I think this is a terrible headline that masks an interesting philosophical debate. Especially at this community, we feel we intuitively understand that we get the convenience and social value from Facebook for $0, and we pay in our personal data they use to serve up advertisements. That to me is hardly newsworthy and a relatively uninteresting piece.
But- there is an interesting question in what is an appropriate use of our personal data w.r.t credit ratings, financial decisions, etc... Just like there are anti-discrimination laws that prevent mortgage servicers from altering policies based on race, perhaps there should be other walls to keep separate how our data can be used financially.
This is a question the NY Times should've posed instead of this clearly linkbaity uninteresting headline.
Maybe a little SciFi sounding but I can imagine in the near future there becoming a market for obscuring a person's search and online social behaviour results. With the proper attention paid to timing and location, it would be a fairly simple matter to blur realities between who a person is and what a program has randomly searched for: e.g. provide your login details to a program that spends the next couple of years inserting random data on your behalf.
This was also my immediate reaction, agreed. I wrote an article a while ago that talks about a similar thing, but concludes more along those lines - facebook offers us the service for free, and as far as we know they do not sell our personal data. Until they do, we don't need to worry.
NYT's target audience is not HN. I think many people who use FB don't realise there are any privacy issues under consideration, and I think it's good that the NYT is pointing them out.
While I'd expect most HNers to have made a conscious choice whether to trade their data for FB service or not, that's not something I expect regular users to do (I think they should, but that's another matter).
This is what Freedombox is for (also Diaspora). Freedombox is one of the few projects I make time to contribute to. I'm surprised it isn't one of the more popular projects among this community.
Email and telecommunications that protects privacy and resists eavesdropping
A publishing platform that resists oppression and censorship.
An organizing tool for democratic activists in hostile regimes.
An emergency communication network in times of crisis.
If you live near New York City, there will be a hack-fest February 18, 19, 20 (more information in first link above). I hope to see you there.
You guys need a much simpler "what is freedombox". From the /learn text I only get the impression that it is "Tor in a dedicated box". Where is the social network?
Thirding. The "what is freedombox" posted here tells me basically nothing. It sounds closer to marketing fluff than an actual description of what freedombox is and does.
Is it a social network? Twitter? Both? Something new? Why should I want to start using it, aside from claims of anonymity?
I'm surprised it isn't one of the more popular projects among this community.
You shouldn't be. My values align roughly with that of the freedombox creators/developers but I can easily see this will have poorer adoption than other well-intentioned technology like PGP or gNewSense.
If you want a project of this nature to see widespread use it will have to be fun, usable, and pretty.
I follow a few high profile tech news source, but I never heard of Freedombox.
One major worry I have about decentralized systems is crackers. It's hard enough to secure centralized systems using proprietary code behind firewalls managed by an army of experts. How can a decentralized system possibly avoid becoming a 0day distributed botnet?
"... I follow a few high profile tech news source, but I never heard of Freedombox. ..."
That's why it's important to read HN.
Eben Moglen is one of the few lawyers I bother to listen too. It helps he has a CS background. Moglen did a talk at New York Technology Council & Internet Society, Friday, February 5, 2010 that outlined the idea behind the freedom box. I remember watching & listening to the recording just after the speech. It's worth the watch/listen to get the idea in full.
The idea in short, "Own your own logs". Third parties can't infer what they don't have. The talk is located here
> It's hard enough to secure centralized systems using proprietary code behind firewalls managed by an army of experts. How can a decentralized system possibly avoid becoming a 0day distributed botnet?
I do not understand your concern.
Centralized systems are easier to crack, not harder. Proprietary code may or may not be easier to crack, but I'd lean towards easier. Distributed systems do not require you to not have firewalls. Distributed systems do not require you to not have experts managing them. Nodes of a distributed system do not have to obey the commands of other nodes or have a central control mechanism.
How would a decentralized system ever become a 0day botnet?
The point of Freedombox is that everyone has his data in his own home. If average Joe wants to share this data with his friends, average Joe is going to run a server in his home. If the server code has a 0day exploit, average Joe server easily becomes a node in a botnet.
