Why the f** is everyone sending our data to FB by default? It's not enough to uninstall FB; you can't even go buy prescription medicine without them knowing, apparently.
The reason is almost always to be able to do conversion tracking. I.e. to follow the trail from a specific ad campaign to a completed purchase in order to evaluate the campaign performance. There are of course ways to do this while preserving anonymity of the individual customers, but it's way too easy to mess up and/or give in to the allure of providing too much detail in the quest to further evaluate user behavior.
The tools are built to make it as easy as possible to provide as much data as possible about the users. Whether it's nefarious is debatable, but FB should definitely have some checks and balances on what they allow to be stored on their own platform.
If you don't have superbowl ads money, or already have a huge following, data and A/B testing is probably the only way to be profitable while doing e-commerce on your own website
Those are tools designed to market products, not handle super sensitive data, it's kind of like using hotjar to record sessions on your (super confidential) website to find pain points and bugs, only to whine that hotjar stores data about your users actions, that's the entire reason why you're a customer.
I really don't get the fuss.
I don't even get the point of advertising pharmacies, you don't need medicines to be advertised to you, it's even crazier that a part of the price of your meds would be "facebook ads budget"
And tbh I have more trust in the reliability of the infrastructure behind FB ads than in the spaghetti PHP code written in 2005 by a contractor for those pharmacies, or in the windows XP/vista computers that their employees use.
If I had to bet on who's getting hacked, I wouldn't bet on Facebook.
> And tbh I have more trust in the reliability of the infrastructure behind FB ads than in the spaghetti PHP code written in 2005 by a contractor for those pharmacies, or in the windows XP/vista computers that their employees use.
You are comparing security in response to an issue about privacy. Facebook's security around data that they shouldn't have in the first place is irrelevant.
Additionally, even a contractor today still could not create feature parity with Facebook as they do not have the network effect of Facebook. That's assuming the company/contractor would even try to build all of it themselves.
> Those are tools designed to market products, not handle super sensitive data, it's kind of like using hotjar to record sessions on your (super confidential) website to find pain points and bugs, only to whine that hotjar stores data about your users actions, that's the entire reason why you're a customer.
In which case it is nefarious to advertise that they do handle super sensitive data correctly. Which Facebook does.
> If I had to bet on who's getting hacked, I wouldn't bet on Facebook.
Those tools should probably be designed to handle super sensitive data, if they are handling super sensitive data.
And, user behaviour on a website can very well be confidential, for example they could easily track the cognitive decline of users over time as mouse movement gets more erratic and reactions slow down - super sensitive information if you ask me. The reason a person is a customer is because they might buy a thing, not to be analyzed.
> If you don't have superbowl ads money, or already have a huge following, data and A/B testing is probably the only way to be profitable while doing e-commerce on your own website
Then how did we manage to sell medicine or call doctors before this wonderful era of Facebook integration? Would without this Swedes simply go without healthcare?
I also said "I don't even get the point of advertising pharmacies, you don't need medicines to be advertised to you, it's even crazier that a part of the price of your meds would be "facebook ads budget""
They're just using the wrong tool for the wrong job for the wrong reasons, but it's not facebook fault in that case
Who is talking about FB being hacked? It's about them reusing all this info for many other purposes. That is nefarious.
Plus you'll find that many will vehemently disagree with you kind of accepting as a given that data should be handed to FB carte blanche. It's a dishonest to start with such an extremely debatable starting point.
I say why don't we give them jack (nil) and start the discussion then.
Another angle to this is the legality of direct to consumer drug advertising. I had though this was only legal in the US and New Zealand. The wiki doesn’t say it’s allowed in Sweden, so I’m not sure how they are getting away with it.
Advertising for prescription drugs is not allowed in Sweden. Pharmacy ads are for non-prescription items like sunscreen, deodorant, whatever. I'd guess that the largest margins are on those items anyway, considering the subsidizing/reimbursement system for prescriptions.
To expand upon this Aspirin, Advil, ... or paracetamol based alternatives are non-prescription drugs (under a certain mg dose), while antibiotics are prescription drugs.
You can argue that they trust developers to be responsible. Having a user friendly and powerful SDK with tons of possible data points isn't inherently a bad thing. All of the features could be used in a responsible fashion, and FB thinks you're smart enough to do so.
