I'm going to echo another comment I saw here yesterday: if Mark cared he would put his money where his mouth is and back off datamining IM conversations and enable OTR by default.
Mark only cares because the IC is, in a way, damaging his brand by plainly revealing the dangers of centralized services.
The hypocrisy is Facebook's repeatedly sneaky approach to "permissive" marketing. While Facebook will never have a gitmo or "enhanced interrogation program," that doesn't excuse their complete disdain for user's privacy such as actively tracking the movement of users across the web, for example, data they most definitely didn't volunteer.
We did not learn that Microsoft "datamines IM conversations". All we know is that Skype (like other IM services) has a URL checking service. It's possible that only the URL is sent to Microsoft outside of whatever normal encryption Skype uses.
There may be some technical questions we might like answers to (why do HTTP URLs apparently not get scanned; why does it only do a HEAD request), but the most obvious answer is that it's some detail of MS's anti-spam/phishing system.
That's a separate issue. Obviously Skype could have MiTM connections since forever. They probably were legally required to do so, too. But decoding messages isn't the same as "datamining" them. And it's disingenuous, in context of IMs being datamined for advertising, to call an antispam service datamining, even if it's possibly technically true.
This turns on the definition of "datamining." Surely scanning ostensibly private messages to update a database, even one built for innocuous purposes, especially without clear and conspicuous notice to users, is one form of it.
From the H-Online.com article:
A spokesman for the company confirmed that it scans messages to filter out spam and phishing websites. This explanation does not appear to fit the facts, however. Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched. Skype also sends head requests which merely fetches administrative information relating to the server. To check a site for spam or phishing, Skype would need to examine its content.
>Do you have more info on Facebook "datamining IM conversations?"
Sure, the post I am echoing is in reference to Facebook "scanning" messages and relationships for criminal activity[1], as well as the suit filed at the end of last year[2] alleging that Facebook datamines messages for URLs to use as part of its ad targeting data. We'll have to wait and see if these allegations are true and whether it implicates the company's constant decree with the FTC[3], but Facebook has already confirmed that it does in fact scan private messages for "anti-spam" purposes[4], even blocking links to thepiratebay iirc.
Thanks. I'd say that [2] is an unsupported, so far, allegation. But [1] and [4] do qualify as evidence of FB datamining: examining messsages for TOS violations, and scanning private chats to see what URLs are being shared.
Yet another reason to not use Facebook for chat or messages.
Surely, you see a difference between a data company collecting data from users who willingly hand it to them, and a government that forces those companies to hand over private data against their will?
Sure. I also see a difference between a company asking everyone for that data in a clear fashion and one that tries get hold of every scrap of data from its users, even if it has to do with non-users (e.g. by collecting their address books).
To be clear about address books: they are "yours", but they hold data that you may not have permission to give away.
That is true, but moral standpoints are not black/white and Facebooks moral standpoint in the whole privacy debate isn't quite the strongest. Facebook will basically take any interaction with them as a "yes".
Also, Facebook didn't ask me when my friends gave my phone number and address to them.
Zuckerberg has repeatedly shown a lot of moral flexibility on those issues - so the irony is definitely there.
Facebook was caught red handed profiling literally everyone on the internet.
Every website that you ever visited with a "like" button, even porn sites. They compiled all of that information about "you" via cookies they put on your computer.
I hope you don't know anyone who uses Facebook, takes a picture with you in it and puts it on Facebook, or you know, have any web presence at all.
Of course to some extent I would also argue this is where things get grey - in a practical sense, private individuals do not, and have never, existed in civil society. Civil society necessitates making parts of your life public.
No, that would be on the person giving them the data _and_ on Facebooks side to check. Facebook never got permission, because the agent giving them the data is not allowed to give permission.
They also cannot make a reasonable assumption that the agent giving away the data _has_ permission and is lying to them.
There is no concept of "permission" here as freedom of speech is more important. If you don't want people to have your info, don't give it to people. You are perfectly entitled to "unfriend" someone (in real life) if they give away your data without your permission.
Yahoo, hotmail etc, they all used to scoop up contacts when users (willingly, just like they do with facebook) agreed to give them access in exchange for services rendered.
This is totally different from the government (a third party to either transaction) forcing Facebook to give them data (or stealing face book's data).
