> The New York Times interviewed more than 60 people, including former employees of Facebook and its partners, former government officials and privacy advocates.
> The Times also reviewed more than 270 pages of Facebook's internal documents and performed technical tests and analysis to monitor what information was being passed between Facebook and partner devices and websites.
> The social network allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
> The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
The records the New York Times reviewed were "generated in 2017" and "some were still in effect this year." That means not only did these agreements cross through Facebook's representations to various governments, they also overlap with GDPR.
duckduckgo works really well. For some topics google is better, but for 95% ddg do the job as a day to day standard search engine. And those times you need google, it is very simple just to add !g bang to get the google search results. With ddg you get better privacy and dont end up in googles filter bubble. More should try it out.
> The social network allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
> The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
This information contrasts with a statement Facebook provided in 2018, stating that such data sharing partnerships ended at the end of 2015. That statement itself was correcting an earlier statement stating that such access had ended even earlier.
> Facebook shared personal information culled from its users' profiles with other companies after the date when executives have said the social network prevented third-party developers from gaining access to the data, the company confirmed Friday.
> The companies had access to the data during a stretch of time in 2015 after Facebook had locked out most developers who build apps that work on its social network. Facebook gave select "whitelisted" companies extensions before they were also blocked from getting its users' personal information.
> Those extensions expired before the end of 2015, Facebook said. The company believes the previously unreported extensions with a select group of companies is consistent with previous statements that Facebook CEO Mark Zuckerberg has made, including in testimony to Congress, about shielding its 2.2 billion users' personal information from third parties since 2015.
> "Any new 'deals', as the Journal describes them, involved people's ability to share their broader friends' lists — not their friends' private information like photos or interests," Ime Archibong, Facebook's vice president of product partnerships, said in a written statement.
“Among the revelations was that Facebook obtained data from multiple partners for a controversial friend-suggestion tool called “People You May Know.”
The feature, introduced in 2008, continues even though some Facebook users have objected to it, unsettled by its knowledge of their real-world relationships. Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.
Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest more connections, the records show.”
Well, that explains some of the conspiracy-mongering that was so rampant around this feature. Facebook (probably) wasn’t secretly recording your phone calls etc. They didn’t need to - they were getting streams of data from other partners.
“Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread”
> Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread
There's a settlement out there for anyone with a Facebook account who was turned down for a loan by RBC. No chance RBC wants its dirty laundry aired in a Fair Housing suit.
Why would RBC even expose themselves to this liability? What was the point?
With every single one of these companies I am...baffled, that anyone thought this was a good idea, but in this situation especially it makes zero sense. All that liability for what possible upside?
I think this was intended to be a customer support channel and they had to be able to delete the messages containing bank info after a certain amount of time. I had read something about it, I don't think carte blanche access to users' messages was sought or given, it was just support conversations. I didn't use it so this is like my memory of 2nd hand info.
I used to work in Social Media customer support using a well known platform, in a large telecommunications company.
We could only access the private message history containing the conversations we had had with the individual, nothing else.
You think people care about their personal data, you should see what type of information they provide through private messaging platforms. Including through public posts, it's shocking.
Well, sure, there are always people that act against their own best objective interest but the case here is that Facebook is making a bad decision for them, and also not informing about it other than in broad, hard-to-grok language.
> Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread.
At this point it’s hard to dispute that at Facebook “private” is synonymous with “public” for most practical purposes.
Shared under NDA with business relationships is not “public” for the common use of the term. Although I agree with your sentiment, your statement isn’t really accurate. Otherwise I would be able to read Spotify users’ facebook DMs, and I can’t.
You’re kidding, right? If I send a “private” message, but everybody from law enforcement to my bank has access to it, it’s not private. It’s public knowledge as far as any background checks or loan applications are concerned. By contrast, if my bank worked out a deal with Bell where they get to record my all phone conversations they would still be committing a felony in almost all jurisdictions, NDA or not. That’s a reasonable example of “private” communications.
You have a very good point, and in an ideal world that's what one would expect. Unfortunately our mindset has to change and we have to be way more suspicious on what companies do with our "private" data.
It’s public knowledge as far as any background checks or loan applications are concerned.
You give permission for those and the data accessed is often not public. There are degrees of privacy - what you're trying to do make up your own definition of 'public' and then have message board fights about it. It's not really a sensible position, let alone interesting conversation.
> You give permission for those and the data accessed is often not public.
I'm not sure this was always the case with Facebook though. Let's say my friend John gives RBC access to his messages and I message him asking to loan me $50 because I'm struggling with money. Down the road if I apply for a loan from RBC they now have access to my "private" message, without my permission and can ostensibly then use that information when determining my creditworthiness. All without my knowledge or consent.
It's up for sale to commercial entities who pays up, and available to law enforcement with no legal expectation of privacy. That's public for the common use of the term.
One possibility would be that Facebook users were supposed to be able to read, write, and delete their own chat messages via custom chat clients built by Spotify, Netflix, and so on.
If so, the New York Times is throwing shade on Facebook basically for not being enough of a walled garden. I hope their journalists are not that confused?
I'm a bit worried that some journalists (and some readers) no longer care to make any distinction between an app having access for legitimate reasons that respect users' intentions and the whole company having access to do whatever they like. At least, they don't explain it well.
The distinction doesn't exist in practical terms. The company controls the behavior of the app; the fact that an app has access for legitimate reasons doesn't mean that any given use of the access was for legitimate reasons.
Mark my words. There is going to be an article that grossly misunderstands oauth and tells people that facebook, twitter, etc, are all giving access user information to third party's willy nilly and that there is an entire system widely used across the web for encouraging this sort of behavior.
