back to article Fleeing Facebook app users realise what they agreed to in apps years ago – total slurpage

It was the weekend that had it all: promiscuous permissions dragged Google into the Facebook privacy row, Facebook apologised again while at the same time denying anything's wrong with its Android apps, and Tim Cook was totally not smug when he chimed into the privacy debate. It's long been understood by people in tech (less …

  1. Boris the Cockroach Silver badge
    Facepalm

    well

    makes me glad that , dispite farceboks nagging , that I never installed that messenger app...

    But if you're wondering how GCHQ/NSA etc etc got hold of your data... there you go........ you gave it to FB who then gave it to them

    And to quote an Asimov story "Welcome to the goldfish bowl gentlemen"

  2. Dan 55 Silver badge

    Re: well

    You didn't install the Messenger app, but did you install the Facebook app or was it included with the phone and not uninstallable?

    I bet the first thing it did was upload your phone number even if you had the foresight to disable/uninstall it, and if you decided to leave it there but not log in it's probably still adding to your dark profile, as they call it.

    I think it's time each and every EU privacy regulator rip Zuck a new one, the day after the GDPR comes in, except the Irish one of course who knows which side his bread is buttered.

  3. shedied
    Facepalm

    Re: well, not exactly gave it to them

    The data was, like, just sitting there, in a quiet stack on the desk/server, until the nosey visitor had to ask. Ahem, you seem to have everything organised on your desk, and clutter-free, I might add. Why is there a stack of continuous forms on the table; don't your tech staff ever work on these dreadful things?

    It's just useless trivia. Sometimes I wonder how we wind up with these things, truth be told

  4. Anonymous Coward
    Anonymous Coward

    Re: well

    You didn't install the Messenger app, but did you install the Facebook app or was it included with the phone and not uninstallable?

    Doesn't matter. If people you know use Facebook, etc then the slurpage happens there. Facebook collects data on you from their account activity, without you ever agreeing to it.

    For interest Google does the same thing with caller ID on Android, contacts lists. You call people with an Android mobiles, Google know who you are. Who you call, etc, all without you ever giving Google permission.

    The tech companies have the opinion that data in contacts lists, caller ID, etc, is personal and therefore covered by a single EULA signed up to by a single user. In fact it's shared data, and in law the user agreeing to the EULA has to seek the permission of someone in their contact list before letting Facebook inside.

  5. rmason Silver badge

    Re: well

    As above.

    Even if *you* manage to never click "yes" to any of the nice sounding questions that are actually asking your permission to do this, it only takes a single person with your name and number saved in *their* phone to click "yes" and bang.

    They have your name, number and texts/calls etc and the profile building can commence.

    https://twitter.com/EmmaKennedy/status/977811813478883328

    They get *everything*.

  6. LucreLout Silver badge

    Re: well

    I think it's time each and every EU privacy regulator rip Zuck a new one, the day after the GDPR comes in

    Absolutely.

    I know so many farcebook users, some of them a little elderly and prone to just clicking "Ok" to stuff, that they're almost guaranteed to hold data, or metadata, about me despite my never having an account with them.

    The day GDPR comes into force, I'm going to insist they delete all of it - physically rather than logically, and the moment they get done telling me metadata isn't data I'll be filing a complaint with the ICO.

    Perhaps everyone in the UK, or even the EU, could target the same data slurper with requests on the same day. They'd have to spend so much money trying to comply or else drop most of their database that it'd put the fear of go into them - 2% of revenue fines multiplied by 28 nations is going to hurt like hell.

  7. Joseph Haig

    Re: well

    "You didn't install the Messenger app, but did you install the Facebook app or was it included with the phone and not uninstallable?"

    If you uninstall the Facebook app (as I did when it made my phone too unresponsive) you find that the mobile web site is almost fully functional so there is really no need for an app.

    The one thing that doesn't work is private messages. It used to work, so there is no technical reason why it shouldn't any more, but if you try to view messages you now get automatically directed to the Google Play store. It is almost as if Facebook needs the app to do more than just display some text and pictures on your screen.

    I, too, am glad I never gave in to the nagging although my reason is that I want a phone that I can actually use.

