> We use the combination of your Facebook and LinkedIn data plus your About Me and Photos to ensure we are building a balanced, high-achieving and diverse community. Our screening algorithm looks at indicators like social influence, education, profession, industry, friends in The League, number of referrals you've made to your network, as well as supplemental data like what groups you belong to, events you've attended, interests you list, and preferences.

Absolutely terrifying.

It makes me wonder how many more things I'll never get to participate in because I've deleted/avoid social media.

But it's the best antidote to FOMO, and so it's central theme "In praise of the unlived life" is worth a mention; There's a lot of shit you'll be glad you missed out on, but felt cheated at the time...

That bullet that whizzed past your head... you missed out on.

That plane you missed... that crashed... you missed out on.

That medication they wouldn't give you ... that turned out to have lethal side effect...

These are silly examples compared to the sumptuous theme Phillips develops about how so much of our whole of lives is a set of misplaced expectations and values that are given to us by others but rarely check out in the long term. It's a very affirming to get beyond confirmation/survivor bias and retrospective rose-tinted goggles.

Being "excluded" from a group of people who are the sort who would give their details to BigTech social networks may turn out to be a blessing in ways you can't see yet.

[edit: moved, sorry I replied to wrong comment]

I'm trying to simply that with an ear for contradiction;

If P; the more group A lose -> if NOT P; the more group NOT A lose. For P -> L = some loss of privacy

(Okay it's late and I'm clutching at it a little, but something doesn't ring true)

It seems like a formulation of "network effect" on the surface. But if P => L it can't be the same L on the right hand side, no? For the group who are the exclusion of A, their L has to be a gain. Or they are not playing the game well/optimally,

Or, if you could, would you mind rewriting it in english, please?

I've been thinking about buying a new car, but I'm very aware of how much tracking/telematics they include nowadays... so I decided to search "$manufacturer disable telematics". Every single thread I found was full of people saying variants of "Why do you even want to do that lol" and "Looks like somebody is doing something illegal".

Every time I see stuff like that, I'm tempted to jump in and share a plethora of examples about how tech companies misuse your data, don't protect it properly, sell it to all sorts of dubious actors, and, most importantly, use it for advertising - which I consider to be nothing more than gaslighting to get you to buy stuff and absolutely despicable.

I have to stop myself because I know I wouldn't get through to them, and I would probably sound crazy.

Seriously, there's nothing wrong with sounding crazy. I mean look at the world. What do you have to lose?

So the choice to act is not as free as you describe.

You seem to think only about cases where personalized ads are used for products but the most harm is when people use this to influence groups. the same way they personalize an ad for a product that seems to be the perfect fit in your current situation the same mechanism/algorithm can personalize a message in a way that will influence you just a bit. and then tomorrow another small bit and so you find yourself (a general self not you) hating groups of people you never encountered so far.

Intelligence or IQ or whatever rational high points you have will not protect you from this over a long period of exposure.

The famous example I remember from growing up was a teen girl whose parents found out she was pregnant from a personalized (mailed) Target ad: https://www.forbes.com/sites/kashmirhill/2012/02/16/how-targ... . There seem to be some skepticism in later articles that this is actually how her parents found out, but only because she told them first. They could have found out from the ad.

https://www.liebertpub.com/doi/full/10.1089/big.2017.0074 is a more detailed study of how Facebook likes can out people. It looks like the "cloaking" solution that the authors propose actually makes the model more accurate. From the article "false-positive inferences are significantly easier to cloak than true-positive inferences".

If you're the only one who knows what ads you see, that might still be okay, but if a platform can make these kinds of inferences to show you ads, they can use the same data in other ways. At the very least, they might leak this information to other users by recommending people you may know, etc. You might also reveal what kind of personal ads you get if you ever browse the web someplace where other people can glance at your screen.

you wouldn't believe how irrelevant to me, the ads i get are.

This is what we're asking for. I am refusing to divulge information about me I don't want to share. Other people are building whatever on top of that data. I can hardly complain about lack of inclusion when I am the one refusing to feed their robots.

If you want people at Cheers to know your name, you... have to tell them your name. I'm fine being anonymous. It sounds like maybe you're more conflicted.

It "sure would help a lot" to go to such a place? Because you're constantly being bothered by total strangers at rates far in excess of the average? Because the first people police interview as murder suspects is everybody who doesn't know the victim? No my friend.

Of course now you can give out your name to total strangers many miles away, with a degree of efficiency undreamt-of in the 80s, yet not even have any fun times spent drinking with those people, so...

Only in the sense that I'm mad that it's hard to get any good new technology that isn't a privacy nightmare.

