Facebook's Data Policies In Plain English

Seen something interesting in the news or on the intertubes? Discuss it here.

Moderators: Zamfir, Hawknc, Moderators General, Prelates

User avatar
sardia
Posts: 6800
Joined: Sat Apr 03, 2010 3:39 am UTC

Facebook's Data Policies In Plain English

Postby sardia » Tue Jun 30, 2015 5:26 am UTC

http://www.nytimes.com/interactive/2015 ... technology
Spoiler:
Facebook

What the social network may collect:

Name
Email address
Birth date
Details on the updates, messages and photos you post
The types of content you view, how often and for how long
The messages and photos other people share about you
People’s networks, connections, and how they interact with them
Payment information
Mobile phone number
IP address
Information on the devices you use to access the service and their location data
Details about third-party sites and apps you use with the service.

From the policy:

Sharing within Facebook companies.
We share information we have about you within the family of companies that are part of Facebook.

New Owner.
If the ownership or control of all or part of our services or their assets changes, we may transfer your information to the new owner.

Plain English:

Facebook is up front about the fact that your data could end up somewhere else.
Groupon

What the deals service may collect:

Name
Postal address
Email address
Birth date
Age
Gender
Telephone number
Information that enables the company “to determine lifestyle, interests, and activities, including location information”
“The types of deals that interest you”
“Information collected through your interactions with social networks”
Information about people for whom users have purchased Groupon vouchers as gifts or who have bought Groupon vouchers as gifts for users
Information about friends who refer users or whom users have referred.

From the policy:

We (or our vendors on our behalf) may share your personal information as required or permitted by law:

with any Groupon affiliate who may only use the personal information for the purposes described in this privacy statement;
with our vendors to provide services for us and who are required to protect the personal information;
to report or collect on debts owed to us or our business partners;
with relevant buiness partners:
with whom we jointly offer products and services;
to facilitate a direct relationship with you, including in connection with any program we administer on behalf of the business partner;
to enable electronic communications with you as part of purchase, a sponsored reward, offer, contest, program, or other activity in which you have elected to participate;
to the extent you have purchased or redeemed a Groupon voucher, goods or services offered by a business partner or participated in an offer, rewards, contest or other activity or other programs sponsored or offered through Groupon on behalf of that business partner;
with a purchaser of Groupon or any of the Groupon affiliates (or their assets);
to comply with legal orders and government requests, or as needed to support auditing, compliance, and corporate governance functions;
to combat fraud or criminal activity, and to protect our rights or those of our affiliates, users, and business partners, or as part of legal proceedings affecting Groupon;
in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate; or
with your consent.

Plain English:

If Groupon were ever to be acquired or sell off assets, it may share your personal information with buyers. The clause is positioned amid a long list of the company's data-sharing practices.

Comment from Groupon:

"It's clearly bulleted in the section that describes when and why we disclose information, which is the most obvious place to put it," said Bill Roberts, a spokesman for Groupon. "We think this is the most transparent and simplest way to communicate the information to consumers."


WhatsApp

What the messaging service may collect:

Mobile phone number
Billing information
Mobile phone numbers of other people who use WhatsApp that are in your contacts
Device information such as IP address and browser language

From the policy:

In the event that WhatsApp is acquired by or merged with a third party entity, we reserve the right to transfer or assign the information we have collected from our users as part of such merger, acquisition, sale, or other change of control. In the (hopefully) unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors' rights generally, we may not be able to control how your personal information is treated, transferred, or used.

Plain English:

Anything may happen to your data.
Etsy

What the e-commerce site may collect:

Email address
Username
Billing or payment information
Phone number
Physical address
Gender
Location
Reviews
Ratings
Profile information
IP address
Geo-location data from other apps
For users who log-in through other services, information from that other service
For store owners, social security number, tax ID, birth date, bank account number, credit card information and proof of identity.

From the policy:

In some cases, Etsy may choose to buy or sell assets. In these types of transactions (such as a sale, merger, liquidation, receivership or transfer of all or substantially all of Etsy’s assets), member information is typically one of the business assets that is transferred. In the event that Etsy transfers information about you, Etsy will notify you by email or by putting a prominent notice on the Site and the App, and you will be afforded an opportunity to opt-out before information about you becomes subject to a different privacy policy.

