They absolutely did not "reveal new security settings" – they revamped the security settings menu & page. From the article:
> Facebook announced on Wednesday that it’s redesigning the settings menu on mobile devices, consolidating privacy options in one place, rather than sending users to some 20 different screens
There is no indication in the article that they are allowing users more control over their data, and fb remain free to do what they will with your data once you sign up for their service.
This does nothing to resolve the problem that people are up in arms about:
> Under the revamp, users still won’t be able to delete data that they had given third-party apps on the platform previously, even if it was used for reasons other than what was agreed to. That data, generated over years of games and personality quizzes that had access to private information, is largely still stored outside of Facebook’s grasp by the private individuals and companies that built those applications.
> users still won’t be able to delete data that they had given third-party apps ... is largely still stored outside of Facebook’s grasp by the private individuals and companies that built those applications.
I don't believe it's possible to resolve that problem.
It's pathetic to see a slight decrease in dark UX referred to as "new security settings". Oh, so they moved some stuff around in the settings menu? Call me back when they actually give you a link to delete your profile (seriously, there is none in the settings. There's only "deactivate" and "delete your profile after you die" -- even though both of those appear in a "delete" section.
"New Security Settings" implies that I'm given options I didn't have before. That does not seem to be the case here.
What's really needed is a way to delete old data in batches, like "delete everything I've posted over 1 year ago".
Currently you have to delete thousands of individual items (like played Spotify songs) one-by-one, using a tediously slow and inconvenient UI that individually confirms each delete.
The “tedious to delete, by design” approach crosses all companies (create account = 1 click, delete account = call this number between the hours of 1:15 and 1:16 on Tuesdays and wait half an hour to speak to a representative, enduring their sales pitches first).
There should be a simple law: the mechanism for deletion of any user data must be no more complex than its creation.
It would also be nice to have deletion terms always specified at point of creation, e.g. “bookmark this link to remove what you’re about to create”.
>the mechanism for deletion of any user data must be no more complex than its creation
I don't think that'd work too well... indeed, it's already in place. You can create a single post with one click, you can delete a single post with one click. I guess we're looking for "batch deletion".
Well multiple actions in both cases. If you're making a text post, you need to 1) write the text, 2) click submit. Likewise with an image, 1) upload image, 2) click submit.
I suppose the confirmation isn't strictly necessary but for a normal user's use-case, but having a confirmation is a good thing (accidental irrecoverable deletions are bad). But they could definitely have a one-click delete with an Undo button.
> There should be a simple law: the mechanism for deletion of any user data must be no more complex than its creation.
That's one of the nice points of GDPR, albeit around withdrawal of consent. It must be "as easy to withdraw as to give consent".
That prevents the "call or fax us to cancel consent, but give it via a single tick-box on sign-up that you can never change". Deletion is a right under GDPR; although there's no specification it must be as simple as to create (as at very least you likely want some kind of simple confirmation before losing something).
There should also be an easier way to let apps that you've connected to with Facebook before know to delete any information they gathered from you from Facebook.
Deleting data in Facebook itself isn't enough when there are apps out there that could have siphoned your personal data and details. Going through each app one by one and contacting them to delete your data is just painful and usually falls on deaf ears.
Some apps don't even provide a way to delete data or even delete your account. Some people that I have contacted about deleting my account on their app even told me that they never built such functionality. Facebook is on the news because it's a big target, but it happens everywhere.
It's better than nothing (I've been using it for a while), but it has trouble handling confirmation dialogs unless you keep the browser window in the foreground. Also it seems to miss quite a lot of posts.
It would really be so much better if Facebook was forced to implement batch delete in their API and/or in their UI.
I've had to uncheck "Preview" and set it to 0.25x speed for best results. And a second pass at anything it didn't cover (which isn't much at that slow speed). Works OK, although it takes forever either way. Just slightly less, ironically, by making the script takes its time.
I believe Facebook's Graph API intentionally does not support DELETE actions. I've had best success with a Chrome plugin called Social Book Post Manager, but it's not particularly fast or reliable either. At least it's able to delete something.
This. A real simple deletion feature where stuff is truly gone would be awesome.
I would much prefer a feature where the user can define what gets deleted when via a policy setting in the profile, and when posting you could also modify the default (delete in 12 hours, next year, after x people read it, whatever...)
I kind of don't get this. But this is why I've never really been into SM. Just cause they make a shiny deletion UI and your stuff appears to be truly gone... as in, never reappear visibly ... this makes you trust them that is actually truly gone?
