Study Shows Facebook's Still Miles Away From Taking Privacy, Transparency Seriously
from the ill-communication dept
If the entire Cambridge Analytica scandal didn't make that clear enough, Facebook keeps doubling down on behaviors that highlight how security and privacy routinely play second fiddle to user data monetization. Like the VPN service Facebook pitches users as a privacy and security solution, but is actually used to track online user behavior when they wander away from Facebook to other platforms. Or that time Facebook implemented two-factor authentication, only to use your provided (and purportedly private) number to spam users (a problem Facebook stated was an inadvertent bug).
This week, a new report highlighted how Facebook is letting advertisers market to Facebook users by using contact information collected in surprising ways that aren't entirely clear to the end user, and, according to Facebook, aren't supposed to work. That includes not only private two-factor authentication contact info users assume to be private, but data harvested from other users about you (like secondary e-mail addresses and phone numbers not directly provided to Facebook). The findings come via a new report (pdf) by Northeastern University's Giridhari Venkatadri, Alan Mislove, and Piotr Sapiezynski and Princeton University's Elena Lucherini.
In it, the researchers highlight how much of the personally identifying information (PII) data collected by Facebook still isn't really explained by Facebook outside of painfully generic statements. This data in turn can be used to target you specifically with ads, and there's virtually no transparency on Facebook's part in terms of letting users see how this data is being used, or providing fully operational opt out systems:
"Worse, we found no privacy settings that directly let a user view or control which PII is used for advertising; indeed, we found that Facebook was using the above PII for advertising even if our control account user had set the existing PII-related privacy settings on to their most private configurations. Finally, some of these phone numbers that were usable to target users with did not even appear in Facebook’s “Access Your Data” feature that allows users to download a copy of all of their Facebook data as a ZIP file.
Again, this includes the use of two-factor authentication (2FA) credentials that Facebook has previously stated aren't supposed to be used for marketing purposes. It's something that Facebook has repeatedly claimed doesn't happen:
"Facebook is not upfront about this practice. In fact, when I asked its PR team last year whether it was using shadow contact information for ads, they denied it.
User efforts to glean more transparency from Facebook haven't fared well either, even in the UK where the GDPR was supposed to have put an end to this kind of cavalier treatment of user data:
"I’ve been trying to get Facebook to disclose shadow contact information to users for almost a year now. But it has even refused to disclose these shadow details to users in Europe, where privacy law is stronger and explicitly requires companies to tell users what data it has on them. A UK resident named Rob Blackie has been asking Facebook to hand over his shadow contact information for months, but Facebook told him it’s part of “confidential” algorithms, and “we are not in a position to provide you the precise details of our algorithms."
And again, this is a company in the wake of several major privacy scandals, attempting to avoid heavy-handed privacy regulations on both the state and federal level, making you wonder what it looks like when Facebook truly doesn't give a damn.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ad targeting, privacy, targeting, transparency, two factor authentication
Companies: facebook
Reader Comments
Subscribe: RSS
View by: Time | Thread
Techdirt's usual whining, not even token call to BREAK IT UP.
Because part of the surveillance / propaganda state, as is GOOGLE, which Fascism masnicks promote, Facebook will NEVER face anti-trust.
Facebook's New Propaganda Partners https://fair.org/home/facebooks-new-propaganda-partners/
Oh, I know: it's not a "monopoly" so don't worry about it! Sheesh! But what's even the basis of this piece if not that any ordinary person believes Facebook has too much power and is indifferent to the wishes of users?
If don't call for curative action, then don't bother to complain. -- And we KNOW after 20 years of shilling that Techdirt is NOT going to advocate any measures that'd reduce corporate profits or power. This piece is more "proof" that Techdirt criticizes corporations, but since NEVER has any hint of action, is mere clickbait.
[ link to this | view in chronology ]
Re: Techdirt's usual high quality work
And I don't see you actually disputing the content of the article - only lamenting the lack of your own agenda being included.
Please point us to your website so we can see your articles on this topic.
[ link to this | view in chronology ]
Homework: Substantiate your claims
Because part of the surveillance / propaganda state, as is GOOGLE, which Fascism masnicks promote, Facebook will NEVER face anti-trust.
Please define Fascist as you are using it. Please note any differences between your definition and the dictionary definition, for clarity.
Please then provide links/evidence that support Masnick promoting this. Be specific, there no points for partial answers.