Yeah, I think nytimes is intentionally being misleading here. I don't doubt FB made some shady deals with the big tech companies, but it seems like they're conflating granting app permissions so that certain functions like sharing Spotify songs over Messenger work with granting access to all user data.
They have been exactly that confused (or possibly intentionally deceptive) in the past. One of their previous articles pretended that Facebook, by giving users the ability to log in and interact with their friends via a built-in manufacturer app on their Huawei smartphones, was actually giving those friends' data to Huawei: https://www.nytimes.com/interactive/2018/06/03/technology/fa...
Facebook's permissions scopes have never been that granular - if you get approved for a permission it's generally access to create, edit, view, and delete all in one.
It's a little hard to cite now - most of the user-level permissions are gone, or are behind a "This permission is restricted to a limited set of partners and usage requires prior approval by Facebook" restriction.
They've clamped down repeatedly on how much data comes out of the API - you used to get full info on friends, then just their names and IDs, then that list wound up filtered to just other friends who'd authorized the same app.
"Facebook would like access to your contacts. Do you agree? YES no"
Address book import and triangle closing drives the most PYMK features across every social network. It's a gold mine, and that's why everything wants it.
I just wish there was a way to figure out _why_ I'm getting some ads, to dispel that fear.
On Instagram last weekend I and a friend were shown a number of ads for Chandon sparking wine after I bought a bottle, and someone else at the party also did and we talked about it.
Both of us insist we didn't google sparkling wine, Chandon, or anything we think relevant... it really does on the face of it appear Facebook had listened to us.
If you purchased the wine with a credit card then Facebook has the ability through agreements with other data providers/aggregators to connect it back to your Facebook, Instagram, etc account. Source: I know someone who is in biz dev at one of said companies and sells this type of “profile” data to Facebook and countless other companies. If you purchased with cash then sure does sound like they were somehow listening.
Hmm, I did. But her bottle was a leftover from a wedding several months ago (because we're connected on IG perhaps? Seems like quite the stretch though).
Also surely advertising the same wine I just bought to me is... dodgy ROI at best?
this happened with a few co-workers. They got ads about things we spoke about at work and shared it with the group on slack. After nagging them about uninstalling FB for a while, the targeted ads scared some of them to finally uninstall the always listening FB spyware from their phone(s)
I once dropped my work laptop and snapped the plastic housing on the charger plug. I only discussed it verbally with my manager and said that I, as a consultant, would replace it at my own expense. Before I'd had chance to search for and price one up adverts for laptop chargers started following me around the web.
It could have been that she then searched for a charger and being a small company we all shared an external IP address, that we also shared the ads... or it could have been that spy software on my phone had sold our conversation to advertisers. Either way, mic privileges were locked down and ad and tracker blocking efforts doubled after that.
Boy, if you think the amount of data FB sells is creepy, wait until you find out how much information your insurance provider sells, or your cell phone provider, or your credit card provider, or your health provider...
If you ever get in a car accident in the United States don't be surprised to get mail the very next day from accident insurance attorneys because you bet every service you use is selling every aspect of your life without your explicit knowledge or consent. Every time you use a credit card to purchase something that information is sold to a network larger than you can imagine, who will in turn sell it to their network. Your geographical location is sold by your cellphone provider whether you realize it or not and whether you think you have GPS tracking turned off. If you have a SIM card that's tied to you as an individual, it's being sold.
Notice how the keyword is "suspend"? I don't doubt that they've quietly resumed the practice. In fact, I bet all of these companies and service providers are overjoyed right now that the media is so focused on FB to care about all of the shady shit they're doing on a daily basis.
I'd rather not have any of my data shared, of course, but if I had to pick and choose between my health insurance being sold and versus what TV shows I liked on FB, I'll take the TV shows any day.
Facebook isn't tapping your phones microphone 24/7. It's a nice little dystopian theory that's been disproven time and again.
A far more probable and less exciting explanation is that your credit card provider (or the store you bought the wine from) is selling your information and Facebook happens to be one of the buyers.
Furthermore, people grossly overestimate how unique they are. At any given point in time you're a target market for millions of products, you just don't notice the ads for the ones you don't buy. Just because there's a correlation doesn't mean you were singled out as an individual.
I think something shady was going on with the company formally known as Axciom:
"On May 14, 2014, Acxiom announced that it had acquired LiveRamp, a data onboarding company, for $310 million. LiveRamp was founded in 2011 as a spinout of RapLeaf, a marketing data and software company founded in San Francisco, California in 2005 by Auren Hoffman and Manish Shah.
In May[2017], LiveRamp announced a consortium formed with two other ad tech companies, AppNexus and MediaMath, to compete with Facebook and Google in the area of programmatic advertising, the term used to refer to the use of automation software to buy advertising.
In 2016, LiveRamp acquired two data and identity-matching startups, Arbor and Circulate, for more than $140 million combined. The company also announced the launch of IdentityLink, a method of anonymizing consumer's identities as they are tracked across multiple platforms.
In February 2018, Acxiom announced a reorganization from three divisions into two - a Marketing Solutions group and its LiveRamp business. In May, the company announced international expansion into Brazil, Netherlands and Italy, and released Global Data Navigator (GDN), a portal for identifying available data elements by country. In June 2018, Consumer research firm GfK MRI has partnered with Acxiom."
Well that's my point - however they're doing the targeting is so good as to be creepy and so I wish there was a way for me to force them to show me why I'm seeing a particular ad.
You may have brought it online in which case almost certainly there was a FB tracking pixel fired back from the e-commerce website to signal that you did. On the other hand if you bought from an offline store and swiped a loyalty card while doing so, your transaction might have been uploaded to create a custom audience. If you paid by your phone or have your loyalty app on your phone this becomes even easier - convenient offline to online matching is the only reason loyalty program apps are pushed.
