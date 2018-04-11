Mark Zuckerberg Denies Knowledge of Non-Consensual Shadow Profiles Facebook Has Been Building of Non-Users For Years 108
It has been widely reported that Facebook builds profile of people even if they have never signed up for its services. However, in a hearing with the House Energy & Commerce Committee on Wednesday, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it. Here's the exchange: Lujan: Facebook has detailed profiles on people who have never signed up for Facebook, yes or no?
Zuckerberg: Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers].
Lujan: So these are called shadow profiles, is that what they've been referred to by some?
Zuckerberg: Congressman, I'm not, I'm not familiar with that.
Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.
Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?
Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information ... we need to know when someone is repeatedly trying to access our services.
tl;dr: fu mr congressman (Score:1)
Misleading title - he admits data is collected (Score:5, Informative)
He doesn't deny knowledge of it, he says they do! And he just doesn't have the data on hand. Sheesh, what a misleading title.
Everyone knows Shadow Profiles are real, that is how they know all the info they do when you sign up.
He also is clearly not talking about shadow profiles here.
His answers are that they track access by non-logged in users in order to determine whether they are trying to scrape data against TOS.
Shadow Profiles are the alleged profiles Facebook generates algorithmically to fill in the gaps in their network based on extrapolation from information provided by users. Like, they might determine that the same face appears in photos uploaded by several mutual friends some of whom tagged the same name not in any of
He also is clearly not talking about shadow profiles here.
I think the term is "dissembling".
But, really, based on decades and decades of prior examples... he knows doesn't have to walk away smelling like a rose. He can walk away with the committee grumbling loudly, and they're still not going to do anything substantive to protect the hoi-polloi. Congress-critters generally are generally very reluctant to take steps which penalize billionaires to any significant degree.
I myself have never ever signed up for Facebook. I have never wanted it. But, I have several friends that have an account. One photo taken at a Christmas party was tagged with my name even though I have no account. When viewing Facebook from another friend, they get my name on photos from friends we have in common. I know it happens.
I think he denied the vocabulary word "Shadow Profile", which is reasonable to do since the term has no accepted definition in his context. A definition was asserted (which may or may not correlate to common parlance), and he admitted to doing what was asked.
I'm not sure there's anything to see here, except maybe the congressman asked the wrong question or asserted the wrong definition. I'm thinking the latter.
It seems to me that the congressman had a particular narrative he wanted to fit.
"Shadow profiles" sounds scary and mysterious. In a previous big-data job, I used the term "unassociated data" to describe when we had a connected set of records that didn't match any known individual. They still existed as records, and we didn't discard them... but they weren't anything personally identifiable until we stumbled across a record that tied them to known individuals (and when that happened, our term for that connec
Wow (Score:5, Interesting)
"Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers]. "
So, then, you're telling us that you're collecting the data to ensure nobody is collecting that data, is that correct?
Of course. The data is valuable. Facebook wants it, and Facebook doesn't want screen-scrapers to get it.
It makes perfect sense.
Non-consensual Facebooking (Score:5, Insightful)
Re:Non-consensual Facebooking (Score:4, Insightful)
I don't consent to political campaigns calling me up during election season. But there are public records and they've been doing this for decades. That you have some right to not have your public information accessed is some new right that currently does not exist in US legal code. Perhaps congress will write a new law, but until then it's a bit premature to get upset over something that we've tolerated for so long. (or at least spread your outrage out among the many marketing and political firms that have done similar things over the decades)
Re:Non-consensual Facebooking (Score:5, Insightful)
A better comparison would be a third party wiretapping your phone, creating a list of everyone you calling to, then selling such list for profit.
Re: (Score:2)
A better comparison would be a third party wiretapping your phone, creating a list of everyone you calling to, then selling such list for profit.
I think that's not a good example, if they were doing that then hopefully people go to jail.
I think a better comparison is wiretapping all of your friends and associates who all consented to it, and recording their side of the conversation, and interpolating things about you and your actions from the references. Then associating that with publicly available infor
Political campaigns don't get to look at the phone and email contacts of people on their lists. Facebook does precisely that. I must have missed the part about how that is public information.
Re: (Score:2)
I don't consent to political campaigns calling me up during election season. But there are public records and they've been doing this for decades
Actually, we can't use them.
