[ratel]

Well, The big one would be nice: Facebook makes her money from harvesting and selling privacy sensitive data, or at least that is the perception shared by nation states, the EU and the wider audience. For any claim Facebook makes about respecting privacy to have at least face validity she need to show how she is going to make money without violating her users privacy. So how is Facebook going to make money if they need to respect users privacy?

Somewhat more constructive: Facebook seems to have an unhealthy appetite to collect _all_ user data including privacy sensitive information. But lets be fair: She is definitely not the only company on the quest for the Big Data insights, that seem to always be at least one data point away. Does Facebook have information on which data points they really need to make a commercial viable user profile? What data points are privacy sensitive? Is Facebook looking into alternatives for those privacy sensitive data points? If not: can Facebook enumerate those and ask their users for explicit consent to collect those points and ask for explicit consent in the future for any new data points?

Good luck this afternoon. I hope you get some insights.

[umanwizard]

It is not true that Facebook makes its money by selling private data, as you can verify by reading its publicly available earnings reports. It makes its money by selling ads, which it uses private data to target — a completely different thing.

[qserasera]

In zuckerbergs testimony to congress he references "the data brokers" or third parties involved all of the time.

[ratel]

I was really careful enough in my wording: Facebook sells privacy sensitive data as in very, very specific target groups for among other things ad targeting for their customers to use. I did not refer to the selling of private data.

[umanwizard]

I genuinely don’t understand the distinction you’re making.

Facebook does not make its money from “selling data” at all, whether “private data” or “privacy-sensitive data”.

[ghostpepper]

Not the OP, but I am guessing they are trying to say that the distinction between "you pay facebook and they give you a database full of private data" and "you pay facebook and they give you API access to a database of private data and allow you to query it in myriad ways leading to you creating your own database of highly accurate private data" is not as important a distinction as Facebook would have you believe. Or something along those lines.

[umanwizard]

But Facebook doesn’t let advertisers query their database of private data. I agree that if they did, it would not be very different from selling data, but they don’t.

[sasasassy]

But.. they do, though. You can (and people do) make a very targeted ad, then query what users matched with it, and so on until you've sufficient data for your purposes. Plus you can use their public APIs to then match their ad data with the users public information. Facebook knows this, and does not prevent it (by hiding user identifiers for instance) because it's part of their strategy.

[ratel]

Dear umanwizard,

Genuinely not understanding something is fine. Already claiming someone was intellectually dishonest because you misread or misunderstood not so much.

The ads business of Facebook is based on the very specific data Facebook can provide their advertisers for very specific target audiences based on private information they gathered through their platform. Like ads for people who die their hair, have an affliction for cheese burgers, are right wing and live in zip code 20500. That is privacy sensitive information (although I picked a public person for this example). They do not provide customers with Trump's private number. That would be private data. They do not just sell ads on their platform, they sell specific target audiences on their platform.

[umanwizard]

> The ads business or Facebook is based on the very specific data Facebook can provide their advertisers

Again, no it isn’t. Facebook at no point provides data to its advertisers.

Yes, advertisers can say “show this ad to people who are right-wing and live in DC” (although I doubt “dyed hair” is a category). However, the advertisers are never provided with any data about who is in that category. That data never leaves Facebook.

[TimTheTinker]

True - bur that doesn’t make their business any more ethical. Users haven’t knowingly given them all that data for that purpose.

[umanwizard]

That’s a reasonable position to hold but it’s certainly much more likely that reasonable people would disagree than it is that they’d disagree that selling data indiscriminately is wrong.

So criticizing Facebook for the latter (which it doesn’t actually do) is intellectually dishonest.

This is sort of similar to how content owners have muddied the waters of debate by calling copyright infringement stealing. One can certainly argue that both are unethical, but they’re still different things!

[Balgair]

Aside: Interesting use of the pronoun 'she' in this comment. FB's behaviour is totally due to Zuck, as he owns 53.3% of the voting shares of the company. FB is Zuck, for all intents and purposes.

[iaml]

I see this use of 'she' from time to time and also curious about motivation here. Also, I'd say even though Zuck is practically face of facebook (heh), company is still genderless and should be referred to as it. In my opinion, of course.

