Slashdot Mirror
How Facebook Outs Sex Workers (gizmodo.com)
An anonymous reader shares a Gizmodo report: Leila has two identities, but Facebook is only supposed to know about one of them. Leila is a sex worker. She goes to great lengths to keep separate identities for ordinary life and for sex work, to avoid stigma, arrest, professional blowback, or clients who might be stalkers (or worse). Her "real identity" -- the public one, who lives in California, uses an academic email address, and posts about politics -- joined Facebook in 2011. Her sex-work identity is not on the social network at all; for it, she uses a different email address, a different phone number, and a different name. Yet earlier this year, looking at Facebook's "People You May Know" recommendations, Leila (a name I'm using in place of either of the names she uses) was shocked to see some of her regular sex-work clients. Despite the fact that she'd only given Facebook information from her vanilla identity, the company had somehow discerned her real-world connection to these people -- and, even more horrifyingly, her account was potentially being presented to them as a friend suggestion too, outing her regular identity to them. Because Facebook insists on concealing the methods and data it uses to link one user to another, Leila is not able to find out how the network exposed her or take steps to prevent it from happening again. "We're living in an age where you can weaponize personal information against people"Kashmir Hill, the reporter who wrote the above story, a few weeks ago shared another similar incident.
criminalizing prostitution.
This is probably due to someone posting a photo with both people in it. Facebook will use facial recognition on photos, and when it sees two people in the same photo, I would expect it to suggest a connection.
Don't use Facebook.
but she's probably telling the truth.
I have no problem with people's chosen professions. Free country, free to exchange goods and services, and free to engage in known workplace risks for such, yadda yadda yadda. For something so socially stigmatized and illegal, though, it would be better to use a more secure and privacy oriented platform to connect with clients.
For this exact reason people should close their personal accounts. FB has gone too far in making links, even with accounts between their different programs.
Plus their mega-bloat-loaded apps degrade phone performance...
This is so simple it hurts. She carried her phone with her while performing sex work. Facebook tracks its user's phones locations. When Facebook saw her phone and her customer's phone spent time in the same location, it connected them. No conspiracy theories needed.
She needs to have a vanilla phone and a sex work phone, and only carry the appropriate phone at the appropriate time.
...and this is how it knows who you associate with. In later versions of Android (and perhaps in iOS), you can deny permissions to read your contacts, but the app will likely work hard to get around that.
If you have contacts on your phone that you don't want Facebook to know about, then you must not load their app
- only access them through a dedicated, privacy-focused web browser (or an equivalent sandboxing app).
I like FaceSlim on F-Droid. I would never, ever run their app. That thing is a monster.
No! Are you crazy? I won't delete my Facebook account.
I'll keep it in the empty state it is now, lest someone creates one in my name and abuses it to slander me.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A decade ago Facebook sent me an email, suggesting that I create an account (as I didn't have one) and also telling me that I probably knew three different people - one that I worked with, one that I socialised with and one family member.
None of those people had the same email address for me.
I wonder if the UK DPA or upcoming GDPR legislation will let me force Facebook to reveal their matching algorithm - see Article 15 paragraph 1(h) of the regulation (PDF at http://eur-lex.europa.eu/legal... )
Your Facebook account is never deleted. Oh, sure. You can go through the motions of deleting your Facebook account. The moment you have to access a website via a Facebook account login, your account is immediately revived. You can "delete" it again but it never goes away.
How Facebook Outs Sex Workers
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
after figuring out her real name. I sometimes get friend suggestions from people where I suspect that the connection is that they looked at my profile.
This sucks.
Even though I have never had any relation with that company I've experienced similar, years ago Facebook mailed me with the sugestion to yoin people I know.
My stupid sister and a cousin had shared their address lists with Facebook and the algorithm added 1 + 1 is me...
At least they gave an option to opt out of further mail but I'm sure they are still following me around, even though I use plug ins to remove their spying icons from web sites.
I'll leave further comments to my signature.
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
Location is part of the algorithm: basically Facebook knows that those 2 "accounts" were near each other for X amount of time.
I can think of a variety of ways Facebook could figure out who you interact with. The most obvious is that many people carry around a smartphone with the ability to track their whereabouts. It's not all that hard for a company like Facebook to notice that two people are in close proximity with some regularity if they have some tracking software installed on your smartphone or PC.
Frankly I value my privacy too much to want to have anything to do with Facebook. I simply don't trust the company to be responsible with data about me.
I'm not a Facebook specialist, but if she looked at only one her sex friends, only once, with her personal profile, the bound is made. Facebook will then start to suggest friends from her other profile. Unless Facebook uses here IP address and browser profile, and matches the two ?
If you don't have a Facebook identity, how can they suggest friends to you and display your friendship status to others? Dumping Facebook is not 100% a fix for this privacy fiasco, but it is absolutely a necessary step.
That she didn't use Facebook to connect with her clients, was a pretty big point. It says so right there in the synopsis: "Her sex-work identity is not on the social network at all"
Hi If Leila brought her "vanilla identity" phone with the FB app in her purse while meeting her clients, I'm fairly certain FB tracks patterns of FB users meeting in the same area on a regular basis to suggest they know each other. It can probably be confirmed by attending events where you do not normally go and where the same people go a few times and then checking if some of the faces you saw at these events start appearing in your friend suggestions list. Like the others were saying: if you have multiple identities, don't use FB at all.
A good reason to move to Signal, it is free and does not sell your data.
https://signal.org/
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
I come from a middle eastern Muslim country. My views about religion and other issues will surely anger people I know. To vent, I made two accounts on facebook, one for my friends, and one where I express my views including religious ones under a separate identity.
