back to article Facebook dynamites its own APIs amid data slurp scandals, wrecks data slurp applications

In response to widespread concern about the misuse of Facebook user data, the social ad network on Wednesday hobbled its Graph API and Instagram API, breaking apps sustained by that data in the process. Mike Schroepfer, Facebook's CTO, outlined the changes in a blog post, some of which took effect immediately. The Graph API, …

  1. Anonymous Coward
    Anonymous Coward

    The 'Shadow Profile' Economy

    The media is mostly focusing on the 87m number, not the real one which as we know is up to 2-Billion (search box loophole). However, that's just the start. This more important revelation has vanished from view, with little scrutiny over 'Facebook no longer using Data-Brokers, except they will':

    https://www.bloomberg.com/news/articles/2018-03-28/facebook-to-block-option-of-using-data-brokers-for-ad-targeting

    .

    We know from other EU Data Protection bodies (not the Irish-DPC they're complicit), that Facebook tracks everybody. Any visitor to a website that shares data with Facebook or hosts a Facebook-like button, plus all the info from Data Brokers from Experian to Acxiom. This happens even if you're not a Facebook user, or have closed out your account #DeleteFacebook.

    ~~~~~~

    So how are ex-users / non-users Facebook supposed to Opt-Out?

    ~~~~~~

    There's no way! Everyone is being tokenized all the time, and that activity is then tracked / traded / shared and leaked! Its this 'Shadow Profile' economy that's most disturbing and creepy, and deserving of extra scrutiny.

    Next week when the CEO of Facebook appears in Washington, I fear this is all going to be lost on them. With Zuckerberg controlling the discussion points (weaponizing the narrative as they say) this will all get lost in translation. No doubt Zuckerberg will promise fixes and changes to Facebook, but how is any of that going to fix 'Shadow Profiles' and merging of offline / online data from 3rd-Parties etc!

    We are entitled to have Facebook explain this lack of transparency. Only now after the Facebook/Android message slurp revelations, are users waking up to the fact that its often their low-hanging-fruit friends / colleagues / family, that are ratting them out to giants like Facebook (by either sharing too much or not understanding how the process really works).

    Facebook has admitted the current problems will take years to fix. That gives them a license to crawl, while investors, users and non-users get to eat bullets. We need more scrutiny of the tech oligarchs and their toys because 'We are the native people's now'!

    1. Anonymous Coward
      Anonymous Coward

      What 'Shadow Profile' data-hoarding means:

      See the Orbitz / Staples example here:

      https://www.digitaltrends.com/computing/how-do-advertisers-track-you-online-we-found-out/

      Undoubtedly Facebook & Google are lining up to be middle-men for everything we do - or buy. But instead of transparency or looking for deals, more and more of us will be faced with custom tailor made pricing that's uniquely setup for us (even unique to everyone in our household, thanks to device canvas browser fingerprinting). That's the personal economic damage!

      The behavioral influencing that will then take place off the back of that, is just too scary to contemplate. I guess we got a taster of that in the last US election! Overall, think pay to play... Whoever is paying Facebook & Google gets to weaponize the narrative as they see fit, and influence the world whatever way they choose!

    2. Mark 85

      Re: The 'Shadow Profile' Economy

      Next week when the CEO of Facebook appears in Washington, I fear this is all going to be lost on them.

      For most, yes. For a few Senators, no. Wyden has a pretty good grip on things if Zuck is in front of his committee.

    3. Updraft102

      Re: The 'Shadow Profile' Economy

      So how are ex-users / non-users Facebook supposed to Opt-Out?

      ~~~~~~

      There's no way!

      Of course there is. It's just not official, like opting out of Windows 10 doing whatever the hell it wants.

      Set your script blocker (you should be using one-- if not, fix that), ad blocker (same), and/or firewall to block all communications with facebook.com and facebook.net. Set your browser to deny third party cookies, and use an addon that deletes all cookies after the tab is closed. Use an on-demand cookie crusher before and after logging into anything dodgy, like Google, and never use it for any service that involves personal data (such as anything on any Android phone-- it's a tracking device that has complete access to everything you do on it). No Gmail, Google Calendar, or any other thing that you do not want public. And for God's sake, never use your real name or photo in anything!