Plain English

It's rare for a popular site to promise to notify its users and give them a chance to opt out of having their information change hands. Etsy is among the few in offering this choice.

Comment from Etsy:

“People are willing to share their personal information with us because they trust the company,” said Jordan Breslow, Etsy's general counsel. In the event that Etsy were ever acquired by another company, he said, Etsy users “should have the option to say, ‘you are not the people I made that agreement with about my data, so I am opting out.’ ”

TaskRabbit

What the task marketplace may collect:

Name
Address
Phone number
Email address
IP address
Financial information
any personally identifying details sent in emails or inquiries to the company
For employees of TaskRabbit: job title and other job information, location, compensation information, identification number, employment history, and a copy of employment agreements.

From the policy:

We will not transfer to a non-agent third party any personal information that is sensitive in nature, such as information specifying your medical or health condition, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership without your prior affirmative consent.

Finally, TaskRabbit reserves the right to transfer, sell and/or distribute all information collected through the service to an affiliate, subsidiary, or third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of our business, assets or stock. We will use our best efforts to ensure that the new entity follows this privacy policy with respect to your personal Information, as and to the extent required by applicable law.

Plain English:

TaskRabbit won't share your most personal details with unaffiliated companies -- except if the company decides to sell or share your data as part of merger, sale or other business transaction.

Comment from TaskRabbit:

"TaskRabbit does not affirmatively collect data about a user’s health or religious practices, etc," said Jamie Viggiano, a TaskRabbit spokeswoman. "The language in our privacy policy is standard and merely makes clear that we won’t transfer any of that data either. This is just belt and suspenders to make clear that such information is neither collected nor shared.

"To clarify, we do not currently share any personal information with any non-agent third party. The second sentence is a standard clause in any company’s privacy policy and is specifically only referring to a change of control event (like a merger, acquisition, etc.). In the event that TaskRabbit is purchased by another entity, all of TaskRabbit’s user information will be transferred with the platform. Such section is explicitly limited to such a change of ownership and is not contemplating any other transfers to any third parties."

Clauses in privacy policies that enable online services to transfer or sell personal data about consumers as part of a merger, bankruptcy or other transaction are becoming common practice, an examination by The New York Times of the top 100 websites in the United States has found. The prevalence of these data-transfer clauses illustrates how little control people typically have over the dissemination of information about them. Details from privacy policies of five companies offer a sampling of the information that may be collected and how companies may handle the data in the event of a sale or bankruptcy. -- Natasha Singer

Think you know how well (or poorly) your data is kept? Think again, all the sweet promises of never selling your data goes away when said company is sold. Facebook is the most obvious collector of our data, but others stand out. For one thing, Etsy is one of the rare few who offer an opt out in case they ever go bankrupt, and sell off your data.

cphite
Posts: 1362
Joined: Wed Mar 30, 2011 5:27 pm UTC

Re: Facebook's Data Policies In Plain English

Postby cphite » Wed Jul 01, 2015 2:07 pm UTC

sardia wrote:Think you know how well (or poorly) your data is kept? Think again, all the sweet promises of never selling your data goes away when said company is sold. Facebook is the most obvious collector of our data, but others stand out. For one thing, Etsy is one of the rare few who offer an opt out in case they ever go bankrupt, and sell off your data.


It all comes down to this: Whenever you put anything on social media, you should assume that it will be accessible at some point, by people you don't want having it.

So use that assumption to moderate what you put online. If you're going to use online payment, and are worried about it being stolen, use an account that you only use for online payments. If you don't want your mobile number out there, don't put it out there. Don't want Facebook knowing your email address, use an alternate email account that you've setup specifically for Facebook. If you don't want embarrassing photos out there, don't put them out there. If you don't want Facebook tracking your activity on other websites, log out of Facebook when you use other websites, or use a different browser. There are ways to hide your IP if you're bothered by them having that.

Tyndmyr
Posts: 11443
Joined: Wed Jul 25, 2012 8:38 pm UTC

Re: Facebook's Data Policies In Plain English

Postby Tyndmyr » Wed Jul 01, 2015 2:42 pm UTC

Or simply flood the system. Make alternate sites, use names with collisions with others, toss fake data in sign up forms, whatever.

Using fake names is a great way to tell who is selling your data, by the way. Just use different ones for the different signups.