On the 'anonymous' account, I just put my first name and at worst, extremely general hints about my life , since I assumed no one I know will see it. I used a separate, anonymous, e-mail for this account, and used to access it from a separate browser. The only link was probably my IP address / user agent, or maybe I tried to view my profile from the other account, but that's it.
I was once chatting with a real-life Muslim friend and she started making hints about statuses I post on my other account. Nothing serious happened, since shes a terrible Muslim herself, but this could have easily put my life in danger had this been known to other people. I learned to NEVER trust facebook with my privacy ever since this happened.
I swear there have been multiple occasions where I was discussing buying something with my wife - never having searched for it or referred to it on any computer in any capacity - within "earshot" of my phone, and then gone into Facebook and seen targeted ads for the thing that I was discussing.
Proud neuron in the Slashdot hivemind since 2002.
"People can always control who can send them friend requests by visiting their account settings," said the spokesperson. "If they select 'no one,' they won't appear in others' People You May Know."
Um, Facebook removed the option for "no one" to send friend requests years ago. The most restrictive now is "Friends of friends".
I am an infosec consultant and about a year ago started to see clients as suggested friends.
I keep facebook for family stuff in a closed group and never mix work with my personal life.
I figure it is tied to the mobile app.
Stop being on Facebook.
Except Facebook will remember you even if you delete your account.
Except Facebook will remember you even if you have separate accounts.
Except Facebook will find out who you are if you have friends and family on Facebook. Especially if they mention you by name in a Facebook post.
Except Facebook is probably tracking you right now because of all those little "like" buttons you can see everywhere.
Except Facebook... Oh, fsck it, I give up.
Frankly, who needs the NSA when you have Facebook? Oh, wait, they are probably working together right now.
Wasn't there a story about that creep Zuckerberg wanting to become President of the United States of Facebook?
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
From the article: âoeFacebook isnâ(TM)t a luxury,â Darling said. âoeItâ(TM)s a utility in our lives. For something that big to be so secretive and powerful in how it accumulates your information is unnerving.â
That's one of her problems right there. It may be a utility, but it is not a mandatory utility. It is opt-in. Life goes on just fine without it. Some sheeple seem to think it's required that you sign up for a facebook account. It's a proven privacy violator. And as far as ethics go, Facebook is in the same category as uber. Just use other technologies instead.
I chose to end my comments, not with a rim shot, but a long decaying F#7sus4
I remember a similar story a few months ago. A thief stole someone's phone and the perpetrator was suggested to the victim as "someone you may know." I think the consensus was, just visiting someone's facebook page pulls you into their potential network. I'm guessing she's visited her alter-ego's page at some point (and maybe some of her clients).
The only winning move is to not play. Just get rid of facebook and install uBlock and filters that keep social media at bay.
Maybe the EU needs to slap a $1B (or so) fine on them, and repeat as needed. Because the US sure as hell is not doing anything about this problem.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Facebook rummaged through her contacts and found those people. Equally, those people probably had her phone-number in their contacts.
Easy match for Facebook.
She should really not be using Facebook, as hard as that may be, as well as any other service that likes to make such "recommendations".
Even using two different phones and keeping all the "side-job-work" on a dumb phone with no internet access at all might not be enough, if she keeps both her normal phone and the dumb phone in her bag at the same time.
Facebook will likely notice that her "true indentity"-phone and her clients' phones are at the same place at the same time semi-regularly and deduct that they may know each other (which is true, after all).
There's hardly a way to "manage" or "influence" how Facebook handles this, so, again, the only way to win this game is not to play it.
Windows 2000 - from the guys who brought us edlin
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
This is due to state regulations.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I once tried to create an anonymous (false identity) account on facebook, which I wanted to use to access the private group of a sportsclub that insists on using facebook for sharing pictures and videos, they also use whatsapp.
I don't want to be on facebook, because I don't trust them, so therefore I didn't use any of my know e-mail adresses or phonenumbers (I thought) to create the account.
In the short time the account worked (and I used tor-browser to access facebook, exclusively!) facebook suggested several people whom I know in real life, but who didn't know I was on facebook or with the sportsclub. The account I created did not have a picture of me, but of a doll that didn't look at all like a human face.
I have no clue how this can be done, but facebook has some very sneaky ways to find connections between people. This alone should be enough reason for anyone who wants to keep some social lives separate to avoid facebook altogether. And I'm sure that despite my not being on facebook, it has an entire profile of me waiting to be associated with my account, should I create one.
Someone summarized this quite well: don't use facebook.
My iPhone and Galaxy bug me every so often to turn bluetooth on for better location. This is probably BS unless they will read the nearby bluetooth devices you come in contact with at known locations like at retail stores.
I wonder if it's reading the bluetooth ID's of phones you come close to and depending on the time spent in the vicinity and location suggest friends
Facebook makes suggestions based on correlated movements and positions. If you arrive and depart from the same location at the same time as another person a few times it may suggest them as a friend. There isn't really any mystery to this (unless you are someone like a journalist or Facebook user who never read any of the agreements you accepted).
We could have a debate as to whether or not this should be opt-in, or legal, or whatever, but there shouldn't really be any debate that it is an effective method of determining people who might know each other, and there shouldn't be any mystery that it's done when it has all been plainly discussed before. You can at least opt out of some of it, or adjust your privacy settings to prevent it.
Just imagine that Facebook is your mom and every time you load up the app it's like calling your mom and telling her where you are. And everyone else around you is also calling your mom and telling them they are there too, and you and everybody else are constantly calling back every 10 minutes to give her updates. Provided your mom has a lot of time on her hands and takes really good notes, pretty soon she's going to figure out who you are hanging out with.
