The bigger problem for me is how facebook tracks and identifies even people who do not have a facebook account. They simply infer such a person exists from photograps, contacts and other one sided activity and can start to track that person, tie all this information together and then target them with ads even though they never signed up for Facebook.
Such shadow profiles are a much larger problem to me than people who are happy to fork over their private lives themselves.
Nothing will change until the law cracks down on this. The people who work on these systems are smart enough to comprehend the wider consequences, but they do it anyway because money. Without significant external pressure, there will always be a long line of engineers willing to dial their cognitive dissonance up to 11 and build software that is clearly unethical in exchange for a fat paycheck.
In the EU the law just did crack down on this with the new EU Data Protection Directive[1]. The DPD covers not only EU based companies, but also any company that provides services for EU citizens in the EU (so, Facebook, LinkedIn etc. are covered by this..but also e.g. your little weather app).
The new DPD is strict compared to previous regulation, but there are two parts of the directive that a particularly interesting:
- The Data Portability concept: A company covered by the DPD is required to deliver to the user all data the company has on the user, in a standardised format. That means Facebook now has to hand out all your data (information, pics, likes, posts,...) for you to use freely - also in other services. I think this in effect means you own your data. I'm excited to see the effect of this one.
- The right to be forgotten: A company is required to delete all data they have on a user, if the user requests. Actually, if the user invokes this right, the company is not allowed make public, <b>store or process</b> any data related to the user.
From what I hear in discussions between american colleagues, american companies have no clue whats about to hit them. I know there is a mild panic here in Denmark, and the DPD is the most talked about subject in IT at the moment - and we've always been rather anal with the privacy stuff (e.g. cookie-law).
Edit: Oh, I forgot the fun part; this gets a lot of attention due to the sizes of the fines companies get for not adhering to the directive. Fines are up to EUR 20.000.000 or 4% of the company's global annual revenue, whichever is higher. Facebook made USD27.638.000.000 in 2016, so thats a fine of USD1.105.520.000 for not playing nice.
(I posted this in reply to another post, but seems relevant here too)
> The Data Portability concept: A company covered by the DPD is required to deliver to the user all data the company has on the user, in a standardised format. That means Facebook now has to hand out all your data (information, pics, likes, posts,...) for you to use freely - also in other services. I think this in effect means you own your data. I'm excited to see the effect of this one.
The problem here is that those companies use fingerprinting to collect data. This means that in theory they are not 100% sure who is the person they are collecting data from, but in practice they could be 99.99% sure. Still, this makes it impossible to hand out all this data, because there is still a 0.01% chance that the data does not belong to the person who requested it.
Not disagreeing, but I would certainly like some references if you could provide us any. In fact, it would be genuinely troubling if you cannot find any good sources. Here is why: this notion of fingerprinting seems to be an invention of the legal wing, to be brought out as a CYA when these requests were inevitably going to be demanded.
Time for some math:
Since it is only a 0.01% chance, it means you need 10000 discrete pieces of information collected on a single individual before there is a chance of error. If a company indeed has that many pieces of information on you, you first of all need to know that for a fact.
There is a chance the company will counter that this is aggregated probability, as in, with an uneven distribution of errors. If it is indeed aggregated probability, the companies which advertise on these platforms need to demand their money back because for all you known, none of the folks they are targeting are actually correct fits for their ads. Fingerprinting puts the burden of proof on the shoulders of the company that they are indeed allowing advertisers to target the audience they want. How can they be so sure if the errors are unevenly distributed?
In any case, everyone should demand the information anyway, and let us start using this fingerprinting theory as an excellent opportunity to get deeper into the practices of these companies.
Moral: of, relating to, or concerned with the principles or rules of right conduct or the distinction between right and wrong
I think it is "clearly wrong" that Facebook creates shadow profiles, because it is violating the freedom of people who have not signed up for their service, in the same way that it is clearly wrong for me to take away your favorite pet for ritualistic sacrifice against your wishes, even if "everyone" in the community agrees that it has been a consistently effective method for pleasing the Gods.
Of course, you know these analogies are tenuous, and you will eventually go into very precise definitions of words (or worse, you will actually start taking my pet sacrifice analogy and dissecting it). Perhaps you could tell us about something you think is clearly unethical, and we will try and draw the connection for you.
I doubt that he doesn't understand what "unethical" means. The question is how does what Facebook is doing qualify? You've said it is because it violates the freedom of people Facebook is making inferences about who are not users of Facebook's services.
That just shifts the question to how does it violate their freedom? That is not at all obvious to me. (NOTE: this does not mean that I'm saying it is OK...just that I don't see how it is a freedom violation).
