357 comments

[ 5.5 ms ] story [ 278 ms ] thread
Money quote: "Your Facebook won't be as good while it relearns your preferences."

I bet that depends on how you define "good".

They probably intentionally selected things to delete to cripple the experience. It's a way of forcing people bad-mouthing facebook to put their money where their mouth is. If critics don't use this feature, they can put the blame solely on them.
> If critics don't use this feature, they can put the blame solely on them.

Once this rolls out, I'm going to be posting instructions to my feed. One of the only reasons I still keep Facebook around is to publicize articles critical of social media and stuff like this.

Why is this downvoted? The article itself is a demonstration that they really do this.

Case in point: If you're not logged in to the FB tracking network, after 5 seconds of reading, you get surprised by this "funny" jump scare: https://i.imgur.com/PCQOo8N.png

That is deliberately worsening the experience. If you click the close-button (helpfully labelled "Not now"), it is replaced with a sticky footer that takes 33% of your screen (depending on your window size and zoom setting).

Indeed. I've discovered it can make major mistakes on who's "important" to me - I'd thought they'd stopped Facebooking, but it turned out their algorithm had for some reason deemed them not to be a "close" friend and de-emphasized them from my feed.
I agree this probably won't make Facebook as good. I relate this to the time before spam filters were good and 50% of my email was penis enlargement pills and money wire fraud. You dump all this data and we go back to a time where I'm not known, and Facebook shows me my active "friends" and it's just my aunt sharing her latest Bejeweled score.

I'm all for better control of my data, but there needs to be some balance so the ads I see are still relevant and not acai berries super juices and Hot Local Singles In My Area.

Why do you want to see ads?
Because I want Facebook to be free... just like I want Google to be free and Gmail and Google Maps and my news site and my sports site and my fantasy sports app and...and...and...and...

I understand that an ad model is what allows me to do many things I do on the internet without cost. Now, if I have to choose between an ad model that shows me "Dewalt Tools 25% off" (Something I am interested in) or "Gluten Free Bread" (something I'm not interested in), I will select the former.

Advertising is a race to the bottom. As long as GDPR affects everyone more-less equally, it'll only reduce the current depth of advertising hole. That is, non-targeted ads might become more profitable again.
Likely, you will see a bunch of random ads instead of targeted ones of things that might actually be interesting to you. Whether or not that's better is up to the user.
I'm assuming I will see a lot more posts from old high school friends who I don't really interact with anymore. It would be a fun experiment to try though.
the two systems are probably unrelated.

muddling newsfeed and ad targeting would make both systems unnecessarily complicated.

I read that sentence as you can try to get rid of us, but we'll be back!
The sentence should be rendered as: "Your Facebook won't be as good [for us] while it relearns your preferences."
I had the realization a while back that certain advertisers were flooding my Newsfeed with Sponsored posts every time I interacted with them in some way -- on or off Facebook. So I started regularly clearing out the Interests and Advertisers sections of Ad Preferences and now my Newsfeed is almost entirely devoid of Sponsored posts.

The experience using Facebook without them exploiting knowledge of my "preferences" is substantially better.

Granted, I'm running ad blockers, so most of the low-value advertising on FB was already blocked.

He meant 'my Facebook won't be as profitable'.
It won't have that "tailored experience".

People can pin this on Facebook all day, but that's the same bullshit every user-productizing company spews. That the best experience is the one they design, which necessarily includes tracking, ads, and half of the dark patterns in the book.

Some days, I secretly wonder if my experience would indeed be better, because I've been blocking ads and tracking shit for the 20 years I've been online. Because frankly, I wouldn't know, maybe this world of constantly being targeted with advertising is really cool. They keep telling me I'm missing out, you know?
It's a veiled threat, just like when they told you that if you disable facial recognition you're worsening the experience of blind users, and that nefarious people will take your photos and impersonate you.
Question is does Facebook remove it from their data?
We will see. Here in Europe, its possible to find out after 2018-05-25.

My guess is that they will retain as much data on you as they can legally get away with.

Ah... now I'm speculating that this tool is their answer to GPDR's right to delete. "We have a tool, we're compliant!".

Insert "Beware of the Leopard" quote here...

Even if they did keep some part of the data, would they be able to use it for anything without inevitably getting caught and facing another scandal?
It might be difficult to catch depending on the how macro attributions they could make on you, depending on the time scale - say over 20 years, if you cleared the history every year, it might give them insights that might be hard to correlate to earlier history.

If there were strong whistle-blower laws and pre-set rewards however, then might get a whistle-blower who could earn themselves say $1B+ (based on size/revenues of Facebook) for outing the deceit - which then Facebook would be fined for.

Is a scandal a huge issue? Despite the recent #DeleteFacebook and everything, Facebook wasn't really impacted all that much and is still making tons of profit even without the 1% of users who did delete it. A future hypothetical scandal where another 1% deletes it would be worth it considering all the data and revenue they made from abusing people's data before the scandal.
Doubtful they will destroy data. Instead, it will most likely be a flag that's flipped to indicate "deleted" status.
I am still not sure if saying and doing is the same thing, specifically in this case when more data means more money for Facebook. And this is not just about Facebook, but to any service that claims they won't log or store my data.

At the end of the day, it's just a claim and I try to minimize harm by giving as less data as possible because once they have it, I am not sure what happens to it and for how long it is retained.

The issue isn't that they aren't honoring requests to delete data. The issue is that they've tied their success and the usefulness of their product strictly to the weakening of user privacy and the necessity to provide them as much such data as possible.
> Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account.

So it's really just a way to de-authorize all apps/sites at once?

> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.

Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Instead of designing facebook features so that they can enjoyed while preserving privacy, Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.

I wonder if and how this impacts their ad targeting abilities?
If people use it en-masse, probably negatively, but most likely they're betting few people will use it, just like how few people (almost no one I know) 100% go through with account deletion. The reality is there is no compromise for privacy. They build tools that help you either lose all value from facebook and retain your privacy, or relinquish your privacy to continue using facebook. It's not so much privacy forward tooling as it is a constant reminder they have a gun to your head.
Thanks for the reply. Instapainting looks like a great service btw.
Well, GDPR makes forces them to make the tracking features opt in, so they have to collectively convince EU users to turn on the tracking as opposed to hoping the people won't disable it.

