Mark Zuckerberg Denies Knowledge of Non-Consensual Shadow Profiles Facebook Has Been Building of Non-Users For Years

It has been widely reported that Facebook builds profile of people even if they have never signed up for its services. However, in a hearing with the House Energy & Commerce Committee on Wednesday, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it. Here's the exchange: Lujan: Facebook has detailed profiles on people who have never signed up for Facebook, yes or no?
Zuckerberg: Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers].
Lujan: So these are called shadow profiles, is that what they've been referred to by some?
Zuckerberg: Congressman, I'm not, I'm not familiar with that.
Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.
Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?
Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information ... we need to know when someone is repeatedly trying to access our services.

tl;dr: fu mr congressman

zuck is such an asshat

Misleading title - he admits data is collected

He doesn't deny knowledge of it, he says they do! And he just doesn't have the data on hand. Sheesh, what a misleading title.

Everyone knows Shadow Profiles are real, that is how they know all the info they do when you sign up.

Re:Misleading title - he admits data is collected

He also is clearly not talking about shadow profiles here.

His answers are that they track access by non-logged in users in order to determine whether they are trying to scrape data against TOS.

Shadow Profiles are the alleged profiles Facebook generates algorithmically to fill in the gaps in their network based on extrapolation from information provided by users. Like, they might determine that the same face appears in photos uploaded by several mutual friends some of whom tagged the same name not in any of their fried list and generate a "shadow profile" with that name linked to those real profiles to represent the non-user in the photos.

Re:Misleading title - he admits data is collected

I myself have never ever signed up for Facebook. I have never wanted it. But, I have several friends that have an account. One photo taken at a Christmas party was tagged with my name even though I have no account. When viewing Facebook from another friend, they get my name on photos from friends we have in common. I know it happens.

Re:Misleading title - he admits data is collected

[Austerity+Empowers]

I think he denied the vocabulary word "Shadow Profile", which is reasonable to do since the term has no accepted definition in his context. A definition was asserted (which may or may not correlate to common parlance), and he admitted to doing what was asked.

I'm not sure there's anything to see here, except maybe the congressman asked the wrong question or asserted the wrong definition. I'm thinking the latter.

Re: Misleading title - he admits data is collected

Only the dumb public calls them shadow profiles. That's why he cannot answer properly, he doesn't get what the question is about. Inside fb those are just normal user profiles except without any login credentials set.

Re:Misleading title - he admits data is collected

Maybe they tagged you manually. Facebook allows you to do that.

Re:Misleading title - he admits data is collected

[93+Escort+Wagon]

He also is clearly not talking about shadow profiles here.

I think the term is "dissembling".

But, really, based on decades and decades of prior examples... he knows doesn't have to walk away smelling like a rose. He can walk away with the committee grumbling loudly, and they're still not going to do anything substantive to protect the hoi-polloi. Congress-critters generally are generally very reluctant to take steps which penalize billionaires to any significant degree.

Re:Misleading title - he admits data is collected

[Sarten-X]

It seems to me that the congressman had a particular narrative he wanted to fit.

"Shadow profiles" sounds scary and mysterious. In a previous big-data job, I used the term "unassociated data" to describe when we had a connected set of records that didn't match any known individual. They still existed as records, and we didn't discard them... but they weren't anything personally identifiable until we stumbled across a record that tied them to known individuals (and when that happened, our term for that connecting record was the "decoder ring").

Re:Misleading title - he admits data is collected

Mark Zuckerberg looks like a lying snake. Who believes he didn't knew? What kind of CEO doesn't know what their company is up to? Fortunately I don't own any Facebook stocks because I believe Facbook is about to Faceplant!

Re:Misleading title - he admits data is collected

[mysidia]

Yes..... But in the Slashdot summary Zuck seemed to be conflating "Shadow profiles of Non-Users" with
"History of pages viewed by IP addresses visiting Facebook.com without logging in"

Implying that the "Shadow profile" was required for a security purpose is deliberately deceptive (IMO).... If you visit Facebook.com you're an "Anonymous Facebook user"

Whereas a "Shadow Profile" is not IP addresses/"knowledge when someone is repeatedly trying to access our services."
BUT Shadow profiles are Personal Information collected through 3rd party sources about real persons who have never created an account or personally provided the information directly on Facebook.com.

Re:Misleading title - he admits data is collected

[quantaman]

He doesn't deny knowledge of it, he says they do! And he just doesn't have the data on hand. Sheesh, what a misleading title.

Everyone knows Shadow Profiles are real, that is how they know all the info they do when you sign up.

He is denying that he has any knowledge of the shadow profiles.

Lujan: So these are called shadow profiles, is that what they've been referred to by some?
Zuckerberg: Congressman, I'm not, I'm not familiar with that.
Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.

I think the congressman let him off a bit easy, I wouldn't expect him to know much about the number of data points. But for a person who has never signed up does Facebook keep track of their likely friends? Do they build profiles of IPs that browse 3rd party sites that use FB plugins? Does it attempt to associate the names of non-FB users with their IPs?

Even just ask for some examples of data that FB would have on non-FB users.

Re:Misleading title - he admits data is collected

[nedlohs]

Nice to start your quote on the line after the statement from Zuckerberg acknowledging the existence of such profiles. He of course obfuscated as much as possible with the red herring of security.

All he denied was being familiar with them being called "shadow profiles" (which does seem a rather unlikely name for them to be called internally) and knowing how many data points they have on average.

Re:Misleading title - he admits data is collected

[Cajun+Hell]

All that means is simply that your "friend" told Facebook the name that goes with the face. Having a name associated with a photo isn't quite the same as a shadow profile (at least the way people usually mean it, though I guess you could make an argument that it's a rudimentary version of one).

But that doesn't mean the name in the photo is associated with the cookie that you're sent every time you load a page with a "like" button. It could happen, but I don't know if anyone has presented evidence that it does happen.

Re:Misleading title - he admits data is collected

[mrbester]

Dissembling is correct.

He may as well have just replied "Sorry, my answers are limited. You must ask the right questions" to everything.

Re:Misleading title - he admits data is collected

[youngone]

After having a quick look at this I am wondering if this is not a good way to get Facebook to give more in campaign contributions, as it says they have spent $7 million over the last 12 years, which sounds like almost nothing.
It could be seen as "We will make your life uncomfortable regularly unless we get more of that sweet, sweet cash".
After all, the way Facebook runs its business is none of congress' business.

Re:Misleading title - he admits data is collected

[daq+man]

I don't want to be associated with Facebook then Facebook should "notice" that I am not a user and not associate my name with the photo.

One of the things that shocked me when I tried out Facebook, and a thing that made me delete the account immediately, was how much they already knew about me BEFORE I ever told them anything. They knew my kids, my neighbours, the local swimming pool, where I work, etc etc. I didn't need to be telling them anything else.

Re:Misleading title - he admits data is collected

[Peter+P+Peters]

It seems to me that the congressman had a particular narrative he wanted to fit.

"Shadow profiles" sounds scary and mysterious. In a previous big-data job, I used the term "unassociated data" to describe when we had a connected set of records that didn't match any known individual.

So shouldn't Zucks said something similar? By denying then sort of describing something exactly is what makes this scary and mysterious. It's deliberate obfuscation that is the problem...

Re:Misleading title - he admits data is collected

It seems to me that the congressman had a particular narrative he wanted to fit.

Sure, but so did Zuckerberg.
He could just have answered that they call them "Unregistered accounts" or whatever, instead he went for "I do not know."
Since he admitted that they do it it seems that he would at least be familiar with the term they use in house.
Seems a lot like the congressman have been told what they call those profiles in house and decided to use that expression.

Rather silly of Zuckerberg to deny it. People who don't commit crimes occasionally puts unfortunate names on things and it is not like we don't have plenty of examples of criminals using benign names either.

A someone in a cyberpunk forum pointed out: The omnipresent companies of today are pretty much the megacorps described in 90's cyberpunk but instead of being called CyberCorp and OmniSys they are called Alphabet and Facebook.
Them ore evil you are the more important it is to have a legit and child friendly front.

Re:Misleading title - he admits data is collected

[rtb61]

They also failed to mention the Facebook scripts and cookies on websites that also gather up your data, not just visiting the site, from a link on a different web site. So I do block Facebook script and cookies and if they still have a profile on me, that would be a real invasion of privacy, I actively take steps to avoid being in their database which they would have to subvert in order to get me in there. Mark Zuckerberg quote "They trust me, Dumb fucks " https://en.wikiquote.org/wiki/..., that was also a reason why I dropped the platform, some people don't ever change their stripes and as far as Mark Zuckerberg is concerned, you are a dumb fuck if you trust him, I would have to agree with that opinion, especially once you are aware of that quote (I really do not understand why anyone would trust him after that quote, I really do not).

Re: Misleading title - he admits data is collected

[cyber-vandal]

Absolutely. That means they should immediately lose corporate personhood and limited liability protections because how they run their business is nothing to do with the government.

Re:Misleading title - he admits data is collected

a shadow profile is this:
a set of data about some specific individual
we haven't (yet) figured out which physical person that individual is, but we're building our collection of data about him anyway.

in other words its a profile of an individual without a name attached

Re:Misleading title - he admits data is collected

[elgatozorbas]

It seems to me that the congressman had a particular narrative he wanted to fit.

"Shadow profiles" sounds scary and mysterious.

And quite rightly so. Whetever you may have liked to call it, this boils down to unwantedly and unknowingly collection data about other persons. Moreover, afaik the profiles involved are identifiable.

Re:Misleading title - he admits data is collected

I don't want to be associated with Facebook then Facebook should "notice" that I am not a user and not associate my name with the photo.

