the lights on for a few remaining employees managing the dating service.
My understanding is user activity and user data are distinct, and I'd imagine by now Facebook has enough user data that this might not be as huge a concern as when they were getting started.
No. They announced that people can remove themselves from the custom audiences created by the Facebook pixel. No custom audiences, and the effectiveness of Facebook ads drops dramatically along with Facebook ad revenue. The pixel has become standard operating procedure in most marketing plans and conversion funnels. Many companies lose money on initial traffic acquisition but make it back plus a profit through retargeting. That ability would be gone.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
I don't think it would have a significant negative impact on Facebook at all. I see the value of ad networks as primarily resulting from two features: Having a large audience (network), and knowing the audience well (targeted ads).
Facebook will still have a large audience if people keep using it, even if they all delete their information, so a large audience is a given.
Knowing an audience has two large pieces, identity (i.e. you're user X) and derived identity data, i.e. people interested in HN are interested in tech. The biggest use of all this data is associating users together. If all my data across all the internet was deleted immediately, I bet Google et. al would be able to uniquely identify me within a few days, they wouldn't know I'm the same person whose data was just deleted, but they'd know a wealth of targeting information about me again, and within a few years I'd bet they'd know me just as well as they do now.
My web usage is pretty routine, and humans in general are pretty routine, so I would expect it to generally hold that, without explicit effort to the contrary, we'd all be pretty easily re-identified (at least as much as advertisers are concerned) after deleting our information, and sure, I won't be searching for that exact search query because now my git-fu has improved, but I'm still going to be doing things that identify me as someone interested in and/or using git.
Facebook is going to keep all the derived data from people, and that data is going to allow them to very easily re-target anyone once they have a good feel for what their interests are. And I can't imagine a more transparent display of interests than activity on a social network, it's almost explicitly interest-bound.
I don't think it would have a significant negative impact on Facebook at all
All I can tell you is that Facebook had a large audience before the pixel, and few advertisers were able to generate ROI from Facebook ads. Now he is suggesting that we will return to this state. Showing irrelevant ads to people based upon basic things - like being one of 150 million people that like Coke’s Facebook page - just flatly doesn’t work.
But you're not stopping pixel. You're going to be tracked again. All you're doing is resetting the clock. How long after pixel was implemented did it take for the value of Facebook ads to skyrocket? A few years? And Facebook gets to keep all that they learned during that time, just not the original data they've derived all that wealth from. It's like losing training data for ML. It's not a big deal when you get 10s if not 100s of millions or more data points every day.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
That's what he meant when he said it will worsen your experience right? :-)
357 comments
[ 5.5 ms ] story [ 278 ms ] threadI bet that depends on how you define "good".
Once this rolls out, I'm going to be posting instructions to my feed. One of the only reasons I still keep Facebook around is to publicize articles critical of social media and stuff like this.
Case in point: If you're not logged in to the FB tracking network, after 5 seconds of reading, you get surprised by this "funny" jump scare: https://i.imgur.com/PCQOo8N.png
That is deliberately worsening the experience. If you click the close-button (helpfully labelled "Not now"), it is replaced with a sticky footer that takes 33% of your screen (depending on your window size and zoom setting).
I'm all for better control of my data, but there needs to be some balance so the ads I see are still relevant and not acai berries super juices and Hot Local Singles In My Area.
I understand that an ad model is what allows me to do many things I do on the internet without cost. Now, if I have to choose between an ad model that shows me "Dewalt Tools 25% off" (Something I am interested in) or "Gluten Free Bread" (something I'm not interested in), I will select the former.
muddling newsfeed and ad targeting would make both systems unnecessarily complicated.
The experience using Facebook without them exploiting knowledge of my "preferences" is substantially better.
Granted, I'm running ad blockers, so most of the low-value advertising on FB was already blocked.
People can pin this on Facebook all day, but that's the same bullshit every user-productizing company spews. That the best experience is the one they design, which necessarily includes tracking, ads, and half of the dark patterns in the book.
My guess is that they will retain as much data on you as they can legally get away with.
Insert "Beware of the Leopard" quote here...
If there were strong whistle-blower laws and pre-set rewards however, then might get a whistle-blower who could earn themselves say $1B+ (based on size/revenues of Facebook) for outing the deceit - which then Facebook would be fined for.
At the end of the day, it's just a claim and I try to minimize harm by giving as less data as possible because once they have it, I am not sure what happens to it and for how long it is retained.
So it's really just a way to de-authorize all apps/sites at once?
Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Instead of designing facebook features so that they can enjoyed while preserving privacy, Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.
