Facebook scraped call, text message data for years from Android phones

bb36e

Sean Gallagher  /  Mar 24, 2018  /  Biz & IT

Facebook scraped call, text message data for years from Android phones [Updated]

Maybe check your data archive to see if Facebook’s algorithms know who you called.

This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.

bb36e

In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social appmeet a marketing person, it's a widely used practice to begin by uploading your phone contactsspitting in their face ."

ben_lubar

@bb36e That would be like saying it's normal for a GMail app to steal your Outlook emails and upload them to Google because the GMail app is also capable of displaying emails.

pie_flavor

@ben_lubar said in Facebook scraped call, text message data for years from Android phones:

@bb36e That would be like saying it's normal for a GMail app to steal your Outlook emails and upload them to Google because the GMail app is also capable of displaying emails.

Even worse - they give no indication of why they retrieved call history; only contacts.

kt_

Hope they sold this data to Cambridge Analytica.

Luhmann

@kt_
And it's why GDPR has got such high fines. It's just waiting which tech giant will stumble first.

anotherusername

I find it somewhat hilarious that this comes as a surprise to anyone.

bb36e

I've been trying to get my friends to move away from facebook messenger to any other app (ok, excluding skype) but the network effect is too strong. it sucks and it's pretty much the only way we communicate with each other and coordinate plans.

Dragnslcr

@bb36e I still just use the web page version. If you set Chrome to request the desktop version, you can still get the regular page for Messenger.

bb36e

@dragnslcr unfortunately the web version is slow and laggy as shit fuck :/

Gurth

@bb36e said in Facebook scraped call, text message data for years from Android phones:

I've been trying to get my friends to move away from facebook messenger to any other app (ok, excluding skype)

Better also exclude Telegram:

Dani Deahl  /  Mar 20, 2018  /  front-page

Russia orders Telegram to hand over users’ encryption keys

It could get blocked if it refuses

bb36e

@gurth fuck! I guess we'll use smoke signals

Gurth

They’re kind of easy to eavesdrop on by anyone within line of sight. May I suggest this instead:

topspin

@gurth said in Facebook scraped call, text message data for years from Android phones:

@bb36e said in Facebook scraped call, text message data for years from Android phones:

I've been trying to get my friends to move away from facebook messenger to any other app (ok, excluding skype)

Better also exclude Telegram:

Dani Deahl  /  Mar 20, 2018  /  front-page

Russia orders Telegram to hand over users’ encryption keys

It could get blocked if it refuses

“The FSB’s argument that encryption keys can’t be considered private information defended by the Constitution is cunning,”

The Russia spin on that is intriguing but irrelevant.
What's far more relevant: why do they have encryption keys? Wasn't the entire point to use end-to-end encryption?!

MrL

@bb36e said in Facebook scraped call, text message data for years from Android phones:

I've been trying to get my friends to move away from facebook messenger to any other app (ok, excluding skype) but the network effect is too strong. it sucks and it's pretty much the only way we communicate with each other and coordinate plans.

You don't break the network effect by kindly talking to people to move. You announce that you are leaving, tell them where you will be from now on, and block communication through old channel.

heterodox

@bb36e I think it was discovered at least two years ago that Facebook Messenger had access to and was actually using this information; that's why I've never used the Facebook Messenger app on my phone. It's only getting more attention now given Cambridge Analytica. Sigh.

bb36e

@mrl good point. Just did this. We'll see how it goes

blek

Seriously though, is there actually a non-cancerous alternative that has both 1) reliable chat, including group chat, and 2) the ability to make private events with polls and discussions in them? I tried to look for something a while back but I couldn't find anything that had both of these things at once. Lesser known social networks mostly seem like shitty Twatter clones.

bb36e

@blek IRC can do this. first, install libshitfuck, irccc, and irrrc: sudo emerge libshitfuck irccc irrrc. then get each of your users to buy a VPS (I use OVH) and set up an IRC bouncer (ZNC is simpler because you only have to configure your HTTP server's routing to work with it). next, download this perl script and

Lorne Kates

Um, yeah. Why is he "shocked"

It's right there. When you visit the play store, it tells you. When you install it, it tells you. You can go to app permissions and it will tell you.

