Study Shows Facebook's Still Miles Away From Taking Privacy, Transparency Seriously
from the ill-communication dept
If the entire Cambridge Analytica scandal didn’t make that clear enough, Facebook keeps doubling down on behaviors that highlight how security and privacy routinely play second fiddle to user data monetization. Like the VPN service Facebook pitches users as a privacy and security solution, but is actually used to track online user behavior when they wander away from Facebook to other platforms. Or that time Facebook implemented two-factor authentication, only to use your provided (and purportedly private) number to spam users (a problem Facebook stated was an inadvertent bug).
This week, a new report highlighted how Facebook is letting advertisers market to Facebook users by using contact information collected in surprising ways that aren’t entirely clear to the end user, and, according to Facebook, aren’t supposed to work. That includes not only private two-factor authentication contact info users assume to be private, but data harvested from other users about you (like secondary e-mail addresses and phone numbers not directly provided to Facebook). The findings come via a new report (pdf) by Northeastern University’s Giridhari Venkatadri, Alan Mislove, and Piotr Sapiezynski and Princeton University’s Elena Lucherini.
In it, the researchers highlight how much of the personally identifying information (PII) data collected by Facebook still isn’t really explained by Facebook outside of painfully generic statements. This data in turn can be used to target you specifically with ads, and there’s virtually no transparency on Facebook’s part in terms of letting users see how this data is being used, or providing fully operational opt out systems:
“Worse, we found no privacy settings that directly let a user view or control which PII is used for advertising; indeed, we found that Facebook was using the above PII for advertising even if our control account user had set the existing PII-related privacy settings on to their most private configurations. Finally, some of these phone numbers that were usable to target users with did not even appear in Facebook?s ?Access Your Data? feature that allows users to download a copy of all of their Facebook data as a ZIP file.
Again, this includes the use of two-factor authentication (2FA) credentials that Facebook has previously stated aren’t supposed to be used for marketing purposes. It’s something that Facebook has repeatedly claimed doesn’t happen:
“Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it.
User efforts to glean more transparency from Facebook haven’t fared well either, even in the UK where the GDPR was supposed to have put an end to this kind of cavalier treatment of user data:
“I?ve been trying to get Facebook to disclose shadow contact information to users for almost a year now. But it has even refused to disclose these shadow details to users in Europe, where privacy law is stronger and explicitly requires companies to tell users what data it has on them. A UK resident named Rob Blackie has been asking Facebook to hand over his shadow contact information for months, but Facebook told him it?s part of ?confidential? algorithms, and ?we are not in a position to provide you the precise details of our algorithms.”
And again, this is a company in the wake of several major privacy scandals, attempting to avoid heavy-handed privacy regulations on both the state and federal level, making you wonder what it looks like when Facebook truly doesn’t give a damn.
Filed Under: ad targeting, privacy, targeting, transparency, two factor authentication
Companies: facebook
Comments on “Study Shows Facebook's Still Miles Away From Taking Privacy, Transparency Seriously”
Techdirt's usual whining, not even token call to BREAK IT UP.
Because part of the surveillance / propaganda state, as is GOOGLE, which Fascism masnicks promote, Facebook will NEVER face anti-trust.
Facebook’s New Propaganda Partners
https://fair.org/home/facebooks-new-propaganda-partners/
Oh, I know: it’s not a "monopoly" so don’t worry about it! Sheesh! But what’s even the basis of this piece if not that any ordinary person believes Facebook has too much power and is indifferent to the wishes of users?
If don’t call for curative action, then don’t bother to complain. — And we KNOW after 20 years of shilling that Techdirt is NOT going to advocate any measures that’d reduce corporate profits or power. This piece is more "proof" that Techdirt criticizes corporations, but since NEVER has any hint of action, is mere clickbait.
Re: Techdirt's usual high quality work
The article was on point and well written.
And I don’t see you actually disputing the content of the article – only lamenting the lack of your own agenda being included.
Please point us to your website so we can see your articles on this topic.
Re: Homework: Substantiate your claims
Because part of the surveillance / propaganda state, as is GOOGLE, which Fascism masnicks promote, Facebook will NEVER face anti-trust.
Please define Fascist as you are using it. Please note any differences between your definition and the dictionary definition, for clarity.
Please then provide links/evidence that support Masnick promoting this. Be specific, there no points for partial answers.
Facebook’s New Propaganda Partners https://fair.org/home/facebooks-new-propaganda-partners/
There is a "Submit a Story" link on every Techdirt page. If you feel its newsworthy, you can use that link to bring it to TechDirt’s attention.
_Oh, I know: it’s not a "monopoly" so don’t worry about it! Sheesh! But what’s even the basis of this piece if not that any ordinary person believes Facebook has too much power and is indifferent to the wishes of users?