      I use what amounts to a dummy Google ID to post on sites like this, but I never use the associated email address, and I don't do anything within it that I don't expect to be public. Posts like this are meant for public consumption, so it's okay for me by my own standards. Only you can decide how far you are willing to go, or not go.

      When I am about to make a post, I kill all cookies (to deny Google the ability to read anything from any cookies that may have been set since the last deletion at the moment I sign in), then sign in (which will set new cookies), write the post, and again kill the cookies. Yes, I do have to sign in each and every time I write a post, but this isn't a post about convenience... it's about privacy. Use a password manager to lessen the stress on yourself, and make sure its store is well encrypted.

      My dynamic IP from my ISP assures that I won't be using the same IP addy two days in a row, and I live near a large city and I use a large regional ISP, so the pool from which the IPs are drawn is large. That stops the two most common and pervasive forms of tracking... but the bad guys are always coming up with more. You can read it if you search browser fingerprinting, and not all of it can be properly mitigated if you're not using TOR (and even then it breaks some sites), but just by blocking the stuff in this post, you stop the biggest majority of it.

      1. Anonymous Coward
        Anonymous Coward

        Re: The 'Shadow Profile' Economy

        > I use what amounts to a dummy Google ID

        Your fergetting too very your spelling plus text caydense so as to fúl the authors identifying algos .. ;)

      2. Ian Michael Gumby
        Mushroom

        @Updraft ... Re: The 'Shadow Profile' Economy

        What about the average Joe who doesn't have a FB account, so never opted-in yet visits a site that runs FB javascript code? FB is slurping that data. Of course they probably pay the site to use their stuff and are therefore a 'partner' and thus you've agreed to it if there is a ToS for the site. For others. probably not.

        Which also begs the question... El Reg, why do you use Google Analytics on your site? Google Tag Services?

        Its the same thing... FB, Google slurp data from other websites on people who may or may not have an account thus no consent.

        How is that going to survive a privacy challeng in the EU?

        The Bomb Blast icon is for the idea that EU privacy laws are going to impact many companies in unsuspecting ways...

    4. Anonymous Coward
      Anonymous Coward

      @AC

      "There's no way! Everyone is being tokenized all the time, and that activity is then tracked / traded / shared and leaked!"

      Well, there is definitely a way: block Facebook entirely. For example using a plugin or blacklisting it in your browser.

      The only reason they can shadow track you is because your browser contacts Facebook to pick up any left over data (or to sent confirmations). But if you have their servers fully blocked then this won't happen which means there's no way left for them to track you other than actually going over the webserver logfiles.

      This is also the reason why I have google-analytics.google.com blacklisted in my browser.

      Which is my comment: I think it's a bit weird how everyone is now getting highly upset over Facebook and demanding action and what more, while totally ignoring the stuff Google does. That Google analytics tool for example isn't just something to make things easier on website owners you know. It makes your browser execute a piece of Javascript code which tells it to phone straight home to Google, that's how it manages to keep track of you. (note: which is why it's blacklisted in my browser).

      But do you really believe that only the website owner is going to be using that data? ;)

      Facebook is only the tip of the digital iceberg.

    5. Zippy's Sausage Factory
      Black Helicopters

      Re: The 'Shadow Profile' Economy

      So how are ex-users / non-users Facebook supposed to Opt-Out?

      There's no way!

      This is why I have about seven browsers installed. I have Firefox installed just for Facebook. Nothing else. For main browsing, Pale Moon and all facebook cookies are blocked. For Google Drive etc, Chrome.

      Paranoid, moi? Why, who's asking?

    6. Anonymous Coward
      Anonymous Coward

      Facebook Secretly Deletes Some of Zuckerberg’s Private Messages

      The Daily Beast is reporting that a bunch of Zuck's private messages have been deleted ahead of Congressional investigations in the name of "corporate security".

      https://www.thedailybeast.com/facebook-secretly-deletes-some-of-zuckerbergs-private-messages-1?ref=home

    7. BillG
      Devil

      Re: The 'Shadow Profile' Economy

      It's easy. Just don't use Facebook, block 3rd party cookies, and

      I AM MARK ZUCKER-BORG!,YOUR PERSONAL INFORMATION WILL BE ASSIMILATED! AND SOLD WITHOUT YOUR CONSENT! YOUR COMPLIANCE IS MANDATORY! LAWS ARE IRRELEVANT! PRIVACY IS IRRELEVANT! PRIVACY STATEMENTS ARE IRRELEVANT! RESISTANCE IS FUTILE! YOU WILL COMPLY!