I see Cool App #354 and think it looks fun to use, but I am only allowed to use it if I give up my privacy. Since I don't want to do that, Cool App #354, which doesn't need any (or at least all) of that data to do the functions I like, is something I can only watch friends use.

OKCupid is actually a site some people reported as being the "better kind" of dating site, because they're geared toward successful LTR rather than hookup. The dating space is actually full of different interaction and match models that sometimes people don't seem to understand.

Some of the issues around risk, identity and power asymmetry are covered here [0]

[0] https://cybershow.uk/episodes.php?id=20

I'm not talking about the information they ask me to provide. That's a drop in the bucket and is also under my control to disclose or not. I'm talking about all the other shit apps hoover up without permission.

Even if you’ve never had an account on social media, chances are Facebook, LinkedIn, etc. know your name, email address, age, social graph, etc. because other people have shared their address book with them. Other users also might have tagged photos with your name, after which those sites concluded “that must be the same officeplant that’s in their address book”.

I expect LinkedIn to suggest people to connect because you’re their mutual friend, for example.

I use LinkedIn. I haven't used it in years, now I'm back because that's where the headhunters are and where I can probably find a job. After I'll find new job, I'll switch to zombie mode again and won't use it until I need it again.

So yeah, the reason I use LinkedIn is to not miss a job offer. I don't have a reason to use FB thought.

https://en.wikipedia.org/wiki/Telephone_directory

And, at least here, they contained last name and one letter of the first name. No information on gender/interests/articles read/ads clicked/locations visited/family/friends/devices used/apps installed/items bought/...

In an easily searchable database?

Sooo tempted to go Goodwin here and mention a nice use of computers from the late 1930s...

I'm fairly certain that if a person is highly active on social media such a system could produce a better diagnosis than most people get when they see a professional, if only because the quality of psychodiagnosis is poor since it is often seen as a scam to satisfy insurance bureaucrats, common conditions are never diagnosed, there are fads for certain rare conditions, etc.

1. "could" produce a better diagnosis. Not guaranteed. And better than what? How likely is it to really deliver a better result than appropriately trained specialists? 2. "scam to satisfy insurance bureaucrats". And you doing it digitally won't find its way to unintended recipients?

The undercurrent of this thread - and the original post - is growing awareness of the dystopian disaster that has grown out of "free" social media. So it's not surprising - to me, at any rate - that the general sentiment here is to be suspicious of any adjacent use.

I'm not in the industry but I am very curious to know if we're already in the conditional-execution phase of surveillance/ad-serving/profile-updating: is there an idea [yet] of serving a challenge, and then both recording how/if it is engaged, with automated graph traversal to "look closer"... all offered stochastically...

The simple way to put that in part is, are we now getting A/B tests run on us explicitly, rather than merely implicitly?

(Personally, I'm 100% off Meta products and TikTok—but am leaking through LinkedIn and, regrettably, Google...)

Imagine how your tech could be used for evil and how profitable that would be. It could be a 2nd or even 3rd order effect, even.

[1] Film focuses on a college team building something they think is cool but really is a key part of a weapons system.

What I don't understand though is why do I also need to share my browsing history with faceless american corps that sell my data for profit. This sounds unnecessary for the main point (psychodiagnostic software).

.. then the diagnosis of one of their problems sounds quite trivial.

What makes you so sure? (This is a serious question, not rhetorical.)

Myself I have a condition which 5-10% of people have. As a child, I had two very high quality psych evaluations for the time where people observed all the signs and symptoms (particularly the first one) but failed to draw a line between them.

Since then I saw therapists maybe 6 times in 30 years (sometimes the same one) and it was always “adjustment disorder with …” and there was some truth in that in that in each case I had some very ordinary kind of stress which was exacerbating my condition but in reality there was always a chronic aspect to that.

I’ve known numerous people who have severe mental illness (way worse than the quirk that got me kicked out of elementary school) and contact with the psychiatric system and never got a conclusive diagnosis. The first line for a lot of people is to see a primary care practitioner and get diagnosed with either “anxiety” or “depression” and prescribe the same medication in either case. A referral to an actual psychiatric nurse practitioner who is taking patients is almost impossible in 2023 in the US never mind an actual psychiatrist.

https://en.wikipedia.org/wiki/Rosenhan_experiment

This one is more positive but is checking that different diagnosticians get the same answer

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5980511/

and if that was applied to the "Thud" experiment you'd have poor diagnosis with a very high kappa (interrater agreement)

https://youtu.be/WByBm2SwKk8

https://nitter.net/AlexBlechman/status/1457842724128833538

I don't have anything against personalized ads based on information that I willingly share. If I am following a bunch of groups of kite-surfers, I actually welcome ads for kite-surfing gears and services while browsing those groups.

