Do I know you? Facebook seems to think so. But how?
December 8, 2017 9:43 PM   Subscribe

"Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections." [SL Gizmodo]

"Shadow contact information has been a known feature of Facebook for a few years now. But most users remain unaware of its reach and power. Because shadow-profile connections happen inside Facebook’s algorithmic black box, people can’t see how deep the data-mining of their lives truly is, until an uncanny recommendation pops up."
posted by Juso No Thankyou (62 comments total) 29 users marked this as a favorite
Do states have any power over this? Like if Delaware passed a law about shadow profiles would facebook even change in Delaware? How does that work?
posted by oceanjesse at 9:45 PM on December 8, 2017 [3 favorites]

I don’t have a Facebook account. I am quite sure there is a me-shaped hole in their data that defines me as clearly as if I did.
posted by bigbigdog at 10:01 PM on December 8, 2017 [55 favorites]

Please everyone stop using Facebook now.
posted by koavf at 10:57 PM on December 8, 2017 [14 favorites]

Google is just as nasty as Facebook. Earlier this year (In Sweden, anyways) they started this thing where Google Maps on Android would figure out exactly which business you had visited and ask you to review it. Sounds good? Well, not if that business is something sensitive, say a clinic or a sex toy shop, and other people, like a family member, have easy access to your phone.

The problem isn't just that these features are detrimental to our privacy, the people at these spy factories don't even take the time to analyze the safety implications of their software.
posted by Foci for Analysis at 11:02 PM on December 8, 2017 [27 favorites]

Of the popular privatized surveillance networks, I’d say Facebook is probably my favorite, but I do use Google a lot too.
posted by DoctorFedora at 11:04 PM on December 8, 2017 [14 favorites]

I don’t have a Facebook account. I am quite sure there is a me-shaped hole in their data that defines me as clearly as if I did.

Your lack of a aggregated social media profile could be used against you. Employers and nation states now routinely check it to establish identity and trust and not having one makes you look suspicious.
posted by Foci for Analysis at 11:04 PM on December 8, 2017 [14 favorites]

This reminds me of the time Facebook was recommending my violent ex’s family members to me as friends. Good times. Or something.
posted by corb at 11:06 PM on December 8, 2017 [6 favorites]

Just because you don't have a facebonkers account, don't think facebonkers doesn't track you anyway.
posted by smcameron at 11:08 PM on December 8, 2017 [1 favorite]

> Employers and nation states now routinely check it to establish identity and trust and not having one makes you look suspicious.
If said business or nation state must participate in mass surveillance to establish some basic trust, then no, I don't want to work there or visit, and it's convenient that they self-exclude so I don't have to.
posted by runcifex at 11:12 PM on December 8, 2017 [13 favorites]

Also, why does Gizmodo put that ridiculously large, Marvel-themed ASCII art in HTML comment blocks?
posted by runcifex at 11:20 PM on December 8, 2017

I've never been more glad that for years, Facebook has only recommended people that I definitely do not know whatsoever.
posted by destructive cactus at 11:45 PM on December 8, 2017 [2 favorites]

it's a lowest common denominator thing. once it becomes possible for idiots to give up all their info, there is no way to keep from being in that info.
posted by wibari at 11:49 PM on December 8, 2017 [4 favorites]

So someone was trying to rope me into doing extensive production work for a short microbudget film.

I said we’d better look into preproduction software and I’d see if there were any good solutions and get back to them.

They said “just do it all on Facebook!” (They have never made a film before! Could you tell?)

I said I don’t do Facebook for privacy reasons.

They said “can’t you make a fake account?” THAT IS NOT HOW IT WORKS

(so anyway i backed out and some time later they lost their title character, which i can only hope means the actor dropped out, rather than that they just put him down somewhere and forgot where)
posted by tel3path at 12:27 AM on December 9, 2017 [5 favorites]

posted by Juso No Thankyou

posted by chavenet at 2:19 AM on December 9, 2017 [2 favorites]

If said business or nation state must participate in mass surveillance to establish some basic trust, then no, I don't want to work there or visit, and it's convenient that they self-exclude so I don't have to.

