This is addressing the wrong problem, at least in my view. I don't really care about what Facebook does with the data I consciously give them. And ads are just an side-effect.
My main problem is that they actively try to get their hands on data I don't want to give them. Like, my constantly actualized GPS coordinates, or my browsing history. And that they store it. And process it. And store me into some kind of box.
Oh, and it candidly considers that Facebook, or any other person to whom it sells the data, won't do anything nasty with it. Just serving ads might be okay. But ultimately, they could do much more.
Do you want to know who the gay people are around you ? We could sell you that list !
Do you want to know who votes for your opponent ? We could sell you that list !
And so on.
The day Facebook, or Google, or anyone with a comparable database actually decides to do something evil, it will look ugly. Will they ? Don't know. Don't want to find out.
As a side note, I might pay for Facebook. Or I might have paid. Now, they will just get my money and sell my data anyway, so why bother ?
For instance you do not usually opt-in to a group by yourself. Instead somebody else includes you in that group, without your permission. This is bad because opt-out of a group is an explicit statement that you don't want to be in that group, versus just ignoring a request which could just say that you don't have the time for that or you missed the invitation ... and people know you in those groups and opting-out is just rude.
This is not how real-life works btw.
I also got tagged several times in pictures that I do not like. Those pictures automatically appeared right on my "enhanced" profile page. When I untagged myself the person that did it thought it was some kind of technical problem and tagged me again. Then I untagged myself again, and got tagged again. Then I told that person that I don't like that picture and she got upset. I don't want other people tagging me - I want to tag myself in pictures that I approve of and this is something that Facebook won't allow me to do.
And talk about automatic tagging -- fortunately Facebook allows me to deactivate automatic tagging (for now), but this feature is just plain evil IMHO, as it encourages people to tag other people, even though that's not something they really want to do.
This list could go on and on and yet Facebook provides no means for me to automatically download the contact details of my friends. How fucked up is that? These are my friends, and many of them I invited to Facebook myself.
Basically these days I'm only using Facebook when I want to get in touch with somebody and I have no other way at my disposal OR if I want to spam people I don't care about ... but the real social networking that I'm doing these days is through my phone or through my email address.
Lot of things are hard to find (like deleting your account). And there is the issue of Facebook periodically changing the settings, knowing that meaning people won't bother figuring out what the changes mean and how it effects them.
And don't forget, due to the PATRIOT act, simply having that information obligates facebook to serve it up to law enforcement without a warrant any time they ask. Think about that next time you "like" the High Times fan page or post "I'm gonna get crunk!" some Friday night.
Facebook itself may be pure as the driven snow, but I can guarantee the FBI is NOT.
And don't forget, due to the PATRIOT act, simply having that information obligates facebook to serve it up to law enforcement without a warrant any time they ask.
Citation needed (Especially for the obligates part). If Google requires a warrant to share data then please explain why Facebook is obligated to do differently?
"A National Security Letter (NSL) is a form of administrative subpoena used by the United States Federal Bureau of Investigation and reportedly by other U.S. Government Agencies including the Central Intelligence Agency and the Department of Defense. They require no probable cause or judicial oversight. An NSL is a demand letter issued to a particular entity or organization to turn over various record and data pertaining to individuals."
Also: "Note: According to facebook’s privacy policy, messages on facebook can not be deleted anymore. If you click on ‘delete’ the messages will only be invisible to you. US law enforcement agencies can access this information at their own liking, without judicial review."
To complement your point and quoting from the link:
> The information isn't viewed by humans (not in an identifiable way)
That is until someone wants to actively query it, then it can be made human-friendly, and like you said, we don't really know just what details they are storing and how they are profiling us.
It doesn't ever escape my mind that whichever country I live could just well suddenly suffer from a state coup (or in some cases are already under dictatorships) and right then I could become a political target for the sum of all my recent activity.
Right now I'm living in a democratic state and have my civil rights, and so I act accordingly. But that's all stored somewhere and if things change, the state can simply gunpoint a service and have them disclose all my personnal data. Said service doesn't even need to have a secret agenda for my info, but they are its holders so they might be targeted.
That also brings a different point which is the security in which my information is being held. Can a big service like Facebook's or Google's be hacked? It most surely can. And then, just how much data will be compromised before it's in the wrong hands. Cyberwarfare is here.
To elaborate on this a bit, it might not even be necessary for them to get hacked from the outside. It's certainly not impossible for a malicious Google or Facebook employee to acquire (and sell) data.
In Italy we had a pretty big scandal because people working with the main telecom operator sold a lot of calls data to businesses, lobbyists and such. This is a very concrete risk.
While there is nothing inherently wrong with making a profit from data about users, there is quite a bit wrong with the way it's being done on Facebook, and much of the rest of the web/mobile for that matter.
For one thing, services fail to properly inform their users of what they're doing. It's quite common for ordinary users to either not know that their data is being collected and used in those ways, or the extent of the data which is being collected (e.g. Location, Phone Identifiers, and sites visited across the web).
