> after going through our systems, this is an example of the kind of control we think you should have.
No. You didn't 'go through your systems' and you didn't think of this at all. The European GDPR requires you to offer this, at least to EU citizens. Don't pretend that isn't the only reason you even built this feature.
At least acknowledge and respect what FB is doing here. Over the past month, everyone here was up in arms on how FB was collecting their data from 3rd party sites and there is no easy way to opt out or delete it. Now you have a way to do exactly that.
You can't have it both ways. FB is collecting data to target better ads but they are also providing much stronger controls for users to control what data you want to share. FB could've not done this (at least outside Europe) but chose to do it.
As a contrary example, look at Google or Twitter. They also have to follow GDPR guidelines wrt data erasure from 3rd party sites/apps. THey aren't choosing to offer this functionality outside Europe when, at least in the case of Google, they probably more data than Facebook.
So please acknowledge this effort from Facebook rather than staying on your high horse and being cynical about everything.
It would be so much easier to not be cynical if FB did this more than a month prior to the GDPR deadline.
BTW, picking Google as your example was bad - you could download, remove, modify your Google data since ... basically forever, I think; now that option is in "My Account" - "Personal Info & Privacy", but I remember it being there long ago; I actually did a data science course a few years back where the participants downloaded & explored their own personal information, so I'm quite certain this is not a new feature.
Thank you, Facebook, for not restricting this feature you were legally required to implement to only the users you were legally required to offer it to. That sound better?
But only if you had a google account. No deleting your shadow profile User:1239875742, that feature is reserved only for those willing to give us their phone number.
Is there any evidence that Google has a shadow profile for people? I know that it was revealed that Facebook did/does and everyone assumed that Google probably does too but I don't think I've ever seen evidence that this is the case.
Disclosure: I work for Google, but I'm genuinely curious. I've seen no evidence of "shadow profiles" but it is a big company so I couldn't say for sure one way or another.
When they launched Wave there were reports of all kinds of chaos because people were automatically added. I don't remember if this was a case of "oh, you had this contact? We'll add them to your friends automatically." or those people crossed some classification threshold, but there were cases of stalkers and abusive exes being added without permission.
I think the chances that Google had some type of profiling system for non users is well above 80%.
Post-GDPR both companies will be required to. GDPR entitles European citizens to go dynamite fishing by sending companies requests to delete any data that is identifiable as being associated with that citizen.
You have to identify yourself to make the request, but the process should be self healing because they are then required to also delete the PII in your request to delete your PII (unless it's required for regulatory reasons, but this applies more to banks than google or facebook).
And before that we were already entitled to request that data, which FB "respectfully" dragged their heels over when people actually tried to use that right.
It's exactly this setting of low expectations from tech companies that work with billions of user's data that has taken us to where we are.
A majority of Facebook user's aren't'techies'. It was Facebook's responsibility to make such features available/easy to access in the first place. It shouldn't have to be a legal requirement. Google/Twitter doing or not doing it doesn't have anything to do with it.
But now they are offering this delete feature. What do you want them to do? Shut down the company because of the mistakes they committed in the past?
Also, Google and Twitter are relevant here since they are collecting 3rd party data and not offering this delete functionality. But no one is taking that up. Sometimes I wonder if this is really about privacy or just about Facebook.
> But now they are offering this delete feature. What do you want them to do? Shut down the company because of the mistakes they committed in the past?
This is indeed what happens to companies that cannot comply with the law because of mistakes committed in the past, yes.
> Over the past month, everyone here was up in arms on how FB was collecting their data from 3rd party sites and there is no easy way to opt out or delete it. Now you have a way to do exactly that.
You mean collecting data FOR third parties for profit and the impact of these tactics of misinformation had real impacts. There is not much to "respect" Facebook for given what (little) we know now.
You're conflating healthy skepticism with being cynical.
>So please acknowledge this effort from Facebook rather than staying on your high horse and being cynical about everything.
Please acknowledge FB fundamentally doesn't operate with our best interests in mind and this is why the default attitude to the company should be one of being skeptical and cautious.
You can defend however you want. The original comment was a snark and the way it was written clearly showered cynicism when I read it.
>Please acknowledge FB fundamentally doesn't operate with our best interests in mind and this is why the default attitude to the company should be one of being skeptical and cautious.
No I will not acknowledge this. Personally, I like that FB ads are well targeted, that I am able to discover new content, and also the fact that I am able to keep in touch with a number of my friends (who otherwise I wouldn't have) because of it. This is your opinion and you are totally entitled to it.
> No I will not acknowledge this. Personally, I like that FB ads are well targeted
That's cute but as far as I can tell from your comment history, you don't even live in the EU, you don't get to speak for us (I only looked because I didn't want to assume). The laws in the USA must be just to your liking, because for at least the past month, you seem to have been doing nothing but arguing for data collection overreach and against privacy, while simultaneously playing the "what about Google/Twitter/FB/the other one" card.
A terrorist takes a hostage, and a cop asks the terrorist not to kill the hostage and allows the terrorist to keep causing terror insofar as it doesn't involve killing hostages, and the terrorist doesn't kill the hostage, and the hostage is grateful with the terrorist for not having killed him even when he is kept hostage.
This effort doesn't need to be acknowledged, just like it doesn't need to be acknowledged if you stop for a red light. It's something you should do, nothing more.
How do you know? Did you see the source code? For all I know they can clear it in user-facing UX only but keep it secretly on servers in international waters or wherever and use it batch-wise to compute stuff about you, including sharing it with 3rd parties you wouldn't want to be ever involved with. Those 3rd parties then can use FB Cayman Islands or a similar branch to get dirty data. Do you think all those intelligence and society-engineering think tanks would be happy losing their main source of data and won't try to find a way to continue doing it?
Oh yeah, like if what we learned in the past 6 years about what was going on wasn't sufficient to beat our wildest fears... If something could be done, it is being done by somebody already.
> FB could've not done this (at least outside Europe) but chose to do it.
Could they, really ? Would it have made a difference ? You can just log in, change your location to a European country and then delete everything.
> As a contrary example, look at Google or Twitter. They also have to follow GDPR guidelines wrt data erasure from 3rd party sites/apps. THey aren't choosing to offer this functionality outside Europe when, at least in the case of Google, they probably more data than Facebook.
Again, change your location and just delete it anyway. Do you expect them to ask for proof of residence ?
Possibly. They’ve asked people for images of their IDs before, supposedly to prove they are not using a pseudonym. I wouldn’t be surprised if they asked you to confirm your location for something drastic and not-desired-by-fb such as account and data deletion.
They will not ask for location like that, because it wouldn't make a difference - EU citizens in a non-EU part of the world still have the rights outlined in the GDPR.
Clarification beforehand: I'm not mad at you, I'm mad at Facebook.
Why the hell do I need to respect Facebook? What respectful thing have they done? You say it as if they have some kind of right to be respected for having to be dragged into following the EU rules on privacy.
Do you remember how much shit they pulled when people tried to use the EU rights we already had before the GDPR? You know the thing where you ask a business for a full report on all the personal data they have on you?
FB was dragging its heels in the sand over that, because ooohh it was too impractical because they had too much fucking data. Well guess what, having way too much data on their user profiles is on them. That is exactly why those laws exist, to deter corporations from collecting ridiculous amounts of data they can't fully inform their users about. Those rules existed already when they started collecting the data and they did it regardless of knowing that they could never comply to the law. Tried to make a big sad show about it when someone called them on it: "look at these gigantic stacks of dead tree paper, are we supposed to mail them to anyone who just requests them?", no you fucks, you should've never let those stacks grow this huge in the first place.