I definitely understand the sentiment, but I, and I think most people, don’t really have the luxury of turning down a job over something like this. That’s part of what makes this so awful; we’re well past the point where most people really have a say in this sort of thing.
posted by shapes that haunt the dusk at 2:56 AM on December 9, 2017 [21 favorites]

I knew, knew, knew when all the social media networks, especially facebook and google, started doing the thing of "let us check your contacts list for friends you already know!" this was happening. Just because nobody on your list was on the network already doesn't mean they didn't do something with the data you just gave them.

I always refused, but it doesn't matter. They don't need me to confirm what everyone else already told them.
posted by ctmf at 3:27 AM on December 9, 2017 [12 favorites]

a zero ethics private investigator
posted by filtergik at 4:25 AM on December 9, 2017

Google is just as nasty as Facebook. Earlier this year (In Sweden, anyways) they started this thing where Google Maps on Android would figure out exactly which business you had visited and ask you to review it. Sounds good? Well, not if that business is something sensitive, say a clinic or a sex toy shop, and other people, like a family member, have easy access to your phone.

It gets better. Given a long tail of everybody's data, they could correlate the locations of everybody's phones and, filtering out workspaces and apartment buildings, determine what company they keep. Some of this would be for demographic targeting (the company you keep could determine how likely you are to respond to specific types of ads), though it could also be used to find people who are associating with subversives; i.e., has this person been in a public establishment with various people in category X on multiple occasions? If so, they're probably associated with category X. The palatable case it could be sold on is finding people who spend time in the company of Islamist jihadists or neo-Nazis, possibly being radicalised, though replace neo-Nazis with campaigners against multinational tax evasion and it remains just as plausible.

(And that's not even counting the security services of an authoritarian state commandeering this data and using it to find “the enemy within”; i.e., Iran or Malaysia hunting down suspected atheists or Russia usingit to identify closeted homosexuals (“not to persecute them, but to make them known to the authorities, for their own safety”) or similar.)
posted by acb at 5:00 AM on December 9, 2017 [13 favorites]

From time to time, Instagram surfaces people I shared a house with ten years ago or something.

Instagram's ad targeting is slightly odd. From the start, it has been showing me ads for unlicenced pop-cultural knickknacks; i.e., wall hangings/accessories/gewgaws to advertise my supposed Wes Anderson fandom and such. More inaccurately, it seems to think I might have the best part of a million pounds to spend on a new-build apartment in South London to decorate with those. Recently, I'm seeing a lot of LGBT-targeted ads (for counselling services and for a LGBT-oriented Airbnb-style service, for example), suggesting that their ad-targeting profile for me labels me as gay. I do not intend to disabuse them of this.

I'm wondering on what basis Instagram's algorithm inferred that. Perhaps the lack of photos of babies/children despite being over some age-related cutoff adds a value to one's estimated Kinsey score or something?
posted by acb at 5:09 AM on December 9, 2017 [1 favorite]

Back when Snowden was the story du jour, there were plenty of people saying, "I told you so". A lot of the response to that was "so what". Whenever I heard that, I generally tried to explain just how dangerous it is to re-create the Stasi in all but name. And the predictable response came back, "governments are benign now, and it's highly unlikely that they will ever turn nasty again. Nobody's ever going to use this information for nefarious purposes".

That argument had very little weight back in 2014, and it has even less now.
posted by Juso No Thankyou at 5:16 AM on December 9, 2017 [18 favorites]

So, deleting your FB account means nothing. (?)
posted by parm=serial at 5:52 AM on December 9, 2017 [1 favorite]

What's interesting to me is that I follow CAIR - the Counsel on American Islamic Relations - on the facebook I have only for events and which is not associated directly with any identifying material. On other sites, I recently started getting ads for some kind of Middle Eastern cable service, which looks cool and all but is not remotely germane to anything else in my life. I have never accessed FB on my phone, I have no friends on it and I do not use it to comment. But something is going on.
posted by Frowner at 5:58 AM on December 9, 2017 [2 favorites]

I imagine that the shadow world where the shadow profiles live and work is something like The Upside Down in Stranger Things.
posted by mecran01 at 6:01 AM on December 9, 2017 [4 favorites]

Someone or something (a bot) recently impersonated me on Facebook. The fucker ended up with more of my friends and acquaintances than my real account has.

And he/she/it probably reported my real account as the imposter, because I was locked out of Facebook while I watched the imposter account continue to gather a long list of names I know, some of whom I haven't exchanged one word with in 10 or 15 years, people I knew only through poetry blogs and email lists I haven't seen in years.

