Slashdot Mirror
How Facebook Outs Sex Workers (gizmodo.com)
An anonymous reader shares a Gizmodo report: Leila has two identities, but Facebook is only supposed to know about one of them. Leila is a sex worker. She goes to great lengths to keep separate identities for ordinary life and for sex work, to avoid stigma, arrest, professional blowback, or clients who might be stalkers (or worse). Her "real identity" -- the public one, who lives in California, uses an academic email address, and posts about politics -- joined Facebook in 2011. Her sex-work identity is not on the social network at all; for it, she uses a different email address, a different phone number, and a different name. Yet earlier this year, looking at Facebook's "People You May Know" recommendations, Leila (a name I'm using in place of either of the names she uses) was shocked to see some of her regular sex-work clients. Despite the fact that she'd only given Facebook information from her vanilla identity, the company had somehow discerned her real-world connection to these people -- and, even more horrifyingly, her account was potentially being presented to them as a friend suggestion too, outing her regular identity to them. Because Facebook insists on concealing the methods and data it uses to link one user to another, Leila is not able to find out how the network exposed her or take steps to prevent it from happening again. "We're living in an age where you can weaponize personal information against people"Kashmir Hill, the reporter who wrote the above story, a few weeks ago shared another similar incident.
A decade ago Facebook sent me an email, suggesting that I create an account (as I didn't have one) and also telling me that I probably knew three different people - one that I worked with, one that I socialised with and one family member.
None of those people had the same email address for me.
I wonder if the UK DPA or upcoming GDPR legislation will let me force Facebook to reveal their matching algorithm - see Article 15 paragraph 1(h) of the regulation (PDF at http://eur-lex.europa.eu/legal... )
I come from a middle eastern Muslim country. My views about religion and other issues will surely anger people I know. To vent, I made two accounts on facebook, one for my friends, and one where I express my views including religious ones under a separate identity.
On the 'anonymous' account, I just put my first name and at worst, extremely general hints about my life , since I assumed no one I know will see it. I used a separate, anonymous, e-mail for this account, and used to access it from a separate browser. The only link was probably my IP address / user agent, or maybe I tried to view my profile from the other account, but that's it.
I was once chatting with a real-life Muslim friend and she started making hints about statuses I post on my other account. Nothing serious happened, since shes a terrible Muslim herself, but this could have easily put my life in danger had this been known to other people. I learned to NEVER trust facebook with my privacy ever since this happened.
I once tried to create an anonymous (false identity) account on facebook, which I wanted to use to access the private group of a sportsclub that insists on using facebook for sharing pictures and videos, they also use whatsapp.
I don't want to be on facebook, because I don't trust them, so therefore I didn't use any of my know e-mail adresses or phonenumbers (I thought) to create the account.
In the short time the account worked (and I used tor-browser to access facebook, exclusively!) facebook suggested several people whom I know in real life, but who didn't know I was on facebook or with the sportsclub. The account I created did not have a picture of me, but of a doll that didn't look at all like a human face.
I have no clue how this can be done, but facebook has some very sneaky ways to find connections between people. This alone should be enough reason for anyone who wants to keep some social lives separate to avoid facebook altogether. And I'm sure that despite my not being on facebook, it has an entire profile of me waiting to be associated with my account, should I create one.
Someone summarized this quite well: don't use facebook.
Facebook makes suggestions based on correlated movements and positions. If you arrive and depart from the same location at the same time as another person a few times it may suggest them as a friend. There isn't really any mystery to this (unless you are someone like a journalist or Facebook user who never read any of the agreements you accepted).
We could have a debate as to whether or not this should be opt-in, or legal, or whatever, but there shouldn't really be any debate that it is an effective method of determining people who might know each other, and there shouldn't be any mystery that it's done when it has all been plainly discussed before. You can at least opt out of some of it, or adjust your privacy settings to prevent it.
Just imagine that Facebook is your mom and every time you load up the app it's like calling your mom and telling her where you are. And everyone else around you is also calling your mom and telling them they are there too, and you and everybody else are constantly calling back every 10 minutes to give her updates. Provided your mom has a lot of time on her hands and takes really good notes, pretty soon she's going to figure out who you are hanging out with.
