Mark Zuckerberg Denies Knowledge of Non-Consensual Shadow Profiles Facebook Has Been Building of Non-Users For Years

It has been widely reported that Facebook builds profile of people even if they have never signed up for its services. However, in a hearing with the House Energy & Commerce Committee on Wednesday, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building "shadow profiles", Zuckerberg denied knowledge of it. Here's the exchange: Lujan: Facebook has detailed profiles on people who have never signed up for Facebook, yes or no?
Zuckerberg: Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers].
Lujan: So these are called shadow profiles, is that what they've been referred to by some?
Zuckerberg: Congressman, I'm not, I'm not familiar with that.
Lujan: I'll refer to them as shadow profiles for today's hearing. On average, how many data points does Facebook have on each Facebook user?
Zuckerberg: I do not know off the top of my head.
Lujan: Do you know how many points of data Facebook has on the average non-Facebook user?
Zuckerberg: Congressman, I do not know off the top of my head but I can have our team get back to you afterward.
Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?
Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not but in order to prevent people from scraping public information ... we need to know when someone is repeatedly trying to access our services.

Misleading title - he admits data is collected

He doesn't deny knowledge of it, he says they do! And he just doesn't have the data on hand. Sheesh, what a misleading title.

Everyone knows Shadow Profiles are real, that is how they know all the info they do when you sign up.

Re:Misleading title - he admits data is collected

I myself have never ever signed up for Facebook. I have never wanted it. But, I have several friends that have an account. One photo taken at a Christmas party was tagged with my name even though I have no account. When viewing Facebook from another friend, they get my name on photos from friends we have in common. I know it happens.

Re:Misleading title - he admits data is collected

[93+Escort+Wagon]

He also is clearly not talking about shadow profiles here.

I think the term is "dissembling".

But, really, based on decades and decades of prior examples... he knows doesn't have to walk away smelling like a rose. He can walk away with the committee grumbling loudly, and they're still not going to do anything substantive to protect the hoi-polloi. Congress-critters generally are generally very reluctant to take steps which penalize billionaires to any significant degree.

Re:Misleading title - he admits data is collected

[Sarten-X]

It seems to me that the congressman had a particular narrative he wanted to fit.

"Shadow profiles" sounds scary and mysterious. In a previous big-data job, I used the term "unassociated data" to describe when we had a connected set of records that didn't match any known individual. They still existed as records, and we didn't discard them... but they weren't anything personally identifiable until we stumbled across a record that tied them to known individuals (and when that happened, our term for that connecting record was the "decoder ring").

Re:Misleading title - he admits data is collected

[mysidia]

Yes..... But in the Slashdot summary Zuck seemed to be conflating "Shadow profiles of Non-Users" with
"History of pages viewed by IP addresses visiting Facebook.com without logging in"

Implying that the "Shadow profile" was required for a security purpose is deliberately deceptive (IMO).... If you visit Facebook.com you're an "Anonymous Facebook user"

Whereas a "Shadow Profile" is not IP addresses/"knowledge when someone is repeatedly trying to access our services."
BUT Shadow profiles are Personal Information collected through 3rd party sources about real persons who have never created an account or personally provided the information directly on Facebook.com.

Re:Mental gymnastics

[Ichijo]

How is a non-user different from someone who is neither a user nor a non-user?

Wow

[Chris+Mattern]

"Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers]. "

So, then, you're telling us that you're collecting the data to ensure nobody is collecting that data, is that correct?

Re:Wow

Of course. The data is valuable. Facebook wants it, and Facebook doesn't want screen-scrapers to get it.

It makes perfect sense.

Re:Mental gymnastics

[Rick+Schumann]

If they have the MAC of any ethernet device that I own, then there is something seriously wrong with the public Internet that needs to be fixed immediately -- either that or everyone has out-and-out spyware on their computers and devices. Beyond your local network no one should have your MAC.

