I probably wouldn't be amongst the first in line for any 'tool' facebook would be offering to completely own your data. I feel as if there would be something that would be underpinning the tool which would make in itself useless.
Yeah, like the "delete your account" option. It's hard to find (disabling is easy to find, but also completely reversible, so useless), and I'm sure it doesn't actually delete anything, but it made me feel better than just leaving my Facebook account active/disabled. I didn't have much of value there anyway.
I would love more transparency here, but we're not getting that without government intervention, and that's unlikely to come anytime soon (and what gets passed may be worse than the current situation).
A few days ago my fiancée asked me to delete her Instagram profile. There's no user friendly way to do it. You have to go to help.instagram.com or search Google to find the link.
> I would love more transparency here, but we're not getting that without government intervention, and that's unlikely to come anytime soon (and what gets passed may be worse than the current situation).
The GDPR (General Data Privacy Regulation -- an EU regulation that came into force last year) provides for this and has potentially very large fines to back up the regulation. Obviously it only applies to EU residents (or businesses) but I've heard that California is getting their own version of GDPR -- though I haven't looked into it. Facebook implemented the "delete your account" option that actually works in response to this, as well as giving explicit and opt-in consent to whatever tracking they use.
The only way to clear history with Facebook is to create no history to begin with.
If you want to "clear" history to delude yourself that revenant Facebook information is gone (or at least make it difficult to obtain from your own account), there's plenty of options for that.
Well I am in europe so we have GDPR and I have deleted my account in january, waited the (non-optional) month without logging in to confirm I want to be gone. I will now request the information they still might have. That will be fun.
We promised a history tool and have not delivered it. We are deeply sorry. We founded Facebook to connect the world and facilitate relationships. We remain committed to doing things.
They really like to do the BP oil spill apology approach, it's getting old though. You can only continuously say sorry so many times before people get sick of hearing it.
You'd be absolutely right. Here are two statements for comparison . They're similar in context: both were published after a major crisis, during the pressure from the legislators, but before they actually talked to the lawmakers:
Even though the BP one is substantially more detailed, at least I've read it completely. I've skimmed over several paragraphs in the Zuckerberg's statement because they essentially say nothing.
Some part of it can be blamed on the medium itself, since Zuckerberg couldn't post links, subsections, nor visually-distinguishable lists in a fucking Facebook status.
The vast majority of the user base that they care about doesn't even know there's anything to say sorry for. If you would use this tool, you're worth much less to them anyway.
addendum: If this bothers you, I would strongly recommend just jumping ship now. There's almost no incentive for them to change and no sign of one on the horizon. If you're not getting enough value from them right now to accept the data they keep on you, you'll be happier just giving up and moving on early.
My point is to stop holding your breath that Zuck is going to be the one to do anything for you. Do you think that's any less true if you don't even use his service?
What’s getting older is Americans obsessed with privatizing every little aspect of their lives to the most dishonest greed-obsessed person in line, then complaining when those aspects of their lives, deprived of all democratic intention, are ruled by the sudden wims and wills of various dictators.
When Facebook releases a tool to clear your history, how will you know it’s really cleared? It will probably work as well as these instructions you can already use to remove your digital fingerprint from Facebook and several other sites: https://youtube.com/watch?v=oHg5SJYRHA0
As someone else said, if you're in Europe you can send a subject access request after sending the deletion request.
That will tell you what data they still have about you.
You can't _know_ they've deleted everything if the subject access request comes back empty, but it puts then in the position of having to actively break the law to lie about whether they've deleted your data.
It's clearly not a priority. Such a tool was a nice rhetorical device to deflect some heat during the congressional hearings, but there's no way to monetize it or use it to "increase engagement" so it's languishing in some Facebook backwater. I think it was naive to think that it would turn out otherwise.
And to be clear, I'm not saying that Facebook has necessarily been malicious or lied. It's just that a product manager faced with the choice to prioritize this vs. some new engagement enhancing widget is going to pick the widget every time unless there's constant pressure from above.
Edit: This is why legislation is required. So privacy issues can't be ignored simply because they don't contribute to the bottom line.
In the all hands meetings they would talk so much about establishing or re-establishing trust, and I always wondered why they don’t just have a “clear everything from high school and college” option. People would _love_ that option, and it would make so many more people comfortable with using the platform again.
A few months ago I went through and deleted all of my Facebook content from 2005 through 2010, except for a few pictures. It took 5+ hours to delete each item individually. A tool to assist this would be very helpful! I’m sure I’m not the only one who wrote a lot of stupid posts and uploaded a lot of embarrassing (and some slightly incriminating) photos to Facebook in college that they don’t want saved forever.
I did the same thing, and yet every couple of years some of those deleted items reappear on the news feed of my second account that I only use to double-check my privacy settings.
It's an European account and I'm wondering if only marking the content as deleted, instead of actually deleting it, violates the GDPR.
Can you report that to the privacy regulator in your European country? The "mark as deleted" versus actual deletion is an important distinction. I can't do anything as a non-European...
I was planning on looking into how to best document it the next time it happens, and whom exactly to report it to (i.e. the national or European data protection authority). Not sure if there is anything else I could do.