It looks like just the dark UX patterns of Facebook can be used to write an entire book today. Not that the other companies are any better in this regard.
To delete an item from your timeline from recollection there are three clicks involved - once of which I am pretty damn certain is blocked based on a timer in the back end. The Http request takes like three seconds to complete every time.
The real question is: will they let me delete all the call logs, address books, and SMS data they've scraped off my android phones over the years? If they do, will it actually be deleted? How long will it take to be removed from all backups?
I wouldn't be so sure. As a developer I've used a similar strategy to make restoring important data easier that occasionally would be deleted by mistake. This wasn't private information though.
Also, I have zero confidence that any of the big tech companies thoroughly delete data they've obtained even if it's illegal to keep. Big tech companies aren't exactly known for following the law. While GDPR sounds nice in theory, the U.S. based companies might "delete" the data from E.U. servers, but conveniently keep backups in the U.S. Or they might forget to pass on the delete request to trusted third-parties.
I can see deleting some of this data is probably non-trivial too, given that if you want to keep the data consistent you have to recursively follow all the relationships between objects and delete related objects too. For example, delete a post, and you have to recursively fetch all comments and delete those, and then all replies to comments, etc.
It's definitely doable and if they're not currently doing that because they choose not to for sure, though deletion of highly-relational data like this is an interesting problem, idk I wanted to bring it up (:
What's amazing to me is how the media can stir the public into a fever pitch with such ease. I've told people about FB and Google data collection for years and nobody cared, at least not until the talking heads told them to care.
What FB does is innocuous compared to the CIA vault7 leaks, and yet the media shoved that down the memory hole. The real question is why is this being pushed now when literally of this has been public info for years?
It's just part of the media machine. FB is currently the "bad guy" so any media agency who can push the narrative is rewarded with more user attention. This has a huge snowball effect and will result in FB getting hammered into the ground until a more interesting antagonist comes around.
Another interesting "bad guy" right now is Russia -- justified or not, notice how media outlets are trying their hardest to find any Russian links whatsoever to every bit of political news, even things completely unrelated. For instance, try searching for "cambridge analytica russia" and look at the number of results.
> I've told people about FB and Google data collection for years and nobody cared, at least not until the talking heads told them to care.
> What FB does is innocuous compared to the CIA vault7 leaks, and yet the media shoved that down the memory hole.
But it's Facebook controlling your mind! They know what you like and can manipulate you with that! \s
> The real question is why is this being pushed now when literally of this has been public info for years?
I have a theory it's the recent shift in Newsfeed reducing news and increasing friend's posts. It was reported earlier that there were tensions between Zukerberg and Murdoch over ad revenue [1]. Wouldn't surprise me if other media magnates feel the same way.
Even if they offered a delete button any time before GDPR comes into effect I would not trust and use it. I also don't like the idea of using one of those chrome extensions mentioned here. To me, currently this is synonymous to hiding everything they have on me from myself.
But doing this after May 25 would mean I definitely want it gone for good and if they don't fully delete what I manually remove, I expect them to get themselves into trouble.
> But doing this after May 25 would mean I definitely want it gone for good and if they don't fully delete what I manually remove, I expect them to get themselves into trouble.
You're technically right here, but it seems at present that most companies won't be complying with this for quite some time (perhaps an opportunity for some litigations?)
Backups appear to be the "black hole" in GDPR, as nobody spent the 2 years actually planning and preparing. Therefore, most people I've spoken to are planning to simply add a "gdpr_deleted" flag to each row in the database, and set it to true when it happens. They don't return those rows in queries. The inter-dependent nature of many databases (you shared a post with 10 users, you delete your account now, FB wants to retain the view records), coupled with nobody taking GDPR seriously until the last minute, means we'll likely see "soft deletes" for quite some time.
It would be interesting though to make a GDPR request to companies for data held specifically on backups, and held in databases records that would normally not be shown (i.e. these hidden records), as that could get them in trouble if you could prove they lied!
To delete backed up data, first encrypt the data with a key. To delete the data, delete the encryption key, leaving your "backed up data" meaningless bits.
Here's a good security/privacy option: Provide a fully featured HTML5 app (specifically one that allows you to access the inbox). Then there is no reason to install the native app or messenger.
>"“Last week showed how much more work we need to do to enforce our policies and help people understand how Facebook works and the choices they have over their data,” Facebook Chief Privacy Officer Erin Egan and Deputy General Counsel Ashlie Beringer wrote.
