“If things play out with AI the way that they have done with Facebook, we’re in a lot of trouble.” Jonathan Nolan
— Mark Cathcart (@cathcam) May 9, 2018
Facebook is confronting EU users a new “terms of service” dialogue that denies access until a user opt-ins to tracking for ad targeting, and various other data processing purposes… pic.twitter.com/MiYpfjZLLo
— Johnny Ryan (@johnnyryan) May 8, 2018
As Facebook scramble to try to head off prohibitive legislation in the UK, Europe and the USA, it’s trying to reinvent it’s history and mission. I’m no Facebook historian, developer, professional watcher but it’s worth remembering some of it’s actual history, bugs, screw-ups and the often terrible defaults it implemented with new features.
I’d long imagined that Mark Zuckerberg was the embodiment of Zeke Hawkins character in the 1993 movie, Sliver. One of the things Hawkins said in the movies about his surveillance was the Google-esq:
We’ll do only good things.
All of the recent disclosures about access to Facebook data isn’t about hacking or other malicious activity, it is about poor design decisions; defaults in privacy that were good for Facebook but not for the user; and ultimately necessary for Facebook’s’ business model. They were not, as Facebook and Zuckerberg oft refer to them as data breaches.
As the voiceover says at the end of the Sliver trailer:
The view from the outside is nothing…. compared to the view…. inside.
My history with Facebook goes back to when it was “thefacebook”. I’d been a regular speaker and panelist at the Silicon Valley World Internet Center between 1998 and 2003 when I gave my last session on Open Source. The center was housed at Stanford University. Over my time there, I made contacts with many professional and personal contacts.
I started using livejournal as an emerging platform for “blogging” and tracking news for my then key triathlon interests in January 2004. That April, through one of the contacts I’d made at the World Internet Center, I was offered a userid to take a look at “thefacebook”. I didn’t spend much time on it, it was fascile, juvenille and voyeristic. I wasn’t surprised to hear that in 2003, the Harvard University administration had charged Zuckerberg with breach of security, violating copyrights, and violating individual privacy.
That set the path that Facebook has followed since then, their design decisions, their defaults, everything has been aimed at making your information publicly available, searchable and collectable. As I texted a few days ago, none of this need happened if Facebook actually cared about privacy. Each and every time they implemented a new feature, they did so by setting the user privacy to the least private allowed.
Great work, completely agree except the last paragraph opt-out. Want the feature? You need to opt-in. This is Facebook problem. Everytime they [Facebook] change something, they take the best default for them not the user, not privacy.
— Mark Cathcart (@cathcam) April 8, 2018
While Facebook claimed they were not selling data, which was probably legally true, but they were always selling access to the data. If privacy was really central to Facebooks management of data, then they would have made the defaults very different than they did.
All those infuriating apps and quizzes that your “friends” were playing Farmville, Candy Crush, etc. let alone the apps that wanted to know actual personal information, like where you’d travelled to etc. For a while in 2007 there was even a class at Stanford known as the “Facebook class” where students, many of whom went on to make hundreds of thousands of US Dollars, were instructed on how to make Facebook apps.
As early as 2010, many of us were imploring people not to give companies like OK Cupid and apps like Lover of the Day access to your data, it was only ever going to end badly for someone.
Lover of the Day was installed nearly a million times. If every user that installed it had at least one hundred “friends” on Facebook, that meant through a single app, four hundred million facebook users data could have been exposed and scraped. Even if “Lover of the Day” hadn’t overtly exploited this, it was totally naive rather than malicious.
By the end of 2010, there were hundreds of website scams that were, as far as I can see, just there to harvest your data, and that of your friends. There were numerous websites set up to track these, of which Facecrooks, was and still is one of the best.
When I got my Facebook data, before #DELETEFACEBOOK, I spent an hour searching through the data and my timeline to find interesting posts, pleas that I’d made to my friends about the lax controls, bad defaults and bad app choices they were making.In 2010 alone, I posted the following on my wall.