  8. TechnicalBen Silver badge
    IT Angle

    Re: I assume

    Private messages is using some form of end to end encryption they have not figured out on the webpage but have for the app?

  9. Wulfhaven

    Re: well

    It works, it's just disabled on cellphones. Try using m.facebook.com on a normal browser, and the messaging works. It's just a *very* thinly veiled way to foist their dataslurpers on people.

  10. disgustedoftunbridgewells Silver badge

    Re: well

    There's "Facebook Lite" and "Messenger Lite" apps, which take up much less resources on your phone.

    I use "Messenger Lite" but not "Facebook Lite".

  11. Jim 59

    Re: well

    LOL

    Dan 55: I think it's time each and every EU privacy regulator rip Zuck a new one...

  12. Dan 55 Silver badge

    Re: well

    Go and check the permissions. It's anything but Lite.

  13. teknopaul Bronze badge

    Re: I assume

    Bollocks.

  14. Alistair Silver badge
    Joke

    Re: well

    They'd have to spend so much money trying to comply or else drop most of their database that it'd put the fear of go into them -

    Whilst it is often quite a challenge when playing against a certain compatriot, I would not say that I fear the go. I rather enjoy our games.

  15. Joseph Haig

    Re: well

    "It works, it's just disabled on cellphones."

    Quite. When I said it no longer worked I meant it was blocked. There was a period when you got the annoying message asking you to install the app but it would still let you through to the messages but that option disappeared eventually.

    And your suggestion to try m.facebook.com gave me the idea to try using a non-default browser. It turns out that with the Opera Mini browser I can now access messages again via the web app.

  16. jason 7

    Re: well

    Yeah if HM.GOV can't get these folks to even pay their tax, they are hardly likely to be worried about users data.

    GDPR is the biggest pile of BS since WEB2.0

  17. Nick Ryan Silver badge

    Re: well

    Precisely.

    The (Android) facebook app was plainly written by fuckwits who had no idea how to write any form of application - which almost certainly explains why they never got HTML5 features working either and the performance of the application sucked every shade of egg. What was especially annoying was that the likes of Samsung pre-installed the PoS and marked it as an unremovable system application.

    As for the facebook messenger app - the data slurp was so pathetically ridiculous that I never installed it on a mobile phone. On a WiFi only tablet, yes, but not on a phone. Bloody thing barely works now, of course, because Facebook insist on SMS verifications for nonsense stuff and I am *not* about to give them mobiles numbers voluntarily.

    Facebook have also "cleverly" managed to bork their web pages such that it is impossible to write anything or send a message using with them and to instead have to use an app. Use a different browser (with a desktop like UA identifier) and suddenly everything works fine on a mobile device. Who'd have thought eh???

    All of which is moot, of course, because conversation is by definition between two parties and all it takes is some real life individual to have my personal details stored and to use one of the facebook apps and my details are now hoovered up regardless of my consent.

    The writers of GDPR were (mostly) a wise bunch. Sorry left pondians but your regime, that treats all personal data as the sole property of whatever corporate entity happens to have a copy of it, is going to have a rough time shortly...

  18. jelabarre59 Silver badge

    Re: well

    What was especially annoying was that the likes of Samsung pre-installed the PoS and marked it as an unremovable system application.

    The very idea that manufacturers and cell providers can build in apps marked as "uninstallable/system" that are not, in fact, system-critical apps should be cause to apply severe spankings (and not in a good way*) upon all responsible for those decisions.

    *(think Margaret Thatcher or Janet Reno as opposed to Megurine Luka)

  19. Paper
    Facepalm

    Re: well

    Fortunately I was late to the party with installing it, and it had already transitioned to the individual permission Android model, so I clicked Deny to allowing it to have access to my contacts. Similarly I deleted my number from Facebook (I wish I could go back in time and tell myself not to be so silly).

  20. Kimo

    Re: well

    You can check "Load desktop site" to get messages on the web page instead of the app.

