FB Friend Suggestion: Privacy Violation or Digital Age Necessity?

[EngWiPy]

I had a Facebook account before with an email address and a phone number, but deleted it. After months, I created a new one with a new email address, and without using any phone number. I was surprised to see FB suggesting friends I knew in real life in the past, but have never been contacted using my new email address (not even using my old one). Also, many friends were suggested from my email without my consent to access my contacts (as far as I am aware). And it also suggested people who work in companies from which I received job-related emails! I felt very upset and violated. I didn't sign up for this creepy stuff. It's OK to suggest friends of friends, but these suggestions were creepy. I feel Facebook has no respect to users' privacy at all. I have never had any issues with Twitter. I am sure they too use our data, but at least they don't use it in an obvious and outrageous way. Some people will comment there is no privacy in the digital age. I don't agree. There should be, and something must be done to control these big companies on how they use our data.

 

[FactChecker]

I don't know if FB is the source of the data about you. I was on Amazon and selected the gift option for something. I had never sent a gift to the particular person I had in mind before. Without further input, Amazon suggested that friend (among others) and knew the 9-digit zip code that I did not even know. That friend was even at the top of the list. I think that email and/or smart-phone records are being shared to Amazon.

 

[anorlunda]

@EngWiPy, I share your unease with the creepy nature of their tracking. As @FactChecker said, there are other ways for them to figure out who you are. IMO the most likely ways in this case are:

1. IP address. Each computer has a unique address such as https://www.physicsforums.com/misc/ip-info?ip=184.161.250.2191. Therefore, if you created the new account using the same computer you last used with the old account, FB figures "Aha! That's the same guy."
2. Cookies. FB and almost everyone else, leaves tiny files on your PC called cookies. Reading the cookies on your machine tells web sites where you were before and what you were doing. There might even be a cookie saying "the last time this computer was on FB it was logged in as user xyz."

You can delete all the cookies, and instruct your browser to not accept cookies, but then many features on many sites will stop working. You can also use proxies to hide your IP address. But it takes a lot of time, effort and knowledge to hide your identity, and it forces you to behave just like bad guys and terrorists who try to hide their identities.

Protecting privacy in this modern world has gone from simple, to difficult, to nearly impossible. I lament that, but I can't change it.

 

[EngWiPy]

But why it has to be that difficult and tricky to protect my privacy, and do the things bad guys do to protect myself. I don't have anything to hide, but I value my privacy. The way these applications access our computers and phones is unacceptable, especially FB. On Twitter, I haven't seen one suggestion that is from my email because I didn't give it the permission to access my email. FB seems to creep in without asking for permission and by using twisted ways that doesn't respect the user by going around him/her. The algorithm they are using is malicious. It's like a spyware. Unbelievable. I deleted my account again, and will never open an account again unless they change their policies and algorithms. FB is under attack for how they deal with users data. I hope this will make them do some serious changes, and consider a better business model that doesn't prey on users' lives and privacy to make big money.

 

[anorlunda]

But why it has to be that difficult and tricky to protect my privacy, and do the things bad guys do to protect myself.

I share your frustration. To understand, you need to look at the business model of Internet giants like FB. They don't charge you a fee for using their site. They make their money from advertizers, and the advertizers pay more to be able to target their ads using your private information. That makes it fair to say that FB's entire business model is based on invading your privacy. That doesn't make it right, but it does make it more understandable.

 

[EngWiPy]

I understand that they need to make money, but I don't understand why it has to be so violating. I use Twitter for free, too, but I don't feel the privacy concerns I do with FB. FB is more greedy and aggressive. Their priority is only money. The problem with these "free" platforms is that they don't give the user any choice. It's either use our platform and we do whatever we want with your data, or don't use it at all. Users should be given control over their data, and those who choose to share their information must be compensated. This way everyone wins. This requires a political intervention. Without a political restriction, these giants will do whatever they want.

 

[FactChecker]

It sounds like you want a law like the EU's GDPR (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) . Don't hold your breath. Things are controlled differently elsewhere.

 

[anorlunda]

It is a contest between different styles of government.

Years ago, I lived in Sweden. In those times there was a data agency. Private companies needed a license from that agency to store personal data. That even included names and contact info for their customers. To get the license, you have to convince the agency that you have a good reason. Their approach to government was "Everything is forbidden except that which is prohibited."