Facebook Chief Privacy Officer. Now there's a job title.
Seriously what does a Chief Privacy Officer at FB do? What are the responsibilities of a Privacy Officer at a company whose entire existence is predicated on their users having no privacy? Here's 15 years worth of their boss's views on privacy:
Who is ever going to trust that these settings actually do anything except for the button animation after the previous two weeks of privacy disaster for Facebook?
Probably most of the country, actually. =\
Mark my words, their stock price goes right back to $180 over the next two weeks.
Facebook users are still the product, and information about them is still what brings Facebook revenue.
Let's say a user makes these settings as strict as feasible, but only some or none of their contacts do the same; in that, the default and common case, the information about the concerned user may still exist in some form.
there's a distinction between abuse from a third party and outright lying on the part of fb. suggesting that deleting data leads to nothing more than a CSS animation is asserting the latter.
I think the reality is that data will no longer "look" like it's in the data download, I'm sure FB will keep it to continue performing ML algorithms to pursue more and more ad revenue. Hopefully they will at least remove the code that is collecting it so that it stops in the future. No tin foil hat needed to believe this route.
“Delete this (from my visible feed)” might be the effect that you see, but that doesn’t mean it’s not still being used to feed your advertising profile or shared in some way with third parties.
Something curious about facebook is, they let anyone access user profile/pages (or whatever it is called), so visitor can see the user profile picture and might be able to see other stuff. Facebook "protects" the privacy of the "visitor" because the user cannot see what visitors have visited their profiles.
So, users have no privacy, but visitors have their privacy protected.
Facebook should list "who" visited user profiles. I dont know why they dont do this already. And even more, they could somehow list what photos the visitor chose to see, how long visitor stayed on user profile, which 'full resolution pictures' visitor had downloaded. If they only saw thumbnails then no need to list, but if visitor made the effort to download all full resolution user pictures then the owner of those pictures should be able to see who has downloaded them.
So this way, the user would be able to see how frequently visitor X, Y, Z has stayed on their profiles, and how many/which full res pictures they have downloaded/seen.
If the user profile is not a person, but a store, then the store would be able to benefit from this data and send some message saying "We noticed you have been visiting us lately, and you seem to have a lot of intrest in product X. Do you want to know the price or make an offer?"
Or, if the user is a person and has seen weird behaviour from weird users, then user would be able to take precautions.
So in the end, the user profiles are public and have no privacy. But the visitors/consumer of other people profiles can snoop on other lifes and have their privacy protected because the page they visited is never able to know they have been visited by visitor X Ntimes.
This is a pretty interesting proposition. I'm personally not a fan of the store idea --I'd rather be able to visit business pages anonymously and not get messages from them-- but I actually think seeing who has seen your profile could be a good idea, especially in the realm of the picture download/viewing.
I dont see FB implementing that because the more information people have about how their profiles are viewed (and used), the more it's going to polarize their user base.
I think people will fall under two categories.
Group 1: They want attention, followers, etc. Facebook becomes more like Instagram (which is redundant)
Group 2: They want privacy and a place to connect with peers, but that "profile use" knowledge will prevent them from sharing their lives on Facebook further more.
Also, I think people have the right to view publicly posted information and photos without being monitored by the poster. Information overload, irrational responses, reactionary culture, and all that.
What I want is to download my history including the external links I posted. But they seem to not include that stuff. I'm sure they tracked which links I posted, but they don't consider that part of the private data I'd own in any way, so it's not there in the download. Which I means I can't find that article I stupidly posted to FB and forgot to bookmark otherwise…
The real problem is data collected about you from other people. For example all of my lesser friends install the android facebook app which gives them tons of information about me from my interactions with them. I need a way to tell facebook to delete and not collect data about me from other people's devices.
> Facebook announced on Wednesday that it’s redesigning the settings menu on mobile devices, consolidating privacy options in one place, rather than sending users to some 20 different screens
There is no indication in the article that they are allowing users more control over their data, and fb remain free to do what they will with your data once you sign up for their service.
This does nothing to resolve the problem that people are up in arms about:
> Under the revamp, users still won’t be able to delete data that they had given third-party apps on the platform previously, even if it was used for reasons other than what was agreed to. That data, generated over years of games and personality quizzes that had access to private information, is largely still stored outside of Facebook’s grasp by the private individuals and companies that built those applications.