For years, they've knowingly gone way WAY too far in collecting private data from Europeans, and now they're getting burned for that. People, also here on HN, have been pointing out years ago already that existing EU regulations about privacy, let alone these regulations that have been looming on the horizon, when these regulations will be enacted they are going to hurt like hell for FB.
Unlike human rights to life and freedom etc, there's no corporate right to exist as a business.
They could have prepared by taking a good look at themselves, realizing they were collecting way too much data to ever comply to the spirit of the EU regulations, which was pretty damn clearly past any sort of reasonable. But they did nothing to limit the amount of data they were collecting, instead they amped it up! They took that gamble, keep doing what we're doing and hope we'll get away with it. And isn't it crazy how in a functioning regulatory system, when corporations keep sidestepping it, we tend to update the letter of the law to reflect the spirit of it? Sucks for FB, but they already chose the non-respectable route quite a few years ago.
FB did nothing except try to push back when called on it, instead of respectfully listening. Only now, with the GDPR and the fire to their heels, you see them trying all the wrong things. They don't get points for trying any more. They could have, had they tried when the warnings were just warnings. But when the warnings turn law, you're gonna get burned. They should be burning their data centres.
There's no "damned if you do, damned if you don't", there's only a "damned if you keep the data around that prohibits you from following the law".
And now they're forced to play by the rules. Barely. They don't get any respect for that, they get a "well at least you seem to play by the rules NOW" for that. Respect is earned by acting upon that spirit for years, not by grudgingly doing it once.
Even in the linked article, Zuckerberg admits himself, he only learned to listen last week when he was dragged to testify to congress. "Respectfully", that's way too late and FB deserves to go the way of MySpace over that.
There's also some stipulations in the GDPR about having to provide clearly worded language about how they use your data. Except the language I've seen so far is very passive aggressive and emotionally manipulative as hell. It's partially a cultural thing, American customers don't seem to mind being talked down to by businesses (unless you tip them?). And you still have to translate Termsofserviceolese to human language to make any sense of it (even then, I still don't understand all of their wording).
This is on them. They're trying to defend the indefensible. Just asking the users "do you want us to sell your data to advertisers? (click here to read more) YES/NO", nobody needs to read more, and everyone who does, still clicks NO.
They're also supposed to provide clear and easy-to-use controls to control how your private data is used. Except they CAN'T provide these because they've been collecting WAY too much data on you all to EVER be able to provide a clear interface for a single person to manage it. Fact is, the controls are NOT easy to use. They just aren't. Because it's too much channels, data and ways it is sold to whoever. Again this is a hard, near-impossible problem they brought down on themselves. They're not too big to fail.
About the manipulative language I mentioned above; I don't have a FB account myself but I read along with my girlfriends' pop up dialog about "new ways to choose about what data we collect or something", that everybody gets. I simply can't respect any corporation that thinks it can talk down to me like that. The way that piece of garbage was worded was disrespectful as fuck. You know how they tried to guilt-trip her into not disabling face detection?
Repeating, several times, that if she disabled it, it was her fault if blind people couldn't use FB because they wouldn't know about photos she appears in but wasn't tagged in. I gotta give it to Facebook, that is a most creative way to put a positive spin on the word "panopticon".
The other reasoning was threatening her that people would use her photos and likeness to impersonate her if she dared to disable face recognition. Again, repeated multiple times throughout the dialog. Fuck you, Facebook.
I'll respect FB when I hear from my girlfriend that she got a similarly threatening dialog warning her about privacy implications and advising to try to use this Clear History at least once, nagging a few times perhaps. Just to say "we may be passive aggressive emotionally manipulative dicks in our communication, but at least we're respectfully balanced about it". But I don't think regular users are going to get a dialog presenting the existence of this feature at all.
And in the linked article, Zuckerberg warns you that if you clear your "FB history" they will make FB experience worse. They don't have to, but he makes it sounds like they do. The comparison to browser cookies is disgustingly disingenuous: People disable browser cookies mainly because they allow bad actors to do bad things, and have to weigh this against good websites using the same technology for benign purposes. But in this case, there is only ONE actor, Facebook, and it's doing both things. It's not like there's a "bad Facebook" that Zuckerberg can't control (well, unless there is, in which case we definitely should shut the whole thing down).
"But after going through our systems, this is an example of the kind of control we think you should have. It's something privacy advocates have been asking for -- and we will work with them to make sure we get it right."
He does admit it's been asked for in the next sentence.
FB isn’t doing this because people are asking nicely, but because it’s about to become a legal requirement subject to heavy fines if ignored. It’s not like they have a choice here.
Or are you saying the timing is purely coincidental ?
It's something privacy advocates have been asking for, for years, and Facebook have been completely ignoring them. Generally they have responded with the exact opposite of what privacy advocates would wish.
Right. If FB really cared about another thing that privacy advocates asked for for several years, it wouldn't still stick to its harmful "authentic names" policy that affects vulnerable people more. This is just FB doing something because it has to, and is trying to use it to prop up its reputation a bit.
I can imagine this spectacularly backfiring... "Facebook tracked all those sites I visited?!?" (What was the joke about porn videos having "Like" buttons?).
> Zuckerberg also cautioned users against clearing cookies in their browser, saying “it can make parts of your experience worse”, and adding, “Your Facebook won’t be as good while it relearns your preferences.”
I wonder why he's so afraid of people clearing his tracking pixels.
Somewhat relevant: A friend took my phone (playfully) and posted this as a status on my profile a while ago. I left it up because I found it funny. Now that it's easier to delete I may actually just do that.
You mean soft delete. I'll eat a sock if FB really deletes all of your history. Another one if they make that the default and you only get the other treatment after opting in.
You try deleting data from a busy Cassandra node. The tombstones, the tombstones!!!
(More than just Cassandra tho, many databases don't actually "delete", at least not immediately. They "mark for deletion", and may or may not _actually ever delete_ anything.)
The later case is different than simply updating the DeletedAt column.
The database not actually deleting is still the application properly deleting it. If the DB eventually carries that out or not is a lesser concern to me, tbh.
The concern here is that facebook doesn't actually tombstone their entries or doesn't even have their DB mark it deleted.
Not true. You have the right to retain backups and logs etc. as long as they serve their purpose to secure your service for accidental loss of data or other security purposes and they are properly stored and secured.
What if hacker deletes your Facebook account? Under GDPR Facebook has actually obligation to keep your data safe from this scenario. Which means they have to keep logs to investigate what happened and also be able to restore your data.
You should delete backups after certain amount of time and state your policy to users.
Only if you keep them a reasonable time and the backups will gradually be purged.
You can't keep indefinite backups and comply with GDPR.
So if your 5 year old backup, which has no purpose at all, gets stolen, expect a whopping fine for being an idiot. Or your web logs get stolen and it turns out you keep them 2 years, don't expect favourable treatment as that's totally unnecessary data retention.
The backups that you can retain are hard to justify further back than about a year (if you even manage to do that), and if you ever use them you have to make sure the data that was deleted because of a request before is not in there again.
No, GDPR requires you to delete all the data corresponding to a user within 30 days after the said user requests deletion of account. That includes backups and logs.
Why do we even use the word "delete" in this forum? We know that (so far) it is NOT deleting anything. It only means "hide from view". Facebook will not forget and will not forgive. Some 10-hour-question-avoiding in front of a committee (irrespective of importance) will not change FB's business model (aka money-maker) overnight.
They'll just delete your user ID field for whatever you posted - so it won't be associated with you any longer, at least on their systems, but they will keep the content for analysis.
