- MVP version for Telegram (since spamming is a part of their business model, it feels natural to start with it)
- More precisely, data pipeline for weights and measurements for word frequencies. Think of it as small-language models.
- More precisely, it is about morphological analysis of words across different languages. Unlike Meta with regex-based dictionaries[0], I am porting rule-based morphology analysis python library[1] into target programming language.
- More precisely, right now it is about understanding DAWG data structure by porting it from C++[2] to Haskell[3].
- Instead of introducing FFI I wanted to become more comfortable with LLMs, I am trying to approach their internals (or my possibly wrong vision of their internals) by building small language model based on a corpus of thousands of spam messages.
- Maybe some interaction with 3rd-party websites triggered
cancellation of the process, you thought.
- Then, you'll implement blacklist just to avoid any interaction with facebook, something similar to: https://pastebin.com/FAV2f9eA and try to repeat the flow again.
- Then another 2+ years later situation will repeat again. Deja-vu. And again. And again.
There's no way to delete facebook profile if facebook didn't really care about its users.
Nobody seems to remember the time back when FaceBook forced everyone on the platform to use their real name... It was exactly the point their plan to gather data matured I believe.
This is also why many sites and apps offer verification programs as well in my understanding... Verifying a user's ID has been a practices for ages now, but it did nothing to stop the growth of disinformation because that's not what verification was for IMO.
An unregulated private company asking you for official government documentation and your real name is definitely tracking you in my opinion. Even friends commenting with your name and family associations/connections on your account can easily ID everyone.
They are not a government agency with the authority to ask people for government ID, but somehow they convinced everyone to use their real name, and it didn't stop the decay of conduct decorum on the platform, it only served to track information more accurately.
Even people who have never registered for FB are indexed by them based on tagged photos and in posts that others have made about them using their names.
They also track people based on interactions across other apps entirely not associated with FB... That's IMO why certain sites slowed and faulted mysteriously when their domain went offline.
I am willing to bet that they have a really interesting splunk (or similar tech) dashboard they can look at and search any time they want full of analytics based on almost every human on earth.
Account privacy settings have always been a very ambiguous "shell game" with FB and other social apps, and often do not work properly, what makes anyone think a "delete account" request would ever be honored by such a company that manipulates it's user base?
I also suspect that each of the major social platforms do the same type of info gathering to varying extents as well.
This is some serious "James Bond island cave villain" stuff, and whatever congressional action comes next (if anything does) may tell us where the future is going for our privacy and personal info rights... :|
Sure, for a dentist or doctor's visit, it's totally reasonable. But if you were asked for your ID every time you bought a burger at McDonalds, it would be considered suspect and a potential privacy invasion by most.
The same is the case with social media. They don't need your government ID, and they're not authorized to demand it like the health care industry is.
We've already agreed in the TOU for our credit cards that the debtor/merchant is entitled to access to information about you from your credit card company. It is far more intrusive than government ID, yet people freak the fuck out about ID but swipe their VISA 10,000 times per second.
This is how Scientology tracked me for almost three decades even after I changed addresses a dozen times. I bought something from them once on Visa, and they constantly got updates on my personal info.
How are you OK with VISA and not OK with ID on a social media site when the former is far worse than the latter?
We've already given up privacy.
Please help me understand if I'm wrong. I'd like to not be so cynical.
Credit Card industries are regulated by law, the laws are weak as well though, and also rarely enforced, so card companies can really push boundaries in secretive ways with privacy invasion anyway.
In contrast to social media, where there is not any substantial regulation yet, it's the wild west with your information right now... They can sell your phone number, anything saved on your phone, everything you post, and even possibly run a keylogger from their mobile app on your device...
Mobile (installed) apps can collect precise location data on you once you install their app... Credit card companies can potentially track you and gather personal data as well if you install their (native) mobile app. As phones evolve, it will eventually become normal to be tracked and to not be able to opt out if regulation (laws) aren't made and enforced to protect individuals from privacy invasion.
This is why I use web sites instead of installing single-use apps, but also why certain companies want to end support for browser based sites, and why some services can only accessed via installed apps.