There is a great interview with him that was recorded a couple days ago where he talks about the status of the history tool: https://youtu.be/WGchhsKhG-A
* They're still working on Clear History, and think it is worth implementing (Zuckerberg is the one who introduces the topic–the interviewer hasn't asked him about it). It's important that users have a tool like this, even if it makes their experience "worse" (i.e. less personalized).
* Clear History is nontrivial to implement, because Facebook was not built with this functionality in mind. And they want a user interface that is more capable than just a single "delete everything" button, because their research has shown that users frequently want to clear only certain aspects of their data (e.g. data shared to a specific service or app via Facebook), so this adds complexity.
* (In the context of a Facebook subscription service, which they were discussing before Zuckerberg mentioned the Clear History tool)–having Clear History is a prereq for any sort of subscription service, but they want Clear History (and all privacy controls) accessible to all users, not as a privilege for certain users.
No, you have to either make a fake account or get a friend to show you their view when you temporarily unfriend them. If your profile is moderately locked down you can't view much if you're logged out completely. So there's no good way to quickly see everything about you that's visible to anyone on Facebook.
This is why it took Microsoft 20 years to write 'runas.' Privilege elevation is easy, privilege-shedding is hard, and probably magnitudes more difficult when the OS didn't grow up with it like Unix has.
I think "big data" companies realized that people simply were unaware of the extent of the tracking and showing them how much they're being tracked would make for terrible PR, potentially much worse than any publicized data leak. It turns the tracking from some abstract concept into a very tangible list of actions being recorded potentially forever.
I'm sure we all knew Spotify tracked us but seeing how much they track is pretty crazy to me even though I'm pretty sensitized to these privacy issues.
I expect that a full dump from Facebook would be at least as verbose if not more. I don't think they want the users to see how the sausage is made.
This gets me wondering. What kind of incident would be required to provoke public outrage over Facebook? Something that would bring public awareness re their data collection policies? Or is Facebook Just Too Big To Fail™ anymore?
Massive public attention has already been brought to Facebook and its policies. If the public isn't as outraged as you expect them to be, that's because they don't think Facebook's data collection is a big deal, not because they're somehow unaware.
> If the public isn't as outraged as you expect them to be, that's because they don't think Facebook's data collection is a big deal, not because they're somehow unaware.
No, the public who's aware isn't outraged because they don't think there's anything they can do to stop this. Resignation is very different from thinking it's "[not] a big deal."
Pardon my ignorance here, never worked on this kinda program before, but isn't is actually hard on complex databases like Facebook to actually remove data, better just to mark it as unviewable?
It's not just complex databases, but any database that uses indexes (basically any production database).
Deleting a record from a table can cause a re-index, which is very intensive. It's much easier to flag a column in a record as "deleted" or whatever, and then run a cleanup during off-peak hours.
I'm sure there are clever ways around that with proper knowledgeable DBAs on your team, but as I'm a web dev for smaller audience projects, I don't touch solutions that require those types of optimizations that I'm sure Facebook has implemented.
I'm sure there's some technical reason they could come up with, but to me, that's admitting they didn't design the database with that use-case in mind.
Disclaimer: Have no experience with databases at that scale so maybe this isn't entirely unreasonable.
My biggest issue with metrics and general "data" focus, is that it's incredibly hard to generate data about goodwill. eg we can prove that call to cancel reduces cancelations by 20%, but we have no way to measure how many customers now hate your company and tell their friends never to use your company, how many people would have returned but now won't, how many people just cancel 3 months later.
In Facebook's case, we know they're seeing huge hits in active, engaged users, but their whole metrics ecosystem is built to optimize micro-engagement. Taken as a whole, those micro-optimizations are killing goodwill and turning off users, but it's much harder to measure that.
So many decisions are made because variant b "won", without any discussion of the layers upon layers of factors that aren't easy to measure.
FB won't change unless major advertisers do. And even then, there are plenty of fly-by-night companies selling utter garbage (think tshirts/hoodies with dynamically generated text labels) that will continue to find customers on the platform because of FB's targeting ability.
I hate to say it, but it's probably too late anyway. FB has billions in the bank and are likely working on much bigger-picture projects with their surveillance tech. Why bother with a B2C product that brings tons of PR grief when you can enter billion-dollar contracts with militaries and governments where secrecy is the default MO?
The Recode article in December touched an important point about the name "Clear History" [0]
> There’s a reason that Clear History isn’t called “Delete History”: Using the feature will disassociate browsing data that Facebook collects from your specific account but it won’t be erased from Facebook’s servers completely, Baser said. Instead it’s just “de-identified,” which means it’s stored by Facebook but no longer tied to the user who created it.
Can I propose that we start on a "noise" tool/browser plugin for these suveillance captialism companies? Not only would this be very interesting to implement it woud help to mess up their profitability by training the algorithm in arbitrary stuff that no-one is interested in.
It seems more sensible than trying to block them - instead give them loads of bad data ruining their business model?
For instance you could pick which set of noise you wanted to feed Google i.e. convince Google you are single mother from Lithuania... or Facebook you're a 63 year old man from Italy or Instagram you are a Teenager from Korea.
Every time a tracker or data point is sent to them to "know" you it could be a lie. This would lead you out of your search bubble too so political ads by Russians being bought to undermine Hillary's black vote might be more clear to everyone.