If I explicitly decide to share my address on my social network profile AND, explicitly authorize the use of this information for targeting, I don't mind, and actually welcome seeing ads for carpet cleaning services from my city, instead of ads from this kind of business located thousands of miles away, WHILE I am using said social network.

But I don't want to browse the local newspaper, and having this targeting information being used outside the explicitly bounded context of that social network.

And above all, I don't want surveillance-style stuff things forced upon me to infer information about me that I never consented to share in the first place.

It is ok to me if I say, I have an interest on X, you (and only you) can show me ads based on that, and I also consent on you (and only you) using my <insert whatever personal info you may think ok> to target ads.

When I visit facebooks https://www.facebook.com/off_facebook_activity I see that lots of places have shared my information with facebook..

I guess in my ideal world, I would hope that these businesses could pivot back to a dumber, more privacy-friendly mode of advertising? But I wonder if the corpos are willing to give that up, or if they'll just continue trying to squirrel around this and any other laws to the point of absurdity?

This massive wealth of intelligence, drive, ambition, all spent on something as useless as banner ads everyone explicitly tries to ignore or block anyway. It's insane. But money is the primordial force that allows the planet to keep rotating so inevitably someone will dedicate their intelligence to whatever cheap money they come up with. That's fine, that's good. I just imagine all that money could've cured some diseases, built better telescopes, put more powerful technology in the hands of the disadvantaged, maybe even, i dunno, fed some hungry people or something. What the fuck is the metaverse gonna do for anyone besides exploit them for maximum profit driven by distraction

It really is no wonder all of this shit has so badly corroded our social structures, given the sheer weight of the resources we've piled into it. If only we could get this kind of effort out for problems that actually need solving, instead of just endlessly punching dopamine out of unsuspecting consumer's brains.

Nothing. More dark patterns to trick people into accepting tracking. Look to how the industry reacted yo GDPR.

> personalized ads that creep on you were essentially made a load-bearing column of the Internet before anyone knew how creepy they were going to get with it

You can have personalized ads without invasive and pervasive tracking

Anecdotal observation from big-ish corps in EU: everyone started trying to look very mindful about what data they ask for in the first place, what gets stored where, what is shared with whom. In some cases, this led to actually being more mindful about those. At least in e-commerce, GDPR worked in the privacy-minded consumer's benefit to some extent, and not quite against anyone.

WhatsApp before it was acquired also demanded an optional donation of 1 USD/year from each person.

That is what people will be willing to pay, and what social media should subsist on.

[1] Annual Report 2022 https://www.patreon.com/file?h=90246790&i=16020862

/s if not clear.

Facebook has my age and home town, knows what many of my interests are via groups I'm in. I don't think it's wrong to say I have given them that information voluntarily and so long as they keep it on their servers only, I'm ok with them showing me a mountainbike ad because I'm a 40yo male who is in a mountainbiking facebook group.

I don't consent to them showing me an ad for a specific mountainbike that I placed in the shoppingbasket at cheap-mountanibikes dot com last week, and then abandoned there, and the reason they know is because the store has some kind of arrangement of any kind with facebook. That's the kind of thing I don't think I should even be allowed to consent to.

Instagram in comparison sends me a ton of personalized ads and I actually really like them. I have a modified .ipa of instagram (Rocket for iOS) and while it turns ads off I actually have that setting changed so I still see ads. Sometimes I find things I really like.

Why not?

I’m asking why you think that it’s a net negative that you’re able to consent to that.

Will the EU fix Windows by banning the insane amount of tracking they do? Would be nice. The OS is literally at its peak in terms of being great, but all the telemetry, forced accounts and Microsoft ads keep the meme alive that Windows is awful, when in fact, if you remove those three things I mentioned, you have an insanely reliable and polished OS, all my issues with Windows have always come from customizing the core OS, it just doesn't quite behave the same, I would eventually format due to issues, the moment I stopped tampering and tinkering, I've stopped reformatting Windows.

Windows Defender while not being great, at least means you don't need to start off by installing a third party Antivirus. DirectX 12 also comes to mind.

But that's about it. For regular users, Windows 7 has been the best, and after noticing how my parents struggled with the updates, nothing can convince me to think otherwise.

All the really nice bits of Windows 11 are lost to time because you don't notice them, but they all add up. The fact we're mainly worried about telemetry over anything else says it all.

