TLDR#1: The investigation still didn't reveal exactly how this happened.
TLDR#2: The recommendation to "prevent" these issues on the individuals side is, "Lisa’s medical community has started recommending that patients concerned about privacy not log into Facebook or other social media accounts at medical offices, or even leave their phones in their cars during appointments. "
This is about as practical as recommending people just figure out how to fly and occasionally levitate into the upper atmosphere to go out of the cell tower's range, move a few kilometers west, and then fly back down to earth to scramble all these tracking algorithms.
So basically don't install Facebook or Whatsapp try to use the Facebook website if you can or better yet don't use Facebook at all on your phone if you value your privacy.
It's sad that we are at this stage but it's mostly our fault for being so complacent with companies doing these kinds of things.
If people stopped using their service when they did these kinds of things they would change their behaviour really quickly but most people don't know or care that this is happening.
An individual's data sharing with Facebook is less of the issue, here, though. You personally not using it doesn't prevent you from becoming the common thread that ties others together.
Just because I'm not on Facebook (I'm not), anyone that's allowed Facebook to see their own contacts, in their phone or email, has shown that they are or are not connected to me in some way. Without me actually ever even having an account with Facebook they can correlate this data from users to see who is likely to know one another by a shared connection to me. Just because my particular node on the relationship tree has more blanks than it would if I was a Facebook user does not mean I don't create a node at all.
My guess for this Facebook issue in particular is that the Doc potentially did absolutely nothing herself, but rather all of her patients had mail and phone contact lists that included her and that common thread along with the same geographic area was enough to trigger a recommended match. In other words, this was equally likely to happen even if the doctor never had a Facebook page of her own.
I think we're in for a slow painful transition until people (in aggregate) intuitively "get" exactly how invasive and unfriendly data-correlation can be when you expose yourself -- and your friends -- to when you share seemingly-innocuous facts with our welcomed-digital-overlords.
That doesn't seem to be very important. It's not the doctor who wants privacy.
The people who want privacy allowed Facebook to scrape their contact lists and monitor their locations. They then expected Facebook not to correlate this data with others who contact and visit the same doctor. Why not?
> They then expected Facebook not to correlate this data with others who contact and visit the same doctor. Why not?
Because that would be a dick move.
But clearly that is not enough to dissuade companies from doing this kind of thing, because they have no morals.
And that is the crux of the problem. They don't give a shit what would be considered "reasonable behaviour" for a human being, because they are just giant correlating machines with access to data they shouldn't have been given access to by people who don't know better.
At the end of the day, we are allowed to have reasonable expectations of others, including companies, so I take issue with any implication that they should have known better. We are allowed to have these reasonable expectations. And we will be constantly disappointed. But we should maintain them, I might even say that it is a duty to do so.
Saying "they should have known better" is giving up the fight prematurely. They shouldn't have to know better. They should be able to expect that their privacy (a right) will not be violated.
It is an ideal, not a reality, but it is something to work towards. One step might be to sue the hell out of Facebook for this.
Sherman, set the wayback machine for about 110 years ago...
The people who want meat didn't demand tours of the meatpacking factories. They then expected the meat they bought to not be unsanitary and diseased. Why not?
> So basically don't install Facebook or Whatsapp try to use the Facebook website if you can or better yet don't use Facebook at all on your phone if you value your privacy.
I've been doing this for years now, and you know what? I don't miss it at all. I use the Facebook website from my computer, and that's A-OK.
Neither do I, but as I've described at tedious length here a couple of times recently, I do miss the social life I had a few years back, and which opting not to sign up for Facebook cost me.
It would be really great if the choice not to use Facebook did not often entail serious negative consequences. For one thing, I'd be a lot less annoying on the subject. Unfortunately, that happy state of affairs does not appear to obtain in either case.
> I do miss the social life I had a few years back, and which opting not to sign up for Facebook cost me
You don't know if it was "opting not to use Facebook" that lead to decline in your social life, because you didn't test whether "being on Facebook" would not have lead to decline in your social life.
(I've seen many articles that state exactly the opposite - that people who have less social interactions spent more time on Facebook.)
(Maybe it's necessary to point out that I'm aware of the possibility that all the apologies I ever received on this subject were lies. I'm aware of the possibility that all the apologies I ever received on this subject were lies. Given that no evidence exists to support that conclusion, parsimony would require it be disregarded even were I otherwise inclined to imagine that all my friends actually hated me and didn't want me around, and were willing and able to deceive me by presenting the impression of sincere regret for having forgotten to include me.)
I'm still working on a better metaphor than that of an abusive relationship; while that one speaks strongly to me, my experience suggests it does not do so to others, which renders it useless for my purposes. Any suggestions you might have to offer on a more effective replacement would be welcome.