Finally, even if you didn't do any if these and the other person did, if you both connected to the WiFi at the party and checked FB (or better still you added the other person as a friend), the shared IP address between your devices is enough of a signal to begin connectings.
I don't understand why we're not allowed to be skeptical of accusations once the masses have decided that a company is evil. Aren't you at least curious about what they actually did and how they made decisions?
It's quite possible that, even at a company that has done some bad things, other things have a more innocent explanation.
I am, but they don't seem to be exactly keen to tell us that. They seem more interested in bunkering down and writing pre-made apologies for each thing the media discovers.
RE: Royal Bank of Canada, their access to the Messages API was specifically to let people send money to their friends via Messenger through the RBC app.
In Canada, the only way method for P2P money transfer is through a system called Interac, which relies on email addresses. Using Facebook Login + Messenger was a big improvement since it's harder to accidentally send money to the wrong person.
> Well, that explains some of the conspiracy-mongering that was so rampant around this feature. Facebook (probably) wasn’t secretly recording your phone calls etc. They didn’t need to - they were getting streams of data from other partners.
I really wish there was a law requiring real disclosure of such customer/user-data sharing agreements with enough detail to know what's actually happening. The disclosures should include things like schemas, example records, and reasonable names for data receiptients (e.g. Amazon Inc., not Sunshine Data Brokers II Inc., an unacknowledged subsidiary of Amazon).
There's no way to make an informed choice about using a particular service or dealing with a particular company without that.
It's not exactly nefarious to query friends of friends in the same geographical area. The problem is people willingly constructing a social graph without care for the consequences. G+ theoretically enabled this sort of isolation but in practice it is too much work to maintain separation. The only way to win is not to play at all.
> Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.
Geez, and I thought I was annoyed with mere former bosses showing up who I didn't part on good terms with
It’s about control. If it’s my data, I should be able to give permission for other apps to access it - regardless of whether Facebook views them as a competitor. Likewise, I should be able to block access for a given third party - regardless of how much money such a “partnership” would generate for Facebook.
So yes, it is anti-competitive for Facebook to block access against the explicit wishes of its users. But it’s also despicable to sell user data to whomever without asking permission first. It’s pretty obvious from Facebook’s actions that they consider it their data, not your data.
Intention is so central to judging actions in both the law and ethics generally, it’s bordering on willful ignorance to profess ignorance (recursion intended).
It is absolutely obscene how much of a breach of trust and decency these are.
Facebook still hasn't fully come clean because they knew they were doing unsavory activities and just wanted to not get caught and keep getting away with it.
Zuckerberg isn't a robot - he's entitled, overconfident, and underappreciative of the depth or complexity of the world beyond his experience or the impact of his actions upon it. Further, he shows no hesitation in imposing his will on others despite those shortcomings, and is entrenched in his perspective and tactics rather than open to learning. More briefly - he's a jerk.
Hopefully from Federal prison with a life sentence. Literally billions of times he and his execs, managers, and engineers have violated the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, Federal Wiretap Act, and more.
Facebook could be considered as a strategic military asset, as it is capable of quite accurately mapping people around the world. Relationships between people in Iran, same place same time, same IP, ghost profiles...
If you were the CIA, wouldn’t you work on protecting/ preventing such people from having a trial?
Of course it is. I agree with your comment.
I also think FB is the work of secret services, from its inception to the present day. I've seen Zuck talk, and he doesn't strike me as a specially smart guy. But he's young and always smiling, shows enthusiasm and that's what people need. It's a nice cover.
How Zuck doesn't seem smart?
Have you seen " the social network "
If you have to make assumption, let me make another data supported assumption, Zuck is Ashkenazi Jew, statistically he's got probability of having more IQ than a person belonging to some other ethinic group.
He is a copyful dullard who has no creativity and is only adept at implementing codes that do obvious things or stealing ideas had by creative types. He stands in contrast to real geniuses of the last centuries, whose every quote echoes through time. He is hack.
The infiltration of the ivy league by the CIA makes it very possible that Facebook itself is a direct asset of US national intelligence services. Zuck would never be able to stand up to that kind of pressure.
What does this even mean? I can't imagine many more wasteful uses of government revenue than approaching dull undergraduates and coercing them into starting clandestine programs that prey on their peers.
Personal attacks are not ok here, regardless of whom you're attacking. Maybe you don't owe better to reviled $billionaire but you owe much better to this community.
> Hopefully from Federal prison with a life sentence. Literally billions of times he and his execs, managers, and engineers have violated the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, Federal Wiretap Act, and more.
Preferably multiple life sentences to ensure he can never get out or create another monstrosity like FB. Also get laws created/strengthened against such repeat abusers of people.
Slightly related: The Chinese government is already working on a social credit rating system using mass surveillance. I shudder to even imagine living in such a world.
They never sold user data for cash, but the monerary value of what they would have gained in network effects would have had measurable value, or they would not have done it.
> With most of the partnerships, Mr. Satterfield said, the F.T.C. agreement did not require the social network to secure users’ consent before sharing data because Facebook considered the partners extensions of itself — service providers that allowed users to interact with their Facebook friends.
Wow, this seems like yet another contortion to get out of asking the user what they want.
He's lied to Congress. He's lied to half of Europe. (Or blown them off.) He's knowingly directed the violation of a federal consent decree and several EU directives. He presides over a platform profiting from mass atrocities in multiple countries.
There's plenty to go after him with. The only things protecting him are his standing and lack of unexpected criminality.
There is no evidence, just innuendo, raw emotion, and pure discounting of personal responsibility. Many seem to want all the perceived benefits of FB, but none of the costs. Just to be clear, I don't use, nor like FB.