People apparently kept accepting the bot's friend requests, or maybe they were going for those Facebook friend suggestions, because the bot was building quite a list of unwitting buddies until I managed to convince Facebook that I was the real me and the bot wore a goatee.
posted by pracowity at 6:05 AM on December 9, 2017 [9 favorites]

This is why it's important to have two email addresses, a 'real' one for actually emailing people and a second one (with a different provider) thats just used for signing into websites.
My contacts can share my real email with Facebook or Google all day long but it won't be any use to them because I don't use that address to sign into any web-service anywhere.

If the adverts are anything to go by, Facebook can't even figure out if I'm male or female so I think the strategy is working.
posted by Lanark at 6:17 AM on December 9, 2017 [5 favorites]

Hm. An encrypted contact app with a fake contact generator for your “embedded contact app” would be cool.
posted by Annika Cicada at 6:24 AM on December 9, 2017 [4 favorites]

Call it “dazzle ships” (dazzle relation-ships, get it?)
posted by Annika Cicada at 6:25 AM on December 9, 2017 [9 favorites]

Google is just as nasty as Facebook. Earlier this year (In Sweden, anyways) they started this thing where Google Maps on Android would figure out exactly which business you had visited and ask you to review it.

Yeah, and in certain areas it's really bad about getting the location right. When I was in New York for a while, it kept suggesting I was at a local pizza place that was 2 blocks away (in the opposite direction from which I'd just come) when I'd arrive home to my apartment.
posted by limeonaire at 6:41 AM on December 9, 2017 [2 favorites]

Choking these services with useless data would be a good counter-strategy, except you'd need a lot of people on board to make a difference. Something like a fake contacts feed baked into iOS, but even then you'd have to convince people it's worth it to deny Facebook this information. Good luck with that.
posted by Mr.Encyclopedia at 6:54 AM on December 9, 2017 [1 favorite]

I get my money from essentially working a bunch of side hustles in the arts. I wish I had the luxury of choosing to stay off facebook, but I'd essentially just stop getting new work.

This is terrifying. The new hustle/small business economy revolves around keeping yourself active and visible on social media(and with the god awful job market in my city I have no choice, I can't compete for a job at starbucks if all the other applicants have master's degrees).

I want to leave facebook, but I want to have food on the table far more.
posted by InkDrinker at 7:07 AM on December 9, 2017 [12 favorites]

The bit that makes me most angry is that we all have accepted what we choose to share has left our control. That was explicitly in the user agreement.

BUT. At no point did I give anyone else the right to share information that I consider to be private, and I am waiting for someone to sue the bejeezus out of Facebook for collecting and storing information that the individual explicitly chose not to share with them. I cannot in any way understand how they think it is perfectly fine to harvest my private information from acquaintances.

If my coworker or brother has my real name or home phone number, fine, but I never gave them permission to share those details with a social media network on my behalf. We need an enforced opt-out like the EEU demanded of Google. In the current political climate? Good luck sans massive costly lawsuit.
posted by caution live frogs at 7:17 AM on December 9, 2017 [14 favorites]

I’ve had a lot of these weird friend recommendations on Facebook, mostly centering around my sex life.

The neighbor that messaged me on Grindr
The guy I hooked up with while I was home for Christmas
The guy I spent time with in Iceland (that one makes at least a little sense as we used WhatsApp)

It doesn’t really worry me, necessarily. But it is... weird.
posted by Automocar at 7:26 AM on December 9, 2017 [3 favorites]

If people look you up on Facebook, even if they don’t friend you, Facebook will suggest them to you as friend recommendations.

So if your Grindr dates Facebook stalk you to make sure you aren’t an axe murderer before meeting up then FB is going to suggest them to you even if you have no other online connection with them whatsoever.

That part of the algorithm is not particularly creepy, although it can throw up some surprises.

(Also, if you happen to be tracking people down on Facebook that maybe you shouldn't be, or you’d rather they didn’t know, then you have to do it from an alt account with no details that connect it to you or else Facebook is likely to rat on you to your target, without any advanced matching algorithms. Tradecraft has got really hard in the modern era.)
posted by pharm at 7:33 AM on December 9, 2017 [6 favorites]

Next year on may 25th the new EU rules called General Data Protection Regulation(GDPR) goes into effect. It applies to companies who have users that are EU citizens, residents or visitors. The fine to companies that violate the rules can be 20 million euro or up to 4% of global revenue. The new rules requires opt-in for data collection and deletion of data when users withdraw their consent. It also lets a user request user data from a company that has data on a user, the company has to send it within a month for free.

