Slashdot Mirror
How Facebook Outs Sex Workers (gizmodo.com)
An anonymous reader shares a Gizmodo report: Leila has two identities, but Facebook is only supposed to know about one of them. Leila is a sex worker. She goes to great lengths to keep separate identities for ordinary life and for sex work, to avoid stigma, arrest, professional blowback, or clients who might be stalkers (or worse). Her "real identity" -- the public one, who lives in California, uses an academic email address, and posts about politics -- joined Facebook in 2011. Her sex-work identity is not on the social network at all; for it, she uses a different email address, a different phone number, and a different name. Yet earlier this year, looking at Facebook's "People You May Know" recommendations, Leila (a name I'm using in place of either of the names she uses) was shocked to see some of her regular sex-work clients. Despite the fact that she'd only given Facebook information from her vanilla identity, the company had somehow discerned her real-world connection to these people -- and, even more horrifyingly, her account was potentially being presented to them as a friend suggestion too, outing her regular identity to them. Because Facebook insists on concealing the methods and data it uses to link one user to another, Leila is not able to find out how the network exposed her or take steps to prevent it from happening again. "We're living in an age where you can weaponize personal information against people"Kashmir Hill, the reporter who wrote the above story, a few weeks ago shared another similar incident.
criminalizing prostitution.
This is probably due to someone posting a photo with both people in it. Facebook will use facial recognition on photos, and when it sees two people in the same photo, I would expect it to suggest a connection.
Don't use Facebook.
...and this is how it knows who you associate with. In later versions of Android (and perhaps in iOS), you can deny permissions to read your contacts, but the app will likely work hard to get around that.
If you have contacts on your phone that you don't want Facebook to know about, then you must not load their app
- only access them through a dedicated, privacy-focused web browser (or an equivalent sandboxing app).
I like FaceSlim on F-Droid. I would never, ever run their app. That thing is a monster.
No! Are you crazy? I won't delete my Facebook account.
I'll keep it in the empty state it is now, lest someone creates one in my name and abuses it to slander me.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A decade ago Facebook sent me an email, suggesting that I create an account (as I didn't have one) and also telling me that I probably knew three different people - one that I worked with, one that I socialised with and one family member.
None of those people had the same email address for me.
I wonder if the UK DPA or upcoming GDPR legislation will let me force Facebook to reveal their matching algorithm - see Article 15 paragraph 1(h) of the regulation (PDF at http://eur-lex.europa.eu/legal... )
Location is part of the algorithm: basically Facebook knows that those 2 "accounts" were near each other for X amount of time.
A good reason to move to Signal, it is free and does not sell your data.
https://signal.org/
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
I come from a middle eastern Muslim country. My views about religion and other issues will surely anger people I know. To vent, I made two accounts on facebook, one for my friends, and one where I express my views including religious ones under a separate identity.
On the 'anonymous' account, I just put my first name and at worst, extremely general hints about my life , since I assumed no one I know will see it. I used a separate, anonymous, e-mail for this account, and used to access it from a separate browser. The only link was probably my IP address / user agent, or maybe I tried to view my profile from the other account, but that's it.
I was once chatting with a real-life Muslim friend and she started making hints about statuses I post on my other account. Nothing serious happened, since shes a terrible Muslim herself, but this could have easily put my life in danger had this been known to other people. I learned to NEVER trust facebook with my privacy ever since this happened.
"People can always control who can send them friend requests by visiting their account settings," said the spokesperson. "If they select 'no one,' they won't appear in others' People You May Know."
Um, Facebook removed the option for "no one" to send friend requests years ago. The most restrictive now is "Friends of friends".
Stop being on Facebook.
Except Facebook will remember you even if you delete your account.
Except Facebook will remember you even if you have separate accounts.
Except Facebook will find out who you are if you have friends and family on Facebook. Especially if they mention you by name in a Facebook post.
Except Facebook is probably tracking you right now because of all those little "like" buttons you can see everywhere.
Except Facebook... Oh, fsck it, I give up.
Frankly, who needs the NSA when you have Facebook? Oh, wait, they are probably working together right now.
Wasn't there a story about that creep Zuckerberg wanting to become President of the United States of Facebook?
