Facebook has started to encrypt links to counter privacy-improving URL Stripping(ghacks.net)
ghacks.net
Facebook has started to encrypt links to counter privacy-improving URL Stripping
https://www.ghacks.net/2022/07/17/facebook-has-started-to-encrypt-links-to-counter-privacy-improving-url-stripping/
240 comments
>the AdNauseam (.io, browser extension) approach to pollute their tracking data might be inspirational. The gist is: can't eliminate ad links? Then have an app "click" all of them randomly so that counters become irrelevant. So there is this link that identifies user X?, well then write an extension that distributes and "clicks" it around on say 1000 other machines in a p2p way so that it becomes meaningless.
Except if you look at the documentation for AdNauseam, their fake click technique seems trivially filterable. The fake clicks are made as XHR requests, so all you have to do is look at the appropriate headers to filter them out. At best the only adtech companies that are getting fooled by this are upstarts that haven't added fraud detection yet.
https://github.com/dhowe/adnauseam/wiki/FAQ#how-does-adnause...
Except if you look at the documentation for AdNauseam, their fake click technique seems trivially filterable. The fake clicks are made as XHR requests, so all you have to do is look at the appropriate headers to filter them out. At best the only adtech companies that are getting fooled by this are upstarts that haven't added fraud detection yet.
https://github.com/dhowe/adnauseam/wiki/FAQ#how-does-adnause...
Unless I'm missing something, headers here can also be set to appear as another request type.
(And to be clear - I could be missing something. Does the browser allow replacing e.g Sec-* headers on XHR requests?)
(And to be clear - I could be missing something. Does the browser allow replacing e.g Sec-* headers on XHR requests?)
>Does the browser allow replacing e.g Sec-* headers on XHR requests?
Probably not, according to this snippet from MDN
> With this information a server can implement a resource isolation policy, allowing external sites to request only those resources that are intended for sharing, and that are used appropriately. This approach can help mitigate common cross-site web vulnerabilities such as CSRF, Cross-site Script Inclusion('XSSI'), timing attacks, and cross-origin information leaks.
https://developer.mozilla.org/en-US/docs/Glossary/Fetch_meta...
being able to override it kills the whole point of the headers.
Probably not, according to this snippet from MDN
> With this information a server can implement a resource isolation policy, allowing external sites to request only those resources that are intended for sharing, and that are used appropriately. This approach can help mitigate common cross-site web vulnerabilities such as CSRF, Cross-site Script Inclusion('XSSI'), timing attacks, and cross-origin information leaks.
https://developer.mozilla.org/en-US/docs/Glossary/Fetch_meta...
being able to override it kills the whole point of the headers.
For many years I was against AdNauseam, as by my reckoning it would be counterproductive and just end up hurting the the most privacy and freedom oriented voices, but now that Facebook is upping the stakes it's starting to seem like a reasonable countermeasure.
I guess this kind of efforts will be largely mitigated by the existing fraud detection systems. You'll probably need to devise much more sophisticated attacks to achieve such goal. And the attack should be also economical, which makes it a really challenging problem against FB-level targets.
When you can't get rid of signal, add noise.
asdfologist(10)
> Aside stopping the use of Facebook, which of course is the best solution but not doable for many
But quite doable for a content provider like Ghacks. Users should be able to share links to web content in a way that does not create privacy risks, and this whole URI encryption business makes that quite a bit harder.
But quite doable for a content provider like Ghacks. Users should be able to share links to web content in a way that does not create privacy risks, and this whole URI encryption business makes that quite a bit harder.
I haven't used Facebook in quite a while, but when I did I had a set of userscripts to defuse this tracking. It worked similarly to Google link stripping, by defusing the JavaScript that rewrote the link between the time you clicked it and when your browser opened it. Initially I built it because the free wireless internet in my apartment was unreliable and the redirects could be enough to prevent a page from opening. My method was pretty blunt - I removed element entities that held the target URL, and that broke the listener function. A later iteration would actually unset the listener event. This all worked because it seemed important to FB that you be able to see where the link would take you (e.g. by hovering). I wouldn't be surprised if Facebook's paternalism (and Google's for that matter, but I haven't seen it from them, though I mainly use DDG now) now led them to add this "protection" directly to links as they're served up. I can't tell from the article whether that's the case, and at this point I'm not going to log in to FB to figure it out.
I would love to stop using Facebook, Instagram or Whatsapp, but I would really need to criple my social life if I'd give up on any of these. And I'm not even a very active person, it's just that so many people I want to engage with have a huge chunk of their lives tied to one of these.
I can't understand the people saying there is a free market choice here, this can only be solved with simple regulation that targest large platforms.
If the SEC can use its judgement on what constitutes a security, than we can have a social media comission to oversee Facebook.
I can't understand the people saying there is a free market choice here, this can only be solved with simple regulation that targest large platforms.
If the SEC can use its judgement on what constitutes a security, than we can have a social media comission to oversee Facebook.
If someone is important enough in your life, you'll both find ways to make it work.
The mental health benefits of leaving Facebook are worth it.