When I was going to install signal because of all the good things I heard about it, my phone presented me with a *massive* list of permissions the Signal app wants:
- read sensitive log data
- find accounts on the device
- read your own contact card
- modify your own contact card
- read calendar events plus confidential information
- add or modify calendar events and send email to guests without owners' knowledge
- find accounts on the device
- read your contacts
- modify your contacts
- approximate location (network-based)
- precise location (GPS and network-based)
- read your text messages (SMS or MMS)
- receive text messages (MMS)
- receive text messages (SMS)
- send SMS messages
- edit your text messages (SMS or MMS)
- directly call phone numbers
- directly call any phone numbers
- modify phone state
- reroute outgoing calls
- read call log
- read phone status and identity
- write call log
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- take pictures and videos
- record audio
- view Wi-Fi connections
- read phone status and identity
- send WAP-PUSH-received broadcast
- receive data from internet
- view network connections
- create accounts and set passwords
- pair with Bluetooth devices
- send sticky broadcast
- change network connectivity
- connect and disconnect from Wi-Fi
- disable your screen lock
- full network access
- change your audio settings
- read sync settings
- run at startup
- set wallpaper
- use accounts on the device
- control vibration
- prevent device from sleeping
- toggle sync on and off
Needless to say, I backed out.
CLI paste? paste.pr0.tips!
(should've uniq(1)ed the list first, there are four dupes. So the real list is "only" 45 items long as opposed to the 49 I quoted.)
CLI paste? paste.pr0.tips!
“I don’t want my 15-year-old cousin to discover I’m a porn star because my account gets recommended to them on Facebook,” Darling told me by phone.
Fast Federal Court and I.T.C. updates
Facebook requires you to use your real name on your account. Failure to do so is a violation of their terms of service and they can lock your account.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
You aren't quite getting something. If you don't have a Facebook account, even if Facebook knows you as some entity with a certain set of demographic information that possibly knows certain other people, it isn't going to recommend you to them as a possible acquaintance as you have no Facebook account to recommend them to.
My Other Computer Is A Data General Nova III.
data analytics that would make even the STASI say, "whoa, that's going a little too far"...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
"It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow."
Sharing the IP address with somebody doesn't mean they are related, it can also mean they share the same Internet Service Provider, they work in the same company, they sit in the same Starbucks, they use the same VPN, ....
Very likely her clients had searched for her too. Often times Facebook will show you people who have searched for your profile, even if they haven't friended you.
Here's what they say they need all of that for.
https://support.signal.org/hc/...
Competition Good, Monopoly Bad.
Um, you realize that more than one person on Facebook can have the same name, right?
The only thing unique about a Facebook account is the email address used to create it. Everything else can be cloned wholesale from another account, making it extremely hard to know which one is the real one.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Not only IP addresses.
Facebook connected me with someone I had brief contact with from back in the late 1980â(TM)s and FIDO BBSâ(TM)s. Predating my time on the Internet, this was puzzling to me.
It turned out I contacted them once via hotmail and that was it.
Yet somehow Facebook has this information, and to this day continually lists them in the âoepeople you may knowâ section.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
It's much simpler than that. It's called location services. "I don't know them Facebook!" Really, because you spend time about once a week with them in the same hotel room.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
More likely the simple answer is that she was clueless about how deep their tentacles are and used the same browser without logging out of Facebook first. Thus since just about every website insists on haven't FB's "like" button somewhere on their page, FB gets the details to do the math.
A smart person (can that be said of a Facebook user?) would at least go as far as using an entirely separate computer for business and personal stuff. Still not fool proof by any stretch, but every little bit helps.
You must have a separate phone that has none of the contacts from the other. Including yourself. You can never check the email from the other system. Having any part of your Phone, or PC touch the other life will create the link and you're back to square one. I don't have a facebook account because they asked me to join and said these people know you "Join US". They already knew too much about me without me even using their system so they can go fly a kite. Your lives must never touch. You cant have friends who know both identities who can contact either identity. If they do facebook creates the link and infer the people of your secret identity might know your other identity. It's more dangerous because you can't trust someone to know that you've gone missing or not. Best advice, don't use facebook.
âoeHer sex-work identity is not on the social network at all; for it, she uses a different email address, a different phone number, and a different name.â
If sheâ(TM)s not logging in to a different identity at all on Facebook, how?
It's not just IP. I've come across situations where "People you may know" were folks I was at the same event with that I don't know, work in the same industry with, or live nearby. Same has happened traveling to resorts in Mexico where I take my phone for emergency calls.
Facebook's app asks for permission to GPS and cellular location info. If you're logged-in with that phone it probably syncs a location history. Just keeping your personal profile on a device means exposing that info.
--- Need web hosting?
There WASN'T two accounts-- she DID NOT HAVE an account for her professional work.
Seriously, how hard is it to read a damn article before taking the know-it-all route.
I use one of those apps that spoofs your GPS coordinates, so it looks like I'm always home. I turn the location services off. I only do this so that my weather app will give me the data for the right location.
I'm sure that doesn't help 100% of the time, since cell phone companies can triangulate your position based on cell phone towers. If it turns out that FB and other nefarious sites are gobbling up that data, then I may be forced to keep the damn phone off and only turn it on to make a call or text or to see who has been trying to contact me lately.
This idea that I should tell the world my exact position 24/7 is ludicrous.
Unlikely. Location, possibly inferred by comments on local politics or events, and definitely ip address and photo geotagging, put people in the same city.
From there, a tenuous link can suggest people you may know, not people we think you know.
People put extra weight on a successful suggestion that they didn't want, and ignore the wrong suggestions.
There are all kinds of explanations here, but I would need to interview several people to figure it out exactly. Facebook is likely mingling ad data and hits to the fb "share" links and putting them together to get a composite identity. How they overlap may be as simple as that.
Actually, the username is unique. You can change it, but even then it still needs to be unique.