For another, opting out is generally designed to be quite difficult. Unless you're vigilant enough to know which hosts to block (among other things) it's almost impossible to keep your browsing history out of the hands of the hands of third parties (especially with all the different ways browsers can store information, see, http://samy.pl/evercookie/). This is the case even if you do not sign up for or use a service like Facebook.
Also, as someone noted below, there is an issue with the simple fact of the data's existence, since from that point on it is out of my control, and can be used by anyone who can get their hands on it, in any way, which may well be harmful to me.
> There is certain information (address, account numbers, ss #, etc.) that if obtained by a third party, could result in some real world problems that will negatively impact my life. But information social networks sell to advertisers doesn't fall into this category.
That's both wrong and incredibly short-sighted.
First, Facebook collects way more data than necessary. In fact, they try to collect data of people which aren't Facebook users. And what's more, in some cases (facial recognition), there's nothing you can do against it. But wait, you can! Guess how? By registering on Facebook, to remove tags. I don't know what to call this, but it feels awfully similar to extortion.
Second, the unnecessary data that Facebook collects is dangerous by virtue of existing. Yes, that data might be safe now. We cannot guarantee this to be true tomorrow, next month or in five years, actually, we cannot even be sure if it is safe right now (which is a matter of transparency again). Besides, I don't see how a detailed (which might be an understatement) biography of my life is necessary to sell targeted ads.
Third, as rwolf pointed out in another comment, it's not like targeted ads are the only option. Yes, it might be the best alternative in terms of making profit, but we cannot ignore the side effects.
Besides, I seriously ask myself when in the hell "profit" became an argument to infringe on basic rights and liberties (of which privacy and control over your own data is - or at least should always be - part of). To present a hyperbole: slavery was very profitable as well. I don't see people arguing that we should allow slavery again.
I guess the problem isn't targeted advertising per se. It's that you don't know what your personal information will be used for in the future. Maybe it will give you better, more targeted advertising. Maybe it will be used to deny you an insurance policy or be sold to a recruiting firm that will reject your job application. I guess Facebooks terms don't allow that, but those terms can change at any time.
Maybe not next year, but what about 30-40 years from now? Facebook or Google might not even exist then, but you can be pretty sure that your data will exist, along with your social graph. That's a tangible asset that can be sold, no matter what happens to these companies. Or seized by some government, for that matter.
Is this just being paranoid and obsessed with privacy? Lets hope so.
A german friend put it this way: Most jews in pre-nazi Germany didn't mind having their religious affiliation listed in their passport. Many were indeed proud to be jews.
Would anyone of them have been able to imagine what this information would be used for just a few years down the line? Wouldn't anyone worrying about this collection of data have been laughed at and called paranoid?
There is a very important distinction between the Nazi Germany example and Facebook selling your data.
In the Nazi Germany example, it was a government entity that was using the information. In that case no amount of privacy controls will protect you - if the information is available they can use the law to retrieve it. Even if Jews didn't have their religion listed on their passport, a government can retrieve that information in other ways (not least compulsory questioning).
In Facebook's case they are selling information to other companies. If the government wants they information they can legislate to get it from anywhere at all (including active surveillance), and so the fact you have shared it on Facebook merely minimises friction for them.
Friction is the only shield we have ever had to protect against invasion of privacy.
YES!!
Far from downplaying it, I was wondering if anyone would pick up on that! It's a really important point - many "privacy invasions" are things that were possible before, but inconvenient.
The truth is, though, that complaining about it is roughly as useful as the RIAA suing Napster. The internet reduces friction, and aren't privacy controls just another form of censorship that the internet will route around?
I do understand concerns over what happens to your data moving forward (changing laws, organizational/management changes etc.). But again, I can't think of any of the information on a social networking site being all that damning. The information that I share on say Facebook or Google+ (at least for me) never really consists of ultra-private information.
Nazi Germany has been such a commonplace rhetorical device on the Internet for so long [1] that we end up easily dismissing it when it's indeed a useful comparisson. This, for many reasons, would be one such case (we can debate that through email if you want), but let's dismiss it anyway.
The important fact here is that bucket loads of (your) personal data are being processed, correlated with each other and stored into centralized server clusters — which have become very tangible assets.
If someone ill-intentioned — a government, an interest group, a company — gets a hold of these assets — through power, through craft, through acquisition — they can use it to target you for whatever their purpose.
In a warfare scenario, that could mean targeted, granular misinformation; targeted terrorism through AI-generated blackmailing, tailored on an infividual level; mass identity hijacking. It could make war a personal matter like it has never been before.
(And on the other side, there's the Nazi Germany scenario where, unbeknownst to you, you are being blacklisted for a genocide to come — after all, the first step is classification. [2])
The fact that we're living rather peaceful times doesn't mean that a potential weapon like these databases should go unregulated; and the fact that we see no storm in the horizon doesn't mean we shouldn't care about the possibility.
As long as you can imagine what sorts of bad things could be done with that personal data, the argument is: you should care because you don't know for a fact what tomorrow will look like.
[1] If Wikipedia is to be believed, it's been 20 years now since Godwin's Law was first formulated!
> But again, I can't think of any of the information on a social networking site being all that damning.
