Install it on your phone? Anyone you have in your phone's address book gets to see your picture under "people you may know".
Someone in your family joins Facebook and friends you? Now everyone you are friends with gets prompted about whether or not they know your family member.
Want to delete some pictures you uploaded to Facebook? It's extremely difficult and they must be deleted one by one.
Other than LinkedIn, I'd say FB is the prime innovator of UI dark patterns that exploit users' unwitting behavior for profit.
The youngest generation of internet users gets this which is why they largely do not use Facebook. Soon they will realize that IG and Whatsapp are connected, and will avoid those too.
What's interesting to me is that the recommendations are fundamentally not useful. It's easy to look someone up by searching for their name without the privacy-invading helpful suggestions.
If you search for someone on Facebook, then Facebook will suggest to that person that they friend you. Seems a massive privacy hole to me.
I've been aware of how Facebook attaches people to you for a long time, so I deactivated that one, made a new Facebook several years ago primarily for development purposes, different name, different email address, friended a few people from one particular circle, never installed it on my phone
Occasionally I will get random friend suggestions about people in different chapters of my life
Facebook didn't have my address book, or a big enough graph to make these connections
I hadn't considered that those were the people merely searching for my name or variations of it
If B searches for A and C searches for A, does that imply a relationship between B and C? Especially if they live nearby? Who knows :(
I think it's kind of interesting to 'figure out' how the facebook machine works. How a simple interaction, a location, a conversation or even a purchase on amazon shapes your news feed and the feed of people around you.
They get it because in the jungles of many junior high and high schools, anything that can get you bullied will get you bullied, and young people quickly realized that all the accidental oversharing (by themselves or by their parents, elders, etc.) were easily exploited by bullies.
Thus they came to prefer simpler networks with simpler security/sharing models and features (like automatic photo deletion) that respect user privacy.
Dark Patterns are user interfaces that are designed to trick users.
Facebook requests the permission to go through your stuff and if you read their data use policy, they go so far as to tell you in detail exactly the information they're taking from you, as well as how they use it.
Sure, it's a little bothersome when the information that you've given them goes farther than your personal preference, but it's not a 'dark pattern', it's just a feature that you don't like.
It's a similar sort of dark pattern to the practice of putting the important details of a contract hidden in a massive block of text rendered in a tiny font.
Yes, they are technically being upfront about what is going on, in the same way that two pages of 8pt legal boilerplate informs the signer of the details of a written contract.
If it weren't a dark pattern it would be very easy to turn off the undesirable bits, and users would rarely be surprised by the consequences of the default settings.
Let's not forget that contrary to our poor performance on abstract logic puzzles, humans of all levels of intellect are superbly good at reasoning about potentially embarrassing social situations. Hence FB must work hard to de-emphasize the way FB actually works to make people consent to many of the default permissions. That is in my opinion the definition of a dark pattern.
It is the gray area enabled by these practices that makes FB's content interesting... because accidentally over-shared content is interesting to us about a small percentage of the people we are friends with. It's nearly a law of human nature that we are fascinated by obscure details of a small percentage of people for all sorts of reasons (sexual interest, jealousy/aspiration, schadenfreude, stalking, etc.) and we all have some small group of people who are interested in our obscure likes/posts for the same reasons. Rarely do we overtly interact with such people (in either direction) because it is socially awkward, but FB generates revenue/engagement off of the lurking that we all do and the blindness people have that they too are the target of such lurking by others (which is why the dark pattern works)... it's what makes FB scratch a particular voyeuristic itch for people and why it's been so successful. LinkedIn works the same way but for things like job changes, promotions, etc.
Convincing users to accept a feature they would otherwise opt out of if they had a reasonable choice and/or fully understood the feature seems like a textbook dark pattern to me. Hiding the data collection policy inside a giant EULA or using a carrot feature as a lure is indeed intended to trick the user. The fact that many services have adopted these tactics does not change their being dark patterns; it just means dark patterns have proliferated and become the norm.