One of the things that shocked me when I tried out Facebook, and a thing that made me delete the account immediately, was how much they already knew about me BEFORE I ever told them anything. They knew my kids, my neighbours, the local swimming pool, where I work, etc etc. I didn't need to be telling them anything else.

No, you should tell your friend to not put your name on FB, it is not FB's job to automatically disassociate your name with the photo.

Re:Misleading title - he admits data is collected

Didn't you see the lobbyist behind Zuckerberg nodding at the Senate audience and sizing them up.

Re: Misleading title - he admits data is collected

[interstellarsurfer]

We live in the 21st century - If it can happen, it does happen, especially if there is profit to be made by it.

Re:Misleading title - he admits data is collected

All that means is simply that your "friend" told Facebook the name that goes with the face.

And FB will use your contacts list to determine the email address and other details for that name, log your communications with that person and look for other FB users who do the same. They end up with a social graph of a person who never signed up, which includes a lot of personal information for which they never obtained consent. "Shadow profile" seems a very appropriate name for this.

Re:Mental gymnastics

[Ichijo]

How is a non-user different from someone who is neither a user nor a non-user?

Wow

[Chris+Mattern]

"Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers]. "

So, then, you're telling us that you're collecting the data to ensure nobody is collecting that data, is that correct?

Re:Wow

Of course. The data is valuable. Facebook wants it, and Facebook doesn't want screen-scrapers to get it.

It makes perfect sense.

Re:Wow

[HornWumpus]

Won't stop them. They can slow down the screen scrapers, cost them money, but that's all.

Especially now that facebook is restricting it's API. So now phone apps will scrape directly and upload to their servers. Especially unauthorized by facebook phone apps.

Re:Mental gymnastics

[Rick+Schumann]

If they have the MAC of any ethernet device that I own, then there is something seriously wrong with the public Internet that needs to be fixed immediately -- either that or everyone has out-and-out spyware on their computers and devices. Beyond your local network no one should have your MAC.

Non-consensual Facebooking

[sinij]

I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

Re:Non-consensual Facebooking

[OrangeTide]

I don't consent to political campaigns calling me up during election season. But there are public records and they've been doing this for decades. That you have some right to not have your public information accessed is some new right that currently does not exist in US legal code. Perhaps congress will write a new law, but until then it's a bit premature to get upset over something that we've tolerated for so long. (or at least spread your outrage out among the many marketing and political firms that have done similar things over the decades)

Re:Non-consensual Facebooking

I don't understand why they left him off the hook so easily on this point.

Surely he's contributed millions to the campaign funds of every congresscritter that questioned him.

He owns them.

And that answers your question.

Re:Non-consensual Facebooking

[habig]

I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

Wait - doesn't anyone with an html server collect data on the visits to their pages? And facebook is simply a really fancy pile of webpages, from the perspective of an outside user without an account. So: anyone with apache and webalizer now needs people opting in?

Not that I'm a fan of facebook - I've studiously avoided signing up - but datamining your own server logs for web traffic seems a perfectly legit thing to do. You can "opt out" by never clicking on a facebook link, turning off 3rd party cookies, adblock, noscript, ghostery, etc. Same as with any other dubious website.

Re:Non-consensual Facebooking

[sinij]

Ted Stevens, is that you posting from beyond the grave? Because comparing digital tracking FB does to a publicly-listed PSTN number is rather flawed comparison.

A better comparison would be a third party wiretapping your phone, creating a list of everyone you calling to, then selling such list for profit.

Re:Non-consensual Facebooking

[sinij]

Your argument falls apart at "You can opt out". The issue with FB is that they not only track you when you visit www.facebook.com, but also across many, many other websites and they not only record your ip address and so on, but they also correlate that to private information they have on you.

Re:Non-consensual Facebooking

Why did they let him off the hook so easily?
https://www.opensecrets.org/lobby/clientagns.php?id=D000033563&year=2017

Re:Non-consensual Facebooking

can you opt out of society?
if you ever communicate digitally with someone else who is on facebook, and lets be real you must have, then they have your info
cloak your activity all you want, someone you know will leak it all for you

I doubt they even look at server logs, that's so 90's and quaint.

Re:Non-consensual Facebooking

[TsuruchiBrian]

They aren't really smart enough to do anything but grandstand. They may as well be grilling a physicist about quantum theory. They know they don't know anything. The least they could do is try to look important during this historic occasion.

Re:Non-consensual Facebooking

[ewibble]

From the exchange:
I think this point is a bit pathetic. If you visit the facebook site, they collect your ip/mac address so they can tell if you are accessing an unreasonably large number of pages, or trying to brute force someone's password. Big deal. Don't visit the facebook site if you don't want that data collected.

On the other hand if it is more than that, like building up a profile of you from third party sites or intentionally building a profile from what other people post about you then that is bad. Clearly they have data about you if other people post information about you.

Re:Non-consensual Facebooking

Political campaigns don't get to look at the phone and email contacts of people on their lists. Facebook does precisely that. I must have missed the part about how that is public information.

Re:Non-consensual Facebooking

[bluefoxlucid]

I don't consent to political campaigns calling me up during election season. But there are public records and they've been doing this for decades

Actually, we can't use them.

To call or e-mail you, I have to purchase a list of contact data from an appending service. These in turn get them from data warehouses, who get them by purchasing from organizations who directly connect with those persons.

You know that thing where your contract says your information "may be shared with partners" or some such?

You sign up for a service or donate to a charity. Hell, a politician knocks on your door and you sign up for their Web page.

They build a giant database of contact information and voter/donor/volunteer/user/etc research.

That information gets shared or sold to other organizations--two wildlife charities might mutually exchange their lists under NDA so they both benefit from greater access to donors.

The information not under such sharing generally gets sold.

We pay 3 cents per successful record append to turn your voter history (purchased from the State for use only in conjunction with a political campaign) and information into contact info. Name and address go in, phone numbers and e-mails come out. Donor information, social networking profiles, and the like might come along with that, too.

Yes, you consented to this. Unfortunately, we let people consent to far too much without requiring them to understand the ramifications, or putting a timer on that data so it has to go away after a few years. We should have a small number of certified data warehouses who can buy, aggregate, and provide information, with limits on where it can come from, how long it can be stored, and how aggregate information can be disseminated. instead, everyone is a data warehouse, and they sell and distribute the information however they want.

It's really a question of what we can give up. There's likely a sweet spot where you've only lost a little functionality, and can work around that easily, while gaining plenty of privacy; and then there's that last bit of privacy to gain, but cutting deeper starts rapidly shoving us back into the 90s where all this convenience wasn't around while not protecting us very much more at all. The first step is to identify that range and abut up to it; the second is to determine what protections we need and what we have to sacrifice to get them.

The most extreme example would be eliminating so much data sharing that OAUTH2 isn't a thing: you can't sign up to services with Google or use things like Disqus because of strict data privacy laws preventing the kind of sharing that this requires. Obviously, we're not going that far: those kinds of conveniences require very little data sharing, and it's obvious what's shared of the necessary things (i.e. your e-mail address, or some unique identifier; if it fills in your name, you can actually see that).

I'm most-concerned with background collection and retention. You got on Slashdot. Slashdot has a Facebook log-in thing. Facebook is able to track your activity here because there's a Facebook pixel--even if you're anonymous. That's stuff around which we need strict controls and won't lose much for it, so that's going right at the top of my list.

Re:Non-consensual Facebooking

[OrangeTide]

You know that thing where your contract says your information "may be shared with partners" or some such?

Yes. I've always declined. And I'm on the do-not-call list. But these campaign guys still find me, and somehow are exempt from most of the rules that private business must adhere to.

We pay 3 cents per successful record append to turn your voter history (purchased from the State for use only in conjunction with a political campaign) and information into contact info. Name and address go in, phone numbers and e-mails come out. Donor information, social networking profiles, and the like might come along with that, too.

Kind of my point. conceptually no difference, even if you use different mechanisms for the processing and scraping of information.

Re:Non-consensual Facebooking

[Austerity+Empowers]

A better comparison would be a third party wiretapping your phone, creating a list of everyone you calling to, then selling such list for profit.

I think that's not a good example, if they were doing that then hopefully people go to jail.

I think a better comparison is wiretapping all of your friends and associates who all consented to it, and recording their side of the conversation, and interpolating things about you and your actions from the references. Then associating that with publicly available information about you.

It's not the same thing, and it does not seem like the law has anything to say about it. Friends are allowed to snitch on your activities to the police, the police are allowed to act on it, and it is admissible in court. There are a few exceptions that vary from place to place (doctors, lawyers, sometimes spouses, etc.). I think this is just the first time in history so much of this is thrust into the public for all to see. Normally what you and your friends do is localized to your local social/geographical sphere, it's not easily searched.

Re:Non-consensual Facebooking

Yes.

So does Google. Same issue, maybe even more.

Re:Non-consensual Facebooking

They may be 'wiretapping', but you consent when you clicked 'Okay'. Currently there is no law against this. And there shouldn't be. It just has to be unobtrusive and passive, and I demand the same access to my data that they have, all of it, government/corporate, all of it. And I want the ability to collect data on the data collectors. We have to make this a two way street by whatever technical means we can dream up. We must permit no advantage to anybody! Then we can all enjoy the real conveniences that data collection provides (just think, you only have to fill the form out once!). It will enrich us all if we demand it. Our present direction of obfuscation and deception only leads to impoverishment.

Re:Non-consensual Facebooking

[bluefoxlucid]

Kind of, but not really. Public information (e.g. FEC donor data) can't be used for leads; we legally have to get a lead, then use public information to correlate. That's why there's this whole Rube Goldberg machine of subscriber list sharing and sale.