This is a good point. Even though they are ignored, there at least is something to use in litigation.
> and even possibly run a keylogger from their mobile app on your device...
Like the Emoji apps that were doing this years ago.
> instead of installing single-use apps,
I keep my app use extreeeemmely limited.
We need serious regulation on social media sites that collect this much personal information, meaning stuff people post that is intended for a very limited, controlled audience, and not wall posts that are public to everyone. (Like HN.)
I think the problem is what someone pointed out to me yesterday: tying DMs to a "real" identity. Purchases are already tied to who we are, and so are every form we sign that has significance. Phone companies know whos in our address books. Email is 100% insecure, always has been. The last thing to protect is the DMs.... which is probably too late.
Now they can just track the card you used to all your purchases, or maybe even facial recognition. ID's aren't needed for them to know who you are in many cases.
The carrot to get you to sign up for the loyalty card is the promise of discount prices. The shelf price says $X, but "Members pay just $Y". Of course $Y is closer to the true price. Sometimes they'll send out a mailer with extra coupons, usually somewhat customized based on your past purchases. But now they get to track all your activity. This is not nefarious to the extent it's used to plan inventory and purchasing, but to the extent that your store profile is sold to other companies, it becomes nefarious.
A casual reading of the terms and conditions might lead a person to object, that it says they don't sell your data. A close reading notes that it says they don't sell to "third parties". But they leave out the fact that any other company the store does business with is not a third party. They technically don't sell your data to them, they provide your data to other companies during the normal course of transacting business with them. Thus, your data flows through the system, unchecked.
Yes, they make a lot more money off of using and selling the data you create than what you save... And they also lay you off as a cashier and make you check out and bag your own groceries... the future is lookin bleak... lol
Is it? Maybe its my unconscious avoidance of industries with that practice, but the only other private corporation I can think of that has requested my ID is Costco. I can't think of a single software service or social media that has wanted my ID for anything. On the other hand, Facebook has never asked for my ID either, I assume because I have an old enough account that I was grandfathered in.
Edit: I thought of two more: airlines and banks. But I assume both of those industries are required to by regulation.
In order to be verified on Twitter and YouTube, you need to present government ID. I wasn't talking about FaceBook in that reference. FaceBook's algorithm likely verifies people over time based on requiring their actual (government record) name versus the content in their posts, possibly combined with facial recognition from posted photos and family associations.
I always chose to never use my real name on any social media accounts, if it was required I'd probably elect to not sign up, but their EULAs frequently are revised to serve whatever purpose they want because there is no meaningful regulation in place to limit their data mining practices on pretty much anyone because others post info about you in some way over time, even if you don't have an account.
Oh I can think of many others: cryptocurrency exchanges, many payment providers, some server providers, Twitter (during verification), freelancing platforms (like Upwork) and even Pornhub.
Sometimes it's a legal obligation (under KYC), sometimes it's pressure from credit card companies, and sometimes it's just websites making shit up to enforce their own rules.
Crypto exchanges do it because of mandated government income tax reporting requirements and potential for payment fraud (also a regulated industry).
Twitter requires ID and personal information (i.e. your phone number) for verification even from users that are not involved in any sort of purchasing or income scenarios.
Reddit started out not caring about who anyone was, but over time IP based tracking and other things started to creep in...
Private companies that aren't regulated nor involved in conducting regulated business should not be asking for any government issued ID nor personal user data if you ask me.
There is no legitimate reason for Facebook, or any other social media website, to require a copy of your ID other than for purposes of renting your authentic profile to advertisers.
There are plenty of good arguments for requiring people to use their actual identities on social media. You may think the downsides outweigh the advantages, but it’s absurd to say there is “no legitimate reason”
If you are a company whose business is advertisement, you should not get a free pass to *require* *unnecessary* personally identifiable information from your target audience.
There is no good argument for making it a *requirement*. If the platform has issues moderating its content, then there are solutions other than requiring their users to identify themselves. Plus, as we saw, asking for ID does not help fight against problematic content and its spread. The root of the problem may lie elsewhere, e.g. in the system which boosts user-generated content which draws clicks (clickbait) and likes (outrage and fake news). Asking for ID is only good for the targetted advertisement business, telling otherwise is a decoy.