No. The laws under which he might possibly be charged are never applied to billionaires or those with sufficient connections in military or government.
The rules for you and I are not the same rules for Zuckerberg or Clapper.
I'm so glad I left that place. I always had concerns but I had no idea the greed and abuse of users was so entrenched. Working in infra you don't find out about this kind of stuff.
A basic principle of PR is that you should trickle out good news, and get all the bad news out in one dump. Because when bad news trickles out, and the public reads a fresh bit of bad news every day, it does more damage.
One wonders at Facebook's very passive strategy here. They're not controlling the narrative at all, and we're reading a fresh bit of bad news almost every day.
Facebook is as bad or worse a company as its strongest critics suggest. There's not some dump of bad news, there's horrific practices everywhere you look, so every investigation uncovers more bad stuff since it's the norm for the company rather than the exception…
I don't think many of the employees at various levels understand the "bad news" part of this. Therefore, they can't plan appropriately.
I don't think it is intentional but rather a function of most employees being in a weird corporate "filter bubble" with extra strong cool-aid being served on the daily.
I know a couple Facebook employees. It is actually very disturbing to see at what length they go to cover and find excuses for each of those breaches. Not a lot of the them are taking a step back. Echo chamber...
A couple years ago Zuck was hinting at creating a privatized global government to compete with the U.N. I feel like a lot of the good stuff hasn’t even started coming out yet.
“Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show.”
Although I tried getting one friend to switch today, didn't work because of network size. I'm afraid our only alternative is to organize all our really cool stuff on Signal and get 'em with FOMO.
This sequence of exposes and revelations doesn't speak to Facebook's credibility. It would be one thing if it was just the incidents surrounding the 2016 elections, but the pattern in all these news reports seems to be that Facebook's design doesn't simply doesn't respect its users.
Too many features and plugins Facebook has seem to be leaky in some respect. Messanger does not use default end-to-end encryption for whatever mysterious reason. If Facebook owns the endpoints, it can just as easily obtain the data for themselves before encrypting and submitting the message if it were enabled anyway.
How could I have any faith Facebook doesn't collect messages intended to be sent in confidence if collecting them suits Facebook's purposes?
I'm not sure however if Facebook's sketchiness is intentional or not. We have few examples of companies that were early movers in the inception days of the modern internet. And the decisions made early on prefigured everything that was to come.
At this time I would look to other others for inspiration about the correct way to make use of a data jackpot. Facebook's own totally unrestricted laissez-faire mentality in the relentless pursuit and utilization of its data is undermining itself.
In all seriousness, if companies actually had to pay for your data, suddenly their business models would flip and you would find that we would go from being the products to being the customers.
>will you keep using their products regardless of the unseen costs you rack up?
Honest answer: my purchasing/social network data is worth extremely little to me, so I don't care who has it. And I don't have a problem with advertising; I prefer to allocate responsibility to individuals for their own decisions, so if somebody is influenced by an advertisement, if anybody is to be faulted then it's themselves, not the advertisement/advertiser.
I can't think of any concrete red-line that Facebook could cross. I've never been a techno-utopian, and the Snowden leaks were the catalyst that drove me to learn programming.
I recall being in my early teens, when I went to create my (first) Facebook account. I mentioned it to my dad. He explicitly told me that whatever I did on Facebook would go to their servers, that whatever reached their servers was theirs, and that they would do whatever they wanted with that data regardless of whether you agreed to it or not. The whole reason I gave up and made an account was because my friends had already given the app their contact list, and the service already had my phone number.
From day one I've treated online services like amoral, dangerous animals, and so far nothing these organizations have done has especially shocked me, though I have been impressed or surprised on occasion. My mantra is generally 'if I or the NSA could imagine it, private industry will attempt it'.
I still get a lot of value out of my Facebook account. Facebook pages are a gateway to niche interest groups, social trends, and the political fringes that would otherwise be inaccessible to outsiders. Seeing the ads Facebook puts in my feed helps me to calibrate my mental model of how I'm being observed, who's sharing data with who, and how online services perceive me (I typically use ad-block, and only occasionally close it to check my ads).
If I want to contact someone I've only met in passing, keep up with family and political bubbles, or do a bit of background investigation, Facebook's there for me.
Accessing the service requires a bit of a faustian bargain. But by the time I joined, the country had already made it on my behalf, so I opted to reap the benefits of that bargain rather than just being social collateral.
Facebook could scare me off the way Google Search did - by sanitizing its content feed to the degree Google's sanitized its search. But I'd still use Messenger, and any other useful service they come up with.
But otherwise it'd have to become obsolete in the same way as MySpace.
Yep. I've never put any kind of personal information on FB aside from a profile picture and a name. My profile has otherwise been blank for the past 10 years. I've never liked any pages or products or left any meaningful comments that reveal anything of importance. Today, I block all of their ads and scripts (I haven't seen an ad on Facebook for the past 10 years). I've never shared my contact book as annoying as they make the popup in Instagram. Facebook has gained nothing from me directly. Others might argue they've gained more information than I could know from the people I choose to associate with, but I can't really control that.
Today, I use Facebook because it's useful for connecting with people I just met, long lost friends, and because Messenger is the most convenient messaging app out there. Instagram is a great app that I enjoy using and will continue to use (also anecdotal, but I've never seen an ad in Instagram either. I guess I must not follow enough people?)
Realistically, the only way I stop using FB's services is if they start charging for them. That's my personal red line, just because I'm too lazy to pay and I figure most of my friends will be, too, so they'll just move on to the next big thing.
For general queries, I use Searx.me. Occasionally I'll use Google if Searx is down, or I need technical information that I need search operators for.