Given that I also have a unique name, it's kinda hard to "prove" that someone isn't me if that name comes up on FB. Then it's nice to be the one who has the account that is "in" my name instead of "therealwillsmith" or some bull like that. It makes the whole deal a bit more credible.
Be it as it may, I know that it's at best going to discourage those that aren't really committed to slander, but it's as much as I can sensibly do.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Browser information leaking:
Most people are unaware that every site you visit can see every other site you visit(ed) and every tab you have open.
All Facebook would need to discover a secret identity is for you to login to that email (or any account for that identity) in the same browser as you login into Facebook.
1. Anything confidential should be done in Firefox private tabs only (get the Ublock Origin plugin).
2. Separate different kinds of services and identities to different browsers. Only use Facebook (real identity), gmail and youtube in Chrome. Never login in on Firefox where you do other business.
3. Clear your browser data periodically and give them less to mine and less to associate.
4. The same is true with Phones never contaminate a Phone with information from one other the othe.
ISP data collection
1. This year ISP's can start collecting information on users directly and none of that will matter. The far right has once again sold away our basic rights for just a few dollars. It's the greatest threat to personal privacy since the 2005 Real ID law, the greatest favor to foreign intelligence services the far right has ever done. The far left would no doubt do different kinds of damage if they were every to take power. Good people on the right and the left need to fight against the congressional protection of the privately owned big brother/foreign intelligence agent existential threat to the USA.
I knew this was possible, but did not know it was widespread. Thanks for sharing.
Ad tracking networks will still link her if she is on the same IP address.
According to the summary(That you obviously didn't read), she only has a FB account that's linked to her real life identity.
Her sex-work identity is not on the social network at all
There is no other account for FB to conclude is owned by the same person.
Whatever is happening isn't what you think is.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Six or seven years ago, when I first started using Facebook, it kept suggesting a landlord I'd had five years previously as someone I might know. He was an okay guy, but we never socialized beyond pleasantries when I handed him the rent check and we had no online connections at all. I presume FB is either searching through municipal records or purchasing banking data.
Proud member of the Weirdo-American community.
"Allow listing in friends you may know" checkbox
Greed is the root of all evil.
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
More likely the simple answer is that she was clueless about how deep their tentacles are and used the same browser without logging out of Facebook first. Thus since just about every website insists on haven't FB's "like" button somewhere on their page, FB gets the details to do the math.
A smart person (can that be said of a Facebook user?) would at least go as far as using an entirely separate computer for business and personal stuff. Still not fool proof by any stretch, but every little bit helps.
She is in the sex industry. I have a feeling she knows exactly how deep tentacles can go.
I have never used Facebook; I donâ(TM)t think Iâ(TM)ve ever even browsed there. I also went through a really unpleasant divorce 3 years ago. And now, whenever I start dating someone, Facebook offers my ex up as a potential friend.
Fsck you Facebook. Let me move on with my life.
Many on the left would love to decriminalize sex work. I think if you look at opinion-pieces on this, you'll find virtually everyone for legalization to be either a libertarian or a liberal.
Only a useful set off apps...
No! Are you crazy? I won't delete my Facebook account.
I'll keep it in the empty state it is now, lest someone creates one in my name and abuses it to slander me.
How does this help? Isn't it trivial to impersonate someone on Facebook, given that names are not required to be unique and identity is not verified?
Is not possible that who can collected the info was WhatsApp app?
Until a couple of years ago I refused to be a part of Facebook. But, over time I was worn down by the family using it as their main source of communication about trips and what not. Eventually I got an account. I tried using my real name which, at the time, Facebook wouldn't allow. Facebook wouldn't allow my brother to use his real name either. So, my brother made up a fake account for me. Which took a little work as Facebook used to really hate fake names.
Anyway, when I logged in for the FIRST time Facebook suggested my father as my first contact.
That's some scary shit, right there.
Ok, so only one of my examples requires the 'professional' FB account.
It doesn't have to be HER either. It can be ANYONE with information linking both accounts storing or sharing that info into somewhere that FB has links. Somehow I doubt both lives are completely separate. Sex workers are typically not experts on data mining and online privacy management.
You can get rich if you own a politician, but you have to be rich to buy one in the first place.
The criminalization of prostitution doesn't fix any of those negative aspects. Decriminalization allows us to tax it. When we tax something we keep records and make requirements/offer services to the workers in that industry. Those requirements/services would be aimed at reducing the issues you're speaking of above. There will still be illegal prostitution, but legalization would greatly diminish that.
Prohibition didn't solve the evils of alcohol, they exacerbated them. The war on drugs hasn't stopped drug us, it's simply exacerbated the negative affect it had on society.
The first-order vs. higher-order stuff you're prattling about above is not directly connected with party affiliation. Stupid people only think about first-order affects. There are stupid people on either end of the spectrum.
Meanwhile, please point me to one member of congress presenting a "proper solution that provides far more balance and tries to avoid unintended side effects" for the ills of sex workers and their clients. By which I mean a solution other than "more prison, bigger guns."
Since the client code is open source, you could in theory hack up your own client that doesn't use any of that?
Holy shit. That's insane.
John has exchanged email with leila_sexworker
John's emails contain headers which include leila's IP address
John lets Facebook see his emails
There are several, perhaps many Johns
Facebook sees that all these Johns have leila_sexworker in common
Facebook sees leila's IP address and matches it with its own records
Facebook sees leila_clean logging in to Facebook from the same IP address, repeatedly
Facebook makes the connection
I'm sure I've imported my contacts from various email services over the years and so has everyone else. And that stuff gets on your phone. And spreads to the next email service... and so on. Data leakage is almost inevitable -- even people who want to be careful often make mistakes. Seriously: just a couple weeks ago I found a journalist's full 1040 form on a doc sharing site. This was someone with an advanced degree from a prestigious institution who makes a living writing about things like doxing and they somehow managed to put one of their most private documents on a file sharing site.