The mental health benefits of leaving Facebook are worth it.
I think one thing this discounts is that you form loose connections and sometimes those loose connections become stronger later.
If you have a friend of a friend who you add on socials, and then you see their updates, and then you see them at a mutual party, despite not being well acquainted you are reasonably up to date with their lives. This can make the conversation flow better and you may form a meaningful connection.
If you have a friend of a friend who you add on socials, and then you see their updates, and then you see them at a mutual party, despite not being well acquainted you are reasonably up to date with their lives. This can make the conversation flow better and you may form a meaningful connection.
What about a local running group that organises everything through Facebook?
You could try calling them or seeing them in person. If they refuse to interact with you unless it’s documented on Facebook are they really people worth interacting with?
Arguably for 1-on-1 relationships, but even then it would mean losing some not so close friends, that I still enjoy seeing once every 1-2 years.
But at times it's impossible in practice: my friends will create Whatsapp groups for instance to plan vacations/batchelor parties/random events, and I need to use that if I want any meaningful involvment in the event.
I've sometimes been passive and just showed up, but I'm losing a part of the shared experience.
But at times it's impossible in practice: my friends will create Whatsapp groups for instance to plan vacations/batchelor parties/random events, and I need to use that if I want any meaningful involvment in the event.
I've sometimes been passive and just showed up, but I'm losing a part of the shared experience.
I had this same problem so I made an app that allows me to use Instagram without using the Instagram app. It also blocks ads + suggest posts, removes all tracking, removes read receipts in DMs and when viewing stories, and also allows me to create custom feeds like Twitter lists.
Turns out a lot of people had this problem, so I made it into a company.
I don't want to blatantly advertise but let me know if you'd like me to link the website.
Turns out a lot of people had this problem, so I made it into a company.
I don't want to blatantly advertise but let me know if you'd like me to link the website.
[deleted]
Out of curiosity, do you use Google for search?
I use mostly Duckduckgo for search, Google when in desperation (once per week probably).
Previous Discussion: https://news.ycombinator.com/item?id=32117489
Amazing that they noticed it this quickly. Most people are used to see all those URLs with encoded garbage to notice this change
There is a solution how to get the old Facebook post URL posted in this thread: https://news.ycombinator.com/item?id=32118095
so instead of being able to opt out, by editing extraneous commands, face book is locking you into accepting commands with the link.
stretch that out a bit and it will fit - facebook controls your browser by infiltrating commands packed into an encrypted string.
that looks alot like what C&C servers do, the next step would be dropping a bot into users systems
stretch that out a bit and it will fit - facebook controls your browser by infiltrating commands packed into an encrypted string.
that looks alot like what C&C servers do, the next step would be dropping a bot into users systems
Has anyone checked if it is just a serialized+base64 encoded swift proto with the original URL?
There could be other reasons for this, but evading firefox rewriting links seems most likely - some gateways strip too-long query strings for example, but will leave the rest of the URL alone.
There could be other reasons for this, but evading firefox rewriting links seems most likely - some gateways strip too-long query strings for example, but will leave the rest of the URL alone.
$ echo "0RjTS7KpBAGt9FHp5vCNmRJsnmBudyqRsPC7ovp8sh2EWFxve1Mk2HaGTKoRSuVKpl" | base64 -D | xxd
00000000: d118 d34b b2a9 0401 adf4 51e9 e6f0 8d99 ...K......Q.....
00000010: 126c 9e60 6e77 2a91 b0f0 bba2 fa7c b21d .l.`nw*......|..
00000020: 8458 5c6f 7b53 24d8 7686 4caa 114a e54a .X\o{S$.v.L..J.J
$ echo "AZXT7WeYMEs7icO80N5ynjE2WpFuQK61pIv4kMN-dnAz27-UrYqrkv52_hQlS_TuPd8dGUNLawATILFs55sMUJvH7SFRqb_WcD6CCOX_zYdsebOW0TWyJ9gT2vxBJPZiAaEaac_zQBShE-UEJfatT-JMQT5-bvmrLz7NlgwSeL6fGKH9oY9uepTio0BHyCmoY1A" | base64 -D | xxd
00000000: 0195 d3ed 6798 304b 3b89 c3bc d0de 729e ....g.0K;.....r.
00000010: 3136 5a91 6e40 aeb5 a48b f890 c37e 7670 16Z.n@.......~vp
00000020: 33db bf94 ad8a ab92 fe76 fe14 254b f4ee 3........v..%K..
00000030: 3ddf 1d19 434b 6b00 1320 b16c e79b 0c50 =...CKk.. .l...P
00000040: 9bc7 ed21 51a9 bfd6 703e 8208 e5ff cd87 ...!Q...p>......
00000050: 6c79 b396 d135 b227 d813 dafc 4124 f662 ly...5.'....A$.b
00000060: 01a1 1a69 cff3 4014 a113 e504 25f6 ad4f ...i..@.....%..O
00000070: e24c 413e 7e6e f9ab 2f3e cd96 0c12 78be .LA>~n../>....x.
00000080: 9f18 a1fd a18f 6e7a 94e2 a340 47c8 29a8 ......nz...@G.).
This doesn't look to me like unencrypted serialized data. Serialization would usually have some visible structure to it and possibly visible ASCII strings. Also notice that the lengths of both strings are aligned to 16 bytes — this might mean AES block encryption.> some gateways strip too-long query strings for example
Uhm. What?
Uhm. What?
Recent and related:
Ask HN: What is with the new URLs on facebook.com? - https://news.ycombinator.com/item?id=32117489 - July 2022 (249 comments)
Ask HN: What is with the new URLs on facebook.com? - https://news.ycombinator.com/item?id=32117489 - July 2022 (249 comments)
IMHO this was totally expected and is an argument for "browser neutrality" --- I believe a browser shouldn't be doing this or many other things by default.
Modifying URLs and filtering page content should be the responsibility of extensions and the like. I personally use a filtering proxy.
Modifying URLs and filtering page content should be the responsibility of extensions and the like. I personally use a filtering proxy.
Since there's zero chance that websites and ad companies will stop their spying and manipulation (let's call it "webpage neutrality"), what you're proposing is unilateral disarmament. To require a lot of know-how and tech savvy to get privacy, while leaving the common user to the mercy of a hostile web.
This is like the argument that the Do Not Track flag was illegitimate if the browser defaulted it to 'on'. An argument that is never applied to tracking or the countless "by visiting this webpage you consent to.."
This is like the argument that the Do Not Track flag was illegitimate if the browser defaulted it to 'on'. An argument that is never applied to tracking or the countless "by visiting this webpage you consent to.."
Why can't I as a user have a browser that's privacy-enabled out of the box without any extensions?
It's called Safari.
The same Safari which is doing poorly on privacy extensions?
You need privacy "extensions" a lot less if you design your platform for privacy to begin with.
This is opt in, not enabled by default, and requires you to intentionally pick 'Strict' which has a warning as its first line of text that says some sites may break.
Firefox is not doing this by default I'm pretty sure
My understanding is that Firefox, and eventually all the other browsers, intend to do something like this by default. They are all working to prevent cross site tracking, linking your activity on one site to your activity on another. For example, Chrome has: "In parallel to that we will aggressively combat the current techniques for non-cookie based cross-site tracking, such as fingerprinting, cache inspection, link decoration, network tracking and Personally Identifying Information (PII) joins." -- https://www.chromium.org/Home/chromium-privacy/privacy-sandb...
Though "Enhanced Tracking Protection" is easy to opt-in.
If the author edits their post and the reader then follows the "View Edit History" URL, then the reader can see in the address bar the story_fbid= and the (author) id= URL parameters without the obfuscation.
If the reader follows the "People who reacted" URL, then the reader can see the story_fbid= and (author) id= paramaters, without obfuscation.
If the reader follows the "Comment" URL, then the reader can see the story_fbid= and (author) id= paramaters, without obfuscation.
If the reader follows the "React" URL, then the reader can see the story_fbid= and (author) id= paramters, without obfuscation.
Those are just four ways to discover the unobfuscated story_fbid number. There are probably others.
Tested with mbasic.facebook.com.
I have always stripped everything but the story_fbid and (author) id parameters when sharing URLs pointing to posts on Facebook. Anything else in the URL is unnecessary. On the desktop/laptop/RPi, this stripping can be automated using a localhost forward proxy.
Another issue that seems to fly under the radar with Facebook users is the prefixing and proxying of external URLs with https://lm.facebook.com/l.php?u=.
If the reader follows the "People who reacted" URL, then the reader can see the story_fbid= and (author) id= paramaters, without obfuscation.
If the reader follows the "Comment" URL, then the reader can see the story_fbid= and (author) id= paramaters, without obfuscation.
If the reader follows the "React" URL, then the reader can see the story_fbid= and (author) id= paramters, without obfuscation.
Those are just four ways to discover the unobfuscated story_fbid number. There are probably others.
Tested with mbasic.facebook.com.
I have always stripped everything but the story_fbid and (author) id parameters when sharing URLs pointing to posts on Facebook. Anything else in the URL is unnecessary. On the desktop/laptop/RPi, this stripping can be automated using a localhost forward proxy.
Another issue that seems to fly under the radar with Facebook users is the prefixing and proxying of external URLs with https://lm.facebook.com/l.php?u=.
What about it? They end up at the same url.
Firefox and Brave should warn the user that they are going to be tracked by accessing URLs like these if tracking protection is enabled.
At this point a full-screen spyware warning with the only option to continue being a tiny "allow once/i know what I'm doing" would be appropriate. The lengths these companies go to to map your every move is beyond comprehension. And sure, there are bad actors and there always will be, but that they're the biggest companies in the world with a top notch reputation, in most circles, is absolutely insane.
I've had background projects working on Web privacy measures since the Junkbuster days in the 1990s.
Pretty much any practical measures I've thought of, I think of (usually obvious) ways they can be countered, and assume it's only a matter of when that measure is on the adversary's radar and worth their time.