For current events, I use Searx, Bing, Yandex, Yahoo, and Baidu (if I'm really digging). I don't trust any one provider on politically sensitive topics, and the the order/kinds of the results can occasionally carry as much signal as the the content of them.
I'm not conspiracy mongering, though. I merely think of search algorithms as extensions of the contexts in-which they're designed, and are more likely to represent the interests of their creators than my search for knowledge.
Hardly. I use multiple search engines specifically because I lack trust.
While I'm more than likely to take the papers of record at their words, I've known more than enough police officers, journalists, and armchair philosophers to know that consciously or not, individual biases can color the processing and presentation of information.
Details that may seem obvious or superfluous through one lens may not be to another.
Only by extracting perspectives and datapoints from each source I access, can I confidently say that I have a reasonable understanding of the progression of any given event, as well as the metanarratives surrounding it.
Depending on the topic at hand, omission from one search engine can be as damning as the inclusion of propaganda in another.
The obsession with reputability is why I abandoned Google. In narrowing the array of sources the search engine surfaced in the hopes of protecting the average user from misinformation, it narrowed access to fringe sources of knowledge, which although unreliable can be a goldmine of supplemental information.
Say what you will of Baidu and Yandex, if you know a bit about their nation's leadership and international policies, you can guess their biases and can guess how they'll adjust what you see. That's useful. American companies can be much less predictable.
Just so. Also, though the western spooks can probably see some of the encrypted traffic through to those companies, if you send it to google or bing, they can see all of it.
And yes, you should be afraid of western spooks if you live in a western country. I wouldn't have said that 10 years ago.
My account is currently suspended, pending me uploading identification papers to prove I am who I say I am - this despite the fact that my account was originally verified against university records back in 2007 when it was only open to verified university graduates ...
It feels like a red line ... I'm mulling over various options including just letting it go.
It seems like a bad idea for them since I'm one of the few people I know in my circle of friends that's still active and posting ...
I don't really care if FB sells my information to advertisers, so they can market products to me more effectively.
I don't care if FB co-operates with other companies in order to suggest friends to me.
FB adds a lot of value to my life (messaging & finding out about events).
What I truly dislike about FB is that it creates information bubbles, so people are never exposed to viewpoints outside of their own. Also FB doesn't regulate false information/alt-right propaganda enough.
Obviously, I would prefer if FB didn't sell my data, but at the end of the day it doesn't impact me at all.
That being said, if I ever become an important figure who is running a business that is competing with Facebook in some way, then I'll be sure not to use their service.
My surprise is not that Facebook did this, but that developers within Facebook built this privacy violating ecosystem without question or publicly voiced concern.
You guys sold your family and friends out for RSUs.
What this seems to boil down to is a side channel for certain partners with looser technical controls but tighter monitoring of misuse, and no evidence that that tradeoff actually resulted in any misuse that couldn't have occurred through normal data access channels.
It also sounds like access to certain APIs was much more limited than the NYT article implied:
> When you hear things like read/write access that access was only granted when the user gave permission. For example, if you share a Netflix link to messenger, the post is coming from Netflix.
> If you're sharing using messenger, you're able to search who you're sharing with through Netflix. If you then delete the message within Netflix, it would delete on Facebook. Very similar to using Tweetdeck for Twitter - same permissions
It's not a matter of whether I trust them. It's a matter of whether any misuse of data actually occurred, or whether this is a lot of innuendo with no evidence that any harm was, or even could be, done.
It’s crazy that there ever is/was an endpoint to read a user’s private messages. What exactly would ever be a good use case for that where a user would knowingly agree to it.
Here’s one: I used to work for a company that made social media compliance software for financial companies. Agents/brokers/salespeople had to connect their FB accounts and agree to have their PMs monitored so the compliance department their home companies could monitor what they said. This was so the companies wouldn’t fall afoul of FINRA/SEC/etc.
IIRC, we could see the agrnt’s half of the exchange only, and they were certainly informed of exactly what was going on. The software did other things, too, such as being able to post approved content on their behalf, but this was a core function. Their alternative was to not be able to use Facebook at all.
204 comments
[ 4.7 ms ] story [ 175 ms ] thread> The Times also reviewed more than 270 pages of Facebook's internal documents and performed technical tests and analysis to monitor what information was being passed between Facebook and partner devices and websites.
> The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
The records the New York Times reviewed were "generated in 2017" and "some were still in effect this year." That means not only did these agreements cross through Facebook's representations to various governments, they also overlap with GDPR.
Looked like |______|.
Then one day, no more. So odd.
Both Facebook and Google were hit with GDPR-related lawsuits since the first day of GDPR enforcement.
Companies are being sued left and right by privacy advocates and by "ambulance chasers".
Which is great IMO, I hope Facebook gets at least a big fine for this.
> The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
This information contrasts with a statement Facebook provided in 2018, stating that such data sharing partnerships ended at the end of 2015. That statement itself was correcting an earlier statement stating that such access had ended even earlier.
From https://www.nbcnews.com/tech/tech-news/facebook-shared-user-...:
> Facebook shared personal information culled from its users' profiles with other companies after the date when executives have said the social network prevented third-party developers from gaining access to the data, the company confirmed Friday.
> The companies had access to the data during a stretch of time in 2015 after Facebook had locked out most developers who build apps that work on its social network. Facebook gave select "whitelisted" companies extensions before they were also blocked from getting its users' personal information.
> Those extensions expired before the end of 2015, Facebook said. The company believes the previously unreported extensions with a select group of companies is consistent with previous statements that Facebook CEO Mark Zuckerberg has made, including in testimony to Congress, about shielding its 2.2 billion users' personal information from third parties since 2015.