They do this through a few devious practices, such as the spin doctoring discussed here. One other thing that they do is instead of the option being a check box, it is a selection between two radio buttons and you explicitly have to choose one of them. I suppose this is actually a violation of the GDPR, since it should be disabled by default.
You don't lose value from facebook at all by not opting in. "Show ads that are relevant to me," is an arrogant statement. The actual statement is "Track my browsing to show ads that Facebook believes are relevant to me." I don't use Facebook for the targeted ads, I use it to infrequently receive news about people I know spread out across the globe.
I more was curious of whether the history cleared with Clear History are primary markers for ad targeting or if other data is used, and in reality if enough users don't clear their data but have similar data fingerprints (the non-Clear History data) then Facebook could still present assumptions to target by for those who do clear their history regularly, e.g. it will be a moot point up until say 40% of people regularly are clearing their history and therefore can no longer accurately enough make those assumptions.
Not at all, the NN that does ad targeting has already been trained on the data. Deleting it will make no difference (assuming you believe they actually will delete it)
Trivial example: I can't email you if you withhold email consent.
What I can’t do is email you marketing newsletters the times a week for the next decade, or sell your email address to ‘specially selected trusted partners’.
https://ico.org.uk/for-organisations/guide-to-the-general-da...
https://gdpr-info.eu/art-6-gdpr/
(and maybe article 9) https://gdpr-info.eu/art-9-gdpr/
If you conduct business with an individual, most of time, your legal basis will be the Legitimate interests of both parties, you should only rely on consent for non-necessary part/service (like subscribing to a newsletter, or sharing information for improving the service).
For a good summary of that, I would recommand this ICO document: https://ico.org.uk/media/about-the-ico/consultations/2013551...
Most of the advice I've received is to focus on documenting what data you hold, and what you're doing with it. Just by doing that, you'll probably improve your processes. If you did have any problems with the ICO, those documents will go a long way to showing that you took GDPR seriously.
The collection, storage and processing of personal data is presumed to be unlawful by default, unless it is for a specific, explicit and legitimate purpose. These core principles are set out in Article 5 and they are well worth reading and reflecting on.
https://gdpr-info.eu/art-5-gdpr/
Did the user give you explicit and informed consent for a specific use a specific piece of data? Is your use of data absolutely essential to fulfil your contractual obligations to that user? Are you required by law to collect and store that data? Is your use of data essential to preserve human life? If you can't confidently say yes to at least one of those questions, then you're probably in breach.
It would be unreasonable of anyone to expect to see location-based content if they'd opted out of location sharing.
There probably will be a difference, but I think in actual use, for most people, it will be very small.
For example: If my mother "cleared her history", I really doubt she would notice the worse quality of Facebook and regret deleting her data, as the top-level comment implied. So my point is it's not a move to show how effective the algorithms are, but a privacy-conscious one from Facebook.
In all seriousness, how is that possible any other way? Take the example he gives about log in. If you want a website to automatically know who you are without logging in, please let me know how that is possible without automatically sending identifying information to the website.
And I prefer seeing good ads over bad ones
Privacy and usability are not orthogonal, though Facebook will definitely go leaps and bounds beyond themselves to try to convince the public that it is so.
Privacy and usability actually are orthogonal, as the cookie and login issue shows. You will see this again and again in almost every service. People can't offer loans without knowing credit history. Games can't do balanced matchmaking systems without learning about your level of skill. A website can't send you emails unless you give them your email. I could go on, but I think you are upset enough with Facebook that you won't get the point.
Too bad Facebook couldn't figure out a way to remember I prefer a chronological news feed even with cookies.
This is an excellent feature. I replaced Facebook time with Twitter time a while back and found it even more addicting (because the talent pool is much better and more real-time, and there's an extra sunk-cost fallacy going on with the amount of work required to find good content).
But even more recently, I've been purposefully logging out of Twitter a lot more (and have replaced that with YouTube). Logging back into Twitter now, I see that the "content" there feels less relevant and more boring. This is great for productivity. I just gotta curb the YouTube now - at least with that I can just shunt everything to "Watch Later".
Alright, time to log out of hacker news too.
Another way to put it, "You thought I thought they didn't have backups of their data? your face"
It's a weird change in dynamic when you think about it, because people were too afraid of the "real" so to say. I wrote a post about this years ago. I'm not sure if I entirely still stand behind it, but I'll leave it here anyway:
https://khanism.org/society/how-social-media-destroyed-my-ge...
