Hacker News new | past | comments | ask | show | jobs | submit login

No, you intentionally give fb a photo or a piece of text to share. They hoover up everything else.

For example, they will record your physical location when you send a message or share a post, as well as randomly several times per day. They will also record which photos, posts, and ads you linger on as you aimlessly browse.

This is information that most people are not sharing intentionally, and it's not optional. Fb uses this information to build a profile on you that's separate from anything you share intentionally.

It's being referred to as spyware because most users aren't aware that Facebook does this, and wouldn't have agreed to it had they been offered a choice.




If I say "no" on iOS when the FB app asks for location how are they exactly recoding my location?

P.S. No idea about Android.


Theoretically (i don't work at facebook) there's a number of ways you could go about it.

- Geocode down to the lowest applicable level of IP address

- grab it from the photo metadata

- Piggyback off of similarities to other people obtaining similar photos or activity

- grab it from other database sources that do have your location

- correlate it to your interactions with other hardware/infrastructure with known locations

- transitively deduce it from your friends and acquaintances who share their location and tag themselves and reply to your stories/photos

Theoretically you could try to train some neural nets on images themselves. Geoguessr.com is a fun game website where you can try to do so as a human, and you can usually get pretty damn close. Images themselves leak a tonne of information on time/place: clothing styles, fonts and languages on signs, shadows, light colour, fauna/flora, asphault + stone types, arichtecture and design quirks. In many ways the neural net might even have some advantages over humans, because not many humans memorise the thousands of minutae: eastern USSR uses this particular kind of road barrier and reflector type and this kind of font on its road signs.

But aside from a research activity, i imagine facebook already has the data it needs most of the time...


I once posted a shot including a friends daughter. FB tagged her mother before I shared the post. We were all creeped out.


Geo IP is a reasonable last resort; it'll usually show at least what city you're in.

The images you upload may have location data on them.

If you're using a wireless hotspot then your location is correlated to anyone who also used it while sharing GPS data.

And so on.


"If you're using a wireless hotspot then your location is correlated to anyone who also used it while sharing GPS data."

That's a clever one I hadn't thought about. I guess for a service like Facebook/Instagram/Google it can work decently well given the scale/adoption.


That's in fact how your GPS works most of the time. They triangulate it based on a scan of SSIDs assuming access points are usually fixed. Both Apple and Google use this method.


fun fact - I changed my hometown to Timbuktu on facebook. yet when I click on Why Am i seeing This Ad, I am told it is because the advertiser wants to reach people who live in (not are in or have been in) my actual home town. huh.


Honest question, I don’t know the iOS APIs very well, can they (if you have given the app permission before) check geotags on your photos without you explicitly uploading that photo?


I believe if you give access to "Photos" on the device, they can. Otherwise by giving GPS/Location permission - no. They are two separate things.


Not to mention that you share the photos you don't post.


You can disable FBs access to location services.

And photos.

And contacts.

It was offered as a choice, because when you install the app, it asks for permissions to access those things.


But the choice looked (worded?) like it was required for the feature you're using.


When you grant those once (eg upon installation), they never have to ask you (or notify you) again... even for updates.


You're still giving all of that information out. Or your device is, but that's still under your control and thus you're the one giving it out.

>It's being referred to as spyware because most users aren't aware that Facebook does this, and wouldn't have agreed to it had they been offered a choice.

Then they need to control their data better. Facebook is an easy target because they do all of this in the open. There are probably untold number of bots online that vacuum up this information and you'll never ever know about it and legislation will never stop it because it's running on some server in China or something.


> You're still giving all of that information out. Or your device is, but that's still under your control and thus you're the one giving it out.

This is utter BS. I'm technically savvy and pretty privacy conscious, but the Facebook app still manged to hoover up my address book without me being aware. Facebook will be less than honest and mislead you to get you to accidentally give them more data than you likely intend, and that's not a voluntary disclosure.