Pretty much any practical measures I've thought of, I think of (usually obvious) ways they can be countered, and assume it's only a matter of when that measure is on the adversary's radar and worth their time.
Junkbuster --- now that's a name that takes me back! MITM proxies for filtering were far more common back then, but the "security" industry managed to scare most people out of using one, ironically causing them to only remain on corporate networks. I still use Proxomitron for this purpose.
I've always assumed that "shortened" shared links that things like the youtube app provides do something similar - no way to remove a tracking param when you have something like `https://youtu.be/KLEH8RJsYg`.
Except the only tracking info the YouTube shortener adds is the referrer.
https://youtu.be/KLEH8RJsYg => https://www.youtube.com/watch?v=KLEH8RJsYg&feature=youtu.be
The only data in that short url is the unencrypted YouTube video ID
https://youtu.be/KLEH8RJsYg => https://www.youtube.com/watch?v=KLEH8RJsYg&feature=youtu.be
The only data in that short url is the unencrypted YouTube video ID
Could you explain how one would go about determining what you explained here? Is the "KLE..." part of the shortened URL just compressed somehow and you can decompress it? I guess I always assumed the browser just requested the shortened url and the black-box google server opaquely serves up the destination page, allowing it to do whatever with the (I assumed, incorrectly it would seem) unique string in the URL. Unique to the user sharing and video being shared, I mean.
The KLE portion you're referring to is the video ID. It's how the video is uniquely identified. It's not compressed or storing any tracking information about anyone when it's shared. You can see that in both URLs it's the exact same value.
[deleted]
The irony of now fb having more encryption in their URLs than a standard .onion URL...
You will please forgive me for being pedantic, but an onion URL contains no encryption. Per the spec [0]:
| CHECKSUM | VERSION) + ".onion"
CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2]
[0]: https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.... (section 6)Public keys count as encryption to me.
And you, too, will please forgive me for being pedantic.
Check out line 540 of the link above (section 1.7):
In fact, you generally do not use public keys to do encryption at all. What often happens is that you use a key exchange algorithm like Diffie-Hellman to derive a shared secret, which you then use to do bulk encryption using your favorite cipher (some asymmetric cryptosystems permit encryption, but they're much slower than symmetric ciphers, which also benefit from strong hardware acceleration).
You can also use keypairs for signing, key exchange (e.g., DH), key derivation (as used by Tor hidden services), and creating verifiable random functions. They definitely do not imply encryption.
Check out line 540 of the link above (section 1.7):
Master (hidden service) identity key -- A master signing keypair
used as the identity for a hidden service. This key is long
term and not used on its own to sign anything; it is only used
to generate blinded signing keys as described in [KEYBLIND]
and [SUBCRED]. The public key is encoded in the ".onion"
address according to [NAMING].
You can then follow that to line 2292 (Appendix 2) which describes the aforementioned generation process. It's a bit too long to be pasted here, but it turns out to be elliptic curve multiplication and hashing. This is not encryption for any common definition thereof.In fact, you generally do not use public keys to do encryption at all. What often happens is that you use a key exchange algorithm like Diffie-Hellman to derive a shared secret, which you then use to do bulk encryption using your favorite cipher (some asymmetric cryptosystems permit encryption, but they're much slower than symmetric ciphers, which also benefit from strong hardware acceleration).
You can also use keypairs for signing, key exchange (e.g., DH), key derivation (as used by Tor hidden services), and creating verifiable random functions. They definitely do not imply encryption.
So there's a gap between a key and data directly encrypted with that key. And I was willing to say it's close enough to lump it all as encryption. Let's arbitrarily say that's 15 units of separation.
You're pointing out this key is used differently, to generate the more direct keys. But I don't think that matters. I would say that using elliptic curves to transform one key into another while keeping the original key data secret is a good bit closer to the platonic ideal of encryption than 15 units. So that process shouldn't be a disqualifying factor.
You're pointing out this key is used differently, to generate the more direct keys. But I don't think that matters. I would say that using elliptic curves to transform one key into another while keeping the original key data secret is a good bit closer to the platonic ideal of encryption than 15 units. So that process shouldn't be a disqualifying factor.
[deleted]
Easily defeated by having a secondary server access the url, strip any remaining parameters, then returning the URL to the user. You will have to really trust your browser, however. A gambit I am willing to take. It is Facebook we are talking about, after all.
The game of cat and mouse continues.
The game of cat and mouse continues.
This brings up an interesting point. If you have a secondary server do this operation as opposed to the browser, the only thing that has changed from the receiver's point of view is the source IP.
So maybe privacy protecting browsers will start to do double loads: 1. First to get the real URL 2. Next to do the browsing with the association information stripped from the URL/cookies/etc
So maybe privacy protecting browsers will start to do double loads: 1. First to get the real URL 2. Next to do the browsing with the association information stripped from the URL/cookies/etc
Yep.
Nobody is gonna go through that effort though, and it’s not possible to translate the params back because only the server decrypts them. This seems like the tipping point where cat wins for all but like 5 people.
I’m actually kinda surprised this hasn’t happened earlier.
I’m actually kinda surprised this hasn’t happened earlier.
