Targeted Ads -- How Do They Know?

[Justin]

Yep.

[Gman]

Current news on the subject:
Facebook transcribed users’ audio messages without permission

“The future is private.” Clearly, Facebook still has a way to go.

Facebook has become the latest tech giant to face scrutiny over its handling of users’ data, following a report that said the social media giant collected audio data and recordings from its users and transcribed it using third-party contractors.

The report came from Bloomberg, citing the contractors who requested anonymity for fear of losing their jobs.

According to the report, the audio came from its Messenger app. The audio conversations were matched against transcriptions to see if they were properly interpreted by the company’s artificial intelligence.

There are several ways that Facebook collects voice and audio data. But the social media giant’s privacy policy makes no clear mention or explanation what it uses audio data for. Bloomberg also noted that contractors felt their work was “unethical” because Facebook “hasn’t disclosed to users that third parties may review their audio.”

The company has long rebuffed claims that Facebook is “not listening” to its users through your phone.

We’ve asked Facebook several questions — including for what reason the audio was transcribed and why users weren’t explicitly told of the third-party transcription — but did not immediately hear back.

Facebook stopped transcribing voice data earlier in August, said spokesperson Joe Osborne.

The social media giant becomes the latest tech company to face questions about its use of third-party contractors and staff to review user audio.

Amazon saw the initial round of flak for allowing contractors to manually review Alexa recordings without express user permission, forcing the company to add an opt-out to its Echo devices. Google also faced heat for allowing human review of audio data, along with Apple, which used contractors to listen to seemingly private Siri recordings. Microsoft also listened to some Skype calls made through the company’s app translation feature.

It’s been over a year since Facebook last had a chief security officer in the wake of Alex Stamos’ departure.

[Justin]

If you want to know what's going on in the world of cybersecurity, including stuff like this, I recommend reading Bruce Schneier's blog.

https://www.schneier.com/

[ChickNorris]

DEF CON just wrapped didn't it?

[MrPrena]

My female boss use to get massive amount of PORN POP ads on her work pc.

Then one day, she wanted to show me one important email. Then there it is huge hardcore porn email on the pc.

Targeted porn ad.

This was exact reason I would not use work pc for personal reason. This was 2002ish.

[RblDiver]

Don't have experience in the "instant ad-ification" world, but my company does do some online marketing (in addition to physical mail). We base ours primarily on actual purchases. That is, we look at people who have purchased items versus a control group, model to determine what made those people buy versus the others, then score individuals to determine who "looks like" someone who bought XYZ. We'd then load that score to an online platform for ad buys. Like, if we think you're very likely to buy an item, when you visit a site that has an ad platform, there's essentially a bidding war that goes on. I don't know the actual number, but let's say that if you're likely to buy, we'd offer to pay 5 cents to show you an ad. If ours is the winning bid, you see our ad. Meanwhile, if you're not likely to buy, we might only offer half a cent for your view, so the toe fungus cream that's offering a penny will win out instead.

I know we do have some stuff related to interests (like, "interested in outdoor activity," though I don't know how our partners determine that), that can play into it, but our process takes minimum 2 weeks to change that sort of data, not 30 seconds.

[MrPrena]

Btw........ no we did NOT.

[Skip]

[snip]

Now think about the size and speed of the database they're using, and then think about the network size and speed, and the server farms size and speed of those servers because they're doing this to billions of people every second of single day. The algorithms are incredible.

The tech doesn't impress me because I work with it. It's how they are getting the hooks into me that is impressive which is more logistical.

Do you ever use your phone on your home WiFi?

Yes.

But let's keep in mind what is being sent and how it can be used. My IP address alone doesn't identify a social media account under the name "John Doe." They would have to record the login to know that. A person going to FB.com isn't sending their credentials. There is a cookie on the device that stores that info. So a service would have to read foreign cookies in order to piece together IP and accounts. This would associate the device, account, and IP.

But then how would a service know the device? MAC IDs sure but then they have to read IP config to get that because (AFAIK) MAC IDs aren't sent over the internet (but are available on local networks). Now if I joined a WiFi that I didn't own (which I never do) of course they could get this. But then then they wouldn't be able to make the association if I used a network they didn't own (Verizon LTE)--which assumes Verizon isn't selling my info and I don't think I can assume that.

I worked in the ad-tec industry for 6 years. Once my nda expires I can talk about this in detail. Just know that it's shady as hell.

I wonder how much of this is actually legal. Sure, you can sign away your rights under a vague ToS but that doesn't nullify state/Fed laws.

Current news on the subject:
Facebook transcribed users? audio messages without permission

Far less remarkable if you give consent to use that service and install an app that does it. I didn't consent to anyone listening to a convo at my dentist's office. I didn't install an app that consents to constant surveillance.

This was exact reason I would not use work pc for personal reason. This was 2002ish.

This is my practice as well. My work laptop is for work only. I don't even visit this board with it!

What happened yesterday was on multiple devices. My iPhone then my personal PC. Since I use my work laptop from home, I have to assume whatever associates IP and device info can associate that device.

[Justin]

Yep.

So we'll get to see all kinds of scare stories in the media portraying exotic system exploits as something your neighbor kid can do.

[hollohas]

Half the targeted ads I see are for stuff I already purchased. That's a HUGE waste of advertising money to target people who already have the product IMO.