I'm not entirely convinced of this personally, but it seems like a somewhat sound argument. I think that they know that it will inevitably be misused, and that they have enough incentive for allowing the misuse to continue.
BTW, my apologies, I think my somewhat flippant replies attracted downvotes to your comments that you didn't deserve. I should have been more clear that I'm strongly disagreeing with the argument, while appreciating your attempt to come up with one in good faith.
The problem is not necessarily the (bad) intent. The problem is amassing data without a clear and well defined purpose. And "just in case we'll use it in the future" or "we might need it" is not one. And collecting more than what you need does meet the definition of without a well defined purpose in this sense. I think this is also in line with the ideas behind GDPR.
From the point where your data is stored it's there for good. I think that's what they have proven, also, anecdotally, a googler friend told me well over a decade ago that they don't ever delete data. Which is not that surprising, since I, as a nimble private person, don't do either. So your data is there and it's there basically forever, you don't know what that data is and how that will be used in the future. Either by criminals who steal it or by the company changing policies or even the law being changed.
So I would say that even without bad intents, which I'm ready to believe not being there at the moment, collecting as much as you can and trying to filter out whatever someone thought of as being too sensitive is the exact wrong strategy. They should actively filter out everything except what they want to store specifically and they should claim what that is.
Other than that, I think completely blocking FB (and other big 3rd party) tracking is the way to go. It should be there by default in all browsers. There reason it's not likely to happen, is of course, that the most used browsers are all subsidized by the very companies that live off of data collection.
Well yeah, that is the broader issue for sure. As you say, the change needs to come from regulation or consumer pressure. The power that the data brokers can provide to businesses is too great to ever reasonably expect them to resist. If you are an online business and refuse to utilize their services, you unfortunately are at a very significant disadvantage against your competitors.
was it SR or SVT that found the 1177/medicall calls on some kind of unsecured network storage? For those.outside of sweden, those are calls either with a doctor or with a nurse where you will divulge information that should be protected.
That story was like a Trainwreck of unbelievable proportions. One bad decision after the other.
Best part about this was their CEO trying to play it down, he put his feet in his mouth several times. He said that the recorded calls could not be accessed by regular people, you needed some special keyboard commando movement to get in the back door.
After installing noscript I was amazed to see how many trackers my bank account had on their online service. I would think they could do their own analytics without potentially sending banking history to Google, Facebook and Adobe, but apparently not.
I'm sure the banks would love to do this, but I'm not sure the trackers the GP mentioned actually share any of this data back to the site. Facebook stalks everyone for their own benefit but are usually pretty good about keeping that data to themselves.
>> Why the f* is everyone sending our data to FB by default? It's not enough to uninstall FB; you can't even go buy prescription medicine without them knowing, apparently.
In a sense, because "control the default" is a tactic engrained deep in the DNA of many tech giants. Control the default, and dominate the data. The default is the easy option in live, practical contexts. You have to actively pursue an alternative.
They're just in the same boat we're in. Data goes to data companies by default... anytime anyone does anything with data. If you use adwords, GA, FB advertising or whatnot... the default, ideal even, is that these get all the data. That way everything works best, and requires the least special effort and expertise.
When I start as a mobile lead at GiantNonTechCorpYouWouldKnow, I was looking at one of the two apps I would be leading part of, just to get familiar I looked at all network connections it made and found it called Facebook. I asked product team why we pinged FB given the app it just for our business; they had no idea we even did that, and it was immediately ordered the FB SDK be removed from the app. I never did discover why it was there in the first place.
Not on the ones I write, but I know that I'm an outlier.
From what I have heard, the FB SDK has a bunch of nice UI candy, so folks may have used it, just so they can get the nice splitscreen, etc. (UISplitViewController is a nightmare. I suspect that SwiftUI may have some improvements to offer).
Indeed, certainly makes application proxy filtering more of a must than a luxury for the wider consumer market in todays times. Though not sure (beyond rolling your own) what offerings are out there for consumers as focus seems to be VPN proxies.
Hence: Pi-Hole at home, and a on-device VPN that blocks 98% of all that crap.
I am sure they can still get some info and that some requests slip through but I wish them luck building a coherent picture of me by a few scraps of random info.
Yep, so much for the GDPR. Despite this, I'm sure someone is going to throw the "enforcementtracker.com" link to "prove" that enforcement is sufficient.
