Hacker News new | ask | show | jobs
by throwaway173738 1131 days ago
If facebook had the clear or hashed data anywhere else you’re still leaking it just with extra steps. Hashes don’t by themselves anonymize. If you have access to the original data it’s trivial to recompute the hash and build your association that way. You could assume the data is salted but that’s not always a safe assumption.
1 comments
austinpena 1131 days ago
I am not here to defend Meta, only clarify how data is transmitted.

Data is not salted as far as I can tell, it's normalized and hashed via SHA256. They publish SDKs for serverside integrations so you can see how the code is set up.

https://developers.facebook.com/docs/marketing-api/conversio...

link
gcr 1131 days ago
Facebook knows the nine billion most common human names.

On my Mac, sha256() takes 288ns, so running nine billion of them to find the collision would take about 43 CPU-minutes.

link
mkmk 1131 days ago
The whole point of sending the hash to FB is so that they can look it up against the hashes of people to whom they have served an ad.
link