To actually opt out, you have to click the "More Options" button, then "Manage Future Activity" at the bottom, then "Manage Future Activity" button, then toggle off the "Future Off-Facebook Activity" toggle.
> The only thing you’re clearing is a connection Facebook made between its data and the data it gets from third parties, not the data itself.
However this is not the main privacy issue with Facebook in my opinion. Even if Facebook users could legitimately clear their third party data entirely, they still can't easily clear their own first party data (posts, photos, searches, likes, Instagram activity, etc). Right now, you have to go click "delete" in your activity log one-by-one on individual posts. This is so time consuming and manual that most users will never do it - which is of course by design.
There is a plugin that helped users delete their Facebook content (https://chrome.google.com/webstore/detail/social-book-post-m...), by letting you select the time period and type of content you want to delete. However, Facebook repeatedly breaks it by changing the page design for seemingly no real reason. The cat and mouse updates worked for a while but this extension has not been updated since 2019. Some creative people then built a second extension that switches Facebook to an older layout (https://chrome.google.com/webstore/detail/switch-to-classic-...) and this allowed the above history clearing extension to work. But then Facebook made an even more drastic redesign of the Activity Log, which broke this approach of using a second extension in conjunction with the first.
Can any enterprising HN code ninja help solve this problem? I think we need a suite of tools to help users easily clear their history from all social media platform, whether it is Facebook, Twitter, Instagram, or whatever. Ideally we'd have a law requiring such controls be provided to users but I'm not holding my breath.
There is also a reason websites have stopped using the term 'delete' and are using 'clear' instead. Because clearing something does not imply that it's gone unlike with delete, just out of view.
What you want it to mean is "remove this entry from my view in the frontend, delete the related record in the backend, and delete all previously cached copies of it in the backend."
If someone decided to meticulously track everything I do. Follow me wherever I went. Put a GPS tracker on my car to see everywhere I visit. Peep inside my windows to see what websites I browse. Look over my shoulder at the grocery store to see what items I buy. I would consider that stalking and attempt to file a restraining order against that person.
Can I file a restraining order against Facebook? Or Google?
You can't, because all the websites they're tracking you on are actually helping Facebook by choice. They didn't plant a GPS tracker on your car, they paid a bunch of amoral civilians to monitor your movements through the city.
Our legal system isn't equipped to handle the majority of free people deciding to act like broad-spectrum stalkers within the span of a few years. Society only works if most people aren't evil or utterly susceptible to evil influence.
When was it ever? Anyone could write an article about you. Articles about specific people are discussed all the time on Hacker News. Usually the person being written about doesn’t get a say about their reputation.
The common law arguably put the question you ask in the hands of a jury.[1] It is public figures whose lives are fodder for public consumption; more generous privacy rules traditionally have applied for the more mediocre among us.
Sadly, I'm inclined to agree with your assessment, from my utterly amateur legal armchair.
We need new laws for this. GDPR is a good start, if one happens to be an EU citizen, if a bit toothless.
We need new laws because automated collection of vast amounts of personal data, at scale, is a thing different in kind from manually collecting personal data about a specific person. Due to the expense and difficulty, the earlier system would tend to scale broadly with someone's fame, or at least wealth, which matches our expectations: it's not surprising that, say, a gossip magazine would have a fat file on Leonardo DiCaprio, and we figure he has lawyers on hand to deal with any consequent fallout.
In fact, we all used to be quite grateful for the unsung laborers who would collect and publish a doxxing book, called the white pages, which would list the names, phone numbers, and addresses, of most local people. Of course they were legally obligated to unlist those who requested it...
SEC. 702. PRIVACY OF CUSTOMER INFORMATION.
Title II is amended by inserting after section 221 (47 U.S.C.
221) the following new section:
SEC. 222. PRIVACY OF CUSTOMER INFORMATION
If it is about customer (!) information, does it still apply to people simply visiting websites, and due to not knowing better, not blocking Google and FB trackers? It would not seem like they are automatically Google's or FB's customers.
It's not a silver bullet of course. Discord, for instance, just 'anonymises' message history by renaming your account to Deleted User. But most people's message history is enough to deanonymise them, making that completely null and void. If you ask for your messages to actually be deleted they will refuse your request.
I published a tool on GitHub for deleting message history in the most efficient way I could find. Yet users of the tool sometimes get their accounts banned because Discord's TOS prohibits unauthorised use of their API. I speculate this is because they don't want custom clients which don't send back telemetry.
Discord is either tone-deaf to common privacy concerns or they're completely conscious of them and don't want people to clear their message history.
One tactic I've worked out with individual mods is I have them ban me, then unban me, which causes all of my posts to be erased from the public chat. Of course Discord probably still has them privately, but it's better than nothing.
That's interesting, thanks for the tip. I would hope they would have a sort of garbage collection that deletes orphaned messages, but this is Discord we're talking about.
Fine the Facebook subsidiaries incorporated in the EU. Or completely ban them from doing business, which prevents advertisers in the EU from giving them money.
This is impossible - the fine would have to be absurdly high to matter and if they disabled their business in the EU there would be riots. Facebook can essentially do whatever they want as they are also likely sending information to services.