The Federal DNC registry doesn't apply to politicians, although I filter my lists anyway (I'll put those folks last, and I'll leave off the non-voting donors if I'm well-funded; voters are frequently happy to talk to someone about their needs anyway). Robokiller advertises themselves heavily as being ready to block political robocalls, with the obvious caveat that they're trying to sell you something which might actually work, or might not.

For $3/month, you might be better off just donating $10 to someone's campaign and dealing with it, as long as you're not getting inundated with political calls. If you're getting 2-3 a day, well... engagement in the democratic process is one thing, but daily and non-stop harassment is just asinine. We're supposed to keep lists of who we already called and not pester them again (that's what e-mail is for!).

Re:Non-consensual Facebooking

[Zmobie]

You're joking right? You just listed like 5 fairly technical things for a user to do before they can "opt out" of Facebook tracking most of their internet habits. Do you seriously expect everyone to be doing that? Even people that semi embraced tech don't understand how 90% of that works and usually have to have a techie friend or family member inform them/do it for them. So now anyone with a modicum of tech expertise has to be a steward to create a viable opt out option? That doesn't even mention the thousand other things they can do to circumvent someone doing all that (1x1 pixel trick anyone?).

Server logs in the sense of someone explicitly going to the domain is one thing, and even to a lesser degree accessing the API explicitly such as clicking the stupid like button on some website. Problem is they are harvesting information on other sites simply because the page loaded the like button. Real damn lovely word play there to say they are only looking at their own servers logs, but they are filling them with massive amounts of harvested information that people don't even realize they can get to unless they are tech savvy. Not to mention there is no explicit opt out option. Short of knowing before you even open the page that there is Facebook integration (and these days basically EVERYTHING has social media integration) users have no idea they are essentially auto consenting to this crap. So now I have to opt out of the internet? Sounds reasonable...

This doesn't even address the issue of other people giving them data about you knowingly or unknowingly. Picture uploads where they use facial recognition to build profiles of everyone in the photo whether they are on the site or not. Other people posting information about someone else and them harvesting it into the profile. Other people making fucking profiles of someone else (this one happened to me, only reason I have a Facebook account now is to control my own profile and protect friends and family from a false 'me' contacting them on there). Now I also have to opt out of having my picture taken, going into any store that might have some type of recording device, or going anywhere near anything that can recognize my face? Maybe I'll just wear a mask! Or better yet move to a cabin in the damn woods and live like a mountain man...

Ian Malcolm put it quite well, they were so focused on could they do it (and how much money they could make from doing it) that none of them ever asked if they should do it or, adding on to it, the right way to do it.

This company and others like them have absolutely no incentive to self-regulate to any real degree. They might pay lip service for PR purposes or to create an illusion of them 'protecting your information.' Most people don't understand half of what they are doing though and don't listen to those of us that do. I am not for tons of government intervention and regulation necessarily, but there is no other solution in my opinion. The free market doesn't solve this problem, laws, binding agreements, and enforcement does.

This should be the day of reckoning for them. I don't have a ton of faith that it will be because of some inept asshats representing the country's interests in Congress currently (pretty sure I saw an article about how over half the committees interviewing Zuckerburg received significant campaign contributions from Facebook), but it damn sure should hit them hard. Maybe I'll be wrong and the Republicans are so desperate to hit liberal Silicon Valley they will take the beating stick to them, but even that will be for the wrong reasons and likely will be targeted on a partisan basis. Every company needs to have privacy regulation imposed on them badly in my opinion. Personally, I'd be all for a US version of the GDPR getting passed, but maybe that is just me.

Re:Non-consensual Facebooking

I don't understand why they left him off the hook so easily on this point.

He has a lot of data on them too (more than wikileaks), and a congressperson is easy to blackmail. Imagine a facebook/wikileaks combo. They will tread lightly, like they do with the banks. This too, will pass. And most of them will be reelected.

Re:Non-consensual Facebooking

[OrangeTide]

You're encouraging me to mail my political donations anonymously. I'm not sure if a campaign is even allowed to accept an envelope with a $10 bill in it and no return address.

Democracy is fine, I'll participate up to the point it interferes with me being a recluse.

Re: Non-consensual Facebooking

[liefer]

I feel like there's a pretty damn big difference between just your name and phone number, and a detailed profile with information about every website you visit, every article you read and all your interests

Re:Non-consensual Facebooking

[bluefoxlucid]

Legally, we have to go and make a best-effort attempt to get the name, address, and employer of the donor. If the contribution is small enough, it's kept; if not or it's suspected illegal, it's disbursed by either returning, not cashing (check), or donating to charity or the US Treasury for deposit in the General Fund.

My point was more that a large volume of calls is a public nuisance, whereas a small volume of calls is likely not worth your effort to try and get rid of, and you may as well just wave them away or otherwise engage with the political process for the 45- and 60-day windows. What's "large" and "small" is a matter of personal taste.

Re:Non-consensual Facebooking

[OrangeTide]

large, for me, is more than one unsolicited call per year. Ideal would be less than 1 per decade.

Re:Non-consensual Facebooking

[nitehawk214]

I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

Oh yeah, the bribes.

Re:Non-consensual Facebooking

[SeaFox]

They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

"Anyone can turn off and opt out of any data collection for ads, whether they use our services or not"

I'd like to know how one would go about opting out of data collection on Facebook if they don't use the service.
If it's a [shadow] profile they have no personal access to, how do you change preferences on it?

Re:Non-consensual Facebooking

I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

Say you run a web site, to which users may sign in. Some @#$%^& tries to create fake accounts, from which they will send spam. In order to stop this, you log the IP address and time of every account creation request, successful or not. Whenever you see a new account sending spam, you block the IP address that created the account from initiating any account creation requests for a month. Whenever an IP sends more than one request a minute for five minutes, you block them for two months.

You are effectively creating a profile of "bad IPs". Those IPs can trivially be mapped to humans. Name the law you believe this policy violates.

Re:Non-consensual Facebooking

Your argument falls apart at "You can opt out". The issue with FB is that they not only track you when you visit www.facebook.com, but also across many, many other websites and they not only record your ip address and so on, but they also correlate that to private information they have on you.

This ^^^.

If the website has a Like button, widget, or comment section that is provided by Facebook and you are logged in, you ARE being tracked.

This is most commhttps://tech.slashdot.org/story/18/04/11/1759220/mark-zuckerberg-denies-knowledge-of-non-consensual-shadow-profiles-facebook-has-been-building-of-non-users-for-years#on on news sites. Now, when logged in, they know exactly what you are reading and can associate that information with your profile.

Scary shit right there my friend.

And yes, I get paid to integrate this crap but am not dumb enough to NOT run an AdBlocker that explicitly blocks it.

Re:Non-consensual Facebooking

I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

Because the information is already out there. They can only collect it because it's available by searching the web. Should it be illegal to collect and sell information that someone posts openly to the internet in other places? Ethically probably no. But legally....I don't see why not.

Re: Non-consensual Facebooking

What "okay" did I click? When I go to some non-fb site and they have some tiny fb image on their page that my browser loads automatically, which fb then uses for tracking, how exactly did I consent?

Re:Non-consensual Facebooking

The United States, like most countries, operates under the principle "everything that is not forbidden is allowed." You really, really do not want to live in a society where things have to be expressly allowed or else they are illegal.

Re:Non-consensual Facebooking

[habig]

I don't disagree with a lot of what you said. Just making the point that a) you can counter it to some extent as an individual if you want to; and b) it's not just facebook: the whole series of inter-tubes out there is set up to to make an "opt out" on an individual company's basis kinda pointless. Why is there so much content out there for "free"? Because, as you say, for most people you're not the customer, you're the product. Good luck changing that in congress: I'm not sure regulations will do much more than put lipstick on the pig, it's the way the whole ecosystem runs. Especially given the general level of competence congress exhibits about anything that's not campaign fundraising.

Re: Non-consensual Facebooking

I think youâ(TM)re missing the point: you didnâ(TM)t click okay; you were never asked, but your friend did.

Re: Non-consensual Facebooking

Why would they 'look' at server logs. The scripts that process the logs have been debugged and perfected for years and years now.

Re: Non-consensual Facebooking

How can the IPs be trivially mapped to humans? A massive data operation can do so non-trivially.

Re:Non-consensual Facebooking

[freeze128]

Send Facebook a postcard that says "Opt Out".

Re: Non-consensual Facebooking

True. Also, this sort of data collection ahould be on the short 'not allowed' list.

Re:Non-consensual Facebooking

I have always told you that you are part of the problem. Glad you've admitted as much, you useless spammer.

Re:Non-consensual Facebooking

What? Filthy, stupid rich and in charge of the government? I think that's their goal, dumbass.

Re:Non-consensual Facebooking

[bugs2squash]

Whenever I'm asked for my name for some trivial reason (maybe the barber wants it for their database) I give the same fake details. I'd love to know if the fake me has a shadow profile. It's hard to believe his details haven't been sold by now.

Re:Non-consensual Facebooking

[Uberbah]

You really, really do not want to live in a society where things have to be expressly allowed or else they are illegal.

Depends if you're talking personal or business restrictions.

Re:Non-consensual Facebooking

Out here in the Rest of the World, we already have those laws. And Facebook does business in our countries. And yet no-one has ever, apparently, considered applying said laws against them.

Re:Non-consensual Facebooking

[SeaFox]

/It'saTrap meme

Re:Non-consensual Facebooking

Nope. Data is the new uranium. Just having it is potentially dangerous, and if it leaks, it's permanent.

Re: Non-consensual Facebooking

What "okay" did I click?

When you signed up for internet, took a job, opened a bank account, took out a loan. Your consent is all over the place.

Re:Non-consensual Facebooking

> . Facebook is able to track your activity here because there's a Facebook pixel--even if you're anonymous.