They do this through a few devious practices, such as the spin doctoring discussed here. One other thing that they do is instead of the option being a check box, it is a selection between two radio buttons and you explicitly have to choose one of them. I suppose this is actually a violation of the GDPR, since it should be disabled by default.

You don't lose value from facebook at all by not opting in. "Show ads that are relevant to me," is an arrogant statement. The actual statement is "Track my browsing to show ads that Facebook believes are relevant to me." I don't use Facebook for the targeted ads, I use it to infrequently receive news about people I know spread out across the globe.

What difference does it make? They wouldn't lower their rates and a zillion people are still on FB so advertisers are going to buy the slots regardless. "Ad targeting" is not something that people outside of the niche of advertising economics care about.
Well, I understand that Facebook will try to extract as much value from advertisers as possible as well, testing the price they're willing to pay based on the conversions that advertiser hopefully are tracking accurately.

I more was curious of whether the history cleared with Clear History are primary markers for ad targeting or if other data is used, and in reality if enough users don't clear their data but have similar data fingerprints (the non-Clear History data) then Facebook could still present assumptions to target by for those who do clear their history regularly, e.g. it will be a moot point up until say 40% of people regularly are clearing their history and therefore can no longer accurately enough make those assumptions.

wonder if and how this impacts their ad targeting abilities?

Not at all, the NN that does ad targeting has already been trained on the data. Deleting it will make no difference (assuming you believe they actually will delete it)

Wouldn't GDPR say that user experience shouldn't be dependent on the consent given by the user?
I don't know how this could be universally possible. If you don't consent to providing data that is key to enabling features of the experience, how could that experience be provided?
Surely there are many areas of functionality that depend upon gaining GDPR consent?

Trivial example: I can't email you if you withhold email consent.

Actually, I can. If you’ve given me your email for some business reason, and for me to conduct that business I need to email you, I can email you. Even if you didn’t explicitly give consent.

What I can’t do is email you marketing newsletters the times a week for the next decade, or sell your email address to ‘specially selected trusted partners’.

Do you know which parts of GDPR specify the concrete limits on things like this? Or is it more a “I’ll know it when I see it” kind of fuzzy boundary for what’s allowed? Would be helpful to know!
well article 6 is as concrete as it gets:

https://gdpr-info.eu/art-6-gdpr/

(and maybe article 9) https://gdpr-info.eu/art-9-gdpr/

To be even more precise, you can refer to Article 6, section f) about Legitimate interests.

If you conduct business with an individual, most of time, your legal basis will be the Legitimate interests of both parties, you should only rely on consent for non-necessary part/service (like subscribing to a newsletter, or sharing information for improving the service).

For a good summary of that, I would recommand this ICO document: https://ico.org.uk/media/about-the-ico/consultations/2013551...

As you say, the boundaries are fuzzy. The more data (especially sensitive data) that you collect and process, the tighter you need to make your boundaries.

Most of the advice I've received is to focus on documenting what data you hold, and what you're doing with it. Just by doing that, you'll probably improve your processes. If you did have any problems with the ICO, those documents will go a long way to showing that you took GDPR seriously.

My, perhaps unfair, impression of GDPR is that it has very little concrete and specific rules, and a whole lot of "you'll know when the court delivers the verdict".
My impression is that GDPR is actually pretty clear, but people involved in PI processing business have a strong cognitive dissonance about it. It's GDPR telling them "don't do that", vs. them thinking "I must do that, so GDPR is unclear on how can I do that".
GDPR is very specific. You must have written policies describing what you do with data, what you do if there’s a breach, how people can find out what data you hold, how people can have their data deleted. And you must have consent to contact someone unsolicited. If you don’t have consent you must have legitimate interest. Legitimate interest includes the words “reasonably expect” but that’s pretty standard for laws.
The GDPR isn't about concrete limits, but concrete permissions. A lot of people have been struggling to make sense of this, because it totally inverts how we currently think about personal data.

The collection, storage and processing of personal data is presumed to be unlawful by default, unless it is for a specific, explicit and legitimate purpose. These core principles are set out in Article 5 and they are well worth reading and reflecting on.

https://gdpr-info.eu/art-5-gdpr/

Did the user give you explicit and informed consent for a specific use a specific piece of data? Is your use of data absolutely essential to fulfil your contractual obligations to that user? Are you required by law to collect and store that data? Is your use of data essential to preserve human life? If you can't confidently say yes to at least one of those questions, then you're probably in breach.

You can check whether it not it does if you're interested - it's been published. I can't be bothered to check but I'd be very surprised if they tried to dictate functionality.
I think the intent there would be that you can't intentionally degrade unrelated parts of the service. For example, if Facebook disabled your ability to view or upload photos because you wouldn't consent to sharing your location.

It would be unreasonable of anyone to expect to see location-based content if they'd opted out of location sharing.

How do you judge how "good" Facebook is, in order to evaluate this? I'm having a hard time thinking people will notice either way.

There probably will be a difference, but I think in actual use, for most people, it will be very small.

I can see it having to do with the ordering of timeline events, the ads you see, and the news visible in the top right corner.
Yes, it would make a difference there. My question is in regards to the top-level comment, will people notice the difference?

For example: If my mother "cleared her history", I really doubt she would notice the worse quality of Facebook and regret deleting her data, as the top-level comment implied. So my point is it's not a move to show how effective the algorithms are, but a privacy-conscious one from Facebook.

I don't know... personally my Facebook experience improved dramatically after I deleted my account in 2013 :)
> Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.

In all seriousness, how is that possible any other way? Take the example he gives about log in. If you want a website to automatically know who you are without logging in, please let me know how that is possible without automatically sending identifying information to the website.