"Willingly hand it to them" is not an appropriate description of the relationship people have with Facebook. It's more appropriate to say that people willingly share with their friends, and Facebook abuses its position of power as carrier of those friends' communications.
Facebooks data collection is sleazy at best. You may claim that users give them the data "willingly", but the fact is that facebook collects users data even before their users have an account there. Management of the settings around privacy are also practically impossible. Facebook also ran into privacy snafus countless times.
I do see a big difference between a government that has a huge cache of information about everybody that they rarely access[1] and a provate company having information about its users that it accesses regularly.
Also, facebook collects information about people who have never had a facebook account and who don't want one.
[1] the GCHQ cache was accessed less than a thousand times, for example. Google trawls my data many times a day.
I think the difference is more nuanced, arguable either way. Users effectively have some sort of agreement with Facebook where Facebook get their data. Realistically this is not something they are really aware of. They use a free service. Facebook collect and use the data in way they don't understand.
Do they have that agreement with ISPs? Phones companies? Supermarkets with facial recognition software to track shopping habits?
Since a lot of this data tuff is about aggregation, entities sharing data can have a lot of consequences. If you have Facebook, Whatsapp & email data for a significant number of people, then you have a lot of data about people that aren't signed up to any of those.
I think trying to categorize data privacy issues into "users agreed to." is pedantic in a way that gets away from the reality of what is going on. The hacking vs just recording may have legal importance, but I don't think
I've said this before, the digitization & aggregations of so much data is a bigger world changing issue. The Snowden/wikileaks affairs are a strange double example. The US agencies have their data stolen and spread around because it's "data." This data is largely information about how they steal data. You can't keep your secrets from them and they have trouble keeping their secrets data from you.
"Voluntary" or "consensual" mean different things in different contexts.
On a bigger note - does it bother anyone that almost every privacy discussion has come to "who is lesser evil"? Kinda like politics ("we can't find a good candidate, so we are voting for the least bad candidate")
No matter how frowned upon straight quoting wikipedia may be, this seems appropriate:
> Nothing is more unjust, however common, than to charge with hypocrisy him that expresses zeal for those virtues which he neglects to practice; since he may be sincerely convinced of the advantages of conquering his passions, without having yet obtained the victory, as a man may be confident of the advantages of a voyage, or a journey, without having courage or industry to undertake it, and may honestly recommend to others, those attempts which he neglects himself.
--- Samuel Johnson
I think Mark Zuckerberg is sincere in his request. And I think his sincerity and thus his self-delusion is the far bigger, systemic problem.
It's not really news that in the USA, corporations claim for themselves rights attributed to a person while at the same denying the same rights to the actual persons.
President's time is limited, so it's better if just representatives of bigger groups of people call him directly.
I think we can say that in some sense Mark represents larger group of people.
When you accept the terms of agreement, you trade your data for the privilege of accessing and using the site.
Information doesn't become data until it's recorded through the use of a website. If privacy is an urgent concern for you, then why use Facebook in the first place? It's basically a public forum where you share things, creating data.
It's ridiculous (at least in this day and age) to think that Facebook would provide such an extensive service for free. You're going to pay for it with your data.
Whose user agreement governs the use of my data on Facebook?
Dittos for Google or other data aggregators who acquire data from elsewhere. And/or ignore the explicit stated preferences of users. And/or change the rules governing data use post-facto.
Not really no.
Facebook has been known for a while for building profiles of unregistered people and tracking them around.
Then people you know offline who are on facebook will rat tons of information about you all the time. People are just submitting personal information without a second thought.
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks.
Fair enough, but then at least with plugins like "disconnect" & friends it's opt-out. We really shouldn't have to do that, I agree, but that's the state of the web in 2014.
I wonder if the NSA complies with the "DO NOT TRACK" header.
<blockquote>
"When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government," Zuckerberg wrote
</blockquote>
Small correction: The US government ARE the criminals you need to protect against.
As usual, facebook PR is fallacious.
Naively pretending they don't know governments are historically often engaging in criminal activities to draw attention away from the fact facebook is a massive surveillance too, one that past political regimes could only dream about, which by some kind of magic should be acceptable on grounds that it is done by a private corporation for commercial profit.
Which reminds me of : what are the current realistic alternative to facebook as of today ? I'm thinking of some tech that would let me remain in control of the data i show to my friends.