So, even if Facebook offered such a feature, I wouldn't have much faith that it actually worked.
Also, it's Facebook. They can figure it out, they just don't want to.
Likewise, if people were friends/connections on Facebook when you posted something to them, would you care if they were findable by them (they presumably could save a record of everything their friends published privately), and new friends/connections are prevented from seeing that past content?
I agree there's value in separating what people in new chapters of your life see vs. the old chapters in your life where you weren't as evolved or nuanced (potentially known as inane crap). Just trying to get an understanding of nuances if you're willing to share your take.
I get that the legal issues are different, and that there's no requirement that Facebook provide this functionality, but they already provide some limited control via deleting accounts and individual posts, so I dont think it's unreasonable to expect.
Thanks for responding.
How would you feel if Facebook provided them a tool to help with that?
How would you feel if Facebook did that automatically as a courtesy to them?
The photos your friends uploaded of you from your college days will still be there, but you will be untagged and can turn on tag approvals.
A very real threat against users who delete their accounts is that a scammer will re-create the account, and re-friend your former network, in order to defraud your friends. The account uses your name and photos and is under their control.
FB can't tell the difference between you and an impersonator.
Now, how they even have the data to conclude that you're "impersonating" your deleted self is a fascinating question. Shadow profiles? And yet if FB didn't do anything about this, it would be even worse for people who leave Facebook.
They should get you to send a picture of your passport on signup to verify that it's you.
So even if you delete everything you see, if an old friend who disabled their account re-enables it, there's a fresh batch of content about you.
If Facebook refuses to do the deleting thing for an (actual) EU citizen because they claim their location tracking shows they aren't located within the EU, they are going to have a problem.
If, however, the EU citizen selects in their profile that they live in the US, and then FB refuses to delete their data, the courts are probably going to look favourably on them, cause the user explicitly said so.
Since FB most definitely is absolutely, unforgivably, NOT allowed to request or handle the nationality data in EU passports, for purposes of being a EU citizen, they're pretty much going to have to rely that you're whatever nationality you say that you are.
The UX is useless by design to make it really hard to bulk delete, the backend is shitty and you can't see your content on friend's walls that disabled their account.
It is bad to the point that you wonder if it is on purpose. My guess is that it is. "Shitty product" as a deterrent to deletion.
Try building a scalable database to billions of users on ad revenue and make it retrieve all data from years ago within the time constraints that users want to see newsfeed items in, you'll see ;)
I mostly used the Activity Log (button at the top of your profile page) to do the deletion. There are filters there so you can see the different types of interactions. Removing them is different, e.g. Delete vs Unlike.
During the process, I did notice things appearing which had previously not appeared, so that definitely does happen. I kept going back to see if there was new stuff to delete. The whole process took me about 3 months.
The plot twist is that this all happened over 6 months ago. My profile has been empty the whole time, until sometime within the past couple of weeks, where posts have started to re-appear.
While it did a better job, despite my activity feed being clear, I'm still seeing a lot of posts.
The rub is that I can delete posts that show up from 2008, but that same post will show up on refresh.
Looks like I'm moving to Europe for a day in a few months.
I'm not defending Facebook machiavellian tactics but knowing that no code base is perfect and also that even FB is understaffed, I will give them the benefit of the doubt.
I look forward to the even more damage control...
The Guardian coverage (https://www.theguardian.com/technology/2018/may/01/facebook-...) has this quote like a parent explaining to a 5 year old why they shouldn't delete cookies:
> Zuckerberg also cautioned users against clearing cookies in their browser, saying “it can make parts of your experience worse”, and adding, “Your Facebook won’t be as good while it relearns your preferences.”
I wonder why he's so afraid of people clearing his tracking pixels.
"I don't understand why porn websites have a +1 under the videos? Why would I want anyone to know I use Google+?"
"your account".
What do you reckon is the chance of them removing this from their ad targeting data set "account"??? They're just going to give you a tool that shows some of it to you, then hides it from you when you click the [fuck me over more] button (and they'll record _that_ interaction too, and sell you to the "tinfoil" and "headwear" segments.
is there a chance smaller than zero?
Since the GDPR covers people in the EU that means if you're in the US you can take a vacation to Italy or France or Germany and then pull that stunt on Facebook. (technically)
I am sure they aren't purging backups of the data.
What if hacker deletes your Facebook account? Under GDPR Facebook has actually obligation to keep your data safe from this scenario. Which means they have to keep logs to investigate what happened and also be able to restore your data.
You should delete backups after certain amount of time and state your policy to users.
You can't keep indefinite backups and comply with GDPR.