I used to go through the effort of manually stripping tracking params out of my URLs until the browsers integrated it.
I will go through this effort until browsers integrate it, or until there is a secondary service that's easily runnable. This would just be pi-hole but for the internet instead of your local network.
I will go through this effort until browsers integrate it, or until there is a secondary service that's easily runnable. This would just be pi-hole but for the internet instead of your local network.
FB still gets to know whose shared URL is being accessed how much and when.
They will not be able to reliably tell their users if the end user landed on the page, and most importantly, specific users. They will only be able to guess. Today, the tracking mechanism works in tandem with the facebook pixels or tracking scripts on the receiving end to give full E2E campaign clarity. This will break that, or at least introduce heavy uncertainty that will definitely impact their revenue model.
The secondary server can cache the result, so that only the first time there's a signal to FB.
Then the game of cat and mouse will continue in this fashion: facebook will generate unique URLs for each user (if they aren't planning to do so already)
[deleted]
simple solution would be to stop using FB.
i feel the majority of fb audience probably don't care about this enough to change their habits.
i feel the majority of fb audience probably don't care about this enough to change their habits.
It can be subverted: make Firefox touch the “encrypted” URL to see what it links to, then serve the cleartext URL.
That still gets them their cross-site analytics, since the encrypted URL is only accessed when you're visiting the page.
Depends on how many URLs on are on the page; if there are 20 (encrypted) urls, and the browser touches each of them, but the user only follows one of them, the data FB gets is much less useful.
Weird to think someone (or a team, really) built this. Why?
Because the cross site referral data is valuable to the company.
This should be illegal.
The ideal solution here is to stop using Facebook.
Regrettably, I have family members with whom I really must stay in touch, but who think that FB is the internet. No matter what I've said, what I've shown them, and what I've encouraged them to do, there is nothing to replace it.
They can post photos, statuses, chat with friends, reply to other friends' posts ... what can replace FB for them?
Nothing. So I'm forced to stay on FB.
Vile platform, no alternative.
They can post photos, statuses, chat with friends, reply to other friends' posts ... what can replace FB for them?
Nothing. So I'm forced to stay on FB.
Vile platform, no alternative.
Yeah, that's fair. There's a cost. I've deleted it a couple years ago. I miss out on some stuff for sure. I have an iMessage group chat with my family as a replacement, but of course not the extended family and certainly not the more distant friends.
It’s whatsapp for me. Can’t get away from it. I tried for 3 years. I ended up basically unintentionally ostracized by family and friends.
It’s a chore for people to forward to my preferred communication method and easy to occasionally forget. Which snowballs into only hearing about events afterwards.
Eventually you basically become a weirdo with no mates.
I’m not prepared to make that sacrifice any more. I honestly gave it my best shot and still don’t use FB and Insta but have to use WhatsApp.
It’s a chore for people to forward to my preferred communication method and easy to occasionally forget. Which snowballs into only hearing about events afterwards.
Eventually you basically become a weirdo with no mates.
I’m not prepared to make that sacrifice any more. I honestly gave it my best shot and still don’t use FB and Insta but have to use WhatsApp.
I traveled all around the world before Facebook was a thing, and it never prevented me from keeping in touch with the people that mattered.
What you realy mean is that you value more the convenience it offers that the price to pay for using it.
What you realy mean is that you value more the convenience it offers that the price to pay for using it.
So did I. But things have changed, and some of those people with whom I remained in contact now use FB to the near exclusion of everything else.
These people are family in their 90s, for whom well-meaning children and grand-children have set up on FB. They don't use email, they can't write letters because of arthritis (and time delays ... international post can be very slow), and effectively the only async comms they use at all is FB.
I'd ask that you not try to tell me what I really mean.
These people are family in their 90s, for whom well-meaning children and grand-children have set up on FB. They don't use email, they can't write letters because of arthritis (and time delays ... international post can be very slow), and effectively the only async comms they use at all is FB.
I'd ask that you not try to tell me what I really mean.
I had the same situation with far away old people (grandmas in Venezuela, on in France, me living in Africa or Asia), some had problem with sight, earing, etc.
They didn't have internet.
We managed to get in touch.
> I'd ask that you not try to tell me what I really mean.
Manner of speaking.
The important is again that it is a matter of cost vs convenience.
I understand the cost can get pretty high.
Yet still, people kept in touch for decades with old distant relatives before the internet.
Using facebook is convenience, that's the point. It is very convenient.
It's the whole argument of this thread: the convenience eventually makes most people discard the cost of not using FB as too high, and the privacy things as not important enough compared to that.
They didn't have internet.
We managed to get in touch.
> I'd ask that you not try to tell me what I really mean.
Manner of speaking.
The important is again that it is a matter of cost vs convenience.
I understand the cost can get pretty high.
Yet still, people kept in touch for decades with old distant relatives before the internet.
Using facebook is convenience, that's the point. It is very convenient.
It's the whole argument of this thread: the convenience eventually makes most people discard the cost of not using FB as too high, and the privacy things as not important enough compared to that.