[kd5bjo]

My usual assumption is that the speaker’s first language uses the feminine pronoun for companies. Outside of English, I certainly have the reverse problem of using “it” for all inanimate objects even when they should be “he/she” according to the language’s rules.

[smsm42]

In languages with grammatical gender you certainly don't use "it" (neuter gender) for words that have different gender. Interestingly, in both Russian and Spanish "company" has feminine grammatical gender. Also in German (one of the words).

[Balgair]

To really get off-topic: The use of 'she' is likely in immitation of the female-gender pronouns that are used to refer to ships and other watercraft or like nation-states, as is common in English. Likening FB to a large ship or country is not unreasonable in terms of how big corporations can be, and I think it may be applicable to larger firms like GE, Ford, Shell, etc that do not have majority voting control by one person. However, as FB is totally controlled by Zuck (an edge case in public companies,for sure), I think that refering to FB like a large ship or micro-state is not apt.

FB is Zuck.

[umanwizard]

As a native English speaker, I have always been irritated by that usage (which I’ll be the first to admit is not really rational) and I’m pleased that it seems to be dying out.

[dlivingston]

Personally, I think it's beautiful and poetic and adds a sense of life to an inanimate or immaterial thing.

[umanwizard]

I think it irritates me for the same reason I get irritated by American English speakers calling soccer “football”, or by people using a dieresis when writing “coördinate”.

Basically, it’s rare enough that it doesn’t sound natural and therefore comes off to me as an affectation, and makes the person sound weirdly smug about being “technically correct”.

I really should get over it, but like I said, not really rational.

[Balgair]

Kinda like the names English gives to groups of animals? Pounce of kittens, parliment of owls, dash of cheetahs, etc

[asveikau]

Well, afaik English used to have 3 genders for nouns, and it died out everywhere but for third person pronouns.

There are some languages that don't have gender for pronouns, even.

Or some languages that have 2 genders for most things but 3 genders for pronouns (eg. Spanish distinguishes between este and esto because Latin distinguished between iste and istud, but most masculine/neuter contrasts of -us vs. -um did not survive their final consonants no longer being pronounced. Whether or not a language retains such a distinction can appear highly coincidental in the face of such seemingly unrelated phonetic changes.)

[harianus]

They need to change their business model to be able to become privacy friendly, I totally agree. Not even sure which huge company is privacy friendly. Maybe it's not even possible at that level. But that doesn't mean you shouldn't.

I will try to ask as much as possible, and really like your questions of what data points are useful and are they privacy sensitive.

Thanks!

[mehrdadn]

Can I ask you to ask a question that's not about their apps?

"I understand many if not all of your employees, and even your interns, are technically capable of accessing at least some data from any user, should they decide to do so against Facebook's will. I also understand the repercussion for this is that they would get fired and potentially sued. However, this is not accepted practice in every company that handle such sensitive data on users' personal lives. Moreover, it is easy to imagine adversaries and targets for which the risk of getting fired and/or sued is easily worth the benefit of obtaining a particular user's private data. How, then, do your security experts, who take security seriously and who surely understand the notion of 'defense in depth', justify that the proper safeguard is an employment/legal threat, and that there should not be a technical barrier preventing interns or other normal employees from accessing any user data?"

Bonus points if you can get them to talk such occurrences, which they almost certainly won't tell you, and why users should trust that they're handling this properly when they're unwilling to report sufficiently precise information on such incidents.

[rock_hard]

I might highlight that there is significant internal technical barriers to access user data!

And it would be very, very hard to circumvent the protection mechanisms without getting caught!

[mehrdadn]

> there is significant internal technical barriers to access user data

Is this a new thing or has it always been the case? Because I'm pretty sure I've heard otherwise before. (Unless by "technical barrier" you don't mean the same thing I do.)

Also what do you mean by "very hard without getting caught"? Is it like hacking their database from the outside/open internet? Or is it like "they can, but it'll trip fifty alarms" [but they'd still get the data].

[rock_hard]

1. It’s been in place for a long time now...at least since IPO

2. Yes, it’s like hacking the database from the outside in most cases in others it trips alarms and starts an investigation. It all data is created equal here...but generally speaking PII data is highly guarded