My computer desk at home is near a large window, which I often look out while I am using the computer. From this window I can see people from my street walking dogs. I can see kids going to and from school. I see cars coming and going. My street is a dead end street about 1 km long, and I'm about 200 meters in. The street bends a little way past my place, so the last 700 meters or so are not visible from my place.
By casually observing people walk by, I've gathered data to make several inferences about people who live beyond the bend. I've figured out when some people are having house guests (by seeing people I've never seen before walking dogs that I recognize).
I've inferred sibling relationships among some of the children who walk by (by noticing dress and equipment patterns that clearly indicate that the same person is shopping for both).
I've figured out what kind of cars the parents of the some of the children drive (by seeing those cars stop when passing the children on the way home, and the children getting in, or seeing a strong correlation between days when particular children who walked by to school in the morning do not walk by in the afternoon and days when particular cars drive by in the afternoon).
Am I violating these people's freedom by making these inferences from what I see out my window?
If not, what is the fundamental difference between what I'm doing by observing people that walk or drive by on my street and what Facebook does by observing what its users do on its site?
You would be more like Facebook, if you 1) would publish your observations or otherwise provide it to third parties 2) sit at nearly all streets all the time, e.g., observing whatever those house guests are up to the rest of their time.
Imagine, you share your observations with, say, a PI who was hired by a paranoid spouse or by someone's employer.
Facebook is like a vast and far reaching network of nosy neighbours of whom you do not know who they are chatty with. Maybe someone who likes to jump to conclusions?
Answer is, that its not clear cut. What is the difference between a private investigator (working for a single party) and the government investigator (working for the city, state or federal level)?
I would think, that advertising in the local press or, having a sign outside the window to the effect that you were able to sell personal and assumed to be private information about the people who lived in the street would provoke an unpleasant reaction.
Doing something purely for your own benefit that you know will cause significant distress to others is sociopathy I think. Perhaps 'unethical' is the wrong word. 'antisocial' definitely covers it though it might not be strong enough.
I used the private investigator here as a middleman, a third party. Just like law enforcement or a data broker would be. My concern (in this argument) is less that of the ethics of each single act, but rather the consequences of setting up such a service. You don't know what you are enabling.
Imagine a gentleman decides to follow you for the rest of your life. He is always wihtin a distance but when you leave your home, there he is and see you him with his pen and paper recording your every move. You get it you car, he gets in his and follows. You stop by your lover's home. There he is the back recording. You go pick your child, save. You go to the grocery store, there he is recording again. So on and so forth.
Would you say there is absolutely nothing wrong with this?
> If not, what is the fundamental difference between what I'm doing by observing people that walk or drive by on my street and what Facebook does by observing what its users do on its site?
The expectation of privacy. The window analogy may seem very clear to you, but a lot of people see Facebook as a sort of postal service carrying their enveloped messages to their friends, and they have to trawl through a pretty large document of legalese to find out how it isn't. Facebook is more like one-way mirrored glass.
Not OP, but I think the fundamental difference is that you are, presumably, not selling everything you know to potential stalkers that wish to know everything about the people you mentioned.
It's not just that. GP's analogy would only make sense if one of your neighbors was a superintelligent alien whose larger motives are hidden from you, whose livelihood lies in having an intimate understanding of your psychology and how to manipulate you, and who never misses any detail or forgets anything. Ever. It's fucking creepy.
I can't claim it's wrong because I'm not a good ethicist. But I can say anecdotally that I feel upset and disgusted by the idea that even though I don't have Facebook, they may have a dossier on me. Simply because friends use my name or share photos including me.
It's upsetting because I don't know what I can do about it. How do I protect my privacy in this world? Do I stop having friends? Do I wear a mask everywhere?
It's like finding out that the Stasi had an extensive file on you, even though you never travelled to the GDR or were an interesting target. The only connection is that friend of your's who once visited their uncle on the other side.
The difference is, the GDR is gone and none of this has any consequences anymore. However, the consequences of Facebook et al. are yet to be seen.
> I can't claim it's wrong because I'm not a good ethicist.
Even the best ethics expert in the world would just be one who knows how to describe a bunch of ethical systems and ideas that exist currently and historically. Other than that, they can help you exactly zilch with such decisions. I'm not a psychologist, but I'll claim if it makes you feel upset and disgusted, that means you did decide you consider it wrong. And if it helps, I agree.
As for how to change things, well, ask the EFF for example? There's things you can do which, apart from being a real help, also help you with the dread of this free floating vague blob of worries that you sometimes look at but as you said feel you can't do anything about.
