The Facebook Conundrum

This is a non technical blog. Well, “technical”, if you are into systems and processes though.

The whole Facebook WhatsApp Instagram Signal Telegram conversation and mess essentially ended up in me taking two very necessary steps and two things that were long pending – spending a day actually reading the Facebook Terms and Conditions (don’t ask!) and then, going ahead and deleting my Facebook profile.

And yes, for people asking, I am not naive enough to believe the terms and conditions of Google are going to be any better – but that conversation will just take the discussion on an altogether different tangent and is best addressed in another post.

So here is what I have done. As most Terms and Conditions across organisations follow a similar phraseology and non committal pattern of wordplay, what I find in Facebook’s case is the overbearing use of examples and the constant underlying themes of “we do not sell your data” to jumping back to “we sell your data” literally the next sentence. I have, thus, left out the myriad of examples extolling the virtues of Facebook that every single paragraph seems to be peppered with, and have concentrated on the core points that each paragraph and subtopics are making

So here goes – and don’t tell me this doesn’t get confusing 🙂

Facebook’s Terms of Use

We don’t charge you to use Facebook or the other products and services covered by these Terms. Instead, businesses and organisations pay us to show you ads for their products and services. By using our Products, you agree that we can show you ads that we think will be relevant to you and your interests. We use your personal data to help determine which ads to show you.

Ok so that’s off to a good start 🙂 Moving on

We don’t sell your personal data to advertisers, and we don’t share information that directly identifies you (such as your name, email address or other contact information) with advertisers unless you give us specific permission

Ok here is where this gets interesting. Does that mean our personal data is used or not used exactly? And what permission? When we post? When we sign up? Does accepting Facebook’s terms and conditions “automatically” imply that the “specific permission” for Facebook to use our personal data has already been granted? Now, I have not seen a single post that I have put out that asked me whether I wanted to provide “specific permission” for data usage or not. The only options I ever saw was public, friends etc. But this is delved into in a pretty fascinating fashion further on. Moving on

We use the data that we have to make suggestions for you and others – for example, groups to join, events to attend, Pages to follow or send a message to, shows to watch and people who you may want to become friends with

What does that even mean? So essentially, you have just provided a global conglomerate complete control of making choices for you in the kind, nature and (I think) number of friends you keep? Not only is this dystopian, this just plain wrong if you give it just a minute of thought. So you have a bunch of nerds (assuming) pre-match you with random people in the hopes that their algorithms and things like your likes/dislikes, device logs and fingerprint and online tracking across sites, workplaces might make you a good fit for a random Joe/Jane? Come to think of it, that’s just how life works I guess – but then, I would rather meet people around me and strike up a healthy conversation to decide if I even want to be friends rather than a lab rat trying to random date me with others and see how that works out. I’d rather not be a lab rat if I can help it 🙂

We don’t share information that directly identifies you (information such as your name or email address that by itself can be used to contact you or identifies who you are) unless you give us specific permission

Ok that’s getting pretty creepy if you ask me when someone goes out of their way explaining how they are not doing things they are not supposed to? Like no mom, I did not hit Tommy, but then, he hit me first, and then, well, I asked people around if I could hit him back, and people started cheering, and so I stabbed him – but mom, that’s just coz people gave me “special permission” when I asked

Now, for the kind of leeway Facebook asks of us for usage of our data, they are pretty specific as to what they want in return. Quote

Use the same name that you use in everyday life;
provide accurate information about yourself;
create only one account (your own) and use your timeline for personal purposes; and
not share your password, give access to your Facebook account to others or transfer your account to anyone else (without our permission).

