Fleeing Facebook app users realise what they agreed to in apps years ago – total slurpage

Zuck takes out full-page ads to apologise as Tim Cook calls for 'well-crafted' privacy laws


It was the weekend that had it all: promiscuous permissions dragged Google into the Facebook privacy row, Facebook apologised again while at the same time denying anything's wrong with its Android apps, and Tim Cook was totally not smug when he chimed into the privacy debate.

It's long been understood by people in tech (less so, El Reg suspects, in the broader public) that Facebook analysed users' interactions in its Social Graph. Doing so is the core of the company's advertising strategy and the purpose of the algorithms that choose what's at the top of users' feeds.

However, when people started deleting their accounts on the weekend, the more sharp-eyed realised Facebook was slurping more than they expected.

New Zealand LLVM developer Dylan McKay got the ball rolling with the following Tweet:

What McKay and others realised to their horror was that Facebook Messenger on Android uploaded far more than expected. Specifically: metadata for phone calls and text messages, even though they were sent with Android's default phone and SMS apps, not Facebook's Messenger apps.

The same kinds of everything-including-the-kitchen-sink permissions apply to the Facebook and Instagram apps.

Android permissions - Facebook, Instagram

You were warned: Facebook and Instagram Android app permissions

As Johns Hopkins University cryptographer Matthew Green put it:

Facebook Wow Sad Angry

Facebook's inflection point: Now everyone knows this greedy mass surveillance operation for what it is

READ MORE

The data slurp included Facebook app users' interactions with others who are not on Facebook – meaning people who never gave the Social Network™ permission for anything are probably profiled in its data troves anyway.

This was already an issue for Web users, with the infamous Facebook cookie the subject of lawsuits in Belgium (Facebook won) and France (Facebook lost).

In January, long-time Facebook antagonist Max Schrems was told he couldn't run a privacy class action in Austria, but individuals could sue in that country. Schrems is conducting a separate and very costly legal battle with Facebook in Ireland.

However, few if any users realised message metadata they believed were private were being uploaded.

As futurist and El Reg columnist Mark Pesce put it:

Pesce also mused on the ethical considerations that accompanied the development of a capability that results in such an extensive data-slurp:

Facebook has responded with a statement saying “uploading call and text history” was always opt-in (unless, of course, you're not a Facebook user, in which case you had no say in the matter).

The post says the data was never offered for sale, and also draws on the “metadata is not data” defence: “When this feature is enabled, uploading your contacts also allows us to use information like when a call or text was made or received. This feature does not collect the content of your calls or text messages. Your information is securely stored and we do not sell this information to third parties. You are always in control of the information you share with Facebook” (emphasis added).

Facebook's other response to the escalating scandal was to take out full-page mea-culpa newspaper advertisements in the UK and USA.

Over Mark Zuckerberg's signature, the ad apologised for the 2014 quiz app at the bottom of the scandal, saying “we're now taking steps to make sure this doesn't happen again”. The rest of the ad text is at follows:

We've already stopped apps like this from getting so much information. Now we're limiting the data apps get when you sign in using Facebook.

We're also investigating every single app that had access to large amounts of data before we fixed this. We expect there are others. And when we find them, we will ban them and tell everyone affected.

Finally, we'll remind you which apps you've given access to your information – so you can shut off the ones you don't want anymore.

Thank you for believing in this community. I promise to do better for you.

Given that Apple has a far less permissive attitude to user privacy, Tim Cook was commendably not-smug when he chimed into the debate.

Speaking at the annual Chinese Development Forum in Beijing on Saturday, Bloomberg quoted Cook as calling for stronger, “well-crafted” privacy regulation.

“The ability of anyone to know what you’ve been browsing about for years, who your contacts are, who their contacts are, things you like and dislike and every intimate detail of your life - from my own point of view it shouldn’t exist”, Cook said.

“We’ve worried for a number of years that people in many countries were giving up data probably without knowing fully what they were doing,” he added. Apple's concern that data would be abused in the form of profiling, with an inevitable user backlash, was a prediction that “has come true more than once”. ®


Other stories you might like

  • New audio server Pipewire coming to next version of Ubuntu
    What does that mean? Better latency and a replacement for PulseAudio

    The next release of Ubuntu, version 22.10 and codenamed Kinetic Kudu, will switch audio servers to the relatively new PipeWire.

    Don't panic. As J M Barrie said: "All of this has happened before, and it will all happen again." Fedora switched to PipeWire in version 34, over a year ago now. Users who aren't pro-level creators or editors of sound and music on Ubuntu may not notice the planned change.

    Currently, most editions of Ubuntu use the PulseAudio server, which it adopted in version 8.04 Hardy Heron, the company's second LTS release. (The Ubuntu Studio edition uses JACK instead.) Fedora 8 also switched to PulseAudio. Before PulseAudio became the standard, many distros used ESD, the Enlightened Sound Daemon, which came out of the Enlightenment project, best known for its desktop.

    Continue reading
  • VMware claims 'bare-metal' performance on virtualized GPUs
    Is... is that why Broadcom wants to buy it?

    The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register.

    Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect.

    NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs.

    Continue reading
  • Nvidia promises annual updates across CPU, GPU, and DPU lines
    Arm one year, x86 the next, and always faster than a certain chip shop that still can't ship even one standalone GPU

    Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs).

    Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market.

    "We will extend our execution excellence and give each of our chip architectures a two-year rhythm," Kelleher added.

    Continue reading
  • Amazon puts 'creepy' AI cameras in UK delivery vans
    Big Bezos is watching you

    Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

    The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK. 

    Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what's going on in and around the vehicle.

    Continue reading
  • AWS puts latest homebrew ‘Graviton 3’ Arm CPU in production
    Just one instance type for now, but cheaper than third-gen Xeons or EPYCs

    Amazon Web Services has made its latest homebrew CPU, the Graviton3, available to rent in its Elastic Compute Cloud (EC2) infrastructure-as-a-service offering.

    The cloud colossus launched Graviton3 at its late 2021 re:Invent conference, revealing that the 55-billion-transistor device includes 64 cores, runs at 2.6GHz clock speed, can address DDR5 RAM and 300GB/sec max memory bandwidth, and employs 256-bit Scalable Vector Extensions.

    The chips were offered as a tech preview to select customers. And on Monday, AWS made them available to all comers in a single instance type named C7g.

    Continue reading

Biting the hand that feeds IT © 1998–2022