Trusting Facebook or Google to do the right thing against their financial interest won't work will it.
Might be fun. This would be similar to what recording industry did on P2P sites. At first it was easy to get what you were looking for. Then it got saturated with garbage.
I barely noticed it back in the day too. I had a friend who was into piracy quite a bit more who complained about getting the wrong movie or getting the wrong mp3s.
I don't know if I ran into that issue, but I wasn't really downloading a lot of mainstream stuff compared to him either.
I recall the P2P sabotage efforts being pretty feeble. I particularly recall Madonna's record company having an album labled as her most recent album shared on KaZaa that was actually just a bunch of mp3s of her saying "What the fuck do you think you're doing!?". Funny stuff.
I remember that! From around 2001-2003, a good chunk of the Top 40 tunes found on file sharing networks would be one verse, looped over and over so the MP3 duration was equal to that of the actual song.
This worked best on mainstream P2P clients like Limewire, Kazaa, Ares (all based on Gnutella I think), because the fake MP3s would propagate more widely.
It didn't work as well (or at all), on relatively obscure, community-based networks like Slsk, where people were more likely to share entire albums, and not just the singles.
I've been thinking about this as well, after using a manual version of this strategy. Might still implement it one day.
That said, it's pretty hard. It's not entirely clear which data points Facebook uses, but it's very likely you can't influence all of them. For example, friends adding you as contacts, or linking your profile to your phone number. If you also want to continue using it as normal, your normal usage will still give a lot of data about what you view; what you interact with; when you use it; that might stand out from the random stuff - and if you don't want to continue using it as usual, the extension will have to visit the website by itself, without interfering with your regular browsing activity, and without relying on your computer being on.
I also think that if something like this would get big enough to actually impact the quality of their algorithms, it'd be pretty easy for Facebook to detect abnormal activity.
(And of course, it's not even that much of a problem if the algorithm screws up more often, as long as advertisers believe it's accurate.)
I've used this for quite some time, and can verify it works on some level. Generally after running it my google now suggested cards on Android are all out of right field and totally irrelevant to anything i'm actually interested in.
They will detect your noise. Then you will end up being one of their "noise client" datapoints, associating you with the actions and behaviors of a person who would pay for privacy and thus they will try to serve you ads according to your behavioural patterns as usual.
I think the goal would be to get a sufficient percentage of the entire internet to generate noise, without having to be aware of it.
In a world where Firefox and Safari were the major internet browsers, this wouldn't actually be that hard since it could be built into those browsers directly and would already align pretty nicely with their respective parent company ethos
Circling back again, the more likely warpath FB would pursue is making FB work very poorly on non-cooperative browsers and excellently on cooperative ones.
Then users will blame the browser for being trash rather than FB.
Is there precedence for this? Are there others that have tried this and have been classified as "noise clients" or are you just surmising ahead of time? You are probably right, but feeding them noise has been on my mind for a long time and I don't see another answer.
Never had FB account. Never will. I saw this on day one. Not using FB is insufficient. Privacy tools are insufficient. Gov't involvement is insufficient. Make them "eat noise." I don't know if it will work, but we're running out of options quickly.
AdNauseum[0] hides all the ads from you, but clicks them in the background to increase noise ratio. As you might assume, it's not available in the Chrome's extension store.
I've used a similar add-on for Google search (the add-on made some human-like Google searches in the background), but I can't remember its name now.
Facebook would be a pointless exercise, since the <div> names are automatically generated. You can't even hide the sidebars you never use using CSS because they'll all change their <div> IDs on refresh. That and the murkiness of what exactly is an ad on Facebook makes even the most thorough adblockers struggling to work properly even in an otherwise-ideal situation (a desktop browser with an adblocker).
> Facebook would be a pointless exercise, since the <div> names are automatically generated.
Also:
> all ads are supposed to contain the word “sponsored” as part of a mandatory disclosure, so users can distinguish between ads and their friends’ posts. Our tool recognized ads by searching for that word. Last year, Facebook added invisible letters to the HTML code of the site. So, to a computer, the word registered as “SpSonSsoSredS.” Later, it also added an invisible “Sponsored” disclosure to posts from your friends.
On top of that, Facebook and I have a different view on what constitutes as an ad.
A Facebook page that I'm following paying money to reach me is an ad according to Facebook. To me, that's extortion.
On the other side, we have notifications about friend suggestions. You can't turn them off in the notification settings. That to me is an "ad" for Facebook itself, even if nobody payed them money. It's an undesired content that pulls my attention away from what I came there to do in order to promote a product.
That would indeed be best and has been the number one complaint about Facebook UX since time immemorial. It would also end one of the most annoying issues on FB's timeline - "I just saw an interesting post, but the timeline randomly refreshed itself and now it's gone".
The model they currently use serves two goals: to extort money from fanpages, and to hook users up by intermittent reinforcement.
Oh yes, very occasionally it's been an ad, or at least mass media output - even when I recall who posted it it's hard to find.
They probably already record every item displayed on screen (and how long for, and whether my cursor hovered it, etc.) so a list of items I saw (on any device) in the chronological order I saw them should just be a simple db lookup away.