I don't think am being unreasonable. There is nothing stopping you or any user from consuming the product without proof of government ID. Besides social media networks get hacked all the time.
The problem is that fundamentally, to Facebook, a user's login account is a separate thing from the user's profile.
You can delete your account, and with a straight face Facebook can assert you've deleted it. But your profile, the mass of data and content that you put on Facebook with your account, and all the data associated with it through their social graph and algorithms, that never gets deleted.
In a very real sense, "you" still exist in Facebook. That's why when, weeks, months, or years later, when you login, Facebook recognizes you. You create a new "account", and Facebook very conveniently associates everything it knows about you (which it never forgot) with your new account.
I tested this quite recently actually. I typed my Facebook password to login with all sorts of mistakes, although the core part of it remains the same, with some minor changes (all caps, a capital letter, an extra character, etc). In all cases the passwords were accepted.
Which leads me to think that Facebook passwords might just be stored as searchable text rather than hashes. Granted I'm no cryptography expert though.
There's no reason to believe it's a "full" account delete even in the countries covered by the GDPR considering they brazenly breach the GDPR with their "consent" flow.
From data modelling point of view it's a challenge to wipe the user data since it will affect a social graph. And there're different strategies to handle corner cases (e.g. how to deal with reactions/replies on "deleted" comments or with reactions on your photos or your reactions on different news, mark as deleted and wipe the content or completely remove nested graph). And it actually makes user tracking much harder (please keep in mind, they're tracking users that have not register yet, in that case user profile might be converted from one user type to another if they are going to continue track you (why didn't want that?)).
It might be much easier to extend account entity with something like:
exactly...I regularly see arguments about how technical compliance with laws or user wishes as 'its hard' as if 'hard' is a counter argument to compliance...
Facebook collects way more data than what you choose to publish. Not to mention, if you want to delete something, Facebook should delete it. Whether other third-parties archive it is beyond scope.
>There's no reason to believe it's a "full" account delete even in the countries covered by the GDPR considering they brazenly breach the GDPR with their "consent" flow.
Given FB's business model, and the fact that they create "shadow" profiles for folks who don't even have FB accounts, I have no doubt that while their UI might pretend that your account has been "deleted", all the data still exists for their use.
Which is why, when I left Facebook in 2014, rather than attempting to delete or disable the account, I posted a goodbye to those on FB that I cared about and explained exactly why I was leaving (their predatory and invasive business model).
I then logged out and haven't returned. I did this because I figured that any activity on their platform would be logged and stored with everything else they'd already collected.
And that was seven years ago. Given what we've seen from them since then, it's pretty clear that I was right.
Just go away and don't look back. Otherwise you'll just give them more data.
> I have no doubt that while their UI might pretend that your account has been "deleted", all the data still exists for their use.
They don't even have to pretend to delete your account, they can actually delete it. But through some linguistic slight-of-hand (i.e., lying) they obscure the fact that your account is not all the data they have on you. Your "account", in a strict sense might just be your username and password. It happens to also be associated with the entire pile of data that is a profile. Once a user no longer has an account, it's what you call a "shadow profile".
>They don't even have to pretend to delete your account, they can actually delete it. But through some linguistic slight-of-hand (i.e., lying) they obscure the fact that your account is not all the data they have on you. Your "account", in a strict sense might just be your username and password. It happens to also be associated with the entire pile of data that is a profile. Once a user no longer has an account, it's what you call a "shadow profile".
A likely scenario. Although I'd say that removing a userid and password from their auth db doesn't qualify as "deleting" an account. Rather, that's disabling an account. And IIUC (I'm not in the EU and not familiar with all the details) the GDPR/EU privacy folks would likely agree with that assessment too.
Perhaps someone with more knowledge of the GDPR could weigh in on what sorts of fines could be levied against Facebook for pulling a stunt like that on European citizens?
Edit: Levied is a more accurate term than "leveled".