A lot of companies within the EU are preparing for these new laws. I guess we'll have to see how they affect Facebook and Google. Maybe people will travel to Europe in order to get a copy of their shadow profile.

posted by Julianna Mckannis at 7:57 AM on December 9, 2017 [8 favorites]

Amigara Fault is other people
posted by halifix at 8:00 AM on December 9, 2017 [2 favorites]

An encrypted contact app with a fake contact generator for your “embedded contact app” would be cool.

This is one of two projects I've been mulling over (the other is a "Sleepwalking" app, which receives location updates from other random phones and feeds them to any local process that's snooping your GPS stream while your phone is actually stationary.)

The problem is, even if you have a million random people in your contacts (and a special app that knows which of them you're actually interested in), you still only place and receive calls from a few of them. And if those people have Annika Cicada in their Contacts list, then you're really just thwarting the stupid and less-connected apps that don't get to spy on your phone calls.

No, wait! If you can fake GPS, maybe you can fake calls! (If you can dodge a wrench, you can dodge a ball!) So maybe the chaff Contacts database could do "Drunk Dialing," where it pretends you were always on the phone with random other people. The challenge will be getting the data at the other ends of these calls to agree.
posted by spacewrench at 8:16 AM on December 9, 2017 [3 favorites]

If the adverts are anything to go by, Facebook can't even figure out if I'm male or female so I think the strategy is working.

I dunno. This sort of thing is worrisome, but I don't think FB has gotten the algorithm working as well as the theory yet. FB ads seem to think I'm a Chevy Driving, Semi-Auto gun owner, who buys lots of gold, and gambles online.

Which.... No.*

Facebook's main utility is as a securish microblogging and photosharing service that allows me to remain in some contact with my mother and other relatives in a way that I don't have to administer passwords and all that. I get that other people interact with the service a lot more, and... well, yeah, I'd expect FB to have and use more and better data in that case - but why do that ?

*incidentally, last year during the campaign, I saw so so so many ads for "Hitlery KKKLinton wants your precious fluids" type crap that I was absolutely gobsmacked. Facebook's ad algorithm doesn't seem to take into account what ads you block/hide/report - I did an experiment for a month, and it didn't work at all. Facebook's fake news ad problem is far, far worse than they seem to realize - of if they do realize, they are either powerless or unmotivated to stop it.
posted by Pogo_Fuzzybutt at 8:18 AM on December 9, 2017

Facebook doesn’t like, and doesn’t use, the term “shadow profiles.” It doesn’t like the term because it sounds like Facebook creates hidden profiles for people who haven’t joined the network, which Facebook says it doesn’t do.

What? This is a lie. This is one of the explicit complaints in that Everybody (in the EU) vs. Facebook case.

I'd really, really like to see where Facebook said they don't do that.
posted by ernielundquist at 8:29 AM on December 9, 2017 [7 favorites]

if they do realize, they are either powerless or unmotivated to stop it.

pretty sure it's the latter, tbqh

I'd really, really like to see where Facebook said they don't do that.

it's less that they've said 'we don't do that' and more that they've said 'we don't call them "shadow profiles" and we really don't like that term so don't use it because it makes us sound creepy'
(of course, they are creepy, which is the problem here, but their solution to it is mostly to insist that they do not internally use the term 'shadow profile' and to imply that means they don't engage in activities a reasonable person would call 'shadow profiling')
posted by halation at 8:52 AM on December 9, 2017 [1 favorite]

Futility of effort while, well, futile is not something I get hopeless about. I just shrug and consider ways to futilely jack with the data shrines.
posted by Annika Cicada at 9:00 AM on December 9, 2017

Unfortunately, the US doesn't have many meaningful privacy laws, and there are a lot of businesses specifically designed to exploit that. Not only do big companies like Facebook and Google have detailed profiles of you they use to advertise, but there are also tons of companies that make money by explicitly selling your information as well, often straight up on regular, public facing sites.

In a perfect world, your personal information would be your property, and it would be illegal for anyone else to give it away. But the world is far from perfect, and there are entire industries built up around getting naive or apathetic users to give up other people's data in exchange for various bullshit.

