Test Shows Facebook Begins Collecting Data From Several Popular Apps Seconds After Users Start Consuming Them. Company Also Collects Data of Non-Facebook Users.

Millions of smartphone users confess their most intimate secrets to apps. Unbeknown to most people, in many cases that data is being shared with someone else: Facebook. [Editor's note: the link may be paywalled; here's an alternative source.] The Wall Street Journal reports: The social-media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it, even if the user has no connection to Facebook, according to testing done by The Wall Street Journal. The apps often send the data without any prominent or specific disclosure, the testing showed. [...] In the case of apps, the Journal's testing showed that Facebook software collects data from many apps even if no Facebook account is used to log in and if the end user isn't a Facebook member.

In the Journal's testing, Instant Heart Rate: HR Monitor, the most popular heart-rate app on Apple's iOS, made by California-based Azumio, sent a user's heart rate to Facebook immediately after it was recorded. Flo Health's Flo Period & Ovulation Tracker, which claims 25 million active users, told Facebook when a user was having her period or informed the app of an intention to get pregnant, the tests showed. Real-estate app Realtor.com, owned by Move, a subsidiary of Wall Street Journal parent News Corp, sent the social network the location and price of listings that a user viewed, noting which ones were marked as favorites, the tests showed. None of those apps provided users any apparent way to stop that information from being sent to Facebook. Update: New York Governor Cuomo has ordered probe into Facebook access to personal data.

Re:

[Anonymous Coward]

I'm pretty sure Facebook is a US intelligence front company.

Re:You can't stop them. Everything is collected

[lgw]

So whaddya gonna do? You let the NSA do it, why not facebook? Just charge them a tax on it.

I'd bet they aren't geoblocking this in the EU. That's gonna sting. The GDPR has big, sharp, poisonous fangs.

Any EU Slashdotters using any of these apps? Please do make a "take" request to get everything they have on you, followed by a "sanitize" request to delete it all. We ma not see the fireworks, but they will be impressive.

Re:

[Anonymous Coward]

GDPR is a paper tiger. No one is being slapped with large fines.

Re:

[mrbester]

It hasn't been in force long enough for a meaty case to be brought (because they take months to resolve). That's why the last fine Google had was small, as the amount was calculated using the old legislation. Give it time, the cases are coming.

Re:

[mrbester]

Seeing as the fines can be €20m, or 4% of annual global turnover, whichever is higher, that's a dangerous bet to make, even for $5.27.

Re:

[Anonymous Brave Guy]

Given how much trouble the GDPR caused for small, honest businesses just to update their documentation and processes just to get the formalities right even if nothing materially changed about their actual data processing, the regulators had better at least use the new powers it gives to get some good out of it.

Of course, the GDPR came into effect less than a year ago, and the regulators are reportedly already applying stronger penalties in some cases. However, it seems likely that they're waiting for a head

Re:

[serviscope_minor]

Yes it's a pain for small businesses, just like VATMOSS. But it's a perfect example of why we can't have nice things. We tried making it easy, but then Amazon etc could spend lots off lawyers to dodge taxes.the ugly foolproof solution made it harder on small companies. Same with data protection.

Re:

[Anonymous Brave Guy]

Unfortunately, the responses in cases like the GDPR and VAT MOSS didn't have much respect for proportionality. The risk of a small business with contact details for 500 customers it had last year being hacked are hardly the same magnitude as the risks of an international payment service with millions of people's credit card details in its database. The risk of a company that only sold €25,000 to customers in the EU setting up international subsidiaries to save a few percent of VAT is hardly the same as

Re:

[lgw]

And what is EU going to do to company that is solely based outside EU? They have to jurisdiction even if GDPR says so.
PS: I am talking about the companies that make the apps

Ah, but they're sending the data to Facebook, which probably didn't think this one through.

Re:

[tsa]

FB operates within the EU so they have to comply to our laws. They can be fined just like MS and Google were.

Re:

[sverdlichenko]

I guess these apps are built by small US companies or even individuals, without any assets in the EU. What exactly stops them from ignoring this GDPR request completely?

Re:

[Rick Schumann]

Cowardly idiots like you get what you deserve. Enjoy having your life under a microscope.

Re:

[tsa]

Most civilized countries have rules governing the basic safety of appliances like cars and refrigirators and the like. They make sure the things don't catch fire for no apparent reason and the brakes work properly, for instance. These laws are there because you can't expect every citizen to know about these things. It's time there are laws installed that govern what social media can and can't do with your data, because you can't expect the people who use them to know all about what is happening to their dat

Re:Nice paywall

[Oswald McWeany]

Anyone got the list of apps to avoid?