Visual Studio is a good IDE, but at least back in the day it needed ReSharper to have the smarts that Jetbrains IDEs usually have. And the fact that it only works on Windows is a dealbreaker for me, as many people want to develop on the same operating system that they target for deployment.

I can certainly buy into small improvements, such as Notepad having tabs. And I'm not the one that mentioned telemetry. But now that you've mentioned it, I'll say ... such marginal improvements aren't worth the creepy spyware, or the ads, or the useless breakage in UX.

(Sorry for the snark but I couldn't resist)

Dark theme

HDR support

Auto HDR for many older games

Native system wide support for surround sound in headphones with hrtf

Win+Shift+S screenshot tool

It took a long time to get here, but the settings app is now better than the old Control Panel imo

If you're a gamer then HDR/surround/raytracing can potentially be huge upgrades if your hardware supports it.

Night mode, dark theme, and a decent UI are things shoestring Linux distros can pull off.

Nowadays it's impossible to know exactly where some specific setting is anymore, and the settings app has been so dumbed down that most settings don't even exist anymore. Just the other day i tried to fix my dads touchpad and went on a wild goose chase through every possible setting location, of which there were too many, and kept coming back to the "settings app" in which the touchpad "settings" had only a single checkbox, fully unrelated to anything actually useful at all. The tab was there but there was no fucking settings in it. Nothing useful at all. In the end i tried driver updates, i tried rollbacks, i tried every setting app, i tried everything and the touchpad still doesnt work. You can click, you can't move, you can't scroll. The man didn't install anything, windows released an update and the single most important tool for interacting with the computer, one that is built into the hardware, was broken with no recourse to fix it, I'm simply not allowed access to the settings i require to maintain my own control over a functioning device.

That is the new settings app to me. Maybe if you stay within the ever shrinking bounds of control that Microsoft so graciously barely allows us to utilize, maybe then the buttons are rounder and the categories are better laid out. But if you need to fix anything that exists even slightly outside that toddler playground Microsoft is only ever making that more and more difficult under the guise of UI "improvements".

Dark mode being use as a short hand - pretty much all "standard" controls used to have colors and font size defined. So if an application wants to draw text - it'd use the text area background and color, likewise for buttons. Being replaced with a single boolean configuration option is just a lazy downgrade. Also I don't quite see it as an OS function - in the end it just reads the registry.

Vulcan was supported on Win7 (along w/ the raytracing) and oddly enough Win7 had a port of DX12 by Microsoft [0]. It was quite an arbitrary decision to prevent Win7 & 8 to run DX12. I suppose one of the issues is that GPU drivers (esp. AMD) do not support Win7 (or 8)

[0]: https://venturebeat.com/pc-gaming/directx-12-windows-7/

Even if dx12 is an arbitrary restriction to only work in w10 that’s beside the point. It’s a feature of win10 no matter how arbitrary.

There was no need for apps to ask that. Previously, apps would just say "draw this dialog box in the user's preferred color scheme" and it would work fine. The only reason this dark mode hint is necessary is because too many apps started ignoring the Windows system color scheme and doing their own thing.

The difference to windows users is that you change a switch and apps actually change whereas before you couldn’t do that.

It wasn’t Microsoft’s fault before and it isn’t they who updated the apps now so they don’t get credit for that. But the fact remains you basically couldn’t use dark mode before and now you can.

Yes, and no. The colour theming that has existed since at leats Windows v2 could be used to implement dark more quite easily if only your apps listened to the relevant settings (some did, many did at least partially due to the framework they were written in doing so, some didn't at all – partially is the worse option as it caused contrast problems between compliant and non-compliant parts).

> It's the actual system setting that instructs apps to use dark mode.

The old theming was through system settings too. There were GDI API calls to read the values so you could make your app mirror the user's choices. Not as convenient as a single “dark mode” switch but no different other than that affordance. Many toolkits did this for you.

Much like Apple and Linux, windows even though it always had an API for it, supports Virtual Desktops finally.

Not much apparently. The funniest: icons like chrome, round corners like mac.

edit: On the up side, Bing is actually much better than Google now.

Exactly. There are places where the data is being collected without direct adverts or other visible signs being present (certain web analytics services for instance). This activity tracking gets married up to the other personal information the various companies hold about you.

> Personalised ads are beside the point.

I think they are an important part of the point, just not the whole point.

Being able to sell adverts for a bit more usually is what makes it worth a company's hassle implementing and maintaining their stalking infrastructure. Without that the online commercial stalkiness would die down an awful lot.

On the face of it some might think that this ruling achieves this, but it would not have that effect unless:

* other significant territories imposed the same sort of restrictions

* those restrictions were routines enforced

* and the enforcement (when transgressions are found) was sufficiently inconvenient to the companies

The very ability to provide that list previously required an expensive secret police; today it does not.