User avatar
Paul in Saudi
Posts: 262
Joined: Fri Sep 07, 2012 12:52 pm UTC
Location: Dammam, Saudi Arabia

Re: Facebook's Data Policies In Plain English

Postby Paul in Saudi » Wed Jul 01, 2015 3:13 pm UTC

There is a kid out there someplace posting trash on the internet. In 40 years he will be President. In sixty years scholars will be writing serious retrospectives of his life. History will record each and every time he expressed an interest in Asian cheerleaders. Wonderful.

User avatar
sardia
Posts: 6800
Joined: Sat Apr 03, 2010 3:39 am UTC

Re: Facebook's Data Policies In Plain English

Postby sardia » Sat Jul 04, 2015 5:03 pm UTC

Tyndmyr wrote:Or simply flood the system. Make alternate sites, use names with collisions with others, toss fake data in sign up forms, whatever.

Using fake names is a great way to tell who is selling your data, by the way. Just use different ones for the different signups.

Have you actually done this? Like for facebook, notify all your friends that john smith is actually you? And then do it again for say linkedin or tumbler etc etc. I know for one time use accounts, it's no big deal to have a falsified account, but I can see roadblocks where you have to buy something, or use it repeatedly.
Basic example would be amazon. They have my creditcard, so no matter what I put, they would know my name and address. Maybe you could create a new account every time your credit card expired or something, but that's a big hassle to the relative gain (less coherent data to amazon).

Do you spoof your IP address so google can't track you as efficiently or encrypt your email? There's a lot of steps that you can take to avoid being tracked, but I think China provides a good example of what happens. All the tech super savvy people can and do evade the surveillance, but the vast majority just accept it as the cost of doing business. Oh, and then the tech savvy people get caught anyway, cuz they slip up once.

Mutex
Posts: 1472
Joined: Wed Jan 09, 2008 10:32 pm UTC

Re: Facebook's Data Policies In Plain English

Postby Mutex » Sun Jul 05, 2015 2:24 pm UTC

sardia wrote:
Tyndmyr wrote:Or simply flood the system. Make alternate sites, use names with collisions with others, toss fake data in sign up forms, whatever.

Using fake names is a great way to tell who is selling your data, by the way. Just use different ones for the different signups.


Have you actually done this? Like for facebook, notify all your friends that john smith is actually you? And then do it again for say linkedin or tumbler etc etc.


I have plenty of people on my FB list who use fake names. It doesn't work for sites you have to pay for stuff though, no.

User avatar
ucim
Posts: 6859
Joined: Fri Sep 28, 2012 3:23 pm UTC
Location: The One True Thread

Re: Facebook's Data Policies In Plain English

Postby ucim » Sun Jul 05, 2015 2:29 pm UTC

Mutex wrote:I have plenty of people on my FB list who use fake names.
Doubt it helps much, since FB knows their social network.

Jose
Order of the Sillies, Honoris Causam - bestowed by charlie_grumbles on NP 859 * OTTscar winner: Wordsmith - bestowed by yappobiscuts and the OTT on NP 1832 * Ecclesiastical Calendar of the Order of the Holy Contradiction * Heartfelt thanks from addams and from me - you really made a difference.

Mutex
Posts: 1472
Joined: Wed Jan 09, 2008 10:32 pm UTC

Re: Facebook's Data Policies In Plain English

Postby Mutex » Sun Jul 05, 2015 2:34 pm UTC

ucim wrote:
Mutex wrote:I have plenty of people on my FB list who use fake names.
Doubt it helps much, since FB knows their social network.

Jose


I think the point is to make anyone looking up information on you difficult if all they have is your name. Such as employers, who won't really know who your friends are (unless you add work colleagues to FB of course).

User avatar
sardia
Posts: 6800
Joined: Sat Apr 03, 2010 3:39 am UTC

Re: Facebook's Data Policies In Plain English

Postby sardia » Sun Jul 05, 2015 4:54 pm UTC

Mutex wrote:
ucim wrote:
Mutex wrote:I have plenty of people on my FB list who use fake names.
Doubt it helps much, since FB knows their social network.

Jose


I think the point is to make anyone looking up information on you difficult if all they have is your name. Such as employers, who won't really know who your friends are (unless you add work colleagues to FB of course).