    8. Anonymous Coward
      Anonymous Coward

      Blocking scripts / Dynamic IP - Won't fix this:

      Even if you never have an account and do everything possible to block data to Facebook, they will still create a shadow profile on YOU, from other people in your life who are not as careful.

      They also buy data about you from 3rd party data brokers, which is hard to stop according to investigative journalists who've tried. Then there's the latest revelation: backroom deals to buy patient data from hospitals etc.

      Blocking scripts / Dynamic IP - won't fix any of this!!! Your over-confidence is amazing. You should read how the FBI caught mega-bank fraud Russian Hackers. Just one day in a million they forgot to cover their tracks and that was enough to get them caught.... You really believe your partner, your kids, your friends, your parents, won't make a mistake that leads to your data being shared with Facebook sometime...???

      1. Anonymous Coward
        Anonymous Coward

        Re: Blocking scripts / Dynamic IP - Won't fix this:

        https://forums.theregister.co.uk/forum/containing/3477052

  2. Anonymous Coward
    Anonymous Coward

    'Facebook sent a doctor on a secret mission to ask hospitals to share patient data'

    When you think about it, we still know very little about how Facebook really operates, except that Zuckerborg is pretty much the 'Patron Saint' of this...

    "this data can be used in ways users never expected."

    1. Anonymous Coward
      Anonymous Coward

      As regards making a hash out-of-hashing the patient data... From the DT article just above:

      "There’s also a real risk that the anonymized data may be exposed and linked to your actual identity. It’s possible to de-anonymize these databases in a variety of ways. We’ve seen accidental leakages of personal information. What one needs to keep in mind, is that if you have this anonymized dossier, it only takes one rogue employee, one time, somewhere, to associate real identities with these databases for all of those putative benefits of privacy anonymity to be lost. 'Pseudonymous', you’re not really anonymous. There’s also evidence of a growing industry that’s aiming to tie together your online tracking with your offline purchasing habits: Onboarding companies"

      1. Anonymous Coward
        Anonymous Coward

        Re: As regards making a hash out-of-hashing the patient data... From the DT article just above:

        Yeah, the promise of nothing to see here because your patient data is anonymized, is like the greatest *Fake News* story everl!

  3. Anonymous Coward
    Anonymous Coward

    The following parts of the Graph API are being changed:

    Hmm, I didn't see Facebook Places in that list.

    So I guess that means that Facebook will still be scanning the users WIFI network as well as scanning for any Bluetooth enabled devices nearby.

  4. Anonymous Coward
    Anonymous Coward

    "... presumably have negotiated special access terms"

    I can imagine there are quite a few players and special interests that have done that.

  5. Zog_but_not_the_first
    Facepalm

    Why Facebook etc., will win...

    Actually, have already won.

    I was discussing the latest revelations with a group of friends. One friend was cynical about the whole business claiming that Facebook was "harmless and fun". I asked to see her phone so I could go through her messages and photos so that I could "identify products and services of interest".

    "No!" she said, moving the phone away from me. "That's private!"

    1. Anonymous Coward
      Unhappy

      Re: Why Facebook etc., will win...

      That's a depressingly accurate and concise statement of the problem.

      No matter how much effort we go to individually to fight this, it is clear that the vast majority will not fight, not even realizing that there is something to fight about.

      And the data collectors know this, of course - that's probably been in their planning from the off.

      It looks like the only thing that will stop this is a really big Coronal Mass Ejection.

      1. VinceH

        Re: Why Facebook etc., will win...

        "No matter how much effort we go to individually to fight this, it is clear that the vast majority will not fight, not even realizing that there is something to fight about."

        As I've said before, for most people it's only when they personally are directly and identifiably affected that they sit up and take notice - just as (for example) people only realise the need to back up valuable data when something goes wrong and they lose valuable data.

