B12 Solipsism

Spreading confusion over the internet since 1994

Archive for the ‘privacy’ tag

Google Exposed User Data, Feared Repercussions of Disclosing to Public

without comments

Expanding the Parameters
Expanding the Parameters

WSJ:

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.

(click here to continue reading Google Exposed User Data, Feared Repercussions of Disclosing to Public – WSJ.)

The cover-up is always worse. Google could have admitted to this during some Trump-Tweet-Tempest, and nobody would have paid much attention. 

Written by Seth Anderson

October 8th, 2018 at 12:28 pm

Posted in Business

Tagged with , ,

Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales

without comments

Google 500 error 

Bloomberg reports:

For the past year, select Google advertisers have had access to a potent new tool to track whether the ads they ran online led to a sale at a physical store in the U.S. That insight came thanks in part to a stockpile of Mastercard transactions that Google paid for.

But most of the two billion Mastercard holders aren’t aware of this behind-the-scenes tracking. That’s because the companies never told the public about the arrangement.

Alphabet Inc.’s Google and Mastercard Inc. brokered a business partnership during about four years of negotiations, according to four people with knowledge of the deal, three of whom worked on it directly. The alliance gave Google an unprecedented asset for measuring retail spending, part of the search giant’s strategy to fortify its primary business against onslaughts from Amazon.com Inc. and others.

(click here to continue reading Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales – Bloomberg.)

Google has more efficient PR teams than Facebook, even though the two companies seem equally as cavalier about vacuuming up personal information without informed consent of consumers.

Google Express
Google Express

Written by Seth Anderson

August 31st, 2018 at 9:37 pm

Death to The Bullshit Web

without comments

Weaving Your Spells
Weaving Your Spells…

Nick Heer writes about a topic near and dear to our brains, albeit from the web developer side: why do websites load so slowly? And why is our personal data being sold without our informed consent?

The average internet connection in the United States is about six times as fast as it was just ten years ago, but instead of making it faster to browse the same types of websites, we’re simply occupying that extra bandwidth with more stuff. Some of this stuff is amazing: in 2006, Apple added movies to the iTunes Store that were 640 × 480 pixels, but you can now stream movies in HD resolution and (pretend) 4K. These much higher speeds also allow us to see more detailed photos, and that’s very nice.

But a lot of the stuff we’re seeing is a pile-up of garbage on seemingly every major website that does nothing to make visitors happier — if anything, much of this stuff is deeply irritating and morally indefensible.

Take that CNN article, for example. Here’s what it contained when I loaded it:

Eleven web fonts, totalling 414 KB

Four stylesheets, totalling 315 KB

Twenty frames

Twenty-nine XML HTTP requests, totalling about 500 KB

Approximately one hundred scripts, totalling several megabytes — though it’s hard to pin down the number and actual size because some of the scripts are “beacons” that load after the page is technically finished downloading.

The vast majority of these resources are not directly related to the information on the page, and I’m including advertising. Many of the scripts that were loaded are purely for surveillance purposes: self-hosted analytics, of which there are several examples; various third-party analytics firms like Salesforce, Chartbeat, and Optimizely; and social network sharing widgets. They churn through CPU cycles and cause my six-year-old computer to cry out in pain and fury. I’m not asking much of it; I have opened a text-based document on the web.

An actual solution recognizes that this bullshit is inexcusable. It is making the web a cumulatively awful place to be. Behind closed doors, those in the advertising and marketing industry can be pretty lucid about how much they also hate surveillance scripts and how awful they find these methods, while simultaneously encouraging their use. Meanwhile, users are increasingly taking matters into their own hands — the use of ad blockers is rising across the board, many of which also block tracking scripts and other disrespectful behaviours. Users are making that choice.

They shouldn’t have to. Better choices should be made by web developers to not ship this bullshit in the first place. We wouldn’t tolerate such intrusive behaviour more generally; why are we expected to find it acceptable on the web?

An honest web is one in which the overwhelming majority of the code and assets downloaded to a user’s computer are used in a page’s visual presentation, with nearly all the remainder used to define the semantic structure and associated metadata on the page. Bullshit — in the form of CPU-sucking surveillance, unnecessarily-interruptive elements, and behaviours that nobody responsible for a website would themselves find appealing as a visitor — is unwelcome and intolerable.

Death to the bullshit web.

(click here to continue reading The Bullshit Web — Pixel Envy.)

