> Facebook told two senators why it tracks users’ locations even when their tracking services are turned off. The lawmakers now say Facebook should give users more control over their data.
> Facebook said that even when location tracking is turned off, it can deduce users’ general locations from context clues like locations they tag in photos as well as their devices’ IP addresses.
> While this data is not as precise as Facebook would collect with location tracking enabled, the company said it uses the information for several purposes, including alerting users when their accounts have been accessed in an unusual place and clamping down on the spread of false information.
> Facebook doesn’t allow users to turn off location-based ads, although it does allow users to block Facebook from collecting their precise location, the company wrote.
If I say I don't want you to track my location, I mean exactly that. Not respecting users' wishes like this is a terrible thing to do.
There are ways to track location outside of the operating system.
For example, even Facebook says (and the comment you replied to noted) it uses photo tagging and what wifi network you're connected to in order to determine location.
> There are ways to track location outside of the operating system.
> For example, even Facebook says (and the comment you replied to noted) it uses photo tagging and what wifi network you're connected to in order to determine location.
By photo tagging, do you mean GPS coordinates? Isn't that done by the app that takes the picture?
Can't I disable Wi-Fi?
If my wireless ISP is giving everyone free access to my location through some sort of IP address or rDNS scheme, isn't this an ISP issue? I mean, can't you make this exact complaint about every single thing you use that connects through an IP address?
By photo tagging, do you mean GPS coordinates? Isn't that done by the app that takes the picture?
On Facebook and many other social apps you can manually specify the location a photograph was taken. Some apps will ask you for the location if it's not available from the operating system or metadata.
Can't I disable Wi-Fi?
Sure. Go nuts. But you have to connect to the internet somehow to use the app, so if you're not on wifi, it can get your location from your cellular network.
OS can block access to location, but they can still have a coarse location from your IP, tagged photos, checked-in locations, message content and so on. Disabling location tracking in FB should also disable this on the FB server side.
I'd imagine it would look more like "these twenty people are all in the same building in Russia posting a whole lot of opinionated content about America", if it was a true story.
> the company said it uses the information for several purposes, including alerting users when their accounts have been accessed in an unusual place
Recently Twitch has started screaming when I log in in an incognito window. They send me an email with a 6-digit code that I have to enter because an attempt was made to access my account from an unknown machine.
Left unmentioned is any conceivable reason I would care if someone else did log in to my Twitch account. The alert and the one-time code are pure nuisance.
But I won't get an alert if this blocks someone else from accessing my account. The email will go to the address associated with the account, and the odds of me checking that address without knowing I need to are nearly zero. And all of that is as it should be, because attempts to compromise my Twitch account do not matter in any way at all.
You'd need to be a lot more important than a non-streaming Twitch account before I'm going to provide an email address that can reach me reliably.
"But how is Twitch supposed to know whether I'm a streaming account or a non-streaming account?"
The contrast here isn't "secure by default" vs "unsecure by default". It's whether a legitimate login can come from any computer, or only a computer Twitch recognizes as having logged in to the same account in the past. I'm not saying they should stop asking for your password.
So we have "secure by default" or "secure, and also incredibly irritating, by default".
1. I'm logging in from the same device every time. They're just freaking out because I'm in an incognito browser window.
2. They're not asking for more than one factor. The one-time code is sent to my email address. Control of the email address is already sufficient to take over the account, regardless of whether I know the account password.
If you're not able to identify new devices, is it still reasonable to prevent logins from those unidentifiable "new devices"?
I was under the impression that because of the lack of tracking in incognito, most sites regard it as a "new device". Regardless, your second point stands, makes sense. That is dumb.
> Facebook said that even when location tracking is turned off, it can deduce users’ general locations from context clues like locations they tag in photos as well as their devices’ IP addresses.
Facebook can still do all this on the mobile website.
Why does the government need to stick their fingers in this? No one needs Facebook. If you’re not happy with the product or with the company’s ethics, stop using it.
Because you can’t opt out. Facebook creates shadow profiles for people who have never created an account. They track people’s faces in photos they appear in that were posted by friends. They link people’s personal information to their shadow profile whenever a user allows Facebook to access their address book contacts.
Facebook is a pervasive, all-consuming data monster. If lawmakers don’t rein it in, it will grow so powerful that it will challenge the sovereignty of governments. It’s not a joke.