Thus was born firewalls for web browsers, extensions like "Request Policy" that allowed people to control this behavior.

To get cattle back in line, Firefox and others have removed the ability for these plugins to function because where does their funding come from? Advertising companies like Google/Alphabet that depend on revenue made valuable by these "pixels."

Re: Non-consensual Facebooking

Request Policy has not been updated but uMatrix works kust fine.

Re:Non-consensual Facebooking

[Cederic]

you can counter it to some extent as an individual if you want to

Barely. I can't stop every cunt I've ever emailed from sharing their inbox or contact list with Facebook. I can't stop every cunt with my phone number from sharing their contact list with Facebook. I can't stop every fuckwit that wants to install a personality test from sharing everything on their fucking phone with Facebook.

it's not just facebook: the whole series of inter-tubes out there is set up to to make an "opt out" on an individual company's basis kinda pointless

When I visit the IBM websites they track my activity, especially if I log in using a corporate or personal account. I understand this, I accept this, I feel it's a proportionate and sensible thing for them to do for multiple reasons.

I don't even fucking visit Facebook and they nonetheless build up masses of data about me. This is a very different scenario and I do not accept it.

Why is there so much content out there for "free"?

Because human beings are social creatures. There was more content being put online than you could literally fit into your life before the internet got commercialised.

Because, as you say, for most people you're not the customer, you're the product

Some of us decline to be Facebook's product. Next month we can back that with the law, and it's going to be just fucking awesome.

Re:Non-consensual Facebooking

> I'm most-concerned with background collection and retention. You got on Slashdot. Slashdot has a Facebook log-in thing. Facebook is able to track your activity here because there's a Facebook pixel--even if you're anonymous. That's stuff around which we need strict controls and won't lose much for it, so that's going right at the top of my list.

You can completely obliterate that with something that blocks third-party browser requests. If you want the nuclear option, to defend against all things like that no matter whether you know to block them or not, you can use an addon which runs an explicit whitelist instead of an explicit blacklist. Examples being RequestPolicy (which I have been running for years) or uMatrix. This at least is still in your hands.

Shadow profiles are worse. If someone runs Facebook software on their phone, then it's going to harvest up and send back their entire contact list and their call/SMS history. So if they add you to their contact list, or you call or message one another (not exactly a far-fetched scenario), then you've just been harvested. And the only thing you can do about that is to refuse all contact with those who run said software... which only works if a) you're willing to let go of those people who are truthful to you in that situation, and b) they don't lie to you about (not) using FB software, or install it later on.

Re:Non-consensual Facebooking

For all those asking how to opt out without creating a profile, there are a number of Advertising groups which allow you to set preferences. The best short statement I have seen about how is from the Thomson Reuters Privacy Statement saying:

"You can exercise your online advertising choices at http://optout.aboutads.info or by clicking the AdChoices icon in an ad and following the instructions. You may also opt out of receiving interest-based ads from many sites through the Network Advertising Initiative's (NAI) Opt Out Tool (http://www.networkadvertising.org/choices) and in the EU at http://www.youronlinechoices.com/."

Re:Non-consensual Facebooking

I think everyone has buried-the-lead story on the Facebook data scandal. I'm active on the internet but I have never made a Facebook account. Facebook users agreed to the EULA. They can download details of their account. Does Facebook have a file on me? You bet they do but I never agreed to their EULA. I can't download my Facebook's file so I have no way to see what private data is being sold overseas.

Re: Non-consensual Facebooking

[joemck]

My ISP terms of service don't make any mention of Facebook collecting my data. I consented to my ISP collecting some stuff, but not Zuckerberg.

Re:Non-consensual Facebooking

If it's like Google Ads Opt-Out it depends on setting a cookie which of coarse stops working if you ever clear cookies.

Re:Mental gymnastics

You are extremely naive if you don't think that cluster of IP and MAC addresses can't be correlated to a name, most recent address, next of kin, and social security number.

Re:Mental gymnastics

Just a clump of cells...

Nose Growing

[FerociousFerret]

Zuckerberg's nose is growing. Just sayin'

Re:Nose Growing

[apoc.famine]

Not so sure.

we need to know when someone is repeatedly trying to access our services.

It is trivial to define "trying to access our services" as "visiting any page with a facebook link/like button on it". So you know, like /.. Or just about any other major website out there.

Re:Nose Growing

oy vey you anti semite

you can tell zuckerberg is lying

[FudRucker]

because his lips are moving, he is the biggest liar in washington right now

Re:you can tell zuckerberg is lying

[Shark]

He doesn't care. I don't even think he's under oath. There are no real consequences to him for lying.

Re:you can tell zuckerberg is lying

[rogoshen1]

Lips?

more like:

"labial attachments designed to obfuscate mastication devices, which can be retracted to mirror a range of human-like emotions such as levity or agitation."

Re:you can tell zuckerberg is lying

[SuperKendall]

What the hell is wrong with you Trump Haters??? This Facebook story is entirely unrelated to Trump.

You must get an orgasm every time you type his name, you post about him at the drop of a hat or even if someone is not wearing a hat.

You need professional help.

Re:you can tell zuckerberg is lying

[speederaser]

Knowingly giving material false testimony to congress is a felony whether under oath or not. Being under oath mostly gives congress the right to hold you in contempt of congress and put you in jail if you refuse to answer questions.

Re:you can tell zuckerberg is lying

What the hell are you on about? If you aren't shittin on a liberal (like here) then you're blathering on about your stupid guns. Do you, like, score some points on your GOP card or something for keeping the stereotypes pure cause the projection is strong here. Hypocrisy is a little on the low side this time, but you really did blow your load on earlier stories today.

Stay Classy, Trumptard

I'm slow, so how does that work?

[grasshoppa]

How is collecting data on non-users helpful in preventing reverse searches? It would seem to me that by not having that data non-users are best protected from searches?

Re:I'm slow, so how does that work?

[JesseMcDonald]

Zuckerberg was speaking of data which would be relevant for information security—things like IP addresses and access logs—which of course has absolutely nothing to do with these hypothetical "shadow profiles" Lojan was asking about. A simple case of miscommunication, or a well-executed bit of deflection? You decide.

Re:I'm slow, so how does that work?

[cascadingstylesheet]

How is collecting data on non-users helpful in preventing reverse searches? It would seem to me that by not having that data non-users are best protected from searches?

I think he was saying that somehow collecting data on non FB users prevents the non users themselves from scraping data.

Or something. I'm not sure it was actually English.

Re:I'm slow, so how does that work?

Probably both. Zuck misdirected and Lojan misunderstood the nature of the concern behind the question and thus wan't equipped to penetrate the deflection.

Re:I'm slow, so how does that work?

Zuckerberg was speaking of data which would be relevant for information security—things like IP addresses and access logs—which of course has absolutely nothing to do with these hypothetical "shadow profiles" Lojan was asking about. A simple case of miscommunication, or a well-executed bit of deflection? You decide.

If Zuckerberg lies to congress, then he will have legal problems.

If a judge thinks a statement is a lie, then for the purposes of the law it is a lie.

If you answer a question which includes an undefined term like "shadow profile", someone somewhere can choose a definition that makes you a liar (or at least makes a judge think you are a liar).

The correct response to "do you do a vaguely defined thing?" is:

      "I am not sure what the vaguely defined thing is. You might be thinking of ${SPECIFIC_THING}, which we do for ${REASONS_WE_ALL_AGREE_ARE_IMPORTANT}. I will give a more complete answer if you ask a question that is not a trap designed to make me a liar by changing the definition of undefined words."

Re:I'm slow, so how does that work?

'We are taking advantage of CISA to identify everyone we can'

Fuckerberg is a lying sack of shit

Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks

Don't be a dumb fuck.

if someone does not have a facebook account

[FudRucker]

then how can they opt out from getting their data collected?

i think facebook should be shut down, all their computer hardware confiscated and run through a shredder and the employees personal computers and other gadgets searched for other people's personal info and if any is found they should be investigated for identity theft

Re:if someone does not have a facebook account

I think Zuck should be fed through a shredder, but when you own that many congress-critters, you are safe.

Re:if someone does not have a facebook account

then how can they opt out from getting their data collected?

You can't which is one of the biggest farces today. It's the same as the credit bureaus. I don't have an agreement with them, but they have all my information.

Re:if someone does not have a facebook account

[chispito]

[if someone does not have a facebook account] then how can they opt out from getting their data collected?

By not visiting Facebook. He's talking about website analytics and nothing more.

Re:if someone does not have a facebook account

[mujadaddy]

By not visiting Facebook.

Or any of billions of sites with a FB widget? Please try to understand the issue.

Re:if someone does not have a facebook account

It is much too late for that. The profiles are built, the data collected. You have four generations of people that are now exposed. They know you -- they know your fears, your wants, your needs. This data will be used to manipulate us in everything from buying appliances to voting. Power maintains power by twisting the base parts of people. Fear keeps the local systems in line.

It's actually greater knowledge than this

[Impy+the+Impiuos+Imp]

Lujan: I don't have a Facebook account. What does your shadow profile of me say?
Zuckerberg: Just a sec...it says you enjoy viewing Natalie Portman on Wikibellybutton.
Lujan: Wtf, I just jer...did that for the first time last night!

I'd love to understand

[argStyopa]

"Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not... " ...how, precisely do I turn off and opt out of FB data collection without signing up for FB?
I'm rather curious.

Re:I'd love to understand

[fahrbot-bot]

"Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not... " ...how, precisely do I turn off and opt out of FB data collection without signing up for FB? I'm rather curious.

It's a simple On/Off setting in your Shadow Profile, but you have to log into FB to change it.
You can find it on the Catch-22 settings page.

Re:I'd love to understand

I hear you have a moment to talk about our lord and savior the host file.