This is an extremely dangerous ability for anyone to have -- human rights (such as that to privacy) were won against oppression. They aren't optional, they're the system by which we prevent those previous eras from reoccurring.

This is why i'm suspicious of the being a meaningful sense of 'consent' here -- if enough people consent, then the tracking agency acquires a novel political power over everyone. This is why the infrastructure of tracking itself is a concern.

If however there were strict liabilities for data leaks or privacy breaches, businesses would collect just the bare minimum data and get rid of it as soon as it is not strictly needed.

Keeping all of the data under one company umbrella is vulnerable, target for hackers, and easy target for governments.

Your post is not correct.

They do tough. They know where you refueled/charged your car, hotels you've booked. Not only that, but they also know if you donate money to your local mosque/synagogue, spend just a bit too much at a liquor store, etc.

There are real privacy issues here, but this kind of paranoia distracts us from mitigating the actual threats and has us jumping at shadows.

This part of your post is also not correct. What company knows everything about you? There's insurance companies, credit card companies, social media companies... they all have a substantial amount of info about you but they don't all collude to aggregate it.

No regulator will find any proof of anything though, as regular employees will not have access to such crucial data. Regulators will also can be fooled by the maze of interfaces and servers.

There is also incentive for governments to "not see" any wrongdoings of the companies, if they profit from surveillance system.

Ad business is like Palantir in lord of the rings. You do know know who is watching on the other side.

All you have is some "vague" promise from corporations that your data are properly removed.

e.g. what are 3 30 year olds in Toronto talking about this saturday? likely the drake concert, winter tires and xmas related things..

I take your point that some level of this power exists, necessarily, within internet-based companies with online users.

But I think there's a big difference between, say, signing up to Grindr where you submit a basic form with limited information (and presumably) can retain some minimal anonymity in how you use the app --- and a system whereby the history of all your actions across your online life (banking, social media, dating apps, etc.) is collectable by a centralised agency.

With laws like GDPR, broad datasets have become a liability for companies like telecoms, banks, etc. They don't want it. Accidentally forming 'rich user profiles' based on non-annoymous data is a legal liability.

This is exactly the incentive structure needed. Rather than have companies with an existential profit motive to build mass surveillance systems.

As far as whether a relational database that takes user data from a form is different to a whole system of streaming live event databases with massive streams of user monitoring across websites --- well, I think it wouldnt be hard to write a law against the latter.

These are political, moral, legal and technical distinctions that can be drawn.

I think there are very good economic reasons why companies don’t dox their customers. They treat data cautiously even in the absence of regulation— since it would be a loss of business value to lose customer trust.

When we call for “privacy” — what does it mean when we want to share our data? Ok, one might say that you don’t want 3rd party sites tracking etc etc. That’s fine. You don’t want data sold. That’s fine. But if we make a big fuss about privacy in a world where we want to share so much personal information, I think we cloud the issues. We want a lot more than privacy, obviously, when we are so willing to give it up. I want those other desires made more clear and not lumped in as privacy. I think the GDPR just trains people to click “accept.”

Do you see my concern?

Forget fussy debates about morality.

There is a practical threat to society when a few nation-sized corporations operate pipelines of data collection and profile aggregation on every online citizen of the world.

Those profiles represent a massive amount of power, and that power is being let to accumulate in opaque organizations that have no explicit commitment to public benefit and extremely little accountability. That power is not yet being weaponized, but it doesn’t evaporate just because nobody’s using it for leverage or control yet.

The responsible, long-term, practical way to ensure that legitimate governments and the people that constitute them continue to have the power to shape their own society is to make sure that these techniques for accumulating power are dismantled and the already-accumulated power is dissipated.

Yes, we will lose some novelties and baubles in our online life when they can’t track you anymore. Yes, investing new power into government so that it can counter corporate profile-accumulation is dangerous as well.

But the greater danger of inaction against these corporations is that they are already only lightly-accountable and are on the verge of escape from accountability forever if they gain enough power. Modern governments, meanwhile, are comparatively slow and dumb and can still be steered as their dangers become manifest.

Same for government surveillance - adtech/marketing is a boon to it because they don't even have to build/maintain their own surveillance infrastructure anymore.

Using it to sell you shampoo isn’t terrible (it can be super annoying though). The problem is using that data to eg figure out who might be in the market for pregnancy related products. Or, ominously, who have stopped buying pregnancy related products early.