To call or e-mail you, I have to purchase a list of contact data from an appending service. These in turn get them from data warehouses, who get them by purchasing from organizations who directly connect with those persons.
You know that thing where your contract says your information "may be shared with partners" or some such?
You sign up for a service or donate to a charity. Hell, a politician knocks on your door and you sign up for their Web page.
They build a giant datab
You know that thing where your contract says your information "may be shared with partners" or some such?
Yes. I've always declined. And I'm on the do-not-call list. But these campaign guys still find me, and somehow are exempt from most of the rules that private business must adhere to.
We pay 3 cents per successful record append to turn your voter history (purchased from the State for use only in conjunction with a political campaign) and information into contact info. Name and address go in, phone numbers and e-mails come out. Donor information, social networking profiles, and the like might come along with that, too.
Kind of my point. conceptually no difference, even if you use different mechanisms for the processing and scraping of information.
Kind of, but not really. Public information (e.g. FEC donor data) can't be used for leads; we legally have to get a lead, then use public information to correlate. That's why there's this whole Rube Goldberg machine of subscriber list sharing and sale.
The Federal DNC registry doesn't apply to politicians, although I filter my lists anyway (I'll put those folks last, and I'll leave off the non-voting donors if I'm well-funded; voters are frequently happy to talk to someone about their needs anyway). Robo [robokiller.com]
I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?
Wait - doesn't anyone with an html server collect data on the visits to their pages? And facebook is simply a really fancy pile of webpages, from the perspective of an outside user without an account. So: anyone with apache and webalizer now needs people opting in?
Not that I'm a fan of facebook - I've studiously avoided signing up - but datamining your own server logs for web traffic seems a perfectly legit thing to do. You can "opt out" by never clicking on a facebook link, turning off 3rd party cookies
Re:Non-consensual Facebooking (Score:5, Insightful)
You're joking right? You just listed like 5 fairly technical things for a user to do before they can "opt out" of Facebook tracking most of their internet habits. Do you seriously expect everyone to be doing that? Even people that semi embraced tech don't understand how 90% of that works and usually have to have a techie friend or family member inform them/do it for them. So now anyone with a modicum of tech expertise has to be a steward to create a viable opt out option? That doesn't even mention the
Re: (Score:2)
From the exchange:
I think this point is a bit pathetic. If you visit the facebook site, they collect your ip/mac address so they can tell if you are accessing an unreasonably large number of pages, or trying to brute force someone's password. Big deal. Don't visit the facebook site if you don't want that data collected.
On the other hand if it is more than that, like building up a profile of you from third party sites or intentionally building a profile from what other people post about you then that is bad.
Nose Growing (Score:3, Insightful)
Not so sure.
we need to know when someone is repeatedly trying to access our services.
It is trivial to define "trying to access our services" as "visiting any page with a facebook link/like button on it". So you know, like
/.. Or just about any other major website out there.
you can tell zuckerberg is lying (Score:5, Funny)
He doesn't care. I don't even think he's under oath. There are no real consequences to him for lying.
Lips?
more like:
"labial attachments designed to obfuscate mastication devices, which can be retracted to mirror a range of human-like emotions such as levity or agitation."
Trump has him beat by a long shot - with an average of 6 lies per day:
https://www.washingtonpost.com... [washingtonpost.com]
What the hell is wrong with you Trump Haters??? This Facebook story is entirely unrelated to Trump.
You must get an orgasm every time you type his name, you post about him at the drop of a hat or even if someone is not wearing a hat.
You need professional help.
I'm slow, so how does that work? (Score:5, Interesting)
How is collecting data on non-users helpful in preventing reverse searches? It would seem to me that by not having that data non-users are best protected from searches?
Re:I'm slow, so how does that work? (Score:4, Interesting)
Zuckerberg was speaking of data which would be relevant for information security—things like IP addresses and access logs—which of course has absolutely nothing to do with these hypothetical "shadow profiles" Lojan was asking about. A simple case of miscommunication, or a well-executed bit of deflection? You decide.
Re: (Score:3)
How is collecting data on non-users helpful in preventing reverse searches? It would seem to me that by not having that data non-users are best protected from searches?
I think he was saying that somehow collecting data on non FB users prevents the non users themselves from scraping data.