There's not logging in automatically, and then there's using other data they have about you (however limited) to still provide a good experience. The parent comment is clearly talking about the latter (creating experiences that are equally good for privacy minded and open book people) while you're focused on a small feature that isn't really relevant to the bigger picture.
Yes, to offer that functionality it would need a cookie. No, the website doesn't need to correlate that login and all activity related to it to everything else you ever did on the internet to build up a profile about you. It is technically feasible (even easier) to offer the first ("remember me on this one site") without doing the second ("track me across all sites").
Well, technically it's all the same, it's a request to FB servers with an user id and token. Decoupling that relies entirely on Facebook's internal policy. Since they are a public company now, not using that dsta is leaving money on the table.
Technically, at least for EU users, whether they do this or not should now be a switch on the GDPR panel.
Not using that data also makes the ads expierence for people significantly worse.

And I prefer seeing good ads over bad ones

Yea!? How the hell can a website provide easy automatic login without storing your last 10 years of browsing history , every personal covertion you ever had and reselling that information to third parties that use it to track you political affiliations so they can manipulate you during elections!!?!?!! Do these people even know how cookies work? /s

Privacy and usability are not orthogonal, though Facebook will definitely go leaps and bounds beyond themselves to try to convince the public that it is so.

You're conflating the analogy with what the analogy was about. They didn't say that ten years of browser history was needed for automatic login.

Privacy and usability actually are orthogonal, as the cookie and login issue shows. You will see this again and again in almost every service. People can't offer loans without knowing credit history. Games can't do balanced matchmaking systems without learning about your level of skill. A website can't send you emails unless you give them your email. I could go on, but I think you are upset enough with Facebook that you won't get the point.

Sorry to be "that guy", but just responding because I was confused by your post and the parent's post, because you are both using "orthogonal" to mean the opposite of what it actually means. If two things are orthogonal, it means they are independent of each other, i.e. changing one has no effect on the other.
Sounds a lot like "guys, you should NEVER delete cookies or the world would crumble."
It's exactly what Zuckerberg added as a disclaimer if you were to choose to use their new feature.
> and you may have to reconfigure things

Too bad Facebook couldn't figure out a way to remember I prefer a chronological news feed even with cookies.

They'll do what Google does, and impose barely-justified punishments on any users who try to deviate from their preferred flow.
> Your Facebook won't be as good while it relearns your preferences.

This is an excellent feature. I replaced Facebook time with Twitter time a while back and found it even more addicting (because the talent pool is much better and more real-time, and there's an extra sunk-cost fallacy going on with the amount of work required to find good content).

But even more recently, I've been purposefully logging out of Twitter a lot more (and have replaced that with YouTube). Logging back into Twitter now, I see that the "content" there feels less relevant and more boring. This is great for productivity. I just gotta curb the YouTube now - at least with that I can just shunt everything to "Watch Later".

Alright, time to log out of hacker news too.

Is this official confirmation that everything is safely secretly backed up?
You thought they didn't have backups of their data?
I thought it was possible they didn't have "safe, secret" backups (the implication here hopefully being obvious from context clues. A general principle of good discourse is to assume the interpretation that makes the most sense instead of picking apart targets you yourself would know how to respond to if you were in the adversarial position)

Another way to put it, "You thought I thought they didn't have backups of their data? your face"

How about a way to delete past activity? The fact that there's no option for "delete all my old posts, comments, likes, and photos" is infuriating. I don't need a record of my inane crap from high school on the same platform as work friends.
I have my doubts about this feature. In the case of Russian bots, having access to their data is critical.
That’s assuming “delete“ actually removes the data from Facebook‘s servers rather than just hiding it from you and ignoring it for ad targeting.
Stuff can still be deleted, it just has to happen one item at a time (which is stupid and user hostile).
Like it or not, the right to proper, permanent deletion is enshrined in GDPR.
I think that's one reason people stopped using LiveJournal/Blogger and other platforms back in the early 2000s. I had countless friends delete or restrict those accounts because there was too much up there; too personal. All modern social media platforms encourage constant posting to quickly bury anything embarrassing.

It's a weird change in dynamic when you think about it, because people were too afraid of the "real" so to say. I wrote a post about this years ago. I'm not sure if I entirely still stand behind it, but I'll leave it here anyway:

https://khanism.org/society/how-social-media-destroyed-my-ge...

This is a pretty difficult problem to solve. Facebook would need to delete your data from production databases, database backups that were made while you had an account, caches and CDNs, etc. But even if they managed to delete the data in every possible place they could find it, a third party might have made copies of your data via Facebook's APIs some time in the past, and they might still have it.

So, even if Facebook offered such a feature, I wouldn't have much faith that it actually worked.

I really don't think that's a good excuse
It's a fundamentally important problem to solve. If to get rid of my old and no longer wanted public activity record I have to sit for hours upon hours manually deleting stuff, I'm going to be much more judicious in how I post in the future.

Also, it's Facebook. They can figure it out, they just don't want to.

(comment deleted)
They have to do this anyways when you choose to delete their account. And according to Zuckerberg's testimony, he is very confident that this functionality works very well currently.
"it's hard lol" is not an acceptable answer from a company worth billions when it involves data kept on their servers.
The problem is Facebook data is on a lot of other companies' servers at this point, and nobody knows who has what data.
I fail to see why determining where it lives is anyone's problem other than Facebook's, and why they should not be held culpable for it.
I'm not making a moral point about blame and culpability here. I'm making the practical point that it's impossible to delete all of the data if nobody knows who has it.
Yeah it's really going to suck for FB (boo hoo), they just can't win. It's years past due. The warnings have been on the horizon and they've only amped up their data collection to the point it's become even more unmanageable than it already was.
Curious if this deleting all old posts is related to everything you published - including publicly - or only private posts?

Likewise, if people were friends/connections on Facebook when you posted something to them, would you care if they were findable by them (they presumably could save a record of everything their friends published privately), and new friends/connections are prevented from seeing that past content?

I agree there's value in separating what people in new chapters of your life see vs. the old chapters in your life where you weren't as evolved or nuanced (potentially known as inane crap). Just trying to get an understanding of nuances if you're willing to share your take.