Or correlating interest in something they browse with voting intentions. Or interest in political action. There’s a lot of dodgy things you can do with that data. And little of this is being shared with *informed consent*.

Ads are NOT the problem. I love browsing through ads in magazines I buy. If online ads worked like outdoor ads or magazine ads, I suspect a lot less people would have a problem.

it's more than the ads. imagine if hacker news used ML to determine what articles you see on the front page based on whatever ad campaigns they think will result in a click from you. that would suck, right?

that's what these platforms do though, and that's not okay

Ad targeting infrastructure is expensive and hard to hide, so banning it would defeat many political manipulation attacks.

If private data is stored, there's already a chance of it getting out. You may get lucky, you may not, but for someone that hates you enough, any random detail can be a weapon. Even stuff that doesn't depend on your actions, like religion, country of origin or even medical details. People you associate with, even at a superficial level, can make you guilty by association. And let's not get into stuff like porn habits...

Political manipulation can be made real easy if they got dirt on you, too.

https://en.wikipedia.org/wiki/Cambridge_Analytica#Elections

It would be more surprising to me if they were uniquely unable to build a working psychological profile of an American voter versus any other voter then the simpler scenario that their entire concept was technological snake oil.

Can you cite your campaign spending numbers? Wikipedia says the opposite: https://en.wikipedia.org/wiki/2016_United_States_presidentia... I'm searching for a source that says what you claim and can't find any: https://www.google.com/search?q=trump+campaign+advertising+o... https://www.google.com/search?q=trump+outspent+hillary https://www.google.com/search?q=trump+advertising+spending+v... https://www.google.com/search?q=hillary+spent+less+than+trum...

Is my google-fu shit? Maybe. Regardless...

> The Democratic party as a whole believed Trump to be so unelectable that they pulled money from the presidential campaign

The root cause was their arrogance. Hillary was barely campaigning at all. It would not have cost her much anything to call into the major news channels every day^ but instead Hillary was effectively incommunicado for much of 2016. It's as if she thought campaigning was beneath her.

Also, I don't know how you can break apart Americans disliking women in general and Americans disliking Hillary particularly. She personally has been a popular target for derision for more than 20 years before her 2016 campaign. The DNC may have considered Trump unelectable but they were burying their heads in the sand w.r.t. Hillary's own unelectability problem. Which goes back to the arrogance thing..

At least they've figured it out now. Nobody seriously talked about her for 2020 and nobody is seriously suggesting her for 2024.

^ Most of Trump's 'advertising' was given to him for free in this manner, maybe you're assigning some arbitrary dollar value to this news coverage to say he spent more?

It wasn't total spend; it was online campaign spend. "Chaos Monkeys" cites a Bloomberg report on an internal Facebook memo that indicates the Trump campaign ran six million different ads on FB during the campaign and the Clinton campaign ran 1/100th of that amount. So targeted ads were involved, but the targeting approach was very traditional: pay a bunch of advertisers a lot of money to hand-tune ads, see how they perform, re-tune, rinse, repeat. The spend on Cambridge Analytica as a ratio and the effect it had on the total process were both minimal; CA didn't prove to be the "voter whisperer" that the owners made them out to be, and in the long run, the fact that they exfiltrated a bunch of private content from Facebook's datastores isn't as interesting as how the Trump campaign took advantage of the data in Facebook's datastores using the tools Facebook legitimately provides.

One feature the campaign did (according to the author of Chaos Monkeys) find useful was "Lookalike Audiences," which is nothing fancier than crawling the social media graph and expanding an initial targeted ad along friend networks (i.e. if an ad seems to be resonating with you, Facebook's own algorithm, if the advertiser has enabled the feature, will try pushing the ad to your friends and so on). In that sense, the data Facebook collected facilitated a Trump victory, though it wasn't anything more dangerous than the social graph itself... And I don't think the EU is proposing we ban social media or collecting networks of friends at this time.

... though maybe they should? You can do a lot of damage with the information people voluntarily share about who they associate with, if you collect enough of it.

> I don't know how you can break apart Americans disliking women in general and Americans disliking Hillary particularly

A good and fair question. So it turns out one of the largest blocs of votes in the 2016 election was various flavors of Christianity, and they generally chose to vote for a known womanizer and divorcée (with Protestants and Catholics, in particular, voting for Trump by a wide margin over Clinton). This would be considered curious behavior, except scraping the surface only a tiny amount reveals that they are almost 100% unified against the concept of women in a leadership position; some have structural taboos against it, and to some it is an existential threat in the category "God will strike us down for our hubris" because it goes against their notion of a cosmic order. It's ugly and I wish it were not so, but I think most political pundits wildly under-estimated that effect because, as the first woman to be nominated by one of the two major parties in America, their prediction models had no data on what effect it would have. I agree that the fact she already had a political service history that could be criticized (vs. her opponent with no such service) was also a factor, but I don't think it was as large a factor as the voters who turned out with fear of actual divine retribution in their hearts due to their religious beliefs.