January 10th: “Well get used to it, the Facebook founder says your privacy is a relic of the past, everything should be public!”
March 2010: “So, not paying attention to the FB Privacy issue? Well last night the dumb ass’s made a change which made everyone’s email address public for about 30-mins even if you said not to or your settings… “
May 2010: “So yesterday Facebook blew their privacy yet again revealing private friend to friend conversations, allowing one friend to see outstanding friend requests of other friends…”
May 2011: When discussing the Symantec revelation that Facebook was leaking information to Third parties, I ended the post with – friends don’t give their friends personal information to strangers, don’t do the same on facebook!
By 2011, music streaming startup, Spotify, was known to be aggressively using and promoting their business through facebook by exploiting the weak/lax Facebook privacy. If anything, the US Government Federal Trade Commision hearings lead to facebook changes that were in marketing speak “more transparent” but reality, more opaque. They made it easier to stop sharing, but harder to know what was being shared.
In 2015, the scraping of user data was still rampant, I found a number of examples of warnings, mostly in so called “Big company” giveaways.
March 2015: Friends don’t invite friends invite to the SW Airlines ticket give away. It’s scam, they are harvesting Facebook id’s, friends lists and email addresses and who knows what else!
It was followed by a long bullet list of ways you could tell if the giveaway was a scam. My post ended in
If don’t doesn’t have at least two of those it’s a scam… It’s not harmless, it’s like showing up at an orgy and not using a condom.
When Zuckerberg and Facebook try to rewrite history claiming these were a breach of trust, or they didn’t sell data, or they acted as soon as they were notified, I don’t know what the hell they are talking about. They knew, they just didn’t care until the politicians got hurt, and now the optics look really bad.
Next. What should be done.
While I’m at it, I thought I’d take a look at what data linkedin.com has on me. It’s likely to be much less, since I rarely use the service and it’s been getting less and less as their emails with anything useful, plus new contacts, connect requests etc. always take me to the Google Play app store to install the linkedin app. That’s not happening, and I mostly just delete the emails and make a mental note to login via the website.
If you are interested in your linkedin data, you can get it via the linkedin.com Settings and then Privacy page. Here.
The email that arrived with a link said:
Here’s just the first part of the information we have archived for you, including things like connections, contacts, messages, and profile information.
It seems that will likely be the more interesting part of their archive. The first .zip file seems to mostly include only static data, most of which I’ve provided.
Interestingly, I joined linkedin on April 11th, 2006. I learned that from the registration .csv.
At least in the .zip file I got it had the following structure.
The media files were very limited, just two image files, and a PDF of a presentation that I posted directly to linkedin. This clearly isn’t all my data from linkedin, since it did not contain and links, articles, or images I’ve posted. It didn’t for example even include my profile and profile background pictures.
The spreadsheets were no more than comma seperated variables, but seemed fairly accurate. There is no clue how they came about these, I can only assume from businesses I “liked” etc. Here is the entire contents of the “Causes you care about” .csv
Civil Rights and Social Action Economic Empowerment Environment Human Rights Politics Science and Technology
Which seems about right. What I’m sure most people will be interested in are the contacts that linkedin has a mix of my personal contacts, and linkedin connections. For each “connection” it has firstname, surname, physical address, email address,current employment/employer, position, a date and time field(?) and finally a web address.
The physical address doesn’t seem to have come from my contacts, which I’m pretty sure I’ve not given linkedin access to via the app or a website link/upload. The majority of physical addresses are blank, even for people I have work/home addresses in my contacts.
So I think this is pretty much
Move on, nothing to see here!
When the 2nd .zip file arrives, I’ll add another post.
In the push-back over the Facebook privacy scandal, many are also asking questions about the data other platforms have. Many commentators draw a parallel to Google. For my part, this is valid at least as far as tracking, visiting locations etc. goes. Since I have a Google Phone, with a Google Fi service, and I use Google Maps, I pretty much expect them to track me.