I don't mind too much if some link from a decade ago is no longer findable by someone I posted it to. That's what email is for. Activity records on a shared platform should be batch purgeable.
So there's a difference still from email vs. posting on Facebook - email which is usually 1-to-1 with explicit intent because you are typing in the email of each person receiving it vs. a Facebook post set as private ("Only to friends"), going to a pre-set group of friends in (unless you select to show it as Public). Do you feel there's a difference if old Facebook posts sent to "Only my friends" should still be readable by that pre-set group of friends vs. having the same ability with email?
I wouldn't be satisfied, and I think that's already available. My Facebook posts are my posts, while emails I send you are yours. In my mind, it's very much like the difference between putting up signs in my yard vs. sending letters.

I get that the legal issues are different, and that there's no requirement that Facebook provide this functionality, but they already provide some limited control via deleting accounts and individual posts, so I dont think it's unreasonable to expect.

I get what you're saying. It's interesting that there's a different mindset since they're relatively the same, perhaps the explicit nature of action of inputting an email address is the important piece. Of course Facebook also has options for "Friends of friends" to be able to view posts, and likewise any of those friends (or people you send an email to) can forward the email or a post - or even make it public in part or whole; that explicit action of taking the effort to define who you're sending it to also likely makes receiving the message/post more valuable to the reader. The ability to CC and BCC in email also has some unwritten rules as to the intent of if you're attached as a recipient of either - ability to dictate to show others "you're the main person I'm sending this to", "see who else I've sent this to", "I want you to see this but the others don't need to know that."

Thanks for responding.

It's a negotiable fuzzy boundary. How would feel if your friends made private copies of posts you shared with them? ("Took a photo of your yard sign").

How would you feel if Facebook provided them a tool to help with that?

How would you feel if Facebook did that automatically as a courtesy to them?

Delete your Facebook account, wait 30 days (to get out of the 21 day take-backsie period), and create a new account. All content you’ve created will disappear.

The photos your friends uploaded of you from your college days will still be there, but you will be untagged and can turn on tag approvals.

I did this in December 2016…to this day all email addresses that were tied to that account are banned from FB. I recently created a new FB account using a totally virgin email address and FB locked the account once I started friending my "former" network. They do offer to unlock my account(s) if I upload photos of two government documents, which I decline to do.
This sucks for everyone, but I understand why Facebook did that.

A very real threat against users who delete their accounts is that a scammer will re-create the account, and re-friend your former network, in order to defraud your friends. The account uses your name and photos and is under their control.

FB can't tell the difference between you and an impersonator.

Now, how they even have the data to conclude that you're "impersonating" your deleted self is a fascinating question. Shadow profiles? And yet if FB didn't do anything about this, it would be even worse for people who leave Facebook.

> FB can't tell the difference between you and an impersonator.

They should get you to send a picture of your passport on signup to verify that it's you.

The regulations for handling that kind of data are even more stringent in the EU. Which is a good thing btw. I have no compassion for Facebook, they burned themselves over this years ago, the damage has been done, and there's not much more they can do in my eyes.
Yes, sorry. It was a poor attempt at sarcasm.
I took the time to delete everything manually. I thought it was all gone. Then some stuff started to appear. I have no way of knowing whether I pressed delete on this stuff or whether it didn't appear at the time, but the point is that deleting all your stuff by pressing the delete button and viewing a seemingly blank profile does not mean your stuff is actually all gone. Next step - deleting profile entirely.
Oh, here's the fun part: you can only delete what you can see. If you posted something on a user's profile who disabled their account, you can't delete it until they enable their account again.

So even if you delete everything you see, if an old friend who disabled their account re-enables it, there's a fresh batch of content about you.

Is there a way to get them to delete everything? Under GDPR, Europeans certainly can, but then they also lose all of their Facebook friends?
Change your location in your profile to Luxembourg and then avail yourself of the GDPR compliance features?
Are you speculating or does that actually work to enable some controls that are location-based?
Speculating, the controls are still forthcoming aren't they?
Like dleslie said, speculating obviously. However since this is about compliance with EU law, actually location has nothing to do with it. It's about being a EU citizen.

If Facebook refuses to do the deleting thing for an (actual) EU citizen because they claim their location tracking shows they aren't located within the EU, they are going to have a problem.

If, however, the EU citizen selects in their profile that they live in the US, and then FB refuses to delete their data, the courts are probably going to look favourably on them, cause the user explicitly said so.

Since FB most definitely is absolutely, unforgivably, NOT allowed to request or handle the nationality data in EU passports, for purposes of being a EU citizen, they're pretty much going to have to rely that you're whatever nationality you say that you are.

Fun. The posts that reappeared for me were my posts on my wall, so it's not even that complicated.
Did they re-appear after you had remembered deleting them, or were they just not fetched when you looked the first time? I think Cassandra might be to blame where it returned a bunch of wall posts but not all of them when you looked back in history the first time.
This too! I've seen in happen as well in my quest to delete a couple years ago.

The UX is useless by design to make it really hard to bulk delete, the backend is shitty and you can't see your content on friend's walls that disabled their account.

It is bad to the point that you wonder if it is on purpose. My guess is that it is. "Shitty product" as a deterrent to deletion.

Purposefully prioritising "everything but".
Definitely doesn't have to be on purpose.

Try building a scalable database to billions of users on ad revenue and make it retrieve all data from years ago within the time constraints that users want to see newsfeed items in, you'll see ;)

I must have deleted over 10k things, so there's no chance of remembering whether they were on the list of things I deleted or simply didn't appear.

I mostly used the Activity Log (button at the top of your profile page) to do the deletion. There are filters there so you can see the different types of interactions. Removing them is different, e.g. Delete vs Unlike.

During the process, I did notice things appearing which had previously not appeared, so that definitely does happen. I kept going back to see if there was new stuff to delete. The whole process took me about 3 months.

The plot twist is that this all happened over 6 months ago. My profile has been empty the whole time, until sometime within the past couple of weeks, where posts have started to re-appear.

Last year I ran a script to do just this. It didn't get everything, but I eventually gave up. I recently tried Social Book Post Manager to accomplish the same thing.

While it did a better job, despite my activity feed being clear, I'm still seeing a lot of posts.

The rub is that I can delete posts that show up from 2008, but that same post will show up on refresh.

Looks like I'm moving to Europe for a day in a few months.

I think about this and I wonder if they don't add it because no internal team wants to take the responsibility of adding that feature. Imagine, FB source code is >10 year old code base, could there be a delete cascading effect somewhere? You mention posts, comments, likes and photos, what about game activity? Or notes? I think that's what were called. What is all your past information? Who defines what "all" past information is? What about Farmville game activity?

I'm not defending Facebook machiavellian tactics but knowing that no code base is perfect and also that even FB is understaffed, I will give them the benefit of the doubt.

(comment deleted)
I can imagine this spectacularly backfiring... "Facebook tracked all those sites I visited?!?" (What was the joke about porn videos having "Like" buttons?).

I look forward to the even more damage control...

The Guardian coverage (https://www.theguardian.com/technology/2018/may/01/facebook-...) has this quote like a parent explaining to a 5 year old why they shouldn't delete cookies:

> Zuckerberg also cautioned users against clearing cookies in their browser, saying “it can make parts of your experience worse”, and adding, “Your Facebook won’t be as good while it relearns your preferences.”

I wonder why he's so afraid of people clearing his tracking pixels.

> What was the joke about porn videos having "Like" buttons?

"I don't understand why porn websites have a +1 under the videos? Why would I want anyone to know I use Google+?"

Somewhat relevant: A friend took my phone (playfully) and posted this as a status on my profile a while ago. I left it up because I found it funny. Now that it's easier to delete I may actually just do that.
"Delete"
He says: " … you'll be able to clear this information from your account. You'll even be able to turn off having this information stored with your account."

"your account".

What do you reckon is the chance of them removing this from their ad targeting data set "account"??? They're just going to give you a tool that shows some of it to you, then hides it from you when you click the [fuck me over more] button (and they'll record _that_ interaction too, and sell you to the "tinfoil" and "headwear" segments.

> What do you reckon is the chance of them removing this from their ad targeting data set "account"???

is there a chance smaller than zero?

Sadly there is no way to issue an FOIA request to a private company. Possibly only route would be, clear data, notice contain tracking, due for disclosure. Probably the best route for moving forward.
I wonder if the GDPR will have sharp enough teeth to force FB to disclose what it's doing with EU citizen's data here?
Unless FB seizes to have offices in the EU and stops having an HQ in the EU and also stops doing monitoring of people in the EU and also stops any regular service for people in the EU, the GDPR has teeth and people in the EU can ask facebook to send them all data they have, then ask them to delete it and revoke any future permission to process their data.

Since the GDPR covers people in the EU that means if you're in the US you can take a vacation to Italy or France or Germany and then pull that stunt on Facebook. (technically)

You mean soft delete. I'll eat a sock if FB really deletes all of your history. Another one if they make that the default and you only get the other treatment after opting in.
I mean, I am sure they will delete one of the copies of your data they have.

I am sure they aren't purging backups of the data.

Actually, to comply with GDPR, they have to (for people affected by GDPR).
Or have a documented retention policy for backups and a procedure to redelete data when those backups are restored.
Not true. You have the right to retain backups and logs etc. as long as they serve their purpose to secure your service for accidental loss of data or other security purposes and they are properly stored and secured.

What if hacker deletes your Facebook account? Under GDPR Facebook has actually obligation to keep your data safe from this scenario. Which means they have to keep logs to investigate what happened and also be able to restore your data.

You should delete backups after certain amount of time and state your policy to users.

Only if you keep them a reasonable time and the backups will gradually be purged.

You can't keep indefinite backups and comply with GDPR.

So if your 5 year old backup, which has no purpose at all, gets stolen, expect a whopping fine for being an idiot. Or your web logs get stolen and it turns out you keep them 2 years, don't expect favourable treatment as that's totally unnecessary data retention.

No, GDPR requires you to delete all the data corresponding to a user within 30 days after the said user requests deletion of account. That includes backups and logs.
The backups that you can retain are hard to justify further back than about a year (if you even manage to do that), and if you ever use them you have to make sure the data that was deleted because of a request before is not in there again.
You try deleting data from a busy Cassandra node. The tombstones, the tombstones!!!

(More than just Cassandra tho, many databases don't actually "delete", at least not immediately. They "mark for deletion", and may or may not _actually ever delete_ anything.)

The later case is different than simply updating the DeletedAt column.

The database not actually deleting is still the application properly deleting it. If the DB eventually carries that out or not is a lesser concern to me, tbh.

The concern here is that facebook doesn't actually tombstone their entries or doesn't even have their DB mark it deleted.

Well, now it'll have to, at least in Europe, GDPR requires that.
Why do we even use the word "delete" in this forum? We know that (so far) it is NOT deleting anything. It only means "hide from view". Facebook will not forget and will not forgive. Some 10-hour-question-avoiding in front of a committee (irrespective of importance) will not change FB's business model (aka money-maker) overnight.
That's not the sort of thing you can hide. One disgruntled employee would cost FB 100s millions over-night by just reporting it to someone.
Hm. Interesting. How about a 'leak bounty'? Or would that be problematic in the eyes of the law?

I'd happily put down $50 for whoever spilled the beans on what is really going on at Facebook and other companies in that vein.

They'll just delete your user ID field for whatever you posted - so it won't be associated with you any longer, at least on their systems, but they will keep the content for analysis.
If that's true then (1) they're lying and (2) that's not covering it because just a few website visits later they could re-associate your old data with your 'clean' profile because it doesn't take all that many bits to de-anonymize a chunk of data.
That won't work. They also cannot retain data that could be aggregated to identify you as a person. Anonymising by removing an ID is not actually doing that, it's just theater. The GDPR has provisions for that. Bottom line is: if you start fudging things or working around it, you're going to get fined.
He is not afraid of it, any statement he gives along the lines of "Clear your cookies" would be politically damning. An overly dramatic headline could be - 'Zuck, head of evil tracking empire that sells your data, tells everyone that they should clear their cookies which implies tracking is bad'.

Political farce aside, he does have a point, cookies are fundamentally tokens of persistence. Persistent cookies let you configure the websites without creating accounts and stay logged in on the websites you do have accounts on. Loosing that is inconvenient which means it will make parts of the experience worse.