> This is impossible - the fine would have to be absurdly high to matter
Fines here are proportional to profits, so it would be absurdly high for Facebook.
> and if they disabled their business in the EU there would be riots.
Not really. In the last five years I've seen an ever growing anti American sentiment around here. I guess it's because all the antics that were coming from the angry Cheeto.
America is now seen as unstable and unreliable. The sentiment around here is basically (generally speaking): "and what happens of they decide to elect (another) Trump again?"
That's an interesting question, but it doesn't accurately describe the collection/transfer of data as far as FB or Google are concerned.
Millions of websites/apps/stores willingly deliver this information to Facebook/Google for free, and it's your relationship with each of those websites/apps/stores that governs the collection and sharing of that data.
GDPR, for instance, makes a distinction between "data controllers" and "data processors." The businesses are the controllers, and FB/Google are processors. Both have responsibilities regarding the handling of your data, but most of the requirements fall on the controller. The processors are able to assume that the controller had the right to share the data with them.
The problem with this interpretation is that valid contracts depend, among other things, on informed consent and on the legality of what's being required, meaning you can't trick someone into being bound to terms they never really accepted or sufficiently understood and you can't bind them to illegal terms.
In this case, most people haven't read the Facebook terms of service and it is probably unreasonable to expect everyone to not only read them, but to keep abreast of any updates. So it's a grey area. And if you pass laws and regulations around data privacy, then FB won't be able to legally impose such conditions. But as I said earlier, there isn't much inertia behind data privacy. Nobody with power wants it.
> valid contracts depend, among other things, on informed consent and on the legality of what's being required
Yes, and they also depends on power dynamics.
That's why there are a lot of restrictions on what can be written in a contract between public utilities and users. An electricity provider could strong-arm users into signing draconian contracts otherwise.
Social networks have the same negative externalities: if most of your friends move from using emails to using Facebook to communicate and you are not on it your life gets provably worse. You are cut out from a lot of your social circle.
Having walled-garden social networks is anti-competitive by design.
Unfortunately legislators turn a blind eye to this.
“most people haven't read the Facebook terms of service and it is probably unreasonable to expect everyone to not only read them”
I completely disagree with this thought process. If a website is asking your birthday, every like / dislike , every detail about relatives and is able to predict if you like someone even before you do .. you better know how they will use all this data.
Strictly speaking you're correct, but you're describing the should rather than the is. There are too many overly-long ToSes written in arcane legalese to do mundane things like use a website or play a game for the average person to comprehend even the fist time for everything they use, let alone keeping up with the changes and their implications.
It seems that the term "shadow profile" refers to a feature where Facebook retains contact information uploaded by other users in order to recommend them as friends if/when you create a profile [1]. For all the fear associated with the term, that's pretty benign. Is there any evidence for a link between these "profiles" and some of the more egregious claims of privacy infringement?
For privacy advocates the simple act of linking people that way is worrying enough. Not much of a concern for me (my government's creepiness is vastly overshadowed by its incompetence) but it could certainly be dangerous to free thinkers in certain regimes.
I find it hard to believe that they can't associate more information with those profiles than just who has who else as a contact (or has in the past), some derived/guessed and some from purchasing access to other data-sets, and I find impossible to believe that they won't if they can. Not just FB but other purveyors of advert targetting stalkerdom too. This isn't "don't trust the man" foil-hat paranoia - knowing as much as possible about as many people as possible is their well documented business model.
And of course, the shadow profiles would have had names, email addresses, phone numbers, and linkages that could help answer questions like "mother's maiden name". If shadow profiles were included in the recent huge leak then people who had not ever touched nor wanted to touch facebook, may have just become easier social engineering targets.
Terms and conditions which would have a hard time holding up in court without a signature and witness. Maybe things will change in the future since my own bank does this for online agreements as well as a few government agencies but those do have more stringent KYC rules for online verification.
Can Facebook legitimately pivot into any other service/product and still make money? It seems like they're always going to be at odds with privacy/public trust.
One one hand, it is extremely sad to see talented engineers at Google/FB work hard on products designed to spy on people, but OTOH, I suppose it could be far worse if these were companies who simply sold our data.
as a ~40yr old it feels like the greatest disappointment of my generation is that most of our brain power went towards making better spyware, click tracking, etc, all in the name of maximizing ad revenue and click through.
I think there are several parallels in other industries - financial, pharma, etc. Very smart people, working on products that are (on some axis) detrimental to our society (or at-least one vision of what a society should look like).
Went from designing stupid stuff like cheap audio IC's which meant any teenager with a part time job could afford a bitchin stereo. To designing cool stuff like a wiget that disables a single mother's car when she's a day late on her car payment!!!
You say that car thing like it's bad. Instant enforcement of debt is good for both the lender and borrower. It stops people getting trapped deeper and deeper in debt. A lot like pre-pay phone/power/etc. Your life isn't ruined because you stopped paying, just inconvenienced for a few days.