Then you don't understand the concerns. What is perfectly routine today may be damning tomorrow. Yes, Nazi Germany was an extreme event, but it happened, and there's no reason something like it couldn't happen again. It might not even be anything you posted, maybe you are friends with a lot of people that have radical political ideas. Maybe something you posted could be taken out of context. If you think that all people would be able to get out of this data is "lol, had eggs for breakfast today", then you are seriously underestimating the value of this data.
I will give you one example. Somebody uploads my picture to Facebook and tags me in it. Facebook now matches my face to my name - forever. I can't ask them to forget that they know me, I can't ask them to delete that data, and I can't get a new face (although sometimes I would like to).
Facebook now has that information forever and I played no part in them obtaining it. They could launch a feature tomorrow where you can take a picture of a stranger at a bar and be given their 'closeness' to you, or their name. Or that data could be stolen, or misappropriated.
This is about companies over-reaching and then either the data accidentally leaking or intentionally being used without user permission. Most people don't have a problem with it, until something goes wrong.
I met your friend yesterday and he was showing me some pictures from a camping trip he took last week. I asked "who's that guy standing to your left" and he told me it was you. Now I know what you look like, forever, and you can't ask me to forget or delete that either. I don't see the problem here.
You don't see it because you aren't looking for it, and are probably not interested in it. You're just unilaterally opposing a viewpoint.
I'll make it easy - you're not an oracle on the identities of 500 million people, no matter how many camping photos you look at. When you are, we'll be uncomfortable about you as well.
>While it is true that "we pay with our data" for many of the free (as in no monetary cost) social networks we use, what is the alternative? People don't want to pay money for these types of services and this is a business model that allows companies to operate and thrive while providing a valuable service to their users.
That strikes me as a pretty weakly supported argument. Facebook is in a position where they could do something very similar to Github. Free accounts that are publicly searchable and paid accounts with strict access controls. Many people would in fact pay for that, probably to the point that they could ditch ads on the free version.
Now, they would have to stop rewriting the code that manages access permissions every six months, but I would bet they could totally do that if they stopped treating ad revenue as the only way.
That would be extortion unless they allow you to completely delete an account and opt-out (or better yet, require opt-in) of data collection. Because if not, then the only way to hide your data from the public would be to pay FB.
It's not clear to me that ad-supported == targeted ad-supported. The claim that there is no alternative is false--the alternative is less effective (and therefore less lucrative) ads.
If you ask a HN-reader to choose either 1) less intrusive data collection or 2) more profits to the website, I think it's clear why the user prefers door #1.
The better way to frame the choice is 1) less intrusive data collection or 2) ads relevant to what you might actually be interested in.
Some people don't like simple remarketing, but I do. It's not so bad that Bonobos reminds me to buy pants from them every once and awhile... I like their pants ;)
And I'm not sure of the brand effect display ads have had on me but I know I'd rather see something relevant to business, finance, or tech, as opposed to feminine products or entertainment magazines.
Yes, I'm speaking the advertising industry party line, but I do kind of agree with it.
Do you think everyone likes these ads, and the ones who are complaining are just whining without really thinking about what great pants they could be buying?
Do you think some other people may not like these ads? Is it odd that those people would try to pressure companies into not showing these ads?
Do you think one side of the other is in the majority here? Can either side speak "for" the masses, who don't talk about/understand ads one way or the other?
I didn't presuppose any of that. I was only pointing out that you framed the question as:
"Do I want a good thing, or a bad thing?"
- obviously you want the good thing
When in reality the question is:
"Do I want a thing with good and bad attributes, or another thing with good and bad attributes?"
- this reflects the reality of the situation
Facebook using the information we have made available on their network ("intrusive data collection") doesn't really have a negative impact on us as users. At least not in any tangible way.
Absolutely. A class-action lawsuit against a mobile analytics company I own a chunk of was thrown out of court recently for exactly that - failure by the plaintiffs to establish actual injury or harm.
If there's no injury, there's no standing, and therefore there's no case.
I refer you to the Beacon advertising adventure. Where Facebook was "just using the data we make available on their network," and users fought back and won.
You last sentence starts with "If there's no injury," which seems to be the topic of discussion here.
Users won, did they? How much were they individually compensated? (No need to look up the answer - users received nothing.)
Facebook settled that particular lawsuit, so no judge had an opportunity to determine whether there was an actual injury or not. Facebook itself admitted no wrongdoing - settling this sort of thing usually means you've done a cost-benefit analysis and it's cheaper and easier to just pay off the lawyers.
As for the independent privacy foundation that Facebook was required to fund - anyone here heard from it lately? (Anyone here heard of it at all?)
And as for Beacon itself being closed - well, it certainly doesn't look like it slowed down Facebook much, did it?
The Beacon lawsuit did nothing for anybody, aside from the plaintiffs' lawyers. Arguing that 'users won' is delusional.
I agree that Facebook and other social networks have a right to make money through their business model. As the article puts it, if they didn't make money, they wouldn't exist and that would be a loss for many people.
However, there's nothing that says Facebook has the right to become a $100B company through extreme invasion of privacy and other distasteful tactics (whatever they may be - I sure don't know what fully goes on over there). Send me some targeted advertising if you have to, but I will protest against you if you make new "share-with-others-additional-information-about-yourself" features a confusing opt-out hassle.