That won't work. They also cannot retain data that could be aggregated to identify you as a person. Anonymising by removing an ID is not actually doing that, it's just theater. The GDPR has provisions for that. Bottom line is: if you start fudging things or working around it, you're going to get fined.
If that's true then (1) they're lying and (2) that's not covering it because just a few website visits later they could re-associate your old data with your 'clean' profile because it doesn't take all that many bits to de-anonymize a chunk of data.
He says: " … you'll be able to clear this information from your account. You'll even be able to turn off having this information stored with your account."
"your account".
What do you reckon is the chance of them removing this from their ad targeting data set "account"??? They're just going to give you a tool that shows some of it to you, then hides it from you when you click the [fuck me over more] button (and they'll record _that_ interaction too, and sell you to the "tinfoil" and "headwear" segments.
Sadly there is no way to issue an FOIA request to a private company. Possibly only route would be, clear data, notice contain tracking, due for disclosure. Probably the best route for moving forward.
Unless FB seizes to have offices in the EU and stops having an HQ in the EU and also stops doing monitoring of people in the EU and also stops any regular service for people in the EU, the GDPR has teeth and people in the EU can ask facebook to send them all data they have, then ask them to delete it and revoke any future permission to process their data.
Since the GDPR covers people in the EU that means if you're in the US you can take a vacation to Italy or France or Germany and then pull that stunt on Facebook. (technically)
He is not afraid of it, any statement he gives along the lines of "Clear your cookies" would be politically damning. An overly dramatic headline could be - 'Zuck, head of evil tracking empire that sells your data, tells everyone that they should clear their cookies which implies tracking is bad'.
Political farce aside, he does have a point, cookies are fundamentally tokens of persistence. Persistent cookies let you configure the websites without creating accounts and stay logged in on the websites you do have accounts on. Loosing that is inconvenient which means it will make parts of the experience worse.
> "Your Facebook won’t be as good while it relearns your preferences"
Believe me, "my Facebook" isn't very good with the feed with five years worth of tracking... At least I can have my crappy feed with more of a peace of mind, that's a net win, right?
There was an IH podcast where the person being interviewed talked about getting the Facebook pixel up on your landing page as soon as possible.
The idea was that you would have access via Facebook to all the potentially interested people that dropped off because your landing page or product were not yet ready for launch.
From Facebook's perspective, this is data that is valuable to potential customers that want to buy ad space.
> I wonder why he's so afraid of people clearing his tracking pixels.
I know, Poe's Law, etc. etc., but I'm truly surprised at the amount of comments missing the dripping sarcasm from this last line of the post. Especially since the adjective "tracking" was used to describe the pixels. I will say that English is my native language though and HN is a diverse group.
>I wonder why he's so afraid of people clearing his tracking pixels
Are you being sarcastic? I can think of several reasons Zuck wouldn't want people clearing their cookies. The primary one being the loss (even though temporary) of data resolution for targeting ads.
Somehow I don't think they would do this without their architecture being based on a pre-existing lower-resolution backup layer to maintain information and support. It's not like the model needs every piece of information coming out of Facebook users - they only need the important stuff and could conceivably delete unnecessary information and not lose anything. Given the massive redundancy coming out of thousands or millions of similar people, the global patterns won't change when some subset of users deletes their information. Even local patterns should be filled in by a fresh influx of data fairly quickly.
The unique views problem is interesting from a marketing perspective though. I doubt it will change much but for larger companies it might require adjustment.
Also interesting that they are allowing a theoretical cap on the information they collect. I imagine they'll be moving more into services to avoid future data privacy issues. That means B2B too, FYI...
I wonder why he's so afraid of people clearing his tracking pixels.
Because that would be the end of a gigantic portion of Facebook ad revenue - which should scare users (if they like Facebook) as well. Without the pixel, Facebook ads will be the joke they were when they were first introduced - hardly effective and a money losing proposition for advertisers. A few big brand advertisers that don’t care about ROI might stick around, but everyone else will leave.
Facebook still has a complete image of the things you like, your social graph, intimate details about your marital status, mobility history, personal messaging and so on.
They can still build profiles orders of magnitude more relevant than, say, Google. The web tracking is just an optimization to get the types of data Google has, too.
Most of their advertisers use the pixel to retarget people.
These are by far the most profitable ads for advertisers, and often play a part in a sales funnel in which advertisers may lose money on initial traffic acquisition but make it up and then some through retargeting. Without the pixel, I don't care how many pages as I have "liked," how well they know where I've been, or how many data scientists they hire, they'll never be able to extrapolate that I was considering buying a specific brand of coffee maker at a specific site recently and be able to show me an ad for it.
Retargeting is not just an optimization. For many advertisers, it's the saving grace of the Facebook ads system that produced absurdly poor results before it was introduced. Facebook ads were the brunt of jokes back then, and it will return to that status if too many people use this feature.
Or that they'll tell the whole truth. The data download option that is supposed to contain your personal profile they store doesn't include searches you've made on Facebook, nor Facebook pages that you've visited but didn't like. I know it was being saved because I'm always being suggested friends based on past searches but I didn't see any of those names in the downloaded report.
I hate how Facebook announces that they're going to release a privacy feature before they actually have.
It's like they're trying to trick the press into covering it before anyone can actually test it -- while reducing the actual amount of coverage it gets when it's finally available to real users.
It's frustrating to distracted readers too. I read the headline and logged into FB on the spot, for the first time in years, with the intent to flush all of that data. But no amount of searching allowed me to locate the button.
>It's like they're trying to trick the press into covering it before anyone can actually test it
Yep, when big guys like the NSA claimed to delete all data collected without releasing any details, I'm sure at best they drag and drop a few files into Recycle_Bin.
> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.
Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Instead of designing facebook features so that they can enjoyed while preserving privacy, Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.
> Sounds like they designed this feature explicitly to show people why they need to provide facebook data. Facebook is making moves to explicitly show how on Facebook privacy is at odds with utilitarianism of their product.
In all seriousness, how is that possible any other way? Take the example he gives about log in. If you want a website to automatically know who you are without logging in, please let me know how that is possible without automatically sending identifying information to the website.
Yes, to offer that functionality it would need a cookie. No, the website doesn't need to correlate that login and all activity related to it to everything else you ever did on the internet to build up a profile about you. It is technically feasible (even easier) to offer the first ("remember me on this one site") without doing the second ("track me across all sites").
Well, technically it's all the same, it's a request to FB servers with an user id and token. Decoupling that relies entirely on Facebook's internal policy. Since they are a public company now, not using that dsta is leaving money on the table.
There's not logging in automatically, and then there's using other data they have about you (however limited) to still provide a good experience. The parent comment is clearly talking about the latter (creating experiences that are equally good for privacy minded and open book people) while you're focused on a small feature that isn't really relevant to the bigger picture.
Yea!? How the hell can a website provide easy automatic login without storing your last 10 years of browsing history , every personal covertion you ever had and reselling that information to third parties that use it to track you political affiliations so they can manipulate you during elections!!?!?!! Do these people even know how cookies work? /s
Privacy and usability are not orthogonal, though Facebook will definitely go leaps and bounds beyond themselves to try to convince the public that it is so.
You're conflating the analogy with what the analogy was about. They didn't say that ten years of browser history was needed for automatic login.
Privacy and usability actually are orthogonal, as the cookie and login issue shows. You will see this again and again in almost every service. People can't offer loans without knowing credit history. Games can't do balanced matchmaking systems without learning about your level of skill. A website can't send you emails unless you give them your email. I could go on, but I think you are upset enough with Facebook that you won't get the point.
