Ask HN: Invited by Facebook for privacy roundtable. What questions should I ask?
This Thursday I'm invited to a privacy roundtable with Facebook Legal and Privacy Policy teams in Amsterdam. The round table will be with other entrepreneurs and experts in the privacy field. I'm invited because I'm the founder of Simple Analytics - a privacy friendly analytics SaaS business [1] - and critical about Facebook on Twitter [2].
Some people advised me not to go there because it would only do harm to my name and brand, but I think I should. The Facebook teams are going to give a presentation with some new plans where they want feedback on. For internal push back they need critical people from outside Facebook, which I'm happy to contribute for.
To make it more interesting for the outside world I'm going to ask a few questions for Facebook in general (privacy wise). And that's where I need some help. What questions do you want answers for from Facebook?
Facebook agreed I could use the answers outside of the meeting (with the exception of sharing from non-Facebook attendances).
[1] https://simpleanalytics.com
[2] https://twitter.com/adriaanvrossum
180 comments
[ 2.8 ms ] story [ 211 ms ] threadCome PSC (Performance Summary Cycle) time, how do they justify a "Meets All" or "Exceeds" evaluation?
You could ask if they plan to let users know exactly (and be able to opt out) where their data will end up (internal only, 3rd-parties, which ones? Could you select purpose?).
And of course, GDPR globally.
Why isn't it implemented yet?
2. How can they delete the data associated with the above?
3. Info on how they group personal data from WhatsApp, FB and Instagram
4. Who do they share such data with?
5. Who within FB is responsible for privacy policies, etc.?
I feel like this is a misguided notion. Facebook doesn't need to create "shadow profiles" for anybody to achieve the same effect: they can just pull together the data on-demand (e.g. say when you create an account, they could scan others' contact lists for a match for your name), without aggregating them together into a 'profile' beforehand. Unless you really intend to ignore that possibility (which I doubt, given the effect would be exactly the same), you probably want to approach it differently than talking about 'shadow profiles'.
You are right that some fly by data might end up in a server log somewhere but those aren’t kept around for long...if they are kept at all at Facebook scales
Storing and computing data is very expensive and risky at FB scale so they will only keep around what they actually need for as long as they need it. Meaning that data gets send to the server, gets aggregated and then deleted.
An exception of course is content generated by users such as a newsfeed post, as is the nature of the product that content stays around until users delete it
On 5, I would hazard that it's those teams. Of course, the buck stops at zuck.
Funny how this question always seems to generate distracting and misdirecting responses.
The simple fact that detractors seem unwilling to address is that FB and countless other internet advertisers are stalking billions of unaware people on a micro level using all sorts of shady and opaque techniques and compiling the most detailed psychological profiles on the most number of people in history.
The public has only just begun to contemplate the massive national security and mental health problems that this mass stalking and manipulation creates.
What's the right level of control users should have over their data?
Then as a follow up I would ask what's keeping Facebook from implementing those controls.
Unless this was already covered in an acceptable way after the Cambridge Analytica f*ckup (I haven't followed what actions Facebook took afterwards to address the issue), I would also ask about what are they doing about policing bad actors, companies trawling or leaking users' private information or abusing it. How are they going to better prevent that in the future. Once it's outside of Facebook they've already lost control of the situation.
In addition, you might want to review the questions from when Zuckerberg was in front of the European parliament. The MEPs asked some good questions and Zuck basically weasled out of it. I'd love to see the same questions brought up again.
And also, info about shadow profiles.
That isn't legally binding at all.
2. Do your apps “skim” the contents of device clipboards and send this info off device without user intent to do so?
And one open-ended question to try to gauge how open they’re being about the whole process:
3. What information do you collect that would surprise or upset privacy-conscious individuals?
I feel like if you ask questions where you have to quote your own words like this, you're basically begging them to be interpreted differently than you intend. I'd be crystal clear about what is being asked.
How’s this?
“Do your apps access the contents of device clipboards and send this information or any modified version of this information off the device without explicit user consent to do-so?”
Remember, all you need to know from them is what they do and when they do it. You don't need or want them to make a judgment call on the legalities or morality or anything else when responding; you can do that yourself later.
To that end, I'd word it like this:
"What are all the situations in which your apps read clipboard contents, and why is it necessary in each case?" (Obviously pasting would be one scenario, to which you'll just nod and move on...)
(And I would ask the same about microphone data, location data, etc. too, not just clipboard contents.)
Somewhat more constructive: Facebook seems to have an unhealthy appetite to collect _all_ user data including privacy sensitive information. But lets be fair: She is definitely not the only company on the quest for the Big Data insights, that seem to always be at least one data point away. Does Facebook have information on which data points they really need to make a commercial viable user profile? What data points are privacy sensitive? Is Facebook looking into alternatives for those privacy sensitive data points? If not: can Facebook enumerate those and ask their users for explicit consent to collect those points and ask for explicit consent in the future for any new data points?
Good luck this afternoon. I hope you get some insights.
I will try to ask as much as possible, and really like your questions of what data points are useful and are they privacy sensitive.
Thanks!