Just recently my wife shared a photo album via Picasa and Google+, and she couldn't figure out how to restrict who could access the album, though it was very simply prior to Picasa's integration into Google Photos. Do you think Google+ engineers couldn't keep the same Picasa privacy functionality as before or is it because they want to force people to share more than they're comfortable with?
No one is saying that social networks shouldn't make money through advertising and most people are probably okay with some personal data being used for targeted advertising. But given past invasive practices and privacy concerns, there are definitely valid concerns with regards to the extent to which social networks are commoditizing/selling users' personal information in an effort to maximize profits. Furthermore, who knows what happens to sold personal information down the line?
Simple question: If changing social networks was as simple as changing your online shopping preferences, do you think Facebook could get away with what it does? Facebook can obviously take advantage of the fact that its users cannot easily leave to appropriate user data that other sites could not.
I agree, but most people probably haven't thought it through, or if they have considered it, they're stuck on the revelation that they are the product, not the customer. Perhaps some of these companies should be more up front about 'the deal' to their users, and what its boundaries are.
What is wrong with being both? To me it seems like a mutually beneficial relationship. I am getting tremendous value from using their site to interact with and stay connected with friends. They are using my data to make money by serving me unobtrusive ads that don't really negatively impact my user experience.
I do think that being more upfront and more transparent would be a good thing, there are alot of misconceptions out there.
If Facebook were simply showing me ads for stuff I mentioned, or something like that, I would have no objection. "Hmm, this guy keeps posting about hats. He must like hats. Let's show him some ads for hats!" No problem. That's basically what I thought would happen when I signed up.
I did not expect that when I visited cnn.com, after having logged into Facebook a week earlier, Facebook would log which articles I read. There was no reason for me to think that clicking "remember me" when I logged into Facebook also implied "and also remember my browsing history on all of your partner sites."
That's the behavior that pisses me off, not the targeted ads that you mentioned.
(I assume it's obvious why logging a subset of my browsing history without my consent pisses me off, but let me know if that seems odd and I'll explain more.)
I'm not actually asserting that the logging itself harms me, just that it pisses me off.
The reason it pisses me off is that my browser history reveals things about me that I'd rather keep private. Facebook is taking that from me without my consent. I would feel approximately the same if I discovered they were stealing stuff out of my garage without my consent-- it wasn't part of the deal I thought I agreed to.
Without getting into the details of my particular situation, I'll just say that I have political and religious views that I think are unpopular, and I don't trust the rest of the world to treat me fairly were those views made public. Also, even my views weren't unpopular now, I want to be judged for what I do, not what I read about on the web.
(I should also add that I don't think any of the private stuff that I mentioned is creepy; it's just my private business. For example, I might feel the same way if I were gay and lived in Mauritania (see http://en.wikipedia.org/wiki/LGBT_rights_in_Mauritania).)
Not really, no. Please correct me if I'm misunderstanding facebook's tracking system, but I don't think your browser history is being captured here. You are viewing pages that have a facebook widget on them, and if you have a facebook cookie that says "pingswept", this tells facebook that pingswept visited a page with a specific widget on it (and thus, which page). Facebook is not taking anything from you that you are not sending them - the issue is that a website that is not facebook is passing your information on to facebook. Aren't they the ones that deceived you, not facebook?
I believe you have explained the mechanics of the system correctly.
As to who is doing the deception, I think you're right that (in the example we're discussing) cnn.com is being deceptive. That's a good point; I hadn't really considered the complicity of the partner sites.
But in the end, Facebook is producing widgets, building a system to receive data from those widgets, and working with their partners to deploy those widgets. This system of data transmission is in no way obvious to normal people; if I weren't a web developer, I'd just think I was seeing a "like button image," and that's it. That's the part that pisses me off-- I think it's sneaky, not just me complaining about something I originally agreed to.
Just out of curiosity, and assuming you actually have a Facebook account, this really doesn't bother you at all? Should it be obvious to me that buttons I'm not clicking may be transmitting data to other sites?
This may not be a realistic expectation now, but I think that as the general population becomes more technologically literate, for the average person, the presence of such a button should indicate "this website has some kind of relationship with facebook/reddit/google - if I care about what data they are sharing, I should probably check their privacy policy." And I think that 99% of people won't care. My admittedly idealistic belief is that the solution to this "controversy" is for everyone to recognize that we shouldn't try to apply pre-internet expectations and beliefs about privacy to the modern world.
That doesn't seem crazy to me as an expectation for the distant future. Right now, I'd estimate that 95% of Facebook users would be at least irritated if they knew the full extent of the data that Facebook collects. I wouldn't be surprised if that dropped down to 25% 50 years in the future (assuming some new Facebook-like entity that pulls similar bullshit then).
The good news for me is that I'll probably be dead by then, or at least most of my friends will be, so Facebook will be of no interest to me.
I'm curious about why you describe your belief as idealistic. Specifically, what is ideal, or even good, about Facebook logging a subset of my browsing history? I understand it's potentially profitable for them and their partners, but that's not a benefit to me.