Re:I'd love to understand

[Zmobie]

Going to hazard a guess you don't understand when a web server makes those calls to Facebook "for you" the host file won't do jack shit to stop that....

Re:I'd love to understand

Clearly, you opt out by changing the allow-tracking switch on your computer from "1" to "0" (it is often incorrectly identified as a power switch). See, no more tracking. As long as that switch is in the "it's OK to track me" position, all bets are off.

Re:I'd love to understand

Easy, on the front of your omputer, there is an off button, press that and you're sorted!

Re:I'd love to understand

Simple. Opt out of using any website on the internet that has a facebook widget such as a like button. Also in relation to that point, use your super powers of guessing whether a page you intend to visit has such functions before you have actually visited it. It's just like the early days of the world wide web where there was a grand total of 2 websites to visit - fractal cow and rotten.com

Re:I'd love to understand

Are you saying that when someone visits a website, that website may record the visitor's IP address, browser, anything they may type in a form, any actions they make on that website, and everything else javascript can query. Then, at a later time, initiate a connection to facebookwhore and send that information it previously recorded?

Where can I read more about sharing my users' data with Facebook in this manner?

Outright lie

They absolutely do exist and he knows it.

Re:Outright lie

I didn't realize Congress held these things without swearing everybody in.

Re:Outright lie

[PPH]

Your legal standing changes somewhat when you swear in. At least that's what my attorney, Justin Volk V, advises.

If we ever had a "right to be forgotten"...

I would start by hounding facebook to forget everything in their "shadow" profile of me.

This seems familiar to me.

[1_brown_mouse]

*cough* linkedin *cough*

Cookies

[GezusK]

How is this any different than the cookies that any other site uses?

Re:Cookies

[Zmobie]

The data stored in cookies is typically not meant to build a vast data profile about you (though some do, and many places will harvest that data improperly if given the chance). Not only that, cookies are stored on your machine, not on their servers. I can delete all of my cookies right now. I can opt not to even allow them to work on my computer. I cannot do the same with Facebook plugins that have invaded the internet.

Re:Cookies

[mvdwege]

I can delete all of my cookies right now. I can opt not to even allow them to work on my computer. I cannot do the same with Facebook plugins that have invaded the internet.

Yes, you can.

uMatrix is wonderful. Slightly steep learning curve, the first two weeks all your favourites will break as you adjust your whitelist, but it stops third-party tracking dead.

Re:Cookies

[Zmobie]

But again, that is a browser/client side solution. Nothing is to stop their plugins on the server side. If the backend of any website integrates with Facebook API, there is a very real possibility that it is doing all the requests on the server side which a user can NEVER control.

Now, is this useful? Absolutely it is, as not everyone is able to abuse server side requests. This is not going to solve everything though and it is naive to think it will.

Re:Cookies

[mvdwege]

I was not clear you were referring to things like SSO backend modules. No, uMatrix will not block those.

Re:Mental gymnastics

Until proven wrong, you are pederasttttttt

Re:Mental gymnastics

[ls671]

The apps running on your devices can access the MAC address and transmit the info over IP. Wireless access point know your MAC too, etc...

So what ??

[micahraleigh]

I remember things about perfect strangers. How am I violating anybody's rights?

What about the privacy rights of attorney / client privilege that were violated by Mueller? How is that not an autocratic takeover of elected government?

What about the people who get kicked off facebook for being Republicans? How is that not newsworthy but this is?

Re:Mental gymnastics

[BeauHD+(+6,+Expert)]

Ask Bill Gates that. 20 years ago called and wants its deposition tactics back.

Badly configured IPv6

[DrYak]

It might happen with badly configured IPv6.

Among other, IPv6 addresses can be created by adding a suffix derived from you MAC address to the prefix advertised by your router.

Of course, there are privacy extensions, which generate addresses by adding random nonsensical suffices to the prefix, and a well configured IPv6 stack should generate several of those and prefer them over the MAC-derived one.
(i.e.: your laptop will respond when called by it's MAC-based IPv6 - useful for services, e.g.: SSH - but when contacting the web, it will present itself with a random addresses so your mac address should never be revealed in some webserver's logs).

Facebook supports IPv6.

A badly configured IPv6 combined with some clever javascripting (e.g.: the "like" button that you see on virtually any website when you don't have FSF's "Privacy Badger" activated) makes it possible for Facebook to track you by your mac address no matter which network you're connecting from.

(I'm saying facebook, but it works just as well with any other IPv6 support social website that has its buttons plastered all over the web: Twitter, etc.)

So, if you use IPv6, remember to enable the bloody privacy option on.

Re:Badly configured IPv6

[93+Escort+Wagon]

It might happen with badly configured IPv6.

Well, then, it would seem that "badly configured IPv6" has pretty much been the norm under most OSes, until fairly recently.

I'm not arguing - just pointing out we're not talking about some tiny edge case.

Re:Mental gymnastics

[Rick+Schumann]

They're not supposed to do that!

Re:Mental gymnastics

If my fail2ban could somehow get those heuristics, I'd like it to use them.

Re:Mental gymnastics

[Rick+Schumann]

Also you WAP is on your private network. Nothing outside of your private, logical subnet needs to know you MAC.

Re:Mental gymnastics

[gnick]

Until you sign up, you are an unwitting, unwilling user.

Re: Mental gymnastics

Ifconfig.

Facebook has done nothing illegal

[mi]

With all the hate suddenly piled up on the company, someone has to point out, that they've done nothing illegal. Not even unethical — certainly, not grossly so.

The information they keep about people was given to them voluntarily — either by users themselves, or by their friends and acquaintances. And what they now know, they are free to share — sell, give away, publicize, it is up to them.

Contrary to frequent assertions by the weaker-minded, there is no "right to be forgotten".

This whole "grilling" and questioning is quite extraordinary and barely constitutional, for it has most of the markings of a criminal prosecution without any crime.

That said, Zuckerberg does seem like a dork and an "accidental" billionaire, without the faculties, abilities, and guts normally necessary to achieve the power he wields.

Re:Facebook has done nothing illegal

[110010001000]

I don't understand what you guys want. Do you not think every web property tracks you? Do you not think Slashdot doesn't track you? There are a dozen web trackers on this website. The mind boggles!

Re:Facebook has done nothing illegal

[WaffleMonster]

I don't understand what you guys want. Do you not think every web property tracks you? Do you not think Slashdot doesn't track you? There are a dozen web trackers on this website. The mind boggles!

Cross-site cyber stalking of users is no different or acceptable than spending your day following someone around all day and compiling lists of their every move.

Who does it is as irrelevant as trying to get out of a speeding ticket by pointing out instances of other speeding.

Re:Facebook has done nothing illegal

[NichardRixon]

"The information they keep about people was given to them voluntarily — either by users themselves, or by their friends and acquaintances. And what they now know, they are free to share — sell, give away, publicize, it is up to them."

I disagree. Most of the people who provided the data to Facebook had no idea that it could be used in the way it is. Most Facebook users still don't know what's being done with their data, and that's exactly the way Facebook wants it. To say that these people willingly handed it over is like saying people scammed during the savings and loan scandals should have known better. When is the last time you read three or four pages of fine print legalese before signing up to use a website, or when applying for a mortgage? Even if you're determined to read it, you won't fully understand it unless you're a lawyer.

And when they scrape copies of every text message you sent with your cell phone, back when they could do it without asking; when they collected the names and phone numbers of all of your contacts; when they kept logs of who and when you call; when they keep logs of where you've been day after day out using location data from your phone--when they store all of this information, combined it with data from your Facebook profile, then put AI engines to work on it--I would say that those actions were all illegal invasions of privacy. Zuckerberg and friends should be tried for illegal eavesdropping.

And when that's done, they should start on Google and Microsoft . . .

Some people worry about what will happen when computers get smarter than people. They don't realize that it's already happened. AI can process huge volumes of data that humans could never hope to handle. The insights/information that can be derived from the kind of data that Facebook and Google keep boggles the mind. But don't believe me. Google it for yourself and you'll see. Maybe start with 'psycho-analytics'.

Re:Facebook has done nothing illegal

[mi]

Most of the people who provided the data to Facebook had no idea that it could be used in the way it is

These people's ignorance is not a reason to blame Facebook for anything.

To say that these people willingly handed it over is like saying people scammed during the savings and loan scandals should have known better

Except, no one has been scammed by Facebook. "Information can not be stolen" — remember?

And when they scrape copies of every text message you sent with your cell phone ...

They could only do that, because you let them.

AI can process huge volumes of data that humans could never hope to handle

It can, and yet it remains remarkably dumb — still failing the Turing test. But that's off-topic — point was, and remains, Facebook has done nothing wrong.

You may want to stop using it — I, for one, never signed up — but we can't prosecute it for anything.

Re: Facebook has done nothing illegal

We want you to stop sucking corporate dick you toadie.

Re:Facebook has done nothing illegal

[NichardRixon]

"These people's ignorance is not a reason to blame Facebook for anything."

Yes it is! Facebook victimizes people who don't understand the technology. It's not realistic to believe that everyone even has the capability of understand this kind of thing, especially since there's precious little mainstream discussion. There are a lot of technical people who don't understand the issues. I will admit that there's some precedence that's been set in holding people responsible for understanding legal jargon, but I believe it only stands because lawyers make the laws. A lot of what's done on this basis is morally reprehensible, and the same is true of many Facebook activities. Would you defend payday lenders?

AI is not yet smarter than people in every respect, but it certainly excels in producing results using huge data sets. No human could do that.

Can I interest you in a game of Go?

Re:Facebook has done nothing illegal

I love it when someone makes a comment that clearly paints them as either an employee of a company or someone who has a lot of stock (options) in it.

