Facebook monitors unposted comments


IS it covered by the ToS?

I see stuff like

Your information is the information that’s required when you sign up for the site, as well as the information you choose to share.


Your information also includes the information you choose to share on Facebook, such as when you post a status update, upload a photo, or comment on a friend’s story.

but all big with that “choose” to share language.

Then there’s

We receive data about you whenever you use or are running Facebook, such as when you look at another person’s timeline, send or receive a message, search for a friend or a Page, click on, view or otherwise interact with things, use a Facebook mobile app, or make purchases through Facebook.

So, apparently users were supposed to assume that Facebook was gathering info on unpublished posts thanks to that all-encompassing “otherwise interact with things” phrase.

1 Like

Silicon Valley to White House, NSA: “What the hell are you doing?”
[Ars Technica]

Pot, kettle, etc.


This headline is quite misleading. For a small portion of the userbase, Facebook only detect if they self-censor and just transmit that as a yes/no value. They only see metadata, and not the actual contents of the message. You can see this by opening the browser developer tools and watching network traffic.


Have they considered adding passive-aggressive javascript popups that belittle and harass you about what you aren’t sharing, and how you never communicate, and what are you keeping from me?

I figure that, in the brave new world where ‘social’ no longer refers to interpersonal connections; but to their exploitation, you might as well cram in as much abuse as possible.


I am General Keith B. Alexander and I approve this message.


I bet they are salivating at the prospect of the kind of marketable data FitBit and other activity trackers generate.

We have your fitness tracker, your food photos, and your schedule of upcoming social events where being as repulsively fat as you are now would be deeply mortifying. Monetization here we come!

1 Like

Not just social - calendar items ranging from doctor’s appointments to personal trainers, events such as marathons, vacations… combining it with shopper-loyalty grocery/pharmacy programs diet and health data points…hell, they know the menstrual cycle of most women and can target ads based on that. Geolocation data from iPhone/Android apps allows cross-colonizing data from associates, family, mates… it’s endless.

1 Like

Where does the confirmation that Facebook reads what users type come from?

I can’t see it in the linked article, where Facebook confirms that they tracked any cancellation event after 5 chars had been written. That itself may be not okay, but it is a magnitude less invasive than what has been implied.

By the way, BoingBoing does something similar, when I’m not mistaken. When I abandon this browser window on my Mac Pro and switch to iOS, the current content of the comment magically appears.

I’d love to hear an explanation how this happens without passing this information through servers authorized or even run by Boing Boing, I can’t find anything about this in the FAQ or privacy statement.

Ooooh, lookie here… HttpScoop tells me that my draft gets sent unencrypted (plain http, unencrypted json) to http://bbs.boingboing.net/draft.json. Wow, I’m so glad that this is totally not monitoring what I do in my browser…


There is none because it doesn’t happen… The research paper has all the details.

Grumble. I submitted this story to BB two days ago, sourced from this article:

1 Like

Rob Beschizza blows goats! Of course BoingBoing would never do such a thing, even if it had the technical capability.

Out of interest, how much would it cost to serve boingboing.net purely over SSL connections?

As far as I know the main cost of HTTPS lies with handshaking, which in a reasonably modern scenario should happen only once for the session. I assume that posting stuff happens within such a session. I’m not that concerned with simple reading, as what articles I read could probably be inferred by any eavesdropper by looking at message lengths or checking what inline images by browser reads.

Err, got derailed. Anyway, such stuff should run on http these days. Note that the eavesdropping attacks against Google and Facebook on their non-https streams took place on connection which where not on the general internet and had some expectation of being secure already . (Kinda like people not wearing clothes within their own walls.)

People… still… use that junk?

1 Like

Wait, that thing tracks when I’m walking AND when I’m not?! I only want it to track my actual activity!!!

ROFL. Now THAT’s funny! Because, ‘it’s_only_ metadata’. And because, FB is like, the grandaddy of all three-hops-and-we-know-what-and-who-you-and-everybody-you-know-had-for-lunch-today’.
Almost makes you wonder whether FB was the true inspiration for some of these NSA colonics we’re all receiving.

Although, as much as I detest FB (and that’s putting it ridiculously politely), at least joining it is voluntary - even if they do purposely mislead you about the data-mining they use you for. But hey - that’s a lot like NSA-speak, too!

Sorta feels like we should be hearing most any day now that FB is secretly manned by NSA operatives. Or, vice versa…I can’t decide.


On my phone when I open fb it has a little popup saying ‘POST SOME PHOTOS’. Uhhh ok, just what everybody wants to see, shitty and shaky photos of my school notes and things I couldn’t see under the couch.


Not that I’m suggesting any untoward manoeuvring by @codinghorror and pals but discourse maintains your un-posted comments until specifically cancelled.

Maybe facebook just can’t help it.

You know you can just, like, totally post stuff on the BBS?