Yes... all of them. Always assume everything you post to an app CAN, and PROBABLY will find it's way into the wrong hands eventually.

Re:

[Rick Schumann]

ALL of them, friend AC. While you're at it, get off the Smartphone Treadmill; stop paying hundreds or thousands of dollars for a silly phone that'll be obsolete in 2 years, and get the cheapest plastic dumbphone that's good at being a telephone (shouldn't cost more than $50), and be content with that, use the money you saved on something actually important. You'll also save money every month paying the price-gouging wireless companies because you won't need any 'dataplan' anymore. All in all you'll save at

Re:

[Anonymous Brave Guy]

The device I really want is something with roughly the format and feature set of a modern smartphone, but with the software emphasis entirely on standard communications apps (call, send message, browse web, check email, etc.) and useful hardware features (photo/video recording, torch, GPS) rather than "app store apps" where 99.999% of them are junkware and the few useful ones could be done almost as well connecting to ordinary web sites from a browser with reasonable security and privacy. Sadly, no-one seem

Avoiding the Paywall

[MisterSquid]

The paywall can be circumvented by using, ironically in this case, Facebook [ycombinator.com].

Re:

[Anonymous Coward]

It's not that hard to break paywalls, you know.

Re:

[couchslug]

Because msmash values quantity over quality and enjoys making Slashdot worse.

I'm not posting anonymously because this shit is getting old. The posts are so consistently bad they amount to crapflooding.

Non-paywalled link

[Kargan]

https://www.ft.com/content/62f... [ft.com]

Also, old news, this came out in December.

Re:

[Anonymous Coward]

I has been known for years that Fakebook collects data on everyone it can, even if they are not signed up with Fakebook. We just keep finding more of the ways that Fakebook illegally collects data to sell to advertisers. Fakebook needs to be shut down, and all of its facilities utterly destroyed. Collection of ANY data without express written consent needs to be illegal, with 7 digit fines, and 3 digit mandatory jail sentences for each instance!

Re:

[Locke2005]

Google abandoned the "Don't Be Evil" slogan years ago... obviously. Companies must act in the fiduciary interest of shareholders... if that requires being evil, then so be it!

Re:

[Rick Schumann]

When I refer to 'capitalism out of control' or 'capitalism gone bad', that's what I'm talking about: 'Profit above all else, fuck anyone who doesn't like it'. It's got to CHANGE.

Just shut em down ...

[Rip!ey]

Just shut em down for fucks sake. They don't care, at all. Not one little bit.The entire concept of social contract escapes them.

I don't do social media. Not at all. And yet I can't escape them.

Re:

[cypherljk]

But... these are not FB apps that are selling your information. Until it is illegal to share information without your consent it will continue whether with Facebook or someone else.

Stop calling it "sharing"

[Anonymous Coward]

Please stop using the feel-good propaganda word "sharing" to describe the practice of stalking, spying, profiling, and selling personal data.

Re:

[smooth wombat]

Please stop using the feel-good propaganda word "sharing" to describe the practice of stalking, spying, profiling, and selling personal data.

It's no different than when people claim they're "sharing" music and videos.

If you're not going to pay the producers for the items you're using, why should these companies not be able to use your data for free?

Re:

[Mister Transistor]

Yeah, and it's bullshit when they use it too.

The point is that you're not using ANY of the shit they're peddling, paid or not, yet you get caught up as by-catch in their information dragnet.

Re:

[zippo01]

People would scream bloody murder if you tried to shut them down. Making all this public and trying to get people off the platform is a much easier way. Facebook has huge infrastructure costs. It would take much of a lose on members (US/north america members as they are the most $$) to make them hurt. Service begins to suffer, more people live, cycle continues. The other thing that could kill them is if the advertisement bubble bursts. They get an insane amount for North America users. If that value goes do

Re:

[Locke2005]

Do you know how many websites now REQUIRE Facebook logins?

Re:

[EvilSS]

I've run across 0 that are not owned by FB or are not tied in by their main function to social media (socialblade for instance, and then only if you want to track FB) that require a FB logon. Many off it, along with Google but I've yet to run into any that require it.

So to answer your question, I'm going to say not that many.

Re:

[drinkypoo]

Do you know how many websites now REQUIRE Facebook logins?

I haven't seen one in ages. What sleazy corner of the web have you been on?

Re:

[sjritt00]

Try stltoday.com, the website for the St Louis Post-Dispatch. They require a Facebook login to leave comments. Of course, there is very little there worth reading anymore, and even less worth commenting on.