Do they need to solve it or do they need to provide me with the tools to help me filter them out?
If you build a cockpit by measuring everyone's dimensions and averaging them, you'll end up with a cockpit that fits nobody[0]. I believe the same is true for feeds as well.
There's an amount of information that works for the average Facebook user. However, none of us are precisely on that average. By building algorithms whose mission is max consumption by the average user, they've made their product useless to everyone.
Honestly, everything this company does is shady beyond all shame.
Twitter keeps fucking around with their timeline feed, but they've preserved a "chronological, show me everything" option through all of their other bad ideas.
Do you hide tweets liked by the people you follow? Shadow notifications? "In case you've missed it" sections?
After a few refreshes of my Twitter homepage in a short time span, I did a little research: I've edited the CSS to make the distinction of "liked" tweets more obvious. Over 50% of "fresh" content turned out to be likes by the people I follow that are in no way chronological.
You can fight it... for now, but I assume not for long. I've stopped relying on Twitter for that same reason I've stopped relying on Facebook.
That's how I refer to all the notifications that I didn't expect and don't need.
As far as I know, there's no universal term for them. Since we already associate darkness with bad UX patterns, "shadow notifications" as a subset of "dark patterns" has a nice ring to it.
So, I can understand those who argue for ad-supported websites, and against ad-blockers.
But can anyone honestly claim that putting an invisible 'sponsored' on non-sponsored posts is ethically OK? Can't we all agree that ads should be readily identifiable as such?
Are they though? Why would they be? Or taking it another way, what moral reasoning justifies making it purposefully difficult for scripts (read: user agents) to identify ads?
BTW. to the extent clearly marking ads/sponsored content is required by law, I wonder whether Facebook could be sued for making this difficult for users with disabilities - after all, accessibility tools like screen readers are scripts and rely on machine-readable metadata.
So here's a different idea. I wish EU would legislate that all 3rd party ads in electronic media need a machine-readable tag constructed in a way that is trivially readable (e.g. <div class='ad'> instead of requiring training a ML model on rendered page to recognize; metadata or a red pixel in the corner on video streams, etc.), and denotes the exact area taken by the ad, or otherwise facilitate its removal. Coupled with GDPR, this would end ad-tracking bullshit by fiat (at least for Europe).
(By 3rd party ads I mean all ads that are advertising anything not directly sold or provided by the owner of the service showing that ad. That's to resolve the immediate objection of whether telling people about new features is an ad or not.)
Man can dream.
EDIT: But this man would also vote for the person pushing for such legislation.
Isn't it just weird that we can't vote for that issue without getting every other issue the person also wants, like why must issues be lumped in to person-bundles. It's just broken.
Personally I'm stuck with voting for "the party not dismantling the NHS who stand a chance of getting in".
Maybe in my kids lifetime we'll get proper PR at the national level (UK).
It's what I find appealing about the concept of "fluid democracy" - the ability to vote on particular issue in isolation. Taking it to the extreme is probably a bad idea, but so is our current way.
This sounds to me like an argument for browsers to stop honoring markup that makes text invisible. Are there legitimate use cases for interspersing invisible zero-width characters in the middle of a word? I don't know what the markup that Facebook uses actually looks like, so I'm not sure how closely it resembles legitimate design patterns.
We've long had the ability to set a minimum font size, but I suspect browser vendors have viewed that purely as an accessibility feature.
(Tangent: I've also been increasingly disappointed that browsers let sites make text unselectable. I understand that there was originally a use case, but I only ever encounter it as an anti-feature these days.)
Yes, there are many such use cases, and it would be impossible to predict what they are (what are you going to do, live word segmentation in the browser with any reliability across all languages in the world?). At the LDC, we do character-based annotation on words, which, since it includes highlighting individual characters, means each character has its own span (this is actually something I've seen done for wildly unrelated reasons on other sites, with spans, divs, etc). I'm sure there are millions of sites doing things like hiding/showing text that's next to other text for a million different reasons.
Can you elaborate on what "the LDC" is, and how broken your site would look if every piece of text you have styled to be invisible were instead shown by the browser?
Breaking up a word into multiple tags is very different from inserting invisible extraneous content into the middle of a word. The latter is what I'm questioning the usefulness of; the former I can see as occasionally useful, but should be avoided when it breaks screen readers and search engines.
Hey, sorry I missed this. LDC is the Linguistic Data Consortium (https://www.ldc.upenn.edu/). Our web annotation tool (internal app) would probably be broken in many places.
Take a modal for example - the text is not visible until the modal is opened. Let's think about menus that display on hover - they wouldn't work. What about tooltips or other sorts of floating label type things? What about other text that only appears on hover, or when some action is performed?
Sure, you could wait to insert these things into the page until the last second, but it would be less performant and complexity would be higher.
If you saw what the web looked like without display: none and visibility: hidden, I think you'd change your mind. There are infinite applications.
>This sounds to me like an argument for browsers to stop honoring markup that makes text invisible
Aside, this reminds me of the brief period of time where "hacking" SEO by pasting huge volumes of keywords in text the same color as the background and/or hidden by other page elements was a relatively common trick. Search engines simply switched to more sophisticated methods of page ranking, I wonder what change could be made remedying this which would be similarly non-disruptive outside the bad actors.