Sorry to be "that guy", but just responding because I was confused by your post and the parent's post, because you are both using "orthogonal" to mean the opposite of what it actually means. If two things are orthogonal, it means they are independent of each other, i.e. changing one has no effect on the other.
Yes, it would make a difference there. My question is in regards to the top-level comment, will people notice the difference?
For example: If my mother "cleared her history", I really doubt she would notice the worse quality of Facebook and regret deleting her data, as the top-level comment implied. So my point is it's not a move to show how effective the algorithms are, but a privacy-conscious one from Facebook.
I think the intent there would be that you can't intentionally degrade unrelated parts of the service. For example, if Facebook disabled your ability to view or upload photos because you wouldn't consent to sharing your location.
It would be unreasonable of anyone to expect to see location-based content if they'd opted out of location sharing.
Actually, I can. If you’ve given me your email for some business reason, and for me to conduct that business I need to email you, I can email you. Even if you didn’t explicitly give consent.
What I can’t do is email you marketing newsletters the times a week for the next decade, or sell your email address to ‘specially selected trusted partners’.
Do you know which parts of GDPR specify the concrete limits on things like this? Or is it more a “I’ll know it when I see it” kind of fuzzy boundary for what’s allowed? Would be helpful to know!
The GDPR isn't about concrete limits, but concrete permissions. A lot of people have been struggling to make sense of this, because it totally inverts how we currently think about personal data.
The collection, storage and processing of personal data is presumed to be unlawful by default, unless it is for a specific, explicit and legitimate purpose. These core principles are set out in Article 5 and they are well worth reading and reflecting on.
Did the user give you explicit and informed consent for a specific use a specific piece of data? Is your use of data absolutely essential to fulfil your contractual obligations to that user? Are you required by law to collect and store that data? Is your use of data essential to preserve human life? If you can't confidently say yes to at least one of those questions, then you're probably in breach.
"You must balance your interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests."
My, perhaps unfair, impression of GDPR is that it has very little concrete and specific rules, and a whole lot of "you'll know when the court delivers the verdict".
My impression is that GDPR is actually pretty clear, but people involved in PI processing business have a strong cognitive dissonance about it. It's GDPR telling them "don't do that", vs. them thinking "I must do that, so GDPR is unclear on how can I do that".
GDPR is very specific. You must have written policies describing what you do with data, what you do if there’s a breach, how people can find out what data you hold, how people can have their data deleted. And you must have consent to contact someone unsolicited. If you don’t have consent you must have legitimate interest. Legitimate interest includes the words “reasonably expect” but that’s pretty standard for laws.
As you say, the boundaries are fuzzy. The more data (especially sensitive data) that you collect and process, the tighter you need to make your boundaries.
Most of the advice I've received is to focus on documenting what data you hold, and what you're doing with it. Just by doing that, you'll probably improve your processes. If you did have any problems with the ICO, those documents will go a long way to showing that you took GDPR seriously.
To be even more precise, you can refer to Article 6, section f) about Legitimate interests.
If you conduct business with an individual, most of time, your legal basis will be the Legitimate interests of both parties, you should only rely on consent for non-necessary part/service (like subscribing to a newsletter, or sharing information for improving the service).
You can check whether it not it does if you're interested - it's been published. I can't be bothered to check but I'd be very surprised if they tried to dictate functionality.
I don't know how this could be universally possible. If you don't consent to providing data that is key to enabling features of the experience, how could that experience be provided?
> Your Facebook won't be as good while it relearns your preferences.
This is an excellent feature. I replaced Facebook time with Twitter time a while back and found it even more addicting (because the talent pool is much better and more real-time, and there's an extra sunk-cost fallacy going on with the amount of work required to find good content).
But even more recently, I've been purposefully logging out of Twitter a lot more (and have replaced that with YouTube). Logging back into Twitter now, I see that the "content" there feels less relevant and more boring. This is great for productivity. I just gotta curb the YouTube now - at least with that I can just shunt everything to "Watch Later".
If people use it en-masse, probably negatively, but most likely they're betting few people will use it, just like how few people (almost no one I know) 100% go through with account deletion. The reality is there is no compromise for privacy. They build tools that help you either lose all value from facebook and retain your privacy, or relinquish your privacy to continue using facebook. It's not so much privacy forward tooling as it is a constant reminder they have a gun to your head.
Well, GDPR makes forces them to make the tracking features opt in, so they have to collectively convince EU users to turn on the tracking as opposed to hoping the people won't disable it.
They do this through a few devious practices, such as the spin doctoring discussed here. One other thing that they do is instead of the option being a check box, it is a selection between two radio buttons and you explicitly have to choose one of them. I suppose this is actually a violation of the GDPR, since it should be disabled by default.
You don't lose value from facebook at all by not opting in. "Show ads that are relevant to me," is an arrogant statement. The actual statement is "Track my browsing to show ads that Facebook believes are relevant to me." I don't use Facebook for the targeted ads, I use it to infrequently receive news about people I know spread out across the globe.
What difference does it make? They wouldn't lower their rates and a zillion people are still on FB so advertisers are going to buy the slots regardless. "Ad targeting" is not something that people outside of the niche of advertising economics care about.
Well, I understand that Facebook will try to extract as much value from advertisers as possible as well, testing the price they're willing to pay based on the conversions that advertiser hopefully are tracking accurately.
I more was curious of whether the history cleared with Clear History are primary markers for ad targeting or if other data is used, and in reality if enough users don't clear their data but have similar data fingerprints (the non-Clear History data) then Facebook could still present assumptions to target by for those who do clear their history regularly, e.g. it will be a moot point up until say 40% of people regularly are clearing their history and therefore can no longer accurately enough make those assumptions.
wonder if and how this impacts their ad targeting abilities?
Not at all, the NN that does ad targeting has already been trained on the data. Deleting it will make no difference (assuming you believe they actually will delete it)
How about a way to delete past activity? The fact that there's no option for "delete all my old posts, comments, likes, and photos" is infuriating. I don't need a record of my inane crap from high school on the same platform as work friends.
I took the time to delete everything manually. I thought it was all gone. Then some stuff started to appear. I have no way of knowing whether I pressed delete on this stuff or whether it didn't appear at the time, but the point is that deleting all your stuff by pressing the delete button and viewing a seemingly blank profile does not mean your stuff is actually all gone. Next step - deleting profile entirely.
Oh, here's the fun part: you can only delete what you can see. If you posted something on a user's profile who disabled their account, you can't delete it until they enable their account again.
So even if you delete everything you see, if an old friend who disabled their account re-enables it, there's a fresh batch of content about you.
Like dleslie said, speculating obviously. However since this is about compliance with EU law, actually location has nothing to do with it. It's about being a EU citizen.
If Facebook refuses to do the deleting thing for an (actual) EU citizen because they claim their location tracking shows they aren't located within the EU, they are going to have a problem.
If, however, the EU citizen selects in their profile that they live in the US, and then FB refuses to delete their data, the courts are probably going to look favourably on them, cause the user explicitly said so.
Since FB most definitely is absolutely, unforgivably, NOT allowed to request or handle the nationality data in EU passports, for purposes of being a EU citizen, they're pretty much going to have to rely that you're whatever nationality you say that you are.
Did they re-appear after you had remembered deleting them, or were they just not fetched when you looked the first time? I think Cassandra might be to blame where it returned a bunch of wall posts but not all of them when you looked back in history the first time.
This too! I've seen in happen as well in my quest to delete a couple years ago.
The UX is useless by design to make it really hard to bulk delete, the backend is shitty and you can't see your content on friend's walls that disabled their account.
It is bad to the point that you wonder if it is on purpose. My guess is that it is. "Shitty product" as a deterrent to deletion.
