This is interesting. On the one hand, I can almost see a case for this, kind of like Amazon saving you shopping cart and search history, as a convenience if you switch computers, and for their market research.
On the other hand, most users would expect that what they enter in a random textbox and then delete is not going to be saved anywhere. These posts are equivalent to email drafts and I would hope they would be as private.
These posts are equivalent to email drafts and I would hope they would be as private.
On an ad-supported, web-based service? Why?
If they have an algorithm that parses my drafts and uses the gathered information to make more money to pay more engineers to build better products, I have no problem with that assuming that the data is handled responsibly.
For critically sensitive data that needs to be locked down, of course this is unacceptable. But so is using an ad-supported web service for critically sensitive data.
Tangent: This reminds me of a rumor I heard about gmail. Rumor had it, one of the ways the inbox loaded as fast as it did when you logged in is because as soon as they identified your email address (and before you typed your password) they'd kick of a job to start pulling things into memory so that your inbox would be ready to go once you logged in. If true, kind of a neat hack.
Similarly (and this isn't just a rumor), if you leave your mouse on top of a related video on YouTube, once you click it the load is almost instantaneous.
The response is empty, at least in my browser, so unless that is only true sometimes, the only plausible explanation is for it to be causing something to occur server side.
That's pretty similar to the way that Facebook graph search works, so it wouldn't surprise me. If anything, you just open up devtools and check for an XMLHttpRequest when you tab into the password field.
Very few people realize they're giving Google insight into their live thought processes as they type a query, maybe refine it a few times before submitting (which gives google a lot of information about if their autocomplete suggestions are working, relevant, etc), then bouncing around search results with further refinement.
Google got greedy and started tracking every click you make on search results a long time ago too. They weren't content knowing "this person got a good result and didn't need to come back for this query again" — they decided they must know what you click on, when you come back, what you click on again, .... It's all quite invasive, but nobody cares.
[but who are we kidding? most people don't "refine queries" — they type "BOOBS" into google and just keep drooling on their keyboard/tablet/phone.]
TL;DR The researchers instrumented the Facebook client-side javascript to return statistics on users that wrote a post then deleted it, without collecting the content from the deleted posts.
Also, the tone of the article seems to suggest that server-side autocomplete is scary and unethical, which I disagree with.
Chrome on Mac/Windows/Linux/Chrome OS when you have the extension enabled. Google Search app on Android/iOS when you have the app/Google Now open. Google Glass.
Source: Personally using or trying all of the above products.
You sure it's not so you can bring up the post/status later and finish typing it in case you lost it from closing your browser etc. Or moving to a new device to finish it?
I don't understand why this surprises people. Facebook is in the business of collecting every bit of information it can about every one if its users. I think its reasonable to assume that every click, scroll, and keypress is being captured and used for analytics.
It's time for another browser fork. The new browser will disable invasive javascript methods (mouse tracking, reading every key press, over-zealous XHR partial-entry saving) on known-bad sites and on any site including javascript from known-bad actors.
We shouldn't really let our interfaces to the world be run by advertising interests.
Agreed with your sentiment, but I think a plugin approach (many exist) is better than a browser fork. The fork could surely convert some users (and developers), but that just means duplication of development efforts between the fork and (for example) the Mozilla+Plugins ecosystem. Contributing to existing projects (or building a new plugin, if an open one doesn't already exist) seems like a better way to go.
Mass adoption ends up being the problem though. It doesn't hurt the evil privacy invading corporations to cut off 0.0005% of the population consisting of privacy conscious computer nerds.
Maybe a partnership of some sort. "You can only use Pinterest if you have Freedom Guard installed." (which sounds like spyware anyway)
We just need The Next Big Thing to guide normal people to install software to cut the legs off of current information hoarding enterprises. They only reason what they do isn't illegal is because laws haven't caught up yet, not because it's "right," "allowable," or even "morally conscionable." The internet platforms are being run by amoralists who don't care what happens as long as they end up with more power in world in the end.
