Facebook

[uppi]

You don't need your own personal internet connection to connect to the outside world. Even in the US, there are plenty of public internet options available, they just require you leaving your own home to use them.

That is more of a theoretical solution. And without an ISP you are not going to get a telephone number, which can make certain tasks of communication with the outside world quite difficult.

Websites cannot see your MAC address. There's no mechanism for that to happen. "Your" MAC address isn't even a specific thing from the website's point of view single thing - every piece of networking gear between your PC and google.com has a MAC address. From my home PC to google.ca there are 8 hops, all of which have their own MAC address. None of which either I, nor Google, can see.

Small nitpick: You and Google should be able to see one of the MAC addresses of the respective next hop, unless it doesn't talk Ethernet (to you). And I wouldn't bet too much against Google not knowing the MAC addresses of the hops in between.

 

[Zelig]

Yeah, I abstracted away some details, both Google and I own a number of hops on either end.

 

[Hehehe]

I'm not going to bother reading your wiki links, because I'm technically competent.

Websites cannot see your MAC address. There's no mechanism for that to happen. "Your" MAC address isn't even a specific thing from the website's point of view single thing - every piece of networking gear between your PC and google.com has a MAC address. From my home PC to google.ca there are 8 hops, all of which have their own MAC address. None of which either I, nor Google, can see.

If you were technically competent, or if you'd simply read the part I quoted, you'd know that fishing for stuff like MAC addresses requires client side scripting. Now sure, since it's client side, it is possible to stop it. But most people don't even know that it's a thing.

If I only connect to facebook via facebook.com, IP address (which isn't a unique identifier) and browser fingerprint (which isn't going to be the same between multiple platforms) are worthless. Of course I'm the same user via multiple platforms, because I've logged into the same account. That doesn't give them any additional information other than "I have multiple platforms that I log in from".

When it comes to IP addresses, yeah there are a lot of caveats. Dynamic IPs change, and there's residential sharing (I forget the technical name for this). But it's still useful in tracking people especially when combined with other data. Furthermore, I don't think you understood the idea of crosschecking. Your Facebook account can be linked to the two devices that you're using, which can be linked to almost anything you do on those devices. Websites you visit, things you buy, etc.

Data brokers aren't particularly relevant either. Ad companies are in the business of selling targeted ads. Selling their data directly compromises the value of their ads. And none of those companies sell information, you're adding words that aren't even present in the text you're quoting. It's all publicly scrapable information.

These range from irritating infringements, including WhatsApp sharing your name and phone number with Facebook so businesses can advertise to you, or a startup that uses your phone’s battery status as a “fingerprint” to track you online, to major intrusions such as Baltimore police secretly using aerial surveillance systems to continuously watch and record the city. Or like the data brokers that create massive personalized profiles about each of us, which are then sold and used to circumvent consumer protections meant to limit predatory and discriminatory practices.

...

This imperative signals a shift in how powerful institutions view data. A recent report by leading software maker Oracle and MIT Technology Review called The Rise of Data Capital argues that a major reason for the success of companies such as Google, Uber, and Amazon is that they have embraced the mindset of “data as an asset”. The report crystallizes an influential tech trend. Treating data as a form of capital means that firms hoard, commodify, and monetize as much data as they can. And these databanks, they say, can never be too big.

As for selling that data, that was already covered in my previous post. Also, it is worth noting that there have been cases of data brokers that didn't do proper vetting and simply sold users' financial data to criminals.

I am not really technically competent, but why would browser fingerprint be different between platforms? My browser fingerprint is below, it is unique according to amiunique.org and panopticlick.eff.org. Surely this means I could be tracked across multiple platforms?

Browser fingerprints are essentially unique identifiers for the device you're using, and different devices have different fingerprints. You can think of it like a name for your device. If you browse a site that collects those names, they know it's you. They can connect your browsing history to you across different sites, assuming they collect browser fingerprints. If, for example, CFC collected fingerprints (or accepted ads that do), then in theory it would be possible to connect your username to your Facebook name if you have Facebook.

edit: I think we're probably talking about different things with "platforms" - I've been using it in reference to my different platforms. In terms of different services, it still doesn't particularly matter - facebook doesn't share its record of browser fingerprints with Google, and vice versa.

So you still don't believe that they sell data to data brokers? Do you have any reason to think this?