One thing you can always do, is that not giving in. It just takes one person to prove the claim that everybody accepts or wants X wrong. When being that person seems scary, personally, when looking around, I'm not convinced at all that the people who fight no or trivial battles are less scared. It's not actually safer on the side of thugs, generally speaking, and life isn't more fun at mindless parties either, only those who don't have the comparison would think that. I'd rather say that's all built on sand, on holes that have to be temporarily filled with more and more material.
So keep on hanging on, because there might come a point where you feel less upset, more grounded, and the people who drift along will become more and more confused. Real things can hurt, sometimes badly, but real things also have longevity, they bring their own means and nutrients for growth.
At least, that's how I answer these questions for myself, that's how it ended up working out, and while I know that can't be generalized, sometimes it does get darkest before dawn. Don't let it drag you down (Sophie Scholl's outlook = best outlook).. but what you can shoulder, do shoulder. The only way out really is through, ultimately.
If worst comes to worst, don't get crushed when the screeching narcissism machine attempting to eat the planet drives itself and billions of people against the wall and implodes. Easier said than done, but change will come one way or the other. I'm not convinced it would leave spots of unscorched Earth, but that hope dies last, anyway.
Well, your moral principles are very different from mine. I don't feel like I (or the state) should have a say about what goes on inside of Facebook's servers, they can do whatever they want with the information they have as long as the don't use coercion (to me, freedom is the lack of coercion).
That said, I do believe that there's a practical problem, but it's us that must try to solve it, we must educate people, we must ask our friends not to post our photos or personal info on social media, etc.
> they can do whatever they want with the information they have
What if they decide to publish online your computed profile? Maybe they know you better than yourself.
> as long as the don't use coercion
Isn't influence or suggestion a kind of coercion? Why do you think they spend so much resources on profiling everyone?
> That said, I do believe that there's a practical problem, but it's us that must try to solve it, we must educate people
My country used to have over 6000 people killed on roads out of about 60M people. The state tried to "educate" people about not driving while drunk, not driving fast, using seat belts, etc. But in the end, what actually worked was more policemen on the roads.
You say freedom is the lack of coercion but you fail to realize that you are coerced into being part of FB, and your only opt-out is drastic measures like using a blocker.
FB probably has more intelligence capabilities about mere people than any past or present intelligence agency of any country ever had. That raises a lot of questions, the first of them being to make sure that they don't use it against people.
I'm not being coerced to use Facebook, there's not threat of physical violence involved. I choose to use the web, if some site has fb trackers I can disable cookies, I can disable JS, I can do whatever I want with my computer in order to not give them my info.
Yes, there is influence, and I would certainly prefer it to no be like that, but freedom of people to use a lousy service as fb is still freedom, and freedom is more important than my feelings.
The state is the collective will of a relatively small group of people with money and power. Most people have no influence at all. That's how it always has been. I think the only way to maximize freedom is to support small, local governments.
According to Max Weber, Something is "a 'state' if and insofar as its administrative staff successfully upholds a claim on the 'monopoly of the legitimate use of physical force'. I am not part of the state, the state is the president, the congressmen, the taxman, but not "us".
> because it is violating the freedom of people who have not signed up for their service
That's your interpretation of their reasoning, Facebook's interpretation could assume that they haven't signed up for service yet.
Also, how exactly is their freedom violated? Let's say they could do a certain set of actions on a given day prior to Facebook violation. So if a government violated their freedom (e.g. by putting them under house arrest), a certain subset of those actions, like walking to a store or a park, would be impeded.
What would be an example of actions that would be impeded by Facebook's violation?
The law will not crack down on this. The politicians stand to gain too much. See The Dictator's Handbook (which is as relevant to democrats as autocrats).
That said, I'm personally certain the laws will evolve rapidly in a favorable manner. Privacy issues resulting from Facebook/Google and co are becoming increasingly unacceptable for the society.
I was referring to the one by Mesquita, but because my brother, an attorney, recommended it, not because of a GCP grey video. Perhaps you meant "I think it's because..."?
The thought that Mark Zuckerberg might one day run for president, and actually have a chance, is absolutely terrifying to me. If this happens, kiss the concept of personal privacy goodbye forever.
I've just finished that and second the recommendation - while the ideas have been around for a while, the presentation of them in that book is outstanding.
I think it is more likely that the market corrects this well before the law. How much longer can the status-quo of online advertising remain intact? Do these targeted ad's really work? There is a ton of time and talent being poured into hyper-advanced targeted advertising systems, how long can this be sustained?
We're talking about a monopoly and you think market forces have any fundamental effect here? The data exists. Facebook is not going to abandon this trough just because they can't monetize it right away.