Go search your name, your phone number, and your address, and see what pops up there. Unless you're very lucky or your information is new enough that it hasn't propagated yet, odds are pretty good they've got more on you than you know, including a lot of information that didn't originate with "public records," as most of those sites claim. That information is coming, at least in part, from your friends and family who have given it to them. There are tons of apps that gobble up detailed information about everyone in your contacts and sell them to advertisers, data brokers, and just straight up on the web to criminals and other creeps.

There really isn't much you can do about that, EXCEPT to stop fucking doing that, and encourage others to stop as well. It's not about to be illegal, but it should be at least as socially unacceptable to upload your contacts as it is to directly hand over that same information to a random stranger on the street. or to write your friend's numbers on bathroom stalls. Because what you're doing when you install shitty, invasive apps like Hiya or Truecaller is publishing personal information that people have trusted you with. And those are just the ones that explicitly have their own public facing databases. There are plenty of other services that scrape your contacts and sell them to advertisers, to third party directory sites, and to brokers that aggregate and model that information to create nonconsensual "shadow" profiles.

If you want to trade your own information for some convenience, write your own name and number on bathroom walls, that's one thing. But you don't do that to other people unless you're trying to fuck them over.
posted by ernielundquist at 10:03 AM on December 9, 2017 [6 favorites]

Hm. An encrypted contact app with a fake contact generator for your “embedded contact app” would be cool.

why not just not give the Facebook app permission to read your contacts?
posted by indubitable at 10:06 AM on December 9, 2017

why not just not give the Facebook app permission to read your contacts?

Because then they go looking for information elsewhere, and it's liable to be at least somewhat accurate.
posted by Zalzidrax at 10:26 AM on December 9, 2017

This automated contact harvesting is a huge problem, and one of the reasons I've refused to use Facebook from the beginning.

Here's an example of a problem: Someone is on a discussion email list somewhere. Let's call them user A. Let's say that the email discussion list is focused on the topic of, say, underground music or outsider art or something niche.

The user has no control over who subscribes to that list. Let's say someone who is a political extremist (user B) subscribes to and participates in that list via gmail, or any other client or interface that also automatically saves and harvests email. User B goes and signs up for Facebook, allowing it to access their gmail/whatever contact list. Further, a number of political extremists like User B do the same thing.

User A doesn't know user B. User A doesn't even like user B, and strongly disagrees with them and their extremist views and positions. In today's world user A would vastly prefer to not be associated at all with user B. User A spends their time on the mailing list discussing art and music. User B spends their time posting alarmingly violent and/or politically dangerous rants and manifestos and calls to action.

But now Facebook is inviting user A to join Facebook based on user B's contacts. Facebook has now permanently associated user B as a "friend" or contact or whatever, when in reality they've had no direct communication or contact at all. They've only posted to the same email list in different contexts and threads.

At no point is there any context or metadata that reveals any of this to the public. Or law enforcement possibly investigating or monitoring user B. User A is now at risk of being contacted, investigated and even monitored because of the words and actions of user B.

So, yeah, there's a me shaped hole in Facebook, too, and I don't like it at all. It's not just, fair or prudent to have a company with this much personal data, especially with maps of contact networks. Maps that also don't actually map to reality.

And when I'm begging people to abandon Facebook and kill it with fire... this is one of the selfish reasons why I put so much energy and passion into it. Because it's not just about a single user's consent and choice. It's not just about you, the end user, or me, the individual trying to stay out of Facebook's database.

It's because Facebook is ignoring the consent of millions/billions of other people - and whether you like it or not - by using Facebook you're helping them violate that consent of other unwilling participants in a very real and tangible way.

The ways to solve this Facebook and general data harvesting problem is either extreme regulations, or Facebook getting class-actioned into bankruptcy or compliance - or people become aware of the hazards and decide to stop using Facebook in large enough numbers that it makes a difference.

The only real option I personally have for anti-Facebook activism is the last option: trying to explain why its a problem, and try to educate people about why it is actually a problem, and asking them to consider that it even is a problem in the first place.
posted by loquacious at 10:37 AM on December 9, 2017 [14 favorites]

I mean, the ultimate reason you shouldn't give Facebook (or anyone else) access to "your" contacts is that they're not actually yours. They don't belong to you, and they're not yours to give out.