 

[Zelig]

If you were technically competent, or if you'd simply read the part I quoted, you'd know that fishing for stuff like MAC addresses requires client side scripting. Now sure, since it's client side, it is possible to stop it. But most people don't even know that it's a thing.

MAC addresses don't just require "client side scripting", they require you to install, what is, in effect, spyware. If you install spyware, arbitrary parties can also log your banking passwords. It's not relevant to a discussion on web privacy.

When it comes to IP addresses, yeah there are a lot of caveats. Dynamic IPs change, and there's residential sharing (I forget the technical name for this). But it's still useful in tracking people especially when combined with other data. Furthermore, I don't think you understood the idea of crosschecking. Your Facebook account can be linked to the two devices that you're using, which can be linked to almost anything you do on those devices. Websites you visit, things you buy, etc.

If I visit facebook.com on my PC, and facebook.com on my phone, and don't allow connections to facebook otherwise, what mechanism do you think they're using to track anything?

So you still don't believe that they sell data to data brokers? Do you have any reason to think this?

I didn't make that claim, I don't feel the onus is on me to show their lack of a specific action that would be against their financial interest.

 

[Hehehe]

MAC addresses don't just require "client side scripting", they require you to install, what is, in effect, spyware. If you install spyware, arbitrary parties can also log your banking passwords. It's not relevant to a discussion on web privacy.

Collecting MAC addresses is rare, but the point is, it still happens. It's just *one* of the possible ways to track users

If I visit facebook.com on my PC, and facebook.com on my phone, and don't allow connections to facebook otherwise, what mechanism do you think they're using to track anything?

Data brokers pull your IPs and fingerprints from Facebook and whatever sites you've visited, if they can. Many online stores also sell user information. If they do, that can be connected to you. Etc.

I didn't make that claim, I don't feel the onus is on me to show their lack of a specific action that would be against their financial interest.

I already showed you the links, didn't I?

*sigh* this is just starting to go in circles. I feel like I'm just repeating myself here. Believe whatever you want to believe, all I'm saying is that this mass data gathering has potential to be used for much, much more than just for this Cambridge Analytica thing.

 

[Zelig]

Collecting MAC addresses is rare, but the point is, it still happens. It's just *one* of the possible ways to track users

Sure, and you can track users by their banking passwords too.

Data brokers pull your IPs and fingerprints from Facebook and whatever sites you've visited, if they can. Many online stores also sell user information. If they do, that can be connected to you. Etc.

Who, specifically, do you think is pulling my IP address from Facebook, and what specific mechanism do you think they're using for this?

I already showed you the links, didn't I?

No, you didn't. You just did some hand-wavy stuff.

*sigh* this is just starting to go in circles. I feel like I'm just repeating myself here. Believe whatever you want to believe, all I'm saying is that this mass data gathering has potential to be used for much, much more than just for this Cambridge Analytica thing.

Sure, but you're either lacking a good understanding of the actual mechanisms or technical details, or the ability to demonstrate your level of understanding.

It's like the web privacy equivalent of The NSA is not Made of Magic.

In either case, if you follow best practices, you're not immune to targeted attacks, but it's enough to foil the dragnets.

 

[civvver]

The thing I don’t really get is 99% of this data scraping is so companies can target you with specific ads. Why are people so opposed to this? I’d much rather see ads for something I’m interested enough in to web search like retro gaming consoles than all those stupid banner ads for car insurance quotes. Or like women’s clothing ads. Or toilet bowl cleaner. Or whatever, I’m just saying why wouldn’t you want ads that are actually relevant? People voluntarily go to sites like slick deals to find ads. I don’t see what the big deal is there.

Obtaining other personal info is only very concerning if companies are reckless with it and it makes you vulnerable to identity theft. Like the equifax breach. But address and phone number are pretty common things to get. Facebook I don’t think has my ssn or credit card numbers.

 

[stinkubus]

Because it's going to inevitably be used to do things like spam beer ads at people who look up support groups for alcoholism.

 

[Zelig]

The thing I don’t really get is 99% of this data scraping is so companies can target you with specific ads. Why are people so opposed to this? I’d much rather see ads for something I’m interested enough in to web search like retro gaming consoles than all those stupid banner ads for car insurance quotes. Or like women’s clothing ads. Or toilet bowl cleaner. Or whatever, I’m just saying why wouldn’t you want ads that are actually relevant? People voluntarily go to sites like slick deals to find ads. I don’t see what the big deal is there.