Yep. His announcement was reasonable and as expected.
There was an IH podcast where the person being interviewed talked about getting the Facebook pixel up on your landing page as soon as possible.

The idea was that you would have access via Facebook to all the potentially interested people that dropped off because your landing page or product were not yet ready for launch.

From Facebook's perspective, this is data that is valuable to potential customers that want to buy ad space.

Yes, retargeting campaigns are typically amongst the most effective. Hitting people with ads after they have visited your website
> "Your Facebook won’t be as good while it relearns your preferences"

Believe me, "my Facebook" isn't very good with the feed with five years worth of tracking... At least I can have my crappy feed with more of a peace of mind, that's a net win, right?

>I wonder why he's so afraid of people clearing his tracking pixels

Are you being sarcastic? I can think of several reasons Zuck wouldn't want people clearing their cookies. The primary one being the loss (even though temporary) of data resolution for targeting ads.

Not parent, but this was sarcasm.
Somehow I don't think they would do this without their architecture being based on a pre-existing lower-resolution backup layer to maintain information and support. It's not like the model needs every piece of information coming out of Facebook users - they only need the important stuff and could conceivably delete unnecessary information and not lose anything. Given the massive redundancy coming out of thousands or millions of similar people, the global patterns won't change when some subset of users deletes their information. Even local patterns should be filled in by a fresh influx of data fairly quickly.

The unique views problem is interesting from a marketing perspective though. I doubt it will change much but for larger companies it might require adjustment.

Also interesting that they are allowing a theoretical cap on the information they collect. I imagine they'll be moving more into services to avoid future data privacy issues. That means B2B too, FYI...

I wonder why he's so afraid of people clearing his tracking pixels.

Because that would be the end of a gigantic portion of Facebook ad revenue - which should scare users (if they like Facebook) as well. Without the pixel, Facebook ads will be the joke they were when they were first introduced - hardly effective and a money losing proposition for advertisers. A few big brand advertisers that don’t care about ROI might stick around, but everyone else will leave.

Facebook still has a complete image of the things you like, your social graph, intimate details about your marital status, mobility history, personal messaging and so on.

They can still build profiles orders of magnitude more relevant than, say, Google. The web tracking is just an optimization to get the types of data Google has, too.

Most of their advertisers use the pixel to retarget people. These are by far the most profitable ads for advertisers, and often play a part in a sales funnel in which advertisers may lose money on initial traffic acquisition but make it up and then some through retargeting. Without the pixel, I don't care how many pages as I have "liked," how well they know where I've been, or how many data scientists they hire, they'll never be able to extrapolate that I was considering buying a specific brand of coffee maker at a specific site recently and be able to show me an ad for it.

Retargeting is not just an optimization. For many advertisers, it's the saving grace of the Facebook ads system that produced absurdly poor results before it was introduced. Facebook ads were the brunt of jokes back then, and it will return to that status if too many people use this feature.

(comment deleted)
Are you kidding ? Imagine the crazy boost to unique views after this!
> I wonder why he's so afraid of people clearing his tracking pixels.

I know, Poe's Law, etc. etc., but I'm truly surprised at the amount of comments missing the dripping sarcasm from this last line of the post. Especially since the adjective "tracking" was used to describe the pixels. I will say that English is my native language though and HN is a diverse group.

He's not wrong. If I'm going to be advertised to, I would prefer for it to be targeted.
Just because we now get the opportunity to tell Facebook to clear the data, doesn't mean we'll get to see it.
Or that they'll tell the whole truth. The data download option that is supposed to contain your personal profile they store doesn't include searches you've made on Facebook, nor Facebook pages that you've visited but didn't like. I know it was being saved because I'm always being suggested friends based on past searches but I didn't see any of those names in the downloaded report.
> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.

That's not a bug, it's a feature! I've had my browser set up to nuke everything on shutdown as far as I can remember. Yes you have to log back for sites you want to interact non-anonymously but I consider it the sane default.

Tracking and privacy aside, you'll likely save some money too as not being logged into shopping sites raises the barrier to ordering pointless crap.

> I've had my browser set up to nuke everything on shutdown as far as I can remember.

I have this and only log into GMail in a private window (I would do the same for FB if I used it). It's a bit of a hassle, especially since I've enabled 2FA, but it's become a habit and not that much of a hassle (I leave the private window open).

I use entirely separate browsers for that. Gmail logged into my primary account gets its own dedicated browser. Nothing else ever gets opened in that browser and it's never used for "regular" browsing.

It's a failsafe against bugs in the private browser implementation and provides a further separation of authenticated vs anonymous.

What I _really_ want is an option that allows me to prune my Facebook posts. Like if I had a button, or at least some sort of bulk deletion with overview, so I could delete all of my political posts and memes then it would be really handy.

This clear history is handy I guess. Seems kinda shitty to need it, though.

Did you uninstall that after using it? Otherwise that extension still has the ability to "read and change your data on all facebook.com sites." For all you know, it may have uploaded a copy of all your Facebook data to its servers already.
I deactivate the extension after usage. I also looked at the console/source code and the only external urls the extension is calling are google services (Analytics and Chrome Store) I have analytics blocked in the HOSTS file anyway.
What I really want is purging all messages sent to other people, selectively.
This just means facebook will no longer show you or your friends what was in the history. Facebook will still sell advertising based on your private data. It won't be cleared, just hidden from your view.
Is Facebook ever going to let us unsend messages? I think that is what most people wanted. Delete posts, messages and other things from the past.
Weren't they going to roll this out for Messenger at some point? They did it for Zuckerberg, and then mentioned that they were just "testing" it and were going to roll it out generally some time in the future.
>Is Facebook ever going to let us unsend messages?

Does any service actually allow this? I can't unsend an email (except with Outlooks recall feature I guess). I can't unsend a text.