Non-consensual Facebooking

[sinij]

I don't understand why they left him off the hook so easily on this point. They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

Re:Non-consensual Facebooking

[OrangeTide]

I don't consent to political campaigns calling me up during election season. But there are public records and they've been doing this for decades. That you have some right to not have your public information accessed is some new right that currently does not exist in US legal code. Perhaps congress will write a new law, but until then it's a bit premature to get upset over something that we've tolerated for so long. (or at least spread your outrage out among the many marketing and political firms that have done similar things over the decades)

Re:Non-consensual Facebooking

[sinij]

Ted Stevens, is that you posting from beyond the grave? Because comparing digital tracking FB does to a publicly-listed PSTN number is rather flawed comparison.

A better comparison would be a third party wiretapping your phone, creating a list of everyone you calling to, then selling such list for profit.

Re:Non-consensual Facebooking

[sinij]

Your argument falls apart at "You can opt out". The issue with FB is that they not only track you when you visit www.facebook.com, but also across many, many other websites and they not only record your ip address and so on, but they also correlate that to private information they have on you.

Re:Non-consensual Facebooking

Political campaigns don't get to look at the phone and email contacts of people on their lists. Facebook does precisely that. I must have missed the part about how that is public information.

Re:Non-consensual Facebooking

[bluefoxlucid]

I don't consent to political campaigns calling me up during election season. But there are public records and they've been doing this for decades

Actually, we can't use them.

To call or e-mail you, I have to purchase a list of contact data from an appending service. These in turn get them from data warehouses, who get them by purchasing from organizations who directly connect with those persons.

You know that thing where your contract says your information "may be shared with partners" or some such?

You sign up for a service or donate to a charity. Hell, a politician knocks on your door and you sign up for their Web page.

They build a giant database of contact information and voter/donor/volunteer/user/etc research.

That information gets shared or sold to other organizations--two wildlife charities might mutually exchange their lists under NDA so they both benefit from greater access to donors.

The information not under such sharing generally gets sold.

We pay 3 cents per successful record append to turn your voter history (purchased from the State for use only in conjunction with a political campaign) and information into contact info. Name and address go in, phone numbers and e-mails come out. Donor information, social networking profiles, and the like might come along with that, too.

Yes, you consented to this. Unfortunately, we let people consent to far too much without requiring them to understand the ramifications, or putting a timer on that data so it has to go away after a few years. We should have a small number of certified data warehouses who can buy, aggregate, and provide information, with limits on where it can come from, how long it can be stored, and how aggregate information can be disseminated. instead, everyone is a data warehouse, and they sell and distribute the information however they want.

It's really a question of what we can give up. There's likely a sweet spot where you've only lost a little functionality, and can work around that easily, while gaining plenty of privacy; and then there's that last bit of privacy to gain, but cutting deeper starts rapidly shoving us back into the 90s where all this convenience wasn't around while not protecting us very much more at all. The first step is to identify that range and abut up to it; the second is to determine what protections we need and what we have to sacrifice to get them.

The most extreme example would be eliminating so much data sharing that OAUTH2 isn't a thing: you can't sign up to services with Google or use things like Disqus because of strict data privacy laws preventing the kind of sharing that this requires. Obviously, we're not going that far: those kinds of conveniences require very little data sharing, and it's obvious what's shared of the necessary things (i.e. your e-mail address, or some unique identifier; if it fills in your name, you can actually see that).

I'm most-concerned with background collection and retention. You got on Slashdot. Slashdot has a Facebook log-in thing. Facebook is able to track your activity here because there's a Facebook pixel--even if you're anonymous. That's stuff around which we need strict controls and won't lose much for it, so that's going right at the top of my list.

Re:Non-consensual Facebooking

[Austerity+Empowers]

A better comparison would be a third party wiretapping your phone, creating a list of everyone you calling to, then selling such list for profit.

I think that's not a good example, if they were doing that then hopefully people go to jail.

I think a better comparison is wiretapping all of your friends and associates who all consented to it, and recording their side of the conversation, and interpolating things about you and your actions from the references. Then associating that with publicly available information about you.

It's not the same thing, and it does not seem like the law has anything to say about it. Friends are allowed to snitch on your activities to the police, the police are allowed to act on it, and it is admissible in court. There are a few exceptions that vary from place to place (doctors, lawyers, sometimes spouses, etc.). I think this is just the first time in history so much of this is thrust into the public for all to see. Normally what you and your friends do is localized to your local social/geographical sphere, it's not easily searched.