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
I remember a similar story a few months ago. A thief stole someone's phone and the perpetrator was suggested to the victim as "someone you may know." I think the consensus was, just visiting someone's facebook page pulls you into their potential network. I'm guessing she's visited her alter-ego's page at some point (and maybe some of her clients).
The only winning move is to not play. Just get rid of facebook and install uBlock and filters that keep social media at bay.
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
She needs to have a vanilla phone and a sex work not-smartphone, and only carry the appropriate phone at the appropriate time.
#DeleteFacebook
I once tried to create an anonymous (false identity) account on facebook, which I wanted to use to access the private group of a sportsclub that insists on using facebook for sharing pictures and videos, they also use whatsapp.
I don't want to be on facebook, because I don't trust them, so therefore I didn't use any of my know e-mail adresses or phonenumbers (I thought) to create the account.
In the short time the account worked (and I used tor-browser to access facebook, exclusively!) facebook suggested several people whom I know in real life, but who didn't know I was on facebook or with the sportsclub. The account I created did not have a picture of me, but of a doll that didn't look at all like a human face.
I have no clue how this can be done, but facebook has some very sneaky ways to find connections between people. This alone should be enough reason for anyone who wants to keep some social lives separate to avoid facebook altogether. And I'm sure that despite my not being on facebook, it has an entire profile of me waiting to be associated with my account, should I create one.
Someone summarized this quite well: don't use facebook.
Facebook makes suggestions based on correlated movements and positions. If you arrive and depart from the same location at the same time as another person a few times it may suggest them as a friend. There isn't really any mystery to this (unless you are someone like a journalist or Facebook user who never read any of the agreements you accepted).
We could have a debate as to whether or not this should be opt-in, or legal, or whatever, but there shouldn't really be any debate that it is an effective method of determining people who might know each other, and there shouldn't be any mystery that it's done when it has all been plainly discussed before. You can at least opt out of some of it, or adjust your privacy settings to prevent it.
Just imagine that Facebook is your mom and every time you load up the app it's like calling your mom and telling her where you are. And everyone else around you is also calling your mom and telling them they are there too, and you and everybody else are constantly calling back every 10 minutes to give her updates. Provided your mom has a lot of time on her hands and takes really good notes, pretty soon she's going to figure out who you are hanging out with.
There's also the much more critical question "Why the fuck are people still using Facebook after all these nightmarish news?"
#DeleteFacebook
When I was going to install signal because of all the good things I heard about it, my phone presented me with a *massive* list of permissions the Signal app wants:
- read sensitive log data
- find accounts on the device
- read your own contact card
- modify your own contact card
- read calendar events plus confidential information
- add or modify calendar events and send email to guests without owners' knowledge
- find accounts on the device
- read your contacts
- modify your contacts
- approximate location (network-based)
- precise location (GPS and network-based)
- read your text messages (SMS or MMS)
- receive text messages (MMS)
- receive text messages (SMS)
- send SMS messages
- edit your text messages (SMS or MMS)
- directly call phone numbers
- directly call any phone numbers
- modify phone state
- reroute outgoing calls
- read call log
- read phone status and identity
- write call log
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- read the contents of your USB storage
- modify or delete the contents of your USB storage
- take pictures and videos
- record audio
- view Wi-Fi connections
- read phone status and identity
- send WAP-PUSH-received broadcast
- receive data from internet
- view network connections
- create accounts and set passwords
- pair with Bluetooth devices
- send sticky broadcast
- change network connectivity
- connect and disconnect from Wi-Fi
- disable your screen lock
- full network access
- change your audio settings
- read sync settings
- run at startup
- set wallpaper
- use accounts on the device
- control vibration
- prevent device from sleeping
- toggle sync on and off
Needless to say, I backed out.
CLI paste? paste.pr0.tips!
data analytics that would make even the STASI say, "whoa, that's going a little too far"...
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Facebook requires you to use your real name on your account. Failure to do so is a violation of their terms of service and they can lock your account.
Sartre is probably rolling at his grave at the prospect of locking accounts that people don't have, as punishment for behavior they aren't doing, to accounts they don't have. Are you seriously suggesting that she's violating the ToS by not having a second account using her professional name? She is already using her real name on the account she does have according to the summary.
