Why the f** is everyone sending our data to FB by default? It's not enough to uninstall FB; you can't even go buy prescription medicine without them knowing, apparently.
The reason is almost always to be able to do conversion tracking. I.e. to follow the trail from a specific ad campaign to a completed purchase in order to evaluate the campaign performance. There are of course ways to do this while preserving anonymity of the individual customers, but it's way too easy to mess up and/or give in to the allure of providing too much detail in the quest to further evaluate user behavior.
The tools are built to make it as easy as possible to provide as much data as possible about the users. Whether it's nefarious is debatable, but FB should definitely have some checks and balances on what they allow to be stored on their own platform.
If you don't have superbowl ads money, or already have a huge following, data and A/B testing is probably the only way to be profitable while doing e-commerce on your own website
Those are tools designed to market products, not handle super sensitive data, it's kind of like using hotjar to record sessions on your (super confidential) website to find pain points and bugs, only to whine that hotjar stores data about your users actions, that's the entire reason why you're a customer.
I really don't get the fuss.
I don't even get the point of advertising pharmacies, you don't need medicines to be advertised to you, it's even crazier that a part of the price of your meds would be "facebook ads budget"
And tbh I have more trust in the reliability of the infrastructure behind FB ads than in the spaghetti PHP code written in 2005 by a contractor for those pharmacies, or in the windows XP/vista computers that their employees use.
If I had to bet on who's getting hacked, I wouldn't bet on Facebook.
> And tbh I have more trust in the reliability of the infrastructure behind FB ads than in the spaghetti PHP code written in 2005 by a contractor for those pharmacies, or in the windows XP/vista computers that their employees use.
You are comparing security in response to an issue about privacy. Facebook's security around data that they shouldn't have in the first place is irrelevant.
Additionally, even a contractor today still could not create feature parity with Facebook as they do not have the network effect of Facebook. That's assuming the company/contractor would even try to build all of it themselves.
> Those are tools designed to market products, not handle super sensitive data, it's kind of like using hotjar to record sessions on your (super confidential) website to find pain points and bugs, only to whine that hotjar stores data about your users actions, that's the entire reason why you're a customer.
In which case it is nefarious to advertise that they do handle super sensitive data correctly. Which Facebook does.
> If I had to bet on who's getting hacked, I wouldn't bet on Facebook.
Those tools should probably be designed to handle super sensitive data, if they are handling super sensitive data.
And, user behaviour on a website can very well be confidential, for example they could easily track the cognitive decline of users over time as mouse movement gets more erratic and reactions slow down - super sensitive information if you ask me. The reason a person is a customer is because they might buy a thing, not to be analyzed.
> If you don't have superbowl ads money, or already have a huge following, data and A/B testing is probably the only way to be profitable while doing e-commerce on your own website
Then how did we manage to sell medicine or call doctors before this wonderful era of Facebook integration? Would without this Swedes simply go without healthcare?
I also said "I don't even get the point of advertising pharmacies, you don't need medicines to be advertised to you, it's even crazier that a part of the price of your meds would be "facebook ads budget""
They're just using the wrong tool for the wrong job for the wrong reasons, but it's not facebook fault in that case
Who is talking about FB being hacked? It's about them reusing all this info for many other purposes. That is nefarious.
Plus you'll find that many will vehemently disagree with you kind of accepting as a given that data should be handed to FB carte blanche. It's a dishonest to start with such an extremely debatable starting point.
I say why don't we give them jack (nil) and start the discussion then.
Another angle to this is the legality of direct to consumer drug advertising. I had though this was only legal in the US and New Zealand. The wiki doesn’t say it’s allowed in Sweden, so I’m not sure how they are getting away with it.
Advertising for prescription drugs is not allowed in Sweden. Pharmacy ads are for non-prescription items like sunscreen, deodorant, whatever. I'd guess that the largest margins are on those items anyway, considering the subsidizing/reimbursement system for prescriptions.
To expand upon this Aspirin, Advil, ... or paracetamol based alternatives are non-prescription drugs (under a certain mg dose), while antibiotics are prescription drugs.
You can argue that they trust developers to be responsible. Having a user friendly and powerful SDK with tons of possible data points isn't inherently a bad thing. All of the features could be used in a responsible fashion, and FB thinks you're smart enough to do so.
I'm not entirely convinced of this personally, but it seems like a somewhat sound argument. I think that they know that it will inevitably be misused, and that they have enough incentive for allowing the misuse to continue.
BTW, my apologies, I think my somewhat flippant replies attracted downvotes to your comments that you didn't deserve. I should have been more clear that I'm strongly disagreeing with the argument, while appreciating your attempt to come up with one in good faith.