Re:Facebook has done nothing illegal

[Cederic]

The information they keep about people was given to them voluntarily â" either by users themselves, or by their friends and acquaintances. And what they now know, they are free to share â" sell, give away, publicize, it is up to them

Not where I live it's not. They sell any data about me, they're breaking the law.

Re:Mental gymnastics

[dgatwood]

How is a non-user different from someone who is neither a user nor a non-user?

I believe the word should actually be "either", not "neither", and the answer, of course, is Heisenbergian uncertainty. The wave function does not collapse until observed. :-)

There are three groups: People who are known to be Facebook users, people who are known to not be Facebook users, and people who might be either one. In the first group, you know their account info, so you know who they are, and you know that they have Facebook accounts. In the second group, you know enough about them (name, phone number, address, whatever) to believe with a reasonable degree of certainty that they are not Facebook users. In the third group, you don't have enough information to decide either way.

That said, what the GP post appeared to mean was that there are active users, inactive users, and non-users. The GP erroneously conflated inactive users with non-users.

I call BS...

How could Fuckerberg not have known data was being collected about non-FB users???

I am not a FB user. Someone tagged me in some photos of me that my wife posted in her account. Data... Collection... about me... a non-user.

FUCK Facebook! FUCK Fuckerberg! Asshole.

How many data points

[DalM]

"Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head."

This is actually an interesting question, and the answer is probably very complicated. The answer is probably a multi-dimensional vector that the congressman wouldn't understand if Zuckerberg tried to explain it.

And he doesn't make a profit

[WillAffleckUW]

Riiiiight.

Like he doesn't make a profit in Germany with strict anti-hate laws or all of the EU and Canada with strong privacy rights.

And he doesn't let FB apps track you beyond the site ... or at least did until Firefox and others started disabling his FB app tracking cookies that kept running.

This guy must be a nightmare in a poker game, he lies so much.

Re:And he doesn't make a profit

[easyTree]

This guy must be a nightmare in a poker game, he lies so much.

Maybe every question sounds like "tell us what we need to know so that we can make your life more difficult." ?

Re:Mental gymnastics

People who are known to be Facebook users, people who are known to not be Facebook users, and people who might be either one.

Except for a handful of slave children in India, everyone is a Facebook user whether they want to be or not.

Zuckerberg knew his questioners lacked knowledge

[NichardRixon]

Zuckerberg took maximum advantage of the fact that the questions came from people mostly lacking the technical knowledge to judge his responses. For example, when asked if Facebook could track users across devices, he acted as though he didn't know. Is there anyone here who believes that? I wish we could ask him a few questions on Slashdot!

Zuckerberg also said that Facebook doesn't share user data, just uses it to predict which advertisements users are likely to respond to. In that case I'd really like to see what gets sent when someone uses Facebook to sign into a third party website.

he conflates two issues in the last response

" Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information ... we need to know when someone is repeatedly trying to access our services."

Yes anyone can opt out of tracking on the internet, its called running an ad blocker and no script or any other script blocking add-on.

The second part of the reply is simply him admitting that he has no idea what is going on within his own company and has nothing to do with his company scraping data from people. When someone loads a facebook like button on to their article, they are not trying to access facebooks services until they log in via the website or api. Its either that or facebook allows unfettered access to its api with out authorization, which i highly doubt.

What boggles my mind is how do investors think that he is incredibly smart for lying in the hearing like that? by the uptick in the stock price it would give them the impression that they think he is intelligent yet this entire thing gives me ammunition and actually makes it easier for me to explain to those less technically savy about how facebook actually handles the data. Turning people off of facebook is now becoming a fun game to me, i sure hope other people are taking advantage of this teaching opportunity as well. Yet in the end i guess i can understand why investors would see this as a good thing, they just do not understand the long term ramifications of his actions, they just see that he has avoided regulation with this meeting.

I don't know what a "shadow profile" is

[chispito]

I don't know what a shadow profile is, but collecting data on anonymous visitors to your website is not a privacy violation, it's practicing security.

I'm surprised that the comprehension around here seems to be about on par with the congresscritters.

Re:I don't know what a "shadow profile" is

That's not it at all. Let's say that 10 different people have you listed as a contact in their phones, and that those 10 people are on Faceplant. Facebook will create a shadow profile for you that connects you to these 10 people. And of those 10 people start sending you text messages? Facebook has that as well.

Re:I don't know what a "shadow profile" is

[110010001000]

And so does Google...and Microsoft...and your credit card company...and your bank...and credit services...and everyone else. You guys are stunningly naive. The point is that collecting the data should be illegal.

Re:I don't know what a "shadow profile" is

[chispito]

That's not it at all. Let's say that 10 different people have you listed as a contact in their phones, and that those 10 people are on Faceplant. Facebook will create a shadow profile for you that connects you to these 10 people. And of those 10 people start sending you text messages? Facebook has that as well.

Wait, so you mean when people give an app full access to their contacts, the developer of that app has full access to their contacts? Shocking. I'm not seeing the troubling part, other than how quick people are to provide full access to apps on their devices. I don't think Facebook really has to connect many dots to suggest contacts, based on the crazy volume of data people provide to them willingly.

Re:I don't know what a "shadow profile" is

[SvnLyrBrto]

Yup. "Turn on logging for everything that has it (And add it if it doesn't.), and dump it all into Splunk/Kibana/etc." is pretty much the first and automatic instinct for anyone after the first time they have to debug something where the previous guy failed to do so. And while you may off-load data to frozen buckets or glacier or wherever, you certainly don't throw data away, unless you're scrapping the entire system. (And even then...).

It's kind of a no brainer if you've ever actually done honest and productive work before.

Re:I don't know what a "shadow profile" is

We are not talking about anonymous visitors. We are talking about people who (like me) never visit FB, but unfortunately have friends, who have active FB acounts. My contact (home address, phone, e-mail addresses), images on which I can be identified, family relatations, etc have been scraped by FB from my friends accounts and aggregated into a shadow profile.

Re:I don't know what a "shadow profile" is

No, it's not.

Recording login attempts to your servers is practising security.

Tracking access to a web bug you "encouraged" websites to use, with no choice for the visitor whether to access it or not, is surveillance.

I would add that if your systems are vulnerable to something YOU want people to use without their knowledge, you don't have the first clue about security.

Please shut up and be a useless idiot somewhere else.

Re:I don't know what a "shadow profile" is

It's kind of a no brainer if you've ever actually done honest and productive work before.

Which of course exactly explains the cluelessness of congress and the rest of the professional outrage scene who are giving Facebook all this grief.

Re:I don't know what a "shadow profile" is

Wait, so you mean when people give an app full access to their contacts, the developer of that app has full access to their contacts?

Are you being deliberately obtuse or just stupid?
Giving an app access to my contacts gives the app access to my contacts, not the developer unless the app passes it back. The app passing data back is the issue.
The whole problem with Microsoft's telemetry is that it gets passed back. Nobody denies that windows should have access to your key presses and mouse movement.

Re:I don't know what a "shadow profile" is

I don't know what a shadow profile is, but collecting data on anonymous visitors to your website is not a privacy violation, it's practicing security.

Hiya Zuck! Didn't know you visited /.!

A shadow profile is when Facebook correlates data that they've found, bought, and squeezed from their legit users (who signed up for the abuse) about a particular person and compiled it as a profile that just isn't shared publicly at all. Its social map is graphed by mentions to the name with percentages of likelihood per connection. It has zero, nothing, to do with security because these people are not visiting facebook at all. Ever.

Re:Mental gymnastics

*Of course you are my bright little star,
I've miles
And miles
Of files
Pretty files of your forefather's fruit
and now to suit our
great computer,
You're magnetic ink.*

No touch questions for mr jewberg.

Zuckerberg declined to be open when it comes to deleting info from Facebook. Given Facebook is a subset of the Internet and you can not guarantee deletion of information from the Internet, how can you guarantee deletion of all copies of Facebook users' data? You fucking can not. 600lb elephant or what?

Also, since I just stated an immutable fact... if Facebook says they delete a user's data and it shows up someplace else somehow later... Facebook says prove it was us. You can not. Since you can't prove they deleted it or not they really do not have to delete it. So it is all a moot point and bullshitting the entire globe.

Why did nobody in Congress mention this? Usually the are down for scaring the public but not this time eh?

Jew=berg. Zucker=berg.

Zucker=Jew.

Not to mention this: Since the public has access to posted data and messaging data... and since the FBI and every other spy agency worldwide is the public too... You are posting your data directly to law enforcement in no uncertain terms. If they get it on their own volition it's one thing, if you hand it directly to them not "the public" that is another thing. Both one thing and another thing are the same outcome. Who just now found out that Facebook is Fedbook?

Any idea how many international moles scrape externally and how many international moles have been hired and/or contracted by Facebook? Notice how Congress "acted like tough questions" but really they were passing out neckbones when they didn't give breasts and thighs to the viewing public?

I am not new to the planet but this was not a case of some extraordinary disclosure or clever angle of questioning by Congress. How can I Joe Six Pack just casually beating my meat on myfreecams know this but Congress didn't ask? Something fishy about that is there not?

Re:Mental gymnastics

[dgatwood]

No, no, you have that backwards. Facebook uses everyone. Everyone does not use Facebook.

Re: Mental gymnastics

The point still stands, any app could leak your MAC address. One phone with the FB app could leak every MAC address on your LAN. As well as the MAC addresses of WAPs you walk/drive by throughout your life.

Facebook is a piece of shit

And social media is lame as hell.

Re:Mental gymnastics

Uh what? Why would you think MAC addresses are secure or a secret?

Re: Mental gymnastics

depreciated!

Re:Mental gymnastics

yeah, i'm sure neighter apple, google nor mozilla collect billions of mac-adresses every day, and that's just for their wifi-location-database...