All that “surveillance” stuff and related files are an abomination, and pleases no-one. I’ve heard anecdotal reports that even marketing savvy companies don’t frequently use all the data that is collected on their behalf. So who wants it? Unclear to me. I guess the third party data collection industry is happy to vacuum up this data because they can subsequently re-sell our information to the highest bidder, but that’s not a good enough reason to continue making web pages cumbersome.

And as I’ve blabbed about repeatedly, I swear by the script-blocking capabilities of Ghostery, but that is a half-measure, and doesn’t apply to the web-surfing of the vast majority of the populace.

You should read Mr. Heer’s entire post, it is worthy of your time…

 

Un Deletable Cookies  Safari
Un-Deletable Cookies – Safari

Written by Seth Anderson

August 2nd, 2018 at 8:39 am

Facebook conducting mass surveillance through its apps

without comments

Surveillance Society  Halsted and Division Edition
Surveillance Society – Halsted and Division Edition

The Guardian reports:

Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones, a court case in California alleges.

The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years.

A Facebook spokesperson said that Six4Three’s “claims have no merit, and we will continue to defend ourselves vigorously”.

The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

“Facebook continued to explore and implement ways to track users’ location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls,” one court document says.

(click here to continue reading Facebook accused of conducting mass surveillance through its apps | Technology | The Guardian.)

This is Facebook’s business model though, so what exactly are they going to argue? No, we don’t collect data on our users and then use this information to sell advertising to corporations? 

The one detail that is the most disturbing1 is that Facebook did this for people who weren’t Facebook users. How did these people consent? How do they request their data? How do they update their privacy settings?

Footnotes:
  1. and we’ve noted it previously []

Written by Seth Anderson

May 30th, 2018 at 9:06 am

Vermont passes first law to crack down on data brokers

without comments

Data Dump
Data Dump

TechCrunch reports:

While Facebook and Cambridge Analytica are hogging the spotlight, data brokers that collect your information from hundreds of sources and sell it wholesale are laughing all the way to the bank. But they’re not laughing in Vermont, where a first-of-its-kind law hems in these dangerous data mongers and gives the state’s citizens much-needed protections.

Data brokers in Vermont will now have to register as such with the state; they must take standard security measures and notify authorities of security breaches (no, they weren’t before); and using their data for criminal purposes like fraud is now its own actionable offense.

If you’re not familiar with data brokers, well, that’s the idea. These companies don’t really have a consumer-facing side, instead opting to collect information on people from as many sources as possible, buying and selling it amongst themselves like the commodity it has become.

This data exists in a regulatory near-vacuum. As long as they step carefully, data brokers can maintain what amounts to a shadow profile on consumers. I talked with director of the World Privacy Forum, Pam Dixon, about this practice.

“If you use an actual credit score, it’s regulated under the Fair Credit Reporting Act,” she told me. “But if you take a thousand points like shopping habits, zip code, housing status, you can create a new credit score; you can use that and it’s not discrimination.”

And while medical data like blood tests are protected from snooping, it’s not against the law for a company to make an educated guess your condition from the medicine you pay for at the local pharmacy. Now you’re on a secret list of “inferred” diabetics, and that data gets sold to, for example, Facebook, which combines it with its own metrics and allows advertisers to target it.

(click here to continue reading Vermont passes first law to crack down on data brokers | TechCrunch.)

Exactly why I wish the US would implement its own version of the GDPR that we’ve discussed. Corporations that mine our digital data, and sell it, and resell it, without oversight, or without giving “a taste” to the consumer are corporations that need to be regulated and watched by a consumer protection agency of some kind. Not every consumer is savvy enough to obfuscate their tracks, and honestly, even somewhat savvy consumers are no doubt caught up in these nameless corporations’ databases. Corporations like EquifaxQuotient and Catalina Marketing and a few thousand others don’t really need to use browser cookies anymore, they also use the unique ID of your devices, they track your IP numbers down to your block group, and can track you at home, at office, via phone, via credit card, via geolocation and via other means. I find it Orwellian and creepy.

My sincere wish is that Vermont continues on this path of regulation of the wild, wild web of data brokers, and that other states and the entire country follows suit.