In the USA, it is the opposite. New companies innovate and they don't need to ask anyone's permission before starting. The approach is "Everything is permitted except that which is forbidden." You could also say, "Better to ask for forgiveness than for permission." Imagine Google's founders trying to explain to the government what the purpose of their company was before starting.

We like to say that the US system fosters innovation. That seems to be true. Not one single Internet giant has emerged in Europe. (Although they are emerging from China.) And those Internet companies are critically important to the US economy, so politicians fear killing the goose that lays the golden eggs.

The European system is said to protect consumers better. But it also protects established businesses from competition from newcomers.

 

[FactChecker]

There should be a line between fostering innovation and fostering abuse. That is where the battle is. There is no idea so good that excess can not turn it into a bad idea.

 

[Rive]

We like to say that the US system fosters innovation. That seems to be true. Not one single Internet giant has emerged in Europe.

It is said so, but on the other hand once such a company grows into a giant it becomes really hard to beat some sense in it.

those Internet companies are critically important to the US economy, so politicians

...they rather takes on all the opposition from everybody around and making it national. I think on the long run this won't be the goose but a skunk in the backyard.

 

[Anthony Beckwith]

I just recently deleted my facebook account. I found it a pointless distraction. Deciding to delete my facebook is how I ended up here instead. :)

 

[russ_watters]

I had a Facebook account before with an email address and a phone number, but deleted it. After months, I created a new one...

From what platform (cell phone app, computer web browser) did you create the account?

 

[EngWiPy]

From what platform (cell phone app, computer web browser) did you create the account?

Regardless, there is no excuse to use any information I don't authorize to be used, be it my phone contacts, my IP address, and emails contents, ... etc. I wasn't primarily wondering on how they do it, but rather I was furious on why they do it, especially in such an obvious and outrageous way.

 

[russ_watters]

Regardless, there is no excuse to use any information I don't authorize to be used, be it my phone contacts, my IP address, and emails contents, ... etc. I wasn't primarily wondering on how they do it, but rather I was furious on why they do it, especially in such an obvious and outrageous way.

My point in asking the question is that I'm pretty sure they explicitly asked your permission and you explicitly granted it. I was going to try to help figure out how you missed it. Instead, people are idly speculating about how they might have gone behind your back.

People like to get mad at facebook (google, Amazon, etc.) and we see angry threads about it a lot, but the sad reality is people should almost always be mad at themselves, not the company.

 

[EngWiPy]

These companies are manipulative. You cannot possibly expect users to read pages and pages in Terms and Conditions in vague terms before you register. It's ridiculous. They know no one reads these terms. Do you read the Terms and Conditions for every website you register in? I just skimmed in their terms and conditions, and it's absolutely outrageous. If most users knew this stuff, no one would use their application. Many users deleted their accounts when FB came under fire in the media. They became more aware of how FB violates their privacy.

No other social media platform does what FB does. Facebook is under fire for leaking data to third-party companies because they don't listen and don't care, but they should be under fire on why they collect these private information in the first place (why to collect information about my IP address, my ISP provider, my phone contacts and messages, my location, ... etc). There is no respect to the users. Even if they mention it, they don't give users any control other than not using the platform. Some users might agree to share these information with full awareness, others may not. Users should be given control and the option. These companies have so much freedom and power because there is no legal restriction. I hope soon there will be a legislation that prevents these giants from collecting and processing data without restriction, or at least least use it in a way that respects users privacy.

I feel more comfortable on Twitter, and from my personal experience, I don't have issues with Google or Amazon, although they also collect data. But not as FB does, or at least shows.

 

[russ_watters]

These companies are manipulative. You cannot possibly expect users to read pages and pages in Terms and Conditions in vague terms before you register.

So, again, my point in asking the platform was that what you are describing is almost certainly not how permission was asked for and granted. On a cell phone, for example, apps explicitly list what sensors and data services they want access to and you explicitly grant it individually per app and per service. A blanket permission is not buried somewhere in the terms and conditions. This allows you to, for example, grant access to your camera but deny access to your contact list when you install the software.