There are such alternatives out there and you'll find it if you look for it but you shall not migrate to those service because your friends are not yet there. Everybody stays thinking the same.
You could try email, xmpp instant messaging, self-hosting your website, and so on. Maybe a secure p2p tool such as waste.
But one way or another the problem is usually the same, your friends are locked in by facebook and don't want to use something else to see what you want to show them.
I feel it's worth pointing out that Facebook won't lock you up without trial in a secret prison, torture you and violate every human right you have because of something you think.
There is a real difference between what Facebook does and what the US government does.
I feel it's worth pointing that facebook makes it easier to identify and locate people who end up in prison without trial and so on.
For a little while I've wandered into the business of finding the identity behind an online account and finding the physical whereabouts of said person for private companies and state police. It was in the pre- and early facebook era and it was sort of detective work, picking up details and clues, cross-referencing data, some wild guess and luck.
Then facebook grew to the monstrous thing it has become, and now these past employers do not require external contractors to do this kind of job, they just go to facebook and do the job themselves in little time.
>I feel it's worth pointing that facebook makes it easier to identify and locate people who end up in prison without trial and so on.
Can you identify one person that Facebook has identified who has wound up sentenced to prison without a trial? No? Didn't think so.
I'm not a defender of Facebook and have posted critically elsewhere in this comment thread about FB data-mining. But the grandparent post has it right: Facebook != the government. Facebook wants to show you ads to buy stuff you don't need. The government wants to arrest you, strip search you, and imprison you for smoking a plant it decreed is unlawful, or transferring a series of bits it decreed is unlawful.
60 comments
[ 4.0 ms ] story [ 119 ms ] threadMark only cares because the IC is, in a way, damaging his brand by plainly revealing the dangers of centralized services.
The hypocrisy is Facebook's repeatedly sneaky approach to "permissive" marketing. While Facebook will never have a gitmo or "enhanced interrogation program," that doesn't excuse their complete disdain for user's privacy such as actively tracking the movement of users across the web, for example, data they most definitely didn't volunteer.
Do you have more info on Facebook "datamining IM conversations?" We learned last year that Microsoft does this: http://www.h-online.com/security/news/item/Skype-with-care-M...
But I don't recall any evidence that Facebook does. Of course I may be misremembering, and I did write a piece for CNET (before leaving to found http://recent.io) titled "Facebook's outmoded Web crypto opens door to NSA spying": http://news.cnet.com/8301-13578_3-57591560-38/facebooks-outm...
There may be some technical questions we might like answers to (why do HTTP URLs apparently not get scanned; why does it only do a HEAD request), but the most obvious answer is that it's some detail of MS's anti-spam/phishing system.
With microsoft moving skype back from p2p to centralized server architecture doesn't hints at making spying on users more difficult.
From the H-Online.com article: A spokesman for the company confirmed that it scans messages to filter out spam and phishing websites. This explanation does not appear to fit the facts, however. Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched. Skype also sends head requests which merely fetches administrative information relating to the server. To check a site for spam or phishing, Skype would need to examine its content.
Sure, the post I am echoing is in reference to Facebook "scanning" messages and relationships for criminal activity[1], as well as the suit filed at the end of last year[2] alleging that Facebook datamines messages for URLs to use as part of its ad targeting data. We'll have to wait and see if these allegations are true and whether it implicates the company's constant decree with the FTC[3], but Facebook has already confirmed that it does in fact scan private messages for "anti-spam" purposes[4], even blocking links to thepiratebay iirc.
[1] http://www.reuters.com/article/2012/07/12/us-usa-internet-pr...
[2] http://dockets.justia.com/docket/california/candce/5:2013cv0...
[3] http://www.ftc.gov/news-events/press-releases/2011/11/facebo...
[4] http://nakedsecurity.sophos.com/2012/10/08/facebook-scans-pr...
Yet another reason to not use Facebook for chat or messages.
To be clear about address books: they are "yours", but they hold data that you may not have permission to give away.
Also, Facebook didn't ask me when my friends gave my phone number and address to them.
Zuckerberg has repeatedly shown a lot of moral flexibility on those issues - so the irony is definitely there.
Every website that you ever visited with a "like" button, even porn sites. They compiled all of that information about "you" via cookies they put on your computer.