Buyers have access to a detailed audit trail of their ads and campaign activities. They see where ads they bought ran, the number of people who were able to see their ads, and clicks and other interactions with their ads.
If "these ads are working" is defined as "these ads are accomplishing what they were intended to when purchased," peoples' spend is founded more in data than belief.
Buyers have access to ~2BN people and tools to target them by age, interest, and geography -- much of that demographic and psychographic data is explicitly and freely given by those people themselves; tons more are derived and inferred. Buyers repeat their buys because these ads accomplish what they intended at purchase -- they can effectively drive traffic or commerce or whatever else.
This real power to generate revenue makes the issues around privacy, security, transparency, awareness, responsibility, ethics, laws, oversight more important than if it was created by ignorant beliefs. The latter would be temporary; the former generally strengthens as more data gets into the system.
Every so often there is a post that makes it to the top of HN about how Facebook ads aren't worth the money at all. And that other ads aren't much better. Marketing departments are completely insane (look at the leaked pepsi logo manual) and exist only to continue their own existence. Many corporations don't even bother to test their ad campaigns to make sure they are effective.
The fact that people buy ads is not at all evidence that they are effective.
So facebook finally has a massive income ? How did they manage to turn the tables around ? Last time I heard of them they were having a very hard time making more than pocket change and almost all the revenue was limited to the US.
They were steadily losing users in the very significant 13-17 years demographic, had a CTR one fifth of the rest of the web. Several reports of brands quitting facebook or advertising on facebook because it is expensive and does not seem to be effective on a background of unstable rules and "quirky" system with some overcharging and ads not displayed.
Facebook built itself on investor story time, with promises of better targeted ads in the future, and up to now is still selling the idea that at some point in the future it will succeed at this. It has yet to deliver on this promise in a consistent way.
"...are smart enough to comprehend the wider consequences"
Smart is not wise. Just complicate what you think people would hesitate to do, and they will get fooled into dong it. Especially if it challenges their intelligence (e.g. algorithms).
People don't seem to realise the ecological harm (privacy wise) in using those services. They don't realise that by using those services, they not only harm their own privacy (which is their to shed), but also other's.
The sentence "I have nothing to hide" that often gets thrown about has two problems. The first is obvious: whoever says it most probably do have something to hide, and are not quite realising it. The second is much more insidious: it frames the debate individualistically. This is a common flaw in our western societies —see for instance copyright debates talking about one artist and one consumer or pirate.
People should realise, as you did, that it is not just about them. I would go even further: using Facebook is not just a personal choice. It's a political one, that affects all around you.
Last year for instance, I was forced to use Facebook by friends from my orchestra. I reluctantly set up an account, and kept up for a while. Then I turn off email notifications because they were so annoying. Then I learned, several times, of decisions or events that were discussed only on Facebook, (without my knowledge since I hardly logged in). When they clued in on my ignorance, they said "but I sent the mail" (no you didn't).
(I have since "deleted" my account. I won't use that crap ever again)
The choice is often between giving up your privacy on Facebook, and being ostracised by such and such group of friends. Disgusting.
And how are they hitting that person with a tracking pixel and associating it with the pseudo-account?
It's still creepy, but it's likely more about determining knowledge of the friend graph (i.e. suggesting 2nd degree friends via a connecting pseudo-account) than about ad targeting.
Though yes, as soon as that pseudo-account could be tied to an actual account, Facebook could use passively gathered info to target you.
The creepiest part about Facebook is the sheer volume of facial data paired with social connection data. With access to that, even if you have never been online in your entire life, there's a good chance I could take your driver's license photo and know who you associate with.
> And how are they hitting that person with a tracking pixel and associating it with the pseudo-account?
That's the easy part. There are companies that specialize in this sort of thing, as well as in merging profiles from several devices (pc, tablet, smartphone), you can bet that if two-bit advertising technology companies know about these tricks that Facebook does too, and they probably know a trick or two that has not become mainstream yet.
If you want an explicit explanation of how such a link could be made it's a hard choice: too many possibilities.
I've done technical due diligence on about 10 advertising technology companies, node identification in a graph gets easier through two things:
- more known nodes in the graph (Facebook has many)
- more activity by the unknown node (just wait and track)
Sooner or later there is a moment where just for an instant that node can be strongly associated with a real world ID, for instance, a contact in someone's address book, a tag in a photograph and some shared online activity or something as simple as a phone call. At that point it is game over, the contact can now be associated with the device ID on the other side for instance through some running app.