The problem is not necessarily the (bad) intent. The problem is amassing data without a clear and well defined purpose. And "just in case we'll use it in the future" or "we might need it" is not one. And collecting more than what you need does meet the definition of without a well defined purpose in this sense. I think this is also in line with the ideas behind GDPR.
From the point where your data is stored it's there for good. I think that's what they have proven, also, anecdotally, a googler friend told me well over a decade ago that they don't ever delete data. Which is not that surprising, since I, as a nimble private person, don't do either. So your data is there and it's there basically forever, you don't know what that data is and how that will be used in the future. Either by criminals who steal it or by the company changing policies or even the law being changed.
So I would say that even without bad intents, which I'm ready to believe not being there at the moment, collecting as much as you can and trying to filter out whatever someone thought of as being too sensitive is the exact wrong strategy. They should actively filter out everything except what they want to store specifically and they should claim what that is.
Other than that, I think completely blocking FB (and other big 3rd party) tracking is the way to go. It should be there by default in all browsers. There reason it's not likely to happen, is of course, that the most used browsers are all subsidized by the very companies that live off of data collection.
Well yeah, that is the broader issue for sure. As you say, the change needs to come from regulation or consumer pressure. The power that the data brokers can provide to businesses is too great to ever reasonably expect them to resist. If you are an online business and refuse to utilize their services, you unfortunately are at a very significant disadvantage against your competitors.
was it SR or SVT that found the 1177/medicall calls on some kind of unsecured network storage? For those.outside of sweden, those are calls either with a doctor or with a nurse where you will divulge information that should be protected.
That story was like a Trainwreck of unbelievable proportions. One bad decision after the other.
Best part about this was their CEO trying to play it down, he put his feet in his mouth several times. He said that the recorded calls could not be accessed by regular people, you needed some special keyboard commando movement to get in the back door.
After installing noscript I was amazed to see how many trackers my bank account had on their online service. I would think they could do their own analytics without potentially sending banking history to Google, Facebook and Adobe, but apparently not.
I'm sure the banks would love to do this, but I'm not sure the trackers the GP mentioned actually share any of this data back to the site. Facebook stalks everyone for their own benefit but are usually pretty good about keeping that data to themselves.
>> Why the f* is everyone sending our data to FB by default? It's not enough to uninstall FB; you can't even go buy prescription medicine without them knowing, apparently.
In a sense, because "control the default" is a tactic engrained deep in the DNA of many tech giants. Control the default, and dominate the data. The default is the easy option in live, practical contexts. You have to actively pursue an alternative.
They're just in the same boat we're in. Data goes to data companies by default... anytime anyone does anything with data. If you use adwords, GA, FB advertising or whatnot... the default, ideal even, is that these get all the data. That way everything works best, and requires the least special effort and expertise.
When I start as a mobile lead at GiantNonTechCorpYouWouldKnow, I was looking at one of the two apps I would be leading part of, just to get familiar I looked at all network connections it made and found it called Facebook. I asked product team why we pinged FB given the app it just for our business; they had no idea we even did that, and it was immediately ordered the FB SDK be removed from the app. I never did discover why it was there in the first place.
Not on the ones I write, but I know that I'm an outlier.
From what I have heard, the FB SDK has a bunch of nice UI candy, so folks may have used it, just so they can get the nice splitscreen, etc. (UISplitViewController is a nightmare. I suspect that SwiftUI may have some improvements to offer).
Indeed, certainly makes application proxy filtering more of a must than a luxury for the wider consumer market in todays times. Though not sure (beyond rolling your own) what offerings are out there for consumers as focus seems to be VPN proxies.
Hence: Pi-Hole at home, and a on-device VPN that blocks 98% of all that crap.
I am sure they can still get some info and that some requests slip through but I wish them luck building a coherent picture of me by a few scraps of random info.
Yep, so much for the GDPR. Despite this, I'm sure someone is going to throw the "enforcementtracker.com" link to "prove" that enforcement is sufficient.
- The Swedish healthcare company Kry has built a service for digital patient calls that has leaked doctors 'and patients' contact information to Facebook. https://sverigesradio.se/artikel/health-service-marketed-as-...
- The state-owned pharmacy chain Apoteket has sent detailed information about its online customers and their purchases to Facebook, Swedish Radio News can reveal. https://sverigesradio.se/artikel/pharmacy-passed-information...
Why the f** is everyone sending our data to FB by default? It's not enough to uninstall FB; you can't even go buy prescription medicine without them knowing, apparently.