You can't unsend an email or text because generally speaking you can't control the other end. SMS was never built with the ability to "recall" a text, so once it's been delivered, it's off the carrier's hands. Email is similar, although with modern mail clients (outside of POP3), you would be able to remotely delete emails in most cases. Exchange recall works exactly like this; if the e-mail hasn't been read yet, then there's a chance for the recall to happen silently. Otherwise, you get a separate "X would like to recall" message instead.

With Facebook Messenger, you're entirely within their platform. You read messages on the Facebook site, or Messenger, and they control it fully. It'd very much be possible to add this functionality.

Yes possible, but is it really "what most people wanted." as OP said? I've never heard this from anyone.
Have you asked people if they want it? Any time I make a mistake I think about the ability to unsend or edit what was already sent (within a time limit etc etc).

Generally speaking, people aren't going to think, let alone talk to others about a feature that doesn't exist in most platforms they use.

But clearly people do want the ability since Exchange provides that feature, and GMail will delay sending your message for up to minutes in case you want to "Undo" the send.

The gmail case isn't an "unsend" feature, it's just a delayed send.

OP seems to be suggesting you can take back a message once it's sent. This opens up issues since the receiver may have already read the message. Now you get into cases where someone says "Bill threatened me over Facebook messenger" but now Bill has deleted that message.

going by comments I have read here and in reddit, yes I think most people want to be able to delete things they said or posted on fb when they were teenagers
I think deleting posts is different then deleting messages. If I'm having a conversation with you, and make some threat but then delete it. Does it stay in your thread? Get deleted from both threads? What if you screen shot it? If I delete a post, it no longer lives in either feed.
So someone is going to commit a crime, then clears history, asks FB to delete account. Police knocks at FB doors - FB is like "We don't have any information". How is that going to work with GDPR?
Surely there is going to be plenty of other leads they can look to for evidence?

Don't see how this edge case is worth permanent surveillance of everyone.

If I do not have a facebook account, does this change anything?

There are facebook pixels all over the web. Do I need to continue deleting cookies to stop the tracking?

you need to create an account on facebook, give them more information about you and then you can delete the data.
> One thing I learned from my experience testifying in Congress is that I didn't have clear enough answers to some of the questions about data

You bet you didn't, Zuckerberg. And those questions weren't even challenging. Imagine if they had grilled you about tracking pixels and cookies and the Facebook login JavaScript snippets that you encourage everyone to put on their website.

"It was hard to pretend I'd never heard of community moderation."
Great feature, but not major in the big picture.

This (or any other Facebook feature/change) wouldn’t be such a big deal if Facebook weren’t a monopoly which actively takes steps to remain one. Namely,

- being a closed platform with no easy way to migrate your data to another platform

- buying out the competition

As long as the above is true I consider Facebook as acting against its users’ interests, regardless of any specific feature.

If this is GDPR related then it's to do with privacy, not competition. Suppose you did download a bunch of liked pages, friends comments. What would you do with them? Learn python and import it into, I don't know, Twitter or something? Most people aren't actively looking for a way to do exactly whatever it is on Facebook.com using a different URL.
> If this is GDPR related then it's to do with privacy, not competition.

Yeah but they're very obviously refraining from outright stating "we only do this because GDPR forces us to".

> What would you do with them?

Federate it in a privacy-respecting way among different services, obviously.

And you won't need to learn python, because cool tools to do cool stuff with your facebook data will be popular enough to download as apps.

I hope clearing this history would give me back the chronological feed, would maybe make me use Facebook more than once every month. I completely missed that one of my old friends graduated, another friend moving to a different country for a new job and I missed one of my childhood friends mourning his lost mother. All three of them had posted updates about it on Facebook but since I didn't interact much with their updates Facebook drew the conclusion that I couldn't give less of a shit.
I hate how Facebook announces that they're going to release a privacy feature before they actually have.

It's like they're trying to trick the press into covering it before anyone can actually test it -- while reducing the actual amount of coverage it gets when it's finally available to real users.

It's frustrating to distracted readers too. I read the headline and logged into FB on the spot, for the first time in years, with the intent to flush all of that data. But no amount of searching allowed me to locate the button.
>It's like they're trying to trick the press into covering it before anyone can actually test it

Yep, when big guys like the NSA claimed to delete all data collected without releasing any details, I'm sure at best they drag and drop a few files into Recycle_Bin.

Spot on. In marketing, it's called "teasing". Definitely generates more hype and makes them look like heroes...
(comment deleted)
you should always delete all cookies on browser close, there’s a setting to do this automatically. also never accept 3rd party cookies. if you want convenience of easy logins save the passwords into your browser
Better yet, don't store any passwords in your browser - use a proper password manager.
Chrome's password manager has a much, much better security record than any "proper password manager".
What? Noo... When you consider the chrome password manager you must consider the chrome binary as a whole. Chrome has had significantly more security issues than 100% of password managers. Of course -- its a more complex set of code.

Its about surface area. A password manager that has no browser integration is by its nature less likely to be compromised, as there are far less vectors of exploitation.

Don't store your passwords in the browser. Use a proper password manager. How its gets from PM to B is up to your risk appetite.

Not really. For one, anybody that can use your computer can see a plaintext list of your Chrome passwords directly from the Chrome options menu. It's an incredibly primitive system.
this part though we usually have good defense against. how many people are using your computer? do you have a login with a password? do you have FDE? when was the last time you handed your laptop over for someone to use without you being right there?

the browser password managers are good enough for most uses

Dear Facebook:

Please clarify. By "Clear History", which do you mean:

1. Delete History

2. Make All history available for everyone to see.

I can almost guarantee that this will end up in FB recording my entire browsing history every-time I use it. I wonder how would the congressional apology for being 'careless' with this feature would go.
My privacy protection seems to not clear.

Avoid abort leave simply this platform

I don't get it, how does sporadically deleting cookies help? Sites don't, I assume, store significant amounts of data in them that would get irrecoverably lost. And even for cookies identifying you it should not be too hard to stitch two histories connected to two different cookies back together on the server based on your IP or browser fingerprint. And if they were actually worried about negatively impacting the user experience, why would you not selectively destroy the cookies? Just keep my preferences and give me a new authentication token so that I remain logged in and don't loose my preferences, the browser already has a feature to delete everything. So what am I missing, how is this a useful privacy feature?
If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

Most people likely don’t remember this, but Facebook ads were a joke among the marketing community when they were first introduced. I’d have to find it, but one study produced before the Facebook pixel was introduced showed that less than 6% of Facebook advertisers had any kind of ROI from their Facebook ad spend. The pixel is one of a handful of things they created that turned this around - all of a sudden, people saw ads for things they were already interested in. If the pixel is effectively gone, much of Facebook’s revenue will go with it.