I just opened my facebook settings on my phone and it has been denied access to everything except storage and location. For kicks I uninstalled it and then re-installed it and the only thing it asked for when I started it the first time was location access. Browsing to "friends", I see a menu option for "Contacts". When I click on it, it has a single page description of what it wants to do and asks to "get started" (declined). Also, I guess I never use the camera with it, because it didn't have permission before and I verified that by clicking on the "Camera" icon it brings up a page explicitly asking for permission to access the camera.

Look, I'm not trying to be critical here, I'm trying to get you to take ownership so that this doesn't happen to you again!

 

[EngWiPy]

What ownership? Did you read my original post? I didn't use the app on my phone at all, and I didn't give explicit permission to anything. They apparently have used twisted ways and information (like maybe my IP address, which they mention in their terms and conditions that they use somewhere in the tons of pages, but no one reads that, and they know it, but they don't mention how and why they use it) to connect my new FB account with the old phone number I used in the first account (which I permanently deleted, and when I deleted it, I was informed that everything will be deleted, and I cannot retrieve any information after 30 days, but obviously they kept my old record), although I used different email addresses for the two accounts, and I didn't use my phone number in the new account, and I am actually using a new number now. It's a malicious spyware to say the least.

 

[CWatters]

I regularly ask my teenagers what social media they use to help guide my investments. They tell me none of their friends or schoolmates use Facebook. It's all Snapchat and some Instagram.

 

[CWatters]

What ownership? Did you read my original post? I didn't use the app on my phone at all, and I didn't give explicit permission to anything. They apparently have used twisted ways and information (like maybe my IP address, which they mention in their terms and condition that they do somewhere in the 10s of pages, but no one reads that) to connect my new FB account with the old phone number I used in the first account (which I permanently deleted, and when I deleted it, I was informed that everything will be deleted, and I cannot retrieve any information after 30s days, but obviously they kept my old record), although I used different email addresses, and I didn't use my phone number in the new account, and I am actually using a new number. It's a malicious spyware to say the least.

A year or two back I read an article that said it was possible to identify users by profiling their computer. The combination of accessible settings such as screen resolution is apparently enough to generate a unique identifier. As I recall this was even possible for users of the TOR browser.

 

[EngWiPy]

A year or two back I read an article that said it was possible to identify users by profiling their computer. The combination of accessible settings such as screen resolution is apparently enough to generate a unique identifier.

This is INSANE! In the age of data we need more privacy than ever.

 

[EngWiPy]

I regularly ask my teenagers what social media they use to help guide my investments. They tell me none of their friends or schoolmates use Facebook. It's all Snapchat and some Instagram.

I don't use these platforms, but I think Instagram is owned by Facebook. I am not sure how their algorithms work there, as it's only for sharing pictures.

 

[harborsparrow]

Facebook will have easily obtained your email by having sucked up the Contacts list from some of your friends. There is nothing you can do about that. There is no longer much privacy on the internet if you are using social media, or even if you are browsing the web. Even if you use private browsing, they can tell who you are by profiling the plugins you have installed in the browser. It's a bad internet world these days.

The best you can do--and SHOULD do IMO--is turn off third-party apps on your own Facebook account, refuse to let it snarf your own Contacts list, and never, ever use your Facebook login on any other website to log on. Which means, you can't play those stupid games on Facebook (whose whole purpose, anyway, is to snarf information about you). If you ever logon to another website using your Facebook account, you are giving that company (and in reverse, Facebook itself) a great deal of the information that is available about you on your Facebook account. And ultimately, that is how people get hacked. Keep the apps turned off in Facebook settings (this ought to be the default, but it is not) and you should be okay, basically. Also, go thru all Facebook settings and tighten privacy in whatever ways you prefer. The default settings are just way to wide open.

 

[sysprog]

If you ever logon to another website using your Facebook account, you are giving that company (and in reverse, Facebook itself) the knowledge of what your Facebook password is.

Do you have a source for that? I'm sure that neither fb nor google intentionally does that. They don't even keep their own copy of your password in clear text.

Here's a link to a fb developer resource on how to allow your system to use fb login (nothing in it remotely suggests that you can use it to capture the user's fb password): https://developers.facebook.com/docs/facebook-login

If you log in/on to, e.g. quora, using fb or google, quora doesn't get your fb or google password. A new page with a fb or google https dialog collects and validates the password, and when the authentication is successfully completed, quora gets a message to that effect from fb or google, and creates the quora session.