Sounds like a great lawsuit

[smooth+wombat]

You gave me a FB account, without my knowledge or consent, and added data to it which you then sold to third parties.

Further, the only way to tell FB I want to opt out is create an account, but not the shadow account, even though I don't use FB.

Re:Sounds like a great lawsuit

[PPH]

Lawsuit? That's for pikers.

Just catch FB following someone with a security clearance around and selling that info to a Chinese front company.

Snippet

[easyTree]

Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?

Zuckerberg: Sure, they only need to sign in with their Facebook credentials and check 'do not collect data on me unless I'm a Facebook user'. Anyone who leaves the box ticked is assumed to be happy with collection.

Re:Mental gymnastics

[the_B0fh]

You like to comment on what you have no idea what you are talking about? The shadow profile is based off real data like your phone number and your name and even your purchasing habits.

time horizon clusterfu

[epine]

Anyone can turn off and opt out of any data collection for ads, whether they use our services or not.

It's far from obvious to me how he thinks I can do that.

Does he mean I sign up for an account, click some boxes, and then never use the service again?

Anyone who identifies themselves to Facebook can turn off and opt out of any data collection for ads we are currently displaying, whether they ever use our services again or not.

Or does he image that the HTTP specification has an explicit provision for a header flag FBFO=true?

Does that flag also imply that if someone I know uploads a picture with me somewhere in the background, they won't match my likeness against all social media wallflowers, everywhere?

And then if I later sign up, that information won't be used to advertise to me from day one?

How does Zukerberg track non-Facebook users

[najajomo]

By contracting with companies to plant invisible trackers known as WEBBUGs on their web sites, such as these that are pinged every time you click on a techcrunch.com page:

cdn.tinypass.com/
d1z2jf7jlzjs58.cloudfront.net/
dashboard.tinypass.com/
dpm.demdex.net/
geo.yahoo.com/
o.aolcdn.com/
p.typekit.net/
plugin.mediavoice.com/
s.sa.aol.com/
s.yimg.com/
sb.scorecardresearch.com/
stats.wp.com/
use.typekit.net/
www.google-analytics.com/
www.npttech.com/

And these ones that are pinged when you click on a slashdot article:

a.fsdn.com/
ads.pro-market.net/
analytics.slashdotmedia.com/
cdn-social.janrain.com/
cdn.taboola.com/
consent.trustarc.com/
d1o5u7ifbz3swt.cloudfront.net/
ml314.com/
rpxnow.com/
snap.licdn.com/
ssl.google-analytics.com/
tag.crsspxl.com/
www.stack-sonar.com/

Re:Mental gymnastics

[brunomagalhaeslopes]

With data provided by users, Facebook knows a lot about non-users.

There is such a thing as a shadow profile. It is a shame that Zuckerberg denies its existence.

I resisted to create a Facebook account, but five years ago I did it. Many people had sent me invitations, and it looks like that with the information other users provided, Facebook correctly guessed many things about me. It did not asked my my home town: it asked me to confirm their guess. Same for high school, university, occupation, place of work, etc.

I do not know if Facebook "knew" all this about me or was guessing based on data provided by other people. Facebook knew that a large portion of people that invited me had studied on a particular high school, and other worked for a particular company. Anyway, my "shadow profile" was alive and well when I first met him.

Too bad I am deleting my Facebook account in a couple of weeks.

Re:Mental gymnastics

[war4peace]

They're not supposed to do that!

I guess that phrase pretty much sums up the reason for this Congress hearing's existence :)

And this is only Facebook???

I don't get what the fuzz is all about. My Ghostery plug-in mentions a whopping 99 trackers on this slashdot page alone. Google, Yahoo, DoubleClick, LinkedIn, Amazon, Adobe, MySpace to name the big names (funny but no Facebook apparently unless they just use the tracker under another name).

I maybe use a few of these services (and none of the 90+ other trackers). Still they are logging me being on this page (or my ip or whatever my webbrowser gives out as information). Why are they suddenly blaming Facebook for doing the same thing? If I was in a hotel, 99 trackers would know I was in that hotel. The telco would know I was in that hotel. The hotel would know I was in that hotel. All of them would use that information to target ads or do something with it.

You know, Zuckerberg is right, they only just log all that information. It's not their fault that they can put two and two together, so can everybody else.

Did he also lie about knowledge of section 230?

[schwit1]

Zuckerberg says he is not familiar with Section 230 (the law that protects ISPs from liability for third-party content.) That would be like the CEO of SmithKline saying he doesnt know anything about pharmaceutical testing rules.

If his lawyers after all this time never briefed him on Section 230, he is either lying, willfully ignorant, or being poorly served by his legal team.

Re:Mental gymnastics

[Lead+Butthead]

Until you signed up, you're an unwitting, unwilling MERCHANDISE.

"Mr. Zuckerberg, you're full of shit. I didn't think it was possible for a (purported) person to have a higher bullshit content than Ajit Pai until I heard the drivel that came out of your mouth."

Re:Mental gymnastics

Also you WAP is on your private network. Nothing outside of your private, logical subnet needs to know you MAC.

Not necessarily true. Many automated configuration algorithms use MAC addresses to ensure some level of uniqueness or as a tie breaker.

The most prominent use is automated IPv6 addressing. IEEE EUI-64 embeds your MAC within your IPV6 address if not statically or DHCP assigned. All someone needs to do is query the IPv6 address in a browser script to get the MAC address of most everyone who does not have a IPv6 DHCP complaint ISP.

Re:Mental gymnastics

Yes, people do things they aren't supposed to do.

I forget which one asked

[stabiesoft]

but the congessman who asked if Zuck would mind sharing what hotel he was staying made me laugh. Zuck said he would prefer not to. Hilarious. Maybe the congressman should have known and mentioned it in a followup question. Just to see how Zuck reacted to his personal info being shared.

Re:Mental gymnastics

[dfghjk]

parent didn't say that he thought they were secure or secret. Read it again.

Re:Zuckerberg knew his questioners lacked knowledg

[Zmobie]

Your first point is basically what they were banking on. Most of Congress lacks the technical expertise to verbally spar with him on most of these issues. He is employing the tactic every software engineer ever has when talking to non-tech executives. Plead ignorance to simple but damning questions and give overly complex answers to others such that management won't understand and doesn't want to look stupid. I really wish they would have pulled in some of his engineering leads that HAVE to be familiar with the product implementation so he couldn't plead ignorance so easily.

You second statement I think he was just abusing the double meaning. They aren't sharing data in the sense of a business deal where they get paid for the data, but they absolutely know they share a ton of information with developers and anyone plugging into the site to provide "enhancements" to their service.

Re:Mental gymnastics

[swillden]

They're not supposed to do that!

There's no network technology-based need for them to do that, but if the operating system makes the data available to them they can and some do use the MAC address as a unique device identifier. The major mobile device OSes have stopped providing it.

opting out, eh?

[sacrilicious]

Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?

Zuckerberg: Anyone can turn off and opt out of any data collection

HOW? How can someone, who isn't a facebook user, opt out of this data collection? If by "turn off" he means "not use the internet", that's not an answer. Zucktard.

Mod parent up

[Dast]

This ^^^

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Zuckerberg knew his questioners lacked knowledg

They did ask and are well aware of what Fuckbook does. For example there were specific questions about the link itself being present at all and what level of tracking is done with it. Cuckerberg tried to act like there was none.

Many sites inline their stupid icon creating a 3rd party request to Facebook. It's where the whole tracking while you're not logged in, even came from.

Re:Mental gymnastics

[shubus]

Mental gymnastics indeed. I have been off FB for several years. So how can FB be collecting datapoints on non-FB users? What are they doing, scraping the entire Internet? FB services covers a lot of ground....naturally the next thing for me to delete in WhatsApp as I'm sure there are some datapoints there. But what else?

Re:Mental gymnastics

[Ol+Olsoc]

No, no, you have that backwards. Facebook uses everyone. Everyone does not use Facebook.

The first time I used a script blocker, years ago, on any of the "popular" sites, and especially news sites, there were many facebook tracking scripts. You didn't find out just how many there were until you started tracing them back to see who ran them.

So I am completely certain that Facebook collected the Users names of those who logged into the sites, collected data about everything they read, almost certainly collected their real names, and distributed that data directly to..... who knows?

Oh....... wait......... we do know now exactly who they were selling or giving almost everyone's data to. And no doubt there are plenty of others.

Seriously, if that festering asshole in charge of running the worlds largest weaponized data collection center isn't aware of the fact that they collected and weaponized data against everyone, and people believe him - well I have some some oceanfront property to sell them in Colorado.

Re:Mental gymnastics

[Ol+Olsoc]

With data provided by users, Facebook knows a lot about non-users.

There is such a thing as a shadow profile. It is a shame that Zuckerberg denies its existence.

Somewhere back in the bowels of Slashdot, I made a report of my experience when I installed my first script blocker. Facebook had more trackers than Google. Google was easy to find. You just looked at the names of the scripts that were blocked, they had "google righ in them.

But I had to whois a lot of others, and by cracky, there was facebook with multiple trackers on all the pages of popular sites, especially on news sites.

So if the idiot doesn't know that he has people writing tracking scripts, maybe he needs to pay attention. But he knows.

Too bad I am deleting my Facebook account in a couple of weeks.

Happy sarcasm noted. block scripts too to make it more effective. I had to use facebook for some projects I'm working on. But as they finish up, I'll delete my account too.

Re: Mental gymnastics

Multiple people have linked your email address and phone number with your name in their contact list and given it to Facebook; what else do they need?

Re:Mental gymnastics

[MichaelSmith]

There is such a thing as a shadow profile. It is a shame that Zuckerberg denies its existence.