The recent upheaval over privacy didn’t make me worry about Facebook’s future or the stock price. Revenue was still coming in, and as Eric Schmidt says, “revenue solves all known problems” [1]. But this marks the beginning of Facebook’s end as a cash cow. What does a post-revenue Facebook look like?

I would short the stock - now.

[1] https://twitter.com/ericschmidt/status/507219358246903809?s=...

What choice did they have? Either do this or be regulated and forced to do this.
Said another way: when you become successful enough, the government becomes a stakeholder in your business.
Looking at the 2008 crisis debacle and “too big too fail”, maybe it wouldn’t be that bad. If your company has an impact on the level of a public utility, maybe it should be regulated like one.

And God knows that Zuckerberg’s lifestyle wouldn’t change much if he was only a “simple” billionaire instead of a multi-billionaire ;)

I imagine regulation is coming. If not specifically for Facebook, then changes in privacy law in the US to edge closer to what the EU enjoys are forthcoming as soon as the US elects a Democratic House.
The US is a capitalist country. It will see how much negative impact the GDPR has on businesses and consumer choice, as websites block EU traffic in droves, and will not make that same mistake.
All developed countries are capitalist.

And I really want to see how many websites block EU traffic :)

Let’s not even go down this road, it has been the source of very long discussions. I’ll just say that nobody in the US wants the liability of EU traffic under GDPR except for very large companies with expensive legal teams.
That follows from "successful enough" meaning impacting a large fraction of society in some way - which is the government's area of competence. So they definitely will be interested in your impact, and whether or not your market-driven priorities are at odds with well-being of society.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

They'll make the "Clear History" feature a multi step process that's tucked away in a configurations pane, miles away from what the common user will seek out and use on a regular basis.

Also, for "technical reasons", using the feature will somehow result in FB Events no longer working properly.

And, like this article does, they'll randomly pop up Zuckerberg's face at you.

I respectfully disagree. Very few people will ever clear their history.
Which is why I used the caveat “if a significant percentage of users” do this. If not then fine, but if they do, I don’t think it’s an exaggeration to say that we can all say goodbye to Facebook. That’s how big of a problem this would cause.

They apparently announced that they’re getting into online dating today. Maybe the plan is to knowingly decimate the ad platform and charge for dating at some point. They’ll have massive layoffs and have to sell datacenters, but could at least keep the lights on for a few remaining employees managing the dating service.

The paragraph literally starts with "if"...
And then the author goes on to say "I would short the stock now".
My understanding is user activity and user data are distinct, and I'd imagine by now Facebook has enough user data that this might not be as huge a concern as when they were getting started.
No. They announced that people can remove themselves from the custom audiences created by the Facebook pixel. No custom audiences, and the effectiveness of Facebook ads drops dramatically along with Facebook ad revenue. The pixel has become standard operating procedure in most marketing plans and conversion funnels. Many companies lose money on initial traffic acquisition but make it back plus a profit through retargeting. That ability would be gone.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

I don't think it would have a significant negative impact on Facebook at all. I see the value of ad networks as primarily resulting from two features: Having a large audience (network), and knowing the audience well (targeted ads).

Facebook will still have a large audience if people keep using it, even if they all delete their information, so a large audience is a given.

Knowing an audience has two large pieces, identity (i.e. you're user X) and derived identity data, i.e. people interested in HN are interested in tech. The biggest use of all this data is associating users together. If all my data across all the internet was deleted immediately, I bet Google et. al would be able to uniquely identify me within a few days, they wouldn't know I'm the same person whose data was just deleted, but they'd know a wealth of targeting information about me again, and within a few years I'd bet they'd know me just as well as they do now.

My web usage is pretty routine, and humans in general are pretty routine, so I would expect it to generally hold that, without explicit effort to the contrary, we'd all be pretty easily re-identified (at least as much as advertisers are concerned) after deleting our information, and sure, I won't be searching for that exact search query because now my git-fu has improved, but I'm still going to be doing things that identify me as someone interested in and/or using git.

Facebook is going to keep all the derived data from people, and that data is going to allow them to very easily re-target anyone once they have a good feel for what their interests are. And I can't imagine a more transparent display of interests than activity on a social network, it's almost explicitly interest-bound.

I don't think it would have a significant negative impact on Facebook at all

All I can tell you is that Facebook had a large audience before the pixel, and few advertisers were able to generate ROI from Facebook ads. Now he is suggesting that we will return to this state. Showing irrelevant ads to people based upon basic things - like being one of 150 million people that like Coke’s Facebook page - just flatly doesn’t work.

But you're not stopping pixel. You're going to be tracked again. All you're doing is resetting the clock. How long after pixel was implemented did it take for the value of Facebook ads to skyrocket? A few years? And Facebook gets to keep all that they learned during that time, just not the original data they've derived all that wealth from. It's like losing training data for ML. It's not a big deal when you get 10s if not 100s of millions or more data points every day.
We need browser extension that clears facebook history every 15 minutes.
If that gained widespread use, you wouldn't need it anymore because Facebook wouldn't have enough revenue to keep their servers running.
I would be happy to donate for such an extension after the feature ships!
> It will decimate revenue.

So it will remove a tenth of the revenue? (decem = "ten")

Huh? I did spell it correctly.

dec·i·mate /desəˌmāt/ verb

1. kill, destroy, or remove a large percentage or part of. "the project would decimate the fragile wetland wilderness"

The OP is pedentically referring to the original Roman use of the word, which mean to kill/remove a tenth.

Nobody uses the word in that way anymore, but some people want to show how clever they are, so they bring it up.

> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.

That's what he meant when he said it will worsen your experience right? :-)