In addition, in my prior home I had Google Fiber, plus add in all the Youtube videos, if you watch movies or listen to music on Google Play; they have my calendar; all my files in Google Drive; as much as I try not to have my photos in the cloud, they’ve almost certainly got some of them in Google Photos. I typically avoid using Google Search directly, as for the most part, my search history seems a definitive list of things I’m interested in, but it’s much more subjective than that. I prefer startpage for search.
I don’t read ebooks, but they’d have them if I did; of course I use a few Google Groups; and so on. So, it’s a pretty exhaustive list. You do need to take care if you decide to download your Google information from google.com/takeout – It can get pretty big, pretty quickly if you’ve purchased books, films, music and make extensive use of drive, in addition to all the metadata, you’ll also get all the content.
Despite all this, I feel like Google have not crossed the trust boundary. They may be using and aggregating all this data to sell to advertisers, but it’s not all clear how. It certainly isn’t obvious from the adverts. So for now, I trust Google to “Don’t be evil“.
Much has been written about the facebook data, Cambridge Analytica sh*t show. I was among those years ago who were warning friends not to play games that require users to permit the game access to their friends Facebook profile.
However, even I couldn’t have foreseen how the data would be used. Stunning. I have my Facebook archive from yesterday, and will be going over it in the next few days. I’ll finally #deletefacebook – deleting permanently my Facebook ID later today. In another week or so, I’ll create a new ID, strictly limited to family as friends.
The worst, in privacy terms, aspect of the Facebook data privacy failure, is the accusation that Facebook was collect phone data from android phone for years. Of course, everyone accepted the facebook app permission to access the phone, but again I suspect few thought that the Facebook would track and keep data on all calls made, even those that got a busy signal, or no answer.
I went hunting for a list of all the data Facebook collected, and found this. It appears to only be available to logged in Facebook users. I thought it worth copying over here. It’s a huge list.
|What info is available?||What is it?||Where can I find it?|
|About Me||Information you added to the About section of your Timeline like relationships, work, education, where you live and more. It includes any updates or changes you made in the past and what is currently in the About section of your Timeline.||Activity Log
|Account Status History||The dates when your account was reactivated, deactivated, disabled or deleted.||Downloaded Info|
|Active Sessions||All stored active sessions, including date, time, device, IP address, machine cookie and browser information.||Downloaded Info|
|Ads Clicked||Dates, times and titles of ads clicked (limited retention period).||Downloaded Info|
|Address||Your current address or any past addresses you had on your account.||Downloaded Info|
|Ad Topics||A list of topics that you may be targeted against based on your stated likes, interests and other data you put in your Timeline.||Downloaded Info|
|Alternate Name||Any alternate names you have on your account (ex: a maiden name or a nickname).||Downloaded Info|
|Apps||All of the apps you have added.||Downloaded Info|
|Birthday Visibility||How your birthday appears on your Timeline.||Downloaded Info|
|Chat||A history of the conversations you’ve had on Facebook Chat (a complete history is available directly from your messages inbox).||Downloaded Info|
|Check-ins||The places you’ve checked into.||Activity Log
|Connections||The people who have liked your Page or Place, RSVPed to your event, installed your app or checked in to your advertised place within 24 hours of viewing or clicking on an ad or Sponsored Story.||Activity Log|
|Credit Cards||If you make purchases on Facebook (ex: in apps) and have given Facebook your credit card number.||Account Settings|
|Currency||Your preferred currency on Facebook. If you use Facebook Payments, this will be used to display prices and charge your credit cards.||Downloaded Info|
|Current City||The city you added to the About section of your Timeline.||Downloaded Info|
|Date of Birth||The date you added to Birthday in the About section of your Timeline.||Downloaded Info|
|Deleted Friends||People you’ve removed as friends.||Downloaded Info|
|Education||Any information you added to Education field in the About section of your Timeline.||Downloaded Info|
|Emails||Email addresses added to your account (even those you may have removed).||Downloaded Info|