Of course to some extent I would also argue this is where things get grey - in a practical sense, private individuals do not, and have never, existed in civil society. Civil society necessitates making parts of your life public.
Well that would be on you not Facebook.
They also cannot make a reasonable assumption that the agent giving away the data _has_ permission and is lying to them.
Yahoo, hotmail etc, they all used to scoop up contacts when users (willingly, just like they do with facebook) agreed to give them access in exchange for services rendered.
This is totally different from the government (a third party to either transaction) forcing Facebook to give them data (or stealing face book's data).
Also, facebook collects information about people who have never had a facebook account and who don't want one.
[1] the GCHQ cache was accessed less than a thousand times, for example. Google trawls my data many times a day.
Do they have that agreement with ISPs? Phones companies? Supermarkets with facial recognition software to track shopping habits?
Since a lot of this data tuff is about aggregation, entities sharing data can have a lot of consequences. If you have Facebook, Whatsapp & email data for a significant number of people, then you have a lot of data about people that aren't signed up to any of those.
I think trying to categorize data privacy issues into "users agreed to." is pedantic in a way that gets away from the reality of what is going on. The hacking vs just recording may have legal importance, but I don't think
I've said this before, the digitization & aggregations of so much data is a bigger world changing issue. The Snowden/wikileaks affairs are a strange double example. The US agencies have their data stolen and spread around because it's "data." This data is largely information about how they steal data. You can't keep your secrets from them and they have trouble keeping their secrets data from you.
"Voluntary" or "consensual" mean different things in different contexts.
On a bigger note - does it bother anyone that almost every privacy discussion has come to "who is lesser evil"? Kinda like politics ("we can't find a good candidate, so we are voting for the least bad candidate")
> Nothing is more unjust, however common, than to charge with hypocrisy him that expresses zeal for those virtues which he neglects to practice; since he may be sincerely convinced of the advantages of conquering his passions, without having yet obtained the victory, as a man may be confident of the advantages of a voyage, or a journey, without having courage or industry to undertake it, and may honestly recommend to others, those attempts which he neglects himself. --- Samuel Johnson
I think Mark Zuckerberg is sincere in his request. And I think his sincerity and thus his self-delusion is the far bigger, systemic problem.
Who? My guess would be Facebook employees and venture capitalists.
Information doesn't become data until it's recorded through the use of a website. If privacy is an urgent concern for you, then why use Facebook in the first place? It's basically a public forum where you share things, creating data.
It's ridiculous (at least in this day and age) to think that Facebook would provide such an extensive service for free. You're going to pay for it with your data.
I'm not a Facebook user.
Whose user agreement governs the use of my data on Facebook?
Dittos for Google or other data aggregators who acquire data from elsewhere. And/or ignore the explicit stated preferences of users. And/or change the rules governing data use post-facto.
Not those whose data are shadow-profile generated, or is provided by others.
Zuck: Yeah so if you ever need info about anyone at Harvard Zuck: Just ask. Zuck: I have over 4,000 emails, pictures, addresses, SNS [Redacted Friend's Name]: What? How'd you manage that one? Zuck: People just submitted it. Zuck: I don't know why. Zuck: They "trust me" Zuck: Dumb fucks.
I wonder if the NSA complies with the "DO NOT TRACK" header.
Small correction: The US government ARE the criminals you need to protect against.
But one way or another the problem is usually the same, your friends are locked in by facebook and don't want to use something else to see what you want to show them.
There is a real difference between what Facebook does and what the US government does.
For a little while I've wandered into the business of finding the identity behind an online account and finding the physical whereabouts of said person for private companies and state police. It was in the pre- and early facebook era and it was sort of detective work, picking up details and clues, cross-referencing data, some wild guess and luck. Then facebook grew to the monstrous thing it has become, and now these past employers do not require external contractors to do this kind of job, they just go to facebook and do the job themselves in little time.
Can you identify one person that Facebook has identified who has wound up sentenced to prison without a trial? No? Didn't think so.
I'm not a defender of Facebook and have posted critically elsewhere in this comment thread about FB data-mining. But the grandparent post has it right: Facebook != the government. Facebook wants to show you ads to buy stuff you don't need. The government wants to arrest you, strip search you, and imprison you for smoking a plant it decreed is unlawful, or transferring a series of bits it decreed is unlawful.