"I understand many if not all of your employees, and even your interns, are technically capable of accessing at least some data from any user, should they decide to do so against Facebook's will. I also understand the repercussion for this is that they would get fired and potentially sued. However, this is not accepted practice in every company that handle such sensitive data on users' personal lives. Moreover, it is easy to imagine adversaries and targets for which the risk of getting fired and/or sued is easily worth the benefit of obtaining a particular user's private data. How, then, do your security experts, who take security seriously and who surely understand the notion of 'defense in depth', justify that the proper safeguard is an employment/legal threat, and that there should not be a technical barrier preventing interns or other normal employees from accessing any user data?"
Bonus points if you can get them to talk such occurrences, which they almost certainly won't tell you, and why users should trust that they're handling this properly when they're unwilling to report sufficiently precise information on such incidents.
And it would be very, very hard to circumvent the protection mechanisms without getting caught!
Is this a new thing or has it always been the case? Because I'm pretty sure I've heard otherwise before. (Unless by "technical barrier" you don't mean the same thing I do.)
Also what do you mean by "very hard without getting caught"? Is it like hacking their database from the outside/open internet? Or is it like "they can, but it'll trip fifty alarms" [but they'd still get the data].
2. Yes, it’s like hacking the database from the outside in most cases in others it trips alarms and starts an investigation. It all data is created equal here...but generally speaking PII data is highly guarded
So criticizing Facebook for the latter (which it doesn’t actually do) is intellectually dishonest.
This is sort of similar to how content owners have muddied the waters of debate by calling copyright infringement stealing. One can certainly argue that both are unethical, but they’re still different things!
Facebook does not make its money from “selling data” at all, whether “private data” or “privacy-sensitive data”.
The audience size tricks like uploading an audience, then adding one to it and reuploading won’t work. There’s a cardinality fudging thing.
[0] https://ghostinfluence.com/the-ultimate-retaliation-pranking...
[1] https://news.ycombinator.com/item?id=8330931
Genuinely not understanding something is fine. Already claiming someone was intellectually dishonest because you misread or misunderstood not so much.
The ads business of Facebook is based on the very specific data Facebook can provide their advertisers for very specific target audiences based on private information they gathered through their platform. Like ads for people who die their hair, have an affliction for cheese burgers, are right wing and live in zip code 20500. That is privacy sensitive information (although I picked a public person for this example). They do not provide customers with Trump's private number. That would be private data. They do not just sell ads on their platform, they sell specific target audiences on their platform.
Again, no it isn’t. Facebook at no point provides data to its advertisers.
Yes, advertisers can say “show this ad to people who are right-wing and live in DC” (although I doubt “dyed hair” is a category). However, the advertisers are never provided with any data about who is in that category. That data never leaves Facebook.
FB is Zuck.
There are some languages that don't have gender for pronouns, even.
Or some languages that have 2 genders for most things but 3 genders for pronouns (eg. Spanish distinguishes between este and esto because Latin distinguished between iste and istud, but most masculine/neuter contrasts of -us vs. -um did not survive their final consonants no longer being pronounced. Whether or not a language retains such a distinction can appear highly coincidental in the face of such seemingly unrelated phonetic changes.)
In the list I see "coalition of cheetahs" and "kindle of kittens". But then again, I don't mind new coinages, these are fun.
[0] https://en.wikipedia.org/wiki/List_of_English_terms_of_vener...
Basically, it’s rare enough that it doesn’t sound natural and therefore comes off to me as an affectation, and makes the person sound weirdly smug about being “technically correct”.
I really should get over it, but like I said, not really rational.
I legitly can't think of a more privacy-friendly way to do that. If you're paranoid enough to believe that no analytics is the only right solution, you probably have DNT on, and this is one of the rare cases in which it's actually respected.
[0] https://docs.simpleanalytics.com/what-we-collect
Facebook's PR team and legal team are arguing two completely separate things right now, and I'd like management to explain how they reconcile those views.
I'd like to know whether their lawyers are right that users have no expectation of privacy, or whether Zuckerburg is right that privacy is the future of Facebook. If Facebook's lawyers aren't misrepresenting the company, then I'd like to know why Zuckerburg and management are so hesitant to make the same arguments in public press releases.
1. How can someone who does not have an account prevent themselves from being tagged and/or identified in uploaded photos? Corollary: why isn't the tagging and identification of a person an opt-in feature only?
Facebook using the phone number they requested "for security purposes" to improve ad targeting and let people identify you from your phone number: https://www.forbes.com/sites/leemathews/2019/03/04/facebook-...
Try to find videos of FB officers (Zuck, Sandburg) who have already been publicly grilled.
Most likely on a corporate level, FB employees already know how to answer and respond to most of these privacy questions.
That means you need to figure out their initial canned responses, what assumptions they’re building on, and prepare a line of questioning/reasoning to chip away at their logic in follow-ups.
If that question is deniable, then does FB take no efforts to guess at individuals budgets? (Ie household income, rent/mortgage, monthly subscriptions, etc) Does FB grant people privacy for what’s in their bank accounts?
2. What will be simple to use mechanisms / technologies / standards employed by FB to allow users to identify and delete their private information?
3. Will those privacy control mechanisms be standardized across Facebook products / technologies?
4. Will there be an effort to open source technologies / standards with respect to user privacy, so they can be peer reviewed and if good implemented by others in the industry?
Thanks for your efforts!