> "Any new 'deals', as the Journal describes them, involved people's ability to share their broader friends' lists — not their friends' private information like photos or interests," Ime Archibong, Facebook's vice president of product partnerships, said in a written statement.
The feature, introduced in 2008, continues even though some Facebook users have objected to it, unsettled by its knowledge of their real-world relationships. Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.
Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest more connections, the records show.”
Well, that explains some of the conspiracy-mongering that was so rampant around this feature. Facebook (probably) wasn’t secretly recording your phone calls etc. They didn’t need to - they were getting streams of data from other partners.
“Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread”
Uhhhh, excuse me?
There's a settlement out there for anyone with a Facebook account who was turned down for a loan by RBC. No chance RBC wants its dirty laundry aired in a Fair Housing suit.
With every single one of these companies I am...baffled, that anyone thought this was a good idea, but in this situation especially it makes zero sense. All that liability for what possible upside?
We could only access the private message history containing the conversations we had had with the individual, nothing else.
You think people care about their personal data, you should see what type of information they provide through private messaging platforms. Including through public posts, it's shocking.
Not sure why the others needed it
https://www.theverge.com/2017/8/14/16143354/facebook-messeng...
At this point it’s hard to dispute that at Facebook “private” is synonymous with “public” for most practical purposes.
You give permission for those and the data accessed is often not public. There are degrees of privacy - what you're trying to do make up your own definition of 'public' and then have message board fights about it. It's not really a sensible position, let alone interesting conversation.
This is actually a fair criticism. I don't know why you're being downvoted for it.
I'm not sure this was always the case with Facebook though. Let's say my friend John gives RBC access to his messages and I message him asking to loan me $50 because I'm struggling with money. Down the road if I apply for a loan from RBC they now have access to my "private" message, without my permission and can ostensibly then use that information when determining my creditworthiness. All without my knowledge or consent.
If so, the New York Times is throwing shade on Facebook basically for not being enough of a walled garden. I hope their journalists are not that confused?
Oh hey, would you look at that: https://www.theverge.com/2017/8/14/16143354/facebook-messeng...
I wonder if the delete permission was by accident or whether these companies were actively deleting private messages - craziness.
They've clamped down repeatedly on how much data comes out of the API - you used to get full info on friends, then just their names and IDs, then that list wound up filtered to just other friends who'd authorized the same app.
It used to be extremely wide-open.
Address book import and triangle closing drives the most PYMK features across every social network. It's a gold mine, and that's why everything wants it.
They are the bad guys. They didn’t need to steal Android phone logs either, but they did.
On Instagram last weekend I and a friend were shown a number of ads for Chandon sparking wine after I bought a bottle, and someone else at the party also did and we talked about it.
Both of us insist we didn't google sparkling wine, Chandon, or anything we think relevant... it really does on the face of it appear Facebook had listened to us.
Also surely advertising the same wine I just bought to me is... dodgy ROI at best?
It'll remain a mystery forever.
It could have been that she then searched for a charger and being a small company we all shared an external IP address, that we also shared the ads... or it could have been that spy software on my phone had sold our conversation to advertisers. Either way, mic privileges were locked down and ad and tracker blocking efforts doubled after that.
If you ever get in a car accident in the United States don't be surprised to get mail the very next day from accident insurance attorneys because you bet every service you use is selling every aspect of your life without your explicit knowledge or consent. Every time you use a credit card to purchase something that information is sold to a network larger than you can imagine, who will in turn sell it to their network. Your geographical location is sold by your cellphone provider whether you realize it or not and whether you think you have GPS tracking turned off. If you have a SIM card that's tied to you as an individual, it's being sold.
Here's just one example: https://www.washingtonpost.com/news/the-switch/wp/2018/06/19...
Notice how the keyword is "suspend"? I don't doubt that they've quietly resumed the practice. In fact, I bet all of these companies and service providers are overjoyed right now that the media is so focused on FB to care about all of the shady shit they're doing on a daily basis.
I'd rather not have any of my data shared, of course, but if I had to pick and choose between my health insurance being sold and versus what TV shows I liked on FB, I'll take the TV shows any day.
A far more probable and less exciting explanation is that your credit card provider (or the store you bought the wine from) is selling your information and Facebook happens to be one of the buyers.
Furthermore, people grossly overestimate how unique they are. At any given point in time you're a target market for millions of products, you just don't notice the ads for the ones you don't buy. Just because there's a correlation doesn't mean you were singled out as an individual.
"On May 14, 2014, Acxiom announced that it had acquired LiveRamp, a data onboarding company, for $310 million. LiveRamp was founded in 2011 as a spinout of RapLeaf, a marketing data and software company founded in San Francisco, California in 2005 by Auren Hoffman and Manish Shah.
In May[2017], LiveRamp announced a consortium formed with two other ad tech companies, AppNexus and MediaMath, to compete with Facebook and Google in the area of programmatic advertising, the term used to refer to the use of automation software to buy advertising.
In 2016, LiveRamp acquired two data and identity-matching startups, Arbor and Circulate, for more than $140 million combined. The company also announced the launch of IdentityLink, a method of anonymizing consumer's identities as they are tracked across multiple platforms.
In February 2018, Acxiom announced a reorganization from three divisions into two - a Marketing Solutions group and its LiveRamp business. In May, the company announced international expansion into Brazil, Netherlands and Italy, and released Global Data Navigator (GDN), a portal for identifying available data elements by country. In June 2018, Consumer research firm GfK MRI has partnered with Acxiom."
https://en.wikipedia.org/wiki/LiveRamp#2010s
You may have brought it online in which case almost certainly there was a FB tracking pixel fired back from the e-commerce website to signal that you did. On the other hand if you bought from an offline store and swiped a loyalty card while doing so, your transaction might have been uploaded to create a custom audience. If you paid by your phone or have your loyalty app on your phone this becomes even easier - convenient offline to online matching is the only reason loyalty program apps are pushed.