This seems like a solvable problem. Ignore elements that have display: none, visibility: hidden, or opacity: 0. Do fuzzy text matching if you must. If you know that they'll never put just "Sponsored" on the real ads, ignore anytime you find that string.
I have been using this strategy for years. I can't really tell if it works or not, but it makes logical sense.
One issue is that there's data about you that's not generated by you, but by people you know (i.e. John adds me as a contact into their phone along with my birthday and address, Jane friends me on VK and keeps tagging me in pictures that have location data, etc).
I suspect that right now, companies give higher importance to data that you've entered about yourself, but once they realize you're feeding them noise, they can adjust their algorithms to trust other people's data about you (if they're not already doing that), which would significantly decrease the effectiveness of feeding them noise about yourself.
It will still work for all data points about you that can't be collected from other people (like browsing habits, your phone's location, etc)
> they can adjust their algorithms to trust other people's data about you (if they're not already doing that), which would significantly decrease the effectiveness of feeding them noise about yourself.
Maybe some people can inject noise about their friends, instead.
For instance:
1. install the FB app on a phone with an address-book full of garbage and share it with the app,
2. inject fake geotag data in the photos you tag your friends in,
3. put the actual tag on strangers in the background,
4. tag your friends in stock photos, etc.
Some of these you obviously can't do with friends who don't consent, since they may get annoyed by all the fake tags, but others would be transparent to most social media users.
TrackMeNot runs as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles.
Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it's like you suddenly disappeared.
If you don't like Facebook/Google/etc., wouldn't you be better off just not using them rather than spending time trying to hurt them? How will data vandalism make your life better?
You can't meaningfully opt out of Facebook/Google/etc. They're embedded in tons of websites, and your friends will almost certainly give your information to those companies.
You can block trackers pretty easily, or just not visit those websites. You'll probably be a happier person if you just don't visit foo.com than spending any portion of your brief time on Earth trying to trick an ML model into thinking you're a single mother from Lithuania.
Also, if your friend gives someone else information about you, do you expect that you should be able to control it? I'm pretty sure many of the details of my life appear in other people's emails, voicemails, journals, etc. that will never have a "forget me" button.
I'm mainly suggesting that there are lots of ways to improve this situation, from market forces to legislation, and it's sad to see people wasting time on things that won't work.
> You can block trackers pretty easily, or just not visit those websites.
And since they're buying data from non-internet data brokers such as credit card companies, retailers that track you in their stores, etc., blocking the trackers and avoiding the websites doesn't actually stop the spying.
To stop them from spying on you pretty much requires that you stop engaging in large swaths of real-world society.
You can choose to not use Facebook and Google services, and you can use ad/tracker blocking browser plugins, and null their domains in your /etc/hosts file. That would deny about 98% of their activity as far as you are concerned.
You can't really control what your friends are telling them about you though.
Personally, I've just about opted out of the entire internet except for work, email, and a few web sites that I read regularly. The flotsam is just too thick to be worth the bother.
Words are powerful. Normalizing terms like "data vandalism" is the road to being legally required to use FAANG in such a way that maximizes their profitability. Probably not a great idea.
These companies, have systematically penetrated it, completely skewing it in their favor to monetize from us.
Whilst these overlords have undoubtedly helped develop the technological capabilities of the internet as we know it, the internet is no longer free and our human experience on it is manipulated and monetized.
An insidious Trojan horse into our lives and habits.
> If you don't like Facebook/Google/etc., wouldn't you be better off just not using them rather than spending time trying to hurt them?
I don't use Facebook/Google/etc., but they collect data about me without my consent anyway, and there is no way to delete that data or to make them stop.
That's what makes me so furious with them and all other ad companies. Since they're never going to change, I wish that they'd go out of business pretty much every day.
I read through a lot of this. I think it is still worth another try -- they approach it more from an obfuscation point of view -- I want to take it to the next level and "drown them" in noise. Don't just say "It's been done" and then decide it will never work. It may take several failures to find the best methods -- much like search was a major failure until the right recipe was found.
I think the largest issue would be hiding the plugin from their eyes. Like youtubeDL sort of being a secret. The noise creating plugin can't be advertised as such because then the new history is easily un-noiseable.
The tool would need to be something like a color picker that has a hidden command to run headerless searches in a tab of your browser.
This (sort of) worked for teenagers hiding pictures on a fake calculator app on smartphones years ago, but your mom wont try to pry at your facebook obfuscation.
i ve done an app with a friend that generate random phone number and add it to your adress book. And my pleasure is to let all the social network to siphon my adress book.
Reminds me of the good old days of meetups organized by the UK email newsletter NTK (Need To Know) where people would swap supermarket loyalty cards - ideally as far apart in demographic terms as possible, such as a single guy and a mother of two - to fk with the data.
What exactly are engineers and designers at Facebook doing? There are thousands of them! I've seen teams of 10 ship more (granted, no one is delivering on Facebook's scale)...
I know most of them are likely working on backend stability and performance... but come on.
It probably just takes a long time to develop! I mean, keep in mind, Facebook's app doesn't even support landscape mode. It's hard to find the development bandwidth for advanced features.