Apropos games, many games monetize by embedding a library supplied by an advertising technology company that wishes to gain access to devices without waiting for the user to visit a website. These libraries leak information all over the net.
Is one example by FB, there are many more and some of those require permissions that make no sense at first sight until you realize what is happening under water. If you ever wondered why some shitty game requires access to your contacts, location and other interesting bits of data this is it.
It is very hard to stay off the radar of the likes of Google and Facebook, I have a pretty good idea of how this stuff works in the background and I have no clue how I could not leak enough bits for those two companies to tie my online activity to my real world identity in a single profile.
With the new EU Data Protection Directive[1], I think they do, since the DPD covers not only EU based companies, but also any company that provides services for EU citizens in the EU (so, Facebook, LinkedIn etc. are covered by this..but also e.g. your little weather app).
The new DPD is very strict, but there are two parts of the directive that a particularly interesting:
- The Data Portability concept: A company covered by the DPD is required to deliver to the user all data the company has on the user, in a standardised format. That means Facebook now has to hand out all your data (information, pics, likes, posts,...) for you to use freely - also in other services. I think this in effect means you own your data. I'm excited to see the effect of this one.
- The right to be forgotten: A company is required to delete all data they have on a user, if the user requests. Actually, if the user invokes this right, the company is not allowed make public, <b>store or process</b> any data related to the user.
From what I hear in discussions between american colleagues, american companies have no clue whats about to hit them. I know there is a mild panic here in Denmark, and the DPD is the most talked about subject in IT at the moment - and we've always been rather anal with the privacy stuff (e.g. cookie-law).
Edit: Oh, I forgot the fun part; this gets a lot of attention due to the sizes of the fines companies get for not adhering to the directive. Fines are up to EUR 20.000.000 or 4% of the company's global annual revenue, whichever is higher. Facebook made USD27.638.000.000 in 2016, so thats a fine of USD1.105.520.000 for not playing nice.
I foresee a long drawn out nasty international legal fight about this. In the same way the EU authorities have been very weak dealing with the car companies and emissions e.g. dieselgate, the US authorities refuse to see the problem with privacy and data. The governments are going to blame each other for stifling competition (companies from their country) etc.
I think the practices of online tracking joined up with offline tracking, as Google is now doing is going to be forbidden unless you consent.
This was exactly my point a while back. That the default option should be to get explicit permission for each piece of data you collect AND infer, even if the inference is being done in situ as the code executes (otherwise it will become another out clause). Of course, the geeks who get all delirious by seeing a mountain of data to analyze would not want that kind of friction in the process.
I wonder what would happen if someone would spend the time to completely dissect and reverse engineer exactly how lookalike profiles are being generated. My guess is that it will expose data collection practices which will confirm our worst fears.
The safe harbor agreement allowing EU citizens' data to be sent to the US was invalidated by the European Court of Justice and hastily replaced by the EU-US privacy shield which is effective since february 2017 and is already under attack and possibly on the way out while trump took a strong stance to not give any privacy to non-US citizens.
Then there is the secret negotiation of TAFTA where the US wants to siphon data without providing privacy and Germany refuses to let TAFTA go on until there are adequate privacy measures.
So yeah, this battle has been an ongoing one for years now.
By law you should but it will be an uphill battle.
Technically each and every advertising agency that creates a profile on you, gives you a cookie and stores your IP address is in violation of the law. (IP addresses count as PII, Personally Identifiable Information).
I don't see the legal hammer coming down on the advertising industry (of which Facebook and Google are the major players) any time soon if ever.
>IP addresses count as PII, Personally Identifiable Information.
One way hashed (that can't be rainbow tabled) are not however PII afaik however, so it's quite easy to turn an IP address into a "net location ID" or something similar that can't be tracked back to a physical IP for analytics.
If you're going to add a unique salt every operation you just destroyed the value of that IP address for tracking purposes. Which was the whole point of the discussion to begin with. By your scheme you might as well store a random number. So, either you store the IP in such a way that you can later re-associate a new call with the previous IP or you might as well not have it.
> However at that point surely you just add a salt?
How would that work? You'd have to use the same salt for every IP (which completely negates any benefit of the salt), otherwise how do you know that bcrypt(salt_1, IP_1), which you stored in your database yesterday, refers to the same IP as bcrypt(salt_2, IP_1) that you stored a month ago?
It's enumeration through 32 bits of 0-4294967295. There are only so much IPv4 addresses.
If you add a salt, then that "net location ID" becomes of very limited use. You won't be able to grep through the logs for request from specific IP, you won't be able to tell how many distinct IPs are accessing your services, etc etc. The only use I can see is keeping it in the session to check if IP address had changed, as a security measure.