...or just use NoScript...? I really don't understand the incredulity, though; does the average user think that Google has the entire Internet stored on its homepage to get Auto Suggestions to work?
Thanks to things like PHP calendars that don't restrict the input date in the URL parameters and programmatically-generated content honeypots, the internet is infinitely infinite.
(Sure, the source code representation of the Internet might be finite, but Googlebot doesn't always have access to that.)
Understanding that autocomplete requires a website to log your keystrokes probably requires at least a rudimentary understanding of how machine learning works.
I agree. And I'm always curious why articles take such a tone like this. This is probably to improve the UX anyway. Some people probably type a long status and their browser crashes. This feature lets them restore it.
They've been doing it since you could tag people in status messages and comments just by typing their name, which has probably been around 2-4 years, maybe longer.
As far as I can tell the content of the update is never sent back. I just went on FB and started typing a status update. The status box expands, and loads some extra assets. But you can type and erase repeatedly and no extra HTTP requests are sent. I get the feeling their methodology was "Did the user request the status update assets? Did they subsequently post a status update?".
On the one hand, FB isn't doing anything evil. On the other hand, it shows how much clever stuff you can do by looking at people's intent based on information you already have.
36 comments
[ 3.5 ms ] story [ 94.3 ms ] threadOh, what a thin line we pave between auto correction and key loggers!
Well, it's facebook; of course they do...
On the other hand, most users would expect that what they enter in a random textbox and then delete is not going to be saved anywhere. These posts are equivalent to email drafts and I would hope they would be as private.
On an ad-supported, web-based service? Why?
If they have an algorithm that parses my drafts and uses the gathered information to make more money to pay more engineers to build better products, I have no problem with that assuming that the data is handled responsibly.
For critically sensitive data that needs to be locked down, of course this is unacceptable. But so is using an ad-supported web service for critically sensitive data.
The response is empty, at least in my browser, so unless that is only true sometimes, the only plausible explanation is for it to be causing something to occur server side.
Very few people realize they're giving Google insight into their live thought processes as they type a query, maybe refine it a few times before submitting (which gives google a lot of information about if their autocomplete suggestions are working, relevant, etc), then bouncing around search results with further refinement.
Google got greedy and started tracking every click you make on search results a long time ago too. They weren't content knowing "this person got a good result and didn't need to come back for this query again" — they decided they must know what you click on, when you come back, what you click on again, .... It's all quite invasive, but nobody cares.
[but who are we kidding? most people don't "refine queries" — they type "BOOBS" into google and just keep drooling on their keyboard/tablet/phone.]
Also, the tone of the article seems to suggest that server-side autocomplete is scary and unethical, which I disagree with.
Source: Personally using or trying all of the above products.
We shouldn't really let our interfaces to the world be run by advertising interests.
Maybe a partnership of some sort. "You can only use Pinterest if you have Freedom Guard installed." (which sounds like spyware anyway)
We just need The Next Big Thing to guide normal people to install software to cut the legs off of current information hoarding enterprises. They only reason what they do isn't illegal is because laws haven't caught up yet, not because it's "right," "allowable," or even "morally conscionable." The internet platforms are being run by amoralists who don't care what happens as long as they end up with more power in world in the end.
Thanks to things like PHP calendars that don't restrict the input date in the URL parameters and programmatically-generated content honeypots, the internet is infinitely infinite.
(Sure, the source code representation of the Internet might be finite, but Googlebot doesn't always have access to that.)
Understanding that autocomplete requires a website to log your keystrokes probably requires at least a rudimentary understanding of how machine learning works.
I type out stuff then I ask myself, "would anyone actually care to read this?" - usually the answer is no and I hit the back button.
On the one hand, FB isn't doing anything evil. On the other hand, it shows how much clever stuff you can do by looking at people's intent based on information you already have.