Whoa, that escalated quickly. Ok, so you spent like donkeys’ years to state you don’t se “personal information” and how names, addresses, locations etc are never shared and then you have a terms of use that specifically asks users to use their real identities? When about every single user profile that is created in click farms is fake? How does that even work? Assuming “business partners” have special privileges I guess but fake profiles are pretty much all the user interactions one gets on promotions – so am not sure why businesses even bother with Facebook advertising – but moving on

When you share, post or upload content that is covered by intellectual property rights on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free and worldwide licence to host, use, distribute, modify, run, copy, publicly perform or display, translate and create derivative works of your content

Really? So let’s say I take someone’s IP and I post it on Facebook – just the mere fact that I posted someone’s IP in my post gives Facebook complete usage rights to the IP? Err Ok 🙂

When you delete content, it’s no longer visible to other users; however, it may continue to exist elsewhere on our systems

That does not sound like you have control of your data, does it?

Permission to use your name, profile picture and information about your actions with ads and sponsored content: You give us permission to use your name and profile picture and information about actions that you have taken on Facebook next to or in connection with ads, offers and other sponsored content that we display across our Products, without any compensation to you.

So what happened to not sharing personal information with advertisers?

So next is the section for browser and device fingerprinting and makes for rather fascinating reading

As described below, we collect information from and about the computers, phones, connected TVs and other web-connected devices you use that integrate with our Products, and we combine this information across different devices that you use

Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
Device operations: information about operations and behaviours performed on the device, such as whether a window is in the foreground or background, or mouse movements (which can help distinguish humans from bots).
Identifiers: unique identifiers, device IDs and other identifiers, such as from games, apps or accounts that you use, and Family Device IDs (or other identifiers unique to Facebook Company Products associated with the same device or account).
Device signals: Bluetooth signals, information about nearby Wi-Fi access points, beacons and mobile phone masts.
Data from device settings: information you allow us to receive through device settings that you turn on, such as access to your GPS location, camera or photos.
Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network, so we can do things such as help you stream a video from your phone to your TV.
Cookie data: data from cookies stored on your device, including cookie IDs and settings. Learn more about how we use cookies in the Facebook Cookies Policy and Instagram Cookies Policy.

So in essence, every single operation in, around or near you, whether you yourself use Facebook or not 🙂 So essentially, the mere fact that you might be residing next to someone connected to the same WiFi or Bluetooth range/location might be enough data Facebook needs to tag, track and locate you 🙂 Best part? You need not even be a Facebook user for that to happen 🙂 Sounds paranoid? Read below

Advertisers, app developers and publishers can send us information through Facebook Business tools that they use, including our social plug-ins (such as the Like button), Facebook Login, our APIs and SDKs, or the Facebook pixel. These partners provide information about your activities off Facebook – including information about your device, websites you visit, purchases you make, the ads you see and how you use their services – whether or not you have a Facebook account or are logged in to Facebook

Oh! So remember the time you were having a discussion with your friend Andrea about that vacation deal and came home to find an Ad on your computer screen? All you had to do was to read Facebook’s terms of use to understand 🙂

Now, next section is from the Data Use policy so I have merely extracted the “we have” or “we use” bits – and if this is not creepy, I don’t honestly know what is!

I am labeling the the below the “We” policy 🙂

we use your connections, preferences, interests and activities 
We connect information about your activities on different Facebook Products and devices
We use location-related information - current location, where you live, the places you like to go, and the businesses and people you're near
We use the information we have
we use face recognition technology to recognise you in photos, videos and camera experiences
We use the information we have about you to select and personalise ads, offers and other sponsored content that we show you
We use the information we have (including your activity off our Products, such as the websites you visit and ads you see)
We use the information that we have to verify accounts and activity
We use the information that we have to send you marketing communications
We use the information we have to conduct and support research
we can provide access to or send public information to anyone on or off our Products, including in other Facebook Company Products, in search results or through tools and APIs

Whoa! That escalated quickly! Take you the flowery bits and you are left with Facebook’s “we” manifesto!