Try building a scalable database to billions of users on ad revenue and make it retrieve all data from years ago within the time constraints that users want to see newsfeed items in, you'll see ;)
I must have deleted over 10k things, so there's no chance of remembering whether they were on the list of things I deleted or simply didn't appear.
I mostly used the Activity Log (button at the top of your profile page) to do the deletion. There are filters there so you can see the different types of interactions. Removing them is different, e.g. Delete vs Unlike.
During the process, I did notice things appearing which had previously not appeared, so that definitely does happen. I kept going back to see if there was new stuff to delete. The whole process took me about 3 months.
The plot twist is that this all happened over 6 months ago. My profile has been empty the whole time, until sometime within the past couple of weeks, where posts have started to re-appear.
Last year I ran a script to do just this. It didn't get everything, but I eventually gave up. I recently tried Social Book Post Manager to accomplish the same thing.
While it did a better job, despite my activity feed being clear, I'm still seeing a lot of posts.
The rub is that I can delete posts that show up from 2008, but that same post will show up on refresh.
Looks like I'm moving to Europe for a day in a few months.
I think about this and I wonder if they don't add it because no internal team wants to take the responsibility of adding that feature. Imagine, FB source code is >10 year old code base, could there be a delete cascading effect somewhere? You mention posts, comments, likes and photos, what about game activity? Or notes? I think that's what were called. What is all your past information? Who defines what "all" past information is? What about Farmville game activity?
I'm not defending Facebook machiavellian tactics but knowing that no code base is perfect and also that even FB is understaffed, I will give them the benefit of the doubt.
I think that's one reason people stopped using LiveJournal/Blogger and other platforms back in the early 2000s. I had countless friends delete or restrict those accounts because there was too much up there; too personal. All modern social media platforms encourage constant posting to quickly bury anything embarrassing.
It's a weird change in dynamic when you think about it, because people were too afraid of the "real" so to say. I wrote a post about this years ago. I'm not sure if I entirely still stand behind it, but I'll leave it here anyway:
Delete your Facebook account, wait 30 days (to get out of the 21 day take-backsie period), and create a new account. All content you’ve created will disappear.
The photos your friends uploaded of you from your college days will still be there, but you will be untagged and can turn on tag approvals.
I did this in December 2016…to this day all email addresses that were tied to that account are banned from FB. I recently created a new FB account using a totally virgin email address and FB locked the account once I started friending my "former" network. They do offer to unlock my account(s) if I upload photos of two government documents, which I decline to do.
This sucks for everyone, but I understand why Facebook did that.
A very real threat against users who delete their accounts is that a scammer will re-create the account, and re-friend your former network, in order to defraud your friends. The account uses your name and photos and is under their control.
FB can't tell the difference between you and an impersonator.
Now, how they even have the data to conclude that you're "impersonating" your deleted self is a fascinating question. Shadow profiles? And yet if FB didn't do anything about this, it would be even worse for people who leave Facebook.
The regulations for handling that kind of data are even more stringent in the EU. Which is a good thing btw. I have no compassion for Facebook, they burned themselves over this years ago, the damage has been done, and there's not much more they can do in my eyes.
Curious if this deleting all old posts is related to everything you published - including publicly - or only private posts?
Likewise, if people were friends/connections on Facebook when you posted something to them, would you care if they were findable by them (they presumably could save a record of everything their friends published privately), and new friends/connections are prevented from seeing that past content?
I agree there's value in separating what people in new chapters of your life see vs. the old chapters in your life where you weren't as evolved or nuanced (potentially known as inane crap). Just trying to get an understanding of nuances if you're willing to share your take.
I don't mind too much if some link from a decade ago is no longer findable by someone I posted it to. That's what email is for. Activity records on a shared platform should be batch purgeable.
So there's a difference still from email vs. posting on Facebook - email which is usually 1-to-1 with explicit intent because you are typing in the email of each person receiving it vs. a Facebook post set as private ("Only to friends"), going to a pre-set group of friends in (unless you select to show it as Public). Do you feel there's a difference if old Facebook posts sent to "Only my friends" should still be readable by that pre-set group of friends vs. having the same ability with email?
I wouldn't be satisfied, and I think that's already available. My Facebook posts are my posts, while emails I send you are yours. In my mind, it's very much like the difference between putting up signs in my yard vs. sending letters.
I get that the legal issues are different, and that there's no requirement that Facebook provide this functionality, but they already provide some limited control via deleting accounts and individual posts, so I dont think it's unreasonable to expect.
I get what you're saying. It's interesting that there's a different mindset since they're relatively the same, perhaps the explicit nature of action of inputting an email address is the important piece. Of course Facebook also has options for "Friends of friends" to be able to view posts, and likewise any of those friends (or people you send an email to) can forward the email or a post - or even make it public in part or whole; that explicit action of taking the effort to define who you're sending it to also likely makes receiving the message/post more valuable to the reader. The ability to CC and BCC in email also has some unwritten rules as to the intent of if you're attached as a recipient of either - ability to dictate to show others "you're the main person I'm sending this to", "see who else I've sent this to", "I want you to see this but the others don't need to know that."
It's a negotiable fuzzy boundary. How would feel if your friends made private copies of posts you shared with them? ("Took a photo of your yard sign").
How would you feel if Facebook provided them a tool to help with that?
How would you feel if Facebook did that automatically as a courtesy to them?
This is a pretty difficult problem to solve. Facebook would need to delete your data from production databases, database backups that were made while you had an account, caches and CDNs, etc. But even if they managed to delete the data in every possible place they could find it, a third party might have made copies of your data via Facebook's APIs some time in the past, and they might still have it.
So, even if Facebook offered such a feature, I wouldn't have much faith that it actually worked.
I'm not making a moral point about blame and culpability here. I'm making the practical point that it's impossible to delete all of the data if nobody knows who has it.
Yeah it's really going to suck for FB (boo hoo), they just can't win. It's years past due. The warnings have been on the horizon and they've only amped up their data collection to the point it's become even more unmanageable than it already was.
They have to do this anyways when you choose to delete their account. And according to Zuckerberg's testimony, he is very confident that this functionality works very well currently.
It's a fundamentally important problem to solve. If to get rid of my old and no longer wanted public activity record I have to sit for hours upon hours manually deleting stuff, I'm going to be much more judicious in how I post in the future.
Also, it's Facebook. They can figure it out, they just don't want to.
I'm not really sure what people want from Facebook at this point - it's clear that Zuckerberg is genuinely trying to respond to critical feedback, but there's no pleasing anyone apparently.
People want Facebook to stop following people, especially those signed out or without an account to begin with, around the internet in a creepy way. How hard can it be really? Is it too much to ask that some company I don't have business with doesn't spy on my web surfing habits?
The announcement also reads to me as if the "clearing" doesn't even do what people may expect it to do:
> Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account.
This sounds to me as if they still keep the information and just don't associate it with your account anymore.
Their hands were forced by law, which is why they implemented this. The law itself was created because of Facebook Actions (being one of the main reasons).
You are making it sound like he is doing it because of the goodness of his heart, or to please his user. He literally didn't have any choice.
If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
Most people likely don’t remember this, but Facebook ads were a joke among the marketing community when they were first introduced. I’d have to find it, but one study produced before the Facebook pixel was introduced showed that less than 6% of Facebook advertisers had any kind of ROI from their Facebook ad spend. The pixel is one of a handful of things they created that turned this around - all of a sudden, people saw ads for things they were already interested in. If the pixel is effectively gone, much of Facebook’s revenue will go with it.