How do you address the problem of managing a fleet of 800 Million servers running in 800 Million homes? Who are the experts that manage this problem and who finances their work? Why would average Joe trust them with his data? What is the technical device through which they have admin access to 800 Million servers in 800 Million homes?
That may be the setup of that project, but it isn't the status of every decentralized system. A decentralized system could as easily be funded by individual users buying hosted space with professional admins.
I don't see the 0day exploit window of one additional application running on local users' boxes to be much cause for alarm. Somehow we muddled through decades of Windows boxes with everyone joining the Borg.
I don't see that many merits in the views expressed in this article.
You are using Facebook, and Facebook is using you and your data.
"Using you" has a negative connotation, like a bad relationship. So what does Facebook do to "use you"? It shows tailored advertisements. By that standard, nearly every commercial entity on the web is "using you".
The article continues with non-Facebook-specific privacy issues, mostly focussing on law enforcement being able to access your data. If you got a problem with that you should take it up with your representation, not with those that simply comply with the law.
The problems with data aggregation are correctly identified, but not specific nor directly related to Facebook.
If an employer won't give you a job, because she found a drunk picture of you on your public profile, I really see only two people at fault: You yourself, and your employer (and maybe your local laws that allow for this to happen).
I think it is weak to point the finger at Facebook, when all they seem to do is facilitate you and others to give them data voluntarily.
I agree using the data to tailor advertisements is expected and not that nefarious. Facebook has been very careful not to make solid promises about what they'll do with the data, though. That doesn't prove they do other things with it, but they at least seem to want to keep their options open. There are all sorts of interesting services they could run that I think people would find much more objectionable uses of their data; and it's not clear they would announce it if they started doing so.
It's likely they already give the government more data than strictly required; they've danced around the issue when asked if they voluntarily give data to the government, in circumstances that don't require them to do so (i.e. no subpoena, warrant, or other legal order). They could choose to do that with non-governmental entities too; for example, it might be lucrative to start an employee-screening service. Some of that could be risky PR-wise, but they need not publicly disclose it, and might choose to strike private deals with a few large companies for use of the data. They could even get some plausible deniability by doing it via an intermediary: Facebook licenses a data feed to a third party for analytics purposes, and the third party sells curated views on it to interested parties.
Not sure if any of that will happen, but there doesn't seem to be much stopping it. The privacy policy is not that strong to begin with, and can in any case be changed at any time with retroactive effect (at least in the U.S.; they would have more trouble in Europe).
Your example of the profile picture misses the larger issue - this data is not perfect and people have natural biases in their judgement. Does the situation change if the employer based her discrimination claim on stated relationship status or sexual orientation (illegally, yes)? What if that status is based not on overt information, but on your friends and relationship status?
This kind of discrimination is difficult to prove. If I'm hiring and have a large enough labor pool (say, retail in an area with high unemployment), I can apply this to each resume that comes in, never responding to those who didn't pass the test.
Anyway, using Facebook as the lead and straw man is flamebaid but, hey, it reached the top of HN.
I think the article's main point succeeds on the merits: while we have a variety of statutory and regulatory mechanisms in place to make sure that things like credit reports are compiled in a fair manner we have no such mechanisms for the likes of LexisNexis, ChoicePoint, Facebook, Google, etc., etc.
I don't think its unreasonable to want some assurances that my creepy neighbor can't purchase my web history or FB data. Less facetiously, at the very least, I should be informed when an adverse decision has been based upon this information and should have a chance to review it periodically.
Somehow I feel this article hasn't gone through an editor.
Here are a few examples:
> In Europe, laws give people the right to know what data companies have about them, but that is not the case in the United States.
This sentence primes the audience for a discussion of the laws, but that anticipation is never fulfilled. The article jumps to a new topic immediately.
> Ads that pop up on your screen might seem useful, or at worst, a nuisance. But they are much more than that. The bits and bytes about your life can easily be used against you. Whether you can obtain a job, credit or insurance can be based on your digital doppelgänger — and you may never know why you’ve been turned down.