I saw it right there on my sister's FB account. A shadow profile with my name on it.

Re:opting out, eh? - EU to the rescue!

[TheOldestGit]

Just wait until the new GDPR regulations kick in...

Re: Mental gymnastics

[MichaelSmith]

Case in point: even if javascript running on a browser can't get the MAC address, a native application certainly can and FB could fund a simple game which snatches that information and sends it back, to be correlated with an account ID.

Re:Mental gymnastics

[boundandgaggedwomen]

People who are known to be Facebook users, people who are known to not be Facebook users, and people who might be either one.

Except for a handful of slave children in India, everyone is a Facebook user whether they want to be or not.

In Soviet Russia, no one uses facebook. The rest of the world-facebook uses you!

Re:Mental gymnastics

[HermMunster]

Mac addresses can be changed or spoofed. I just had a thought to make a note to look up programs that will spoof/rotate the Mac address. However, some devices can't be spoofed, such as the cable modem.

Re:Mental gymnastics

[cheesyweasel]

Apps can also access every other mac address on your network too by reading arp cache. MAC addresses contain device manufacturer identifiers. Browsers can be fingerprinted which is made even easier with JavaScript, even TCP/IP stacks can be fingerprinted. Almost everything can be fingerprinted and crosslinked or statistically analysed given enough thought. There are too many avenues for a big system to collect data on anyone if they really wanted to.

Re:Mental gymnastics

[cheesyweasel]

Facebook messenger asks for "wifi connection information" on android which would let them get instant access to arp cache if they wanted it. Go install landroid or something like that to see for yourself. You have to ask yourself why they are asking for that information in the first place.

Turn in your nerd card.

Shadow Profiles have been CALLED Shadow Profiles for at least 10, maybe as much as 15 years. I am pretty sure in fact that I have talked to facebook staff who referred to them as such (off the record obviously!) The data collection they have been doing was a large part of why they became so popular in the mid 00s, along with LinkedIn's stealing of contact info from the addressbooks of anyone who signed up. Remember those annoying 'So and so asked you to join LinkedIn Now!' emails you used to get, unsolicited?

A number of other companies used similiar tactics, whereas Facebook's approach was that 'you register an account and all your friends are already there!'

Both are scary, both should be illegal, yet somehow they are not.

Re:Turn in your nerd card.

[Austerity+Empowers]

In context with technical people speaking technical jargon, not with the general population of the United States who almost certainly have no idea what that is, nor, specifically, a congressdork who actually demonstrated he has no idea what it is.

He's right to deny it, he'd be morally upstanding if he asked for clarification about the term before having answered.

Before you assert this is ridiculous, I bring up the Bill Clinton sex "lie". It turns out that while oral sex is as old as time, we can split hair on whether that is considered sexual intercourse without technically having lied. Most reasonable people would consider it to be a sex act, or even having had sex, but it is not "sexual intercourse" which has a precise definition. When up against the wall with this audience, splitting hairs is necessary. I'm not defending him, I hate what Facebook does, but all this circus is showing is how incapable our government is of understanding technology.

Re:Turn in your nerd card.

[Sarten-X]

The Clinton example is an excellent one: As I recall, earlier in his testimony, it was established exactly what fell under the definition of "sex" for that discussion. If he said he did have sex with Lewinski, it actually would have been a lie, and most Americans would still be confused.

Re:Turn in your nerd card.

And ol bill is still a liar, and a philanderer. oh how times have changed...the outraged Left can't believe a president would stoop so low. we must get to the bottom of this, no matter the cost, for the (DACA/Syrian/H1B) children

Re: Turn in your nerd card.

Remember those annoying 'So and so asked you to join LinkedIn Now!' emails you used to get, unsolicited?

I still get those exactly every 14 days...

Re:Turn in your nerd card.

[Daralantan]

It depends on what your definition of 'is' is.

Biggest weakness

I predict this will cost Facebook several billion dollars from several class action lawsuits and the addition of several countries fining it for the policy.

Double negative

[ayesnymous]

"I'm not I'm not familiar with that" means he's familiar with that.

45 of the 55 senators at the hearing got money

[rsilvergun]

from Facebook. What's not to understand?

is this for real or a satire?

[Tom]

Seriously that is what "being grilled" means to the US government? Grill me any day.

And ./ editors cannot dissect this either, as the headline clearly shows. No, he did not deny knowledge of anything. He said about shadow profiles that he is not familiar with that. Doesn't mean he doesn't know about it or it doesn't exist. I'm not familiar with the workings of my car engine. I know it's there, I know what it does, but aside from a general basic knowledge of engines, that's it.

And they let him off the hook with that. Either they never intended to actually ask any serious questions, or the whole stunt is just a "my re-election campaign is coming up soon" reminder to him, or they are just incredibly badly prepared. What do these people pay their staff for? Making coffee?

Which exact data does FB collect on non-users? How long is it stored? How do you identify people repeatedly visiting FB from different locations? Different browsers? Different devices? How do you identify scrapers using scripts instead of browsers? Which other services or companies cooperate with you on this? Names of the responsible people we can question there? If I go to FB right now from this notebook without logging in, which data will be generated? Can you identify a FB user before he logs in? Do you share the results of your analysis with third parties? With whom and for what purpose?

It's a pathetic show, really. High cringe factor. If you needed any more evidence that business is calling the shots in Washington, there it is.

Why can't the free market

[rsilvergun]

regulate it? If folks don't like the way Facebook does business they can stop doing business with Facebook. Install no-script, delete your FB account (or don't make one in the first place). Problem solved.

I do not recall

[rsilvergun]

Worked for Reagan , why not Zuck? And as I mentioned elsewhere, 45 of the 55 people "grilling" him get large donations from his company...

Re:I do not recall

[NichardRixon]

Excellent point, rsilvergun. That's certainly a plausible explanation. Still, reason leads me to believe that in most cases the questioners weren't feigning ignorance.

I don't think it's that nefarious?

[schweini]

It really don't like Zuckerberg, but in this case, the questions seemed very unfair, or at least uninformed.

So Facebook has those like-buttons everywhere, and there is a legitimate use for those. They will obviously save standard log information of the people that retrieve those buttons. Those buttons are often Javascript and/or an iframe. So Facebook can also gather rather standard things like screen size, browser headers, etc.
Just with that information, they can start doing fingerprinting of these anonymous users. I would quite frankly do this in a heartbeat if I had code of mine everywhere.
They can also use this for security purposes, and user modelling ("hmm...what can we gather about people that don't use our services? Why won't they? What can we do to appeal to them?").
But calling it 'shadow profiles' seems very misleading.

Re: Misleading title - he admits data is collecte

Why -1? That post should +5.

The only missing data points for non-users are the credentials.

The others are the same. It's just that the users have more complete and richer data points than non-users.

Re: Mental gymnastics

Facebook is not just Facebook, tentacles everywhere. Business partnerships etc. Just because you opt out of FB everyone will still be building profiles, it will just be canvasbased, supercokies or the next new thing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Another Question Mark

Congressman: "How many employees are working at your company? a) 1,000 - 10,000 b) >10,000 - 500,000 ?"
Zuckerberg: "Congressman, I don't know off the top of my head".

Dammit, where are my mod points?

[Immerial]

This is totally correct. I was watching him weasel out of so many questions, using the gaps in the senators' knowledge. They use a vague term or phrasing... boom! Generic, safe answer delivered. The messed up thing is, you could tell he knew what the senators were really trying to get at but then used the gaps to avoid having to answer the tough questions on privacy and data collection.

They've done something immoral

[Immerial]

"they've done nothing illegal. Not even unethical"... but it is immoral. And he knows it's wrong, the very fact that he has different controls on his private information on Facebook than everyone else shows this. Why don't we get the ability to immediately and forever delete a post? Why isn't he fine with the same levels of control of his Profile as everyone else, if everything they are doing is fine? He knows that he's sold everyone down the river.

Re:Zuckerberg knew his questioners lacked knowledg

[NichardRixon]

They were certainly briefed on the issues, but I didn't get the impression that many--if any--had much real understanding of the topic. Especially when it comes to the ramifications of AI working with the data.

On the subject of third party icons, I was specifically referring not to the 'like' buttons, but those offering to log-in new users via a Facebook link to their identities. I expect that these transmit a lot more data in both directions. (Then again, I certainly could be wrong. The 'like' button may do more than I have assumed.) It would be very interesting to know if any /. folks have examined the operation of these things and what was found.

It's all a sham anyway

These hearings are just a way to reduce the effectiveness of the population's actions anyway. The only effective action is to stop using Facebook.

There once was a great effort in government to create something called Total Information Awareness. It was basically a desire for mass surveillance. Facebook data satisfies many of the stated goals of TIA. When Facebook first became noteworthy a common story or editorial was about the mysterious sources of income for Facebook.

Really it takes MUCH more imagination to believe that Facebook is NOT gathering info for mass surveillance of the population for the US government than to see that they obviously are.

Now Facebook's use in elections is a matter of concern for Senators, but Facebook itself is a source of power for the government. Any regulation will just address the needs of the Senators and completely ignore the mass surveillance of the populace.

So these hearings are a false way to give people a sense that something is being done to protect them.

In fact the only effective means people now have to protect themselves against this mass data collection is to stop using Facebook.

Only for security. So CISA

Does this mean they are misusing CISA to collect information on everyone? Who are they share sharing this information with "for purposes of security"?

Are you being wilfully ignorant?

collecting data on anonymous visitors to your website is not a privacy violation

Maybe, maybe not, but what is indisputable is that collecting data from visitors to thousands of other websites certainly is a privacy violation. It is utterly disingenuous to pretend that we are discussing a single website's log files.

Re:Mental gymnastics

He's a lying sneaking scumbastard like all yids.