22 votes

Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent

13 comments

  1. [8]
    ThisIsMyTildesLogin
    Link
    There seems to be a new Facebook scandal every month. They've proved, beyond any doubt, that they cannot be trusted with the data we give them. It's well past time for Zuckerborg to step down and...

    There seems to be a new Facebook scandal every month. They've proved, beyond any doubt, that they cannot be trusted with the data we give them.

    It's well past time for Zuckerborg to step down and find something else to do with his life.

    13 votes
    1. [6]
      Amarok
      Link Parent
      Honestly, I think this proves we shouldn't be trusting anyone with that data. Facebook has unlimited resources to throw at the problem, and they can't manage user data securely. I don't see any...

      Honestly, I think this proves we shouldn't be trusting anyone with that data. Facebook has unlimited resources to throw at the problem, and they can't manage user data securely. I don't see any reason that some other company would have more success than they have.

      The 'right' way to do this is by storing everything on the server side fully encrypted, so that all any company has access to is a binary blob they cannot read at all. The user's data is still saved in the cloud with all of the benefits that provides, but it can only be accessed by that user using their keys, which will need to be entered into every device they want to hook up to their cloud service.

      This greatly complicates things like 'friending' someone or targeting advertisements and other forms of cloud-social interaction, but it only complicates them, it does not prevent them.

      12 votes
      1. [6]
        Comment deleted by author
        Link Parent
        1. Amarok
          Link Parent
          I like that even better. :D

          I like that even better. :D

          1 vote
        2. [3]
          Soptik
          Link Parent
          Who posted his vision of this here? I remember a Tilderino sharing his/her website with pretty detailed system which wasn’t that different. He had a part there about the user himself being in...

          Who posted his vision of this here? I remember a Tilderino sharing his/her website with pretty detailed system which wasn’t that different. He had a part there about the user himself being in charge which applications can see which data a communicate with each other.

          It was really interesting, but I didn’t comment or bookmark it.

          1 vote
          1. [2]
            cfabbro
            Link Parent
            Is this the one you're referring to? https://tildes.net/~tech/caz/the_cloudfall_an_essay_about_how_to_design_a_truly_personalized_experience I don't think it was @ThatFanficGuy's site though. IIRC...

            Is this the one you're referring to?
            https://tildes.net/~tech/caz/the_cloudfall_an_essay_about_how_to_design_a_truly_personalized_experience

            I don't think it was @ThatFanficGuy's site though. IIRC it was just an essay they found.

            1 vote
            1. Soptik
              Link Parent
              That's it, thanks! I think it was his', I think I read one of his comments mentioning this. But maybe I just mixed it up with someone else. Edit: You're right, in the comment he even mentions it...

              That's it, thanks!

              I think it was his', I think I read one of his comments mentioning this. But maybe I just mixed it up with someone else.

              Edit: You're right, in the comment he even mentions it isn't his :-)

              I think I was inspired, for this particular idea, by a manifesto I'd read. It talks about incorporating device-local AI to analyze the user's patterns and formulate personal suggestions, instead of sending the same data to corporate servers where it can be analyzed for ads.

              1 vote
        3. ThatFanficGuy
          Link Parent
          Still trying to wrap my head around how Solid should work. It's supposed to work already, 'cause I read Tim uses it at the present, but – how? Wouldn't that require an infrastructure of its own?...

          Still trying to wrap my head around how Solid should work. It's supposed to work already, 'cause I read Tim uses it at the present, but – how? Wouldn't that require an infrastructure of its own? Or is it akin to a password storage?

    2. alyaza
      Link Parent
      he'd probably just step down and immediately shuffle over to instagram or whatever and do the same thing so i'm not convinced this is something we actually want unless we intend for mark to become...

      It's well past time for Zuckerborg to step down and find something else to do with his life.

      he'd probably just step down and immediately shuffle over to instagram or whatever and do the same thing so i'm not convinced this is something we actually want unless we intend for mark to become a vagrant tech bro ruining company after company with his horrifying ideas

  2. [5]
    unknown user
    Link
    It says Facebook are going to delete the said data. How can we know a company deleted data that they say they did? Do we have any legal &/ technical method of doing that? I believe the fight...

    It says Facebook are going to delete the said data. How can we know a company deleted data that they say they did? Do we have any legal &/ technical method of doing that?

    I believe the fight against Facebook and the like is futile. The perpetrator of all these troubles is the ad industry. We need to debunk the myth of the utility of ads. Just like when fascist pay your wages, you can't he a freedom fighter; you can't have online privacy when publishers of invasive ads are the bosses of internet.

    1 vote
    1. [3]
      Deimos
      Link Parent
      We can't know, and this is one of the scariest aspects of the whole data-collection topic. It's almost all on the honor system—companies say that they're doing things a certain way in their...

      We can't know, and this is one of the scariest aspects of the whole data-collection topic. It's almost all on the honor system—companies say that they're doing things a certain way in their privacy policies and other documents, but it's almost never verified and there's not any way to do so from the outside. How would anyone even figure out if they were lying or not?

      Even when a site is quite open like Tildes, you still can't really know for sure. You can look in the code and see that there's a script to clean up a bunch of old/private data after 30 days, and that it should be running every day, but there's no way to verify that I haven't secretly changed the "30 days" to "1 year" on the actual server, or even that I haven't completely stopped the script from running. Any way of "proving" that I'm doing it properly could be manipulated or circumvented (copy the data elsewhere before deleting it, etc.).

      I don't even know what a potential solution to this problem could be.

      3 votes
      1. Soptik
        Link Parent
        Exactly. People trust websites because “It’s on the internet, it’s official!” In our country, several hundred schools uses system (grades, timetable, ...) that is almost impossible to use on...

        Exactly. People trust websites because “It’s on the internet, it’s official!”

        In our country, several hundred schools uses system (grades, timetable, ...) that is almost impossible to use on mobile and has just awful UX. I made unofficial server (did you know that you can turn off certificate pinning on android by replacing a library in apk, thus allowing mitm?) that basically just offers better interface.

        And it blows my mind, why do people trust me? Why do they use some random 3rd party application? Why do they put their school password? I could collect the passwords and log into their account without any problem. I could get their grades, their real name, their address. Why do they trust me?

        Everything is encrypted and I don’t have keys, but most people don’t even know what that means. Or I could just simply lie and collect everything!

        2 votes
      2. cfabbro
        Link Parent
        Some sort of semi-transparent production server showing the currently running code with checksums? But I guess even that could be smoke and mirrors and opens up all sorts of other issues, I'm sure.

        I don't even know what a potential solution to this problem could be.

        Some sort of semi-transparent production server showing the currently running code with checksums? But I guess even that could be smoke and mirrors and opens up all sorts of other issues, I'm sure.

    2. masochist
      Link Parent
      The only thing that can take down Facebook is the government, and of course we know the US government's stance on regulating businesses.

      The only thing that can take down Facebook is the government, and of course we know the US government's stance on regulating businesses.

      1 vote