Finally, even if you didn't do any if these and the other person did, if you both connected to the WiFi at the party and checked FB (or better still you added the other person as a friend), the shared IP address between your devices is enough of a signal to begin connectings.
It's quite possible that, even at a company that has done some bad things, other things have a more innocent explanation.
In Canada, the only way method for P2P money transfer is through a system called Interac, which relies on email addresses. Using Facebook Login + Messenger was a big improvement since it's harder to accidentally send money to the wrong person.
I really wish there was a law requiring real disclosure of such customer/user-data sharing agreements with enough detail to know what's actually happening. The disclosures should include things like schemas, example records, and reasonable names for data receiptients (e.g. Amazon Inc., not Sunshine Data Brokers II Inc., an unacknowledged subsidiary of Amazon).
There's no way to make an informed choice about using a particular service or dealing with a particular company without that.
Geez, and I thought I was annoyed with mere former bosses showing up who I didn't part on good terms with
So yes, it is anti-competitive for Facebook to block access against the explicit wishes of its users. But it’s also despicable to sell user data to whomever without asking permission first. It’s pretty obvious from Facebook’s actions that they consider it their data, not your data.
Facebook still hasn't fully come clean because they knew they were doing unsavory activities and just wanted to not get caught and keep getting away with it.
If you were the CIA, wouldn’t you work on protecting/ preventing such people from having a trial?
1. https://www.theonion.com/cias-facebook-program-dramatically-...
If you have to make assumption, let me make another data supported assumption, Zuck is Ashkenazi Jew, statistically he's got probability of having more IQ than a person belonging to some other ethinic group.
/sarcasm
Anyways, what makes you think he's not smart?
The infiltration of the ivy league by the CIA makes it very possible that Facebook itself is a direct asset of US national intelligence services. Zuck would never be able to stand up to that kind of pressure.
What does this even mean? I can't imagine many more wasteful uses of government revenue than approaching dull undergraduates and coercing them into starting clandestine programs that prey on their peers.
If you'd please read https://news.ycombinator.com/newsguidelines.html and use this site as intended from now on, we'd appreciate it.
Because watching Zuckerberg played by someone else in a dramatized Hollywood film is a great way to tell if he is smart.
The movie is correct potryal of his character.
"If you owe the bank a million dollars, the bank owns you. If you owe the bank a billion dollars, you own the bank."
Preferably multiple life sentences to ensure he can never get out or create another monstrosity like FB. Also get laws created/strengthened against such repeat abusers of people.
There should be a CFAA for personal information.
"and gave Netflix and Spotify the ability to read Facebook users’ private messages"
When I watched 21 on Netflix, Facebook Messenger on my phone suggested to play blackjack, literally the hour after.
Time to pay the piper!
Wow, this seems like yet another contortion to get out of asking the user what they want.
He's lied to Congress. He's lied to half of Europe. (Or blown them off.) He's knowingly directed the violation of a federal consent decree and several EU directives. He presides over a platform profiting from mass atrocities in multiple countries.
There's plenty to go after him with. The only things protecting him are his standing and lack of unexpected criminality.
The rules for you and I are not the same rules for Zuckerberg or Clapper.
I wouldn't conduct anything on it that you'd care to keep secret, though.
One wonders at Facebook's very passive strategy here. They're not controlling the narrative at all, and we're reading a fresh bit of bad news almost every day.
Facebook is as bad or worse a company as its strongest critics suggest. There's not some dump of bad news, there's horrific practices everywhere you look, so every investigation uncovers more bad stuff since it's the norm for the company rather than the exception…
I don't think it is intentional but rather a function of most employees being in a weird corporate "filter bubble" with extra strong cool-aid being served on the daily.
Wow...that’s scary
Deleted my Instagram three weeks back because my feed was 1 ad for every 3 posts. Haven't missed it.
If I could only get rid of Whatsapp, I would never need to use anything from this awful company
Although I tried getting one friend to switch today, didn't work because of network size. I'm afraid our only alternative is to organize all our really cool stuff on Signal and get 'em with FOMO.
If only there were some means for people to use whatever apps they liked and for these to communicate with each other.
My family was easy. No pics of my daughter on any social network. "Y'all want pics? install Signal. If I catch you posting on FB, you're cut off"
Once mom installed Signal, the rest followed.
As to my friends, the ones I actually care for are privacy freaks like me - although they're not techies - and understood its importance.
Too many features and plugins Facebook has seem to be leaky in some respect. Messanger does not use default end-to-end encryption for whatever mysterious reason. If Facebook owns the endpoints, it can just as easily obtain the data for themselves before encrypting and submitting the message if it were enabled anyway.
How could I have any faith Facebook doesn't collect messages intended to be sent in confidence if collecting them suits Facebook's purposes?
I'm not sure however if Facebook's sketchiness is intentional or not. We have few examples of companies that were early movers in the inception days of the modern internet. And the decisions made early on prefigured everything that was to come.
At this time I would look to other others for inspiration about the correct way to make use of a data jackpot. Facebook's own totally unrestricted laissez-faire mentality in the relentless pursuit and utilization of its data is undermining itself.
If not, what the hell are they paying top-of-industry salaries for?
Maybe that's not fair, but I just assume that very little in the form of corporate regulation is on the table right now.
is there something so bad that fb could do that would get you to stop? If so, what is it? Where is your red line?