Re:Non-consensual Facebooking

[Zmobie]

You're joking right? You just listed like 5 fairly technical things for a user to do before they can "opt out" of Facebook tracking most of their internet habits. Do you seriously expect everyone to be doing that? Even people that semi embraced tech don't understand how 90% of that works and usually have to have a techie friend or family member inform them/do it for them. So now anyone with a modicum of tech expertise has to be a steward to create a viable opt out option? That doesn't even mention the thousand other things they can do to circumvent someone doing all that (1x1 pixel trick anyone?).

Server logs in the sense of someone explicitly going to the domain is one thing, and even to a lesser degree accessing the API explicitly such as clicking the stupid like button on some website. Problem is they are harvesting information on other sites simply because the page loaded the like button. Real damn lovely word play there to say they are only looking at their own servers logs, but they are filling them with massive amounts of harvested information that people don't even realize they can get to unless they are tech savvy. Not to mention there is no explicit opt out option. Short of knowing before you even open the page that there is Facebook integration (and these days basically EVERYTHING has social media integration) users have no idea they are essentially auto consenting to this crap. So now I have to opt out of the internet? Sounds reasonable...

This doesn't even address the issue of other people giving them data about you knowingly or unknowingly. Picture uploads where they use facial recognition to build profiles of everyone in the photo whether they are on the site or not. Other people posting information about someone else and them harvesting it into the profile. Other people making fucking profiles of someone else (this one happened to me, only reason I have a Facebook account now is to control my own profile and protect friends and family from a false 'me' contacting them on there). Now I also have to opt out of having my picture taken, going into any store that might have some type of recording device, or going anywhere near anything that can recognize my face? Maybe I'll just wear a mask! Or better yet move to a cabin in the damn woods and live like a mountain man...

Ian Malcolm put it quite well, they were so focused on could they do it (and how much money they could make from doing it) that none of them ever asked if they should do it or, adding on to it, the right way to do it.

This company and others like them have absolutely no incentive to self-regulate to any real degree. They might pay lip service for PR purposes or to create an illusion of them 'protecting your information.' Most people don't understand half of what they are doing though and don't listen to those of us that do. I am not for tons of government intervention and regulation necessarily, but there is no other solution in my opinion. The free market doesn't solve this problem, laws, binding agreements, and enforcement does.

This should be the day of reckoning for them. I don't have a ton of faith that it will be because of some inept asshats representing the country's interests in Congress currently (pretty sure I saw an article about how over half the committees interviewing Zuckerburg received significant campaign contributions from Facebook), but it damn sure should hit them hard. Maybe I'll be wrong and the Republicans are so desperate to hit liberal Silicon Valley they will take the beating stick to them, but even that will be for the wrong reasons and likely will be targeted on a partisan basis. Every company needs to have privacy regulation imposed on them badly in my opinion. Personally, I'd be all for a US version of the GDPR getting passed, but maybe that is just me.

Re:Non-consensual Facebooking

[SeaFox]

They could never collect consent from someone that didn't sign up for FB, so how is data collection could be legal?

"Anyone can turn off and opt out of any data collection for ads, whether they use our services or not"

I'd like to know how one would go about opting out of data collection on Facebook if they don't use the service.
If it's a [shadow] profile they have no personal access to, how do you change preferences on it?

Re:Non-consensual Facebooking

[freeze128]

Send Facebook a postcard that says "Opt Out".

Re:Non-consensual Facebooking

[Cederic]

you can counter it to some extent as an individual if you want to

Barely. I can't stop every cunt I've ever emailed from sharing their inbox or contact list with Facebook. I can't stop every cunt with my phone number from sharing their contact list with Facebook. I can't stop every fuckwit that wants to install a personality test from sharing everything on their fucking phone with Facebook.

it's not just facebook: the whole series of inter-tubes out there is set up to to make an "opt out" on an individual company's basis kinda pointless

When I visit the IBM websites they track my activity, especially if I log in using a corporate or personal account. I understand this, I accept this, I feel it's a proportionate and sensible thing for them to do for multiple reasons.

I don't even fucking visit Facebook and they nonetheless build up masses of data about me. This is a very different scenario and I do not accept it.

