If anyone who works at Facebook reads this, I am so very curious, when you're asked to build something like this, how do you approach that morally? I really want to know the opinion of someone actually working there.
There was a response here (sadly since deleted), that said something to the effect,
>What makes you think this was designed as tracking system rather than anti-abuse feature?
Which goes to the crux of the problem: the way "online abuse" is defined presently, it enables platforms to introduce virtually any measures in the name of preventing abuse[1], and people gobble that up, heck, even cheer for it. "Think of the children" got an internet-era make-over, and it seems to be working.
--
[1] off of the top of my head: requiring real names & verifying them via governmental ID; automatic take-downs upon automated requests from 3rd party; automated limiting of posts' reach based on language analysis; requiring posting under your own login; pervasive tracking that jeopardizes people under repressive governmetns.
It's also awful for trans people, who often go by a different name or have an alternate account until the frustrating legal name change process goes through.
can confirm, currently maintaining presence and interaction on two accounts for each of facebook, twitter, and instagram, in order to not out myself to family and prospective employers
If you live and work in the US, the substantial part of your taxes is spent on invading other countries, killing innocent people and propping up dictators.
> how do you approach that morally? I really want to know the opinion of someone actually working there.
I can vote for the people (at every level) that I think will spend the taxes I am legally obligated to pay in a way I agree with and I can follow up with successively vociferous concerns (letters < community organization < protest, etc), but at a certain point my freedom (or life) can be threatened.
Employers can’t (yet) do the same. I’m under no obligation to them to do what I morally disagree with because I can always quit playing their game.
All I can do to quit my country is uproot from everything I’ve ever known, including my family, to another country that I agree with more that will also let me in.
They’re completely different situations and I’m pretty sure we all recognize that, but I’ll add my own personal anecdotes:
Employer
I don’t like the idea of software patents or generic business patents that can be summed up with “... do it on a computer”. I created some really awesome things for an employer many moons ago that were essentially revolutionizing how people in this very particular niche could more efficiently do their jobs. What did I really do though? I put together some open source tools completely foreign to this niche, glued them together with some nifty ideas and code that I wrote, put a decent unified UI on it, and packaged it up as a virtual machine appliance for our people in the field. My company wanted me to sign the invention away so they could patent it, and were going to put in 5 different applications. It was sign on the dotted line or walk, I walked at significant financial penalty.
Government
My dad’s from Libya. I lived there for a while growing up, and all my dad’s family is still in Tripoli. They all hated Gadaffi, and with the Arab spring uprising- things were getting bad. I joined in some protests across the US asking for intervention. Welp, we got what we asked for but not what we wanted. Turns out governments and geopolitics are tricky.
Whatever country I live in, I certainly didn't choose to be born there, and moving to another country is often more expensive than is possible for most people. I don't see how this compares to actively seeking a job at Facebook. I also don't think that the US doing bad things is an excuse for Facebook to do bad things.
The question was "how does it feel?". Not a really useful or interesting question, but there it is, at the top, and for a lot of people here, the answer is "exactly like what you're doing".
> See what gross inconsistency is tolerated. I have heard some of my townsmen say, “I should like to have them order me out to help put down an insurrection of the slaves, or to march to Mexico;—see if I would go”; and yet these very men have each, directly by their allegiance, and so indirectly, at least, by their money, furnished a substitute. The soldier is applauded who refuses to serve in an unjust war by those who do not refuse to sustain the unjust government which makes the war; is applauded by those whose own act and authority he disregards and sets at naught; as if the state were penitent to that degree that it differed one to scourge it while it sinned, but not to that degree that it left off sinning for a moment. Thus, under the name of Order and Civil Government, we are all made at last to pay homage to and support our own meanness. After the first blush of sin comes its indifference; and from immoral it becomes, as it were, unmoral, and not quite unnecessary to that life which we have made.
Recently there was a number of articles like [1], saying that a a lot of good engineers stays away from working for FB, having misgivings about its practices.
So maybe people who agree to do such things are a result of a (long) selection process.
That would make sense, the reason they have to pay so much is because the work is sketchy, if this was truly rewarding engineering work the market would see falling salaries. Doctors still want to be doctors even if they are paid less. You have to pay me 5x to do shitty work.