It's the same when you use PayPal to pay for a purchase on ebay -- a pp box comes up, gets your password, and sends you back to ebay to give the final authorization for the payment -- ebay can't see what you type into the PayPal box.

 

[phinds]

This is INSANE! In the age of data we need more privacy than ever.

You should write a letter.

 

[harborsparrow]

@sysprog, You are correct that I miswrote about "giving one's Facebook password to a third party website". I have thus reworded the post above.

But that's a technicality--the result is often the same as if one had allowed the third party site just to logon to your account. The password itself is not shared; instead, the OAuth protocol makes sure you are logged into Facebook, then shows the user a little notice (first time used only) about what data will be shared--WHICH NO ONE ACTUALLY READS, or perhaps if they read it, they don't understand it--and then OAuth sends the third-party website a token that the website uses to gain restricted/limited access to some of your account information, usually consisting of your name, email address, gender and so on. The "and so on" is actually, usually, a lot more information. See this article for example: https://www.bbc.com/news/technology-46618582

The problem is, that in order to use third-party website logons via Facebook, you must have enabled, on your Facebook account, the "Apps and Websites" feature, and the DEFAULT behaviors associated with this feature share a whole lot of data about each user. One can further restrict what is shared, to a point, but Facebook is constantly changing the way its Settings feature let's you interact to protect your own data. So, IMO, the only way to safely use Facebook at all is to keep the "Apps and Websites" feature turned off altogether. It is on by default. It is this feature that allowed Cambridge Analytica to mine so much helpful data during the last election cycle, without people realizing it.

 

[sysprog]

@sysprog, You are correct that I miswrote about "giving one's Facebook password to a third party website". But that's a technicality--the result is often the same as if one had shared much of one's Facebook data such as Contact lists with the third party. The password itself is not shared; instead, the OAuth protocol makes sure you are logged into Facebook, then shows the user a little notice (first time used only) about what data will be shared--WHICH NO ONE ACTUALLY READS, or perhaps if they read it, they don't understand it--and then OAuth sends the third-party website a token that the website uses to gain restricted/limited access to some of your account information, usually consisting of your name, email address, gender and so on. The "and so on" is actually, usually, a lot more information. See this article for example: https://www.bbc.com/news/technology-46618582

The problem is, that in order to use third-party website logons via Facebook, you must have enabled, on your Facebook account, the "Apps and Websites" feature, and the DEFAULT behaviors associated with this feature share a whole lot of data about each user. One can further restrict what is shared, to a point, but Facebook is constantly changing the way its Settings feature let's you interact to protect your own data. So, IMO, the only way to safely use Facebook at all is to keep the "Apps and Websites" feature turned off altogether. It is on by default. It is this feature that allowed Cambridge Analytica to mine so much helpful data during the last election cycle, without people realizing it.

Fair enough, harborsparrow.

For my own part, I stay away from the social media sites (no fb, twit, etc.) and although I use gmail, and sometimes make youtube comments, I don't use google to sign on anywhere else.

You may possibly find it gratifying that the fb interface doesn't always work well --
https://developers.facebook.com/support/bugs/

 

[EngWiPy]

For the record, I didn't log into any third party website via Facebook. As I mentioned before, I permanently deleted my previous Facebook account (Facebook added this feature recently. Before you couldn't do that. You could only deactivate your account), and didn't use any phone number in the new one (besides using a new email address). So, logically, there is no obvious way to link the two accounts (one of which is supposed to be DELETED. GONE!). But this is FB. They don't remove anything. They sell everything. I think they used my MAC/IP address, as this is the only thing common between the two accounts. Anyway, deleting Facebook was one the best decisions I have made

 

[sysprog]

For the record, I didn't log into any third party website via Facebook. As I mentioned before, I permanently deleted my previous Facebook account (Facebook added this feature recently. Before you couldn't do that. You could only deactivate your account), and didn't use any phone number in the new one (besides using a new email address). So, logically, there is no obvious way to link the two accounts (one of which is supposed to be DELETED. GONE!). But this is FB. They don't remove anything. They sell everything. I think they used my MAC/IP address, as this is the only thing common between the two accounts. Anyway, deleting Facebook was one the best decisions I have made

If you used the same browser as before, on the same machine, the most likely culprit is leftover cookies from your prior account.