I have my next door neighbor's door code, so I can go into her house when needed. That doesn't make it MY door code. She gave it to me because she trusts me to have it. She never explicitly told me not to give it to anyone else because it kind of goes without saying that I shouldn't hand it over to anyone who might want it for whatever reason, whether they're an individual or a corporation.

And if someone DID ask me for it, I would, of course, not give it to them, but I would also try to find out what they wanted it for, I would not willingly associate with them, and I would make sure everyone knew that that person or institution was sketchy as fuck and should avoided.

The current privacy creep (or, hey, creep creep) has been pushed out by a bunch of institutions that profit from exploiting social connections to profile people without their consent. Step back for a minute, though, and think about what a horrible violation of trust it is to just hand over someone's personal information to any old rando who wants it.
posted by ernielundquist at 11:04 AM on December 9, 2017 [16 favorites]

Yeah, early on before it was common knowledge their "social graph" includes non-users who have not consented, my biggest problem with it was the noise and the "snarf all my contacts by default" setup. No thanks, guys. Thankfully the vast majority of my actual friends are smart enough to say no to things that can be refused, or were until shit became all appified. I quit using it before then.

I'd be equally creeped out by Google, except that they were thoughtful enough to include a tool to show you (and allow you to delete) every bit of data Google has associated with you, and it's even reasonably discoverable. While that is certainly not a perfect solution it's a damn sight better than Facebook's "what personal information? What privacy?" attitude where your settings are constantly fooled with to share things you didn't intend to share and they deny even having half of the information they are known to hold because it's associated with your shadow profile and not your actual account. It also deeply infuriates me that they don't give you the option of taking your ball and going home.
posted by wierdo at 11:09 AM on December 9, 2017

1999: Come to the glorious information superhighway future of tomorrow, where you can easily find all your old friends, make new ones and even order books!

2017: stfu u SJW go buy a triple dong strap on cat tongue send nudes #MAGA
posted by loquacious at 11:13 AM on December 9, 2017 [9 favorites]

The first time Facebook really scared me, and not just in an abstract intellectual sense, was the time it suggested, out of the blue, my wife as a friend, also suggesting me to her on her phone.

Of course, she wasn't my wife at the time. We'd just started dating, and didn't have any friends in common. But those notifications popped up during our first breakfast together. Facebook determined the phones of two users with no known associations to each other in its network had spent the previous 14 hours or so in close proximity over three separate locations and two car trips. 'Uncomfortably voyeuristic' is an understatement.

It's also possible they'd bought metadata from Tinder, I guess. But it's not like that's better.
posted by MarchHare at 11:42 AM on December 9, 2017 [2 favorites]

Just as a possible preview of how this can collide with European laws, there's the recent raid on Scientology by Hungarian police over that organization's collection of data about people who are not members.

I think it's really useful for Americans to keep up with how this works in Europe, so we can tell our sometimes blinkered congresspeople that it IS actually possible to pass and enforce laws about organizations collecting data about you without your knowledge.
posted by kristi at 2:08 PM on December 9, 2017 [7 favorites]

The problem is that our politicians are in it for the graft, so there's no motivation for them to pass laws that impact their donors or the billionaire class of data owners.
posted by SecretAgentSockpuppet at 5:15 PM on December 9, 2017 [2 favorites]

there's the recent raid on Scientology by Hungarian police over that organization's collection of data about people who are not members.

Now there's a dispute where it's hard to pick sides. On one hand, you have a ruthless, fascistic autocracy, and on the other, the same, only they believe the ghosts of dead aliens cause all our problems.
posted by acb at 5:44 PM on December 9, 2017 [2 favorites]

So... I keep my work life separate from personal, but what this is saying is that probably one of my work colleagues who has my cell number for emergencies might have shared it with Facebook, and my mother in law who also has my number in her phone most certainly has shared her contacts with Facebook, and thus Facebook knows my work email? So I could be suggested to people who I've interacted with just through work? I don't know why I'm shocked, but I am.
posted by Valancy Rachel at 8:25 PM on December 9, 2017

The answer is simple really: more noise. Bots running fake Facebook accounts, multiple accounts for one name, fake data., viruses that wreck the data that is being data mined.