My idealistic view, which is substantially in conflict with yours, I think, would be that Facebook just serve me targeted ads and forget about the rest of it. Why would your ideal future be better? (I'm assuming you don't work for Facebook or one of their partners.)
That's not an argument against keeping that history. It could just as well be presented in court as evidence for me, or be presented as evidence against people I don't like. I'm in favor of the legal system having better evidence that they can use to reach more correct verdicts.
If I sign up to a video store and suddenly some guys are watching inside my windows all the time to check whichever videos I might enjoy more, no, that would not be ok with me.
It's harmful because it's abusive.
Next year they will want more revenue, so how deeper will they go for that, will they break my windows open and storm the house?
I know it's an exageration, but it ilustrates my point.
I see this as something that could potentially lead to abuse, but I don't see how it is abusive by itself, and I don't agree with trying to limit technology because it could potentially be abused unless there's a clear case that the danger of such abuse outweighs the potential benefits. Like the writer of the original article, I haven't seen anyone make that case - it's mostly just people saying "but privacy!"
In your example, those people breaking into your home is wrong. Watching you when you are in public or on their property would not be.
When the service I'm using does not clearly state what info they are using and how, than that's not really being public is it, it's just me having my info appropriated by technology without my knowledge.
No, that's where the metaphor breaks down. I don't think there's a good equivalent of "public" in the facebook tracking situation. Instead, I would say that you are on someone else's virtual property, and that they are perfectly within their rights to watch and record whatever you do there and share that information with whoever they like.
It does happen without the knowledge of many people today, and the surprise when they find out what's really going on has led to a lot of backlash, but the solution to that is to educate people better about technology and what it can do, not to limit technology so that it can only do things the average person can conceive of.
I think I can see what you say about virtual property, even though I don't agree that it should all be logged, I agree that it would be public, something that any other user himself could track. So if they only see my activity within that property, than that's one thing, but once they get into my browser and gather information from it, than I think the boundary is oversteped, and they are now in my own property (my browser) and searching through my stuff.
> by serving me unobtrusive ads that don't really negatively impact my user experience
I'm not a heavy Facebook user, but what you said certainly does not apply to google.
What was once unobtrusive ads now are just ads cleverly disguised as search results in a very faint slightly different background-color box. They wanna pass the ads down as search results and that certainly impacts user experience.
These guys are wise enough not simply through the ads in there altogether, they let you grow accostumed, than just enlarge then a slight bit every now and then. That is not a mutually beneficial relationship, that's an abusive relationship.
Being both what? I wrote that I agreed with the point of the article. My point was that most people, who are only casual users, are going to take a while to slowly make their way down this path:
1) Oh, what a cool service! For free!
2) Huh, they're showing me ads for stuff I'm interested in... what's up with that. Oh! They're selling "me" to these companies! OMG! Privacy!!!
3) Ah... well if I know exactly what they are and are not selling, and I get the free service, I guess that makes sense and I'm ok with it. It beats paying, and I do like using it.
*Both the product and the user. But I do agree that there is almost always an initial negative reaction when people figure out that their data is being sold.
I think what irks me most about this is the laziness in relying on user data as a means to sell advertising to fund their "services".
The writer poses the question "what's the alternative?" to this business model. My answer, "Stop being lazy about it and come up with a new model. I have."
It might work it, it might not, but we all have to keep trying if we don't want what there is now - and the implications.
We are uniquely positioned to come up with another avenue of generating revenue so it doesn't have to be this way.
I'm sure if you work at Facebook or Google you see no harm in gathering and cross-polinating the data, I can see the sheer power of what you can do must be quasi-orgasmical, and it must almost have a life of it's own. Just how much can you gather, from how many different methods? It's like a college project with no limits but it won't last forever, someone somewhere with something different, will come and take that crown, and maybe, just maybe, it won't be as clandestine as it is now.
Selling data is not the problem; the problem is the emerging social norm whereby letting data about your life be aggregated and mined proves you are a trustworthy person. We are already at the stage where simply not having a social networking presence makes you suspect.
Eric Schmidt's "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" and Randi Zuckerberg's "I think anonymity on the Internet has to go away" are some choice quotes that should give anyone pause.
"Go ahead, sell my data" doesn't bother me. "How come you aren't putting yourself out there and letting your data be sold like the rest of us" bothers me.
All the arguments that defend Facebook e.a come down to: "making money trumps human rights".
There's no arguing about this subject with people who believe that people should not have the right to control their own data, just as there is really no arguing with people who don't believe in the value of free speech or the right to vote.
This is not meant as an insult. Believe what you believe. But if you want to argue the reality of negative consequences, please pick up some history books first. And if you do business in my part of the world, respect the local law.
> There's no arguing about this subject with people who believe that people should not have the right to control their own data,
There's no inalienable human right to data about you unless you want to argue that it's somehow your property. (Or that it relates to life, liberty, or the pursuit of happiness). More likely data about you is just information on a public stage.
If I see you walking around town and write it down, is that illegal? Am I steeling something from you? Is that illegal search or seizure? I'm creepy, yes, but I'm not infringing anyone's rights.
So we're all just creeped out by Facebook. As yet no one is being harmed.