Would it be worse? A big part of what companies like FB and Google do is get people "hooked" (A good book on this very topic) on sharing that data. In effect willingly revealing more and more data about themselves. If it were simply being sold I don't think people would divulge as much information.
Agreed. If entity A makes billions of dollars by selling everything they know about you, and entity B makes billions of dollars by merely knowing everything they know about you, I much prefer entity A. Entity B and its investors terrify me with the confidence they have in the future returns on that knowledge.
So you’d rather me be able to purchase information about everything you’ve done, down to your gps location from five minutes ago? Even “anonymized” data is trivially easy to de-anonymize with publicly available information. It makes me shudder to think how many apps (like weather channel) are on everyone’s phones that allow companies to sell your current location to the highest bidder. It’s shockingly pervasive.
If you can purchase it then so can I, so yes, I would absolutely prefer that. Better than Facebook building up a totally proprietary information hoard. If Facebook knows it, I consider it lost anyway.
Quite true, it is their business model. There are so many talented engineers using their great talent on ways to gather advertising data. I wonder what will happen when their business model is no longer viable? Do they then begin the pivot of selling our data to anyone?
The Facebook Portal seemed like an attempt to make a product less dependent on ad revenue; unfortunately, the fundamental nature of it made people really distrustful of it. This is also why I'm closely watching what they do with Oculus.
Color me surprised. I kept hoping that with one of these privacy leaks, or any of the other atrocities that FB has committed, it would've triggered the beginning of their demise...but nope. Their stock prices just keep rising, and people continue to use the platform.
People are addicted and enjoy it too much. I have family members who spend all day posting memes, pictures, comments, etc. The only way I see FB failing is if something better comes along that can replace it.
Is there a browser plugin or something that filters Facebook-related posts from HN? We get it, they don't respect your privacy, but seeing the same content voted to the frontpage multiple times a day is getting exceptionally tiring.
well this is not a surprise at all. I am pretty sure facebook engineers have outright said the system does not have the capability to delete anything. Their claim was that deleting things "is hard"... id bet that scaling to keep everything forever is much harder.
They will mouth some words about "our high availability data replication and backups are not designed to delete information instantly". Meanwhile, their metric ton of machine learning has already been loaded up with your behavioral traces and cannot be unlearned. It'll still predict your behavior well enough to target ads, even if the raw trace of what you did is gone.
Given how they and companies like them behave, how they drag their feet and stall all the time, I am not surprised.
I suspect Facebook is too useful as an intelligence and surveillance tool to lead to some kind of meaningful legislation, penalties, whatever. If you can delete your data, then you can hide your tracks. Also, even if we assume that the US at least has in its favor a cultural apprehension toward surveillance, China doesn't, so you'll have a situation where a country is monitoring everything to death while you don't know what's going on. At least that might be the thinking. If that is so, I cannot imagine any realistic solutions. A race toward the bottom. You would need to ween people off Facebook, to cause them to leave the platform in droves. The only way to do that is to offer something better and that something would need to have privacy "built-in" in some way and either remain profitable or decentralized.
actually, that was the situation at one point. Facebook never wrote the code to delete things from their CDN.. so if you deleted your photo from your profile or album or whatever but someone else still had a link then that photo was still available.
Similarly if you try to delete your Facebook account, the only option is "Deactivate Account". Or at least it was for me. They don't give a whoot- until their bottom line losses reflects the damage they cause.
I've noticed when deleting reactions from my activity history, that after they appear to be all gone if I wait a few days more pops up. It is like impossible to remove them all.
I once worked with a guy who said "I don't know how Facebook can even be making money, like they don't charge for anything." Seriously.
Granted, this was a decade ago but even then all of us tried not to laugh and I just said something along the lines of "Do you know how they have ads for wedding venues right after you were engaged? That's how."
it's funny how when you open an article criticizing how Facebook tracks you the first thing you have to do is go through 70 pages to tell the site you're reading the article on to not track you.
The fucking article even mentions how many trackers are on Gizmodo, and then says "BUT THATS NORMAL ITS ON EVERY SITE YOU GO TO!" The author writes a piece and shits all over Facebook, and then goes on to minimize it when it comes to them doing it.
Directions on analytics come from the "serious, business-minded" end of the company. That is true for every [major] journalism outlet. It's always been true.
Don't put that on the writers to resolve. Unless they have the resources to found their own competitor, they're as much at the mercy of the whims of the company heads as the readers are.
Even the development staff have little to no say about it. Inclusions of those kinds of things are at the behest of sales/marketing and management/executive. There is less crossover between those groups and the editorial staff than many people have decided to believe, no matter how often they're reminded.
If you ask me, the writer is doing plenty and they're doing exactly what is in their power to do: write about it.
Frankly, it seems like a modern miracle that a publication will produce editorial pieces that are so self-critical. I think it speaks to a healthy journalistic environment in general, even if the business practices need an overhaul.
https://www.facebook.com/off_facebook_activity/activity_list
To actually opt out, you have to click the "More Options" button, then "Manage Future Activity" at the bottom, then "Manage Future Activity" button, then toggle off the "Future Off-Facebook Activity" toggle.
Dark patterns. So disrespectful. Shameful. :(