Around here (public/socialized/“free” European healthcare system) doctors are known to be paid poorly, unless high-tier specialists, so maybe you’re over-assuming.
Well, sure, in Europe it's different but the original topic was about Facebook, which is headquartered in the US. The idea was that high payment is because the job is undesirable and has bad reputation. This does not seem to be true, as many reputable and desirable professions in the US have high salary, including doctors.
Yeah, years ago. Nothing new here. Running "exiftool FB_IMG" would reveal the same "structural abnormality" (not an abnormality though because its part of the valid IIM block of the file). See https://sno.phy.queensu.ca/~phil/exiftool/TagNames/IPTC.html
I can see this being an extremely valuable tool for preventing identity theft on the site. One of my teachers had been the victim of a scammer who had cloned her profile and was reaching out to everyone on her friend list. When the fake profile was reported, it was taken down very quickly, which I imagine could have been done programmatically with this data on the photos.
There's speculation that FB could infer relationships with this. If you've ever shared memes, you'll know this this is unlikely to be effective.
At the end of the day, in an age of reverse image search and public profiles and commodity facial recognition, what is actually the threat model here? That someone is able to tie an unattributed photo back to the URL it was downloaded from? That if someone downloads your photo without permission (why did you upload it in the first place?) and they share it but don't say where they got it, someone else can potentially find out where it came from?
It's unclear whether this ID even uniquely identifies the uploader or downloader publicly. If it's a random UUID, then what? Facebook doesn't reasonably need it to track you (they could use the hash, face recognition, your session, etc). I honestly can't think of a case that would make this valuable to a malicious third party. Beyond content moderation (and maybe saving some CPU time), I can't see much of a use case for Facebook either.
Yeah I can't tell what the harm is from the metadata and would appreciate someone actually explaining, rather than seeing some metadata and immediately jumping to the conclusion that there's definite harm and "tracking" going on.
I suspect if you're logged into Google or Facebook, that's uniquely added to the exif data. So if there is later a question of who keeps anonymously uploading that banned photo, they can trace you as the person (at least being the first link in the chain).
Also, statistics how many images are downloaded and then later found online again by Facebook at other places.
The value derived from this post is not it's "recentness" but to make aware of a practice by fb to the users of this site, specially in the light of fb importance on privacy matters and global politics in recent years
Is the difference now that the tracking metadata used to be set at upload time, and now it's set at download time? Presumably, if you set it at download time, you can not only track the uploader but also the downloader.
As a hobby photographer who dealt with some image metadata manipulation, I find this quite interesting. Interesting enough to question if this could be something we ourselves can be using, say, for a WordPress plugin, so tracking down copyright abuse would be more simpler.
Does anyone know existing, working solutions for this?
Is IPTC purged as well by CMS systems, similarly to XMP or EXIF?
Certain providers will strip your exif data completely. I’ve seen email providers, I think yahoo, and other websites do it. The geotagging has definitely been removed as well as the exif camera data. It might be hard to track images this way if everyone is manipulating it including FB/Insta.
"This is a simple text field that can include any of a number of instructions from the provider or creator to the receiver of the photograph. Any of the following might be included: embargoes (eg: News Magazines OUT) and other restrictions not covered by the Rights Usage Terms field (or new PLUS rights related fields); information regarding the original means of capture (scanning notes, color profile, etc.) or other specific text information the user may need for accurate reproduction; additional permissions or credits required when publishing.
Note: This field is “shared” with the “Instructions” field in the Origin panel of the Adobe Photoshop File Info dialogue.
Examples:
Image to be used one time only, non-exclusive in English-language-edition magazine as inside image, no larger than a full page in color. Additional third-party rights to be negotiated with Julie Doe / XYZ Agency in advance. All rights not specifically granted are reserved. See delivery memo for specific license.
For consideration only; no reproduction in any form without prior, written permission."
Is not only so the data doesn't leak, is also to make it as small as possible so is less likely to be corrupted unintendedly by third party software or protocols.
By posting the photo to Facebook in the first place, you are giving them near unlimited freedom to do with it as they will according to their usage policies.
They are distributing the picture so you are free to file a DMCA takedown request and they would have to take it down unless your claim is obviously invalid. Embedding extra data has nothing to do with it.