Re:

[thegreatbob]

None that I use, mostly because I just don't have any need... same goes for Google and Microsoft logins, outside of sites and services owned and operated by the specific company. I'm not a fan of single sign-on, and Facebook is an exceptionally large turn-off. If I was forced to use a service requiring any of these, I'd create specific throwaway accounts for each.

Re:

[prisoner-of-enigma]

Do you know how many websites now REQUIRE Facebook logins?

None, so far as I'm aware, that you're required to patronize. If you don't like the tie in with FB, don't give these sites your business. They will either change their policies or wither and die.

Why is it people are so oblivious to the power they have to affect change without requiring The Almighty Hand Of Government to step in and regulate everything? Is it just lazy thinking?

Re:

[dryeo]

Why is it people are so oblivious to the power they have to affect change without requiring The Almighty Hand Of Government to step in and regulate everything? Is it just lazy thinking?

It is due to the fact that the minority has a hard time defending their rights against the majority. It's one of the jobs of government, at least in theory.
I do my best to avoid Facebook, but due to so many people using them they are everywhere and I'd bet they have too much of my personal info even with my avoiding them.
As it gets harder to avoid them, less and less people have the capability. Takes some skill to manage scripts with things like no-script. Some ad blockers white list some sites. Keeping the

Re:

[prisoner-of-enigma]

It is due to the fact that the minority has a hard time defending their rights against the majority.

And yet the entire premise of "shut them down" is that a majority of people dislike what FB is doing! So, again, I ask why people turn to the government as this miraculous solver of all ills?

Or, for the sake of argument, let us assume there isn't a majority out there that dislikes what FB is doing. Should a minority of citizens be allowed to persuade government of the entire populace that a service should be "shut down" simply because the minority party doesn't like it? Is that the kind of government we

Re:

[dryeo]

If they ignore laws, and they do in a lot of countries, what else should be done?

Re:

[tsa]

None, as far as I know. I never came across one.

Re:

[dryeo]

Many countries have privacy laws. Unluckily it seems Americans are fine with their government outsourcing data collection and other ways of infringing on rights.

Re:

[Fly Swatter]

I dunno, there are a lot of anti-stalking laws around this country... Finding one that applies would make some lawyer very rich and famous. A few high priced civil suits should do it, no need to 'shut them down'.

Re:

[rogoshen1]

Why would this be modded down? Mommy government shouldn't be called in to squash something you don't like, irrespective of laws.

Is FB doing things that are illegal? Maybe (probably), but there's a reason why we have courts.
is FB doing something morally wrong? Definitely. So we update the laws accordingly, and deal with it by proper channels.

Re:

[Rick Schumann]

How dare you deny Facebook it's God-given right to profit endlessly off the unsuspecting! Capitalism above all else, it's the American way! We Plebian 'citizens' and our puny, meaningless 'privacy rights' are nothing in the face of endless profiteering for Corporate America; never forget that 'corporations are people too', how dare you deny them their Consitutitional Rights! You should WILLINGLY give ALL your personal data to Facebook, and furthermore buy an entire fleet of 'digital assistants' to install i

Re:

[BringsApples]

If you don't do social media, then how is it that you can't escape them? I understand that you're probably referenced somewhere on FB, I know I am too (I also don't use it), but so what? If I'm not wrapped up in it, how does it affect me?

The whole thing that Facebook is doing is simply collecting money from people that want your data. These companies that want said data, have no way to confirm that it's legit. Facebook slides by, on the fact that no one knows what they have, or how they get it. If F

Re:

[Fly Swatter]

You can't escape them because their trackers are on way too many websites. Eventually your web browser's fingerprint will get into the system as well as everything that fingerprint did, like online purchases, searches, forum participation (real forums, not social media soapboxes), websites you visit, etc. They may not initially know who that fingerprint belongs to, but cross reference it with purchases / website visits / etc and they now know who you are even if you never went on their main sites.

This is

Re:

[BringsApples]

You're 100% correct, all of it. But so what? What can you do about people making a list of qualities that they conclude that you have? Like you said, browser fingerprints exist, and despite the fact that I don't facebook, I do see ads based on what I browsed earlier. But so what? I only see ads at work, where I'm forced to use chrome. At home I use firefox, and I literally never see any ads at all, not even within youtube, or it's videos. So unless I'm at work, I don't see ads - I can't understand wh

Re:

[tquasar]

Don't use it either. My wife got the facebook virus via a contact.

Legal, taxed and regulated

[rsilvergun]

that's my attitude. Banning a thing isn't gonna fix it (which is what shutting down Facebook is basically). Instead regulate it (and tax it while you're at it)

Of course, you'd have to vote people into office would oppose regulatory capture, and that means voting for some folks you might not necessarily like. I don't necessarily mean policy wise (there is that too) but I mean you might not like them personally.