So if your 5 year old backup, which has no purpose at all, gets stolen, expect a whopping fine for being an idiot. Or your web logs get stolen and it turns out you keep them 2 years, don't expect favourable treatment as that's totally unnecessary data retention.
(More than just Cassandra tho, many databases don't actually "delete", at least not immediately. They "mark for deletion", and may or may not _actually ever delete_ anything.)
The database not actually deleting is still the application properly deleting it. If the DB eventually carries that out or not is a lesser concern to me, tbh.
The concern here is that facebook doesn't actually tombstone their entries or doesn't even have their DB mark it deleted.
I'd happily put down $50 for whoever spilled the beans on what is really going on at Facebook and other companies in that vein.
https://www.sec.gov/whistleblower
Political farce aside, he does have a point, cookies are fundamentally tokens of persistence. Persistent cookies let you configure the websites without creating accounts and stay logged in on the websites you do have accounts on. Loosing that is inconvenient which means it will make parts of the experience worse.
The idea was that you would have access via Facebook to all the potentially interested people that dropped off because your landing page or product were not yet ready for launch.
From Facebook's perspective, this is data that is valuable to potential customers that want to buy ad space.
Believe me, "my Facebook" isn't very good with the feed with five years worth of tracking... At least I can have my crappy feed with more of a peace of mind, that's a net win, right?
Are you being sarcastic? I can think of several reasons Zuck wouldn't want people clearing their cookies. The primary one being the loss (even though temporary) of data resolution for targeting ads.
The unique views problem is interesting from a marketing perspective though. I doubt it will change much but for larger companies it might require adjustment.
Also interesting that they are allowing a theoretical cap on the information they collect. I imagine they'll be moving more into services to avoid future data privacy issues. That means B2B too, FYI...
Because that would be the end of a gigantic portion of Facebook ad revenue - which should scare users (if they like Facebook) as well. Without the pixel, Facebook ads will be the joke they were when they were first introduced - hardly effective and a money losing proposition for advertisers. A few big brand advertisers that don’t care about ROI might stick around, but everyone else will leave.
They can still build profiles orders of magnitude more relevant than, say, Google. The web tracking is just an optimization to get the types of data Google has, too.
Retargeting is not just an optimization. For many advertisers, it's the saving grace of the Facebook ads system that produced absurdly poor results before it was introduced. Facebook ads were the brunt of jokes back then, and it will return to that status if too many people use this feature.
I know, Poe's Law, etc. etc., but I'm truly surprised at the amount of comments missing the dripping sarcasm from this last line of the post. Especially since the adjective "tracking" was used to describe the pixels. I will say that English is my native language though and HN is a diverse group.
That's not a bug, it's a feature! I've had my browser set up to nuke everything on shutdown as far as I can remember. Yes you have to log back for sites you want to interact non-anonymously but I consider it the sane default.
Tracking and privacy aside, you'll likely save some money too as not being logged into shopping sites raises the barrier to ordering pointless crap.
I have this and only log into GMail in a private window (I would do the same for FB if I used it). It's a bit of a hassle, especially since I've enabled 2FA, but it's become a habit and not that much of a hassle (I leave the private window open).
It's a failsafe against bugs in the private browser implementation and provides a further separation of authenticated vs anonymous.
This clear history is handy I guess. Seems kinda shitty to need it, though.
Does any service actually allow this? I can't unsend an email (except with Outlooks recall feature I guess). I can't unsend a text.
With Facebook Messenger, you're entirely within their platform. You read messages on the Facebook site, or Messenger, and they control it fully. It'd very much be possible to add this functionality.
Generally speaking, people aren't going to think, let alone talk to others about a feature that doesn't exist in most platforms they use.
But clearly people do want the ability since Exchange provides that feature, and GMail will delay sending your message for up to minutes in case you want to "Undo" the send.
OP seems to be suggesting you can take back a message once it's sent. This opens up issues since the receiver may have already read the message. Now you get into cases where someone says "Bill threatened me over Facebook messenger" but now Bill has deleted that message.
[1] https://gdpr-info.eu/art-12-gdpr/
Don't see how this edge case is worth permanent surveillance of everyone.
There are facebook pixels all over the web. Do I need to continue deleting cookies to stop the tracking?
You bet you didn't, Zuckerberg. And those questions weren't even challenging. Imagine if they had grilled you about tracking pixels and cookies and the Facebook login JavaScript snippets that you encourage everyone to put on their website.