200 comments
[ 0.33 ms ] story [ 246 ms ] threadI would love more transparency here, but we're not getting that without government intervention, and that's unlikely to come anytime soon (and what gets passed may be worse than the current situation).
The GDPR (General Data Privacy Regulation -- an EU regulation that came into force last year) provides for this and has potentially very large fines to back up the regulation. Obviously it only applies to EU residents (or businesses) but I've heard that California is getting their own version of GDPR -- though I haven't looked into it. Facebook implemented the "delete your account" option that actually works in response to this, as well as giving explicit and opt-in consent to whatever tracking they use.
If you want to "clear" history to delude yourself that revenant Facebook information is gone (or at least make it difficult to obtain from your own account), there's plenty of options for that.
We promised a history tool and have not delivered it. We are deeply sorry. We founded Facebook to connect the world and facilitate relationships. We remain committed to doing things.
https://www.theguardian.com/business/2010/jun/17/bp-tony-hay...
https://eu.usatoday.com/story/tech/news/2018/03/21/read-face...
Even though the BP one is substantially more detailed, at least I've read it completely. I've skimmed over several paragraphs in the Zuckerberg's statement because they essentially say nothing.
Some part of it can be blamed on the medium itself, since Zuckerberg couldn't post links, subsections, nor visually-distinguishable lists in a fucking Facebook status.
addendum: If this bothers you, I would strongly recommend just jumping ship now. There's almost no incentive for them to change and no sign of one on the horizon. If you're not getting enough value from them right now to accept the data they keep on you, you'll be happier just giving up and moving on early.
https://www.youtube.com/watch?v=15HTd4Um1m4
"Well yes, but actually no"
Probably somewhere in the backlog :-)
That will tell you what data they still have about you.
You can't _know_ they've deleted everything if the subject access request comes back empty, but it puts then in the position of having to actively break the law to lie about whether they've deleted your data.
True, but I don't think Facebook is too bothered by that sort of thing.
And to be clear, I'm not saying that Facebook has necessarily been malicious or lied. It's just that a product manager faced with the choice to prioritize this vs. some new engagement enhancing widget is going to pick the widget every time unless there's constant pressure from above.
Edit: This is why legislation is required. So privacy issues can't be ignored simply because they don't contribute to the bottom line.
Their loss.
It's an European account and I'm wondering if only marking the content as deleted, instead of actually deleting it, violates the GDPR.
* They're still working on Clear History, and think it is worth implementing (Zuckerberg is the one who introduces the topic–the interviewer hasn't asked him about it). It's important that users have a tool like this, even if it makes their experience "worse" (i.e. less personalized).
* Clear History is nontrivial to implement, because Facebook was not built with this functionality in mind. And they want a user interface that is more capable than just a single "delete everything" button, because their research has shown that users frequently want to clear only certain aspects of their data (e.g. data shared to a specific service or app via Facebook), so this adds complexity.
* (In the context of a Facebook subscription service, which they were discussing before Zuckerberg mentioned the Clear History tool)–having Clear History is a prereq for any sort of subscription service, but they want Clear History (and all privacy controls) accessible to all users, not as a privilege for certain users.
"View As" was a vital tool to assess what data is shared with whom, and guarding one's privacy is harder without it.
I've seen advisory after advisory just on user impersonation. Just no. Don't implement.
If you want to impersonate, use a private session or have users you control do the testing.
Take that guy who managed to get a dump from his Spotify data thanks to the GDPR for instance: https://twitter.com/steipete/status/1025024813889478656/
I'm sure we all knew Spotify tracked us but seeing how much they track is pretty crazy to me even though I'm pretty sensitized to these privacy issues.
I expect that a full dump from Facebook would be at least as verbose if not more. I don't think they want the users to see how the sausage is made.
No, the public who's aware isn't outraged because they don't think there's anything they can do to stop this. Resignation is very different from thinking it's "[not] a big deal."
Not so much, really. Outside of techie types, my experience is that very few people are aware of this stuff.
Deleting a record from a table can cause a re-index, which is very intensive. It's much easier to flag a column in a record as "deleted" or whatever, and then run a cleanup during off-peak hours.
I'm sure there are clever ways around that with proper knowledgeable DBAs on your team, but as I'm a web dev for smaller audience projects, I don't touch solutions that require those types of optimizations that I'm sure Facebook has implemented.
As will adding new data and FB loves the story of adding to their profiling DB.
This is not an indexing issue but a "we love adding data but hate removing it" issue.
Disclaimer: Have no experience with databases at that scale so maybe this isn't entirely unreasonable.
In Facebook's case, we know they're seeing huge hits in active, engaged users, but their whole metrics ecosystem is built to optimize micro-engagement. Taken as a whole, those micro-optimizations are killing goodwill and turning off users, but it's much harder to measure that.
So many decisions are made because variant b "won", without any discussion of the layers upon layers of factors that aren't easy to measure.
I hate to say it, but it's probably too late anyway. FB has billions in the bank and are likely working on much bigger-picture projects with their surveillance tech. Why bother with a B2C product that brings tons of PR grief when you can enter billion-dollar contracts with militaries and governments where secrecy is the default MO?