Why is there so much content out there for "free"?

Because human beings are social creatures. There was more content being put online than you could literally fit into your life before the internet got commercialised.

Because, as you say, for most people you're not the customer, you're the product

Some of us decline to be Facebook's product. Next month we can back that with the law, and it's going to be just fucking awesome.

Nose Growing

[FerociousFerret]

Zuckerberg's nose is growing. Just sayin'

you can tell zuckerberg is lying

[FudRucker]

because his lips are moving, he is the biggest liar in washington right now

Re:you can tell zuckerberg is lying

[SuperKendall]

What the hell is wrong with you Trump Haters??? This Facebook story is entirely unrelated to Trump.

You must get an orgasm every time you type his name, you post about him at the drop of a hat or even if someone is not wearing a hat.

You need professional help.

I'm slow, so how does that work?

[grasshoppa]

How is collecting data on non-users helpful in preventing reverse searches? It would seem to me that by not having that data non-users are best protected from searches?

Re:I'm slow, so how does that work?

[JesseMcDonald]

Zuckerberg was speaking of data which would be relevant for information security—things like IP addresses and access logs—which of course has absolutely nothing to do with these hypothetical "shadow profiles" Lojan was asking about. A simple case of miscommunication, or a well-executed bit of deflection? You decide.

Re:I'm slow, so how does that work?

[cascadingstylesheet]

How is collecting data on non-users helpful in preventing reverse searches? It would seem to me that by not having that data non-users are best protected from searches?

I think he was saying that somehow collecting data on non FB users prevents the non users themselves from scraping data.

Or something. I'm not sure it was actually English.

if someone does not have a facebook account

[FudRucker]

then how can they opt out from getting their data collected?

i think facebook should be shut down, all their computer hardware confiscated and run through a shredder and the employees personal computers and other gadgets searched for other people's personal info and if any is found they should be investigated for identity theft

It's actually greater knowledge than this

[Impy+the+Impiuos+Imp]

Lujan: I don't have a Facebook account. What does your shadow profile of me say?
Zuckerberg: Just a sec...it says you enjoy viewing Natalie Portman on Wikibellybutton.
Lujan: Wtf, I just jer...did that for the first time last night!

I'd love to understand

[argStyopa]

"Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not... " ...how, precisely do I turn off and opt out of FB data collection without signing up for FB?
I'm rather curious.

Re:I'd love to understand

[fahrbot-bot]

"Zuckerberg: Anyone can turn off and opt out of any data collection for ads, whether they use our services or not... " ...how, precisely do I turn off and opt out of FB data collection without signing up for FB? I'm rather curious.

It's a simple On/Off setting in your Shadow Profile, but you have to log into FB to change it.
You can find it on the Catch-22 settings page.

Re:Mental gymnastics

[ls671]

The apps running on your devices can access the MAC address and transmit the info over IP. Wireless access point know your MAC too, etc...

Re:Mental gymnastics

[BeauHD+(+6,+Expert)]

Ask Bill Gates that. 20 years ago called and wants its deposition tactics back.

Badly configured IPv6

[DrYak]

It might happen with badly configured IPv6.

Among other, IPv6 addresses can be created by adding a suffix derived from you MAC address to the prefix advertised by your router.

Of course, there are privacy extensions, which generate addresses by adding random nonsensical suffices to the prefix, and a well configured IPv6 stack should generate several of those and prefer them over the MAC-derived one.
(i.e.: your laptop will respond when called by it's MAC-based IPv6 - useful for services, e.g.: SSH - but when contacting the web, it will present itself with a random addresses so your mac address should never be revealed in some webserver's logs).

Facebook supports IPv6.

A badly configured IPv6 combined with some clever javascripting (e.g.: the "like" button that you see on virtually any website when you don't have FSF's "Privacy Badger" activated) makes it possible for Facebook to track you by your mac address no matter which network you're connecting from.

(I'm saying facebook, but it works just as well with any other IPv6 support social website that has its buttons plastered all over the web: Twitter, etc.)

So, if you use IPv6, remember to enable the bloody privacy option on.

