Slashdot Mirror
European Users Overwhelm Facebook With Data Requests
An anonymous reader writes "If you've ever wondered how much personal data Facebook holds about you then prepare to be surprised. Using European data privacy laws, it's possible to request the data Facebook has stored about you. The document can total 800 pages covering everything from the expected name, address, and date of birth, right through to every event you've attended, every message you've deleted, and your political and religious views."
The best part is that Facebook has to send a physical disc containing the data. This has been exploited by a number of users, completely overwhelming Facebook's ability to make the discs.
From the Reddit post they discussed: http://www.damnlol.com/watermarked/ea83e08059fd271293365560edd6d795.jpg
It's always confirmation bias!
Hundreds of pages of tracking and logging every single user in that kind of detail?
And that's why I use Facebook as little as possible.
I thought there was a built-in option to download everything you ever said/did/uploaded in a zip? I remember seeing it, but never actually used it.
which is totally what she said
What if my purpose in requesting the data about me isn't to help DDoS Facebook with a deluge of requests, but because I actually want to know what data Facebook's compiled on me. That is, after all, why the law exists in the first place, and it's not at all strange that someone might want to know that information.
If Facebook finds it expensive and inconvenient to mail out physical CDs, they could agree to allow at least optional delivery by other means, such as over the internet.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I just don't get this new attitude of spending the entire day complaining about Facebook. Personally, I don't use the site and last time I checked no was forcing these people to use the site either. From how that article is written they seem to be acting like a bunch of children who are just complaining just because they can.
I know, it is hard to fathom that anyone would not have an account, but I have intentionally avoided it myself. However since I do appear to be the only person left in the world who doesn't have one, there is bound to be something that someone who knows me has posted that relates to me.
Is it possible to request it? After all, if a user requests all the info that facebook as on them, and all they give them is the information that they posted, that is - to be kind - a very incomplete version of the data set.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
In the USA version, there is a link on the Account Settings page to "Download a copy of your Facebook data" that ostensibly creates an Archive of your data and sends you an email when it is ready. It's been a week .....
OMG! My lost Farmville crop records!! Now I can honestly show my farming prowess and put it on my resume!
Step One: Use free service that you are in no way obligated to use.
Step Two: Complain about how the service records your usage of said free site
Step Three: Request a compilation of all data that you agreed to put on said free site
Step Four: ????
Step Five: UnProfit (for Facebook)
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
I was unaware of this possibility.
So it's basically possible to request this from all entities which do business in Europe.
I wonder what Blizzard has stored about me.
Just remember everything, I mean EVERYTHING Facebook knows about you, those 800 pages of details, was input by either you or one of your "friends" - if you didn't want Facebook to have the info, you shouldn't have given it to them in the first place.
Ken
Maybe it is time to have something like this in the U.S.A. as well - a physical disk, or a printout is a good idea, since it involves some effort from the company stalking your online life. Data is money, people, and most of us are way liberal and generous with our own data. I would be curious about what information Google has on me. Facebook.... nah, I've figured them years ago and closed my account before it was late.
Funny how the Personal data request form actually collects even MORE personal information about requesters, such as (real) birth date, personal phone numbers and of course full mailing address, all information many people do not enter in their profile..
every message you've deleted,
Are you sure this is legal in the EU?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
It takes a woefully naive person to use a service like Facebook for free and not expect that Facebook is collecting your data and somehow profiting from it.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I don't think doing this is a good thing. A likely result is that companies will lobby for dilution of the law, probably something like having a legitimate need for the data. When companies really have something to hide they will use this, meaning that someone will have to use the old expensive procedure of going to court to show that they did have a legitimate need. The cost will put most people off and it will certainly delay all cases.
This is what finally convinced me to bite the bullet and get a FB account. There were pictures of me at events where I was tagged as being in them floating around Facebook. People were contacting me saying, "Hey, I saw you were at so-and-sos party." So chances are if you have any social life at all, you will be on FB whether you have an account or not.
I really enjoyed reading the blurb for this thread. Go Euros!
I really really hope they don't honor my request in time - because they are bound by law to DO SO. If they don't, they commit a "Verwaltungsuebertretung" (special german legal term for a crime) and will have to pay a fine.
And they can be sure I'll see to that.
I wonder - is it possible that some of the information collected by Facebook is collected at the request of one or more governments?
I'd wager that even if none of it is currently collected at the request of governments, that someday - probably in the not too far future - it will be...
Of course, that leads me to wonder if the fees that Facebook collects when it complies with information requests from governments are profitable to Facebook? *That* would be an interesting line item to add to their annual report!
There is another means: https://www.facebook.com/settings Click "Download a copy of your Facebook data." and follow the instructions.