> There’s a reason that Clear History isn’t called “Delete History”: Using the feature will disassociate browsing data that Facebook collects from your specific account but it won’t be erased from Facebook’s servers completely, Baser said. Instead it’s just “de-identified,” which means it’s stored by Facebook but no longer tied to the user who created it.
[0] https://www.recode.net/2018/12/17/18140062/facebook-clear-hi...
It seems more sensible than trying to block them - instead give them loads of bad data ruining their business model?
For instance you could pick which set of noise you wanted to feed Google i.e. convince Google you are single mother from Lithuania... or Facebook you're a 63 year old man from Italy or Instagram you are a Teenager from Korea.
Every time a tracker or data point is sent to them to "know" you it could be a lie. This would lead you out of your search bubble too so political ads by Russians being bought to undermine Hillary's black vote might be more clear to everyone.
Trusting Facebook or Google to do the right thing against their financial interest won't work will it.
I don't know if I ran into that issue, but I wasn't really downloading a lot of mainstream stuff compared to him either.
Edit: Found a copy of the audio: https://www.youtube.com/watch?v=XU5xC00m-gA
This worked best on mainstream P2P clients like Limewire, Kazaa, Ares (all based on Gnutella I think), because the fake MP3s would propagate more widely.
It didn't work as well (or at all), on relatively obscure, community-based networks like Slsk, where people were more likely to share entire albums, and not just the singles.
That said, it's pretty hard. It's not entirely clear which data points Facebook uses, but it's very likely you can't influence all of them. For example, friends adding you as contacts, or linking your profile to your phone number. If you also want to continue using it as normal, your normal usage will still give a lot of data about what you view; what you interact with; when you use it; that might stand out from the random stuff - and if you don't want to continue using it as usual, the extension will have to visit the website by itself, without interfering with your regular browsing activity, and without relying on your computer being on.
I also think that if something like this would get big enough to actually impact the quality of their algorithms, it'd be pretty easy for Facebook to detect abnormal activity.
(And of course, it's not even that much of a problem if the algorithm screws up more often, as long as advertisers believe it's accurate.)
In a world where Firefox and Safari were the major internet browsers, this wouldn't actually be that hard since it could be built into those browsers directly and would already align pretty nicely with their respective parent company ethos
What I don't know if that means browser or App. Not effective at all if most people use the app.
Then users will blame the browser for being trash rather than FB.
https://www.newsweek.com/facebook-tracking-you-even-if-you-d...
I've used a similar add-on for Google search (the add-on made some human-like Google searches in the background), but I can't remember its name now.
Facebook would be a pointless exercise, since the <div> names are automatically generated. You can't even hide the sidebars you never use using CSS because they'll all change their <div> IDs on refresh. That and the murkiness of what exactly is an ad on Facebook makes even the most thorough adblockers struggling to work properly even in an otherwise-ideal situation (a desktop browser with an adblocker).
[0] https://adnauseam.io/
Also:
> all ads are supposed to contain the word “sponsored” as part of a mandatory disclosure, so users can distinguish between ads and their friends’ posts. Our tool recognized ads by searching for that word. Last year, Facebook added invisible letters to the HTML code of the site. So, to a computer, the word registered as “SpSonSsoSredS.” Later, it also added an invisible “Sponsored” disclosure to posts from your friends.
https://www.propublica.org/article/facebook-blocks-ad-transp...
A Facebook page that I'm following paying money to reach me is an ad according to Facebook. To me, that's extortion.
On the other side, we have notifications about friend suggestions. You can't turn them off in the notification settings. That to me is an "ad" for Facebook itself, even if nobody payed them money. It's an undesired content that pulls my attention away from what I came there to do in order to promote a product.
How would you fix that? The only thing I can think of would be a chronological feed where everybody sees every post.
The model they currently use serves two goals: to extort money from fanpages, and to hook users up by intermittent reinforcement.
They probably already record every item displayed on screen (and how long for, and whether my cursor hovered it, etc.) so a list of items I saw (on any device) in the chronological order I saw them should just be a simple db lookup away.
If you build a cockpit by measuring everyone's dimensions and averaging them, you'll end up with a cockpit that fits nobody[0]. I believe the same is true for feeds as well.
There's an amount of information that works for the average Facebook user. However, none of us are precisely on that average. By building algorithms whose mission is max consumption by the average user, they've made their product useless to everyone.
[0] https://www.thestar.com/news/insight/2016/01/16/when-us-air-...
Honestly, everything this company does is shady beyond all shame.
Twitter keeps fucking around with their timeline feed, but they've preserved a "chronological, show me everything" option through all of their other bad ideas.
After a few refreshes of my Twitter homepage in a short time span, I did a little research: I've edited the CSS to make the distinction of "liked" tweets more obvious. Over 50% of "fresh" content turned out to be likes by the people I follow that are in no way chronological.
You can fight it... for now, but I assume not for long. I've stopped relying on Twitter for that same reason I've stopped relying on Facebook.
Is that the name for the "recent tweet from X" notifications? Those have made Twitter notifications completely useless for me. :(
As far as I know, there's no universal term for them. Since we already associate darkness with bad UX patterns, "shadow notifications" as a subset of "dark patterns" has a nice ring to it.
But can anyone honestly claim that putting an invisible 'sponsored' on non-sponsored posts is ethically OK? Can't we all agree that ads should be readily identifiable as such?