        And the worst part is that n months down the line they'll forget and fall into old habits - people are stupid.

    2. the-it-slayer

      Re: Why Facebook etc., will win...

      Hopefully this scandal plus many others to come I suspect (I'm surprised they haven't been hacked yet or some or breach hasn't come out to the press) will provide a catalyst for people to think about where they place their data.

      It's unfortunate Facebook decided to go down the road it did sustain some sort of profitability. Provide a free service while munching on the data you provide to them. Back in the early days, a service helping to connect friends/family via common service platform was revolutionary. Took a while for the over-40s to get onboard, but for close family contact spread over different countries with ease was a bigger seller with Messenger appearing alongside the FB product (it's abysmal, but it did the job).

      My facebook account has gone after many months of inactivity and really not caring for it anymore. Taken the snapshot of the archive and waved bye-bye. I care more about my Twitter profile (at least there's some pseudo-anonymity there and less virtue signalling via reposted articles from fake news sites).

  6. alain williams Silver badge

    NHS & Google

    So has this brouhaha finally woken the NHS to the fact that giving patient data to Google is not a clever idea ?

    Has Google deleted the data or just said that they have ?

    1. MrAnonCoward43
      Alert

      Re: NHS & Google

      More needs to be made of this, can't believe it only got the ripple of attention it did. This harvesting of data needs so much more regulation and oversight. The morals of some people amazes me, I love how Google and Facebook both lead with whiter than white, help the world, angles:

      "The information was used to develop and refine an alert, diagnosis and detection system that can spot when patients are at risk of developing acute kidney injury."

      and

      "The social network effectively asked top US hospitals to share anonymized patient data, such as illnesses and prescriptions, for a research project to help medics pinpoint people needing extra care or treatment."

      These paragons of virtual virtue.

  7. msknight

    It didn't cancel it...

    .... it put it on hold, according to the announcement I read, indicating that it likely intends to continue once all this has blown over. Facebook hasn't learned, will never learn, and never stop.

  8. JimC

    The extent to which Facebook have broken stuff

    is staggering. I run a sports club website, and my front page uses/used the graph api to grab (read only) the contents of *public* posts on the *public* group so that those who steer clear of the Z monster can see what's been posted there, and those who can only use it have some avenue of communication outside their ghetto.

    I spent yesterday struggling with their appalling documentation and notification to try and find out exactly what they've broken and what if anything I can do about it, and basically just wasted the day. I can screen scrape it of course, but it will be a lot of effort to clear out all the nonsense and structure what I get back properly.

    We made a king sized mistake back in the day when we sold our mojo to the advertising industry in the foolish belief that advertising meant everything was free, but I'm damned if I know how we can extract ourselves. The belief that nothing on the net needs paying for is just too deeply rooted...

  9. Anonymous Coward
    Anonymous Coward

    Unpredictable behaviour of this sort is what alienated developers from Twitter several years ago.

    Unpredictable behaviour of this sort is what alienated developers from AOL about 20 years ago.

    I hope Facebook ends up the same way.

  10. Anonymous Coward
    Anonymous Coward

    Too late

    Only 10 years too late to have a significant social impact, so they're at least ahead of most governments... (perhaps most _other_ governments? their size/scope seems to be somewhat analogous)

  11. Anonymous Coward
    Anonymous Coward

    Aw Shucks

    This may signal the realistic end of Zuck's presidential aspirations. We can only imagine how much fun it would have been to witness the American press utterly destroy him as battlespace preparation for Oprah Winfrey's political ambitions.

  12. Muscleguy

    Hmmmm

    That might be why my facebook login didn't work when I tried it on a non Fb site. I suppose I could login direct but I haven't been in my page* for ages. I only have it to enable interaction with a couple of campaign sites.

    *Not in my actual name of course, I'm not silly and I told my daughter to shoot me if I ever signed up. I'm legally entitled to the two names I'm signed up as, it's just nobody knows me as that name ;-)

  13. Anonymous Coward
    Anonymous Coward

    A nightmare beyond Orwell's imaginings

    It has developed so quickly from something hardly anyone knew about - as JANET, while I was at university - into something which has the capacity to spy on everyone.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like