Except that that only gives you the information that's currently accessible to you and other facebook users. It does not include the photos and posts you've "deleted" (but which facebook still stores). It certainly does not include the history of sites you've visited while logged into facebook, or any other tracking history which facebook has gathered and associated with your name. Think about it: facebook has at least an order of magnitude more information on you personally than you appear to think. All of it is used for customizing sales of your identity and your interests and so forth to facebook's customers (you're the merchandise, not a customer).
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
I don't have an account on FB and never will.
But I'm tempted to fill out that form.
Windows 2000 - from the guys who brought us edlin
I'm surprised nobody asked this question yet -- but is there an equivalent page for Gmail? (and other google services, for that matter)
After making a request under the DPA I received the following :
Hi,
We have received your subject access request (the "Request").
Due to the volume of personal data access requests that we have recently received, we are experiencing significant delay in processing such requests. We therefore are unlikely to respond within 40 days of your initial request. We appreciate your patience and will respond as soon as possible.
We are presently refining our request response processes and approach to align the present high volume of access requests with the resources available to process these requests. We appreciate your patience and will respond as soon as possible.
Please be aware as well that we are not required to comply with any future similar requests, unless, in our opinion, a reasonable period of time has elapsed.
Again, we appreciate your patience and we will respond as soon as possible.
Thanks for contacting Facebook,
Facebook User Operations - Data Access Request Team
God: An invisible friend for grown-ups.
What a great idea. About the only bit of personal information that most Facebook users haven't already given to Facebook is their postal address. Yet this process does just that.
Wouldn't surprise me if this "Annoy Facebook" thing was actually started by Facebook to harvest postal addresses. :-)
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
The CIA were reputedly linked closely with investors who supplied the second round of venture capital funding to Facebook. Google 'Facebook CIA' for research into this. Facebook does not necessarily need to sell information to governments if it is effectively a proxy government agency.
Korma: Good
I tried the US version of "request your data" and it did NOt include every wall post. I know this for a fact because I then started deleting all of my wall posts and notifications, and every few days I'd clean my wall, new posts from farther back in time would appear. This went on for months, and none of these wall posts were in the file I downloaded. So I would be surprised if everything was on thar disc.
oops,so much amazing http://www.infashion2011.com
There might be a more nefarious reason for the physical mailings. You see, they might only have your expected name and address. Physical mailings will allow FaceBook to add your EXACT name and address to their database. If they didn't have it before, they surely have it now!
The majority of it are just messages and logs, I think they have kept the juicy stuff for themselves.
We are going to see political campaigns that are precisely targeted down to individual voters.
The next time you respond to a political pollster, you need to wonder whether or not the information it is seeking is individually targeted at you in an attempt to refine their database pertaining to you. Commercial and social data is just one more source of political information. The more detail the number-crunchers get, the more they will be able to predict your vote.
The candidates will then model their behavior on the data model that gets them sufficient votes to win.
There is no requirement that the data be sent on a CD.
Article 12
Right of access
Member States shall guarantee every data subject the right to obtain from the controller:
(a) without constraint at reasonable intervals and without excessive delay or expense:
- confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed,
- communication to him in an intelligible form of the data undergoing processing and of any available information as to their source,
- knowledge of the logic involved in any automatic processing of data concerning him at least in the case of the automated decisions referred to in Article 15 (1);
(b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data;
(c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort.
So, if I want to use this form to request the information they have about me, I have to give them a postal address, a phone number, and a copy of a state issued ID. I'm not sure I'm willing to give them even more information, just to know that they store about me...
and I bet it's damn easy to trick them into sending you another user's data on such a disk. Scary.
Is there any specific law that would allow US members, or US citizens, not members of Facebook to request and receive their collections of data? I am not a member but have many friends who are, and I suspect Facebook may have some data on me. I would like to know what they know and how much!
If anyone in other areas of the world know about laws that would also allow citizens of other countries to request their data, please post them here and other sites!!!
IMHO Facebook is totally out of control, and may need to be shut down everywhere!!! PLEASE send Facebook a clear and STRONG message!!!
Thanks to all!
Rick Stanley
I'm not sure what all the indignation is about. The data shown is about 80% of the bare minimum needed for core Facebook functionality (I imagine there's lots more involved in the fancier features).
Are people really surprised that FB is storing the info that shows up in their profiles? Or that FB stores their list of friends and the stuff they post?
How do they imagine Facebook works? Magic?
(also, measuring structured, relational data in PDF "pages" is about as useful as measuring it in Volkswagens)
sic transit gloria mundi
Step 1: Pass a similar data protection law in the US. Require the requestee to provide the data in a physical format if the requester asks for it.