|Events||Events you’ve joined or been invited to.||Activity Log
|Facial Recognition Data||A unique number based on a comparison of the photos you’re tagged in. We use this data to help others tag you in photos.||Downloaded Info|
|Family||Friends you’ve indicated are family members.||Downloaded Info|
|Favorite Quotes||Information you’ve added to the Favorite Quotes section of the About section of your Timeline.||Downloaded Info|
|Followers||A list of people who follow you.||Downloaded Info|
|Following||A list of people you follow.||Activity Log|
|Friend Requests||Pending sent and received friend requests.||Downloaded Info|
|Friends||A list of your friends.||Downloaded Info|
|Gender||The gender you added to the About section of your Timeline.||Downloaded Info|
|Groups||A list of groups you belong to on Facebook.||Downloaded Info|
|Hidden from News Feed||Any friends, apps or pages you’ve hidden from your News Feed.||Downloaded Info|
|Hometown||The place you added to hometown in the About section of your Timeline.||Downloaded Info|
|IP Addresses||A list of IP addresses where you’ve logged into your Facebook account (won’t include all historical IP addresses as they are deleted according to a retention schedule).||Downloaded Info|
|Last Location||The last location associated with an update.||Activity Log|
|Likes on Others’ Posts||Posts, photos or other content you’ve liked.||Activity Log|
|Likes on Your Posts from others||Likes on your own posts, photos or other content.||Activity Log|
|Likes on Other Sites||Likes you’ve made on sites off of Facebook.||Activity Log|
|Linked Accounts||A list of the accounts you’ve linked to your Facebook account||Account Settings|
|Locale||The language you’ve selected to use Facebook in.||Downloaded Info|
|Logins||IP address, date and time associated with logins to your Facebook account.||Downloaded Info|
|Logouts||IP address, date and time associated with logouts from your Facebook account.||Downloaded Info|
|Messages||Messages you’ve sent and received on Facebook. Note, if you’ve deleted a message it won’t be included in your download as it has been deleted from your account.||Downloaded Info|
|Name||The name on your Facebook account.||Downloaded Info|
|Name Changes||Any changes you’ve made to the original name you used when you signed up for Facebook.||Downloaded Info|
|Networks||Networks (affiliations with schools or workplaces) that you belong to on Facebook.||Downloaded Info|
|Notes||Any notes you’ve written and published to your account.||Activity Log|
|Notification Settings||A list of all your notification preferences and whether you have email and text enabled or disabled for each.||Downloaded Info|
|Pages You Admin||A list of pages you admin.||Downloaded Info|
|Pending Friend Requests||Pending sent and received friend requests.||Downloaded Info|
|Phone Numbers||Mobile phone numbers you’ve added to your account, including verified mobile numbers you’ve added for security purposes.||Downloaded Info|
|Photos||Photos you’ve uploaded to your account.||Downloaded Info|
|Photos Metadata||Any metadata that is transmitted with your uploaded photos.||Downloaded Info|
|Physical Tokens||Badges you’ve added to your account.||Downloaded Info|
|Pokes||A list of who’s poked you and who you’ve poked. Poke content from our mobile poke app is not included because it’s only available for a brief period of time. After the recipient has viewed the content it’s permanently deleted from our systems.||Downloaded Info|
|Political Views||Any information you added to Political Views in the About section of Timeline.||Downloaded Info|
|Posts by You||Anything you posted to your own Timeline, like photos, videos and status updates.||Activity Log|
|Posts by Others||Anything posted to your Timeline by someone else, like wall posts or links shared on your Timeline by friends.||Activity Log
|Posts to Others||Anything you posted to someone else’s Timeline, like photos, videos and status updates.||Activity Log|
|Privacy Settings||Your privacy settings.||Privacy Settings Downloaded Info|
|Recent Activities||Actions you’ve taken and interactions you’ve recently had.||Activity Log
|Registration Date||The date you joined Facebook.||Activity Log
|Religious Views||The current information you added to Religious Views in the About section of your Timeline.||Downloaded Info|
|Removed Friends||People you’ve removed as friends.||Activity Log
|Screen Names||The screen names you’ve added to your account, and the service they’re associated with. You can also see if they’re hidden or visible on your account.||Downloaded Info|
|Searches||Searches you’ve made on Facebook.||Activity Log|