At some point in the reasoning chain you reach the bad thing that is bad because its intrinsically bad and if you try to reason more you'll just go in circles. Or you enter a philosophical debate of such depth that it's stupid to have it with internet strangers.
With enough data you can segment for almost any group.
- Who is likely to vote Bernie?
- Who is gay?
- Who is gay, but not out?
- Who is cheating on their wife?
Etc etc..
If you can't see the potential for harm at both the individual level (think extortion) or political level of that kind of power I'm not sure what would convince you.
If challenging the sovereignty of governments is the problem, then there's an obvious solution - just nationalize it! Then all the tracking will be done in the public interest and we can go back to sleep.
51 comments
[ 3.2 ms ] story [ 107 ms ] thread> Facebook said that even when location tracking is turned off, it can deduce users’ general locations from context clues like locations they tag in photos as well as their devices’ IP addresses.
> While this data is not as precise as Facebook would collect with location tracking enabled, the company said it uses the information for several purposes, including alerting users when their accounts have been accessed in an unusual place and clamping down on the spread of false information.
> Facebook doesn’t allow users to turn off location-based ads, although it does allow users to block Facebook from collecting their precise location, the company wrote.
If I say I don't want you to track my location, I mean exactly that. Not respecting users' wishes like this is a terrible thing to do.
Isn't this more of an OS level issue?
For example, even Facebook says (and the comment you replied to noted) it uses photo tagging and what wifi network you're connected to in order to determine location.
> For example, even Facebook says (and the comment you replied to noted) it uses photo tagging and what wifi network you're connected to in order to determine location.
By photo tagging, do you mean GPS coordinates? Isn't that done by the app that takes the picture?
Can't I disable Wi-Fi?
If my wireless ISP is giving everyone free access to my location through some sort of IP address or rDNS scheme, isn't this an ISP issue? I mean, can't you make this exact complaint about every single thing you use that connects through an IP address?
On Facebook and many other social apps you can manually specify the location a photograph was taken. Some apps will ask you for the location if it's not available from the operating system or metadata.
Can't I disable Wi-Fi?
Sure. Go nuts. But you have to connect to the internet somehow to use the app, so if you're not on wifi, it can get your location from your cellular network.
Facebook is free to do with their servers as they please. Don't like it? Don't use it. I don't.
To my knowledge, facebook isn't breaking into anything. This is a terrible analogy.
It seems this user is at the corner of 47th and 3rd, so we won't tell them how oil companies lied about global warming. Did I get that right?
Recently Twitch has started screaming when I log in in an incognito window. They send me an email with a 6-digit code that I have to enter because an attempt was made to access my account from an unknown machine.
Left unmentioned is any conceivable reason I would care if someone else did log in to my Twitch account. The alert and the one-time code are pure nuisance.
If you’re lazy and share passwords between accounts like some people do it’s also good to know that your password might be leaked.
You'd need to be a lot more important than a non-streaming Twitch account before I'm going to provide an email address that can reach me reliably.
"But how is Twitch supposed to know whether I'm a streaming account or a non-streaming account?"
So we have "secure by default" or "secure, and also incredibly irritating, by default".
1. I'm logging in from the same device every time. They're just freaking out because I'm in an incognito browser window.
2. They're not asking for more than one factor. The one-time code is sent to my email address. Control of the email address is already sufficient to take over the account, regardless of whether I know the account password.
If you're not able to identify new devices, is it still reasonable to prevent logins from those unidentifiable "new devices"?
It's not a great looking site, but you can read and respond to messages on there.
[1] https://apps.apple.com/us/app/friendly-for-facebook/id400169...
[2] https://play.google.com/store/apps/details?id=com.creativetr...
Facebook can still do all this on the mobile website.
This is a very big, overlooked problem.
Facebook is a pervasive, all-consuming data monster. If lawmakers don’t rein it in, it will grow so powerful that it will challenge the sovereignty of governments. It’s not a joke.
In what way do you imagine Facebook challenging the sovereignty of a government?
Drink driving is bad.
Why is that?
You might cause a crash.
Why is that bad?
People could die.
Why is that bad?
They'll be dead.
Why is that bad.
They don't get to exist any more.
Articulate your reasoning!!!!
- Who is likely to vote Bernie?
- Who is gay?
- Who is gay, but not out?
- Who is cheating on their wife?
Etc etc..
If you can't see the potential for harm at both the individual level (think extortion) or political level of that kind of power I'm not sure what would convince you.
That's plenty harm enough all by itself.