They're 90? I wonder if it couldn't be replaced by a weekly phone call.
For reference, I'm 60, nearly 61, my mother is 90, nearly 91, and we are a long-lived family. I phone my mother three times a week.
For the rest, see my comment here: https://news.ycombinator.com/item?id=32131180
For the rest, see my comment here: https://news.ycombinator.com/item?id=32131180
Yeah, for your mother definitely makes sense to already have more than one weekly phone call, but I was thinking about other family members.
Reading your post, it seems Facebook is a bit of a recreational activity to keep them sharp and social, which is good. What I was thinking is whether you need to participate in it, since the people this age I know is more than willing to keeping me up to date on all interesting stuff by talking. But of course each family is different so I'll just assume you know what you're doing!
Reading your post, it seems Facebook is a bit of a recreational activity to keep them sharp and social, which is good. What I was thinking is whether you need to participate in it, since the people this age I know is more than willing to keeping me up to date on all interesting stuff by talking. But of course each family is different so I'll just assume you know what you're doing!
In my experience, almost everybody over 60 really prefers to talk on the phone anyways
I'm over 60 and I hate talking to people on the phone. My mother likes it, and that's why I call her three times a week. But most of my aunts and uncles prefer to show their photos on FB and talk about what they're doing there. I call them for birthdays and special anniversaries, and having kept up-to-speed via FB means I can talk about things that really matter, or get clarification on things that weren't obvious.
But they like using FB, and it's the only effective way I know to stay in touch and remain a part of their lives.
But they like using FB, and it's the only effective way I know to stay in touch and remain a part of their lives.
> What you realy mean is that you value more the convenience it offers that the price to pay for using it.
People should be more charitable.
They said that they must stay in touch with these people and that these people can’t seem to use other things. Often times you have to stay in contact with family members because they aren’t able to properly care for themselves. Those same people may not have the ability to easily change how they interact with the digital world due to mental health issues and you have no choice but to meet them where they are.
People should be more charitable.
They said that they must stay in touch with these people and that these people can’t seem to use other things. Often times you have to stay in contact with family members because they aren’t able to properly care for themselves. Those same people may not have the ability to easily change how they interact with the digital world due to mental health issues and you have no choice but to meet them where they are.
I think this is largely a straw man, or taking an extreme case as representative.
I have friends that are not on Facebook. It requires more effort to stay in touch with them (for example, calling them on the phone) but it's doable. I don't see how a thing that was invented 10 years ago is now the sole method of communication with loved ones.
That said, I agree it's not without cost to delete Facebook.
I have friends that are not on Facebook. It requires more effort to stay in touch with them (for example, calling them on the phone) but it's doable. I don't see how a thing that was invented 10 years ago is now the sole method of communication with loved ones.
That said, I agree it's not without cost to delete Facebook.
Again, this is implying that the cost of another solution to all those problems is very high, and facebook is a very cheap, convenient solution.
So privacy is not important enough to justify those costs.
So privacy is not important enough to justify those costs.
My family replaced FB with WhatsApp. So have most of my friends (although with friends it's mostly Signal).
Sure, it's a completely different kind of platform, but it serves well. People post their travel pictures there, people ask random stuff and the group can discuss, we can have private discussions by clicking one name.
Sure, it's still Meta, and there's still a lot of bullshit groups, but at least I don't have to be exposed by it, nor do baby/kid pictures are exposed to the world, nor do I give money to Meta.
Of course, maybe by "Facebook" you mean "Messenger", which is more popular than it should in the US. Replacing FB with WhatsApp or Signal is possible because my family and friends are around Latin America, Europe and Asia, where nobody uses Messenger anyways.
Sure, it's a completely different kind of platform, but it serves well. People post their travel pictures there, people ask random stuff and the group can discuss, we can have private discussions by clicking one name.
Sure, it's still Meta, and there's still a lot of bullshit groups, but at least I don't have to be exposed by it, nor do baby/kid pictures are exposed to the world, nor do I give money to Meta.
Of course, maybe by "Facebook" you mean "Messenger", which is more popular than it should in the US. Replacing FB with WhatsApp or Signal is possible because my family and friends are around Latin America, Europe and Asia, where nobody uses Messenger anyways.
[deleted]
Photos and statuses are nice, but not essential. Though conversely, I'd say that getting tracked online isn't really a big deal either.
So they don't understand email, phones or text messaging where people have been doing what they're doing now for years? I have some family that are like your, I shutdown my Facebook profile, and now I just call them on the phone now and we actually communicate more frequently and have better conversations.
[deleted]
Your last two sentences don't pass the smell test.
There's even graceful degradation in your set of solutions:
1. You drop FB. Now you just look on your spouse's Facebook when necessary, and your family learns to tell your spouse to show you stuff on FB. Annoying? Yes. Unworkable? No.
2. Your entire immediate family drops Facebook. At least one (if not all of you) can still communicate with the rest over text. And the rest of your family knows how to send a photo over text on an Iphone. Annoying to extended fam? Maybe. Unworkable? Definitely not. (In fact, I'd be willing to bet that it cuts out extended family spam and makes those moments of connection more meaningful.)