Written by Seth Anderson

May 28th, 2018 at 3:49 pm

Posted in Advertising,Business,government

Tagged with , ,

U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In

without comments

Keystone Chicago Tribune
Keystone – Chicago Tribune

Speaking of the GDPR, the WSJ reports:

Europe’s new privacy law took effect Friday, causing major U.S. news websites to suspend access across the region as data-protection regulators prepare to brandish their new enforcement powers.

Tronc Inc., publisher of the Los Angeles Times, New York Daily News and other U.S. newspapers [Chicago Tribune], was among those that blocked readers in the European Union from accessing sites, as they scrambled to comply with the sweeping regulation.

“We are engaged on the issue and committed to looking at options that support our full range of digital offerings to the EU market,” the company said in notices it displayed when users attempted to access its news sites from the EU on Friday morning.

Others U.S. regional newspapers owned by Lee Enterprises Inc., as well as bookmarking app Instapaper, owned by Pinterest. Inc., were also blocking access in the EU.

The EU’s General Data Protection Regulation foresees steep fines for companies that don’t comply with the new rules, aimed at giving Europe-based users more control over the data companies hold on them.

(click here to continue reading U.S. Websites Go Dark in Europe as GDPR Data Rules Kick In – WSJ.)

Tronc and many other digital news organizations are among the worst offenders of collecting information on consumers. Using this article at the WSJ as an example, Ghostery reports 24 different cookies/trackers being served to a reader, from Facebook, Google, DoubleClick, and so on. I’m a subscriber, and WSJ still allows companies like Bombora to shovel my information into their corporate maws.

Going to a random Chicago Tribune article, say for instance “Let’s hear it for Memorial Day weekend at the beach. Oh, but the litter …”, and Tronc is serving me, a subscriber, 18 cookies/trackers from various entities, like Amazon, Google, and a plethora I’ve never heard of. My print newspaper doesn’t track me like this.

So, I’m not surprised that many news organizations are not in compliance with the new GDPR regulations, I’m only saddened that the US doesn’t have a similar protection for consumers. Savvier consumers can install anti-tracking services, like Ghostery, but what about everyone else?

Written by Seth Anderson

May 25th, 2018 at 9:16 am

Posted in Advertising,Business

Tagged with ,

EU Privacy Law Enters Into Force

without comments

Faux Vintage photo of a real vintage digital camera
Faux Vintage photo of a real vintage digital camera

The NYT/Reuters reports about the GDPR:

New European privacy regulations went into effect on Friday that will force companies to be more attentive to how they handle customer data.

The ramifications were visible from day one, with major U.S.-media outlets including the LA Times and Chicago Tribune were forced to shutter their websites in parts of Europe.

People in the bloc have been bombarded with dozens of emails asking for their consent to keep processing their data, and a privacy activist wasted no time in taking action against U.S. tech giants for allegedly acting illegally by forcing users to accept intrusive terms of service or lose access.

“You have to have a ‘yes or no’ option,” Austrian Max Schrems said before filing complaints in European jurisdictions. “A lot of these companies now force you to consent to the new privacy policy, which is totally against the law.”

(click here to continue reading EU Privacy Law Enters Into Force, Activist Takes Aim – The New York Times.)

Amazing really the number of these emails I’ve received. Several are worded in such a way that I did not accept their terms, and assume my account will become dormant. If it was a company I cared to still do business with, I might look a little deeper, but mostly I just shrug and delete.

We first heard about GDPR late last year and only wish the US took consumer privacy as seriously as the EU.

Dreaming Has A Low
Dreaming Has A Low

From December, 2017:

 

Almost a fifth of companies in the marketing and advertising sector would go out of business if they were to be hit by a fine for non-compliance of the new GDPR legislation.

 

The General Data Protection Regulation (GDPR) comes into force in less than one year and covers everything from a consumer’s ‘right to be forgotten’ to data breach notification and accountability. At the heart of the reform in how companies must handle customer data is a fine, standing at €20m or 4% of an company’s global revenue, if they are found to be falling foul.

 

But, in a survey of 187 marketing and advertising companies conducted by YouGov on behalf of law firm Irwin Mitchel, 70% said they wouldn’t be certain of their ability to detect a data breach. Meanwhile, just 37% said they would be equipped to deal with it in the required timescale of three days.

 

 

(click here to continue reading 17% of marketing and advertising agencies would go under if hit with a GDPR fine | The Drum.)