The kinds of people who can be bought off are often also some of the most affable. Reagan,

Re:

[Locke2005]

I think multi-billion dollar fines of Google, Facebook, Apple, and the like will be the primary funding source for the EU for many years to come...

Re:

[Locke2005]

Can you sentence robots to jail?

stop using smart phones

[DogDude]

The only thing to do is not to use a smart phone. It's it's not the "apps", then it's Apple or Google.

For you hosts file

[Trax3001BBS]

Just read title, facebook is indiscriminate and grabs all. I just downloaded this facebook hosts file and added it to my own.
https://github.com/jmdugan/blo... [github.com]

Won't stop this

[Solandri]

The apps which got caught doing this are just the stupid ones. There's no reason for the app to send the data directly to Facebook. The Realtor.com app could send the data to Realtor.com first, then they send the data to Facebook without you ever knowing.

There are only two ways to prevent this sort of sharing with a third party. Legislation like the EU has adopted. Or reading the EULAs like a hawk and not using any app which states that they share usage info with other companies.

Re:

[dryeo]

This one seems to have merged together the most host files, with over 4100 entries https://github.com/StevenBlack... [github.com]

One fix for this crap,

[jenningsthecat]

would be to mandate that all connected devices have a user-configurable firewall that enjoys root permissions and is the ultimate boss of whatever data is sent or received by any app. We all know that will never happen, and we also know that the majority of users would never configure it.

But just imagine it for a moment - those of us who actually care about our privacy, (but who don't know what to do, or who get stuck with unrootable devices), would be able to force the data miners to fuck off. And a lot of formerly-clueless people who suddenly DO care about their privacy when they read news stories like this wouldn't be so helpless. They could ask their geek friends what to do and NOT hear something like "buy a new phone, root it, install this app, blah blah blah".

It's nice to dream sometimes.

Re:

[Alypius]

I tend to argue for the same thing for IoT gadgetry. Still won't happen, but I like to think that someday wifi router makers will incorporate easy-mode "IoT VLAN" for those that can't/won't properly lock down their devices.

Re:

[es330td]

What would be really interesting is to see how the data gets skewed when the subset of the technically competent is removed from the population dataset.

Re:

[Jakester2K]

Yeah I've thought about that too. In metaphorical terms, a personal "digital lockbox" with very-fine-grained controls on who exactly gets what.

The problem is this: once you're data is out there how do you control it? At best you could control one, maybe two hops from your lockbox. After that it's in the world, where anyone and everyone can get at it, with no say at all on your part....

IMO that's the real issue here.

Re:

[Locke2005]

Obviously Slashdot's parent company hasn't gotten any advertising revenue from Facebook in a while... can you say "extortion"? If it works for AMI, why not for Slashdot? Oh wait, extorting the robot didn't work for AMI, did it?

Re:

[Kyr Arvin]

Spate? I don't see a lot more than normal. And they've been getting a lot of attention for the last few years due to their scummy business practices and Zuckerburg's congressional testimony. If they don't change their ways, then there will be a lot of stories to run.

Consuming Apps?

[gtall]

I do not ever recall consuming an app. Is this something peculiar to social media (I don't use it)?

The more we learn about Facebook...

[QuietLagoon]

... the worse Facebook looks.

Why the outcry

[jwymanm]

This is how app developers are getting paid. You either pay for an app or use it freely with the understanding you are still paying for it through data collection your device allows. There are libraries, opensource and other, that just plugin to apps that allow developers to get paid for their work and your device coughs up data along the way that allows you to keep using said apps. I don't get the fucking outcry here. It's just data. Without said data you wouldn't have all the apps you can right now since

Block

[AHuxley]

social media from your computer.
Software firewall, browser extensions, external firewall.
Secure your computer and networking from social media.

Re:Cool Study

[OneHundredAndTen]

Everybody did most certainly not know that apps that are not obviously affiliated with FB send users' personal data to FB, regardless whether or not you are a FB user.

Re:

[Mister Transistor]

Won't someone please THINK OF THE CORPORATIONS!!!1!

  Lameness filter encountered. Post aborted!
Filter error: Don't use so many caps. It's like YELLING.

Re:

[jwymanm]

This right here. Everyone that is upset about this is on the wrong side. This is how apps and software developers make money these days. They share data in exchange for developing software and giving it to you for free. If you get outraged and start a social justice war around this then the government is just going to crack down and fine the crap out of everyone until there won't be free apps anymore. You are going to destroy an entire market because you're pissed off someone like Facebook knows where you a