Wouldn't that depend on what they use this data for, what it is, and whether they keep it regardless of taking the file down if requested ? ( GDPR, etc. )
I don't use any of their services myself, nor do I suggest infringement.
I ask what is the legal situation for a copyright holder, given users likely are not aware of this data being added to a file; what the data exactly is, where or if this data is kept by them independently of the file itself, what is it used for, GDPR implications, etc.
Copyright applies to published works. Which in this case would be an image. Owning the rights to an image is a legal issue that is not concerned with representation.
So if the images is converted to digital form, then compressed then decompressed, then printed out then usually it would be considered the same image.
This is a really weird question. If it's not prohibited, why shouldn't you be allowed to do something by default? Isn't that a basic thing in all(?) legal systems?
I don't know if this is a rhetorical question or strongly held belief on your part, but this kind of thinking is what has led to such a grotesque invasion of personal privacy via trackers and other data gathering techniques the last few years. Legality is not the right standard. How about basic courtesy and erring on the side of respecting user privacy?
If all of us pushed our behavior to the legal limit, society would likely fall apart. Orderly society only happens because the vast majority of people respect the rights of others.
> The take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more).
How is it any more powerful in that regard than just hashing the photo?
Uploaded photos on many sites undergo postprocessing that may change the hash of the image, different compression technique, etc. without modifying the EXIF data.
Furthermore, plenty of platforms will remove EXIF data.
I made a LaTeX equation rendering script that embedded the source LaTeX in EXIF data, the idea being that you could edit the equation after the fact without having to save the source. But practically every tool I used would strip the EXIF data - so I moved to storing the source in the least significant few bits of the pixel values. This worked much better with the places I was uploading the images to (google docs mostly). Obviously fragile to image format conversion though.
Looking at some examples given in the linked pages on this here, it stands out that there is a structure to each of the 32 bit records in this data. The first 16 bits are nearly random, but the second set obeys some rule: the third octet is a low number and the hole set of records is sorted by that. The fourth is always zero. If this is intended to be a kind of tracking identifier, this structure is a bit odd. Intuitively, I would rather interpret this as a list of tags that are stored in-band with the image.
Isn't it the same as printers watermarking printouts? I don't see this as a necessarily bad thing. In a public forum in a far from perfect world there should be a place for accountability when people distribute photos they shouldn't.
They shouldn't, true. But they are. And have been for a very long time. People who require anonymity would/should/could subvert all those things. But just to give one example: if the daughter I don't have for example was to be targeted by some ex boyfriend posting private photos, I would like to be able to pinpoint the source of those photos. In the case of Facebook that tracking/watermarking is limited to stuff coming out of the FB platforms. Open any photo done with a digital camera and you can get a lot of information from the raw data as well. What I'm saying - a blanket objection of all 'meta' tracking data is not helpful - because it does and will keep on happening. Education on how to work around it when it's needed is maybe the solution. And in some cases, like the example I gave, that tracking data can actually be used to do good.
I do not approve of any printer that watermarks my printouts. There is no two ways about that.
Tracking is a side effect of showing us ads. We will be shown ads no matter what because they pay for the services we get for free and the 99% don't mind them. Without tracking on the ad front we'll see random ads, they would be less effective, that industry will ultimately collapse and we will start paying for every single service we use. Again - I do not condone it, but I don't have the will personally to fight it or let it affect me in any way. When i want my actions to be untrackable, I will take steps to make them so. I would however like both the ad world and consumers to reach some sort of middle ground in regards to what is acceptable and what is not. They way things are now are out of balance in favour of advertisers. It should be corrected.
>Isn't it the same as printers watermarking printouts? I don't see this as a necessarily bad thing.
I can't see how you can adopt a stance, which places accountability above blanket surveillance by condoning behaviour, which makes an assumption that a crime has been committed by default.