  21. Anonymous Coward
    Anonymous Coward

    Re: well

    > For interest Google does the same thing with caller ID on Android, contacts lists

    Which is why it's got to the point where one of the first things you do when configuring a new Android device is uninstall the built-in, non-AOSP proprietary Google dialler that they all must come with these days and install an open source replacement (or if you're lucky, one clandestinely provided by your phone's manufacturer. I couldn't possibly comment). Same goes for the SMS app. Never mind *not* having a Gurgle account at all, much less one configured on the phone.

    Wild Fucking West this is.

  22. Doctor Syntax Silver badge

    Re: well

    "Sorry left pondians but your regime, that treats all personal data as the sole property of whatever corporate entity happens to have a copy of it, is going to have a rough time shortly."

    Please don't apologise.

  23. Anonymous Coward
    Anonymous Coward

    Re: Facebook Lite apps

    Who writes these “Lite” apps?

    If they are unofficial apps by third party developers, who’s to know that they aren’t Trojan horses containing hidden ad trackers or other malware?

  24. onefang

    Re: Facebook Lite apps

    "If they are unofficial apps by third party developers, who’s to know that they aren’t Trojan horses containing hidden ad trackers or other malware?"

    So that sounds like the official app to me.

  25. Mitoo Bobsworth

    I'm (not) sorry

    Zucks "we don't deserve..." apology was 100% unconvincing.

    If he wants to slurp data about my guitar parts buying preferences or curse word count per sentence, he's welcome to it. I'm sure the authorities would be riveted by my ability to buy a pair of Gretch filtertron pickups for a "fucking bargain"

  26. Dodgy Geezer Silver badge

    Re: I'm (not) sorry

    Thank you.

    We are currently considering the possibility that 'a pair of Gretch filtertron pickups' might be code for 'a pair of nuclear hunter-killer submarines', and that "fucking bargain" might mean "have left Faslane"

    signed,

    The Authorities

  27. wolfetone Silver badge

    Re: I'm (not) sorry

    "If he wants to slurp data about my guitar parts buying preferences or curse word count per sentence, he's welcome to it. I'm sure the authorities would be riveted by my ability to buy a pair of Gretch filtertron pickups for a "fucking bargain""

    You, people like you, are the problem.

  28. This post has been deleted by its author

  29. Snorlax Silver badge
    Black Helicopters

    Re: I'm (not) sorry

    @All gods are bastards:"I have already informed my family and friends that SMS and phone communications from non-whitelisted mobile numbers will be ignored. Numbers are whitelisted only when I have extracted a commitment from its owner not to run spyware on their device

    I've heard some bonkers, mental shit in my time but that takes the biscuit...

  30. VinceH Silver badge

    Re: I'm (not) sorry

    "I have already informed my family and friends that SMS and phone communications from non-whitelisted mobile numbers will be ignored. Numbers are whitelisted only when I have extracted a commitment from its owner not to run spyware on their device - and when I trust the owner to keep their word. If they're not happy to do this, they will need to get used to calling me from a landline, or using plain, old e-mail."

    It doesn't matter if you whitelist them or not. The person at the other end of the call - irrespective of whether you answer or ignore it - has your number. They're using it to call you. If it's in their mobile phone, and they're using the Facebook or Messenger app, bang, Facebook has your number - and depending on what else the caller has in their phone regarding you, they have that as well.

    All you are achieving is for Facebook's data to show that these people called you, but didn't get an answer, rather than did.

    As Snorlax said - that's bonkers, mental shit that takes the biscuit. And its a pointless biscuit at that.

    The best you can do, until the regulators and enforcers wake up and take some proper action*, is try to limit what the likes of Facebook can collate about you - strict cookie management, different email addresses for different log-ins, and so on. They'll still garner shit about you, but won't be able to piece it all together and associate it with a single identity**.

    In most cases, anyway. (Which I think I'll try to write in more detail about this coming weekend).

    * I've seen elsewhere comments to the effect that they need to "nip this in the bud" - but I think we're a long way past that.

    ** Just for a laugh, I downloaded my own data from Facebook this morning - the file was laughably empty. I'm sure they have more data on me than what is there, but haven't been able to link it to my account.