There's multiple levels of privacy here, and we shouldn't confuse them. Stopping our snoopy friends/coworkers from spying on our "public" data is one thing. It's relatively easy to stop. What's much harder is the metadata and "private" data we enter that the corporation and government has access to. You're boss will never know you visited the black flag with sex toys shop 4 times last week. Amazon and the government does.

cphite
Posts: 1362
Joined: Wed Mar 30, 2011 5:27 pm UTC

Re: Facebook's Data Policies In Plain English

Postby cphite » Mon Jul 06, 2015 6:00 pm UTC

sardia wrote:
Mutex wrote:
ucim wrote:
Mutex wrote:I have plenty of people on my FB list who use fake names.
Doubt it helps much, since FB knows their social network.

Jose


I think the point is to make anyone looking up information on you difficult if all they have is your name. Such as employers, who won't really know who your friends are (unless you add work colleagues to FB of course).


There's multiple levels of privacy here, and we shouldn't confuse them. Stopping our snoopy friends/coworkers from spying on our "public" data is one thing. It's relatively easy to stop.


And again, to reiterate, the vast majority of this information is only out there if you put it out there. If you don't want your phone number on Facebook, don't put it on Facebook. Don't post embarrassing pictures of yourself. Don't give out information about that you'd be embarrassed by.

What's much harder is the metadata and "private" data we enter that the corporation and government has access to. You're boss will never know you visited the black flag with sex toys shop 4 times last week. Amazon and the government does.


But even that is optional, to an extent. Amazon doesn't need to know who you really are. If you use a prepaid card, or a gift card, for example, you can create your Amazon account under any name that you like. And as for the delivery; well, get a PO box.

As for the government... if you're really worried about them knowing, learn to use Tor and login from public Wifi.

User avatar
Dauric
Posts: 3989
Joined: Wed Aug 05, 2009 6:58 pm UTC
Location: In midair, traversing laterally over a container of sharks. No water, just sharks, with lasers.

Re: Facebook's Data Policies In Plain English

Postby Dauric » Mon Jul 06, 2015 6:58 pm UTC

The problem isn't single entry data. The problem is indexed data aggregation.

If account number 1234 is looking at buying parts for a '68 Mustang, and account 5678 is looking for paint colors that were used on the '68 Mustang, while user "Anon90" is posting questions about the '68 Mustang in a car restoration forum, and they all have delivery zip codes and/or IP addresses that put them in close proximity, it becomes increasingly likely that all three accounts belong to the same person and that person is restoring a 1968 Mustang.

The above is of course deeply oversimplified and in itself inadequate to get any kind of statistical confidence, but computers are great for indexing staggering amounts of data to put together pictures of an individual even if they think they're hiding behind multiple accounts.
We're in the traffic-chopper over the XKCD boards where there's been a thread-derailment. A Liquified Godwin spill has evacuated threads in a fourty-post radius of the accident, Lolcats and TVTropes have broken free of their containers. It is believed that the Point has perished.

Tyndmyr
Posts: 11443
Joined: Wed Jul 25, 2012 8:38 pm UTC

Re: Facebook's Data Policies In Plain English

Postby Tyndmyr » Mon Jul 06, 2015 7:52 pm UTC

sardia wrote:
Tyndmyr wrote:Or simply flood the system. Make alternate sites, use names with collisions with others, toss fake data in sign up forms, whatever.

Using fake names is a great way to tell who is selling your data, by the way. Just use different ones for the different signups.

Have you actually done this? Like for facebook, notify all your friends that john smith is actually you? And then do it again for say linkedin or tumbler etc etc. I know for one time use accounts, it's no big deal to have a falsified account, but I can see roadblocks where you have to buy something, or use it repeatedly.
Basic example would be amazon. They have my creditcard, so no matter what I put, they would know my name and address. Maybe you could create a new account every time your credit card expired or something, but that's a big hassle to the relative gain (less coherent data to amazon).

Do you spoof your IP address so google can't track you as efficiently or encrypt your email? There's a lot of steps that you can take to avoid being tracked, but I think China provides a good example of what happens. All the tech super savvy people can and do evade the surveillance, but the vast majority just accept it as the cost of doing business. Oh, and then the tech savvy people get caught anyway, cuz they slip up once.