Yes advertising uses the same 'bits and bytes' about your life to determine targeted ads, but you can't co-mingle the idea of advertising and the drastic case of being turned down on insurance because of a Facebook posting you made.
The premise of the article is that Facebook uses you, in that they use your personal data. It's true, but they use your data for advertisement and not for the other more troubling purposes the article talks about.
The author appears to want to set up a slippery slope argument by saying that simply because a market exists for personal data beyond advertising, then Facebook will either (a) sell their corpus to those companies that already provide the service or (b) start providing those services themselves.
It's possible, but there's no evidence suggesting that it is occurring already or is likely to occur in the future---businesses don't enter new industries merely because they can; there's always a cost to diversifying and for Facebook the cost of selling user-data to let employers make hiring decisions is the loss of their dominance in social networking. Once its known that the information you give you Facebook can be used for more than advertising, people likely will stop giving that information. Facebook can make a one-time sale, but loses on the chance to continue reaping ad-profits.
Why would they kill their cash-cow and core business just for dubious short-term gain?
This is somewhat disingenuous given that the entire commercial media industry does this, it's just that they aren't quite so efficient.
If you've not ever worked in the media it's easy to underestimate the lengths they go to to work out who is consuming what and how to better channel ads at the lucrative targets, or how astonishingly detailed their information actually is. Your cable provider is probably far more evil than you imagine.
Not to mention that the NY Times (the publisher of this article) probably collects a lot of information about their on-line readers. They know what articles you've read, what ads you've clicked on, what comments you've left on their site, where you live (based on your IP address and/or your billing address), approximately what your income is (based on your ZIP code), and that you found this article through Hacker News. And if you're a paid subscriber, they know your real name.
The article is a litany of citationless speculation. The things the writer mentions could happen. But then, many things fit that description.
More to the point, companies that draw the wrong conclusions from data they have – changing credit limits without merit, targeting ads wrongly – will not be helping themselves.
And it goes without saying, for me anyway, that putting information online means putting it online. I don’t assume that Facebook’s interests are mine.
To me, the definition of “my data” is not claiming ownership of bits on FB’s servers. It means that if it’s on the Internet, it’s because I put it there, caveat emptor.
Financial institutions are using all available data to improve estimations of creditworthiness. The Horror!
I don't support the implicit assumption that it is better to err on the side of leniency when it comes to credit provision. Inadequate information was as responsible as lack of oversight for causing the financial crisis. Racial discrimination is also a flawed analogy -- that was a case of using traits that had no bearing on credit risk to calculate a deliberately false appraisal, whereas using data on online activity is far more akin to the practice of requiring bank statements.
Granted, mistakes could very likely be made, but so far the author presents no evidence that using such information is any worse than other means of estimating credit.
Its a very good article although the title should include Google, American Express and NebuAd. I am aware of Facebook, Google and Cerdit card companies using personal data to perform business functions. However I am quite alarmed by the incident mentioned in the article where six ISPs sold personal data. I have never heard about it before, and am wondering how common is this practice.
Question: why isn't my data's copyright owned by me? I should have the same rights over my data (my searches, my browsing history, relationships, etc.) as an artist has over his creations. And they (companies that use this information or trade in it) should have to pay me to use it.
Anything (sufficiently creative) you create is automatically copyrighted by you, but according to Facebook's terms of service,
you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook
Though it's an interesting point; the Facebook ToS are a pretty weak way of effecting a copyright license, even worse than a click-through EULA.
I'm guessing they wouldn't be dumb enough to do so, but it'd be interesting if they tried to exploit that license grant to its maximum potential. For example, a number of musicians, and even major labels, post music videos on Facebook. If we take the terms at face value, that means Facebook gains a transferable license to use that music video, worldwide and royalty-free. So they could, for example, sublicense the video to be used in a Levi's television advertisement, without the original artist being paid--- if this license really does what it claims to do.
I doubt that even the complete record of your online activities would be found by a court to be copyrightable. While it might represent a lot of effort, the fact that the record exists is ancillary to the reason you keep adding to that record. The fact that you don't have access to most of what facebook collects about you puts a snag in the argument that you're doing it for creative purposes.