Inheritance is the sincerest form of nepotism.
Very likely her clients had searched for her too. Often times Facebook will show you people who have searched for your profile, even if they haven't friended you.
No, I understand. But I'm assuming that people still *care* that Facebook has this information even if they don't personally *see* it.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Here's what they say they need all of that for.
https://support.signal.org/hc/...
Competition Good, Monopoly Bad.
Not only IP addresses.
Facebook connected me with someone I had brief contact with from back in the late 1980â(TM)s and FIDO BBSâ(TM)s. Predating my time on the Internet, this was puzzling to me.
It turned out I contacted them once via hotmail and that was it.
Yet somehow Facebook has this information, and to this day continually lists them in the âoepeople you may knowâ section.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
More likely the simple answer is that she was clueless about how deep their tentacles are and used the same browser without logging out of Facebook first. Thus since just about every website insists on haven't FB's "like" button somewhere on their page, FB gets the details to do the math.
A smart person (can that be said of a Facebook user?) would at least go as far as using an entirely separate computer for business and personal stuff. Still not fool proof by any stretch, but every little bit helps.
âoeHer sex-work identity is not on the social network at all; for it, she uses a different email address, a different phone number, and a different name.â
If sheâ(TM)s not logging in to a different identity at all on Facebook, how?
Your missing the point, even if you have never created a facebook account one exists for you they created. Thus if someone uploaded a picture of you to facebook and tagged your name in it, then they can tag your name on every picture uploaded to them with you in, even if they don't automatically tag those pictures they sure as hell know who you are and your name and relationships at a minimum. At this point there are probably very few people in the world that haven't had a picture of them uploaded and tagged.
There WASN'T two accounts-- she DID NOT HAVE an account for her professional work.
Seriously, how hard is it to read a damn article before taking the know-it-all route.
I think the implication is that Facebook is not suitable for her kind of work because it doesn't permit aliases.
A friend of mine who's living in a homophobic community had two Facebook profiles. One was squeaky-clean closet guy, the other was for the guys from the gay bars.
He added me on the squeaky-clean profile, but I would regularly get "people you might know" and it was his gay-bar profile. I warned him about it and he no longer uses Facebook for anything.
Ad tracking networks will still link her if she is on the same IP address.
According to the summary(That you obviously didn't read), she only has a FB account that's linked to her real life identity.
Her sex-work identity is not on the social network at all
There is no other account for FB to conclude is owned by the same person.
Whatever is happening isn't what you think is.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Six or seven years ago, when I first started using Facebook, it kept suggesting a landlord I'd had five years previously as someone I might know. He was an okay guy, but we never socialized beyond pleasantries when I handed him the rent check and we had no online connections at all. I presume FB is either searching through municipal records or purchasing banking data.
Proud member of the Weirdo-American community.
It trivial for Facebook to link the identities, she is using the same IP address to log in for both of them. It is then reasonable for the Facebook algorithm to guess that people logging in from the same IP address are related somehow.
More likely the simple answer is that she was clueless about how deep their tentacles are and used the same browser without logging out of Facebook first. Thus since just about every website insists on haven't FB's "like" button somewhere on their page, FB gets the details to do the math.
A smart person (can that be said of a Facebook user?) would at least go as far as using an entirely separate computer for business and personal stuff. Still not fool proof by any stretch, but every little bit helps.
She is in the sex industry. I have a feeling she knows exactly how deep tentacles can go.
Many on the left would love to decriminalize sex work. I think if you look at opinion-pieces on this, you'll find virtually everyone for legalization to be either a libertarian or a liberal.
The criminalization of prostitution doesn't fix any of those negative aspects. Decriminalization allows us to tax it. When we tax something we keep records and make requirements/offer services to the workers in that industry. Those requirements/services would be aimed at reducing the issues you're speaking of above. There will still be illegal prostitution, but legalization would greatly diminish that.
Prohibition didn't solve the evils of alcohol, they exacerbated them. The war on drugs hasn't stopped drug us, it's simply exacerbated the negative affect it had on society.