At least Facebook isn't as creepy as LinkedIn, what with all those notices about how many people are looking at my profile, but then NOT telling me who they are (or worse sometimes, telling me who they are). They seem to think I would actually pay money to reverse stalk people. If I didn't owe my current job to popping up on an old coworker's LinkedIn feed, I'd probably have deleted my account there. Again. Because back a few years ago, when it was revealed that they couldn't figure out how to store passwords safely and got cracked, I deleted my account immediately. Not to protect my data (too late!), but to simply not use the services of such an inept provider.
I do not have a signature
Same IP Address...and same MAC address....and same OS....and same...(yadda yadda yadda)
Theorizing how she could have been 'outed' * She took steps from separating her 'real' life from 'work' life', but did she do the same to seperate her 'work' life from her 'real' life? Did she conceal her real identity from her workers? Does she avoid being photographed on smart devices? All it takes is for them to mention her real name in their 'work' social media or to tag her on a photograph for Facebook to make the connection. * Does she avoid posting self-photographs on her 'real' life Facebook page? Facebook's photo recognition could be sophisticated enough to correlate her photos with any photos her 'workers' may have snapped and uploaded, along with location & timestamps to make the connection. * Does she keep seperate smart mobile devices an/or turn off personal info collection like GPS? If she has location tracking turned on for her 'real' life smart device, then facebook can correlate that she frequents places, establishments, and timestamps and notice that she's often at the same places & times as her co-workers and that she may know them.
There WAS NO SECOND ACCOUNT. She never had an account for her business dealings, just a phone number (different) and an e-mail (different). Now I don't know if she ever accessed those things from a device with facebook installed, but there was no other facebook account to link to.
My guess is that she posted an ad somewhere and viewed it from a device that facebook was bugging, er, had associated to her account. Then when clients viewed the ad, it linked them with her. Either that or location data tracking saw that they were in the same place at the same time. Creepy.
Facebook is definitely doing this. I'm pretty sure Facebook knows I'm dating someone before I tell anyone about it. I start to see their stuff and name pop up substantially more in my news feed, even without any change in online interaction with them. Pretty sure that location services on both her phone and mine are showing us at the same locations at the same times and their algorithm is putting it all together.
Updates to two different accounts coming from the same IP? Or through the same ISP? I've noticed that Google Maps, for instance, tries to guess my physical location even through a corporate firewall. The problematic identity should probably show a different origin, but sex workers are probably unlikely to think of that.
I suspect that one part of Facebook's data mining is to find other users geographically close to you, and this is what tripped her up. A simple solution might be to have her alternate identity not use facebook or any social media widget (like instagram) that has a connection to facebook. (Suggestions for you: "Laura Goodbooty" is now on Instagram as nicebutt1039. Follow?" Oh geeze...) Of course, it's too late for that now. She may have to move out of the area.
So. Sex workers on Facebook. That would explain the occasional friend request I get from accounts that only contain three or four pictures of a 20-ish girl in yoga pants and handbra. And here I just assumed it was the NSA.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
This is the correct answer. Facebook sees you in the same location, (by network or GPS association) and therefore decides you might want to be friends.
This wonderful piece of logic is exactly what you need to become better acquainted with that creepy guy who always seems to be hanging around your gym. Or the work colleague that you tolerate but certainly don't want to socialise with. Or your annoying neighbour. Or your stalker.
Which begs the question - why does Facebook suggest 'people you might know' based on anything other than their being Facebook friends of your Facebook friends? And how would it hurt them to let you opt out of that?
The weird thing is that, having put enough effort into this particularly creepy kind of 'connection', the actual 'search for people you know' functionality on Facebook is horrible. You can search by name - that's it. Useless for any kind of common name - and even when the person you're searching for shows up in the list, you can't narrow it down by searching on location or any other keywords, so if you don't recognize their photo, you're out of luck.
Posted from my Android phone. Oh, I can change this? There, that's better...
The obvious solution to Slashdot stupidity is to RTFS, but alas.
She has a Facebook account under her own name for social activities and having a life. She has an alternate identity with different email address, phone, and name, that doesn't have a Facebook account. This doesn't stop Facebook from linking her customers to her private account.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Facebook partially does this via reoccurring common GPS locations during the same time frame. I travel North America attending a certain theme of trade show, sometimes hitting upwards of 20+ shows a year for work. People I've personally NEVER met are pretty much my entire "people you may know" list, and just looking at their public posts and photos, it is quite obvious they attend some of the same shows I work. This person in particular probably has both phones in her purse at the same time, so Facebook sees the common travel patterns of the two, and assumes they're related.
There's a few more things that go into fingerprinting. Unless she was using different VMs on different computers the algorithm I sold years ago to one of those evil advertising corporations would correlate.
IP isn't as unique as you'd think. I've seem colleges have ONE public IP for all outbound data across campus, including all dorms. Start adding in other information your browser gives away like extensions and versions, user agent, screen resolution, mouse sensitivity, etc etc and you can narrow down to a single machine. If you have additional data like facebook does (every single page that includes a facebook button or comment section is used to profile you), you can even discern beyond machine to user-of-said-machine.
Facebook even recognizes people that are NOT on Facebook. You can find "your full name profile" on Facebook, just in case.
Facebook keeps track of everything, if you have 2 accounts, but use the same browser, a cookie will keep track of that easy. Facial recognition does the rest.
Even LinkedIn does this, one of my retired colleagues walked into the office, he had the LinkedIn app on his phone and everybody got a notice not even 5 mins later "you may know so-and-so". GPS tracking on the app had matched their locations.
Custom electronics and digital signage for your business: www.evcircuits.com
For people who use FaceBook: Why use the app? It's a web site. I even remember reading articles years ago about how they went through all kinds of effort to make their web site super mobile friendly. By installing the app, you give them access to your photos, contacts, location, etc. What possibly reason would there be to do that?