By human users for sure. Scripts are a whole other question.
BTW. to the extent clearly marking ads/sponsored content is required by law, I wonder whether Facebook could be sued for making this difficult for users with disabilities - after all, accessibility tools like screen readers are scripts and rely on machine-readable metadata.
I disagree entirely.
(By 3rd party ads I mean all ads that are advertising anything not directly sold or provided by the owner of the service showing that ad. That's to resolve the immediate objection of whether telling people about new features is an ad or not.)
Man can dream.
EDIT: But this man would also vote for the person pushing for such legislation.
Personally I'm stuck with voting for "the party not dismantling the NHS who stand a chance of getting in".
Maybe in my kids lifetime we'll get proper PR at the national level (UK).
...also brexit ;-)
We've long had the ability to set a minimum font size, but I suspect browser vendors have viewed that purely as an accessibility feature.
(Tangent: I've also been increasingly disappointed that browsers let sites make text unselectable. I understand that there was originally a use case, but I only ever encounter it as an anti-feature these days.)
Breaking up a word into multiple tags is very different from inserting invisible extraneous content into the middle of a word. The latter is what I'm questioning the usefulness of; the former I can see as occasionally useful, but should be avoided when it breaks screen readers and search engines.
Take a modal for example - the text is not visible until the modal is opened. Let's think about menus that display on hover - they wouldn't work. What about tooltips or other sorts of floating label type things? What about other text that only appears on hover, or when some action is performed?
Sure, you could wait to insert these things into the page until the last second, but it would be less performant and complexity would be higher.
If you saw what the web looked like without display: none and visibility: hidden, I think you'd change your mind. There are infinite applications.
Aside, this reminds me of the brief period of time where "hacking" SEO by pasting huge volumes of keywords in text the same color as the background and/or hidden by other page elements was a relatively common trick. Search engines simply switched to more sophisticated methods of page ranking, I wonder what change could be made remedying this which would be similarly non-disruptive outside the bad actors.
One issue is that there's data about you that's not generated by you, but by people you know (i.e. John adds me as a contact into their phone along with my birthday and address, Jane friends me on VK and keeps tagging me in pictures that have location data, etc).
I suspect that right now, companies give higher importance to data that you've entered about yourself, but once they realize you're feeding them noise, they can adjust their algorithms to trust other people's data about you (if they're not already doing that), which would significantly decrease the effectiveness of feeding them noise about yourself.
It will still work for all data points about you that can't be collected from other people (like browsing habits, your phone's location, etc)
Maybe some people can inject noise about their friends, instead.
For instance:
1. install the FB app on a phone with an address-book full of garbage and share it with the app,
2. inject fake geotag data in the photos you tag your friends in,
3. put the actual tag on strangers in the background,
4. tag your friends in stock photos, etc.
Some of these you obviously can't do with friends who don't consent, since they may get annoyed by all the fake tags, but others would be transparent to most social media users.
TrackMeNot runs as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and Bing. It hides users' actual search trails in a cloud of 'ghost' queries, significantly increasing the difficulty of aggregating such data into accurate or identifying user profiles.
https://cs.nyu.edu/trackmenot/
Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it's like you suddenly disappeared.
https://www.eff.org/privacybadger
Also, if your friend gives someone else information about you, do you expect that you should be able to control it? I'm pretty sure many of the details of my life appear in other people's emails, voicemails, journals, etc. that will never have a "forget me" button.
I'm mainly suggesting that there are lots of ways to improve this situation, from market forces to legislation, and it's sad to see people wasting time on things that won't work.
And since they're buying data from non-internet data brokers such as credit card companies, retailers that track you in their stores, etc., blocking the trackers and avoiding the websites doesn't actually stop the spying.
To stop them from spying on you pretty much requires that you stop engaging in large swaths of real-world society.
You can't really control what your friends are telling them about you though.
Personally, I've just about opted out of the entire internet except for work, email, and a few web sites that I read regularly. The flotsam is just too thick to be worth the bother.
Words are powerful. Normalizing terms like "data vandalism" is the road to being legally required to use FAANG in such a way that maximizes their profitability. Probably not a great idea.
Whilst these overlords have undoubtedly helped develop the technological capabilities of the internet as we know it, the internet is no longer free and our human experience on it is manipulated and monetized.
An insidious Trojan horse into our lives and habits.
Fuck them and everyone who helps them.
I don't use Facebook/Google/etc., but they collect data about me without my consent anyway, and there is no way to delete that data or to make them stop.
That's what makes me so furious with them and all other ad companies. Since they're never going to change, I wish that they'd go out of business pretty much every day.
So I think they identify this as a tough to protect weakness as well.
It's been done :)
http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf
https://github.com/dhowe/AdNauseam/wiki/FAQ
The tool would need to be something like a color picker that has a hidden command to run headerless searches in a tab of your browser.
This (sort of) worked for teenagers hiding pictures on a fake calculator app on smartphones years ago, but your mom wont try to pry at your facebook obfuscation.
Just a thought
Edit for extra nostalgia: https://en.wikipedia.org/wiki/Need_to_Know_(newsletter)
I know most of them are likely working on backend stability and performance... but come on.