You seem to be, as are many others in this online debate, using the fallacious assumption that all of the world is the US.
> There's no inalienable human right to data about you
Eh...yes there is. Maybe not for you, but I, and others who were born in the EU have quite inalienable rights to data about us.
EU laws quite explicitly state that, yes, I do have an inalienable right to data about me, unless I explicitly (and possibly temporarily) grant a company access to it.
A company is legally obligated to provide me a list of all data they have on me, plus the ability to change this data, including me demanding all of it to be deleted.
Is this relevant in dealing with US based companies? No. But of course the EULA of Facebook specifies that European users have an agreement with Facebook Ireland, meaning all these EU laws apply to this relation.
> If I see you walking around town and write it down, is that illegal?
No, but writing down and storing that you saw me walking is...
Now, maybe you don't care about what right you have to your data. But I do, and I endorse any action forcing big companies like Facebook and Google to comply with the EU law, which firmly puts me back in control about my data.
Okay, how about this: If I write a blog post that mentions you, you should be allowed to have it deleted, because people should have the right to control their own data, and what data is more important than the ability to control what comes up when your own name is searched for?
Oh wait, aren't they doing something similar in Italy?
What if your "private" data were sold on the open market?
What if your boss checked which sites you visited before hiring you? What if you wanted to keep something from your wife or your children? What if the person you just met at a bar wanted to find out all the pages you visited? What if a stalker wanted to know where you shopped and what you bought?
All of the above can easily be done with just the tracking information the Like button has.
Damn right, I don't understand why people are going all up in arms for privacy on the Internet, this is _Internet_, you know, the place where everything is public.
If you want to show your life on the Internet, you have to expect some people taking interest in it, whatever the intention.
What I can't understand is how we are all upset about Facebook, Google, Apple, Microsoft and our privacy when we have NEVER given a damn about how credit card companies profile their client.
And credit card companies are so much worse because they first sell you credit card (via flat fee or interest rates) and then profile you and use that information to sell you even more stuff.
I actually find it a bit funny when people put up personal data for the sake of sharing it with others over a public network, then go on complaining about privacy.
People tend not to complain about the stuff they've chosen to put online. People are complaining about the huge quantities of data that Facebook holds about you, with no option to stop them gathering or processing it, when they keep stuff that you've asked them to delete, and when they gather data about people who are not even signed in to Fb.
You are obviously missing the point but let me humor you:
When you access a bank you are publicly trading the information between you and the bank. That means that if somebody on your LAN sniff your cookies (and SSL wouldn't be used) you could use their account on their bank website.
So yeah, bank info is public as well.
You cannot use the internet and expect things to be completely private like you can't go in a bar get naked in the middle of the dance floor and expect nobody to notice it. (Ok, this is far fetched but still.. I thought this was funny :P)
That means that if somebody on your LAN sniff your cookies (and SSL wouldn't be used) you could use their account on their bank website.
But I use SSL when I connect to facebook. And its not the data facebook collects as it files over the wire that is being called into question here, it is the actions of Facebook once they have the data.
The point the parent post was driving at is: Is it OK for the bank to do anything they want with my personal data just because they (like facebook) happen to operate on the internet?
And my answer to that question is, if you give information about yourself to any service you have to expect them to do something eventually with it. Even if it's yours, it becomes theirs as well as soon as you upload it to the 3rd party.
I couldn't agree more. Really don't see what the big deal is. In a perfect world, they wouldn't be selling my data, and I wouldn't have to pay for all the services I use.
In the world we have, though, I'll take what I can get.
A lot of my peers would say this is just one line of code away from a society in which our every single action or movement is influenced by hyper personalized advertisements. They fear losing control of their own lives.
I say bring it on. I look forward to the day when an algorithm tells me my taste buds prefer extra spicy beef panda express, order now and have it air delivered to you in ten minutes
There is an argument (from advertisers, actually had a AE for a digital media company tell me this) that basically says "If we can't track you and your interests then you won't find out about new products and services that serve your personality and interests"
On one hand, I think "I can find my own products thank you" while on the other I understand the crowded space and targeting advertising does reduce the signal to noise ratio. (this is debatable I guess?)
Yes! I would love it if advertisers could figure out my preferences and run ads for products that I didn't even know I wanted. Instead, because they don't have enough information, I get ads for things I couldn't care less about.
Relevant advertising is relevant. Everything else is a waste of everyone's time (yours and the advertisers). Steps should be taken to safeguard privacy (you should never get a letter blackmailing you because of what you've done in the past), but if the focus is on making sure you only get relevant advertising and everything else is filtered before it gets to you, I consider that a win.
One major concern that remains relevant is the prospect of abuse. You can't steal, misappropriate, or abuse what doesn't exist in the first place. You can't subpoena or execute a warrant to retrieve data that was never stored.
Privacy laws and rules provide some projection, but that only goes as far as they are enforced. Nonexistence of data cannot be subverted and is a much more robust protection against the data falling into the wrong hands.
The issue isn't necessarily who has the data now. It's who might get it later.