I don't. I dislike tracking, but I am choosing my battles. Tracking won't stop. It will mutate with regulations. We cannot fight it. We need to understand it and educate those who are not technical about it. There are 3 sides to each coin. Yes tracking is bad. Granted. The flip side will be argued that tracking is a part of what pays for all the content we consume and create (advertising). The third side is that there are scenarios where being able to trace back a digital asset might be a good thing. It's not black and white. All i'm saying is that as long as we look at tracking/adverts as a single source of evil without understanding all aspects of it from both sides we'll never achieve anything. If it won't go away, then there has to be a compromise in the middle. We only appear like a lot of people here in our HN bubble. But we are nothing. We are maybe the 1% of internet users. The other 99% don't care, not aware. Our "needs" and whims are insignificant. Maybe because we're loud and appear bigger from a distance when stink is raised it is looked at and inspected. But no matter how loud we'll shout, ads and tracking will stay. So there has to be a compromise. and you as an individual with knowledge have ways to circumvent that tracking and adverts. We know about printer watermarks so a savvy journalist can use a non watermarking printer. We know about facebook image tagging and watermarks - a whistle blower worth his salt can remove them. But that guy who ruined a girl's life by posting some pictures will face consequences because he had no idea about anything. We can't win every battle and nor should we. There has to be balance.
I disagree; extrapolating the Pareto principle and arbitrarily defining needs/wants ratio on privacy, by drawing a relation between either being savvy or ambivalent and justifying the value of free content, is a non-sequitur. There are absolutely no excuses for any of these ultra shady practices to exist and equally, had the incumbents been stopped from weaponising and/or deploying their aggressive and insidious plans in the first instance, it would have dissuaded others to use their platform for similar purposes.
These practices are going to take an even more twisted turn with deep-nudes/fakes, GPT2 etc. and related trends. If we are to learn from our experiences, it is now important to fight and push back, rather than just roll-over and pretend to be dead or to accept current practices and seek a (non-existent) compromise, as you suggest.
Yes we can fight it until the cows come home. But tracking is a side effect of ads, and ads are not going to go away, unless you convince everyone to start paying for what was free services. How do you fight that? I'm seriously asking, not being cynical: You won't be fighting just the advertisers and their platforms. You'll be fighting the 99% you're trying to "liberate" because now they are going to pay.
It's up to the editor to keep metadata. In Gimp you can choose in the advanced export settings, but I don't know the default. Re-encoding will definitely change any hash, but editors may (not sure how commonly) keep these tags. You'd have to do steganography if you want it to be more persistent than a metadata tag.
Edit: I just saw it's not a normal EXIF tag, this is something else. I'm not sure how this is handled, might be interesting to do some empirical testing!
Normally this would make everyone stop uploading photos to facebook. But most have already.
My facebook usuage has gone from every second to maybe once a day. There is a rot happening and this will become a dangerous time for anyone who used facebook as facebook will slowly sell them out and in the end exort them. Want to keep these photos private you uploaded 10 years ago and deleted? Pay..
It's good practice for any website that takes image uploads to strip unnecessary metadata, as people can inadvertently reveal their location (geotags) or identity (serial numbers etc) otherwise.
For websites in general yes but I do not want an e-mail client that, unbeknownst to me, manipulates data in transit. Time to pgp-sign the attachments on mails, too? :/
No indication of what it means. Has anybody tried to download the same picture from two accounts and see if the data changes? Maybe this is some data they embed into the picture for bookkeeping when inside their infrastructure and they forget to strip it when they let you download it.
I’m curious, but are we biased here on HN or is it literally every piece of news that’s coming out on that company is about another nasty privacy invading practice at Facebook? Although I admit there are some posts about FB open source projects here too.
Why don't they encrypt that kind of payload? I suppose tampering with it is easy enough that it would prevent using this data in litigation issues, right?
Shouldn't a privacy friendly browser/extension be able to defeat this technique by passing said images through exiftool (or similar) and then caching it?
One should note that they went to quite a length to hide it from mainstream EXIF readers
It is not in a comment field, nor it reuses any EXIF guid equivalent
A much more grievous thing they may be doing is speculated to be them encoding tracking into photo's hue channel.
There was time when you was able to see a stripe of odd pixels in the right bottom side of some photos.
Later, I read a blog post saying that if you upload a solid grey picture, you will see weird subtle colour banding patterns on it if you download it back.
"Mainstream EXIF readers" are mostly derivatives/wrappers around Phil Harvey's ExifTool, which has supported IPTC tags for a very long time. Whatever may be interesting about this, the fact that the data is stored in an IPTC tag is not really part of it. IPTC/IIM structures predate Exif by decades: https://en.wikipedia.org/wiki/IPTC_Information_Interchange_M...