The recent upheaval over privacy didn’t make me worry about Facebook’s future or the stock price. Revenue was still coming in, and as Eric Schmidt says, “revenue solves all known problems” [1]. But this marks the beginning of Facebook’s end as a cash cow. What does a post-revenue Facebook look like?
Which is why I used the caveat “if a significant percentage of users” do this. If not then fine, but if they do, I don’t think it’s an exaggeration to say that we can all say goodbye to Facebook. That’s how big of a problem this would cause.
They apparently announced that they’re getting into online dating today. Maybe the plan is to knowingly decimate the ad platform and charge for dating at some point. They’ll have massive layoffs and have to sell datacenters, but could at least keep the lights on for a few remaining employees managing the dating service.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
They'll make the "Clear History" feature a multi step process that's tucked away in a configurations pane, miles away from what the common user will seek out and use on a regular basis.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
I don't think it would have a significant negative impact on Facebook at all. I see the value of ad networks as primarily resulting from two features: Having a large audience (network), and knowing the audience well (targeted ads).
Facebook will still have a large audience if people keep using it, even if they all delete their information, so a large audience is a given.
Knowing an audience has two large pieces, identity (i.e. you're user X) and derived identity data, i.e. people interested in HN are interested in tech. The biggest use of all this data is associating users together. If all my data across all the internet was deleted immediately, I bet Google et. al would be able to uniquely identify me within a few days, they wouldn't know I'm the same person whose data was just deleted, but they'd know a wealth of targeting information about me again, and within a few years I'd bet they'd know me just as well as they do now.
My web usage is pretty routine, and humans in general are pretty routine, so I would expect it to generally hold that, without explicit effort to the contrary, we'd all be pretty easily re-identified (at least as much as advertisers are concerned) after deleting our information, and sure, I won't be searching for that exact search query because now my git-fu has improved, but I'm still going to be doing things that identify me as someone interested in and/or using git.
Facebook is going to keep all the derived data from people, and that data is going to allow them to very easily re-target anyone once they have a good feel for what their interests are. And I can't imagine a more transparent display of interests than activity on a social network, it's almost explicitly interest-bound.
I don't think it would have a significant negative impact on Facebook at all
All I can tell you is that Facebook had a large audience before the pixel, and few advertisers were able to generate ROI from Facebook ads. Now he is suggesting that we will return to this state. Showing irrelevant ads to people based upon basic things - like being one of 150 million people that like Coke’s Facebook page - just flatly doesn’t work.
But you're not stopping pixel. You're going to be tracked again. All you're doing is resetting the clock. How long after pixel was implemented did it take for the value of Facebook ads to skyrocket? A few years? And Facebook gets to keep all that they learned during that time, just not the original data they've derived all that wealth from. It's like losing training data for ML. It's not a big deal when you get 10s if not 100s of millions or more data points every day.
> If a significant percentage of users actually exercise this option, that will be the end of Facebook as a significant channel for ad spend. It will decimate revenue.
That's what he meant when he said it will worsen your experience right? :-)
My understanding is user activity and user data are distinct, and I'd imagine by now Facebook has enough user data that this might not be as huge a concern as when they were getting started.
No. They announced that people can remove themselves from the custom audiences created by the Facebook pixel. No custom audiences, and the effectiveness of Facebook ads drops dramatically along with Facebook ad revenue. The pixel has become standard operating procedure in most marketing plans and conversion funnels. Many companies lose money on initial traffic acquisition but make it back plus a profit through retargeting. That ability would be gone.
Looking at the 2008 crisis debacle and “too big too fail”, maybe it wouldn’t be that bad. If your company has an impact on the level of a public utility, maybe it should be regulated like one.
And God knows that Zuckerberg’s lifestyle wouldn’t change much if he was only a “simple” billionaire instead of a multi-billionaire ;)
I imagine regulation is coming. If not specifically for Facebook, then changes in privacy law in the US to edge closer to what the EU enjoys are forthcoming as soon as the US elects a Democratic House.
The US is a capitalist country. It will see how much negative impact the GDPR has on businesses and consumer choice, as websites block EU traffic in droves, and will not make that same mistake.
Let’s not even go down this road, it has been the source of very long discussions. I’ll just say that nobody in the US wants the liability of EU traffic under GDPR except for very large companies with expensive legal teams.
That follows from "successful enough" meaning impacting a large fraction of society in some way - which is the government's area of competence. So they definitely will be interested in your impact, and whether or not your market-driven priorities are at odds with well-being of society.
Likely, you will see a bunch of random ads instead of targeted ones of things that might actually be interesting to you. Whether or not that's better is up to the user.
I'm assuming I will see a lot more posts from old high school friends who I don't really interact with anymore. It would be a fun experiment to try though.
I had the realization a while back that certain advertisers were flooding my Newsfeed with Sponsored posts every time I interacted with them in some way -- on or off Facebook. So I started regularly clearing out the Interests and Advertisers sections of Ad Preferences and now my Newsfeed is almost entirely devoid of Sponsored posts.
The experience using Facebook without them exploiting knowledge of my "preferences" is substantially better.
Granted, I'm running ad blockers, so most of the low-value advertising on FB was already blocked.
Indeed. I've discovered it can make major mistakes on who's "important" to me - I'd thought they'd stopped Facebooking, but it turned out their algorithm had for some reason deemed them not to be a "close" friend and de-emphasized them from my feed.
I agree this probably won't make Facebook as good. I relate this to the time before spam filters were good and 50% of my email was penis enlargement pills and money wire fraud. You dump all this data and we go back to a time where I'm not known, and Facebook shows me my active "friends" and it's just my aunt sharing her latest Bejeweled score.
I'm all for better control of my data, but there needs to be some balance so the ads I see are still relevant and not acai berries super juices and Hot Local Singles In My Area.
Because I want Facebook to be free... just like I want Google to be free and Gmail and Google Maps and my news site and my sports site and my fantasy sports app and...and...and...and...
I understand that an ad model is what allows me to do many things I do on the internet without cost. Now, if I have to choose between an ad model that shows me "Dewalt Tools 25% off" (Something I am interested in) or "Gluten Free Bread" (something I'm not interested in), I will select the former.
Advertising is a race to the bottom. As long as GDPR affects everyone more-less equally, it'll only reduce the current depth of advertising hole. That is, non-targeted ads might become more profitable again.
People can pin this on Facebook all day, but that's the same bullshit every user-productizing company spews. That the best experience is the one they design, which necessarily includes tracking, ads, and half of the dark patterns in the book.
Some days, I secretly wonder if my experience would indeed be better, because I've been blocking ads and tracking shit for the 20 years I've been online. Because frankly, I wouldn't know, maybe this world of constantly being targeted with advertising is really cool. They keep telling me I'm missing out, you know?
It's a veiled threat, just like when they told you that if you disable facial recognition you're worsening the experience of blind users, and that nefarious people will take your photos and impersonate you.
They probably intentionally selected things to delete to cripple the experience. It's a way of forcing people bad-mouthing facebook to put their money where their mouth is. If critics don't use this feature, they can put the blame solely on them.
> If critics don't use this feature, they can put the blame solely on them.
Once this rolls out, I'm going to be posting instructions to my feed. One of the only reasons I still keep Facebook around is to publicize articles critical of social media and stuff like this.
Why is this downvoted? The article itself is a demonstration that they really do this.
Case in point: If you're not logged in to the FB tracking network, after 5 seconds of reading, you get surprised by this "funny" jump scare: https://i.imgur.com/PCQOo8N.png
That is deliberately worsening the experience. If you click the close-button (helpfully labelled "Not now"), it is replaced with a sticky footer that takes 33% of your screen (depending on your window size and zoom setting).