I bet it's even simpler than that. I bet she has Facebook on her phone, and I bet it's the same phone she uses to communicate with her clients. Facebook sees those contacts on her phone.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Probably snoops your browser history and tracks to which cell towers your phone connects to as well.
A while back, son of a distant cousin (distant in relation, close geographically) had some issues with his PC so he called me for help.
It sounded like the issue was power related but he assured me that his PSU had enough power to run it all.
It was the PSU. He read the wrong numbers on the box.
BUT... After I downloaded a GPU test to check my suspicions about his computer, which naturally required an internet connection, and he took his computer home with an advice what to buy so his games would no longer crash the system - he starts appearing as "people you may know" on my Facebook profile.
Despite the fact that we have no direct connection on Facebook. His dad is not on any social network. Same for his mom.
And he's too young to be in social circles of our mutual cousins.
But once his computer connected to the internet through my router... there he is.
On another note... got a new phone which (naturally) has cell tower broadcast notifications turned on by default.
Which I notice only as it starts pinging me with notifications as I go around town and move between different cell towers.
Coincidentally, during that same walk I notice a former colleague on the other side of the street, going home from work.
He doesn't even notice me, he's on the other side of the street, there's traffic between us, and I'm not about to shout and wave or jump around for him to notice me.
We never were that close anyway... which is the reason why I don't have him in my Facebook contacts.
But we do both have some of the same former colleagues in our friend lists... and I was just in his neighborhood.
And there he is the next day on top of the "people you may know" list. He was probably on it the whole time... but now he's on top of it.
As soon as his phone and my phone were near the same cell tower at the same time and as my phone connected to my wireless router once back home.
Facebook has shadow profiles on everyone already.
All it needs is for some of the gathered data to start matching to geographical and time coordinates one's technology, friends or even interests leave all over the place - and it can start making some pretty educated guesses.
Mit der Dummheit kämpfen Götter selbst vergebens
...strongly suggests that you never resize it, and constantly presents warning dialogs about canvas fingerprinting.
Facebook has an .onion site, and works well with Tor browser.
Not even hard-core neoliberal economists believe this tripe.
There are many categories of market that capitalist democracies prohibit universally and unconditionally, such as selling your children, burial remains (but I dug them up on my property!), endangered-species penis powders (as in "made from" rather than "made for"), consumer products under a severe-hazard safety recall, and Oscar statuettes.
I added that last one just to get your bile up, but before you do, take heed that it's the only one on my short list imposed by the market itself, rather than government fiat.
Why Academy Award Winners Can't Sell Their Oscars
Seriously, raise your game. All you're managing to do is give respectable libertarians a bad reputation.
Whether sexual service constitutes a valid marketplace has been hotly contested in nearly every society known.
Clay Shirky: "Little Rice" | Talks At Google
Around 51m11 Shirky talks about duplicity on the part of the Chinese government in allowing corporate VPNs to bypass the firewall, but not personal firewalls. Somewhere else in that talk, he talks about the (large) category of activities which are "illegal, yet allowed" (until further notice—which will arrive abruptly, if it arrives at all).
Most societies "allow" the dopamine trade (sex, drugs, alcohol) but make substantial efforts to push it to the dark margins. (This compromise vastly predates neoliberal ideology, which hasn't changed a damn thing about how this part of the economy works.)
The one dopamine trade, fructose/sucrose, that historically escaped the heavy thumb, having recently been identified as such (the American metabolic syndrome epidemic is impossible not to notice in the healthcare spending balloon) has actually gone mano a mano in public debate in the way you seem to think this whole sphere operates.
Sugary Drinks Portion Cap Rule
What this rule amounts to is not having more than half a liter of dangerously sweet liquid show up on your receipt as a single line item (no-one is stopping anyone from ordering a six-pack of 12-ouncers, all for personal consumption; I don't even think the rules prevented McSodaCorp from offering three for the price of two).
Because homo economicus is a giant myth, the inability of McSodaCorp to list the 50-ounce portion on their display menu changes the purchasing behaviour of people who never in their wildest dreams would have purchased a 50-ounce portion (this effect is known as the framing effect). The putative "cap" doesn't stop you from arriving in the same place, supposing you were choosing on such a rational basis in the first place (which most people are not, in small affairs).
I'm legitimately torn and I see both sides. On this issue, I think either path is viable. A society might choose more nudge or less nudge, and then experience different pros and cons (please note when adding up the utilitarian total that the prematurely dead fail to exercise much big-f Freedom during the imprudently excised portion of their otherwise naturally allotted span).
Society also regulates alcohol portion size, but this rarely prevents anyone determined to do so from getting entirely slozzled. Fructose eventually kills through one of the same metabolic pathways by which excess alcohol consumption leads to fatty liver disease. Both chemicals lead to dependency loops, but only one causes people to slur their words. There's even a perspective that alcohol is ultimately less dangerous for many people, because you can only get shit-faced once per evening, rather th
FB doesn't see her MAC address.
Every end has half a stick.
You seem to have overlooked where he wrote "from a separate laptop". Canvas fingerprinting work on a per machine basis. That's what the "fingerprint" refers to. It is not a way to link activities between different machines.
Please describe the symptoms you observed after your wife, siblings and parents all stopping using Facebook
You can't make that happen, which is basically my point. I can't make other people stop using it if they think it's a good thing to use. Even if half of the actual facebook users worldwide were to decide today to never use it again, they would still get enough information from the other half to keep on doing what they're doing. Facebook would still know plenty about me and all the other people who have never had an account or signed in.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
And how does FB see my email headers?