3. You attempt a quixotic adventure to switching your entire extended family over to some half-baked decentralized alternative to Facebook that will be usable in forever minus a day. Impossible? Yes. So choose #1 or #2 above.
There's even graceful degradation in your set of solutions:
1. You drop FB. Now you just look on your spouse's Facebook when necessary, and your family learns to tell your spouse to show you stuff on FB. Annoying? Yes. Unworkable? No.
2. Your entire immediate family drops Facebook. At least one (if not all of you) can still communicate with the rest over text. And the rest of your family knows how to send a photo over text on an Iphone. Annoying to extended fam? Maybe. Unworkable? Definitely not. (In fact, I'd be willing to bet that it cuts out extended family spam and makes those moments of connection more meaningful.)
3. You attempt a quixotic adventure to switching your entire extended family over to some half-baked decentralized alternative to Facebook that will be usable in forever minus a day. Impossible? Yes. So choose #1 or #2 above.
I have 10 to 15 family members in their 80s and 90s who use FB. A group has been set up for them, and they post photos and comments, and they chat with each other using Messenger. These are people who don't know of and honestly don't care about the difference between the internet and the web, and to them, "The Internet" simply is Facebook.
Using the tech is already hard for them. Some are partially sighted, some have mobility issues, some have arthritis, all can easily use FB to stay in touch.
And they don't use anything else.
It's just not an option to try to get them to change, it really isn't. Please, please do me the courtesy of accepting that I've done the analysis. Many times. It's simply not a reasonable objective.
And no, I won't squat on someone else's FB account so I can stay in touch.
Using the tech is already hard for them. Some are partially sighted, some have mobility issues, some have arthritis, all can easily use FB to stay in touch.
And they don't use anything else.
It's just not an option to try to get them to change, it really isn't. Please, please do me the courtesy of accepting that I've done the analysis. Many times. It's simply not a reasonable objective.
And no, I won't squat on someone else's FB account so I can stay in touch.
[deleted]
Perhaps the best strategy is to use Facebook but never click on links. At least that solves the particular tracking that this post is about.
[deleted]
robolange(7)
What about SMS and phone calls?
It's like saying I need alcohol to stay in touch with my alcoholic friend. No you don't.
It's like saying I need alcohol to stay in touch with my alcoholic friend. No you don't.
See my reply here: https://news.ycombinator.com/item?id=32131180
privileged solution. In many countries Facebook is the de facto communication infrastructure. They own four of the five largest communication platforms in the world.
The ideal solution is to hit them with the hammer until morale improves. Regulators need to wake up and just start fining them absurd amounts of money and keep it vague until Facebook et al. are scared enough to comply and then some.
The ideal solution is to hit them with the hammer until morale improves. Regulators need to wake up and just start fining them absurd amounts of money and keep it vague until Facebook et al. are scared enough to comply and then some.
Facebook is facebook.com, that's what the article is about. I don't know what other communication platforms aside from WhatsApp you're referring to, but they aren't relevant to the discussion.
If you think it's necessary to caveat that if you rely on facebook.com as your "communication infrastructure" (not that many countries would fit that bill) then you shouldn't delete it, I'm happy to do so.
If you think it's necessary to caveat that if you rely on facebook.com as your "communication infrastructure" (not that many countries would fit that bill) then you shouldn't delete it, I'm happy to do so.
messenger, whatsapp and instagram. And of course they're relevant because if Facebook employs these tactics on one site there's no reason to believe they won't do equivalent things anywhere else. They own the largest competitors to their own products, obviously that's relevant because it shows how strong their grip is and that there's no genuine alternatives.
"delete it" isn't a solution at all. You may as well say "turn the electricity off". People deserve privacy when services are provided to them by private companies, that's not a bonus, it ought to be a fundamental right. It's not the job of individuals to take on trillion dollar multinationals.
"delete it" isn't a solution at all. You may as well say "turn the electricity off". People deserve privacy when services are provided to them by private companies, that's not a bonus, it ought to be a fundamental right. It's not the job of individuals to take on trillion dollar multinationals.
Delete it is absolutely a solution. You may not like it, but it's a solution.
For some reason people here seem to think I'm precluding regulatory action against Facebook. I'm not. I just also think it's better not to use it.
For some reason people here seem to think I'm precluding regulatory action against Facebook. I'm not. I just also think it's better not to use it.
That's like saying 'stop being poor.' I'm not personally invested in FB, but people with large extended families, businesses, political campaigns etc. don't have the option of just ignoring it.
Every HN thread about social media has one sub-thread like this, and it never produces anything of value because the premise is trite.
Every HN thread about social media has one sub-thread like this, and it never produces anything of value because the premise is trite.
It's not like saying that at all.
God I wonder what people with large extended families did before Facebook was invented! Surely they were all isolated and out of touch, how sad.
This comment was not directed at people running Facebook business accounts or political campaigns. The reason this thread produces nothing of value is because of pedantic comments such as yours bringing up irrelevant edge cases.