Mark is suffering from a pretty classic engineer's problem. Somebody asks what they think is a simple yes or no question, but they either don't understand the complexities of the question, or won't be able to properly understand the implications of the yes or no.
I felt the same. I've never been a fan of his but I have to say, after watching bits and pieces of the testimony, I felt sympathetic for his position. Senators pushing for yes/no answers to questions where there are many many variables and different situations to consider.
Pretty much any question on the topic is too complex for a simple yes/no. And it's abundantly clear to me that 99% of the general public just do not understand that at all. Most people (senators included) were just looking for him to say something damning which they can endlessly bring up in the future.
I don't believe Mark got into this position out of malice. Facebook just grew naturally over time and turned into the beast it is today. How many times have you been building an app and thought "If only I knew <x> about my users I could provide <really cool feature>"?. Each one of these little steps encroaching on user privacy is small and hard to notice for the users and even for the engineers. But over time they add up and at some point there is an "oh shit" moment where you realise what you have.
Yes, some of us have been warning about this for _over a decade_. But the benefits clearly outweighed the costs in the eyes of the users. Only now are the general public starting to realise what the actual costs are.
> For instance: are whales fish? That's a simple yes or no question, right?
You make a good point. While Mark was presented with a similar situation, the answer to the question, "Are whales fish?" could be, "That isn't a 'yes-or-no' question because [reason]," as opposed to, "I'll have my team follow up with you after my congressional hearing."
The latter is safer. I guess it's kind of the same thing as "don't talk to the police" meme in US - everything you say can, and will, be used against you. So correcting malformed/misinformed questions is dangerous, because you may trip up when explaining - or say something that will be misinterpreted.
> To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences.
That's not a bug, it's a feature! I've had my browser set up to nuke everything on shutdown as far as I can remember. Yes you have to log back for sites you want to interact non-anonymously but I consider it the sane default.
Tracking and privacy aside, you'll likely save some money too as not being logged into shopping sites raises the barrier to ordering pointless crap.
> I've had my browser set up to nuke everything on shutdown as far as I can remember.
I have this and only log into GMail in a private window (I would do the same for FB if I used it). It's a bit of a hassle, especially since I've enabled 2FA, but it's become a habit and not that much of a hassle (I leave the private window open).
I use entirely separate browsers for that. Gmail logged into my primary account gets its own dedicated browser. Nothing else ever gets opened in that browser and it's never used for "regular" browsing.
It's a failsafe against bugs in the private browser implementation and provides a further separation of authenticated vs anonymous.
For me there is a not a technical fix for the problem. The fact that my feed fills up with ads for something I Googled immediately prior to alt+tabbing to FB is creepy and annoying, but it's not the real problem. The real problem is that I know they have the data (and they still will after I "clear" it) and it can be used for a lot more than advertising. I don't trust them. That's the problem.
It would, they already did, pure audacity, and they're getting burned for it.
Meanwhile, a loud minority (mostly from outside the EU) complains "why don't you respect their best efforts?" -- because it's too little, too late, this law has been on the horizon for years, but instead of preparing they've been increasing their data harvesting efforts, only making it harder for themselves to actually comply when it finally passed.
Well, you've described a problem for which this isn't a technical fix, but for which there is a technical fix: a decentralized open source social network on which you retain complete control over which of your data ever enters its ecosystem.
And it will come. It will take years, but it will come.
Absolutely. A distributed system where each user controls their data is theoretically an architectural fix. But not one that is an option for FB since owning my data is the core of their business model.
This (or any other Facebook feature/change) wouldn’t be such a big deal if Facebook weren’t a monopoly which actively takes steps to remain one. Namely,
- being a closed platform with no easy way to migrate your data to another platform
- buying out the competition
As long as the above is true I consider Facebook as acting against its users’ interests, regardless of any specific feature.
If this is GDPR related then it's to do with privacy, not competition. Suppose you did download a bunch of liked pages, friends comments. What would you do with them? Learn python and import it into, I don't know, Twitter or something? Most people aren't actively looking for a way to do exactly whatever it is on Facebook.com using a different URL.
I’m getting a new “we have updated terms of services” mail every day these days. Half of them don’t mention at all that they need to do this due to GDPR. It’s just because they want to give people more options and control /s
Did you get the new Facebook one already? Did you enable facial recognition or do you hate blind people? /s
(not sure if I should add the /s here; I'm being sarcastic but this is literally what the dialog said, twice. It also threatens you that you will be impersonated by people using your photos, twice).
I got the Instagram version of it. They feel they need to have agree for the facial recognition even though there is no related feature on the Instagram app.
FTA: "To be clear, when you clear your cookies in your browser, it can make parts of your experience worse. You may have to sign back in to every website, and you may have to reconfigure things. The same will be true here. Your Facebook won't be as good while it relearns your preferences."
I call BS. My experience definitely won't be worse, because I will do my best to block all your crap tracking and ads from the start. Also, please stop relearning my preferences, and no, I won't be using your crap to log into websites.
What I _really_ want is an option that allows me to prune my Facebook posts. Like if I had a button, or at least some sort of bulk deletion with overview, so I could delete all of my political posts and memes then it would be really handy.
This clear history is handy I guess. Seems kinda shitty to need it, though.
Did you uninstall that after using it? Otherwise that extension still has the ability to "read and change your data on all facebook.com sites." For all you know, it may have uploaded a copy of all your Facebook data to its servers already.
I deactivate the extension after usage. I also looked at the console/source code and the only external urls the extension is calling are google services (Analytics and Chrome Store) I have analytics blocked in the HOSTS file anyway.
I don't get it, how does sporadically deleting cookies help? Sites don't, I assume, store significant amounts of data in them that would get irrecoverably lost. And even for cookies identifying you it should not be too hard to stitch two histories connected to two different cookies back together on the server based on your IP or browser fingerprint. And if they were actually worried about negatively impacting the user experience, why would you not selectively destroy the cookies? Just keep my preferences and give me a new authentication token so that I remain logged in and don't loose my preferences, the browser already has a feature to delete everything. So what am I missing, how is this a useful privacy feature?
I wish youtube had this feature. I watched a few videos a while ago, and now my "feed" is filled with similar videos. I keep clicking on them, almost instinctively, see what they're about.. then exit, but still. It's annoying.
It's certainly not very friendly if you want to remove categories en masse from your recommendations, but you can remove videos from your YouTube history list. There's even a search bar. I have found spending the time to purge a certain type of video from that history does improve my recommendations.
Additionally, on the home page, you can click on the options overflow on each video and tell YouTube you don't want to watch it, and why.
I can almost guarantee that this will end up in FB recording my entire browsing history every-time I use it. I wonder how would the congressional apology for being 'careless' with this feature would go.
Looks to me like they only mean the kind of websites, where you allow the application to use your Facebook profile, like Tinder or some minigames so that they can post "XYZ has clicked 1000 times in FooClicker!" on your timeline. This kind of history you'll be able to clear. I doubt they mean the tracking cookies that are everywhere in those "Like" buttons.
> One thing I learned from my experience testifying in Congress is that I didn't have clear enough answers to some of the questions about data
You bet you didn't, Zuckerberg. And those questions weren't even challenging. Imagine if they had grilled you about tracking pixels and cookies and the Facebook login JavaScript snippets that you encourage everyone to put on their website.
It might be difficult to catch depending on the how macro attributions they could make on you, depending on the time scale - say over 20 years, if you cleared the history every year, it might give them insights that might be hard to correlate to earlier history.