Take 5 minutes to imagine how political troll campaigns are targeting their audience...

Okay, then it should be legal for me to use Facebooks/Google's 'Intellectual Property' however I want.

Why should it be legal for them to steal my data, but illegal for me to use their's?

It's the tracking thing that has to go.

We should do the same with personal data. You can share it however you want but not sell them.

There are good reason why selling data can be worse socially: your data could also be about me (if it's about relationship), whereas organs cannot.

However, they blew it, and now we have this law that takes away their incentive to infringe our privacy. The needle is now on the other side, but not as far as it was before. I'm happy.

  - Upton Sinclair

True, but even if EU bans just the personalized ads, chances are that this personal data hoarding bubble is going to finally burst and die, because the belief in "big data = big money" was powered almost solely by the ad industry. I believe ads (and outright abuse, but that's not exactly a business model) were the only use case/reason for why this data is collected and why it's considered valuable.

We'll see attempts to rapidly change the tune (possibly something about "AI", given it's the buzzword of the day) from the companies whose valuation is strongly tied to this myth/meme, as they'll desperately try to keep their $$$-faces. But, I believe, chances are, if using personal data for showing ads will be illegal in a major market like EU, many companies will stop collecting because the data will become worthless, a liability rather than an asset.

And then I have this silly dream that one day a transhuman age will come closer and I will have machinery to aid myself, personally, that would collect and store my interactions with the world, strictly locally, strictly for my own personal use - an extension of my own mental or physical capabilities (I need glasses to see, I suspect I'll need a hearing aid someday, and I have some concerns about my memory and attention spans - so, you know, From the Moment I Understood the Weakness of My Flesh.meme.txt). So every time I hear things like "we're outlawing facial recognition/conversation recording/data collection" without a "(*) for businesses" I'm kind of disappointed. Of course, my hope is that those laws will be reviewed accordingly as we'll get closer.

Thus, I believe, a ban on targeted ads alone could be a possibly better outcome than a blanket ban on data collection. But, uh, whatever works, I guess...

Your comment is rather light on information that might support your points.

It feels icky, but still I mostly agree. I do think there's a limit as I would consider directly influencing elections (via force or deceit) to be harmful, but I'm largely ok with trying to sway public opinion.

> They were notoriously ineffective, which further solidifies this into the non-story bucket.

Unfortunately, they were surprisingly effective at the thing I care about which is collecting millions of people's personal information without their knowledge or consent. The fact they turned out to be incompetent does not inspire confidence.

I think this is the core disagreement, I do not see this in itself as an actual harm, just icky feelings.

I am not saying this should not be illegal. Probably it should. What I am saying is that noone should be able to track but the state can do it. Noone should be able to.

(FWIW I find their move into ads alarming because it threatens to ruin everything I like about them)

It is safe to assume that all intelligence agencies have taps on ad networks allowing to legally (well, not in EU anymore) collect mass of information on the cheap, which they can then de-anonymize at will by cross-referencing with other data sources.

Pretty sure it is written in the ToS. Maybe don't agree with that legal agreement and continue to sign up for the service in the first place?

Could there be an issue in the future? Possibly. Are privacy laws like GDPR worth the economic and other harms? Probably not. The amount of wasted programmer hours alone has far overcome the negative impacts of big tech ad tracking.

Neither real life or the internet are anonymous. We live with other people. But Google and Meta in particular have an amazing 15 year track record of basically never leaking user data. Various national governments have been much worse in this regard.

Government risk from Meta and Google is meaningless in any case. The ISPs have all the same data and regularly share it with the government in response to warrants.

Also all the data is out there on me and you in a million databases. Just like in the 80s with the yellow books. Did you know you can buy a list of most Americans with an estimated credit score and income and other details? This is 50 year old tech.

On the other side, digital ads have a huge impact on the economy (Google and FB being some of the biggest companies in the world) because they provide a service of matching businesses with consumers interested in products. Targeted ads means they are much more enjoyable and effective at matching consumers to products they like. I've worked with dozens of small businesses that used targeted ads to survive and thrive.

It's not a good trade-off for the EU to ban targeted ads, in short.

One of the first results of a Google search: https://dl.acm.org/doi/pdf/10.1145/3555102

> Also all the data is out there and me and my family in a million databases. Just like in the 80s with the yellow books. Did you know you can buy a list of almost every American with an estimate credit score and income and other details? This is 50 year old tech.