You know things are weird when Facebook goes out of their way, first saying they do not sell your personal data, and then flipping back to state – ah but you know, our partners? Well they do not have to follow these terms of service though, as, you know, they make up their own terms as and when they go about their business 🙂 Excerpt below

But apps and websites that you use will not be able to receive any other information about your Facebook friends from you, or information about any of your Instagram followers (although your friends and followers may, of course, choose to share this information themselves). Information collected by these third-party services is subject to their own terms and policies, not this one.

Huh? what? Really?

Devices and operating systems providing native versions of Facebook and Instagram (i.e. where we have not developed our own first-party apps) will have access to all information that you choose to share with them, including information that your friends share with you, so they can provide our core functionality to you.

What does this even mean? Native versions? Where Facebook as not developed their first party apps? So who is providing support to Preinstalled Facebook on Samsung/Xaomi and God knows who else? What terms and conditions and “special permissions” if any do they have? And how do we then figure out topics like data locality, data security, privacy etc?

We provide advertisers with reports about the kinds of people seeing their ads and how their ads are performing, but we don’t share information that personally identifies you (information such as your name or email address that by itself can be used to contact you or identifies who you are) unless you give us permission

Again, what permission? How do we “give” it? Per the IP paragraph above, Facebook already has permissions to everything around, including possibly our dna sequence 🙂

The data policy ends with more “WE” manifesto

We provide information and content to vendors and service providers
We also provide information and content to research partners and academics
We also process information about you across the Facebook Companies
We store data until it is no longer necessary to provide our services and Facebook Products
We share information globally, both internally within the Facebook Companies, and externally with our partners and with those you connect and share with around the world

At this point, this data privacy policy just reads like a joke 🙂 In essence

People and data are commodities
Sold to the highest bidders
Who have no rights to data
No rights to content
No legal remedies with regards to data privacy and data security
Users are subject to “research” – behavioral, data, AI/ML and are essentially test subjects for Facebook’s boffins
Users are tagged, categorized, geolocated whether they are Facebook users or not
Advertisers control and feed back usage and behavioral aspects of your online activities whether you interact with Facebook or not
Every aspect of your life from friends, events, charity etc is pre-matched in a dystopian fantasy land
Every minute of your Facebook usage is monitored, gauged, behavioral models created so you spend more time and revenue on Facebook

The above was enough of a push to make me go ahead and delete my account 🙂 I am sure there are other nastiness hidden if we spend some more time analysing tcp traffic and system logs etc but why go through that when you have the terms of use to throw you off Facebook completely 🙂

In short, what most people take offense to is not advertising itself. That is not the crux of the issue. But what matters is when you start treating “privacy” as a commodity, which you gain and can use, when people use your products. Something you waive people’s rights from when they sign up. And then use data thus collected as a self fulfilling platform where data driven ads and behavioral profiles are generated, analysed and essentially “sold” to the highest bidders. If you see past the friends and likes and comments that the platform is built upon, you start seeing issues, with the business model, practices, policies and platform – and that’s when you see what you have truly signed up for. And if you are like me, want to have absolutely no part in it all!

Peace!

So how is a say Facebook different to other companies? Explained rather well by Apple below – which went live just when the post went live. Embedding below

New Entry : From Editor

How to build a self-hosted VPN server on AWS

Raspberry Pi K8s/K3s/Kubernetes Cluster from scratch – the easy way!

Understanding an IOS/Apple iPhone “exploit”

Anatomy of a good Social Engineering/Phishing attack!

Sandisk USB 3.1 PenDrive and Raspberry Pi (4b) based Wireless NAS for the Macbook (MacOS Ventura)

Raspberry Pi K8s/K3s/Kubernetes Cluster from scratch - the easy way!

How to build a self-hosted VPN server on AWS

Raspberry Pi K8s/K3s/Kubernetes Cluster from scratch – the easy way!

esxtop annoyances – MAC

Resetting esxi root password

Facebook and Privacy

Can ESXi hosts upgrade via Commandline on Nutanix?

Upgrading ESXi 7.0.x from the command line

The Facebook Conundrum

Leave a Reply Cancel reply