When I was going to install signal because of all the good things I heard about it, my phone presented me with a *massive* list of permissions the Signal app wants:
- read sensitive log data
- find accounts on the device
- read your own contact card
- modify your own contact card
- read calendar events plus confidential information
- add or modify calendar events and send email to guests without owners' knowledge
- find accounts on the device
- read your contacts
- modify your contacts
- approximate location (network-based)
- precise location (GPS and network-based)
- read your text messages (SMS or MMS)
- receive text messages (MMS)
- receive text messages (SMS)
- send SMS messages
- edit your text messages (SMS or MMS)
- directly call phone numbers
- directly call any phone numbers
- modify phone state
- reroute outgoing calls
- read call log
- read phone status and identity
- write call log
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- take pictures and videos
- record audio
- view Wi-Fi connections
- read phone status and identity
- send WAP-PUSH-received broadcast
- receive data from internet
- view network connections
- create accounts and set passwords
- pair with Bluetooth devices
- send sticky broadcast
- change network connectivity
- connect and disconnect from Wi-Fi
- disable your screen lock
- full network access
- change your audio settings
- read sync settings
- run at startup
- set wallpaper
- use accounts on the device
- control vibration
- prevent device from sleeping
- toggle sync on and off
Needless to say, I backed out.
CLI paste? paste.pr0.tips!
Kind of.
As a self-identified right-winger, my first concern with prostitution is the inherent risk of abuse, first due to the social stigma, which puts the sex worker at risk of abuse by law enforcement, pimps and other rent-seekers, and clients. Removing the stigma is, or should be, out of scope for government intervention. Government can reflect society and culture, but when it is used to dictate or shape society or culture, it is no longer freedom, and our nation has become something it was not intended to be.
This is why, as described in a recent incident, police officers defending engaging in sex with anyone other than their spouses (or partner) while on duty as innocuous are flat-out lying. Being a police officer, on duty, they have an inescapable position of authority, and there can be no consensual interaction with any citizen without the obvious risk of becoming an enforced interaction. The gun on their person forces that. Even taking the gun and badge off solves nothing, however, because they can defer that forced interaction until 'later'. A police officer on duty, and probably even off duty, can use their position of authority to force others to comply with virtually any demand, and their only risk is not exposure, for we see too many reports of this happening, but the unfortunately rare imposition of undesirable consequences. these happen too rarely to be a deterrent on many forces...
And this is only the law enforcement risk to sex workers. their clients can take advantage of a real imbalance of power. Until society removes the various stigma associated with the work, this is a risk where the work is held in such low esteem.
Now, the question of whether prostitution is a moral or ethical profession is one to be left to the culture and society. resolving that could make the work safer.
deleting the extra space after periods so i can stay relevant, yeah.
They might be using canvas fingerprinting. There are add-ons to block it. I use CanvasFingerprintBlock.
Canvas fingerprinting works in incognito mode, works with ad-blockers, works if you block cookies, works if you use a VPN... And if you install a blocker you will quickly find that a large proportion of sites are trying to use it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
More likely the simple answer is that she was clueless about how deep their tentacles are and used the same browser without logging out of Facebook first. Thus since just about every website insists on haven't FB's "like" button somewhere on their page, FB gets the details to do the math.
A smart person (can that be said of a Facebook user?) would at least go as far as using an entirely separate computer for business and personal stuff. Still not fool proof by any stretch, but every little bit helps.
Thanks for that link, Einstein. I traveled back in time and included it in my own post.
And in no way do they *need* all that. They *want* it to offer fancy functionality which is the *last* thing I want in an allegedly highly secure system. Just think of all the code that is required for those fancy features, and when it does get compromised, the attacker can pretty much do anything they want because they have all the permissions. Fuck that. They've lost their credibility to me by pulling off that incredibly stupid mode.
CLI paste? paste.pr0.tips!
My ex did a paper as part of her masters about sex workers. A surprising percentage of private room bookings did not involve a sex act so much as a counseling session. These girls were discreet and honestly cheaper than a shrink.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
John has exchanged email with leila_sexworker
John's emails contain headers which include leila's IP address
John lets Facebook see his emails
There are several, perhaps many Johns
Facebook sees that all these Johns have leila_sexworker in common
Facebook sees leila's IP address and matches it with its own records
Facebook sees leila_clean logging in to Facebook from the same IP address, repeatedly
Facebook makes the connection