I think the concern over data coming back to bite you in a legal setting is more valid than others, but is still only relevant in very specific cases. Who else falls into the category of the "wrong hands" and what harm could they really do with a list of my interests, preferences and other information I make available on whatever social networking site I am on?
Short version: lulzsec and blackmail/public embarrassment.
Intruders count as the "wrong hands". A future buyer/board/CEO with fewer ethical scruples than the current managers of a given data set may count as the wrong hands, or allow it to fall into other wrong hands.
Say you're into poker and a bank buys your data. You're now tagged as a gambler and considered a liability, so you will have a harder time getting a loan. A future employer could buy it and decide they don't like some certain thing about you. Etc.
Maybe they will never sell your data, but maybe they will. There's unlimited potential for abuse from the corporate sector. What the FBI knows about me doesn't worry me much.
I agree. I think safeguards need to be put in place. I think it's OK for a computer algorithm to use historical information to provide relevant ads and filter out all the rest. Ideally, no one else would have any access to that data. It's more work, but I think it's worth the effort (there's way too much junk advertising out there).
> I look forward to the day when an algorithm tells me my taste buds prefer extra spicy beef panda express, order now and have it air delivered to you in ten minutes.
I'm sorry to be blunt, but that's degenerate, plain and simply. If the day arrives when people give up thinking for themselves, we've truly arrived at an Orwellian society, and your friends are damn right - we're not very far away from this.
I'm curious what "losing control" means here. Do you mean they don't feel they have the willpower to resist these hyper-personalized ads? Or do they feel the ads will become so obnoxious and attention-getting (because of the personal nature) that it will interfere with their daily thought patterns?
"they don't feel they have the willpower to resist these hyper-personalized ads"
Although it's not necessarily a discussion of their own willpower but rather whether the masses will lose portions of the power to think for themselves. Not always the same or hyperspecific portions, but we're slowly giving away more and more of our decisions to advertisements.
/Disclaimer: not sure whether I paraphrased this correctly./
I don't believe ads are the only culprit. Daily, and increasingly, we give away our decision making to a myriad of sources. Blogs. Fox News. @aplusk (Ashton Kutcher). Apple product keynotes.
Hopefully we can also use the same technology to liberate ourselves from the magnetic attraction of ads and the media and do something positive. I'd look to recent events (Arab Spring, #OWS) as a possible glimmer of hope there.
Is this really a problem or are people just reacting to hype? It seems to me that our data has been monitored for years both online and offline. That data is used to target businesses marketing messages but its nothing new. For example, insurance companies collect data on people and re-sell it to marketing companies. They then use that information to send you custom messages in the mail or offers based on your demographics. Data on customers will always be sold to advertisers and frankly, we should encourage this evolution. Instead of watching advertisements for motorized wheelchairs during "Murder she wrote" (I cant help it, I love that show) It would be more enjoyable if I saw advertisements for something like Motorized Dirt Bikes. People will always have to see advertisements so isn't it better to see things that interest you? If the product is free, you are the product and I prefer to be sold to what intrigues me.
There would be no problem if advertisements were a good faith effort meant to inform you about a product you may be interested in. As it stands, they are attempts to manipulate people into making irrational choices. Giving advertisers even more tools to get into your psyche and understand how to most effectively push emotional buttons for their own profit is not a comforting thought to me. We're assuming that advertisers would just be getting demographic data, but it would probably go much deeper, and it could be used for broader purposes. For example, Facebook sees that you're upset about losing a football game, here's an ad which says that you're not a man unless you drink this light beer. Or maybe you got dumped by your girlfriend, here's an ad showing a happy couple drinking Corona. They could also analyze broader trends. There seems to be a lot of middle school girls talking about this band, let's use them in our next advertisement for this frivolous fashion. Yes, this is already happening to some extent, but they could be much more effective with a data set like this where people assume they are talking to their friends. I'm not a marketer, so I'm sure someone in the industry could come up with even more "creative" ways to use the data.
I'm not sure the poster understands. The information that is sold can be and is linked up with other information. The big consumer database companies in the United States maintain databases with thousands of fields of data per person in the U.S.A. That's today (or ten years ago). Tomorrow, or ten years from now, it will probably be hundreds of thousands of fields of data per person in the United States. Your consumer profile, readily available for sale, will include not only the fact that your favorite tampon brand is Tampax Ultra with Wings (that's already there) but also that you take medication for incontinence (that's already there) and that you spend 15 minutes every day at the local coffee shop during working hours (beep! This app requests to know your location Y/N?) and that you view a disproportionate number of webpages dealing with alcoholism and depression on days after days in which you have purchased 2L bottles of Wild Turkey.
Facial recognition is shortly going to render every digital photo and video ever uploaded to the net FULLY IDENTIFIABLE as to all of the people pictured. Coming in 2020: a startup (or Facebook plugin) that traces your entire life through publicly available photos and videos.
Kevin Curtin has a very limited imagination regarding the privacy apocalypse that is upon us. The data shadow that follows every person around is already huge, and will become gargantuan. It's already inescapable and out of your control.
The first time someone takes facial recognition software and allows the public to easily apply it to amateur porn, there's going to be some fireworks.