Step 2: Get lots of users to request their data from Facebook - make sure they insist they want the data on CD.
Step 3: ?????
Save the USPS and annoy Facebook? Sounds like a win-win to me!
I love how the summary says they store your religious and political views like they aren't boxes literally labeled religious and political view that your purposely decided to fill out and display publicly on your profile info page. My God, they're probably even storing your facebook NAME and profile PICTURE somewhere on their SCARE SERVERS!!!!
I don't have a facebook profile either. I saw the privacy $&!# ready to hit the fan long ago
Yet I know for a fact that they have quite a profile on me thanks to dumbass acquaintances who I don't like and who won't comply with a simple request to untag me have tagged me in photos.
You can view the SHA1 hash of a password here: http://europe-v-facebook.org/EN/Data_Pool/data_pool.html#Password
Does that hash change only change when your password changes, or is it time-dependent? It says "Last change..." but I can't tell whether that means time since the password last changed or time since both the password and the hash changed.
Either way, it means that anyone with your username and up-to-date hash can impostor you by sending the hash in a scripted logon-exchange! If they have your hash (and they can exploit it before it times out in case it's time-dependent), they don't even need to know your password! FAIL!
It's only a matter of time until some terrorist tracks down somebody's children and kidnaps or harms them, all because Facebook or some other company kept data that they really do not need, and also failed to keep it truely encrypted. It's a matter of when, not if.
I don't have kids, but if I did and something ever happened due to facebook activities, I would be showing up at Zuckerberg's house in the middle of the night.
Facebook is an American company. How dare they demand anything by a private company? Private companies must be protected from this kind of marxist communist fascist nazist socialism.
I'm consistently amazed at how much information sites--even those I don't use--collect about me. I don't use any social networking at all. Facebook, Google+, whatever. Never have. That said, the other day I had to create a Google+ account in order to receive some pictures that a friend wanted to send through his phone's API. So, I create the account, get the pictures, and immediately go around disabling anything that anyone could use to find me (since I didn't intend to use the account ever again).
There was a page where it suggested people to add to your circles. I've received dozens of invites from friends and just ignored them, so you'd think they would have been on the list. Instead, there was just one name: a girl I had a one-night stand with two years ago. I'd never sent her an e-mail. Called her maybe twice. Somehow, Google+ decided that I knew her and should add her to my friends list.
The only way I could think of that Google would know I had any contact with her would be that I searched for her name a while back to show a friend a picture (hey, she had a nice body), and it remembered.
Concerning, I say.
In order to get your personal Facebook data, they have a small requirement: "Please upload a government-issued ID with signature to this report and ensure that your full name, date of birth, and photo are clear." Nice!
So is this specific to Facebook, or can I ask Google for the same information if I live in the EU? For a long time, I've been hoping to get hold of the information that Google knows about me...
Riot is on, and CDs are flying off the shelves of Facebook, which is clearly a combined book and music store. The cadets of the Police Academy are on their way to restore public order.
I'm not entirely sure this is even useful unless you can also request information to be permanently deleted.
"Those people know what they're doing, they know they're storing even "deleted" data and they know they're building very detailed profiles on every user. They also, unlike most of actual Facebook users, probably have the intelligence and foresight to imagine how it all may be used for horrible things"
OMG.
Zuckerberg's ambition isn't limited to being CEO of Facebook, bitch.
Zuckerberg will run for Governor and then President. Information is power. Personal information is personal power.
And at £10 per request, this could turn into a profit center for Facebook.
Anyone know if it's possible to do this for Slashdot? Every single post read, every login, every IP address, perhaps supposedly anonymous posts, every moderation, etc. And with Slashdot, there isn't the ability to even delete anything. The only saving grace is that most people don't attach their real names to their accounts.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
It's in the Irish Times.
FTA:
The Irish Data Protection Commissioner is to undertake an audit of Facebook’s activities outside the US and Canada next month following complaints over the retention of users’ information by the social networking giant.
So, you just gave them your home address on top...
So, what does slashdot know about me and my friends?
Remember when trolls were funny, and not just "hey we're a crowd, let's destroy something"?
The end result of this will be thousands of CDs that will serve no purpose, and will end up in the landfill along with every other remnant of human selfishness on earth.
Might as well just shoot a spotted owl straightaway.
Futurist Traditionalism
How does the data Facebook is supplying in accordance to the EU laws compare with the data that can be downloaded by logging in to Facebook and clicking Account Settings > "Download a copy of your Facebook data."?
At last ! A reason to join faeces book just so I can annoy the bustards :)
Maybe after they cover the expense of building new software to pull all this data from their databases and export it into a single folder. They certainly won't make any money paying someone to run all those queries by hand.