Re:Badly configured IPv6

[93+Escort+Wagon]

It might happen with badly configured IPv6.

Well, then, it would seem that "badly configured IPv6" has pretty much been the norm under most OSes, until fairly recently.

I'm not arguing - just pointing out we're not talking about some tiny edge case.

Re:Mental gymnastics

[gnick]

Until you sign up, you are an unwitting, unwilling user.

Facebook has done nothing illegal

[mi]

With all the hate suddenly piled up on the company, someone has to point out, that they've done nothing illegal. Not even unethical — certainly, not grossly so.

The information they keep about people was given to them voluntarily — either by users themselves, or by their friends and acquaintances. And what they now know, they are free to share — sell, give away, publicize, it is up to them.

Contrary to frequent assertions by the weaker-minded, there is no "right to be forgotten".

This whole "grilling" and questioning is quite extraordinary and barely constitutional, for it has most of the markings of a criminal prosecution without any crime.

That said, Zuckerberg does seem like a dork and an "accidental" billionaire, without the faculties, abilities, and guts normally necessary to achieve the power he wields.

Re:Facebook has done nothing illegal

[110010001000]

I don't understand what you guys want. Do you not think every web property tracks you? Do you not think Slashdot doesn't track you? There are a dozen web trackers on this website. The mind boggles!

Re:Facebook has done nothing illegal

[WaffleMonster]

I don't understand what you guys want. Do you not think every web property tracks you? Do you not think Slashdot doesn't track you? There are a dozen web trackers on this website. The mind boggles!

Cross-site cyber stalking of users is no different or acceptable than spending your day following someone around all day and compiling lists of their every move.

Who does it is as irrelevant as trying to get out of a speeding ticket by pointing out instances of other speeding.

Re:Facebook has done nothing illegal

[NichardRixon]

"The information they keep about people was given to them voluntarily — either by users themselves, or by their friends and acquaintances. And what they now know, they are free to share — sell, give away, publicize, it is up to them."

I disagree. Most of the people who provided the data to Facebook had no idea that it could be used in the way it is. Most Facebook users still don't know what's being done with their data, and that's exactly the way Facebook wants it. To say that these people willingly handed it over is like saying people scammed during the savings and loan scandals should have known better. When is the last time you read three or four pages of fine print legalese before signing up to use a website, or when applying for a mortgage? Even if you're determined to read it, you won't fully understand it unless you're a lawyer.

And when they scrape copies of every text message you sent with your cell phone, back when they could do it without asking; when they collected the names and phone numbers of all of your contacts; when they kept logs of who and when you call; when they keep logs of where you've been day after day out using location data from your phone--when they store all of this information, combined it with data from your Facebook profile, then put AI engines to work on it--I would say that those actions were all illegal invasions of privacy. Zuckerberg and friends should be tried for illegal eavesdropping.

And when that's done, they should start on Google and Microsoft . . .

Some people worry about what will happen when computers get smarter than people. They don't realize that it's already happened. AI can process huge volumes of data that humans could never hope to handle. The insights/information that can be derived from the kind of data that Facebook and Google keep boggles the mind. But don't believe me. Google it for yourself and you'll see. Maybe start with 'psycho-analytics'.

Re:Mental gymnastics

[dgatwood]

How is a non-user different from someone who is neither a user nor a non-user?

I believe the word should actually be "either", not "neither", and the answer, of course, is Heisenbergian uncertainty. The wave function does not collapse until observed. :-)

There are three groups: People who are known to be Facebook users, people who are known to not be Facebook users, and people who might be either one. In the first group, you know their account info, so you know who they are, and you know that they have Facebook accounts. In the second group, you know enough about them (name, phone number, address, whatever) to believe with a reasonable degree of certainty that they are not Facebook users. In the third group, you don't have enough information to decide either way.

That said, what the GP post appeared to mean was that there are active users, inactive users, and non-users. The GP erroneously conflated inactive users with non-users.

Zuckerberg knew his questioners lacked knowledge

[NichardRixon]

Zuckerberg took maximum advantage of the fact that the questions came from people mostly lacking the technical knowledge to judge his responses. For example, when asked if Facebook could track users across devices, he acted as though he didn't know. Is there anyone here who believes that? I wish we could ask him a few questions on Slashdot!