  31. This post has been deleted by its author

  32. VinceH Silver badge

    Re: I'm (not) sorry

    "Incorrect: When calls and messages go unanswered - and they will - those who really need to contact me will either comply with my policy, or not bother contacting me."

    Most decidely NOT incorrect - not if you read what I said and understood the point I was making.

    In order to call you, unless these people are communicating over the telecoms network using psychic abilities, they are putting your number in their phone.

    If they are using Facebook's rubbish on said phone, Facebook is slurping that information - and If they put other information about you in their phone along with that number, Facebook is slurping that information as well.

    Data is being slurped about you whether you like it or not, and all you appear to be doing is burying your head in the sand.

    If you'd said you refused to give people your number without said commitment, that would be a different matter - but you didn't; you simply said their calls would go unanswered.

    "On the other hand, tolerating (and even shrugging off) the digital equivalent of a Stasi informant network is, in my own opinion, going full on batshit insane."

    Yes, those people who tolerate or shrug this off - and I include those trying to convince themselves they are some way immune to it in that - are indeed batshit insane.

  33. Bill Gray

    Re: I'm (not) sorry

    I've never had a Facebook account. But people have given Facebook my e-mail address so that FB can send me an invitation to "be their friend". I've long assumed that FB therefore knows a long list of people who wanted me to "be their friend" and has done their best to profile me based on my supposed associates.

    Lacking a FB account, though, I have no way to control what FB knows about me, or even to _know_ what FB knows about me. In some ways, having an account would actually give me more control over the situation than I currently have. Which, I need hardly add, is bonkers.

  34. This post has been deleted by its author

  35. aelking

    Re: I'm (not) sorry

    I don't know if you are being purposely antagonistic or bot, so appologies this isnt meant to be rude, I would just like some clarification on the steps that are occuring.

    1. Someone asks for your number

    2. You give it to them

    2a. Facebook takes it from them

    3. You take their number

    4. If they don't have facebook installed then you whitelist else blacklist

    5. They call you

    5a. Facebook takes you number

    6. You answer based upon their response to having facebook installed

    I hope I have the steps correct.

    Please le me know if I am wrong.

  36. This post has been deleted by its author

  37. tfb Silver badge

    Re: I'm (not) sorry

    All you are achieving is for Facebook's data to show that these people called you, but didn't get an answer, rather than did.

    That's exactly the same thing that would happen if you were, for instance, dead (so long as you never call the people concerned). I would be quite pleased if Facebook decided I was dead as they dead people are uninteresting to advertisers.

    So that looks like a result to me.

  38. VinceH Silver badge

    Re: I'm (not) sorry

    [I referred to 'people' telephoning 'All gods are bastards']

    "But I didn't, did I? I specifically said "family" and "friends" - and, once, even "contacts" - all of which implies people who ALREADY have my telephone number - not "people"."

    Irrelevant. Your friends, family, contacts (who, I might point out, all fall under the category of 'people') have your number already - fair enough - but if you're refusing to answer the phone to even one them because you haven't whitelisted them (because they haven't given you the assurance you insist on), then the damage is already done.

    Each time you receive a phone call from a number that you haven't whitelisted, you know - no matter how much you're trying to deny it - that the person calling you may be using a Facebook app or whatever, and that your number (along with any other details they have about you on their phone) is being slurped.

    Otherwise, you would have whitelisted them.

    TBH, what I think is that you came up with an idea for slurp-avoidance that you thought would make you look really clever, and now you're digging a big hole for yourself trying to deny a massive flaw in it.

    I'm tin foil hat careful, but I'm also wise enough to know that Facebook will still have data about me beyond what's actually in my account, because 'other people'. I'm not happy about it - I've never been happy about it - but I'm not hiding behind a faux shield, pretending to myself that it hasn't happened.

    Edit: But I like tfb's thinking! :)

  39. This post has been deleted by its author

  40. Anonymous Coward
    Anonymous Coward

    Re: I'm (not) sorry

    > I have already informed my family and friends that SMS and phone communications from non-whitelisted mobile numbers will be ignored.

    What took you so long? Never since caller ID came into existence have I picked up a call that did not come from a recognised party.

    Or a call from a recognised party, when that party was my boss (but I digress).