You could try uploading a bunch of images and downloading them again, finding out where they differ. This should be reasonably straightforward. However, FB likely modifies the image in various ways (resizing, maybe they recompress the image to save space, etc). Showing the presence or absence of steganography will probably require a large sample size.
Shadow Facebook profiles are a thing, and given the fact that the Facebook sdk is spread like a plague amongst everyday 3p mobile apps in-use, there doesn't seem to be an end to this madness in sight. I personally block Facebook domains at dns-level on my phone but not everyone does.
And that is not even enough given the fact that Facebook owns WhatsApp and Instagram, their presence grows ever more ominous given their ubiquity.
Adblock+ with some lists, Privacy Badger, and NoScript can wipe all FB interference. A solid hosts file can also add one more layer to eliminate exposure to FB, Pinterest, and other fancy trackers.
Btw, yes it is easy. I have stopped using FB for so long that in order to log back in to delete my account they are asking me to be verified via "friends" (people I haven't worked with or talked to for years).
It is not that simple. I do not use it. Yet someone can upload an image I send them, or my photograph without my knowledge. It needs to be strictly regulated.
I m looking forward to the time when facebook is banned, people turn to proper decentralized alternatives, and panic when they realize they can no longer delete their pics from the net
My understanding is, that people have been falsely led to believe the opposite. The rise of snapchat ( a total hack in terms of keeping things impermanent), various promises from social media companies, and the constant insinuation by news articles that it is possible to be private on the internet have created a totally false belief. People used to be conscious about what they put online, nowadays it doesnt seem they are.
While all that has happened, I don't think, that's the reason for people's behavior. So many people (also smart people) just don't care about privacy #nothingtohide.
And, secondly, nowadays the web is a lot more crowded, all the less technically minded people go online with a very sparse understanding of the web. Early adopters had a different demographic than the current userbase.
The less tech minded usually do what the more tech minded tell them. The problem is we 've lulled people with "security", green lock icons. We all know that all security is temporary, but we also chose to appeal to people's natural need for safety. The point is even the best digital security measure is nowhere near good old physical security.
that won't happen. Something that is decentralised but still runs on public infrastructure can be blocked or legal entities can be held accountable. Something that is floating around in the "dark web" or some obscure private server is for practical purposes not accessible to vast amount of users.
You don't need to look to the future. We already have p2p solutions and encryption that if hacked together could serve as some sort of decentralised storage. The public doesn't use it.
> We already have p2p solutions and encryption that if hacked together could serve as some sort of decentralised storage. The public doesn't use it.
The public doesn't use it because it hasn't been hacked together and that for all intents and purpose the experience has more friction than what is available today.
Just think of the real world analogue. I give you access to my stuff. Maybe I lend it to you, maybe I let you crash at my place. That doesn't let you do whatever you want. If I lend you my car and you take it to a car crusher, that's messed up and regulations protect it.
That's conflating two different problems. The issue of someone posting something without permission is one, and what Facebook does with what it distributes is another, entirely different second issue. We are discussing the second.
Is it dystopian to regulate that sites cannot host and distribute pedophile content for instance ? Regulations are needed, in the internet as much as anywhere else.
yes, and it's crazy annoying! some of us have very old facebook accounts from back when it all started. nowadays photos of you showing up at events are being tagged by friends and relative. soon the machine would have learned enough on its own to start tagging you by itself. that passive social media activity is stunning and amazing to witness happen...
Yes as an example of this: our daughter's school gives a form where you can indicate where photos of her can be used. This is probably required by the GDPR, but it is nice of them to do it anyway, and they try to hold up their end. We never give permission to anyone to share pictures of our daughter on social media. We believe she has the right to choose what she publishes when she is grown up.
So, the school photographer comes. It's the usual think where they make pictures, and you can order some copies. This year they only made class photos. They send you some link where you can log in to see a watermarked version of the photo, you can then order a digital copy or a printed copy.
However, they also put a Facebook share link on the page where people can share the class photo with one click. I am sure there are a lot of parents who do not even think about the rights and wishes of other parents and just share the photo.