|Shares||Content (ex: a news article) you’ve shared with others on Facebook using the Share button or link.||Activity Log|
|Spoken Languages||The languages you added to Spoken Languages in the About section of your Timeline.||Downloaded Info|
|Status Updates||Any status updates you’ve posted.||Activity Log
|Work||Any current information you’ve added to Work in the About section of your Timeline.||Downloaded Info|
|Vanity URL||Your Facebook URL (ex: username or vanity for your account).||Visible in your Timeline URL|
|Videos||Videos you’ve posted to your Timeline.||Activity Log
Official now: UK Commons committee writes to Mark Zuckerberg asking him to get on a plane and front an inquiry in London. pic.twitter.com/VHxd2opClh
— Mark Di Stefano 🤙🏻 (@MarkDiStef) March 20, 2018
Of course as a US Citizen, Zuckerberg can’t be compelled to attend. There can be so many serious consequences to not attending that Rubert Murdoch and other News International Executives attended when they were called.
I teetered on the brink of deleting my facebook account last year. I removed the main app from my phone and a Windows tablet, and have never installed messenger. When it came down to it I balked at the final step. I did ulike pretty much all businesses and pages, as well as unfriended anyone not a real contact/friend etc.
The utility of facebook is still too great to remove myself completely. Although frankly I’ve had better results contacting businesses through Twitter and getting things done. Given it’s reach, facebook still remains useful. Delete the apps Facebook, Facebook Messenger, Instagram and Whatsapp.
If you want to delete your facebook account, it’s still relatively simple and you have 14-days to recover it, if you decide it was a mistake. Use this URL.
The Guardian published this over the weekend. It’s a long and important read that contains all the context and background detail into how Facebook was used to target people with advertising and social profiling of potentailly millions of people to bias or persuade them to take a particular perspective.
Much of this data came through those terrible apps which ask you to confirm access to your facebook profile, and your friends profile. Even though you may have never used one of these apps, if your friends did, they likely gave away your data.
The New York Times is today reporting that Facebooks Chief Information Security officer is leaving the company. So this is obviously a big deal. Alex himself denies that, although with the share price drop already seen today, who knows the truth, the data misappropriation is still a big deal.
Charles Arthur has a daily email which goes out under the guise of The Overspill from his blog of the same name. It’s well worth the subscription. Todays included a link to Justin Hendrix blog for justsecurity.org on the Facebook data use, in it Justin poses seven key questions:
1. Why did Facebook take more than two years to inform the public of this massive breach?
2. Did the Trump campaign or Cambridge Analytica violate campaign finance laws?
3. Did Trump campaign or Cambridge Analytica employees lie to Congress, or to the British Parliament?
4. Did Facebook’s failure to disclose this breach to the public and notify its directly affected consumers break any laws?
5. Did any of the Facebook embeds in the Trump campaign know that stolen data was being used for targeting?
6. Did Facebook have evidence its own employees mishandled this situation? Was any disciplinary action taken?
7. Did other organizations or individuals exploit these apparent weaknesses, and are there other breaches we do not know about?
Irrespective of what you think about how the data was used, and the outcome, these questions need to be answered.
It’s not strictly true, I will have a facebook ID again in the coming months, but it will be an output only ID. By that I mean it will be an ID that I can post things to, but little more than that.
As I said in my “evil empire” post, I’ve become more and more concerned about not just what data they collect, but what you can learn from it. They sell our data, and it’s pretty easy to drill down on the data and learn all sorts of things, even though the data is supposed to be anonymous.
The problem with this is not just what facebook can tell, it’s that to a degree it is a very biased view of who we are. For the longest time, the standing joke was:
if it’s not on facebook, it didn’t happen
But you know that’s not true. When was the last time you posted about your intimate desires, or genuine mistakes, or arguments you had with important people in your life, or private details of your dealings with banks, managers and so on. These all go to make up who you are, what makes you tick.