I have a fake facebook account together with a real one. I have dummy email addresses. My *real* linkedin account is basically a ghost account severely lacking in real data, because I don't actually use it. I don't use tumbler at all. I have three different google accounts. This was less of an intentional thing, and more a side effect of using different email addresses for different purposes back before G+ existed.

Sure, stuff I order from get a real CC number and a real shipping address. Otherwise, what's the point, yknow? It isn't anything like complete privacy, just knowledge that, left uncurated, information decays. My address from eight years ago is not my address today. The number of debit card or credit card numbers I've had is actually pretty large. I mean, you're gonna rotate whenever a card is compromised or you replace a card for other reasons(lost, for instance, because you have to treat that as compromised), so the number of numbers used should normally be larger than the number of accounts opened.

There are different kinds of privacy and different levels of effort. Generally, I'm not going to bother to spoof IPs, for instance, because it usually isn't worthwhile.

sardia wrote:There's multiple levels of privacy here, and we shouldn't confuse them. Stopping our snoopy friends/coworkers from spying on our "public" data is one thing. It's relatively easy to stop. What's much harder is the metadata and "private" data we enter that the corporation and government has access to. You're boss will never know you visited the black flag with sex toys shop 4 times last week. Amazon and the government does.


This is important to keep in mind. What are you keeping private, and from who? Does amazon have my purchase history from amazon? Of course. Does my CC company know I shop there? Obviously.

I would presume that sex toy shops or other embarassing places would have a lot more business in cash. Or, if someone cared a great deal, disposable credit cards, as those are a thing.

Dauric wrote:The problem isn't single entry data. The problem is indexed data aggregation.

If account number 1234 is looking at buying parts for a '68 Mustang, and account 5678 is looking for paint colors that were used on the '68 Mustang, while user "Anon90" is posting questions about the '68 Mustang in a car restoration forum, and they all have delivery zip codes and/or IP addresses that put them in close proximity, it becomes increasingly likely that all three accounts belong to the same person and that person is restoring a 1968 Mustang.

The above is of course deeply oversimplified and in itself inadequate to get any kind of statistical confidence, but computers are great for indexing staggering amounts of data to put together pictures of an individual even if they think they're hiding behind multiple accounts.


This gets less accurate if more and more people start anonymizing. Or at least, it gets much, much harder to do, especially in heavily populated areas, unless you are doing something truly unique indeed....in which case, it'll probably be hard to built a pattern to identify what, exactly, you are doing on an automated basis without actually building AI. My habit of buying head and shoulders shampoo is likely so common as to be almost worthless as an identifier or anything else, but it's deeply unlikely that anyone can build a coherent pattern out of my more experimental purchases, because generally I'm screwing with crap that doesn't actually exist in any commercial form, and I'm purchasing stuff for unusual properties. As a few years old example, I was screwing around with aersolizing paint thinners in a vaccum chamber to automatically shine up the usual layered texture you find on 3d printed objects. This wasn't *entirely* unique to me, but good luck getting to that conclusion based on me buying a can of paint thinner at home depot, and some other random crap online.

User avatar
ucim
Posts: 6859
Joined: Fri Sep 28, 2012 3:23 pm UTC
Location: The One True Thread

Re: Facebook's Data Policies In Plain English

Postby ucim » Tue Jul 07, 2015 6:43 am UTC

cphite wrote:And again, to reiterate, the vast majority of this information is only out there if you put it out there. If you don't want your phone number on Facebook, don't put it on Facebook. Don't post embarrassing pictures of yourself.
And again, that used to be true, but is becoming much less true now. All your friends are posting about you, uploading pictures that have you in them, and have given away their address books with you in them. (Ok, maybe not all of them, but probably lots of them). Facebook (and its ilk) doesn't need you to tell them what kind of person you are - everyone around you is already doing that for you.

Jose
Order of the Sillies, Honoris Causam - bestowed by charlie_grumbles on NP 859 * OTTscar winner: Wordsmith - bestowed by yappobiscuts and the OTT on NP 1832 * Ecclesiastical Calendar of the Order of the Holy Contradiction * Heartfelt thanks from addams and from me - you really made a difference.


Return to “News & Articles”

Who is online

Users browsing this forum: Majestic-12 [Bot] and 14 guests