Zuckerberg also said that Facebook doesn't share user data, just uses it to predict which advertisements users are likely to respond to. In that case I'd really like to see what gets sent when someone uses Facebook to sign into a third party website.

I don't know what a "shadow profile" is

[chispito]

I don't know what a shadow profile is, but collecting data on anonymous visitors to your website is not a privacy violation, it's practicing security.

I'm surprised that the comprehension around here seems to be about on par with the congresscritters.

Re:I don't know what a "shadow profile" is

[110010001000]

And so does Google...and Microsoft...and your credit card company...and your bank...and credit services...and everyone else. You guys are stunningly naive. The point is that collecting the data should be illegal.

Re:I don't know what a "shadow profile" is

[chispito]

That's not it at all. Let's say that 10 different people have you listed as a contact in their phones, and that those 10 people are on Faceplant. Facebook will create a shadow profile for you that connects you to these 10 people. And of those 10 people start sending you text messages? Facebook has that as well.

Wait, so you mean when people give an app full access to their contacts, the developer of that app has full access to their contacts? Shocking. I'm not seeing the troubling part, other than how quick people are to provide full access to apps on their devices. I don't think Facebook really has to connect many dots to suggest contacts, based on the crazy volume of data people provide to them willingly.

Re:Mental gymnastics

[dgatwood]

No, no, you have that backwards. Facebook uses everyone. Everyone does not use Facebook.

How does Zukerberg track non-Facebook users

[najajomo]

By contracting with companies to plant invisible trackers known as WEBBUGs on their web sites, such as these that are pinged every time you click on a techcrunch.com page:

cdn.tinypass.com/
d1z2jf7jlzjs58.cloudfront.net/
dashboard.tinypass.com/
dpm.demdex.net/
geo.yahoo.com/
o.aolcdn.com/
p.typekit.net/
plugin.mediavoice.com/
s.sa.aol.com/
s.yimg.com/
sb.scorecardresearch.com/
stats.wp.com/
use.typekit.net/
www.google-analytics.com/
www.npttech.com/

And these ones that are pinged when you click on a slashdot article:

a.fsdn.com/
ads.pro-market.net/
analytics.slashdotmedia.com/
cdn-social.janrain.com/
cdn.taboola.com/
consent.trustarc.com/
d1o5u7ifbz3swt.cloudfront.net/
ml314.com/
rpxnow.com/
snap.licdn.com/
ssl.google-analytics.com/
tag.crsspxl.com/
www.stack-sonar.com/

Re:Mental gymnastics

[brunomagalhaeslopes]

With data provided by users, Facebook knows a lot about non-users.

There is such a thing as a shadow profile. It is a shame that Zuckerberg denies its existence.

I resisted to create a Facebook account, but five years ago I did it. Many people had sent me invitations, and it looks like that with the information other users provided, Facebook correctly guessed many things about me. It did not asked my my home town: it asked me to confirm their guess. Same for high school, university, occupation, place of work, etc.

I do not know if Facebook "knew" all this about me or was guessing based on data provided by other people. Facebook knew that a large portion of people that invited me had studied on a particular high school, and other worked for a particular company. Anyway, my "shadow profile" was alive and well when I first met him.

Too bad I am deleting my Facebook account in a couple of weeks.

Re:Mental gymnastics

[war4peace]

They're not supposed to do that!

I guess that phrase pretty much sums up the reason for this Congress hearing's existence :)

Did he also lie about knowledge of section 230?

[schwit1]

Zuckerberg says he is not familiar with Section 230 (the law that protects ISPs from liability for third-party content.) That would be like the CEO of SmithKline saying he doesnt know anything about pharmaceutical testing rules.

If his lawyers after all this time never briefed him on Section 230, he is either lying, willfully ignorant, or being poorly served by his legal team.

Re:Mental gymnastics

[Lead+Butthead]

Until you signed up, you're an unwitting, unwilling MERCHANDISE.

"Mr. Zuckerberg, you're full of shit. I didn't think it was possible for a (purported) person to have a higher bullshit content than Ajit Pai until I heard the drivel that came out of your mouth."