Extraordinary Measures
Extraordinary Measures

A privacy regulation with teeth:

 

With 200-plus pages of regulation set to come into force in May 2018, it formalizes concepts like the “right to be forgotten,” data breach accountability, data portability and more — and is arguably the biggest disruption in the digital space in recent years.

 

Potential fines

 

Simply put, the regulations are being put into place to give individual more rights to their data, but brands and marketers need to get on board beforehand in order to avoid hefty potential fines – up to $24m, or 4% of annual turnover (whichever is the greater sum). Some of the requirements include:

 

  • Requiring consent for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to have a data protection officer to oversee GDPR compliance

 

 

(click here to continue reading What does the EU’s privacy reform mean for US marketers? And what should you do now? | The Drum.)

Written by Seth Anderson

May 25th, 2018 at 8:17 am

Posted in Business

Tagged with ,

Service Meant to Monitor Inmates’ Calls Could Track You, Too, and Probably Does

without comments

Cell Phone Evolution
Cell Phone Evolution

Cell phones are useful for a lot of things, but owning one does have consequences, like the ability for 3rd party organizations or government entities to track your location down to 25-50 feet at any time your phone is connected to a cell tower.

The NYT reports:

Senator Ron Wyden, Democrat of Oregon, wrote in a letter this week to the Federal Communications Commission that Securus confirmed that it did not “conduct any review of surveillance requests.” The senator said relying on customers to provide documentation was inadequate. “Wireless carriers have an obligation to take affirmative steps to verify law enforcement requests,” he wrote, adding that Securus did not follow those procedures.

The service provided by Securus reveals a potential weakness in a system that is supposed to protect the private information of millions of cellphone users. With customers’ consent, carriers sell the ability to acquire location data for marketing purposes like providing coupons when someone is near a business, or services like roadside assistance or bank fraud protection. Companies that use the data generally sign contracts pledging to get people’s approval — through a response to a text message, for example, or the push of a button on a menu — or to otherwise use the data legally.

But the contracts between the companies, including Securus, are “the legal equivalent of a pinky promise,” Mr. Wyden wrote. The F.C.C. said it was reviewing the letter.

Courts are split on whether investigators need a warrant based on probable cause to acquire location data. In some states, a warrant is required for any sort of cellphone tracking. In other states, it is needed only if an investigator wants the data in real time. And in others no warrant is needed at all.

Other experts said the law should apply for any communications on a network, not just phone calls. “If the phone companies are giving someone a direct portal into the real-time location data on all of their customers, they should be policing it,” said Laura Moy, the deputy director of the Georgetown Law Center on Privacy & Technology.

Mr. Wyden, in his letter to the F.C.C., also said that carriers had an obligation to verify whether law enforcement requests were legal. But Securus cuts the carriers out of the review process, because the carriers do not receive the legal documents.

The letter called for an F.C.C. investigation into Securus, as well as the phone companies and their protections of user data. Mr. Wyden also sent letters to the major carriers, seeking audits of their relationships with companies that buy consumer data. Representatives for AT&T, Sprint, T-Mobile and Verizon said the companies had received the letters and were investigating.

(click here to continue reading Service Meant to Monitor Inmates’ Calls Could Track You, Too – The New York Times.)

In this particular instance, the 3rd parties selling your location data is called 3Cinteractive and LocationSmart, but there are hundreds more such companies who have built their businesses on turning your location into sellable data, most of which are relatively obscure.

Securus received the data from a mobile marketing company called 3Cinteractive, according to 2013 documents from the Florida Department of Corrections. Securus said that for confidentiality reasons it could not confirm whether that deal was still in place, but a spokesman for Mr. Wyden said the company told the senator’s office it was. In turn, 3Cinteractive got its data from LocationSmart, a firm known as a location aggregator, according to documents from those companies. LocationSmart buys access to the data from all the major American carriers, it says.

How does it work?

CBS News:

 “Envision a cell site,” says Allen (a typical tower appears in the photo above). “They’re triangular, and each side has about 120 degrees of sweep.” Every time a signal is transmitted to a nearby phone, says Allen, there is a round-trip delay to the mobile device and back. By using all three sides of the triangle to “talk” to the mobile device, the tower can triangulate which edge of the base station is closest to the device. “Typically the accuracy return varies,” says Allen. “In urban settings, it can be accurate down to several blocks; in suburban settings, several hundred meters.”