(facepalm)
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Comment removed based on user account deletion
I have multiple email addresses under my real name - work, different email services - and two addresses using variants of "DutchUncle". At some point Facebook started trying to connect them together. Connecting information is their stated business.
Aye, there are strange forces at work. Potentially IP Address among other data being utilized.
For instance:
I use Gmail from Chrome. In Firefox (main browser) I never login for YouTube nor Google searches.
Last week, I used YouTube from Chrome (which I almost never have), not logged in. The recommended list of videos was your standard fare of celebrity crap, late night news and politics.
I logged into YouTube from Chrome - the recommended list of videos now included dozens of things and sections matching (unlogged in) Firefox Google searches, and previously watched videos on YouTube from Firefox.
Which shouldn't really be happening, cookies are generally disabled and uMatrix blocks most third-party domain activity that hasn't been whitelisted.
(Interesting that Slashdot's HTML edit box doesn't require manual line <br/>eaks anymore).
Exactly: When I first joined FB, I was almost immediately contacted by a couple of ex's - one that I hadn't talked to since the late 80's, the other since the mid 90's.
It has become plain impossible for an average social network user to avoid something like this.
I'd guess IP, location, or perhaps even something else ousted her.
And Facebook doesn't give a fuck, because it's that sort of thing that helps them convince advertisers to pay them money.
After a big party or festival, I often realize that Facebook suggest me relations with people I've been in the same place with, even though we didn't confirm attending or being interested in the same events, even though we didn't tag each other or didn't add new common friends. My guess is that either Facebook makes connections through common friends actions, or it uses our GPS location to put us in the same place at the same time.
From TFA: "People You May Know suggestions are not informed by your smartphone’s Location Services." Which is an interesting set of weasel-words. It may not use the phone's Location Services, but if the app is looking at available Access Points, it could be feeding requests to a *Facebook* Location Service.
However Facebook know much more than that. Unless she exclusively uses private browsing or clears cookies after each use, they likely know the two profiles share the same laptop and phone. Every web page she visits that has a facebook "like" button may be sending back the cookies associated with both accounts. It's unlikely that logging out an account deletes the associated cookies.
So the same device logs in to account 1 from an IP, then account 2 from the same IP. Later at a coffee shop, the same happens. And the next day it happens from the work IP on a second device. Quickly you realize the accounts are related in some way.
It would be less likely with two devices - than only the fact that they're logging in from one IP would be shared and a VPN could be used to route around that too.
I suppose, if the needle contains lethal drugs.
If that's the case, it's still easy to make the association. She may be sharing GPS information on her phone via the facebook client. Facebook know she and her clients are regularly in the same place at the same time. If she uses hotels and connects to the hotel wifi, facebook could get that information without even needing the GPS information. Knowing that two people independently arrive at the Holiday Inn on Acacia Avenue at 7pm every second Wednesday for four months would easily be enough to suggest they might know each other.
Then there are all the other associations - did they "check in" to the same hotels, bars, restaurants? Do they "like" similar things since they spend time in the same places?
Holy reading fail, fuckface. "Her sex-work identity is not on the social network at all; for it, she uses a different email address, a different phone number, and a different name." She did have a sex worker account, she just didn't use her sex worker information and was surprised it still found it out. This is what the fucking article is about.
i guess she might have just the phone to call clients and accessed her fb profile from the same phone. enough to make a connection.
Ah fuck. I probably misread it myself. When it says "for it", I took to mean the Facebook sex account. But I guess "it" just refers to her real life sex worker profile. My bad. I blame the writer.
Same IP is not good enough for a criminal conviction, no.
But it's most definitely enough for Facebook to offer "people you may know".
This wasn't about privacy. I'm willing to believe that the encryption itself is okay.
CLI paste? paste.pr0.tips!
I wonder how long it's going to take for some low-level FB employee to figure out that they can make a hefty amount on the side by blackmailing people.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
So what should people use, who don't want WhatsApp or anything privacy impaired?
I suspect there is no decent solution that's ready for granny at this time.
Personally I'd be fine with, say, a libotr-using IRC client.
Signal being open source
Yes, that's a good thing. But IMHO less for finding out what it does with the permissions, as ripping out the functionality that uses those permissions. But the code base is probably large and doing that would be a time-consuming task
CLI paste? paste.pr0.tips!
It's much simpler than that. It's called location services. "I don't know them Facebook!" Really, because you spend time about once a week with them in the same hotel room.
FWIW Facebook claims they don't use location services to determine identities for friends requests (stated in link).
Yep. But the code base is presumably fairly big so that'd take more weekends than I'm willing to invest.
CLI paste? paste.pr0.tips!
How many John Smiths do you think there are on Facebook? It's more than one.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
It is called "Facebook", not "Maskbook" or "Hoodedbook" or "Costumebook".
Could also be dominatrix. And now you will have to lick her boots for that indiscretion.
Have gnu, will travel.
They definitely do this, and it is the wording they are using to obfuscate this. I haven't looked at what their claim is word for word, having cancelled the FB I created when urged to by a friend and ultimately concluding that it is eroding the fabric of society, but DO know they used where I have been and others have been as one vector. They also lol at if I have someone's number and that number is in someone else's phone. I'm sure they correlate many other details as well, but location is absolutely used. My guess is they are saying "It's not used for "Friend" requests, just to suggest people you may know. Sure there is a button for you to request they be your friend, but that's different. You are initiating the request.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
It's pretty clear from the comments I read here that people often want to present separate identities to different groups of other people. I think that after cyberbullying news stories, Facebook took the position that none of these desires are to be treated as legitimate. Certainly, in every case that someone desires to hold multiple identities, someone with whom that person interacts will be unhappy about it. While I consider that having separate identities so one might connect with like minded people while avoiding religious persecution is a good thing, the people enacting the religious persecution will disagree. Ideally, one would be able to simply tell Facebook "I want to keep these identities separate," and they would do the rest. That would also benefit Facebook, because they would much less frequently be scaring users by showing how powerful is their knowledge. However, this immediately puts Facebook into the same boat with encryption services, because government law enforcement will want access to knowledge of connections between identities, and not always for reasons Facebook might support. The ultimate answer likely lies in plausible deniability. Facebook's AIs will need to not only learn that separate connections are by the same person (clearly getting pretty easy), but also learn why that person wants to keep them separate. That way they can not admit to knowing about the religious freedom related connections, but "accidentally" out the cyberbullying related connections. Those AIs are still learning, though. Give them some time.