It's difficult to destroy the monster, but possible to confuse it.
posted by iamck at 9:24 PM on December 9, 2017 [1 favorite]

I wonder whether that will turn out to be the app that gets us to real AI — good enough human emulation to fool the data miners for long enough to fuck their data, that is smart enough to keep ahead of the miners’ minions.
posted by spacewrench at 10:38 PM on December 9, 2017

There isn't much value in more noise per se because they'll still know everything about all the real people. You need people to adopt new communications channels that never create metadata and mostly abandon everything else.

Right now, Pond is the closest working scheme, but Adam abandoned it, so no new users there. Ricochet and Briar have have more users but they only give you Tor's threat model, which kinda sucks. As I mentioned elsewhere, there are several groups working together to deploy a replacement for email based on mix networking, which we'll be speaking about at 34c4, but so far we've nothing usable.

Also, if you want metadata privacy then you need a solution which is user friendly enough for most people, which rules out Pond, Ricochet, and Briar. Signal almost fits the bill in that Moxie and Trevor at least care about metadata not leaking. Signal's only usability problem comes from it still replacing your SMS app on Android, which makes SMS annoying if anyone ever uninstalls it.
posted by jeffburdges at 3:27 PM on December 10, 2017 [4 favorites]

As an aside, we're also developing a protocol called Fog of Trust that we hope to become a usable variant of the completely unusable Web of Trust from PGP. We published it as sections 5.7, 5.8, and 5.9 starting page 8 in this machine learning paper, but I doubt I'll finish a real protocol paper before this threat dies on 9 January.

In essence, it counts the number of shared contacts without revealing the identity of those shared contacts. In more detail, you share two cryptographic signatures types with your contacts, one that says you attest to their identity, and one that says you trust them to possibly see that you know someone. Alice and Bob run a protocol that tells Alice only the number of people who trust her and attest to Bob's identity. We need the trust signatures because if Alice is malicious then she could limit her trust list to only a few people to learn that some of those people know you. We're trying to land grant money for this critter now, so if we succeed then we'll implement it, improved the threat modelling, etc., and start trying to get messaging applications to deploy it.

As a rule, we can make most online activities have privacy and transparency properties that strongly benefit ordinary people, and make targeted advertising impossible, but doing so requires spending real money, not just on existing cost centers like security, but on complex new ones like crazy new cryptography, privacy preserving multi-party computations, mix networks, etc.
posted by jeffburdges at 3:52 PM on December 10, 2017 [4 favorites]

Or, y'know, maybe people could stop using Facebook and learn to not share contact lists and personal data and generally stop treating the internet like an ongoing, friendly episode of This Is Your Life.

Because all of these schemes for fudging informaton via AI bots sound like a waste of actual watts.

I'm naively hoping that in the future unregulated social media and data mining will be looked back at with the same kind of anachronistic horror and derision as X-Ray shoe fitting machines or giving cocaine tinctures to toddlers.
posted by loquacious at 11:52 PM on December 10, 2017 [1 favorite]

It’s tough, because most people are in the dark about these privacy concerns. You still kind of have to go out of your way to understand what it all means (especially given that most people don’t know very much about how the internet even works in the first place). As long as everyone they know is using this service, and as long as the company keeps providing it, most people will have no reason - that they’re aware of - not to use it themselves.

I don’t think anything will change without external pressure from a robust regulating body. There’s really no way to educate everyone, because it’s a pretty abstract sort of risk to understand. I mean, how long have doctors been saying cigarettes are bad, and how many people still smoke? There’s fewer smokers than there used to be, but that has as much to do with rising prices and declining popularity as it does with public education. We lost X-ray shoe fittings and cocaine for kids not because everyone was hipped to how dangerous they were and stopped using them voluntarily, but because they stopped being available.

What we really need is an Unsafe at Any Speed for the internet, something that combines public outrage with concrete political action. Somehow I don’t see that being possible right now.
posted by shapes that haunt the dusk at 9:34 AM on December 11, 2017 [1 favorite]

Although now that I think about it, I could be wrong about what killed all that stuff - maybe the first step actually was public education. Anyway, I don’t mean to imply that public education is pointless, just that I want the responsibility for this to be in the hands of the companies promoting bad practices, not the people who might fall victim to them.
posted by shapes that haunt the dusk at 9:39 AM on December 11, 2017 [1 favorite]

« Older Don’t blame the election on fake news. Blame it on...   |   Jurassic Bunk Newer »

This thread has been archived and is closed to new comments