Or something. I'm not sure it was actually English.
Fuckerberg is a lying sack of shit (Score:1)
Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks
Don't be a dumb fuck.
if someone does not have a facebook account (Score:2)
i think facebook should be shut down, all their computer hardware confiscated and run through a shredder and the employees personal computers and other gadgets searched for other people's personal info and if any is found they should be investigated for identity theft
[if someone does not have a facebook account] then how can they opt out from getting their data collected?
By not visiting Facebook. He's talking about website analytics and nothing more.
It's actually greater knowledge than this (Score:3)
Lujan: I don't have a Facebook account. What does your shadow profile of me say?
Zuckerberg: Just a sec...it says you enjoy viewing Natalie Portman on Wikibellybutton.
Lujan: Wtf, I just jer...did that for the first time last night!
I'd love to understand (Score:5, Insightful)
"Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not... "
...how, precisely do I turn off and opt out of FB data collection without signing up for FB?
I'm rather curious.
Re:I'd love to understand (Score:5, Funny)
"Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not... "
...how, precisely do I turn off and opt out of FB data collection without signing up for FB?
I'm rather curious.
It's a simple On/Off setting in your Shadow Profile, but you have to log into FB to change it.
You can find it on the Catch-22 [wikipedia.org] settings page.
Your legal standing changes somewhat when you swear in. At least that's what my attorney, Justin Volk V, advises.
This seems familiar to me. (Score:1)
Cookies (Score:1)
How is this any different than the cookies that any other site uses?
So what ?? (Score:2, Interesting)
What about the privacy rights of attorney / client privilege that were violated by Mueller? How is that not an autocratic takeover of elected government?
What about the people who get kicked off facebook for being Republicans? How is that not newsworthy but this is?
Facebook has done nothing illegal (Score:2, Insightful)
With all the hate suddenly piled up on the company, someone has to point out, that they've done nothing illegal. Not even unethical — certainly, not grossly so.
The information they keep about people was given to them voluntarily — either by users themselves, or by their friends and acquaintances. And what they now know, they are free to share — sell, give away, publicize, it is up to them.
Contrary to frequent assertions by the weaker-minded, there is no "right to be forgotten".
This whole "
I call BS... (Score:1)
How could Fuckerberg not have known data was being collected about non-FB users???
I am not a FB user. Someone tagged me in some photos of me that my wife posted in her account. Data... Collection... about me... a non-user.
FUCK Facebook! FUCK Fuckerberg! Asshole.
How many data points (Score:2)
"Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head."
This is actually an interesting question, and the answer is probably very complicated. The answer is probably a multi-dimensional vector that the congressman wouldn't understand if Zuckerberg tried to explain it.
And he doesn't make a profit (Score:1)
Riiiiight.
Like he doesn't make a profit in Germany with strict anti-hate laws or all of the EU and Canada with strong privacy rights.
And he doesn't let FB apps track you beyond the site
... or at least did until Firefox and others started disabling his FB app tracking cookies that kept running.
This guy must be a nightmare in a poker game, he lies so much.
Maybe every question sounds like "tell us what we need to know so that we can make your life more difficult." ?
Zuckerberg knew his questioners lacked knowledge (Score:3, Insightful)
Zuckerberg took maximum advantage of the fact that the questions came from people mostly lacking the technical knowledge to judge his responses. For example, when asked if Facebook could track users across devices, he acted as though he didn't know. Is there anyone here who believes that? I wish we could ask him a few questions on Slashdot!
Zuckerberg also said that Facebook doesn't share user data, just uses it to predict which advertisements users are likely to respond to. In that case I'd really like to see what gets sent when someone uses Facebook to sign into a third party website.
he conflates two issues in the last response (Score:1)
" Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information
... we need to know when someone is repeatedly trying to access our services."
Yes anyone can opt out of tracking on the internet, its called running an ad blocker and no script or any other script blocking add-on.
The second part of the reply is simply him admitting that he has no idea what is going on within his own company and has
I don't know what a "shadow profile" is (Score:2)
I'm surprised that the comprehension around here seems to be about on par with the congresscritters.
Re: (Score:2)
That's not it at all. Let's say that 10 different people have you listed as a contact in their phones, and that those 10 people are on Faceplant. Facebook will create a shadow profile for you that connects you to these 10 people. And of those 10 people start sending you text messages? Facebook has that as well.