“We can locate any subscriber,” says Allen, “and companies want all those subscribers to be addressable,” or discoverable. Normally, this requires passing through some privacy gateways, says Allen. “The end user must opt in through a Web portal or SMS, or an app like Foursquare,” he says, per “universal” CTIA and MMA guidelines, and carriers’ own privacy protocol.

But with enterprise services, there’s a catch. “In a workplace scenario, the corporate entity has the right to opt-in those devices,” says Allen. “The [employee] is typically notified, but the opt-in is up to the employer.”

In other words: if your employer owns your phone, tablet or 3G-enabled computer, they’re entitled to own your location, too.

(click here to continue reading iPhones as Homing Beacons: How AT&T and Verizon Help Companies Track Employees – CBS News.)

Apple Rising
Apple Rising

Even Apple, a corporation that prides itself on not selling users data as much as their competitors, has acknowledged that users data has sometimes been sold.

9To5 Mac reports:

Over the last few days, Apple has seemingly started cracking down on applications that share location data with third-parties. In such cases, Apple has been removing the application in question and informing developers that their app violates two parts of the App Store Review Guidelines…

Sylvania HomeKit Light Strip Thus far, we’ve seen several cases of Apple cracking down on these types of applications. The company informs developers via email that “upon re-evaluation,” their application is in violation of sections 5.1.1 and 5.1.2 of the App Store Review Guidelines, which pertain to transmitting user location data and user awareness of data collection.

Legal – 5.1.1 and Legal 5.1.2

The app transmits user location data to third parties without explicit consent from the user and for unapproved purposes.

Apple explains that developers must remove any code, frameworks, or SDKs that relate to the violation before their app can be resubmitted to the App Store

(click here to continue reading Apple cracking down on applications that send location data to third-parties | 9to5Mac.)

Written by Seth Anderson

May 11th, 2018 at 8:26 am

Facebook Doesn’t Pay You Because That’s Not Their Model

without comments

Fuck The Internet
Fuck The Internet

In the context of describing yet another social network aimed at Facebook, albeit one that allegedly will pay you for your content1 Wired reports:

DURING MARK ZUCKERBERG’S over 10 hours of Congressional testimony last week, lawmakers repeatedly asked how Facebook makes money. The simple answer, which Zuckerberg dodged, is the contributions and online activities of its over two billion users, which allow marketers to target ads with razor precision. In which case, asked representative Paul Tonko (D – New York), “why doesn’t Facebook pay its users for their incredibly valuable data?”

(click here to continue reading Minds Is the Anti-Facebook That Pays You For Your Time | WIRED.)

Yeah, Facebook doesn’t want to really discuss this key aspect of their business in public: all their wealth is based on the mining and reselling of their users data. It was never a hidden fact, it was always known to anyone who bothered to ask, but Facebook doesn’t really like to explain it so that the majority realize they are the product being sold.

So let’s be clear, Facebook, Snapchat, Instagram, and Twitter even2 only exist to collect data about their users, and use information gleaned from their users to sell to corporations, or governments, etc. That is the model. If everyone, including your grandmother, and my 14 year old nephew understands this basic fact, we’ll all benefit as a society.

Footnotes:
  1. in cryptocurrency []
  2. which I still use frequently, maybe even more than I should []

Written by Seth Anderson

April 19th, 2018 at 11:19 am

Posted in Advertising,Business

Tagged with , ,

Facebook Tracks Non-Users

without comments

Eyeing John Marshall Law School 

HuffPo reports disturbing news:

Concern about Facebook Inc’s respect for data privacy is widening to include the information it collects about non-users, after Chief Executive Mark Zuckerberg said the world’s largest social network tracks people whether they have accounts or not.

Privacy concerns have swamped Facebook since it acknowledged last month that information about millions of users wrongly ended up in the hands of political consultancy Cambridge Analytica, a firm that has counted U.S. President Donald Trump’s 2016 electoral campaign among its clients.

Zuckerberg said on Wednesday under questioning by U.S. Representative Ben Luján that, for security reasons, Facebook also collects “data of people who have not signed up for Facebook.”

(click here to continue reading Facebook’s Tracking Of Non-Users Sparks Broader Privacy Concerns | HuffPost.)

Wha? That seems problematic. How are these people consenting?

Of course, as this blog has discussed multiple times, there are hundreds or even thousands of digital advertising firms that track each and all of us, whether or not we’ve consented, or are even aware. Their model is to make money off of the data of others, and perhaps to share that data with NSA and other US intelligence agencies. Facebook is one of the higher profile firms, but they are not alone.