In principle yes, in practice Facebook does not follow the EU laws. For example, they are required to provide you with all the data they hold about you. I requested this data (shadow profile) from them multiple times, they never responded. The next step would be to contact the Irish authorities responsible for overseeing FB, but from what I read they don't process complaints against FB, and the next place would be some EU court to force them to do their job.
Facebook sometimes submit to European laws. Facebook turned off their facial recognition after Germany made it illegal, registered used data has been made available for download among a few other cases.
Recently Facebook got fined 110 millions by France for lying to antitrust regulators during the vetting of the whatsapp deal, a few days before it got fined the maximum of 150k euros for repeated infringement to local privacy laws (maximum has since been raised to a percentage of the worlwide revenue) and a few days later it got a 3 millions fine in Italy for a similar privacy offense.
I'm not sure shadow profiles are covered by the legal obligation as facebook never acknowledged the existence of those for they are illegal in the EU.
Mentioned shadow profiles and some other of their shady practices to an acquaintance recently, he uses fb and wanted to stay in touch using it. He chose not to listen to my critique of fb calling me a "tinfoil hat" (whatever that even means).
An easy disarm is "You are confusing privacy with secrecy. It is no secret what happens in the bathroom. It doesn't mean we are going to remove the doors because people still want privacy"
There are ways to counter this. For example, it can be said that Facebook isn't your bathroom. (Yes, this isn't exactly solid argument, sure.)
Still, I'm absolutely sure it's best to keep private stuff to oneself, and parties you trust. With understanding of full consequences of doing so. If one trusts Facebook, they'd better think why do they do so, as their trust may be misplaced.
I think one of problems is that when users post data they don't even think they send it to Facebook - they believe they send it to their friends there.
"great, I'll put up a camera so I can watch even when we're not together! I'll share the vids on your FB wall, in case our other friends also want to see"
I've been thinking about this. Having to prevent being observed is not without cost and many time is inconvenience and annoying. Why do I even need the door closed in the first place ? Because other people will I think I'm weird ? Is it cultural thing? Why do I have to feel embarrassed/ashamed when people see me in the bathroom ? What if as the society changes to become more open, the more people leave the door open, the more it become the norm, then I don't even need to care anymore whether the door is open or close when I'm using the bathroom.
Ha - if anybody says that, ask them if they can kindly lend you their phone for a few minutes, so you can browse through their photo gallery, browser history and emails.
"Oooh! How much do you make? How many sexual partners have you had? Have you ever cheated on any of your partners? Ever had an STD? Whom do you secretly dislike even though you don't show it? I've never met someone with nothing to hide before, this is so exciting!"
Calling someone a tinfoil hatter is a way for someone to dismiss your argument without them actually having to think about something that makes them uncomfortable.
No idea, any evidence that Google uses email content do generate external profiles (vs. the user who received the message)?
If I write "Leroy Jenkins likes rushing" in an email, does Google create a persona called Leroy Jenkins, assigns a quality "likes rushing" to it and tries to match it to other data?
I always heard that user data is firewalled by default inside Google (PII data from one user isn't used on other users, unless explicitly shared).
Even on Photos Google seems to only allow you to appear as a suggestion on your contact's photos after you explicitly opt-in and explicitly selecting "which one is your face":
They can build up a graph and they'll see your emails when sent to a gmail recipient or from a gmail originator to you.
With a very large fraction of all email now passing through Google's servers you can expect them to be able to piece together the missing bits with high fidelity.
How come we have clowns getting elected, terrorism and financial meltdowns then? There are so many interesting things one can do with this power beyond monitoring what the plebs are upto. No great evidence exists that the power is being used despite the data and computing power having existed for 15 years now.
It can be used in many ways that do not stop clowns from being elected, from terrorists to be able to carry out their act and to protect you against financial meltdowns.
The clowns are being elected by the voters, not by companies, terrorists will always be able to do their deeds in an open society, if some fail just throw more bodies at the problem, and financial meltdowns can be prevented by banking oversight (and a lot of that oversight just got canceled by the stroke of some clowns pen so you can brace for the next round in ~5 to 10 years from now).
One small difference is that the activity on GMail or large email providers is generally two-way and it becomes clear when you understand that clicking "Send" sends your mail away to be stored in GMail forever unlike where photos somebody would be taking with their friends are not aware if it is put in Facebook or similar social places.
That isn't true. Many domains are routed through Gmail where you have absolutely no way of knowing up front that you are going to be sending that mail through Google. It looks like any other email address on a private server.