This (or any other Facebook feature/change) wouldn’t be such a big deal if Facebook weren’t a monopoly which actively takes steps to remain one. Namely,
- being a closed platform with no easy way to migrate your data to another platform
- buying out the competition
As long as the above is true I consider Facebook as acting against its users’ interests, regardless of any specific feature.
Yeah but they're very obviously refraining from outright stating "we only do this because GDPR forces us to".
> What would you do with them?
Federate it in a privacy-respecting way among different services, obviously.
And you won't need to learn python, because cool tools to do cool stuff with your facebook data will be popular enough to download as apps.
It's like they're trying to trick the press into covering it before anyone can actually test it -- while reducing the actual amount of coverage it gets when it's finally available to real users.
Yep, when big guys like the NSA claimed to delete all data collected without releasing any details, I'm sure at best they drag and drop a few files into Recycle_Bin.
Its about surface area. A password manager that has no browser integration is by its nature less likely to be compromised, as there are far less vectors of exploitation.
Don't store your passwords in the browser. Use a proper password manager. How its gets from PM to B is up to your risk appetite.
the browser password managers are good enough for most uses
Please clarify. By "Clear History", which do you mean:
1. Delete History
2. Make All history available for everyone to see.
Avoid abort leave simply this platform
Most people likely don’t remember this, but Facebook ads were a joke among the marketing community when they were first introduced. I’d have to find it, but one study produced before the Facebook pixel was introduced showed that less than 6% of Facebook advertisers had any kind of ROI from their Facebook ad spend. The pixel is one of a handful of things they created that turned this around - all of a sudden, people saw ads for things they were already interested in. If the pixel is effectively gone, much of Facebook’s revenue will go with it.
The recent upheaval over privacy didn’t make me worry about Facebook’s future or the stock price. Revenue was still coming in, and as Eric Schmidt says, “revenue solves all known problems” [1]. But this marks the beginning of Facebook’s end as a cash cow. What does a post-revenue Facebook look like?
I would short the stock - now.
[1] https://twitter.com/ericschmidt/status/507219358246903809?s=...
And God knows that Zuckerberg’s lifestyle wouldn’t change much if he was only a “simple” billionaire instead of a multi-billionaire ;)
And I really want to see how many websites block EU traffic :)
They'll make the "Clear History" feature a multi step process that's tucked away in a configurations pane, miles away from what the common user will seek out and use on a regular basis.
And, like this article does, they'll randomly pop up Zuckerberg's face at you.
They apparently announced that they’re getting into online dating today. Maybe the plan is to knowingly decimate the ad platform and charge for dating at some point. They’ll have massive layoffs and have to sell datacenters, but could at least keep the lights on for a few remaining employees managing the dating service.
I don't think it would have a significant negative impact on Facebook at all. I see the value of ad networks as primarily resulting from two features: Having a large audience (network), and knowing the audience well (targeted ads).
Facebook will still have a large audience if people keep using it, even if they all delete their information, so a large audience is a given.
Knowing an audience has two large pieces, identity (i.e. you're user X) and derived identity data, i.e. people interested in HN are interested in tech. The biggest use of all this data is associating users together. If all my data across all the internet was deleted immediately, I bet Google et. al would be able to uniquely identify me within a few days, they wouldn't know I'm the same person whose data was just deleted, but they'd know a wealth of targeting information about me again, and within a few years I'd bet they'd know me just as well as they do now.
My web usage is pretty routine, and humans in general are pretty routine, so I would expect it to generally hold that, without explicit effort to the contrary, we'd all be pretty easily re-identified (at least as much as advertisers are concerned) after deleting our information, and sure, I won't be searching for that exact search query because now my git-fu has improved, but I'm still going to be doing things that identify me as someone interested in and/or using git.
Facebook is going to keep all the derived data from people, and that data is going to allow them to very easily re-target anyone once they have a good feel for what their interests are. And I can't imagine a more transparent display of interests than activity on a social network, it's almost explicitly interest-bound.
All I can tell you is that Facebook had a large audience before the pixel, and few advertisers were able to generate ROI from Facebook ads. Now he is suggesting that we will return to this state. Showing irrelevant ads to people based upon basic things - like being one of 150 million people that like Coke’s Facebook page - just flatly doesn’t work.
So it will remove a tenth of the revenue? (decem = "ten")
dec·i·mate /desəˌmāt/ verb
1. kill, destroy, or remove a large percentage or part of. "the project would decimate the fragile wetland wilderness"
Nobody uses the word in that way anymore, but some people want to show how clever they are, so they bring it up.
That's what he meant when he said it will worsen your experience right? :-)