While one could argue that this is "old tech", the main issue is reach.

Back in the 80s, there could be a way to contact someone and make an educated guess, using their credit score, as of what kind of products they may be inclined to buy.

Nowadays, these databases may include data about diet, job situation, alcohol intake, or family issues, because those educated guesses are made upon information about your searches, your Facebook group memberships, your postings, etc.

You also seem to be making the argument that, since either this data is already out in the wild, or other companies may have access to it, why target big tech specifically?

And the counter to this couldn't be simpler: two wrongs don't make anything right.

Per your specific harm:

Thank you for actually responding with a real potential harm, the first time ever in 10 years of posting similar comments on HN!

Weight loss ads (along with teeth whitening ads) are much more common with non-targeted ads, by the way. When ad targeting is bad, the only profitable ads are low hanging fruit that applies to as many people as possible.

That said, I would totally support regulating weight loss ads to only things that are proven to work though. I think other categories like gambling are also under regulated.

I see where you come from, but that data shouldn't be for sale.

Regardless of the fact that it may be valuable for some third party, if I have not given my consent, that should be enough to instantly ban any storage and processing of it. This should be the default. At the very least, we, the people being profiled, should be part of the conversation.

But we failed at forecasting what profiling and targeted ads would become, didn't properly regulated them, and now it seems that every marketer expects to get their hands on everyone's data, just because it is valuable for their businesses.

While there may not be current and widespread harm, although that is debatable, the default shouldn't be letting companies syphon data and build profiles about people without consent.

And quite honestly, I don't care if a business burns to the ground as the consequence of unethical behaviour. It should happen more often.

And beyond that, of course there is potential for harm if data is collected for targeted ads. It might be increasing the price of your flight because you've been looking at the target country several times in the past weeks. It might be canceling your insurance because you googled for headache medicine. Or it might be marking you as a person to be deported into a "reeducation camp" because of your heritage or religion thanks to data that was involuntarily collection about you (originally without evil intent, even). Most of these already happened in reality.

I disagree with almost every sentence in your post, but want to point out this one as it is specifically very surprising to me. There are two ways Meta is a giant leak of user data. First, it just sells user data to third parties, and it was extremely lenient with this in the past. Maybe that was the worlds biggest leak of user data, which we now know was likely instrumental in winning certain elections. Talking about harm...

Second, there actually were cases where hackers got their hands on facebook data. My personal phone number is probably leaked by this. I made the mistake of using my phone number for 2fa. iirc sensitive data from about 500 million user accounts were leaked.

I'm not sure about google but Meta is a leaking like a sieve.

I very much doubt that this is true, and if it is, it needs a source.

I'd amend this to note ISPs also gladly share this information with... Advertisers.

Do people on HN use Credit Cards? Your transaction info is also sold to advertisers.

If I wanted to, right now, I could build a deep profile for every single user of HN, simply by downloading the public pages, and cross-referencing comments, upvoted/favorited stories, etc with usernames. I could then create a weighted index that tells me how likely a user is to be a libertarian, gay, wealthy, etc. Then I could e-mail those users and offer to sell them privacy-focused freedom-loving lgbtq+ products.

I can pretty much do whatever I want with this database, partly because you don't even know I have it, but also because it's all public information you've posted to the web voluntarily. Maybe the ToS will say I can't, but they have to catch me/stop me. I could just hire some Russians to do it for me and collect the data later.

I'm not saying this should be allowed, but it's probably going to be impossible to stop, and the implications (esp. for political concerns) are enough of a motivator that just making it illegal probably won't end the practice. We have to consider alternatives so that we aren't stuck in some information arms race that makes the problem worse.

For example, we could say that private data should remain private, and public should remain public. Data which everyone has a reasonable expectation to be private - like the private photos you upload to Google Drive - should never become public, and thus should never be aggregated into some product (trained for an AI, etc), used to sell you something, etc. But data which does have a reasonable expectation to become public - like comments on a public forum, likes on public posts on Facebook - should remain public, and thus be used the way any other public thing can be. We already have legal limitations on uses of some public things, but we can expand that if need be.

Then we can legally define what constitutes private and public, and construct tech so that it's very clear to people what's public and what's private, and then they can decide what they will post where, or what sites they will/won't use in what ways, etc. It's already clear what's private and public out in the real world. We just need to make that same distinction clearer for other cases, like when and how companies collect data and what they can use it for. It's going to require case-by-case analysis, but we can totally get there without having to ban everything or allow everything.