> Does Google use my organization’s data in G Suite services or Cloud Platform for advertising purposes?
> No. There are no ads in G Suite Services or Google Cloud Platform, and we have no plans to change this in the future. We do not scan for advertising purposes in Gmail or other G Suite services. Google does not collect or use data in G Suite services for advertising purposes.
> We do not scan for advertising purposes in Gmail or other G Suite services. Google does not collect or use data in G Suite services for advertising purposes.
You could drive several trucks sideways through the holes in that statement.
How about generating a "lifestyle profile" (or psych profile).
They could sell that to a third party, then buy back the profile compounded with other third parties's data to use for advertising. Bonus points if Alphabet (aka Google) control all the companies involved.
Right, what's the last time you checked the recipients domain MX record before sending an email?
That's just nonsense, nobody does this, people just send mail through some client and never ever check MX records by hand unless they are trying to debug some kind of problem, in fact, the vast majority of people have no clue that something like an MX record even exists. To them email is roughly equivalent to magic.
Perhaps its just the ex-sysadmin in me, but I've done it pretty frequently over the years. Pop open a terminal, host -t mx example.com, done. Mostly I do this when I think there's any chance that my email will get routed to a server in China (pipe the result of the host query through nslookup and eventually to a whois against ARIN to see whether the IP is allocated by APNIC), since I'd prefer to avoid that.
I get that it's not common or simple, but "absolutely no way" doesn't mean absolutely no way that's common and simple. It's doable and, if you want to avoid it, there's plenty of ways to ensure that you never send directly to a Google server.
That's your problem right there. The general population has no way of knowing this, you do, but that's only because of your professional background.
So, for lay people there is absolutely no way and that's the vast majority of them, for us internet techies there are ways but they are moderately involved and too impractical for everyday use. And even then, you've established that you will send your email through google, what are you going to do now? Ah yes, send it anyway.
you basically hit the nail on the head. And if Obama did nothing about it, you can sure expect Trump to follow suit with inaction as well. The consumer's only hope here is the EU.
Sometimes they do the right thing but I most certainly wouldn't bank on it! If we want change there has to be grass roots movements I think. If tech people would find a way to use word of mouth to convince people not to use FB then FB would collapse. Something along the lines of "Won't somebody please think of the children!" might do the trick ;)
That's actually why I gave up on avoiding it (after leaving my fb account dormant for ~5 years). If I'm being tracked anyway I might as well enjoy the social benefits of the platform, which are not insignificant.
FB absolutely knows more about me than any individual person at this point. I've decided, for good or ill, to accept that and leverage it; rather than feeling upset about my inability to enforce a right to privacy, I've decided it's more important that I should be able to enjoy being myself rather than having to hide everything. If powerful forces wish to abuse that, they can, but I'm happy to have that moral argument.
There is no way I will go down that route. That's defeat and it simply will not happen with me being an enabler. If that means I'll miss out on the occasional party then so be it.
How is that defeat? I have no desire to waste my precious time in an unwinnable arms race. My freedom of action and self-expression are my primary operational need, and I don't want to spend my life creeping around trying to conceal every fact about myself that might be employed as an attack vector. That's not liberty.
Don't you get it? It's not just about you. It's about all around you.
When you're using Facebook, you are doing 2 things: first, you reveal the personal information of everyone around you (bit by bit, each time you reveal your personal information). Second, you strengthen the network effect that incite, sometimes even force people to cave in, use Facebook themselves, and thus reveal their private information.
You don't know it, but using Facebook is not just a personal choice. It's a political choice.
Who are these people around me whose information I'm revealing, pray tell?
You don't know it, but using Facebook is not just a personal choice. It's a political choice.
I do know that, I don't know why you would think otherwise. Whether you understand my political motives is another question, though it's clear you don't agree with them.
I assumed your self-centred argument (your freedom, your needs…) stemmed from an oversight. I assumed you didn't know, or consider, the effect you have on others by using Facebook (specifically, giving up information about them, and strengthening the network effects that sometimes force people to use Facebook even if they don't want to).
But now you're telling me you're aware of these issues… I don't want to assume, but you sure look like an egotistical bastard at this point. Or a cynic. I'm not sure which is worse.
> But now you're telling me you're aware of these issues… I don't want to assume, but you sure look like an egotistical bastard at this point. Or a cynic. I'm not sure which is worse.
That seems a bit extreme... The effect on others is pretty minimal, what is so bad about using Facebook just because you like it, despite the small side effects on others? So your saying that anyone who uses Facebook after hearing about shadow accounts is a 'egotistical bastard'?