 

[harborsparrow]

I use Facebook to keep in touch with farflung relatives, friends and former colleagues, but using it has become a nuisance that I put up with. In my Facebook account I regularly go into the Settings and tighten the screws. I am certain they mine data from it, but I don't post anything that I require to be private anyway. I keep the Apps turned off, do not run the Facebook app on my mobile phone (use Firefox from phone), run a good ad blocker in my browser, and even a couple of browser add-ons to discourage Facebook tracking me. I sync my browsers so they all get those addons. I constantly Unfollow or permanently Hide nuisance posters. It is only barely worth it, as I still have to dig thru a lot of drivel to see posts from my actual connections. I go there far less often too. Still, it has allowed me to reconnect with high school friends from far away and long ago. Use if you need that, but with cautions.

 

[adamluke450]

when you create an account on this platform you are automatically agree all their privacy policy and terms of service (which 99% users didn't even bother to read) and this companies will have legal access to all your cookies and data. FB even keep your phone contact list if you are using their app. So be careful

 

[harborsparrow]

Facebook is reported to be on the verge of getting a penalty from the FTC (Fed. Trade Commission) over privacy violations: https://www.cnet.com/news/facebook-ftc-reportedly-negotiating-massive-fine-to-settle-privacy-issues/

 

[sysprog]

Facebook is reported to be on the verge of getting a penalty from the FTC (Fed. Trade Commission) over privacy violations: https://www.cnet.com/news/facebook-ftc-reportedly-negotiating-massive-fine-to-settle-privacy-issues/

Yesterday, Berkely ICSI faculty member Serge Egelman posted another of his writings, this one about Android apps that, along with storing your current non-persistent (changeable in regular settings) "ad ID", also store persistent identifiers such as "IMEI, WiFi MAC address, SIM card serial number, etc." and the "Android ID", for purposes of selling the identifying information (mainly to advertisers).

Following the link at the bottom of that page leads to this:
https://blog.appcensus.mobi/2018/09/10/tiny-lab-responds/
and from there, the bottom link leads to this:
https://blog.appcensus.mobi/2018/05/14/apps-sending-location-secretly/

The MFs are not only collecting kids' personal data, they're following kids around with GPS and trying (ineptly) to be surreptitious about it -- that is truly beyond creepolian.

 

[DaveC426913]

These companies are manipulative. You cannot possibly expect users to read pages and pages in Terms and Conditions in vague terms before you register. It's ridiculous.

Keep in mind that services such as Facebook are free, and no one is putting a gun to anyone's head.

Though you may not want to admit it, you are making a decision about the benefits of Facebook versus the cost to your privacy. You have implicitly decided that the benefit is worth the cost.

 

[EngWiPy]

Keep in mind that services such as Facebook are free, and no one is putting a gun to anyone's head.

Though you may not want to admit it, you are making a decision about the benefits of Facebook versus the cost to your privacy. You have implicitly decided that the benefit is worth the cost.

The problem with this reasoning is that the user doesn't have a choice. He/she either fully gives up their privacy, or don't use the application, and make yourself isolated. Twitter is a free application, too, but Facebook is very aggressive in what and how they do business. They are under investigation and a potential fine for a reason.

 

[DaveC426913]

The problem with this reasoning is that the user doesn't have a choice.

Of course they do.

What they can't do is have their cake and eat it too. TANSTAAFL.

He/she either fully gives up their privacy, or don't use the application, and make yourself isolated.

No. Just what fraction of people do you think are not on Facebook at all?
Just in my circle of friends - and Iive in a major megatropolis - it's about 50%.

Twitter is a free application, too, but Facebook is very aggressive in what and how they do business.

They can't do any business with people who don't agree to have business be done with them by signing up. In fact, you have to actively go and find them to sign up. Again, no gun to your head.

Don't get me wrong - I sympathize with you. I'd like to see their privacy incursions curtailed too. But let's not pretend we don;t go into it willingly and with our eyes wide open.