The real problem is how the information was utilized by the recommendation engine, which is known to be creepily effective at matching people (people who just met for the first time, for example). FB is investing heavily in AI here so this is the natural outcome - where the results are very effective but has some unintended side effects. The side effects are largely due to the fact this connectivity happens in the background, outside of a place where the user can control privacy settings on particular contacts.
So I'm not sure there is an easy solution here. Mining contacts and social information is Facebook's business. It's what you hand over to use the service and why many people stop using Facebook voluntarily - or carefully limit what information they allow access to. I never allow FB to access my phones contacts, for instance, and their mobile app still works fine.
OK, what is a dark pattern by your definition?
Dark patterns are a relevant topic on HN because many startups are measured in terms of user engagement and the growth of their user-base.
What is the difference between advertising and information? Growth hacking techniques and clickbait? Nudges and dark patterns?
These things are interesting because the line is blurry, and many patterns (dark or otherwise) that used to work suddenly stop working. This is why banner ads worked for a while and why interruption ads are becoming more and more common, and why adblock is becoming more and more common.
The world is not static, and so there is not ever going to be a consistent definition of what constitutes a dark pattern... it depends on the audience. In the first world, most 70 year olds are now on Facebook, and they are vulnerable to many patterns that the younger generations are not.
Just as scammers send senior citizens envelopes that look like social security checks but are actually ads, Facebook offers something that looks like a way to voluntarily share information but is actually often involuntary.
I think FB should take a hard line against dark patterns and be content to grow based on the massive network effect it can get without them.
Something like "malign algorithm", or "encroaching design" might do.
I used to freelance and FB started showing me one of my client as suggestion even though I use a work email for that, how? My client must have installed the FB app on the phone and his email client must have synced my email on the phone and now even FB had my email.
THIS is a huge pain point for me. I would ideally like to delete all my Facebook photos and timeline/wall posts from all of history. However, I cannot find a greasemonkey or tampermonkey script which will actually accomplish this. There are a few that claim to, but none actually worked for me (outdated).
Has anyone figured this out?
Only way to prevent this is to hide/obfuscate/limit information that fb is accessing about you. And that would be a huge feat in an of itself.
I bet the patients of the Doctor found themselves through each having her phone number. Hey they both are "friends" with this person maybe they should be friends as well.
This doesn't require for the middle man to have an account. You are inadvertently acting as a conduit for people to connect to one another.
FB likely has a "ghost" account for you anyway that they use to do this connection. So it is like you are using FB in some alternate universe.
TLDR#2: The recommendation to "prevent" these issues on the individuals side is, "Lisa’s medical community has started recommending that patients concerned about privacy not log into Facebook or other social media accounts at medical offices, or even leave their phones in their cars during appointments. "
This is about as practical as recommending people just figure out how to fly and occasionally levitate into the upper atmosphere to go out of the cell tower's range, move a few kilometers west, and then fly back down to earth to scramble all these tracking algorithms.
It's sad that we are at this stage but it's mostly our fault for being so complacent with companies doing these kinds of things.
If people stopped using their service when they did these kinds of things they would change their behaviour really quickly but most people don't know or care that this is happening.
Just because I'm not on Facebook (I'm not), anyone that's allowed Facebook to see their own contacts, in their phone or email, has shown that they are or are not connected to me in some way. Without me actually ever even having an account with Facebook they can correlate this data from users to see who is likely to know one another by a shared connection to me. Just because my particular node on the relationship tree has more blanks than it would if I was a Facebook user does not mean I don't create a node at all.
My guess for this Facebook issue in particular is that the Doc potentially did absolutely nothing herself, but rather all of her patients had mail and phone contact lists that included her and that common thread along with the same geographic area was enough to trigger a recommended match. In other words, this was equally likely to happen even if the doctor never had a Facebook page of her own.