God I wonder what people with large extended families did before Facebook was invented! Surely they were all isolated and out of touch, how sad.
This comment was not directed at people running Facebook business accounts or political campaigns. The reason this thread produces nothing of value is because of pedantic comments such as yours bringing up irrelevant edge cases.
Large extended families used the best option they had before Facebook. Now they have Facebook, they use Facebook, because it's the best, most useful option for the vast majority of them. This thread is full of people saying that if people aren't willing to switch to other platforms for you then you should cut them out of your life. This might be fine for some acquaintances or even friends, but no normal person is going to cut their close family out of their life because they didn't switch to Signal. Nor does this even begin to take into account people who live in countries where Facebook or WhatsApp are the internet to the average person. Making an individualistic moral stand is nice and all, but to the majority it isn't a realistic solution, Facebook is too in-baked to society and how it functions. Thus the solution needs to be regulatory/political.
Yes, it's exactly like saying that.
Your sarcasm is misplaced; once people adapt to a benefit, many understandably don't wish to forgo it, and leveraging such network effects is the core business model of social media.
As for who the comment was directed at, it was so broad as to be inclusive of all users, because it didn't qualify its suggestion at all; that's why it's trite. You're just making a 'not true Scotsmen' argument.
Your sarcasm is misplaced; once people adapt to a benefit, many understandably don't wish to forgo it, and leveraging such network effects is the core business model of social media.
As for who the comment was directed at, it was so broad as to be inclusive of all users, because it didn't qualify its suggestion at all; that's why it's trite. You're just making a 'not true Scotsmen' argument.
[deleted]
Just like the ideal solution for climate change is to stop eating meat, stop flying, stop driving, stop heating, stop air conditioning, and, for good measure, stop using computers.
Heaven forbid that we seek a political/regulatory solution.
Heaven forbid that we seek a political/regulatory solution.
Seek whatever you like. I don't think those are comparable examples.
I've just deleted my Messenger account. Won't lie, that felt good. Good thing my friends/family from there are on the other two alternatives I use.
And like all ideals, that's easier said than done
[deleted]
Yeah most things involve tradeoffs.
[deleted]
Replace the word "facebook" with "alcohol" or "heroin" and re-read
every comment in this thread. We have a real problem, don't we?
It’s interesting because the (in my opinion valid) comments of “but I have friends and family that I can only contact through Facebook” also somewhat translate to that analogy. It’s not uncommon to hear stories of people who quit drinking for example and soon after lose all their friends because their friendship really only existed in contexts where alcohol is present (maybe even mandatory to some extent).
> It’s not uncommon to hear stories of people who quit drinking for example and soon after
lose all their friends
And (crucially) then go back to drinking.
Human attachment patterns are a primary factor in dependency problems. Addicts get into groups who mutually support each other's habit. Leaving the drug means leaving the only group who "understand" you. It's the same for cults. There's a chapter on this in Digital Vegan. Social media companies shamelessly and aggressively leverage that psychology.
And (crucially) then go back to drinking.
Human attachment patterns are a primary factor in dependency problems. Addicts get into groups who mutually support each other's habit. Leaving the drug means leaving the only group who "understand" you. It's the same for cults. There's a chapter on this in Digital Vegan. Social media companies shamelessly and aggressively leverage that psychology.
No stuff. I'm beginning to wonder whether I want to even work in the tech sector anymore. Nothing but exploitation.
[deleted]
That should be illegal.
No it shouldn't. It's unethical, sure, but the correct way to fight this is to not give money (or your time) to companies that engage in these behaviors.
At this point it is barely possible to ignore Facebook (Twitter, Instagram etc. also). I'm a great proponent of the fediverse, but FB without regulation will simply eat all the ethical alternatives.
The company we're talking about here is, if not an outright monopoly, a dominant market player that actively abuses their dominance to the detriment of both competitors and customers. The correct way to fight that is to make such a thing not exist anymore.
A test: if it was illegal by default, would there be a reason to make it legal?
"illegal by default" is fairly at incompatible with the concept of an open, liberal society.
Thanks, I wasn't suggesting that!
It's a thought experiment to look at specific categories. Maybe it's not worth making something illegal, but it's useful to answer the question to get a good perspective.
In this case I would say it's definitely not something I specifically want to be legal.
It's a thought experiment to look at specific categories. Maybe it's not worth making something illegal, but it's useful to answer the question to get a good perspective.
In this case I would say it's definitely not something I specifically want to be legal.
[deleted]
considering that FB did and does serve a purpose beyond meaninglessly scrolling through your timeline and liking pictures - f.x. organising and advertising events or managing group interactions. is there a new FB - something that could replace it or maybe even did? I'm off FB now for about six years but sometimes I wonder if I'm missing out sometimes. I really don't want to move back in.
Same sentiments here. I have heard that the marketplace is great for selling second hand goods locally. But I still think the benefits of not being on facebook outweigh what I'm missing out but curious on reevaluating my stance.
[deleted]
Ansil849(4)
I have no idea if it's doable in this FB context, but usually when links can't be anonymized, the next move is to make them produce irrelevant data by adding noise.