Or absent an alternative with fb's network effects, will you keep using their products regardless of the unseen costs you rack up?
In all seriousness, if companies actually had to pay for your data, suddenly their business models would flip and you would find that we would go from being the products to being the customers.
Honest answer: my purchasing/social network data is worth extremely little to me, so I don't care who has it. And I don't have a problem with advertising; I prefer to allocate responsibility to individuals for their own decisions, so if somebody is influenced by an advertisement, if anybody is to be faulted then it's themselves, not the advertisement/advertiser.
I recall being in my early teens, when I went to create my (first) Facebook account. I mentioned it to my dad. He explicitly told me that whatever I did on Facebook would go to their servers, that whatever reached their servers was theirs, and that they would do whatever they wanted with that data regardless of whether you agreed to it or not. The whole reason I gave up and made an account was because my friends had already given the app their contact list, and the service already had my phone number.
From day one I've treated online services like amoral, dangerous animals, and so far nothing these organizations have done has especially shocked me, though I have been impressed or surprised on occasion. My mantra is generally 'if I or the NSA could imagine it, private industry will attempt it'.
I still get a lot of value out of my Facebook account. Facebook pages are a gateway to niche interest groups, social trends, and the political fringes that would otherwise be inaccessible to outsiders. Seeing the ads Facebook puts in my feed helps me to calibrate my mental model of how I'm being observed, who's sharing data with who, and how online services perceive me (I typically use ad-block, and only occasionally close it to check my ads).
If I want to contact someone I've only met in passing, keep up with family and political bubbles, or do a bit of background investigation, Facebook's there for me.
Accessing the service requires a bit of a faustian bargain. But by the time I joined, the country had already made it on my behalf, so I opted to reap the benefits of that bargain rather than just being social collateral.
Facebook could scare me off the way Google Search did - by sanitizing its content feed to the degree Google's sanitized its search. But I'd still use Messenger, and any other useful service they come up with.
But otherwise it'd have to become obsolete in the same way as MySpace.
Today, I use Facebook because it's useful for connecting with people I just met, long lost friends, and because Messenger is the most convenient messaging app out there. Instagram is a great app that I enjoy using and will continue to use (also anecdotal, but I've never seen an ad in Instagram either. I guess I must not follow enough people?)
Realistically, the only way I stop using FB's services is if they start charging for them. That's my personal red line, just because I'm too lazy to pay and I figure most of my friends will be, too, so they'll just move on to the next big thing.
For current events, I use Searx, Bing, Yandex, Yahoo, and Baidu (if I'm really digging). I don't trust any one provider on politically sensitive topics, and the the order/kinds of the results can occasionally carry as much signal as the the content of them.
I'm not conspiracy mongering, though. I merely think of search algorithms as extensions of the contexts in-which they're designed, and are more likely to represent the interests of their creators than my search for knowledge.
While I'm more than likely to take the papers of record at their words, I've known more than enough police officers, journalists, and armchair philosophers to know that consciously or not, individual biases can color the processing and presentation of information.
Details that may seem obvious or superfluous through one lens may not be to another.
Only by extracting perspectives and datapoints from each source I access, can I confidently say that I have a reasonable understanding of the progression of any given event, as well as the metanarratives surrounding it.
Depending on the topic at hand, omission from one search engine can be as damning as the inclusion of propaganda in another.
The obsession with reputability is why I abandoned Google. In narrowing the array of sources the search engine surfaced in the hopes of protecting the average user from misinformation, it narrowed access to fringe sources of knowledge, which although unreliable can be a goldmine of supplemental information.
Say what you will of Baidu and Yandex, if you know a bit about their nation's leadership and international policies, you can guess their biases and can guess how they'll adjust what you see. That's useful. American companies can be much less predictable.
And yes, you should be afraid of western spooks if you live in a western country. I wouldn't have said that 10 years ago.
“The central television’s family name is the party” - a real actual quote from an actual "media" organization:
https://www.theguardian.com/world/2016/feb/19/xi-jinping-tou...
It feels like a red line ... I'm mulling over various options including just letting it go.
It seems like a bad idea for them since I'm one of the few people I know in my circle of friends that's still active and posting ...
I don't really care if FB sells my information to advertisers, so they can market products to me more effectively.
I don't care if FB co-operates with other companies in order to suggest friends to me.
FB adds a lot of value to my life (messaging & finding out about events).
What I truly dislike about FB is that it creates information bubbles, so people are never exposed to viewpoints outside of their own. Also FB doesn't regulate false information/alt-right propaganda enough.
Obviously, I would prefer if FB didn't sell my data, but at the end of the day it doesn't impact me at all.
That being said, if I ever become an important figure who is running a business that is competing with Facebook in some way, then I'll be sure not to use their service.
You guys sold your family and friends out for RSUs.
I don’t mean server to client. I mean clients have the keys and only the clients.
Why are we relying on third parties to pretty please enforce access control?
https://twitter.com/_mades/status/1075228269845336064
What this seems to boil down to is a side channel for certain partners with looser technical controls but tighter monitoring of misuse, and no evidence that that tradeoff actually resulted in any misuse that couldn't have occurred through normal data access channels.
> When you hear things like read/write access that access was only granted when the user gave permission. For example, if you share a Netflix link to messenger, the post is coming from Netflix.
> If you're sharing using messenger, you're able to search who you're sharing with through Netflix. If you then delete the message within Netflix, it would delete on Facebook. Very similar to using Tweetdeck for Twitter - same permissions
C. F. email.
IIRC, we could see the agrnt’s half of the exchange only, and they were certainly informed of exactly what was going on. The software did other things, too, such as being able to post approved content on their behalf, but this was a core function. Their alternative was to not be able to use Facebook at all.