Probably because the governments like being able to purchase/subpoena private information about their constituents from FB? It is an amazing surveillance tool from the government’s perspective.
GDPR enforcement is significantly lacking. I'm starting to think that nobody really wants the GDPR to be enforced properly, and politically it makes sense - the social media industry (which relies on widespread privacy violations) now controls much of humanity's social fabric which politicians use to help their election - biting the hand that "feeds" could very well be suicide for one's political career.
I don't understand: where are users entering sensitive information, and how is that related to facebook? If I click an ad on facebook and land on some website where I can fill in sensitive information, surely that's beyond facebooks' control?
Were people entering information somehow IN the ad, while still on facebook's page?
They weren't on Facebook's website at all. They were using an online pharmacy's website, and Facebook gets sent information about this because the site embeds Facebook's tracking scripts. This is one of the insidious things about adtech: they track you all over the internet, not just on the adtech companies' own sites.
No, people went to an online pharmacy, unrelated to Facebook. That pharmacy sent the information to Facebook, including information about what kind of medication that was purchased. Of course, the main fault was with the pharmacy, but that is another, related, story. The main point here is that Facebook had promised to filter and not store sensitive information, but that filter apparently didn't work, possibly because that filter didn't handle information in Swedish.
So, even if you never ever had been even close to Facebook, Facebook could have the information that you just ordered some Emergency Contraceptives.
I understand. It feels almost like magic that a script could figure out that kind of thing from any site? I guess it’s mostly just blindly uploading things from forms?
This is a massive GDPR breach of the site in question though. I really don’t fault Facebook much. Anyone who ever includes any FB script is reaponsible for exactly what it does.
Sure. There is perhaps a moral/ethical responsibility. But there are laws against sharing sensitive info and I don't think "I didn't know FB scripts did that" helps. FB's entire business is gobbling up user data. And pharmacies business is to know who they share sensitive data with.
I don't think it's too much to ask to require siteowners to understand what the scripts they use are actually doing, at least if they deal with sensitive data.
For example, I don't think pharmacies should do any kind of advertising on FB, or do any kind of campaign tracking/conversion measuring etc on the same site they accept user data. As will all GDPR violations, if just a few large pharmacies were fined out of existence, I bet the rest would quickly fall in line.
While I agree that the main fault was with the pharmacies, they should certainly not send any patient information to anyone, I think you can at least partly blame Facebook since they had promised to filter out anything sensitive.
That sounds impossible even for one language. A better description I might trust wouldn’t include “filter out”. Filter out!? Like activities that aren’t “filtered out” would somehow be blanket acceptable?
Wouldn’t it be easier to just use an FB api to send one ping when a transaction completes, e.g with a campaign ID? Why would fb ever be uploading what’s stored in a form field that they don’t know what it means? It makes no sense?
Many analytics and tracking pkgs will capture every single form field and upload them as a standard default, and only mask out things that match cc regexes etc
What the hell would someone even do with such data? I get that you can figure out addresses/phone numbers/emails nad correlate individuals etc. But what about all the other fields? If someone says "It's sold in bulk to companies who try to datamine whether the field values '48', 'yes' and 'Other' makes it more/less likely for you to buy car insurance in the future" I'd be...completely unsurprised
I think owning information that you should not possess could in theory be just as punishable as sharing the information in the first place. Especially if done on a massive scale.
If you visit a pharmacy website to buy prescription meds you have to enter PII. If you then also visit various pages on that site for various meds for various diseases it can quite easily be correlated that you have said diseases. The fact that Facebook was involved can be completely unknown to you as a user, you don't even have to have a Facebook account.
> If you visit a pharmacy website to buy prescription meds you have to enter PII.
Yes. And they are responsible for where that information ends up, regardless of how and where they advertise. So basically, anyone running any website at all should be really careful to not add any third party (e.g. Facebook) scripts to their page. I'd rather run a business not knowing whether my ad campaigns work at all, than run one where I don't know if I'm liable for breaking laws.
Analogy: if you have a photo sharing website, like Flickr, then from those photos (and the combination of different photos) Flickr can in theory derive a lot of sensitive information; does that make it somehow stupid or irresponsible to post photos to Flickr? I'd say that depends completely on how we expect Flickr to behave.