One metaphor that comes to mind is that of an employer asking for the same data (personal email credentials). I'm sure some people may (to their detriment) comply with such a request while others would not. Some may be so offended that they would quit immediately or start looking for a job elsewhere.
I like that, especially given the perennial habit of some employers to mine Facebook for reasons to mistreat employees, and also to ask for prospective employees' Facebook account credentials. And there seems no reason to expect the same weirdness that comes from likening a web application to an abusive partner.
"I mean, imagine you're interviewing for a job, and the hiring manager asks you for the password to your Facebook or your email. Yeah, maybe you can say 'sorry I don't give that out' and still get the job - but at that point, do you want to? And what the hell is even going on that that's a question you get asked?"
Yeah, I think maybe you've given me my new metaphor. Certainly I look forward to trying it out. Thank you very kindly!
One of the requirements for getting hired by eBay was to disclose my eBay account(s), if any. Ordinarily that would be pretty intrusive, but I decided it was reasonable for them. ;)
So do I, but it seems to weird people out pretty strongly when I use it. That could be to do with me rather than with it, but it's rare in my experience that I'm unable to bring people with me to at least some extent, so I've been going on the surmise that it's more a problem with what I'm saying than with the way in which I say it. I could be wrong about that, though, and how would I really be able to tell?
>So basically don't install Facebook or Whatsapp try to use the Facebook website if you can or better yet don't use Facebook at all on your phone if you value your privacy.
It's sad that we are at this stage but it's mostly our fault for being so complacent with companies doing these kinds of things.
Exactly: it's our fault. None of this privacy-invading stuff is secret, it's all over the news. At this point, if you get burned by Facebook, it's your own fault for using it.
You're being overly complacent. Facebook might find it harder to track people who don't sign up to it, but they still have shadow profiles for tracking non-users. You get tracked by what your friends and contacts share about you as well as what you choose to share. If anyone who put you in their mobile contacts let Facebook's app loose on their phone, then smile, you're already on Facebook.
Privacy is an environmental issue, not a transactional one. With the current system, there's really no opt-out short of opting out of social life altogether.
Only if "our" is taken to include "most people". If we, the people who are aware of the situation, were less complacent, we would inform more of the general population (who don't read HN) and potentially convince others they should care too.
Especially since odds are the data being correlated comes from the contact lists in her patients' phones. Even successfully confounding geolocation won't solve that.
The other tricky thing is, even a single lapse in forgetting to turn the phone off, or bringing it with you is enough to undo all vigilance ever. I don't see it as feasibly, especially for people that are anxious or distracted by something more important on their mind.
You know, it really says something about our industry that our preeminent modern accomplishment requires everyone to choose, blindly and unaware, among effective social nonexistence, espionage-grade opsec, or the kind of radical transparency that no one but maybe a performance artist would even have contemplated just a few years ago.
Yeah, I know this can get brought out a lot in these circumstances, but remember how everyone thought Richard Stallman / rms was crazy for being so disconnected from the Internet? Somehow that doesn't seem the case anymore.
Keep in mind, when you consider that, that Stallman is also almost entirely disconnected from the world, as well. Granted, that's by choice, and it seems to suit him. But it casts a great deal of doubt on the value of his perspective, especially his perspective on those people who choose otherwise.
It's sort of infuriating, if I'm honest. He has a lot of insight with regard to, for example, the extent to which Facebook abuses people who use it. But the best he can muster by way of response is "Well, don't do that, then, and if you do, then to hell with you." Which is, to say the least, not helpful.
Edit: And on further reflection, the insight he does have is hardly unique. The more I consider what I've heard and read him to say, the less I find myself able to see what he actually has to add to the kind of nuanced conversation which needs to take place on this subject.
Further edit: So your response, while of value, kind of misses the point I set out to make, in that Stallman's situation falls neatly into the "effective social nonexistence" category. The question I'm asking is larger, and more along the lines of: How the hell did we let our industry become something of which Facebook is the exemplar, and is this really something with which we're okay?
Eh. He and you have different lifestyles. I also can't fathom there lifestyles of the shepherds back home that go without human contact for months at a time, but they have a lifestyle.
Just because you don't want to switch your lifestyle, or we trade convenience for exposure, doesn't mean that stalman's lifestyle is wrong.
It's just different choice, and we are comparing apples to oranges here.
He satisfies himself with contempt for those who find it not so easy as he has to choose the life he's chosen. I won't be satisfied until we have a world which makes no such choice necessary. Hardly apples to oranges; more apples to orchards.