Because the US government wants to maintain access to FBs data. Shutting down FB would be a big blow to surveillance, hence they will never do anything serious against it. They’ll just put on a show, scream publicly in outrage about what FB does or whatever, and then nothing substantial will come out of it, because they never intended to do anything in the first place.
The regulators who are supposed to enforce the GDPR are either incompetent or unwilling to do so. I suspect there might be political problems with stepping up enforcement considering a lot of politicians rely on social media & ads (which is powered by non-consensual data processing) to help with their (re)-election.
This is a bit hyperbolic, and a little unbelievable. Is it possible that you experienced a bug in Facebook? Or that someone else had access to your account, which prevented the deletion? You've essentially asserted that you've caught Facebook lying about the account deletion process, while not showing us any proof outside of your comment.
Not located in US/UK/Europe, however my deleted account is fully deleted. Can't even 'reset' the password on it since there's no email found when I try to use the reset.
I don't like Facebook, but I don't think there's a point in getting riled up by one person's comment on HackerNews. It reminds me of the thread where someone was claiming they were under surveillance for using ProtonMail.
No need to get hostile. You've made an unsubstantiated claim, I'm asking for some proof of which there's still none. Remember, I tried the exact same test with the login as you, and couldn't reproduce.
Like I said, there's a number of reasonable reasons why your account didn't get deleted, all of them pass the Occam's Razor test a little better than "Facebook just didn't delete my account/is not deleting accounts in secret".
You're making a statement which, if true, is huge -- that Facebook is secretly retaining accounts after deletion, despite multiple credible sources (IE: TIME) running detailed articles to the contrary. On top of that your anecdotal evidence is contradicted by my anecdotal evidence. So I hope you understand if I don't take this at face-value.
I do wonder if manually deleting everything: every post, every photo, every comment, every interaction, will actually delete things behind the scenes, or if FB keeps everything regardless.
I live in Ireland. A while after GDPR came into effect, I went about deleted a Microsoft account I didn't use anymore. Deleted it on the site, contacted support to request all data be wiped. Done. About 3 years later I get an email that it was accessed and they disabled it for illegal activity. Deleted it in the site, contacted support to request all data be wiped. Honestly think it's more worthwhile to just change the account info to garbage and leave it
One way to leave is to garbage the account, then put a max size password on it, generated randomly. Then forget about the whole thing. Maybe that is safe enough?
Until they actually delete the data, there's a way for someone other than you to get to it. It could require a terrible password reset feature or a breach, but the data is still there.
I now actively avoid signing up for services unless I really really need to, just to avoid this mess. These shady deletion practices effectively kill new signups — in my case, at least.
I live in the UK, I tried to delete my PayPal account (that I never wanted to create, it came out of what I thought was a 'guest checkout' flow) and was repeatedly told I needed to provide PII that they didn't currently have in order to 'verify' my identity so they could delete it.
There is, you basically spend a year rewriting your profile step by step with garbage data. Then delete the garbage posts and replace them with other stuff. It's long and it takes effort.
I assume that when you do it all at once they will just disable you and keep the old snapshot in their facebook graph.
I tried to download my Facebook data once and found that it had all my ancient and deleted posts, ancient relationship status, ancient cities of dwelling, etc.
Anyway how would filling in garbage help in deleting Facebook account?
I think the idea is to seed mistrust in the data because there is no way to distinguish between the genuine and the fake data you put on your account. So the fake data makes the genuine practically useless.
Exactly. Taking it to the next level, leave your own tracking info in the fakery, e.g. "favorite vacation: France". Then if someone cold-spams you with tickets to Paris, you'll know why.
How this exageration contributes to a discussion here?
It is very popular now to bash facebook. This kind of herd conformism and unsubstantiated claims are harming hacker news community in my humble opinion.
If you do not bring new evidence or ideas, please refrain from exaggerated accusations.
Ah please. It can easily be found in the record that almost every statement made by Facebook is a lie or not truthful. Just one influential for me is the promise not to do anything with WhatsApp and Facebook. Incredibly naive at the time to approve that acquisition on the pinky swear they’d hold their word. At this stage I’m astounded by any official taking the word of Facebook. Their incentives to spin are insurmountable.