Depends on the expected magnitude of the effect. If small enough, you're still good. There are also ways to mitigate those effects, such as lurking only, never tag anything, use the "like" wisely…
It's not just about shadow accounts, by the way. There are more direct effects. For instance I was once forced to set up an account for logistic reasons (they used Facebook extensively, if not exclusively). Worse, when I tell them I didn't got some news (because I didn't check that account very often, and I turned off the very annoying notifications), they say "but I sent the mail" (they only used Facebook). I have since "deleted" my account, good riddance.
So, the effect on me was direct and significant. Depending on how you use Facebook, you can have a similar effect. The worst you can do is set up events and invitations on Facebook only, forcing your friends to either use Facebook, or drift apart.
But I'm under no obligation to limit my own utility so as to maximize the pool of people who are not on FB so that your digital footprint is proportionately more shallow, Jacques.
Suppose, in any case, that I persuaded my valued social circle (perhaps 10 intimates, 40 casual friends, 150 acquaintances) to move off FB to some other platform. This is unlikely as I'm not the only or most important reason reason they're on FB, but anyway: what would be different? OK, there would be less commercial exploitation of our information, but that doesn't seem like your primary concern. The NSA would, doubtless, still be vacuuming up our conversations just as the NSA vacuums up all the discussions we have here, and can easily cross reference our HN handles with our more detailed and specific identities on other platforms. I could posit a secure platform where everything was encrypted and all interpersonal communications metadata on said platform was cryptographically obscured, but then we'd have 200 going to the same site every day, presumably to communicate with each other in secret. That in itself would be of interest to intelligence gatherers, and how difficult would it be to social engineer oneself into a group of 200 people? Not very, and once inside one has most of the access one needs already because otherwise where is the utility?
I can't help feeling that you're arguing for a very highly highly elaborated version of security through obscurity. I prefer the security of knowing that if anything happens to me it will upset enough people to have negative ramifications for my antagonist. I find the conceit that we can have a situation where private actors enjoy all the benefits of instantaneous and frictionless communication but government actors are enjoined from participating even at the user level by virtue of the political authority they wield neither theoretically nor practically sensible.
> OK, there would be less commercial exploitation of our information, but that doesn't seem like your primary concern.
I wouldn't be so sure. Ads make money for a reason. I'm not sure I want giant corporations to play tricks with my mind so I by their products.
> we'd have 200 going to the same site every day, presumably to communicate with each other in secret.
If all communications were end-to-end encrypted, it wouldn't even look suspicious.
> how difficult would it be to social engineer oneself into a group of 200 people? Not very, and once inside one has most of the access one needs already because otherwise where is the utility?
Consider the costs and the scale. Unencrypted conversations can be archived and indexed at negligible cost. This is what enables mass surveillance. Social engineering however requires that an agent spends time on it. This is expensive, and thus only enables targeted surveillance.
I don't use Facebook either, and I've suffered for it, but I find your analysis here both overly simplistic and hampered by an obsolete framework.
With a billion daily active users, the problem is well beyond the individual human scale. Facebook lives, in its own right. If those users were cells, Facebook would be an organism of quite respectable size. There's only one action I can see, on the part of the individual, that poses a credible risk to the health of the whole.
Find a way to give Facebook cancer, and we can talk about individual actions affecting the problem as a whole. Until then, I don't see what it helps to throw around ultimata, especially ones like yours which in the past have embodied a significant threat of politically motivated violence - not, to be sure, something of which I accuse you, but connotations do matter, and those in particular are not conducive to worthwhile discussion in any way I can see.
I agree with this. Google and FB are semi conscious artificial intelligences. I further doubt that the chief executives or technologists at either firm enjoy direct conversation with said entities - they can communicate with them, but only in the crude reflexive manner of a doctor hitting your knee with a hammer.
I don't think they are conscious, i.e. self-aware, at even a minimal level; it's a human conceit to imagine that such awareness is other than orthogonal to intelligence. And even as intelligence goes, I should have to think theirs, whatever there is of it, is akin to that of an ant colony, rather than anything more like we'd recognize as resembling our own selves - and even that is really something of a philosophical point.
In any case, I'm less interested in parsing details of precisely which speculative definitions of artificial intelligence Facebook taken as a whole might satisfy, than taking the view (if perhaps only for the sake of this argument) that it does certainly satisfy at least some definitions of life based on its behavior, in particular its evident tropisms toward growth and self-preservation, for which no particular intelligence is even necessary - kudzu need not be intelligent to be a pestilential and highly effective thief of the resources required for a proper ecology to thrive.
Such shadow profiles are a much larger problem to me than people who are happy to fork over their private lives themselves.