That uber-detailed personal profile used without your consent worries me a bit less - while we'll get to the same place, it'll be completely because of voluntary sharing of information. You'll want that profile, because it'll save you lots of money.
People tend to worry that negative things will happen to them if information about them is used without their consent - for instance, your example might worry that his insurance premiums will go up because he's buying Wild Turkey in bulk and surfing pages on alcoholism.
This will never happen.
In reality, positive things will happen to people when they freely consent to share positive information about themselves - and as those people are rewarded, the pool of people who don't share becomes riskier and is therefore economically punished for not sharing.
Two examples that are with us today:
-- Car insurance. Students with better grades tend to have less accidents, so you can get a better insurance policy from your provider by voluntarily turning over your grades. Since turning over your grades is a simple thing, the result is predictable - if you don't turn over your grades, it's safe to assume you have bad grades (and therefore are an accident risk). You've kept your privacy, but your premiums are still going up.
-- College tuition. To qualify their kids for student loans and aid, parents have to supply full documentation about their income. Parents do so voluntarily, because it can only benefit them - but this means if you don't submit documentation about your income, the college can safely assume you have a lot of money, and you get charged the highest possible tuition. Keeping your income private could cost you tens of thousands of dollars a year.
When personal information starts being used for things like insurance premiums, Blue Cross won't be creeping through your credit card receipts without your permission - instead, they'll invite users to voluntarily share their web, purchase, or location history, and they'll use it to reward them with a discount. As more and more users do so and are rewarded for the healthy lifestyles reflected in their data, the body of people not bothering to share will get riskier, and their premiums will rise.
That's one side of things. Knowing that you drink heavily on weekends might raise your insurance premiums as well... every little bit of data can go one way or the other, and it's not true that they are already assuming the worst about everyone, or we wouldn't be insurable.
I can't speak for the poster, but I understand all of that, and I still don't see the problem.
Or rather - I see the problems, but I think they are overstated. Just saying "PRIVACY GRRRR!" doesn't make sense - it is much, much more subtle than that.
The poster explicitly addresses this:
I understand the instinctive philosphic reaction that "we own our data" but when I dig beaneath that initlal gut response I come up empty. I do think there is an important distinction between privacy and security that sometimes people miss. There is certain information (address, account numbers, ss #, etc.) that if obtained by a third party, could result in some real world problems that will negatively impact my life. But information social networks sell to advertisers doesn't fall into this category.
Your comment simply fails to address this. You seem to be stating "Technology is powerful! We should be scared", but without addressing the very real points the poster made it doesn't really add a great deal to the discussion.
The so called privacy apocalypse is far from it. "Nightmare" scenarios like you spend 15 minutes every day at the local coffee shop during working hours plainly aren't as bad as you seem to think. It's trivial for a company to track how long a person spends in their office already - companies that care about it already do it.
Given that commercial consumer databases already exist, please explain why the worst thing to come from it is annoying unsolicited mail and phone calls? If that is a privacy apocalypse then I feel it is a small price to pay for using services that don't charge us money.
Very few sensible people are worried about anonymised, aggregated data being sold in return for a useful free service.
But what of the more specific nature of some of the things you and your friends discuss on Facebook?
What if bosses or potential employers could pay to look at your timeline? What if they could ask to see your GPS tracking data? What if Facebook could rent out user info to advertisers based on like button activity? Ever 'liked' anything pretty dodgy?
The point isn't that, obviously, they can't and probably won't at the moment. The point is how far down this route do we want to go and at which point should we draw the line.
I agree with OP. People are mostly over-reacting. Trying to regulate the collection of personal data is a waste of time.
We should be focused on limiting the 'evil' applications of personal data, regardless of the source. If an employer, bank, or insurance company discriminates against you on the basis of personal data they purchased from Facebook, Facebook isn't the offender.
We regulate the credit rating agencies and how credit scores can be used. That's sufficient. Why wouldn't a similar model work for personal data?
Facebook is the offender for gathering all that un-needed personal data; and then for processing it; and then for selling it without the permission of the data-owner.
To be clear: Gathering too much personal data, and holding it (even when the user has asked for it to be deleted) is itself an evil application, and that is why the EU has laws about it.
Is personalized data like browsing habits or GPS info or anything else they collect market on and sell considered intellectual property? If so why can these companies sell it without compensating me?
They do, via their services. You visit X site, and read it's content. Your browser makes requests for various files, and the server hands it to you. If site X uses site Y, and you fetch site Y files, you are still using site X.
My main problem is that they actively try to get their hands on data I don't want to give them. Like, my constantly actualized GPS coordinates, or my browsing history. And that they store it. And process it. And store me into some kind of box.
Oh, and it candidly considers that Facebook, or any other person to whom it sells the data, won't do anything nasty with it. Just serving ads might be okay. But ultimately, they could do much more.
Do you want to know who the gay people are around you ? We could sell you that list ! Do you want to know who votes for your opponent ? We could sell you that list ! And so on.
The day Facebook, or Google, or anyone with a comparable database actually decides to do something evil, it will look ugly. Will they ? Don't know. Don't want to find out.
As a side note, I might pay for Facebook. Or I might have paid. Now, they will just get my money and sell my data anyway, so why bother ?