It's like visiting a physical pharmacy. In theory, somebody could be spying on the people who enter and leave the place, keeping a giant database with frequency, faces, etc. The question whether it is stupid to enter a pharmacy in person should be answered with: "No, we have laws that protect us against malevolent actors".
One way would be to place the facebook pixel on the site so if you buy sensitive meds from the drugstore, facebook knows what you bought and can sell that information to your insurance company.
Not sure if they shut down the facebook pixel yet but I'm sure there is something similar around instead if they did.
I don't think that's it. FB doesn't 'sell' data, rather, they allow advertisers to 'target' people. The targetting dimensions are right there for everyone to see, I'm doubtful that you're going to find the ability to target people on 'recently purchase meds'. I think this is a case of companies asking users to provide information on in-app sign ups.
Neither do I, once again, frustratingly bad reporting.
My guess is that the 'ad' is has a 'sign up' where people can input information, which can be sensitive, that is capture for the advertiser. I could be anything i.e. contests, emails, whatever. The advertiser can get the data in a spreadsheet later.
If the company doing the ad is 'fake' then you have a CA like scandal possibly, where the fake company can sell that harvested data, some of it sensitive.
I think there are legit concerns here, but I mean, the companies could just as easily direct them to their own url and ask users to 'sign up', which would likely be beyond Facebooks purview to control.
>After four days, 25 000 fake visits from customers had been registered with Facebook. But they had neither shut down nor warned the owners of the made-up pharmacy - Swedish Radio News' reporters. When the reporters log into their account, they see that Facebook has stored the type of sensitive information that they say their filter is built to delete again and again.
>The question that the reporters then asked themselves was whether or not Facebook even has a filter that works in the Swedish language. One of the pharmacies that Swedish Radio reported on say that they cannot find any warnings from Facebook on data transfers that have taken place. The other has not wanted to answer the question. According to state investigators in the USA last year, Facebook only filtered in English.
Wow, seems like this will have major implications under GDPR as well.
The things Facebook wants to block sound like content that is specially protected under the GDPR:
> Article 9
> Processing of special categories of personal data
> 1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.
> 2. Paragraph 1 shall not apply if one of the following applies: […]
If you, as a dweller on the interwebs, do not block all things related to FAANG yet, then you are to blame [1], [2], [3].
Also, as a country or nation state, if you do not curtail and prosecute these thieves of private data, then you show you don't care enough about your populace.
I do this since about forever in different ways. It's getting harder and harder to buy things online thanks to layer on top of layer of javascripts called from so many domains it's not even funny any more. On the other hand I buy less and less things I don't need...
"When Facebook replies to the reporters, they do not answer their questions. But in an email they emphasize that advertisers have a responsibility to not pass on sensitive information."
Facebook Support is the biggest joke ever, even if you are a paying user of FB Ads. They can't or won't answer any question at all, and always reply with "We'll contact you soon to let you know if there's any updates".
I don't understand how these records were sent, and how it was confirmed they weren't deleted.
It can't be tracking info, Facebook doesn't give access to such things outside the company, so the authors wouldn't have been able to confirm the records sent were still available. Also, technically the pharmacy wouldn't be sending those records, the fake user's browser would be sending them.
If I had to guess, the fake pharmacy created "Custom Audiences" -- lists of identifying info, like email addresses, that Facebook can use to serve an ad to a specific person-- and labeled them as people that had purchased some specific drug. You can name these whatever you want, and can read their contents.
There's no complex tagging system, it looks like name and description are the only places where you could say this is a list of people that bought a specific drug.
I like your idea of using custom audiences - clever! We used Facebook/Meta Pixel to send the data, and then confirmed that sensitive health data had been retained by querying the FB Graph API. /Sascha (one of the reporters)
- The Swedish healthcare company Kry has built a service for digital patient calls that has leaked doctors 'and patients' contact information to Facebook. https://sverigesradio.se/artikel/health-service-marketed-as-...
- The state-owned pharmacy chain Apoteket has sent detailed information about its online customers and their purchases to Facebook, Swedish Radio News can reveal. https://sverigesradio.se/artikel/pharmacy-passed-information...
Why the f** is everyone sending our data to FB by default? It's not enough to uninstall FB; you can't even go buy prescription medicine without them knowing, apparently.