I've been doing this for years now, and you know what? I don't miss it at all. I use the Facebook website from my computer, and that's A-OK.
This has been my strategy for years, since the first time my entire contacts list got snarfed in.
Exactly: it's our fault. None of this privacy-invading stuff is secret, it's all over the news. At this point, if you get burned by Facebook, it's your own fault for using it.
> ...most people don't know or care that this is happening.
You seem to contradict yourself.
[1] (warning: strong language) https://www.youtube.com/watch?v=J1q4Ir2J8P8#t=2291
Don't share location via the web browser
Still poor substitutes but ....
People You May Know still had old high school friends, my old real estate broker (??), and someone I starred on GitHub. I have absolutely no idea how they connected that account to my old one, considering Google Mail is the only other service I've used on that laptop.
1. You log in to your account and get redirected to http://example.com/?user=3834
2) That page has an embedded Like button.
3) When your browser requests the button from Facebook, the referrer is "http://example.com/?user=3834" which is a URL that you visited a lot when your old Facebook login was active, and it was never visited by any Facebook users apart from you.
There are other similar ways they could link you to an old identity if they wanted to, some not necessarily blockable by these plugins, but the above would be simplest.
I did use my real number for the old FB account, but used 555-867-5309 for the new one.
https://github.com/jmdugan/blocklists/blob/master/corporatio...
Otherwise all that's left is you - how you type, click & otherwise use FB.
Edit: and the 1st thing the goddamn site shows me is a pop-up begging for a Like :\
Wow, that makes a lot of sense.
Welcome to the post-privacy era, I guess.
Someone should start a project with the sole purpose of mining all kinds of personal data about FB employees from Facebook/Google and publish it as a Kaggle dataset for mining. Wonder how they would feel about that?
In fact I think that should be the basis of privacy laws everywhere: You can only use data that the user personally entered into your application or website. Data should only be available across your different "properties" it they are branded as being part of a single platform.
It would be much more in tune with the average persons understanding of something like Facebook.
Also the contacts of lots of recruiters.
If Lisa has her phone number associated with her Facebook account and either Lisa or the client has the others phone number in their smart phones contacts and the Facebook app installed that relationship can pop up in people you may know. If there aren't good "people you may know" suggestions the ones you get can end up being "people who may be known to people you know".
The reason I think this is because a therapist friend of mind had this exact problem and deleting her cell phone number from her Facebook profile made it stop.
What Lisa (and anyone else with a professional responsibility to protect client privacy) need to do is to stop associating the phone number they give to clients with Facebook or other social media.
Understanding how Facebook connects different people might help prevent this from happening, but as Facebook's tech becomes more advanced/pervasive Facebook will need to provide an explicit feature to protect user privacy for situations like this. As it stands, the implications of sharing your phone number, location, etc are already far from explicit.
1. Sharing my mobile number via the Facebook app without my explicit consent or knowledge
2. Using my Whatsapp contact list to recommend people I might know
And now, I've recently started getting all sorts of arbitrary notifications even though I've stated several times I don't want to be notified of anything.
The only reason I still have a facebook account is so that I don't have to share stuff like my email address and phone number with people. But at this point it doesn't seem worth it any more.
Back in March I laid out how they could use a private set intersection protocol to enable any pair of users to privately share their contacts: https://news.ycombinator.com/item?id=11289223 (I'm not posting this to shame them or something: March wasn't that long ago for developing a feature like this, and of course it's open source; I could develop it myself and submit it to them).
I think it's something they care about; they've just not found a solution they're comfortable with yet.
No matter how good a given company or product is at privacy-respecting, what happens to all that data if they are bought out by someone else?
This bolsters my resolve to keep that app off my phone. You know, it doesn't bother me too much to have companies like Google analyzing my email to send targeted ads because I assume that information is not going to get out to the public. Facebook is a different case because there's a bidirectional flow of private information. It is a HUGE privacy concern (especially as someone that will be a physician in a few years).
