Facebook Tool for Non-accountholders to Remove Data

Hmmmmm… Decisions,decisions…

1 Like

Yeah… trust us…
We didn’t lie in the past… :angel:
We didn’t manipulate people in the past… :angel:
We can’t program computers to make you believe anything… :angel:
We don’t try to get more and more data about everybody to profile them… :angel:
Don’t worry, give us the data you don’t want us to keep :japanese_ogre:
That way we can protect you… from us… :clown_face: :earth_americas:

Trusting Satan’s promise of heaven :man_facepalming:
Nope.

3 Likes

Its a bit of a double-edged sword, isn’t it?

2 Likes

There’s different levels of liability. If your data is leaked because someone else gave them your information and you didn’t look for it and didn’t ask for it to be removed that’s a different burden than if you asked them to remove the information correlated to you and the database of uncorrelated information leaks, which is also different than if the database of what they claimed to be uncorrelated information leaks and it turns out is actually correlated.

It’s all degrees of risk/responsibility on their part. They likely created this tool as part of complying with some mandate/requirement but don’t advertise it because each use increases their risk exposure.

I’d rather give them the number/email that the people I know use Facebook have for me with the burden on Facebook to only store that information uncorrelated and under increased risk of financial penalty if they don’t than the complete lack of financial penalty if their normal user database is breached and that information on me is contained within.

I think considering the financial burden on the company is an important part of the calculus.

1 Like

I think another concern is if they don’t have the information already (although let’s face it, that likelihood is miniscule) and I enter it into that tool, I am then freely giving it to them without knowing what all they’re going to do with it.

1 Like

I’d counter that with they tell you what they’re going to do with it. Sure you don’t know that they’re going to do what they say but you don’t know that about anyone so if not knowing if someone will do what they say is enough reason not to do something I have no idea how you could interact with anyone ever…

Also, there are consequences if they are caught lying and using the information in a different way.

Now whether the trust is eroded enough and the consequences not severe enough is up to each person to make a determination at the time of the interaction, but that is true of every interaction you have with anyone not limited to Facebook…

But no one else is in the scope of this concern, only Facebook, an entity known to store personal data and then sell it. I’m confident they’ll do as they say, but as stated previously, I don’t know what all they’re going to do with it, like associate it with the demographic of the area my computer’s IP address places me in.

Yes. Even if you trust Facebook 100% to carry out this request and to do so without unpleasant side-effect, by putting yourself on the “blocklist”, you are just moving yourself from one list to another list. Either way, if the data held within Facebook is misused (by Facebook or by a rogue insider or by a hacker or by a government …), your email address and/or phone number and/or … are part of that.

I think a better approach is …

Users from the European Union and some other regions may request the removal of personal data from Meta instead under the GDPR.

except that it should be automatic. If you did not provide active informed consent to Facebook to collect your data then Facebook (and every similar data hoover) should be legally obliged to delete everything on you that they currently have, without the need for you to request it, and they should be permanently injuncted from collecting any further data in the future.

The age of consent should be 16. That basically bans younger children from social media which, I concede, would be quite a controversial proposal, for a number of reasons. :wink:

1 Like

You are mostly correct that every interaction has the potential for abuse. The vast majority of those interactions are fine, but the difference here is history.

People and businesses that cross me wind up on my (ahem) list. In addition, I am one of the few that read T’s & C’s and privacy policies. (I have found some companies violate their posted privacy policies with no consequences.) As a result, I do not use Meta/Facebook, Google, etc., and I do my best to block them from acquiring my information.

Facebook has a long history of soaking up individuals’ data even when they do not sell their souls to it. Just for a couple of examples, search for Cambridge Analytica, or, more recently, the suits resulting from its circumvention of Apple’s privacy policy for iOS. In the CA case, even Facebook engineers admit it has no idea what data is collected or where it goes.

And, the supposed “guardians” would? In my view the FTC is toothless, in spite of the occasional headline of fines in the millions. Yawn. US Congressional hearings are publicity stunts. How many times will it call Zuckerberg et al and do little to nothing?

I am completely sympathetic with those here who are suspicious. I keep hoping in vain that more will catch on.

Part of me wants billions and billions of people to flood Meta with multiple removal notices that will have to be complied with immediately and always, under penalty of heavy government fines in the case of slip-ups.

But that’s just me.

On the technical aspect, you can block a data without keeping that data (with something called Data anonymization)
for example : if you want to block the email ‘support@puri.sm’
you transform it with a hash algorithm like sha256 :
echo "support@puri.sm" | sha256sum c031ed07e2022da1c9a3c85cc83a3b1ea5bd21954614b20fff937c9ec10dc5e2
Then you store this hash, and use it for comparison every time a new email is added

Now you can choose to blindly trust facebook and think they are only going to do something like that
Or you can choose the wise thing :face_with_monocle:

1 Like

Good point. (My mail server does that for white listing.)

Technically, we don’t know whether that is what Facebook actually does and we don’t have any way of verifying what Facebook claims it does if Facebook were to make any public claims - a point which you yourself go on to make.

Minor nitpick: If you are going to do this, I recommend using echo -n

It was just a basic example for everyone to understand :wink:
If I had to develop something like that, I would:

  • do it in C
  • use some salt
  • store a smaller hash in the binary format instead of the hexadecimal format
  • use only the user part of the email in the hash, and multiple hash tables for big providers like gmail
  • And probably other good ideas to make the process faster and thiner

Well yeah but just in case someone else lifts the shell command above for their own use.

1 Like