There is also the European Union’s new privacy law, the GDPR.1

Wiki:

GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher. The GDPR also brings a new set of “digital rights” for EU citizens in an age of an increase of the economic value of personal data in the digital economy.

 

(click here to continue reading General Data Protection Regulation – Wikipedia.)

Footnotes:
  1. General Data Protection Regulation []

Written by Seth Anderson

April 15th, 2018 at 11:18 am

Posted in Business

Tagged with ,

Facebook hackers could have collected personal data of 2 billion users

without comments

No Need To Look The Other Way
No Need To Look The Other Way. 

From the Washington Post we learn that basically every piece of data Facebook collected about you has been shared with the digital marketing world, and the dark web whether you agreed to do that or not:

Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.

…But the abuse of Facebook’s search tools — now disabled — happened far more broadly and over the course of several years, with few Facebook users likely escaping the scam, company officials acknowledged.

The scam started when hackers harvested email addresses and phone numbers on the “dark Web,” where criminals post information stolen in data breaches over the years. Then the hackers used automated computer programs to feed the numbers and addresses into Facebook’s “search” box, allowing them to discover the full names of people affiliated with the phone numbers or addresses, along with whatever Facebook profile information they chose to make public, often including their profile photos and hometowns.

Names, phone numbers, email addresses and other personal information amount to critical starter kits for identity theft and other malicious online activity, experts on Internet crime say. The Facebook hacks allowed bad actors to tie raw data to people’s real identities and build fuller profiles of them.

Developers who in the past could get access to people’s relationship status, calendar events, private Facebook posts and much more data will now be cut off from access or be required to endure a much stricter process for obtaining the information, Facebook said.

Until Wednesday, apps that let people input Facebook events into their calendars could also automatically import lists of all the people who attended the events, Facebook said. Administrators of private groups, some of which have tens of thousands of members, could also let apps scrape the Facebook posts and profiles of members of those groups. App developers who want this access will now have to prove that their activities benefit the group. Facebook will now need to approve tools that businesses use to operate Facebook pages. A business that uses an app to help it respond quickly to customer messages, for example, will not be able to do so automatically. Developers’ access to Instagram will also be severely restricted.

Facebook is banning apps from accessing users’ information about their religious or political views, relationship status, education, work history, fitness activity, book reading habits, music listening and news reading activity, video watching and games. Data brokers and businesses collect this type of information to build profiles of their customers’ tastes.

(click here to continue reading Facebook hackers could have collected personal data of 2 billion users .)

Heck of a network you’ve created, Zuckerberg. 

There is no way to put this information back into the bottle, the only thing left to do is protecting future information from being harvested, and perhaps punishing Facebook for its lackadaisical approach to protecting the world’s personal data. Shut them down!

Speaking for myself, I don’t feel too worried, I always was a bit leery with giving Facebook access to my actual information. They do have my birthday, and where I went to school, but nearly everything else I put in my profile was faux information, or things available elsewhere. For a long time, I’ve used the Facebook API and other tools1 to automatically post photos from Flickr, Instagram, blog entries, etc. But who knows, perhaps I wasn’t careful enough to always delete my Facebook cookies, and so they scraped more information about me than I know. I did use the Facebook app for a few months before deleting it off of my iOS devices, but all it takes is a moment of unguarded attention, and the freaks at Facebook will vacuum up everything not nailed down. So the dark web may know more about me than I know. 

In Your Bubble Where Nothing Goes Wrong
In Your Bubble Where Nothing Goes Wrong

Barbara Ortutay adds:

 

On Monday all Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps. They’ll have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that. Facebook says most of the affected users are in the U.S.

As part of the steps it’s taking to address scrutiny about outsiders’ access to user data, Facebook outlined several changes to further tighten its policies. For one, it is restricting access that apps can have to data about users’ events, as well as information about groups such as member lists and content.

In addition, the company is also removing the option to search for users by entering a phone number or an email address. While this helped individuals find friends, Facebook says businesses that had phone or email information on customers were able to collect profile information this way. Facebook says it believes most of its 2.2 billion users had their public profile information scraped by businesses or various malicious actors through this technique at some point. Posts and other content set to be visible only to friends weren’t collected.

This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers’ access to people’s data if the person has not used the app in three months.