All discussions about Facebook must include a reminder that they lie about everything. Pretending that they are trustworthy or reliable is disingenuous. Truths about Facebook’s lying can’t be repeated enough.
> Imagine, you're living outside of USA/UK/Europe.
Technically, with GDPR you only need to visit the EU to delete your account... So I suppose one might a vacation out of deleting Facebook, LinkedIn etc accounts?
probably you were in a hurry or distressed and didn't read the text while deleting the account and probably, you have disabled your account. They will offer an option to disable account in case you change your mind later. Please stop spreading misinformation.
What do you mean “upheld”? The story in your link describes the company refusing to comply and then ends. It’s true that you don’t have to be currently living in the EU to invoke your GDPR rights if you’re an EU citizen traveling abroad, or if you’re a foreign citizen traveling or residing in the EU. GDPR applies to companies that market to people in the EU or do business in the EU. BUT - GDPR is an EU law, it does not apply to US citizens living in the US, which is why the company in your story was legally entitled to refuse to comply.
You're quite wrong. GDPR can apply to citizens in the US, and the link I posted shows the ICO enforcing it in their favour. SCL Elections Ltd was taken to court and then fined £15,000 for not complying with that US resident's request.https://ico.org.uk/about-the-ico/news-and-events/news-and-bl...
I expect that US resident could also have brought a civil lawsuit, at least in UK courts, for damages.
The EU and UK GDPRs can also apply to companies in the US, or elsewhere. That's because location of the business (including subsidiaries) OR location of the individuals, are hooks under the GDPR's territoriality tests in Article 3. You usually need one or the other though; the way GDPR Article 3 works, it's pretty hard to imagine it applying to a US-only business in respect of US resident-individuals.
Yes it can apply to US citizens in certain cases, I thought I agreed with you on that, did I not? It’s still a fact that GDPR does not always (or even normally) apply to US residents doing business with US companies. UK courts have no authority over US companies operating only in the US with US residents who aren’t traveling abroad. Cambridge Analytica is a British company, that is why GDPR applies to them. So yes, I was wrong to conclude prematurely based on your link that this example is one where the company was legally entitled to refuse to comply. But the take-home message doesn’t change - GDPR doesn’t automatically apply to non-EU residents or non-EU companies, unless or until one or both parties has some EU involvement.
The part I most disagreed with is "GDPR is an EU law, it does not apply to US citizens living in the US". Yes it does, I provided an example. Your follow up is a lot closer to the mark.
GDPR is an EU law. It doesn’t automatically apply to people in the US. That’s the only reason I replied - your original framing left an implied suggestion that it might commonly or by default apply to US citizens, without discussing under what conditions. Arguing that you don’t have to be an EU resident leaves the misleading impression that the EU doesn’t have to be involved. I think it’s important to note that the EU part is required somewhere in the company-customer relationship for GDPR to have any say in the matter, and it’s important specifically because this is a common misconception and the misconception is being abused in some cases to coerce compliance where it’s not legally required. I know this as a US business owner that gets emails from US companies on behalf of US citizens that are demanding certain actions and rights under GDPR, without a legal basis to do so.
That is perhaps pedantically true in a way you almost certainly don't mean, that there is no longer 'the GDPR', there is now the EU's GDPR and the UK's GDPR (both using that name) ... but basically false.
As I said above, it was kept with the necessary amendments. That documents title: GDPR - Keeling Schedule. Introductory paragraph:
> This schedule has been prepared by the Department for Digital, Culture, Media and Sport. It is intended for illustrative purposes only to assist the reader in understanding the changes to be made to the retained General Data Protection Regulation by the Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2019 (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc)(EU Exit) Regulations 2020 (subject to Parliamentary approval) when these come into force.
I'm pretty sure you can't "sue" under the GDPR. The best you can do is report them to your country's privacy regulator but so far all of them are absolutely incompetent or unwilling to enforce the regulation.
Even your computer has delete and cancel button. Isn't the cancel button opposite of immediate deletion when I am explicitly trying to delete file. Hope you can understand and don't mock others.