Facebook's New Propaganda Partners https://fair.org/home/facebooks-new-propaganda-partners/
There is a "Submit a Story" link on every Techdirt page. If you feel its newsworthy, you can use that link to bring it to TechDirt's attention.
_Oh, I know: it's not a "monopoly" so don't worry about it! Sheesh! But what's even the basis of this piece if not that any ordinary person believes Facebook has too much power and is indifferent to the wishes of users?
If don't call for curative action, then don't bother to complain. -- And we KNOW after 20 years of shilling that Techdirt is NOT going to advocate any measures that'd reduce corporate profits or power. This piece is more "proof" that Techdirt criticizes corporations, but since NEVER has any hint of action, is mere clickbait._
Please provide positive support that anti-trust actions against Facebook would A) be legally viable under existing anti-trust law, and B) actually solve the issue of potential privacy violations.
Please additionally advise how pointing out the behavior and heavily implying this is problematic and that Facebook should not be doing this in light of recent privacy scandals is not a form of calling for curative action.
If the idea is that the article has a lack of proffered solution, please advise why you do not also apply the same criteria to the fair.org article linked. Charitably speaking, that article suggests bad behavior, warns people to wary, and suggests they oppose it, but does not proffer any actual solution to the perceived problem.
Again, there is no credit for partial answers.
I look forward to your well-thought, considered, and above all courteous reply.
[ link to this | view in chronology ]
Re: Homework: Substantiate your claims
[ link to this | view in chronology ]
Re: Re: Homework: Substantiate your claims
Would that be legal under existing antitrust law? I don't think that American antitrust law has any provisions for the dissolution of a corporate charter for much short of defrauding its shareholders or egregious lies in SEC filings. I'm only a broker (by licensing though I don't do it full time), not a corporate lawyer so, I might be missing something.
[ link to this | view in chronology ]
Re: Techdirt's usual whining, not even token call to BREAK IT UP.
[ link to this | view in chronology ]
Re: Re: Techdirt's usual whining, not even token call to BREAK IT UP.
[ link to this | view in chronology ]
2FA info is a *confidential* secret
Since you've made most of our lives an open book, don't you think that revealing my 2FA information to third parties facilitates identity theft???
If you want it secret, don't tell Facebook!
[ link to this | view in chronology ]
Re: 2FA info is a *confidential* secret
Boom - you no longer own your own facebook account. And then whoever hijacked it can download all your data.
[ link to this | view in chronology ]
Re: Re: 2FA info is a *confidential* secret
[ link to this | view in chronology ]
Re: Re: Re: 2FA info is a *confidential* secret
[ link to this | view in chronology ]
Re: Re: Re: Re: 2FA info is a *confidential* secret
[ link to this | view in chronology ]
Re: Re: Re: Re: 2FA info is a *confidential* secret
...of course, that means paying for the additional phone and number, which not everyone will be able to afford to do... and it's likely that whoever you give the number to for a sign-up text will also store it in case they need to contact you later... but who ever said the solution was perfect?
[ link to this | view in chronology ]
ItsOnTheUsers
That's the simple solution.
[ link to this | view in chronology ]
They do take it seriously.
[ link to this | view in chronology ]
Re: They do take it seriously.
[ link to this | view in chronology ]
Re: Re: They do take it seriously.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Oh that's easy
Just go to facebook.com.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
In the United States? Probably never. Have a look at Facebooks Terms of Service. If you use the service, you give them a license to use the information you provide for pursuant to the privacy settings that you set. That handles privacy laws.
Concerning identity theft laws, as long as Facebook doesn't try to act as you (in a way that you didn't authorize in the ToS, for example, FB showing one of your friends your picture with an ad for a product whose page you "Liked") and as long as they try to keep your data out of the hands of unauthorized persons then Facebook isn't committing identity theft either.
I saved the easiest one for last. The 4th Amendment's provision against illegal search and seizure only applies to the government. Facebook couldn't break it if they tried. Choosing to comply with a government request isn't a violation on their behalf, if anything, (and that's a big if) it would be a violation by the government agency that made the request.
In the EU on the other hand...I don't know as much about the law there but, I have the feeling that the EU is currently in the middle of swinging the pendulum so far towards personal privacy that non-EU public governmental knowledgebases are already being harmed. In that case, Facebook may be in for a bit of a rough time over there.
[ link to this | view in chronology ]
Re: Re:
Be very careful about what information about yourself or your family you post online.
[ link to this | view in chronology ]
[ link to this | view in chronology ]