The first-order vs. higher-order stuff you're prattling about above is not directly connected with party affiliation. Stupid people only think about first-order affects. There are stupid people on either end of the spectrum.
Meanwhile, please point me to one member of congress presenting a "proper solution that provides far more balance and tries to avoid unintended side effects" for the ills of sex workers and their clients. By which I mean a solution other than "more prison, bigger guns."
Since the client code is open source, you could in theory hack up your own client that doesn't use any of that?
John has exchanged email with leila_sexworker
John's emails contain headers which include leila's IP address
John lets Facebook see his emails
There are several, perhaps many Johns
Facebook sees that all these Johns have leila_sexworker in common
Facebook sees leila's IP address and matches it with its own records
Facebook sees leila_clean logging in to Facebook from the same IP address, repeatedly
Facebook makes the connection
This is the correct answer. Facebook sees you in the same location, (by network or GPS association) and therefore decides you might want to be friends.
This wonderful piece of logic is exactly what you need to become better acquainted with that creepy guy who always seems to be hanging around your gym. Or the work colleague that you tolerate but certainly don't want to socialise with. Or your annoying neighbour. Or your stalker.
Which begs the question - why does Facebook suggest 'people you might know' based on anything other than their being Facebook friends of your Facebook friends? And how would it hurt them to let you opt out of that?
The weird thing is that, having put enough effort into this particularly creepy kind of 'connection', the actual 'search for people you know' functionality on Facebook is horrible. You can search by name - that's it. Useless for any kind of common name - and even when the person you're searching for shows up in the list, you can't narrow it down by searching on location or any other keywords, so if you don't recognize their photo, you're out of luck.
Posted from my Android phone. Oh, I can change this? There, that's better...
There's a few more things that go into fingerprinting. Unless she was using different VMs on different computers the algorithm I sold years ago to one of those evil advertising corporations would correlate.
IP isn't as unique as you'd think. I've seem colleges have ONE public IP for all outbound data across campus, including all dorms. Start adding in other information your browser gives away like extensions and versions, user agent, screen resolution, mouse sensitivity, etc etc and you can narrow down to a single machine. If you have additional data like facebook does (every single page that includes a facebook button or comment section is used to profile you), you can even discern beyond machine to user-of-said-machine.
Probably snoops your browser history and tracks to which cell towers your phone connects to as well.
A while back, son of a distant cousin (distant in relation, close geographically) had some issues with his PC so he called me for help.
It sounded like the issue was power related but he assured me that his PSU had enough power to run it all.
It was the PSU. He read the wrong numbers on the box.
BUT... After I downloaded a GPU test to check my suspicions about his computer, which naturally required an internet connection, and he took his computer home with an advice what to buy so his games would no longer crash the system - he starts appearing as "people you may know" on my Facebook profile.
Despite the fact that we have no direct connection on Facebook. His dad is not on any social network. Same for his mom.
And he's too young to be in social circles of our mutual cousins.
But once his computer connected to the internet through my router... there he is.
On another note... got a new phone which (naturally) has cell tower broadcast notifications turned on by default.
Which I notice only as it starts pinging me with notifications as I go around town and move between different cell towers.
Coincidentally, during that same walk I notice a former colleague on the other side of the street, going home from work.
He doesn't even notice me, he's on the other side of the street, there's traffic between us, and I'm not about to shout and wave or jump around for him to notice me.
We never were that close anyway... which is the reason why I don't have him in my Facebook contacts.
But we do both have some of the same former colleagues in our friend lists... and I was just in his neighborhood.
And there he is the next day on top of the "people you may know" list. He was probably on it the whole time... but now he's on top of it.
As soon as his phone and my phone were near the same cell tower at the same time and as my phone connected to my wireless router once back home.
Facebook has shadow profiles on everyone already.
All it needs is for some of the gathered data to start matching to geographical and time coordinates one's technology, friends or even interests leave all over the place - and it can start making some pretty educated guesses.
Mit der Dummheit kämpfen Götter selbst vergebens
From TFA: "People You May Know suggestions are not informed by your smartphone’s Location Services." Which is an interesting set of weasel-words. It may not use the phone's Location Services, but if the app is looking at available Access Points, it could be feeding requests to a *Facebook* Location Service.