Copyright for databases or collections of data is variable, depending on the legal framework where you live.
In the EU, there is some protection but it requires either creativity going into the compilation, or the work done to create the compilation must exceed a certain threshold:
In any case, the basic pieces of information about you are not copyrightable, even in the EU. They have adopted privacy laws to deal with personal data.
There's been some discussion on HN about copyright of public transit schedules, I believe in Australia and/or India.
Not to sound pedantic, but in this case the "user" data wouldn't have existed without the product, so it's not exactly like an artist's work. It's not surprising it is a challenge to find a traditional parallel for the new complexities of this century.
How much would their service be worth to you without other user's generated content? If it's more important to you to see other people's content than you putting out your content, then you should be the one paying them to access other's content.
The use of our data for purposes beyond advertizing is definitely a rapidly brewing storm. I already get emails from pretty looking web services offering sometimes dubious claims of magical insight, if only I send them a list of emails I want checked out. I expect the reach of those claims will only continue to broaden.
At the heart of the problem is that the sharing of data is assymetric, which will prevent market forces from weeding out services that don't put a premium on ensuring their data is even accurate, let alone whether their conclusions are sound. In other words, I have no idea who is sharing what about me, or how it is actually affecting the decisions being made around me. Employers, banks, etc, don't do a post game wrap up where they show you the data mining services they use, and what they say about you (relevant aside: when I get these data mining pitches emailed to me, where did they get my email, and why do they think I may be interested in these services? I have no way of knowing). I may be able to curate my facebook data, but I can't curate an augean stable of ever changing services that I don't even use, or know exist.
Seeing how a lot of people on Facebook use fake names, I don't how the information Facebook provides for potential data buyers can be deemed as trustworthy enough to be used to lower credit ratings, or as basis for hiring. Granted, if a person has a history of bad-mouthing previous employers (which is the person's responsibility in the first place), it can be used against the person. But that can happen if an employer connects with the potential employee and checks the ever-helpful Timeline, without Facebook having to sell the data.
I find it perverted that people are angry about Facebook but illegal warrantless mass surveillance of every citizen in the US doesn't generate a comparable outcry.
Facebook does nothing to violate your privacy. The FBI intentionally spying on you without your consent or knowledge IS a violation of privacy.
I hope the NY Times considers "Facebook sells access to you" and "data mining can have unfair consequences when exploited by unaccountable credit rating agencies" to be facts that are not new, but are worth repeating again and again.
Well the credit card example is not new. I remember reading, in the NYTimes, about several people who had their credit limits reduced significantly after the 2008 crash, and the reasoning they were told was the type of places they used their credit cards, and usually it had to do with certain bars in certain neighborhoods where many others who used those establishments defaulted on their credit card bills. I believe the other method employed by these banks were to increase the minimum payment substantially as well.
This article does not really reveal anything that has not been already well documented, and most likely on the NYTImes.
There have been a lot of stories like this one and they usually show up on HN. This one is particularly good at drawing out the consequences.
But as these stories become more commonplace and the general public becomes informed of the true Facebook, I'm wondering if there will actually be people that care.
I can see as the kids that grew up on Google and Facebook become older that the idea of "privacy" becomes more obsolete and that they inherently trust the algorithms because they have always worked for them in the past.
I'm not saying that I agree with this and that I hope this is how it turns out, But maybe The Zuck is right after all.
In an information economy, a data mine has the same value that an oil, iron, or coal mine has in an industrial economy. The great data aggregators--Facebook, Google, Twitter, et al.--will be the robber barons of the information economy because they own-and therefore control access to-the data mines.
The simplest opt-in/out I think would be satisfactory would be to limit the amount of data they can associate with me to an arbitrary time period (six months sounds about right).
I think there has to be a price to pay from the data aggregator side if they want information associated with my 'real' identity.
Yes at a simple level you're right, but you could use the same argument about lots of things, for example I could opt-out of using the Internet but that should not give ISPs carte blanche with my personal data.
As to your question, I use FB fairly cautiously and I'd also rather not exclude myself from a social forum which friends prefer to use.