It's still scummy as all shit, but they're at least upfront about it.

blek

@lorne-kates A lot of phones come with the app preinstalled so only the last part applies - and I don't imagine many people go to app permissions, it's not exactly in your face all the time.

Gurth

@topspin said in Facebook scraped call, text message data for years from Android phones:

What's far more relevant: why do they have encryption keys? Wasn't the entire point to use end-to-end encryption?!

I’ve not read much on the subject, but I recall it being mentioned somewhere that this concerned encryption keys that are used when the two end points aren’t using encryption per se. (Don’t ask me how or why, I’ve never seen Telegram, let alone used it.)

Magus

I once considered installing LINE. Then I thought about it for a second: "What's the point? I don't know anyone who uses LINE..."

No one uses any IM app except Facebook anymore. I'd be fine with Skype. I have people who ignore Steam messages and just text me, because iPhone users will, in addition to Facebook, use iMessage. I have Discord, which actually does everything I need. So I can communicate with around 8 people. Woohoo.

dcon

@heterodox I just looked. The only thing my Messenger has access to is Storage. The phone/etc are listed, but not enabled. I hadn't adjusted them before.

dcon

@lorne-kates Yeah. That's what mine looks like too.

aitap

@topspin said in Facebook scraped call, text message data for years from Android phones:

why do they have encryption keys?

You see, allegedly, Telegram doesn't have the keys. (At least when you use the special "secret chat" instead of ordinary "cloud chat". Maybe. I haven't read the description of MTProto in detail.)

It's the point of the law that's backwards: it's illegal in Russia to operate a messenger if you don't have users' encryption keys ready to give them up to the TLA. Except major international messengers don't seem to give a damn (but aren't blocked) and others just don't have enough user base to be of any interest to people who want this particular law to be enforced.

Luhmann

@blek said in Facebook scraped call, text message data for years from Android phones:

A lot of phones come with the app preinstalled so only the last part applies - and I don't imagine many people go to app permissions, it's not exactly in your face all the time.

That is why it is asked at first startup of the app ...

Deadfast

@luhmann said in Facebook scraped call, text message data for years from Android phones:

@blek said in Facebook scraped call, text message data for years from Android phones:

A lot of phones come with the app preinstalled so only the last part applies - and I don't imagine many people go to app permissions, it's not exactly in your face all the time.

That is why it is asked at first startup of the app ...

That did not use to be the case.

julianlam

@luhmann said in Facebook scraped call, text message data for years from Android phones:

@kt_
And it's why GDPR has got such high fines. It's just waiting which tech giant will stumble first.

I'm not looking forward to seeing which small startup they decide to fucking obliterate with a 20 million euro fine because they neglected to put a consent form on registration.

Wait a sec... do they have a reporting portal? Can I report my competition?

... asking for a friend.

---

Edit: Can you tell I'm working on GDPR compliance? Guess what, I got to this topic via the search function, so it works wonderfully as far as I can tell from my sample size of 1. Ha! Checkmate.

e4tmyl33t

@julianlam said in Facebook scraped call, text message data for years from Android phones:

GDPR

Good jorb, guys

Luhmann

@e4tmyl33t
Can't have that image visible without consent...

Luhmann

@julianlam
My understanding is that every member state must provide with a regulatory body to investigate complaints. as a Belgian resident I could complain to the Belgian privacy authority about the non-compliance of a site but I must be impacted, e.g. be a member or something.
but I guess EU courts will have enough work with it as well when lower courts ask for a guidance ruling.

boomzilla

@luhmann said in Facebook scraped call, text message data for years from Android phones:

@e4tmyl33t
Can't have that image visible without consent...

What about the text?

Luhmann

@boomzilla
Obviously exempt since the alt text of the image is a feature to help the impaired
Duh!

boomzilla

@luhmann I just lament that they took color contrast advice from .