What facebook has is a simple snapshot, someone who is vastly different online than offline. Yeah, facebook knows I’m liberal, likely not religious, I read the Guardian and the New York Times and probably trust them for news as I spend more time reading articles. Facebook knows I have a generally negative view of the new President and it thinks it know what products and brands I “like“. The data says my “psychological gender” is more male than feminine, but not by much; I’m pretty laid back but do get emotional.
Our data is sold in bulk, using specialised tools, you can target data geographically, based on numerous categories. It is supposed to be anonymised when sold, but it’s relatively simple to identify. This week in Ireland the American Civil Liberties Union [ACLU] was trying to defend our privacy rights, when facebook moves our data between Europe and the USA. Europe has much stronger data protection rights. Facebook of course argued against that.
If you are not convinced, watch this video from the creators of Data Selfie, a chrome extension, see how what you do [on facebook], leaves a data trail to the person you are [on facebook].
The lack of control over our data is seriously concerning. Even though I’ve already deleted the primary facebook app from my phone, as well as Messenger. You can’t even see the data, I fear that facebook has data I can’t control, can’t delete, and somewhere in a facebook data center, I have a twin, someone I don’t know.
Yesterday the menu bar on my browser facebook page changed. I realized I’d been given access to their new SocialGraph feature but didn’t immediately realize the power of it. I tried it out a few times, did some obvious searches and went back to work.
Then late yesterday evening I came back to it, tried a few more things out and then suddenly, it was 3:05 a.m. The power of this is truly awesome. With power comes responsibility, in this case the responsibility lies with facebook users. Remember, when you are not paying for something, YOU are the product.
So, socialgraph is really helpful when you want to find a picture of you and a friend at an event, that either you, your friend, or someone else took. If you don’t get the query right, facebook will even give you helpful suggestions on how to search. The more information you put in the description, update, tags etc. the more specific the result will be. It’s really powerful.
Great. Well hold on. Remember YOU are the product. Turning to the dark side, it became really interesting to search for things, for example:
- photos from 2006 of friends at college < Facebook was mostly still just emerging from “the facebook” back then. It was only colleges that could get access before that. Trust me, some of my friends need to seriously go back and delete their pictures, and especially pictures they are tagged in.
- friends who are single women < Yes, facebook has gone from a psuedo dating hookup platform to a full blown competitor for match.com. Queries can be much more extensive, you can search for people who like something, that are single, live in a specific place and are between age and age.
- People at work who like triathlon < I’ve been toying with the idea of running a small event to get feedback from a few people. So I decided to try people who work at xxx in yyy and like triathlon. Sure enough a massive list of specific people, with often there actual job titles, locations, etc. and of course, since they are on facebook, you can send them messages etc. Yes, messages to non-friends now charge if you want them to show up in their inbox, put I cut-n-paste 60 names into Outlook, pressed alt-k and yammo, resolved through the corporate name and address book.
- People who like dance music and live in austin < now you don’t even have to like a page to give away your data. It’s available to mine for free. Again, the only gate here is that if they want to message you, they either have to pay or it ends up in your “other” inbox.
In general this has to be seen as a huge step forward in what you can do with facebook. It’s also hugely revealing in ways I’d never thought about that open us all up to commercial exploitation. Using this harmless question, I was really surprised at the results. My friends who are between 50 and 55 and like Jack and Adam’s Bicycles.
Definitely time to double check what information you’ve given facebook, especially in your profile, where you check-in and especially what businesses and hobbies you like. If you are a friend and noticed yesterday that I added an employer for the first time since I joined facebook, now you know why.
Doing who is searches is also included, but just retrieves information from bing. Amongst other things who is mark cathcart retrieved the following “Mark Cathcart read classics at Cambridge. He published as a City analyst with his innovative style earning him a top rank in international surveys for a number of …” < True, but not me. More on this problem up next.