 

 

(click here to continue reading Facebook scandal affected more users than thought: up to 87M – Chicago Tribune.)

Sure, sure. I bet that will solve everything.

Footnotes:
  1. IFTTT, for instance []

Written by Seth Anderson

April 5th, 2018 at 11:24 am

Posted in Advertising,Business

Tagged with ,

Facebook Data Dump

without comments

Hell Facebook Ad
Hell – Facebook Ad.

So I took the time to download my entire Facebook data file, unzip the files and peruse it. If you want to do the same, go here https://www.facebook.com/settings

or for instance, read the instructions Abby Ohlheiser wrote in the WaPo:

In the Facebook settings for your account — right below the link to deactivate it — there’s an option to download a copy of all your Facebook data. The file can be a creepy wake-up call: All those years of  browsing the News Feed, and sharing selfies, engagements and birthday wishes on Facebook have taught the company quite a lot about you. You, the user, are part of the reason that Facebook has become so good at targeting ads. You’re giving them everything they need to do it.

Here’s a link that will take you right to the settings page, if you’re logged in to your account. One there, click on the link to download your archive, and follow the prompts

(click here to continue reading Here’s how to download all your data from Facebook. It might be a wake-up call. – The Washington Post.)

I was curious what exactly Facebook knows, especially since I’ve always been somewhat cautious about what I post there. At least I thought I was careful. Turns out Facebook has a huge list of people from my address book, most of which are not actual friends on Facebook1 or several deceased people. I guess one time Facebook copied my phonebook? A lot of the data is old, and not up to date, but there it is anyway.

Then there is the Facebook advertising selects (listed below because it is a big freaking list)

Read the rest of this entry »

Footnotes:
  1. a lawyer nemesis, for instance, or US Dept. of State – Passports, former dentists []

Written by Seth Anderson

March 28th, 2018 at 2:26 pm

Posted in Advertising

Tagged with ,

Facebook Delays Home-Speaker Unveil Amid Data Crisis

without comments

Listening To Ghosts Passing Through
Listening To Ghosts Passing Through

Ya think?:

Facebook Inc. has decided not to unveil new home products at its major developer conference in May, in part because the public is currently so outraged about the social network’s data-privacy practices, according to people familiar with the matter.

The company’s new hardware products, connected speakers with digital-assistant and video-chat capabilities, are undergoing a deeper review to ensure that they make the right trade-offs regarding user data, the people said. While the hardware wasn’t expected to be available until the fall, the company had hoped to preview the devices at the largest annual gathering of Facebook developers, said the people, who asked not to be named discussing internal plans.

The devices are part of Facebook’s plan to become more intimately involved with users’ everyday social lives, using artificial intelligence — following a path forged by Amazon.com Inc. and its Echo in-home smart speakers. As concerns escalate about Facebook’s collection and use of personal data, now may be the wrong time to ask consumers to trust it with even more information by placing a connected device in their homes. A Facebook spokeswoman declined to comment.

(click here to continue reading Facebook Delays Home-Speaker Unveil Amid Data Crisis – Bloomberg.)

Yes, what do consumers really want from Facebook right but a listening device right in their living rooms! No need to change your privacy settings now, Facebook won’t need to log your incoming/outgoing phone calls, they’ll just have the entire conversation instead! Whoo hoo!

Written by Seth Anderson

March 27th, 2018 at 10:20 pm

Posted in Business

Tagged with ,

Illinois Condo Law Update Might Be Un-Updated

without comments

Little Boxes
Little Boxes

Lawmakers who wrote this bill must all live in houses and townhomes: not in condo buildings. Every building has some percentage of malcontents, and who wants to be deluged with complaints from those who never offer solutions, only problems? Especially in condominiums where the Board is an unpaid, volunteer position.

It’s the part about “telephone numbers and email addresses” that is causing a ruckus, and the ruckus has taken lawmakers by surprise.

Gene Fisher is the executive director of the Diversey Harbor Lakeview Association, a coalition of elected leaders from north lakefront condominium associations. Board members are concerned that publication of their personal contact information will exacerbate harassment from dissatisfied owners, he said.

“As one of our members put it, ‘Every building has some hostile occupants. What board member wants to get repetitive crank calls from owners who do nothing but complain, or have their email filled with crank messages?’” he said.

Such egregious behaviors could discourage qualified and responsible owners from serving on their association boards, he added.