If there were strong whistle-blower laws and pre-set rewards however, then might get a whistle-blower who could earn themselves say $1B+ (based on size/revenues of Facebook) for outing the deceit - which then Facebook would be fined for.
Is a scandal a huge issue? Despite the recent #DeleteFacebook and everything, Facebook wasn't really impacted all that much and is still making tons of profit even without the 1% of users who did delete it. A future hypothetical scandal where another 1% deletes it would be worth it considering all the data and revenue they made from abusing people's data before the scandal.
> Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account.
So it's really just a way to de-authorize all apps/sites at once?
This just means facebook will no longer show you or your friends what was in the history. Facebook will still sell advertising based on your private data. It won't be cleared, just hidden from your view.
> Zuckerberg also cautioned users against clearing cookies in their browser, saying “it can make parts of your experience worse”, and adding, “Your Facebook won’t be as good while it relearns your preferences.”
I hope clearing this history would give me back the chronological feed, would maybe make me use Facebook more than once every month. I completely missed that one of my old friends graduated, another friend moving to a different country for a new job and I missed one of my childhood friends mourning his lost mother. All three of them had posted updates about it on Facebook but since I didn't interact much with their updates Facebook drew the conclusion that I couldn't give less of a shit.
If there's not gonna be a feature where you are able to delete the whole history (and not one post, like, etc. at a time) then I don't see how it's gonna help the users.
Did or did not he mentioned about what happen to already analyzed data ?
What I meant is facebook actually create a kind of DNA per user by analyzing behavior.
If I choose to delete my history did it delete my DNA data too ?
And what about data analyzed by third-party which installed by one of my friend and have access to my data.
Did this feature(delete) will target above problem too ?
My understanding is it will not going to be an easy task and if it actually delete all your data what happen to advertisement business ?
I am still not sure if saying and doing is the same thing, specifically in this case when more data means more money for Facebook. And this is not just about Facebook, but to any service that claims they won't log or store my data.
At the end of the day, it's just a claim and I try to minimize harm by giving as less data as possible because once they have it, I am not sure what happens to it and for how long it is retained.
The issue isn't that they aren't honoring requests to delete data. The issue is that they've tied their success and the usefulness of their product strictly to the weakening of user privacy and the necessity to provide them as much such data as possible.
To those who are still on Facebook: Is there an easy (script-free) way to hide all past posts from the Timeline from "Friends" yet? Before my deactivation, I tried one of the Greasemonkey scripts but it didn't seem to do anything (maybe I didn't wait long enough, etc).
I am so glad there's some damage control after the whole fuss. that means that they actually care and try to improve their mistakes. I see here a lot of negative comments, I don't really understand why though, isn't it what people where asking for, like, improvements?
Can we add a little warning about the jump scare if you're not logged in to Facebook?
It's even timed to pop in your face after a few seconds as you're just focusing on the first paragraph, BAM! Gigantic crazy-looking Zuckerberg in your face.
"Once we roll out this update, you'll be able to see information about the apps and websites you've interacted with, and you'll be able to clear this information from your account. You'll even be able to turn off having this information stored with your account."
When the history is "cleared" is it erased from Facebook's storage or is it simply disassociated from the user's account?
How forthright is Facebook in telling its users exactly what it is doing?
"Citing sources close to the matter, The Washington Post reported that Mr Koum's decision to leave was the result of an irreconcilable clash over Facebook's desire to use users' data for the purpose of advertising, in part by weakening the end-to-end encryption that protects messages from being read by anyone other than the intended recipient."
"Jan Koum [WhatsApp founder] leaves Facebook over data privacy issues " there have to be enough Facebook refugees by now out there to build the missile that terminates this experiment in surveillance capitalism - Tim Wu (@superwuster) 1 May 2018"
I've been holding off deleting my account until they've made some major changes which will let me clear out the history first. For all those people who quit too early, there's no obligation to delete anything.
Hmm, now the question is whether I sign back into my "definitely" deleted Facebook account to use this feature, or leave my account as-is under the assumption they actually have deleted my account...
you should always delete all cookies on browser close, there’s a setting to do this automatically. also never accept 3rd party cookies. if you want convenience of easy logins save the passwords into your browser
What? Noo... When you consider the chrome password manager you must consider the chrome binary as a whole. Chrome has had significantly more security issues than 100% of password managers. Of course -- its a more complex set of code.
Its about surface area. A password manager that has no browser integration is by its nature less likely to be compromised, as there are far less vectors of exploitation.
Don't store your passwords in the browser. Use a proper password manager. How its gets from PM to B is up to your risk appetite.
Not really. For one, anybody that can use your computer can see a plaintext list of your Chrome passwords directly from the Chrome options menu. It's an incredibly primitive system.
this part though we usually have good defense against. how many people are using your computer? do you have a login with a password? do you have FDE? when was the last time you handed your laptop over for someone to use without you being right there?
the browser password managers are good enough for most uses
You’re right — they’re probably going to sweep in all news feed algorithms so it has a profound binary effect. If it just affected advertising and third-party tracking, it would be a no-brainer for people to activate.
We will still track you, but now we will give you a better control over what we have tracked! Without tracking and learning about user's preferences FB seem to feel like an empty store!
Weren't they going to roll this out for Messenger at some point? They did it for Zuckerberg, and then mentioned that they were just "testing" it and were going to roll it out generally some time in the future.
You can't unsend an email or text because generally speaking you can't control the other end. SMS was never built with the ability to "recall" a text, so once it's been delivered, it's off the carrier's hands. Email is similar, although with modern mail clients (outside of POP3), you would be able to remotely delete emails in most cases. Exchange recall works exactly like this; if the e-mail hasn't been read yet, then there's a chance for the recall to happen silently. Otherwise, you get a separate "X would like to recall" message instead.
With Facebook Messenger, you're entirely within their platform. You read messages on the Facebook site, or Messenger, and they control it fully. It'd very much be possible to add this functionality.
Have you asked people if they want it? Any time I make a mistake I think about the ability to unsend or edit what was already sent (within a time limit etc etc).
Generally speaking, people aren't going to think, let alone talk to others about a feature that doesn't exist in most platforms they use.
But clearly people do want the ability since Exchange provides that feature, and GMail will delay sending your message for up to minutes in case you want to "Undo" the send.
The gmail case isn't an "unsend" feature, it's just a delayed send.
OP seems to be suggesting you can take back a message once it's sent. This opens up issues since the receiver may have already read the message. Now you get into cases where someone says "Bill threatened me over Facebook messenger" but now Bill has deleted that message.
going by comments I have read here and in reddit, yes I think most people want to be able to delete things they said or posted on fb when they were teenagers
I think deleting posts is different then deleting messages. If I'm having a conversation with you, and make some threat but then delete it. Does it stay in your thread? Get deleted from both threads? What if you screen shot it? If I delete a post, it no longer lives in either feed.
That's for those who have an account a.k.a. "dumb fucks".
But what about those who have never had an account but are still constantly tracked, i.e. the rest of us?
Not that I believe you would irretrievably delete anything from you surveillance archive anyway.
I thought it was possible they didn't have "safe, secret" backups (the implication here hopefully being obvious from context clues. A general principle of good discourse is to assume the interpretation that makes the most sense instead of picking apart targets you yourself would know how to respond to if you were in the adversarial position)
Another way to put it, "You thought I thought they didn't have backups of their data? your face"
So someone is going to commit a crime, then clears history, asks FB to delete account. Police knocks at FB doors - FB is like "We don't have any information". How is that going to work with GDPR?
No. You didn't 'go through your systems' and you didn't think of this at all. The European GDPR requires you to offer this, at least to EU citizens. Don't pretend that isn't the only reason you even built this feature.