If don’t call for curative action, then don’t bother to complain. — And we KNOW after 20 years of shilling that Techdirt is NOT going to advocate any measures that’d reduce corporate profits or power. This piece is more "proof" that Techdirt criticizes corporations, but since NEVER has any hint of action, is mere clickbait._
Please provide positive support that anti-trust actions against Facebook would A) be legally viable under existing anti-trust law, and B) actually solve the issue of potential privacy violations.
Please additionally advise how pointing out the behavior and heavily implying this is problematic and that Facebook should not be doing this in light of recent privacy scandals is not a form of calling for curative action.
If the idea is that the article has a lack of proffered solution, please advise why you do not also apply the same criteria to the fair.org article linked. Charitably speaking, that article suggests bad behavior, warns people to wary, and suggests they oppose it, but does not proffer any actual solution to the perceived problem.
Again, there is no credit for partial answers.
I look forward to your well-thought, considered, and above all courteous reply.
Re: Re: Homework: Substantiate your claims
Potential privacy problems?? You. seem too pissed to be joking.. Here’s a solution.. dissolve the terrible corporation.
Re: Re: Re: Homework: Substantiate your claims
Would that be legal under existing antitrust law? I don’t think that American antitrust law has any provisions for the dissolution of a corporate charter for much short of defrauding its shareholders or egregious lies in SEC filings. I’m only a broker (by licensing though I don’t do it full time), not a corporate lawyer so, I might be missing something.
Re: Techdirt's usual whining, not even token call to BREAK IT UP.
What would you “break up” Facebook into?
Re: Re: Techdirt's usual whining, not even token call to BREAK IT UP.
Oblivian.
2FA info is a *confidential* secret
Dear Facebook:
Since you’ve made most of our lives an open book, don’t you think that revealing my 2FA information to third parties facilitates identity theft???
If you want it secret, don’t tell Facebook!
Re: 2FA info is a *confidential* secret
It’s pretty unconscionable. If it can be accessed by people other than facebook, than someone looking to steal your facebook identity knows what number to target for SIM hijacking.
Boom – you no longer own your own facebook account. And then whoever hijacked it can download all your data.
Re: Re: 2FA info is a *confidential* secret
Not if you give then the phone number to pizza hut
Re: Re: Re: 2FA info is a *confidential* secret
Then you cannot get the text that allows you to login.
Re: Re: Re:2 2FA info is a *confidential* secret
huh … bah bye
Re: Re: Re:2 2FA info is a *confidential* secret
Easy solution: just maintain two phone numbers, and use one of them only for sign-up texts like that, never for anything else!
…of course, that means paying for the additional phone and number, which not everyone will be able to afford to do… and it’s likely that whoever you give the number to for a sign-up text will also store it in case they need to contact you later… but who ever said the solution was perfect?
ItsOnTheUsers
Friends don’t let friends use Facebook.
That’s the simple solution.
They do take it seriously.
They have no intention of giving it back.
Re: They do take it seriously.
Wrong again! They just gave away some 50 million user account details in the latest hack. See, they are always giving back to the community!
Re: Re: They do take it seriously.
Yeah? 50 million? Which community did they it to?
Srly, why would anyone use Facebook’s VPN over ExpressVPN or Cyberghost?
fuck facebük
Oh that's easy
“making you wonder what it looks like when Facebook truly doesn’t give a damn.”
Just go to facebook.com.
At what point does the act of collecting, storing and then willingly or unwillingly transferring a complete profile of a person’s life, relationships, political views, pictures, friends and family ties, location and personal data infringe on federal law — perhaps privacy laws, 4th Amendment laws, identity theft laws, etc? I’m sure there are others laws that would apply.
Re: Re:
In the United States? Probably never. Have a look at Facebooks Terms of Service. If you use the service, you give them a license to use the information you provide for pursuant to the privacy settings that you set. That handles privacy laws.
Concerning identity theft laws, as long as Facebook doesn’t try to act as you (in a way that you didn’t authorize in the ToS, for example, FB showing one of your friends your picture with an ad for a product whose page you "Liked") and as long as they try to keep your data out of the hands of unauthorized persons then Facebook isn’t committing identity theft either.
I saved the easiest one for last. The 4th Amendment’s provision against illegal search and seizure only applies to the government. Facebook couldn’t break it if they tried. Choosing to comply with a government request isn’t a violation on their behalf, if anything, (and that’s a big if) it would be a violation by the government agency that made the request.
In the EU on the other hand…I don’t know as much about the law there but, I have the feeling that the EU is currently in the middle of swinging the pendulum so far towards personal privacy that non-EU public governmental knowledgebases are already being harmed. In that case, Facebook may be in for a bit of a rough time over there.
Re: Re: Re:
Indeed. But the best way to protect your privacy is to assume that everything you put online will eventually be made public, even on the strongest privacy settings.
Be very careful about what information about yourself or your family you post online.
If Facebook took privacy and transparency seriously, especially the former, they wouldn’t exist in the first place.