Wait, so you mean when people give an app full access to their contacts, the developer of that app has full access to their contacts? Shocking. I'm not seeing the troubling part, other than how quick people are to provide full access to apps on their devices. I don't think Facebook really has to connect many dots to suggest contacts, based on the crazy volume of data people provide to them willingly.
Sounds like a great lawsuit (Score:2)
You gave me a FB account, without my knowledge or consent, and added data to it which you then sold to third parties.
Further, the only way to tell FB I want to opt out is create an account, but not the shadow account, even though I don't use FB.
Lawsuit? That's for pikers.
Just catch FB following someone with a security clearance around and selling that info to a Chinese front company.
Snippet (Score:1)
time horizon clusterfu (Score:2)
It's far from obvious to me how he thinks I can do that.
Does he mean I sign up for an account, click some boxes, and then never use the service again?
Or does he image that the HTTP specification has an explicit provision for a header
How does Zukerberg track non-Facebook users (Score:2)
cdn.tinypass.com/
d1z2jf7jlzjs58.cloudfront.net/
dashboard.tinypass.com/
dpm.demdex.net/
geo.yahoo.com/
o.aolcdn.com/
p.typekit.net/
plugin.mediavoice.com/
s.sa.aol.com/
s.yimg.com/
sb.scorecardresearch.com/
stats.wp.com/
use.typekit.net/
www.google-analytics.com/
www.npttech.com/
And these ones that are pinged when you click on a sla
Did he also lie about knowledge of section 230? (Score:2)
Zuckerberg says he is not familiar [grabien.com] with Section 230 (the law that protects ISPs from liability for third-party content.) That would be like the CEO of SmithKline saying he doesnt know anything about pharmaceutical testing rules.
If his lawyers after all this time never briefed him on Section 230, he is either lying, willfully ignorant, or being poorly served by his legal team.
Re:Mental gymnastics (Score:4, Interesting)
How is a non-user different from someone who is neither a user nor a non-user?
Re: (Score:3)
Until you sign up, you are an unwitting, unwilling user.
Until you signed up, you're an unwitting, unwilling MERCHANDISE.
"Mr. Zuckerberg, you're full of shit. I didn't think it was possible for a (purported) person to have a higher bullshit content than Ajit Pai until I heard the drivel that came out of your mouth."
Re: (Score:3)
I believe the word should actually be "either", not "neither", and the answer, of course, is Heisenbergian uncertainty. The wave function does not collapse until observed.
:-)
There are three groups: People who are known to be Facebook users, people who are known to not be Facebook users, and people who might be either one. In the first group, you know their account info, so you know who they are, and you know that they have Face
No, no, you have that backwards. Facebook uses everyone. Everyone does not use Facebook.
There is such a thing as a shadow profile. It is a shame that Zuckerberg denies its existence.
I resisted to create a Facebook account, but five years ago I did it. Many people had sent me invitations, and it looks like that with the information other users provided, Facebook correctly guessed many things about me. It did not asked my my home town: it asked me to confirm their guess. Same for high school, university, occupation, place of w
Re:Mental gymnastics (Score:5, Informative)
Re: (Score:3)
The apps running on your devices can access the MAC address and transmit the info over IP. Wireless access point know your MAC too, etc...
Re: (Score:1)
They're not supposed to do that!
I guess that phrase pretty much sums up the reason for this Congress hearing's existence
:)
Badly configured IPv6 (Score:2)
It might happen with badly configured IPv6.
Among other, IPv6 addresses can be created by adding a suffix derived from you MAC address to the prefix advertised by your router.
Of course, there are privacy extensions, which generate addresses by adding random nonsensical suffices to the prefix, and a well configured IPv6 stack should generate several of those and prefer them over the MAC-derived one.
(i.e.: your laptop will respond when called by it's MAC-based IPv6 - useful for services, e.g.: SSH - but when c
It might happen with badly configured IPv6.
Well, then, it would seem that "badly configured IPv6" has pretty much been the norm under most OSes, until fairly recently.
I'm not arguing - just pointing out we're not talking about some tiny edge case.
You like to comment on what you have no idea what you are talking about? The shadow profile is based off real data like your phone number and your name and even your purchasing habits.