Hacker News new | past | comments | ask | show | jobs | submit login

> I really don’t fault Facebook much. Anyone who ever includes any FB script is responsible for exactly what it does.

Many people don't understand the implications of using FB scripts, whereas FB does.




Sure. There is perhaps a moral/ethical responsibility. But there are laws against sharing sensitive info and I don't think "I didn't know FB scripts did that" helps. FB's entire business is gobbling up user data. And pharmacies business is to know who they share sensitive data with. I don't think it's too much to ask to require siteowners to understand what the scripts they use are actually doing, at least if they deal with sensitive data.

For example, I don't think pharmacies should do any kind of advertising on FB, or do any kind of campaign tracking/conversion measuring etc on the same site they accept user data. As will all GDPR violations, if just a few large pharmacies were fined out of existence, I bet the rest would quickly fall in line.


While I agree that the main fault was with the pharmacies, they should certainly not send any patient information to anyone, I think you can at least partly blame Facebook since they had promised to filter out anything sensitive.


That sounds impossible even for one language. A better description I might trust wouldn’t include “filter out”. Filter out!? Like activities that aren’t “filtered out” would somehow be blanket acceptable?

Wouldn’t it be easier to just use an FB api to send one ping when a transaction completes, e.g with a campaign ID? Why would fb ever be uploading what’s stored in a form field that they don’t know what it means? It makes no sense?


Many analytics and tracking pkgs will capture every single form field and upload them as a standard default, and only mask out things that match cc regexes etc

Yes it's immensely stupid


What the hell would someone even do with such data? I get that you can figure out addresses/phone numbers/emails nad correlate individuals etc. But what about all the other fields? If someone says "It's sold in bulk to companies who try to datamine whether the field values '48', 'yes' and 'Other' makes it more/less likely for you to buy car insurance in the future" I'd be...completely unsurprised


I think owning information that you should not possess could in theory be just as punishable as sharing the information in the first place. Especially if done on a massive scale.

This already holds for csam imagery.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: