Facebook comes out swinging
Fires back on ‘shadow profile’ accusation
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Facebook has come out of its corner swinging in response to the accusation that its “shadow profiles”, among other aspects of its services, break Ireland’s privacy law.
The latest round in the world+dog-versus-Facebook began last week, when a group called Europe-v-Facebook picked up research by Austrian student Max Schrens as the basis of a complaint to Ireland’s Data Protection Commissioner.
Schrens’s complaint covered the handling of Facebook user data, but also accused the company of creating “shadow profiles” of non-users. For example, he said, a non-user’s identity could be revealed to Facebook when a user uploads an address book to its servers.
Facebook’s Mia Garlick has told The Register that while Facebook does receive such information – since, for example, an e-mail address is provided by any user who sends a Facebook invite to a non-user – it does not use that data for profiling non-users.
“We keep the invitees’ e-mail address and name to let you know when they join the service,” she said. “This practice is common among almost all services that involve invitations … the assertion that Facebook is doing some sort of nefarious profiling is simply wrong.
“In addition, Facebook offers more control than other services, by enabling people to delete their e-mail address from Facebook, or opt-out of receiving invites.”
Regarding the accusation that user messages are retained by Facebook after the user has deleted them, Garlick says that Schrens has misunderstood the nature of messaging services.
Users can delete messages from their own inbox and sent folder, she said, and these truly are deleted. However, a message that a user sends also becomes part of the recipient’s inbox.
“People can’t delete a message they send from the recipient’s inbox, or a message you receive from the sender’s sent folder. This is the way every message service ever invented works,” she told El Reg. ®
COMMENTS
Facebook links non-members
I am not on Facebook, but my email address is in many different people's address lists as they know me through my business.
Facebook joins the dots. All these idiots are uploading all of their email contacts to Facebook when they join. This means my email address is then associated with hundreds of different people. And none of them asked my permission to give my personal details to Facebook.
Facebook then sends me random invites. Someone invites me to join. (I guess there is a "invite all your contacts to join" button or something).
What always concerns me when I see these invites is what is also on that email. That email will include a list of "other people you may know on Facebook". The scary thing is, this list is always 6 to 8 people I DO know from different walks of life. Facebook has already made the links for my email address and who my "friends" may be!!
I get more concerned that they have also done this with my phone numbers via some new user. Each new user is adding a little bit more of the picture of my personal data, without my permission.
And then there is the photo recognition... when you are an outsider, you have no control over who is tagging you.
Even if you try and contact Facebook to ask them to stop sending the invites, you just end up in a deadend of web links which only work if you have a facebook login.
So I can see the point of the case. Not sure if they will get anywhere as how can you "prove" that Facebook is building profiles on us "outsiders"? It is not something I am massively concerned about, but it is annoying that it is going on. This is MY private data that they are abusing.
You're assuming...
...the recipient is using the same system as you. As an extreme case, you can't guarantee that the recipient isn't copying and pasting the messages into another application.
Hmm...
While it's true that MS Exchange can delete messages that have been sent in haste that you can recall, these recalls can be overridden by the person that the email is being recalled from. I.e. I'm a sender sending to the recipient and I recall the message, if the recipient hasn't already received the message then it's easily recallable, however if it's already in their inbox and they're reading it, and then you recall it, they are promoted to accept the recall. They can also change this in the settings, or it can be changed at the corporate IT security policy level.
It's important to note however that most email users are individuals such as you, me, Joe Bloggs, and every other user on the Internet has a personal address and those are usually hosted with one of the following: their own ISP, AOL, MSN Hotmail, Gmail, Yahoo mail, etc ad nauseam. Most users also use the email client that their computer came with, unless it's a web based interface such as Gmail. There are no such recall features built into these services.
So based on looking at what the average Internet user has, and how they use email, it's safe to say that "People can't delete a message they send from a recipient's inbox" is a true statement. As is "... the way every message service ever invented works" is also true. Exchange added onto the normal way, as did Lotus Notes, and the other few, that decided to build this feature in.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