I moved out of state three years ago, most of the people I see & spend most of my time with a completely different than the people I did five years ago.
If we've agreed to become Facebook friends then we've done it outside Facebook. If I use the "People you may know" feature I look like a stalker.
Quite a lot of people were just old enough to get an account today.
Granted, that's Schmidt, rather than Zuckerberg. The attitude seems to be the same, though.
Privacy != doing something wrong.
(I seem to remember the "it" in the quote meant putting information online / publicly available, no the "something" that you don't want anyone to know)
Schmidt has a way of saying reasonable things using the most offensive and misinterpreted language ever.
Imagine the possibilities [0]. What a wonderful world!
[0] If this were to come true, then the word "possibilities" would be replaced by "synergies" :)
Many possibilities here:
1 - whatsapp connection with messages exchanged
2 - contact list loaded by whatsapp
3 - psychiatrist secretary number in whatsapp
4 - friends in common
5 - places in common
Fb will suggest you know person X if a) you looked at person X's profile or b) person X looked at your profile
It makes sense that people using the same access point or connecting to Facebook from the same external IP would likely know each other.
I definitely did not consent to sharing my address book contacts with Facebook, and frankly nor would I want to. Now WhatsApp is offering an "opt-out" option, but I'm not sure how that will help. Isn't it a little too late for that now?
[0]: https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsAp...
* "You're both friends of Duffman McPartyDude"
* "We found Psycho Ex Boss's phone number in your contacts"
* "Location Services confirms you were both frequenting a dubious drinking establishment at 4am three Saturdays ago"
Facebook is full of shit. Of course they are using locations, why else would I get suggestion to friend the guy that cuts my Mother in Law's yard - he stops by for a check from my wife.
It seems like that is the source of 99% of 'creepy' Facebook recommendations: Facebook doesn't realize that while 'has phone number' is a great indicator of 'knowing somebody' it has poor transitive properties.
I can't believe "fail" has become the standard noun instead of failure. It started as a lolcatism and now is standard.
This is just one of the economic asymmetries where small annoyances to everyone, but not enough to individually do anything about it, aggregate to billions for a few in power.
The only social network we need is a collective legal one.
My doctor also showed up as a suggestion. I figured either the office phone number was linked to his FB page, or FB was scanning my calendar events and linked me to him that way.
I got friend recommendations from FB for other members of the support group.
I think this issue requires action from Facebook. The minimum they should do is allow numbers to be registered to be not used for making connections. Much better would be for them to be more explicit about what information they are collecting (with sufficient guidance that the user understands that medical privacy can be affected) and allow users to not send them that information in the first place. I can't imagine them doing that voluntarily, though.
What's also just as likely is that patients are allowing Facebook to view the contents of their own phonebooks (which they are certainly free to do, unless of course, they're medical professionals with patient information as well...). Facebook sees that these dozen people have the same contact number, and recommends that they all friend each other.
"When Lisa looked at her Facebook profile, she was surprised to see that she had, at some point, given Facebook her cell phone number. It’s a number that her patients could also have in their phones."
You mean: "Fortunately..."
Such a terrible excuse. FB you only have one job! Fail.
They really do need to dig into the issue, if in fact they don't know. Because something seriously need to be excluded from their recommendation algorithm if the article is true.
If they are in fact sucking in contact details from users phones and using them for matching and recommendations, that would seem to be something that would be serious enough to likely require express consent (in other words: users taking an explicit action, rather than being "opted in" implicitly by agreeing to a TOS or similar) under EU data protection regulations.
Not a lawyer, but I'd be surprised if there isn't one or more data protection violations lurking in there somewhere.
Strange place.
All these people have one friend in common with this person, maybe they know each other as well? Being a psychiatrist or whatever has nothing to do with it.
EDIT: I stand corrected. Not so simple regarding where they get the "potential friendship" data from. Diagonal reading mistake on my part.