One way this can happen is through photos you've taken. If you don't strip the metadata out of all photos before sending them to Facebook, then Facebook can recognize that photos posted on both accounts came from the same device. If those photos are not widely posted, it pretty clearly identifies the accounts as at least belonging to closely associated people.
More likely they just live/work in close vicinity, which is how they found each other to begin with. Whores don't typically go to the next state over to practice their trade. They probably go to the same academic institution that she mentioned.
Troll is not a replacement for I disagree.
Yes. It was as if I had accidentally dragged a bunch of porn to a local folder that is synced to a Google Drive folder I share with my extended family, instead of dragging it to the Recycle Bin where I'd intended. Or if I'd attempted to upload multiple files that were in my Downloads folder, and ctrl-clicked on one too many files in the file chooser dialog.
I do not have a signature
maybe she is using Instagram. Facebook owns both apps and I'm sure they are sharing data freely between them. That could be how the link was established.
Good discussion including moxie here.
Error 404 - Sig Not Found
The Facebook app is on just about every smartphone, and slurps up data... *EVEN IF YOU DON'T HAVE A FACEBOOK ACCOUNT*. Let's say you signed up as Jane Doe with phone # 555-987-6543 for 2-factor authentication. Let's say the several of your friends who do *NOT* have a FB account, have you listed in their contacts list as JOHN SMITH at phone # 555-987-6543.
The FB app on their phones will slurp up that data and "phone home". Now Facebook knows that phone # 555-987-6543 really belongs to John Smith, not Jane Doe. Phone numbers are unique; they have to be.
Facebook can pay millions to telcos and OEMs to include their app on smartphones. Given a list of phone numbers and names, and access to contact lists, it's a simple excercise to craft an SQL query to figure out who is in who's contact list... i.e. people you may know.
Suggestion, what if you get a second phone, a "burner phone" on a cheap Pay-As-You-Go plan, and do *NOT* share the phone number with anyone? Would that throw a wrench in the works? Do telcos sell subscriber data to Facebook?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Yeah, but removing those permissions using privacy control is trivial. Or Xposed.
If you don't use those, all that information about you could already be on the dark internet due to other apps.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
Yeah, but removing those permissions using privacy control is trivial.
What is privacy control?
Or Xposed.
That doesn't work on my phone.
If you don't use those, all that information about you could already be on the dark internet due to other apps.
Again, this was less about my privacy and more about attack surface in an app that wnats to be seen as highly secure.
CLI paste? paste.pr0.tips!
How is the suggestion hurting you? What can hurt you is that they know a lot about you. Are you one of the "ignorance is bliss" guys ?
Bingo Dictionary - Pragmatist, n. A myopic idealist.
Ok, my phone was not in English so couldn't check the real name in
English : privacy guard. My rough translation turned out to be stupid.
Again, this was less about my privacy and more about attack surface in an app that wnats to be seen as highly secure.
I respect that, but these privacy enhancing steps do reduce the attack surface too to some non-trivial extent. E.g. when you use Xposed to block some method call by the app, the real code to , say, obtain your contacts, is not run, but Xposed shows the middle finger to the app.
Remember - permission by itself doesn't hurt you unless it is used. By the app intentionally, or after being hacked. Xposed prevents the usage of the permission. It doesn't prevent the method being called - but it does the next best thing - implementation is changed to a much simpler one protecting your data as well as reducing attack surface.
It would be best to not have all that attack surface area, but we need to live in reality.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
My name is worldwide unique. If you google my name, you will find me, and only me.
Plus a few things I have invented just in case some nosy prospective employer is snooping around. ;)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow."
Sharing the IP address with somebody doesn't mean they are related, it can also mean they share the same Internet Service Provider, they work in the same company, they sit in the same Starbucks, they use the same VPN, ....
And with all those thing they 'might' know each other, which is what the thing is suggesting.
I'd just say this a perfect example of why your profile picture should never be a picture of yourself but I seem to be in the minority on that these days.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
Nope. no effort involved.
Change is certain; progress is not obligatory.
Every cell phone has unique identifiable attributes. They are using these now to identify.
So if you want to keep two distinct lives separate, you essentially need to have two separate phones. And I would go so far as to say on two separate plans. Keep your everday on a main service provider. Keep your incognito you, on a pre-paid phone.
At a friend's house and had a passing conversation about their new ladder-style towel rack. I never searched for such a thing in my life, but Facebook began to present ads for them to me. I first thought Siri/Alexa/Samsung TV, but am now suspecting (after comments here) that using their wireless was the trigger.
Because if not, there's a good chance Facebook was simply responding to an earlier cookie.
~REZ~ #43301. Who'd fake being me anyway?
You're all forgetting the simplest solution.
the facebook engineer was a client!
If they work in the same company or sit in the same Starbucks then there's a chance they might know each other.
Same here, a friend suggested it to me, when I saw the list of permissions it was requesting I shut it down. I fail to see why a messaging application needs that many permissions to send a message. Reminds me of blackberry back in the day when it was still popular, needed a torch app quick, but every single one I tried wanted god rights on my phone! For a torch? Eventually got up and went and found a real torch.
There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.