As it happens, I recently attempted to open a conversation on this subject with the man himself, in a public forum. I was polite, if uncompromising. He was profane, and preferred to have a minion disconnect my microphone rather than address the point I raised. Many people in the hours that followed found it worth their while to seek me out and thank me for making the attempt. Perhaps more thanked him for his response. I hope I may be forgiven for finding that improbable. In any case, he found no reason not to sign my Emacs manual when I approached him not long afterward, so I can at least hope that, however fundamental the differences in our positions on this matter and however unlikely the prospect of fruitful debate, there may remain at least some modicum of mutual respect.
Effective social nonexistence? Come on. As someone who does not use Facebook and Twitter, yet miraculously has an active social life, I find your dichotomy to be false.
That's great. As someone who also does not use Facebook and Twitter, and saw the result this had on the social life he'd enjoyed before they rose to such preeminence in the field of mediating human social interaction, I find your experience to be lacking in universal applicability.
Just so I understand: You're saying you used to have a robust social life, but now somewhat less so, because the people you used to interact with will no longer do so outside of Facebook and Twitter? I don't want to sound harsh, and maybe I'm just too old, but it seems kind of incredible to me. You can't just call them up or E-mail them?
I don't know what you mean by 'robust'. What I'm saying is that I used to have a satisfactory social life - on the order of parties or other similar events call it once a month more or less and "let's get together for beers" or similar on a reasonably regular basis besides - which in essence no longer exists.
I can certainly understand that it seems kind of incredible to you. It seems extremely incredible to me! I still haven't quite got wholly around it. And, yes, I can "just" call people up, or text or email them, and sometimes even get a response. I still occasionally do so, and still occasionally get together with one or two people at a time for a few drinks and to catch up. The problem comes in where you try to organize something on a larger scale, or where someone else does so. It would be technically inaccurate to say that to do so is impossible without using Facebook. But I've certainly found it ineffective to try to set things up via email, which was not the case a couple of years ago.
I would not be surprised to learn that I'm as old as, or older than, you are. Most of the people in my former social circle are somewhat older than I am. I'm pretty sure this isn't just a "people in their twenties" thing.
(Edited to add that I don't understand why you're getting downvoted, and I wish people wouldn't without explaining why they're doing so. Certainly, if it's out of some misguided assumption that I've chosen to put myself and my experience out there without being prepared to address people who express entirely reasonable incredulity and doubt about my veracity, let me take a moment to note that such action on my behalf, while certainly appreciated, is entirely unnecessary.)
Hmm, interesting. Thanks for your perspective. All I can offer is that I've not seen this phenomenon in my own social circle (age:40). I have always considered "You can't have a social life without Facebook" to be pure hyperbole from people who never knew a world without FB.
I suppose we can agree that "it depends" on who your friends are. Oh, and I don't sweat downvotes on HN--any quick way to bury unpopular opinions can be hard to resist for some people.
> I have always considered "You can't have a social life without Facebook" to be pure hyperbole from people who never knew a world without FB.
Oh, don't get me wrong! I don't believe it impossible to have a social life without Facebook, and I hope I don't come across otherwise. But I have found it a great deal harder than seems at all reasonable, quite aside from the fact that it's absurd in the first place to have to develop a new social circle because opting out of Facebook sufficed to estrange me from my old one.
Or have the office assistant provide a metal tin container to use as a Faraday shield. "Put your phone in the box to prevent it reporting that you're here today."
That would create very conspicuous network exit/entry points at the office. According to Zoz's DEFCON 22 talk[1] about modern OPSEC, these are specifically targeted by various agencies, so I'm sure Facebook finds entry/exit data points just as interesting.
Which works fine for iPhone owners, and on the 15% of Android devices running Marshmallow, in the relatively rare case where someone knows this can be done and acts upon that knowledge. Everybody else is hosed.
You can disable the location access entirely on Android, and enable temporarily only for the short moments when you really need it.
Most Androids have a slide-from-top quick menu when you can toggle it with one click. Honestly, Google Maps is the only app on my phone that really needs location access.
Just because you turn it off doesnt mean it's not tracking you. Have a look at google location history, it doesn't use GPS but it can still pinpoint you very closely using cell tower triangulation. Stallman was right, we carry the worlds most advanced tracking device in our pockets.
TLDR#2: The recommendation to "prevent" these issues on the individuals side is, "Lisa’s medical community has started recommending that patients concerned about privacy not log into Facebook or other social media accounts at medical offices, or even leave their phones in their cars during appointments. "
This is about as practical as recommending people just figure out how to fly and occasionally levitate into the upper atmosphere to go out of the cell tower's range, move a few kilometers west, and then fly back down to earth to scramble all these tracking algorithms.