Obtaining other personal info is only very concerning if companies are reckless with it and it makes you vulnerable to identity theft. Like the equifax breach. But address and phone number are pretty common things to get. Facebook I don’t think has my ssn or credit card numbers.

I'm opposed to the entire advertisement industry. It's a cancer on society.

I will not consume ads, and will cease to use any product or service rather than consume ads for it.

 

[civvver]

Not all ads are evil. I love Taco Bell ads. How else would I know about their new insane concoctions? I don’t want to actively visit their site on a regular basis, just shoot me a tv ad during the game with some crazy Taco in it.

 

[civvver]

I'm opposed to the entire advertisement industry. It's a cancer on society.

I will not consume ads, and will cease to use any product or service rather than consume ads for it.

So you won’t drive on freeways that have billboards? I mean let’s be reasonable here. You can skip Facebook but you can’t avoid all advertising.

 

[Zelig]

Not all ads are evil. I love Taco Bell ads. How else would I know about their new insane concoctions?

I don't eat fast food, don't care what they're doing. I don't think society is made better by being exposed to Taco Bell ads.

So you won’t drive on freeways that have billboards? I mean let’s be reasonable here. You can skip Facebook but you can’t avoid all advertising.

Yes, billboards are literally the only form of advertising I'm unable to avoid. (Insofar as I notice them cluttering up the view, I avoid actually reading or looking at them.) I complain to my city on a regular basis about billboards that aren't strictly following bylaws regarding what they're allowed to do. São Paulo gets billboards right, we should all ban them entirely for the blight they are.

 

[Takhisis]

The thing I don’t really get is 99% of this data scraping is so companies can target you with specific ads. Why are people so opposed to this? I’d much rather see ads for something I’m interested enough in to web search like retro gaming consoles than all those stupid banner ads for car insurance quotes. Or like women’s clothing ads. Or toilet bowl cleaner. Or whatever, I’m just saying why wouldn’t you want ads that are actually relevant? People voluntarily go to sites like slick deals to find ads. I don’t see what the big deal is there.

Obtaining other personal info is only very concerning if companies are reckless with it and it makes you vulnerable to identity theft. Like the equifax breach. But address and phone number are pretty common things to get. Facebook I don’t think has my ssn or credit card numbers.

Very relevant, just came out today:

I also agree to a large degree with Zelig on advertising. There's too much of it and it's too invasive and too ridiculous.

 

[Commodore]

There's too much of it and it's too invasive and too ridiculous.

There are various ad blocker programs out there now for both PC and mobile devices that can greatly cut down on that stuff. I've been using ad blockers for years now and haven't seen a targeted ad since.

 

[Takhisis]

I don't mean just on the Internet. It's everywhere. An appartment building two blocks down from here just keeps getting its sides painted with awful, ridiculous ads for idiotic products.

 

[Zelig]

There are various ad blocker programs out there now for both PC and mobile devices that can greatly cut down on that stuff. I've been using ad blockers for years now and haven't seen a targeted ad since.

Sure, but the incentives are still all perverse. Facebook is paying some of the brightest minds of our generation to fight a back-and-forth war against adblockers and and to maximize the amount of time people spend watching ads. Comparatively, if people were actually paying Facebook, their incentives would be to create a better service for their actual customers.

 

[Commodore]

I don't mean just on the Internet. It's everywhere. An appartment building two blocks down from here just keeps getting its sides painted with awful, ridiculous ads for idiotic products.

What would be really weird though would be those ads being targeted towards you.

 

[Manfred Belheim]

My experience of targeted ads is that you'll normally get bombarded with repeated ads for your most recent purchase, which is obviously the least likely ad to be of any use for any of the parties in question. So even if they are constantly mining all this information on you, there doesn't appear to be much of a brain making use of it all at the end.

 

[Zelig]

Great new extension from Mozilla: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/

Greatly simplifies the technical measures I previously recommended for less tech-savvy users.

 

[Timsup2nothin]

A lot of coverage being given to Mark Zukerberg deciding that he will testify before congress. The Trump era has certainly changed public perception. I don't recall there ever being any decision to be made in such circumstances. Used to be that if congress called, people answered. The debacle of Republican committees "investigating" the administration by "questioning" people who got away with "well, I'm not answering that on the grounds that I just don't want to" has created a new paradigm.