    Still, I'm not sure what this has to do with third-party data collection, since all it takes is for someone to know your number and write your name next to it in their contacts list, as you can see from the screenshots in the twitter link.

  41. Anonymous Coward
    Anonymous Coward

    Re: I'm (not) sorry

    > I don't know if you are being purposely antagonistic or bot, so appologies this isnt meant to be rude, I would just like some clarification on the steps that are occuring.

    Good try, now consider this scenario:

    1. Someone has Mr Whitelist's number

    2. This someone gives Mr Whitelist's number to someone else

    3. That someone else records Mr Whitelists number, name and whatever other details they find appropriate in their contacts list.

    ...

    You see where I am going from here?

    I am actually one of those who has never had a Farcebook account or similar time wasters¹ and a) post-GDPR plus b) when I have a bit of time I shall be addressing their Data Protection Officer a request for my personal data and the relevant justifications and legal basis for having it, as is required under the GDPR. Methinks some fun will be had.

    ¹ Says I posting on El Reg, I know.

  42. Anonymous Coward
    Anonymous Coward

    Re: I'm (not) sorry

    > Your friends, family, contacts (who, I might point out, all fall under the category of 'people')

    Aren't you making a bit of a logical jump there? Especially with the sorts that populate these comment sections. :-)

    (more seriously, I have entries in my address book for both legal persons and machines, neither of which are "people")

  43. Doctor Syntax Silver badge

    Re: I'm (not) sorry

    "1. Someone asks for your number

    2. You give it to them"

    AFAICT from the OP it's more like:

    1. Someone asks for his number

    2. He asks them about the security of their phone

    3. Depending on the answer he gives them the number

    else he doesn't.

  44. VinceH Silver badge

    Re: I'm (not) sorry

    No, read the original post again - their response about the security of their phone is how he decides whether or not to answer their calls. Otherwise they have to use a landline or email.

    Fair enough, he's now explained his logic - but I still consider it to be ignoring the problem.

  45. Alan Brown Silver badge

    Re: I'm (not) sorry

    > But people have given Facebook my e-mail address so that FB can send me an invitation to "be their friend".

    People have given mine to LinkedIn.

    And it NEVER stops bugging you about it.

  46. Martin an gof Silver badge

    Has it gone?

    The question is, even if people delete their profiles and sign out, is the data gone? I'm sure it was Facebook's terms and conditions that I read some years ago where they claimed something along the lines of a perpetual, free, permissive licence to use anything you had uploaded, in whatever manner they chose. The implication was that even if you left the service, they could still use your pictures of aunty Viv for - I dunno - promotional material or something, and I'm sure the same applies to this metadata that "you" are uploading, simply by using the app.

    This was one of the things that made me certain that I wanted no part of it all those years ago. Being part of it anyway, via third parties, is more than a bit annoying.

    M.

  47. Anonymous Coward
    Anonymous Coward

    Re: Has it gone?

    The question is, even if people delete their profiles and sign out, is the data gone?

    Sure!*

    *text that follows is too small and densely legal for understanding. If this was an ad on TV it would be read in 0.03 seconds

  48. Steve K Silver badge

    Re: Has it gone?

    As a non-FB user, can I request that they delete my phone number(s) from their systems?

    I suppose the problem is that to do this, I have to give them my details and it's GOTO 10...

  49. Martin an gof Silver badge

    Re: Has it gone?

    I suppose the problem is that to do this, I have to give them my details and it's GOTO 10...

    This is like the problem I have with the Google "privacy" thing that keeps popping up, even though I've answered the questions several times and I do not delete cookies from Google. "Oh," they say, "if you log in with Google we will remember your choices."

    Well, ummm... why do you think I'm turning off all the tracking things anyway? I do not want to be tracked by Google, that's what my answers to those questions mean, not, "please don't track me using these methods, but I will log in anyway so that you can track me by other means"!

    </rant>

    M.

  50. Anonymous Coward
    Anonymous Coward

    Re: Has it gone?

    > This is like the problem I have with the Google "privacy" thing that keeps popping up

    The one that you haven't blocked with uBlock Origin or whatever it is that you use?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018