So, we are in a bad situation where we explicitly disallow people to upload photos of our daughter, but not can people upload pictures anyway against our wishes, companies are actively pushing people to do so.
All the tracking and unwanted uploads of personal information (though friends' address books), photos, etc. without any explicit permission is a disgrace. I hope that the EU keeps hitting these companies with the GDPR until they respect people's privacy. Sure, if you decide to share your life with Google, Facebook, and a countless tracking companies, that's up to you. But this unwanted slurping of every bit of information has to end.
The only useful regulation would be to forbid it and it probably won't happen. It also cannot prevent governments from doing it. Apart from regulation, we also need technical solutions.
Don’t forbid Facebook. It is a good tool that can be used for good.
Forbid stalking, dark patterns, lies (aka fraud) and their overall lack of morals & ethics. Facebook will be welcome to adapt and behave like a well-meaning member of society.
> Forbid stalking, dark patterns, lies (aka fraud) and their overall lack of morals & ethics.
So essentially forbid everything that makes them the most amount of revenue from advertising? I don't see that likely to happen.
The problem with Facebook is not exclusive to Facebook Inc. It's a common symptom of advertising-based and similarly nefarious business models used by the richest modern corporations. Investors want their ROIs and optimizing for advertising delivers that easily when the business handles extraordinary amounts of personal information.
There are many ways of breaking out of this corrupt model. Creating new business models not dependent on advertising is a no-brainer, but so is creating tools that enable people to keep control over the data they share online. There's a lot of emphasis on distribution and cryptocurrencies recently, which is great, but we have a long ways to go to make the importance of these systems understandable by the general public, while also making them approachable and easy to use.
Agreed. Facebook is like a commercialized implementation of CIA and other miscellaneous intelligence practices. And its commercialization is skewed towards benefitting the advertising companies. This is a double negative.
There motto could have been to SERVE THE USER. Instead it became FOCUS on the user. They focus their product towards three dark patterns: extracting data from the user, manipulating the user, and addicting the user. For now it is towards the benefit of advertisers which is Relatively harmless in the future scheme of things.
A more benign use could have been connecting users across the world to each other and to other companies for healthy conversations. To be what FRIENDS were meant to always be.
Facebook isn’t even the only problem. I see the same scummy behaviour across a big chunk of the tech scene. Even in products you do pay for, stalking & fraud is commonplace.
Regulations also raise the bar for new platforms to enter the space. We may come to the point where a person would need to obtain a license just to make a website with login.
Any other form of communication – email, IMs, phones etc. If you're not having a conversation but just "like" each other's photos it's not "maintaining a remote friendship" anyway.
Yeah, good point. I often find myself wanting to follow what some people are up to (friends or not), and it's always frustrating how it requires you to be a part of a certain platform to do that – you can't follow anyone's instagram, facebook, twitter etc without an account, and even then you still need to go on instagram/facebook/twitter to actually check it out.
I recently created myself a Pixelfed (a federated instagram, basically) and was pleasantly surprised how my profile has a plain, old RSS feed, so that anyone can "track" me without ever visiting a website (which is something that ActivityPub itself also allows, but AP still forces you to be a part of the "system", so to say).
I'd much prefer that kind of Federated world, but I don't see how we can get there in any other way than spreading awareness about it and basically nagging our friends (at the risk of isolating ourselves) – “I wish I could follow your adventures and thoughts, but I don't want a facebook account”. This of course requires a critical mass for basically each person, and probably a way of automatically updating the locked-in platforms (for each post you push to pixelfed/blog it updates your instagram/facebook) so that the ones who take a step out don't need to leave their locked-in friends behind.
I’m still a Facebook user, but I’m thinking more and more about leaving. Not so much because of the tracking as for the expectation of maintaining tens of hundreds of “friendships”. Keeping track of what former colleagues are up to, meeting someone at a conference every other year and the conversation is 90% “I saw online that you (...)”, and having less time for proper conversations with actual remote friends.
I don’t know how it will end, but I’m confident that I’ll keep in touch with the friends that are actually important. Not staying in semi-touch with people I don’t feel the urge to call, send a mail, or invite/travel to is something I look forward to :)
Since leaving facebook, I've found the lack of passive interactions has increased the number of active interactions I have with my friends. Leaving facebook has strengthened a number of my friendships.