PSA: If you still have a Facebook account, go to https://www.facebook.com/mobile/facebook/contacts/ to delete the your address book info that they've hoovered up. They keep this page well-hidden. When I found it, it wasn't linked from the settings, only from an obscure help page.


>This is utter BS. I'm technically savvy and pretty privacy conscious, but the Facebook app still manged to hoover up my address book without me being aware. Facebook will be less than honest and mislead you to get you to accidentally give them more data than you likely intend, and that's not a voluntary disclosure.

You installed an app that can basically do anything onto your device and you're surprised that it did something? You basically fell for the modern version of the Ask Toolbar. Stop installing things you don't trust. Better yet, don't use Facebook in the first place. But your unwilling to give that up. You want them to provide their service to you, but you don't want to pay the price for it.


> You installed an app that can basically do anything onto your device and you're surprised that it did something?

I'd also be surprised if someone who I let get near me then turned around and punched me and stole my wallet. I guess in your book it's my bad for letting them get so close. In real human society, there are norms of behavior one expects others to follow, even though they have the physical ability to violate those norms at any time.

> Stop installing things you don't trust.

So, basically I should burn my computer because I haven't audited all the code that runs on it? Facebook is a Fortune 500 company, they should behave in a trustworthy manner.

> You want them to provide their service to you, but you don't want to pay the price for it.

If they want my phone's address book to be the price, they need to be up-front about it, which they were not and likely still are not.

And I'm pretty sure your next line of attack is to criticize me for not carefully reading every line of their terms of service and not keeping up with all the un-advertised updates they make to it. After all, if you don't spend your life keeping up with legalese, you deserve whatever you get, right?


Facebook is a Fortune 500 company, they should behave in a trustworthy manner.

That train left the station a long time ago.

Facebook will never behave in a trustworthy manner, since it's completely against their business model.

My family scoffed, when I told them that there is no friggin' way that I will ever use WhatsApp. Recent development just proves how right I was.

While I had a FB account until I "deleted" it ca. 2013 I will never again come near any Facebook property, no matter what! This company and it's management is the epitome of scum.


What’s the story with what’s app? Had that installed 4 years ago in Brazil since everyone uses it.


> Facebook will never behave in a trustworthy manner, since it's completely against their business model.

Yeah, I agree Facebook's fundamentally broken and I think it's going to take some kind of GDPR-type regulation to fix things (and hopefully "creatively destroy" it).

The idea that I was arguing for is that their untrustworthiness means Facebook is in error, and it's not the user's error for trusting them at some point and having that trust abused. It's only the former that will justify the kind of regulatory response to bring them to heel, and the latter is mainly a reaction to prevent that reckoning.


Facebook is in error, and it's not the user's error for trusting them at some point and having that trust abused

We have absolutely no argument about this point.

Cutesy passive aggressivenes also doesn't really help their case. It was that, which really turned me off. I couldn't have imagined at that time how dirty that company really is.


Most people are entirely unaware of how much data Facebook is collecting about them. Raising awareness about that is a noble goal, but it's not mutually exclusive with stopping Facebook from exploiting their naivety.


But it's a temporary measure that only works against Facebook and maybe other companies that do it above the board. In other words, you're kicking the companies that are honest about it in the teeth. Meanwhile the really shady companies will continue doing it, because they are outside of the jurisdiction. This is like trying to provide security through obscurity. Yes, it works on a large scale, but it's not really security.


In other words, you're kicking the companies that are honest about it in the teeth.

Where exactly was Facebook's ever honest about what data they hover up?

Want just but two examples from dozens?

That cutesy rabbit and the super shady patterns used for permission to suck up all your communication on Android would be exhibit #1

I would add the fact that they abused the phone number provided for two factor authentication to spam you with adverts. A clear abuse of its intentions and a kick in the teeth of security in general.

There are dozen more examples. If in doubt search for "The apologies of Mark Zuckerberg" on DuckDuckGo.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: