________________________________________________________________________________
Ad Observer only collects information about the ads people see, not personal posts or users’ personal information.
This statement seems to be contradicted within the article itself.
For instance, Mozilla claims the tool is used by a newsroom in Utah, linking to an article titled "ksl-investigates-who-is-behind-the-millions-in-facebook-political-ads-targeting-utah." So presumably the tool identifies the location of the target.
The article also claims that the tool proves that Facebook is still selling discriminatory ads. Does this mean that the tool knows things like race, gender, religion, etc. about the user?
If a user has willingly shared such information with the tool, I don't see a problem. I'm not sure how Facebook would even have any standing in a legal case. But the article does seem to contradict itself about user privacy.
I have often seen apps saying things like, 'we don't use any personally identifiable information; we aggregate and anonymize location data, stripping it of your IP address and storing only the region and ISP.' Or whatever. Not all metadata can identify or profile the individual from whom the data were generated.
Here's what they say on the Ad Observer website:
_If you want, you can enter basic demographic information about yourself in the tool to help improve our understanding of why advertisers targeted you. However, we’ll never ask for information that could identify you._
If that's the case, then I don't think the statement is false. I tried to find a standalone privacy policy, but it's not in the GitHub readme.
This may be addressed to Facebook, but it's clearly written for a different audience. Accusing Facebook of impure motives and outright deception may feel good for Mozilla's staff, but it won't convince Facebook to change their stance. And let's not forget, Facebook is trying to draw a clear line against data exfiltration, to prevent another Cambridge Analytica disaster.
I really think this is just more posturing by Mozilla.
It seems apparent to me that any open letter should be primarily written to pander to a broad, general audience and only tangentially for the named "recepient". It is the readers of the letter that are intended to convince Facebook to change their stance.
Yeah, ‘cause you know I’ve got nothing better to do all day than wait for another open letter from my employer’s parent foundation. /s
I'm surprised that people keep setting up this kind of projects in the US, where US companies enjoy strong legal protection.
How about hosting it in Russia? You can be pretty much sure that the legal system will protect you as much as possible, if nothing else then purely to rain on Facebook's parade.
And for the data it doesn't really matter where you store it, as long as you can convince US users to install your collection utility.
In fact, now that I think about it, I would be more surprised if other countries did not have data sets on the US election and its ads.
People set up projects in the US because that's where the users are. And for that matter, where the people setting up the projects are.
I believe the pirate bay has mostly US users, but it's located far outside the US.
It was also created by non-US residents, I think, right?
There are definitely reasons why some projects might want to deliberately seek out hosting outside of 5eyes countries, no doubt. But the original question was why, and I think most people create their projects wherever they're living at the time, or where they think they'll get the most users.
I'm not sure whether US residents hosting projects on Russian servers would be much less susceptible to US "charms," come to think of it.
Recent related threads:
https://news.ycombinator.com/item?id=24909056
https://news.ycombinator.com/item?id=24874602
A lot of comments I've seen draw the line between NYU's extension and Cambridge Analytica because the latter was using a native platform. But that feels like a distinction without a difference, if the net effect is still that "something I shared with my friend ended up in a third party's possession". Ultimately, if something has been shared with me, should I be able to save it or reshare it with others? The mechanism by which that save or reshare happens feels like an implementation detail.
Fundamentally speaking, who has what rights to shared data (like contact info or posts) feels like an unresolved question that has important implications.
What about that question is unresolved? If you tell me your name, I have the right to tell others your name unless I have specifically contracted that right away. Same if you tell me your age or your address or that you <3 ice cream.
If I see you in class, I have the right to tell anybody that I saw you in class. If you give me a note to pass to Pat, I have the right to disclose that unless I have contracted that right away or fall under specific regulation.
But I'm sure there is some interesting territory for discussion here. Where do you see "fundamental" unresolved questions about data? Within the USA, what considerations do you think trump the first amendment?
Do you also agree that FB was unfairly raked through the coals in the Cambridge Analytica (CA) case and that they (FB) weren't actually at fault?
I do, but at least I am consistent. If the what happened in the CA incident is wrong, the NYU incident is wrong too (ethically. I am not a lawyer and can't comment on legality). If CA was not wrong, this isn't wrong either.
Since at least in the court of public opinion, CA was wrong and FB was a terrible company for letting CA happen, then well FB is doing the right thing by asking NYU to stop.
CA used deceptive practices to collect user data, & downloaded personally identifiable information for u users and their friends without notification or consent, unlike NYU. Those are significant differences.
CA didn't do any of those things. They purchased some data an academic had collected from a FB quiz app.
There's absolutely nothing stopping one of the NYU academics from selling the data they collect for their study to "Cambridge Analytica 2.0" in 12 months. If that happens, which FB would not be able to stop, this situation become identical to the CA scenario. There would be no significant differences.
I think it is significant that one happened server-side using FB tooling and the other happens client-side without FB being complicit.
One was explicitly installed by the user, the other was foisted upon the unwitting user.
So, maybe some significant differences, depending on your POV.
But AFAIK both CA and NYU got "consent" to access data from the users who installed their game/extension, but neither are asking consent from users' friends (ie the crux of the CA scandal).
I only vaguely recall the details but GDPR defines the concepts of Data Controllers, Data Subjects, and Data Processors, and has statements on rights for EU citizens.
Hm I'm wasn't able to find any definitive sources to explain what GDPR does / does not allow in this case. Most of the articles I could find seem to think that GDPR would have prevented CA because it requires explicit user consent to access personal data. However it is unclear to me whether that consent needs to be from the user or from the users friends?
AKA Cambridge Analytica, but for the good guys.
This data should really be in the public domain without the need for a browser plugin.
Dear Mozilla: Spend Your Money on Firefox Exclusively
This is coming from the Foundation (i.e. where the donations go), not the Corporation (which ships Firefox).
I’ll trade this letter for a better Firefox
"Facebook claims its motive for threatening Ad Observer is that browser plugins and extensions, like Ad Observer, could violate Facebook users' privacy."
Yes, but so can Facebook itself. And it has, many times. Facebook lacks credibility here. It is possible this research may even uncover further violations of users' privacy as it may reveal levels of targeting not believed possible based on the types of user data Facebook admits to having.
Can Facebook effectively block users from saving and sharing the ads that are forced upon them by Facebook and its advertisers?
Facebook would have to control what users choose to save from their browsers' caches and what they choose to do with that material, e.g., sharing it with researchers.
The legality of "scraping", fair use for research purposes and the general unenforceability of website TOS all stack in NYU's favour.
Laura Edelson, a researcher at NYU's Tandon School of Engineering who helps oversee the Ad Observatory project, said, "The only thing that would prompt us to stop doing this would be if Facebook would do it themselves, which we have called on them to do."
https://www.wsj.com/amp/articles/facebook-seeks-shutdown-of-...
> Perhaps some lawyers would offer to assist in representing NYU pro bono should Facebook file a complaint.
Look at the list of signatories. Mozilla Foundation, EFF, etc....there is no shortage of lawyers involved in this.
Wouldn't Facebook have to claim exclusive ownership of user data to have any standing in a legal action within the USA? That seems highly unlikely to me.
In the unlikely event that Facebook did push its luck, NYU has perfectly qualified lawyers of its own.
This isn't about poor helpless NYU. It is clearly a PR move to make loud public noise about Facebook misbehavior, mostly about questionable ad practices. The cease and desist action just provides the moment for Facebook critics.
I responded to a comment that was later edited to remove the statement with which I took issue. I agree with you.