“Many owners are very protective of their personal information,” said Derek Wilkinson, vice president at Associa Chicagoland, a management company. “They do not want every person in their association to have easy access to their personal contact information. There is no ability to opt out of this information sharing, so many owners and board members are feeling powerless.”

Some owners have said they will delete their email accounts, said Timothy Patricio, property manager at Park Tower Condominium Association in Chicago.

(click here to continue reading Amendment to Illinois condo law sparks outcry, leaves owners and board members ‘feeling powerless’ – Chicago Tribune.)

In Chicago at least, there has been serious talk of an ordinance that will supersede this law. Alderman Brendan Reilly of the 42nd Ward1 and his colleague Brian Hopkins of the 2nd Ward introduced Amendment of Municipal Code Section 13-72-080 concerning requirements for examination of condominium association records by unit owners (PDF)

Can t Get Out of Here
Can’t Get Out of Here

Howard Dakoff recently wrote:

 

On Jan. 17, 2018, Hopkins and Reilly did introduce a Chicago ordinance that would prohibit Chicago unit owners (other than board members) from obtaining a list of unit owners’ email addresses and phone numbers among other personal information. The ordinance goes even further and allows a condominium association to opt out of other mandated Section 19 disclosure requirements with a two-thirds vote of the unit owners.

 

The ordinance is in direct contradiction to the provisions of Section 19, and while the aldermen believe the city of Chicago possesses the authority to do so under a legal doctrine called “home rule” (where a municipality has the authority to adopt its own legislation that might even be contrary to other applicable statutes), the proposed ordinance is quite aggressive in its breadth. There is disagreement among attorneys as to whether the ordinance can outright nullify mandated provisions of Section 19.

 

If the ordinance is adopted, it is likely there will be litigation to follow for a judicial determination regarding whether the ordinance can accomplish its objectives.

 

 

(click here to continue reading Aldermen introduce ordinance to strike down controversial part of Illinois condo law – Chicago Tribune.)

I guess if I had to provide email/phone, I could use a Google Voice account, and create a “burner” email, but the process seems ridiculous. I hope either the Chicago ordinance is passed soon, or the IL legislature revises the underlying law. Or both could happen: Chicago passes the Reilly/Hopkins ordinance, and then eventually the entire state follows suit at some later time.

Footnotes:
  1. the best Ward!! []

Written by Seth Anderson

March 23rd, 2018 at 9:48 am

ex-Facebook insider says covert data harvesting was routine

without comments

No Information Left Of Any Kind
No Information Left Of Any Kind

The Facebook exposé continues at The Guardian. Privacy enthusiasts have known or suspected this was Facebook’s business model all along, it is good to make Facebook’s practices more well known to the general public.

Hundreds of millions of Facebook users are likely to have had their private information harvested by companies that exploited the same terms as the firm that collected data and passed it on to Cambridge Analytica, according to a new whistleblower.

Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, told the Guardian he warned senior executives at the company that its lax approach to data protection risked a major breach.

 “My concerns were that all of the data that left Facebook servers to developers could not be monitored by Facebook, so we had no idea what developers were doing with the data,” he said.

Parakilas said Facebook had terms of service and settings that “people didn’t read or understand” and the company did not use its enforcement mechanisms, including audits of external developers, to ensure data was not being misused.

Asked what kind of control Facebook had over the data given to outside developers, he replied: “Zero. Absolutely none. Once the data left Facebook servers there was not any control, and there was no insight into what was going on.”

Parakilas said he “always assumed there was something of a black market” for Facebook data that had been passed to external developers. However, he said that when he told other executives the company should proactively “audit developers directly and see what’s going on with the data” he was discouraged from the approach.

He said one Facebook executive advised him against looking too deeply at how the data was being used, warning him: “Do you really want to see what you’ll find?” Parakilas said he interpreted the comment to mean that “Facebook was in a stronger legal position if it didn’t know about the abuse that was happening”.

He added: “They felt that it was better not to know. I found that utterly shocking and horrifying.”

(click here to continue reading ‘Utterly horrifying’: ex-Facebook insider says covert data harvesting was routine | News | The Guardian.)

As a side note, if you have a few dollars to throw at the feet of The Guardian, they’ve done heroic work on this story, and don’t have a paywall. Support heroic journalism!

Written by Seth Anderson

March 20th, 2018 at 8:24 am

Posted in Advertising,Business

Tagged with ,