What I'm suggesting is a simple compromise, rather than give social networks an unlimited license to my data I'm happy to give them a more limited one.
Reading the Times' headline I can't help thinking of the grammatical difference between 'use' and 'utilize', which turns on what the intended purpose of the object is.
Which of course raises the question, what is the intended purpose of a facebook user…?
That's more complicated than just using Adblock and is bad PR in the message it sends.
If you mean charging to not "use" your data at all, that is an ill-formed concept, given the nature of the business as a sharing service. No friend recs? No featured suggestions? What about using data you give to a friend that they choose to give to facebook -- that there is all your data
Some sites (like deviantArt) do successfully upsell to premium accounts, where one of the many features is no more ads. (And they actually advertise "no more ads!" to encourage upsells, though they advertise other features too.) Only a tiny portion of internet users have heard of adblock let alone use it, sadly (or perhaps not sadly if you think ad-driven companies like Google have made a lasting positive effect on the world), and even if they've heard of it forking over a credit card number may be conceptually easier than installing an addon or calling their "computer whiz nephew" to come over and do it.
Anyway, one way Facebook could do this is by upselling to an account where you have access to a database table or key-value file (or mixed) showing you all the data they have about you (not necessarily use). They could further upsell you on using your data for a particular function or not using your data for a particular function, showing you the documentation to the various functions in question. e.g. an option called "Send to credit agencies" (which you can pay $5 to turn off) when expanded highlights the particular data or sections of the data it sends to which agencies. Indeed, there may even be code it can take the docs from:
/**
* Sends user's Account Data (username, full name, address if provided, etc.) and a credit score estimate determined by @See otherfunc to EquiFax.
*/
function send2equifax($account_data) { }
Or, you know, something simpler like how oAuth permissions are granted. But considering the likely target market for significant data restriction upsells, customers are probably pretty technical and can handle the specifics.
It IS using you and if you aren't smart enough to figure that out then you're living in a bubble universe.
FB is an awful, monstrous growth on society. I'm sorry if this sounds like an over-reaction, but its pure, undiluted evil. Its reach is just way far too pervasive and the tracking on non-members is just plain illegal as far as I'm concerned. Unfortunately, people seem to have come to believe that society couldn't exist without it.
I'm (vainly probably) hoping that the flotation will, ultimately, be its downfall. Even existing toothless Regulation might scupper its share value enough to make it an obvious bubble investment -- and people might wake the fuck up and start to remember the real value of money, people and privacy again.
I can think of many things I'd apply that label to (Such as DHS, the republican party, ACTA), but applying that to a service that people voluntarily sign up and use is a bit absurd, don't you think?
This just in: Advertising companies track people. Film at 11.
It's possible to completely avoid facebook and their tracking with the most minimal of effort. I wonder when we're going to stop seeing these breathless "zOMG EVIL!!1" rants against commonly used services and stop diluting the meaning of the word "evil".
Showing you advertisements is not "evil". Using cookies is not "evil".
No, its not. Its what they are doing with your responses to those things that are potentially or actually evil. The fact it requires any response on my part, minimal or not, is absurd and unacceptable.
People reserve that type of speech for concentration camps or mass graves, not a social networking site where you can poke your friends. Please read up on some history and get some perspective
I meant the about section of this page: http://news.ycombinator.com/user?id=Craiggybear Unless you mean simply that you prefer to be "anonymous", in which case you should probably delete your account and stop posting here. A profile is just a boundary drawn around a collection of data. Everything you post online in an unencrypted format can be fed into a sufficiently capable program that can infer that the real offline You made this post. It can base that inference on other data it has access to from other sites you've posted on by noticing similarities in writing style, content, etc. If you don't want boundaries to be drawn around your public output, don't make it public and start using encryption.
But- there is an interesting question in what is an appropriate use of our personal data w.r.t credit ratings, financial decisions, etc... Just like there are anti-discrimination laws that prevent mortgage servicers from altering policies based on race, perhaps there should be other walls to keep separate how our data can be used financially.
This is a question the NY Times should've posed instead of this clearly linkbaity uninteresting headline.