Luhmann

@boomzilla
It is the top bureaucratic institute! What did you expect? Sensible and readable stuff?

julianlam

@luhmann said in Facebook scraped call, text message data for years from Android phones:

My understanding is that every member state must provide with a regulatory body to investigate complaints. as a Belgian resident I could complain to the Belgian privacy authority about the non-compliance of a site but I must be impacted, e.g. be a member or something.

One of the requirements is that I have a Data Protection Officer assigned. That's not a problem, it's me, I guess, until someone better comes along.

Another requirement is that I have to have a representative located in the EU so that there is a "local" contact available.

Sounds like a new niche opportunity just opened up for a startup located in the EU...

Anyway, look, in general I'm not against the GDPR. It's a good step towards educating users about how websites use our information, so if all I really have to do is show consent forms and provide a way to extract user info, that's fine by me. So long as the regulations are well thought out and don't put me in between a rock and a hard place in terms of compliance vs providing an actual usable site to my users.

bb36e

@julianlam said in Facebook scraped call, text message data for years from Android phones:

educating users about how websites use our information

I think this should be the main thing people focus on after these sorts of incidents. not 'wow, they collected our data, what a bunch of jerks' but instead 'wow, we need to teach people to be distrustful of everyone'

Lorne Kates

Good news, everybody! The only way to actually opt-out is to pay Facebook!

Arjun Kharpal  /  Apr 6, 2018  /  Technology

Facebook users would have to pay to opt out of their data being used for targeted ads, Sheryl Sandberg says

Facebook users could have to pay to completely opt out of their data being used to target them with advertising, COO Sheryl Sandberg, told NBC News.

Sandberg said that the company has "different forms of opt out" but not one button for everything.

"We don't have an opt-out at the highest level. That would be a paid product," Sandberg told NBC.

"different forms of opt-out", of course, means 500 different toggle switches buried deep in settings that no one has ever been into. And those will get reset. Or ignored. Or new toggles that override those will show up at random.

And as for a "paid product", that translates into

"Hey, assholes. When we're done taking all your data, and selling it like a 10-year-old's ass at a NAMBLA convention where we've spiked the food with viagra-- then and only then will we consider letting you opt out. Because at that point your data is worthless, because everyone has it. Like if we first injected that 10-year-old's ass with Mega AIDS. You can then pay us to 'opt-out' of selling something we can't sell anymore, thus making us even more money off your back."

Polygeekery

@anotherusername said in Facebook scraped call, text message data for years from Android phones:

I find it somewhat hilarious that this comes as a surprise to anyone.

I do also.

Polygeekery

@blek said in Facebook scraped call, text message data for years from Android phones:

@lorne-kates A lot of phones come with the app preinstalled so only the last part applies - and I don't imagine many people go to app permissions, it's not exactly in your face all the time.

This is the part I have issue with. My phone came with it preinstalled. I had to jump through quite a few hoops in order to adequately kill it.

Customers should have the ability to remove any third party apps they do not want without having to go to such lengths. I am fine with them bundling that shit in, it keeps prices down, but I should be able to easily remove it.

Luhmann

@julianlam
Yes. We outsourced that requirement as well.

julianlam

@luhmann got any recommendations?

heterodox

@lorne-kates said in Facebook scraped call, text message data for years from Android phones:

Good news, everybody! The only way to actually opt-out is to pay Facebook!

Privacy is a commodity. This shouldn't shock you. What do you think you're doing when you pay to remove ads from a free game?

Luhmann

@julianlam
We use a local service provider we are already using.

Weng

@magus My circle recently picked up and moved wholesale to Discord. There were initially a few holdouts but eventually they showed up.

The biggest issue is that the Discord notification experience is TERRIBLE on iPhone. That's a extension of iPhone notifications being horrible, of course.

Magus

@weng I don't use mobile much, because their web interface doesn't work at all. I did eventually get a third party app, because they don't support my phone, and its fine. I only use it to read and post, though. Notifications are all awful anyway.

pie_flavor

@magus said in Facebook scraped call, text message data for years from Android phones:

I don't use mobile much, because their web interface doesn't work at all.

Joke's on you, the desktop app is a web interface.

Magus

@pie_flavor I know, but at least all the functions work.

Gąska