Re:Mental gymnastics

Also you WAP is on your private network. Nothing outside of your private, logical subnet needs to know you MAC.

Not necessarily true. Many automated configuration algorithms use MAC addresses to ensure some level of uniqueness or as a tie breaker.

The most prominent use is automated IPv6 addressing. IEEE EUI-64 embeds your MAC within your IPV6 address if not statically or DHCP assigned. All someone needs to do is query the IPv6 address in a browser script to get the MAC address of most everyone who does not have a IPv6 DHCP complaint ISP.

Re:Zuckerberg knew his questioners lacked knowledg

[Zmobie]

Your first point is basically what they were banking on. Most of Congress lacks the technical expertise to verbally spar with him on most of these issues. He is employing the tactic every software engineer ever has when talking to non-tech executives. Plead ignorance to simple but damning questions and give overly complex answers to others such that management won't understand and doesn't want to look stupid. I really wish they would have pulled in some of his engineering leads that HAVE to be familiar with the product implementation so he couldn't plead ignorance so easily.

You second statement I think he was just abusing the double meaning. They aren't sharing data in the sense of a business deal where they get paid for the data, but they absolutely know they share a ton of information with developers and anyone plugging into the site to provide "enhancements" to their service.

Re:Mental gymnastics

[swillden]

They're not supposed to do that!

There's no network technology-based need for them to do that, but if the operating system makes the data available to them they can and some do use the MAC address as a unique device identifier. The major mobile device OSes have stopped providing it.

opting out, eh?

[sacrilicious]

Lujan: It's been admitted by Facebook that you do collect data points on non-[Facebook users]. My question is, can someone who does not have a Facebook account opt out of Facebook's involuntary data collection?

Zuckerberg: Anyone can turn off and opt out of any data collection

HOW? How can someone, who isn't a facebook user, opt out of this data collection? If by "turn off" he means "not use the internet", that's not an answer. Zucktard.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Mental gymnastics

[Ol+Olsoc]

No, no, you have that backwards. Facebook uses everyone. Everyone does not use Facebook.

The first time I used a script blocker, years ago, on any of the "popular" sites, and especially news sites, there were many facebook tracking scripts. You didn't find out just how many there were until you started tracing them back to see who ran them.

So I am completely certain that Facebook collected the Users names of those who logged into the sites, collected data about everything they read, almost certainly collected their real names, and distributed that data directly to..... who knows?

Oh....... wait......... we do know now exactly who they were selling or giving almost everyone's data to. And no doubt there are plenty of others.

Seriously, if that festering asshole in charge of running the worlds largest weaponized data collection center isn't aware of the fact that they collected and weaponized data against everyone, and people believe him - well I have some some oceanfront property to sell them in Colorado.

Re:Mental gymnastics

[Ol+Olsoc]

With data provided by users, Facebook knows a lot about non-users.

There is such a thing as a shadow profile. It is a shame that Zuckerberg denies its existence.

Somewhere back in the bowels of Slashdot, I made a report of my experience when I installed my first script blocker. Facebook had more trackers than Google. Google was easy to find. You just looked at the names of the scripts that were blocked, they had "google righ in them.

But I had to whois a lot of others, and by cracky, there was facebook with multiple trackers on all the pages of popular sites, especially on news sites.

So if the idiot doesn't know that he has people writing tracking scripts, maybe he needs to pay attention. But he knows.

Too bad I am deleting my Facebook account in a couple of weeks.

Happy sarcasm noted. block scripts too to make it more effective. I had to use facebook for some projects I'm working on. But as they finish up, I'll delete my account too.

Re:Mental gymnastics

[boundandgaggedwomen]

People who are known to be Facebook users, people who are known to not be Facebook users, and people who might be either one.

Except for a handful of slave children in India, everyone is a Facebook user whether they want to be or not.

In Soviet Russia, no one uses facebook. The rest of the world-facebook uses you!

Re:Turn in your nerd card.

[Sarten-X]

The Clinton example is an excellent one: As I recall, earlier in his testimony, it was established exactly what fell under the definition of "sex" for that discussion. If he said he did have sex with Lewinski, it actually would have been a lie, and most Americans would still be confused.