Facebook Ads Could 'Out' Gay Users 196
itwbennett writes "Researchers at Microsoft Research India and the Max Planck Institute for Software Systems in Germany have written a paper showing that a users may be inadvertently revealing their sexual preference to advertisers. 'One example was an advertisement for a nursing program at a medical college in Florida, which was only shown to gay men. The researchers said that persons seeing the ad would not know that it had been exclusively aimed at them solely based on their sexuality, nor would they realize that clicking on the ad would reveal to the advertiser, by implication, their sexual preference in addition to other information they might expect to be sent, such as their IP (Internet Protocol) address.' For its part, Facebook 'downplayed the study, saying that the site does not pass any personally identifiable information back to an advertiser.'"
Rule number 1 (Score:5, Insightful)
Re:Rule number 1 (Score:5, Insightful)
Rule number 2: Clicking an ad sends information you didn't know was on your facebook to your parents and your boss.
Re: (Score:2, Funny)
You mean your rainbow flag PNG and the photo taken on Sir Ian McKellan's lap didn't give it away? How about that status update: "You GO girl!"
Re:Rule number 1 (Score:5, Funny)
Clicking an ad turns you gay, according to TFA.
Re: (Score:2, Funny)
Clicking an ad turns you gay, according to TFA.
It's a good thing I turned off the ads here on Slashdot! One accidental click and BAM! I'm gay!
I don't think I clicked on any ads in the past....
geeze! I gotta do something about the color scheme in this office! It's just so......oh no.
Re: (Score:2)
- Dan.
Re: (Score:3, Funny)
Clicking an ad turns you gay.
I don't think that's what it means when they say malware "installs a backdoor into your system".
Re: (Score:2)
Re: (Score:2)
Clicking an ad turns you gay, unless you're at c:
Re: (Score:2)
That particular quote was actually directly from TFA. It was included in TFS in quotes. I suppose the submitter or the editor could have resorted to dishonestly misquoting the article, or could have quoted like this:
"...such as their IP [the expansion of the abbreviation IP] address..."
It's kinda telling that, as soon as an article tries to explain one of the privacy issues on Facebook to the "dumb masses", you deride it, and tell us to "keep using Facebook". It's almost like you don't want to share that sm
Re: (Score:2, Insightful)
And then farther down, the line I am actually going to respond to:
Yeah, it's so damn simple. Real simple. Stupid simple. Any-moron-can-understand-it simple. Here, let me show you. Do any one of these three things and you will NEVER have the problems we keep seeing article aft
Re: (Score:2, Insightful)
Rule number 3 - ad blockers are free. Use them.
Re: (Score:2)
Re: (Score:3, Funny)
Rule number 2: Clicking an ad sends information you didn't know was on your facebook to your parents and your boss.
Rule number 3: Your parents and your boss are advertising for gay nurses?
Re:Rule number 1 (Score:5, Insightful)
Never put anything on Facebook that you would not tell your parents and your boss.
Being fired for content on my facebook account about my private life is just a labour saving service. It saves me the hassle of having of having to research if I'm working for snooping, big brother dickheads and then quitting.
Re: (Score:2)
Re:Rule number 1 (Score:4, Insightful)
Never put anything on Facebook that you would not tell your parents and your boss.
Being fired for content on my facebook account about my private life is just a labour saving service. It saves me the hassle of having of having to research if I'm working for snooping, big brother dickheads and then quitting.
So do you work for a place that drug tests? Because drug tests are not like a breathalyzer. A breathalyzer tests whether you are drunk right now and therefore would be completely appropriate for a workplace. It does not test whether you've had alcohol in the last 1-4 weeks without distinguishing whether you did so on your own time or your employer's time.
Drug tests, on the other hand, make no attempt to distinguish your employer's paid time from your own private time away from work. The employer's only legitimate concern is whether you are sober while you're on the job. What you do in your private time is between yourself and the state. Yet it lets them be snooping, big brother dickheads and monitor your private time too. Like Facebook, it's a way for them to find out "oh no, you did something we don't approve of, so now we're going to punish you for that." They stupidly do this no matter how productive you are as a worker and even though you, as a professional, maintain a clear separation between your private life and your working life.
Employment is becoming more and more like running for public office. It is increasingly ruling out all except for two classes of people: the goody two-shoes who never broke a rule in their life because they worship authority with no regard for its legitimacy, and the dangerously deceptive who are very good at living double lives and covering up their tracks. This is not good for society. Some of the wisest and best among us made mistakes and did things they were not proud of before they saw the error of their ways and became better people. The trend now is for every little thing, including victimless crimes, to become a permanent stigma that forever closes doors in your life.
One other related topic. Why is there even such a thing as an arrest record? I can understand a conviction record, but an arrest record? Really? What kind of fascist wet dream is that? Fascists just love thought processes like "well, he must have been doing SOMETHING wrong even though the state with its overwhelming resources couldn't come up with evidence of that" as though the police are omniscient and never make mistakes, as though false accusations are never made. Really fascists love any reason to turn someone else into a second-class citizen, especially if that person has done them no harm and has no ill intent.
What REALLY amuses me is the sheer irony of those who would enforce their Puritannical beliefs on others at every opportunity because the person did something that offends their "Christian values" while forgetting that anyone who has ever actually read the words of Christ knows that Jesus's main teachings were forgiveness and non-judgement. It's not only Christians who do this, of course. There are many secular fascists. It's just extra ironic when people who call themselves Christian display such hypocrisy to cover up their authoritarian eagerness to condemn.
No they don't (Score:2)
Drug tests determine whether you are a criminal or not.
Two points:
Pride is a luxury (Score:2)
reserved for those who can find a job in this climate if fired.
Re: (Score:2)
Because if I add my boss to Facebook and then call him names and say how I hate my job on my wall (something that he has to see if he used Facebook regularly) then he did something wrong?
Re: (Score:2)
"Never put anything on Facebook that you would not tell your parents and your boss."
Never put anything on the internet you wouldn't post on 4chan.
Re: (Score:2, Insightful)
Never put anything on Facebook that you would not tell your parents and your boss.
... and your wife/girlfriend and your kids and and your friends and your enemies ...
Which part of this is "inadvertent"? (Score:5, Insightful)
The ads were served to males who declared themselves to be interested in other males, and females who declared themselves to be interested in other females.
Exactly where is the problem here? The users are outing themselves. Shouldn't this be filed under, "...and water is wet"?
Re: (Score:2)
The problem is that, if you click on the ad, now the advertiser has a record of who's gay and who's straight (the study showed that variants of the ad were displayed to users based on their gender and orientation). Just because it's on your Facebook status, doesn't mean you want the whole world to know.
Re:Which part of this is "inadvertent"? (Score:4, Insightful)
If it's on your Facebook status, and you don't have it covered with restrictive privacy settings, you de facto do want the world to know.
I'm all for privacy being respected, but if you put something out there, and don't take the proper precautions that it be hidden if you want it to be, it's on you, not on Facebook. They can't make it much easier to control who sees what. The kind of concerns being raised here were valid maybe a year ago.
Re: (Score:2)
It's on facebook the moment that claim it's private.
Re:Which part of this is "inadvertent"? (Score:5, Insightful)
The only problem I see in the article is that advertisers aren't supposed to be using sensitive demographic information (sex, gender, presumably sexual preference) to do the targeting. But that's already a violation of Facebook's policies. Facebook should deal with that, I suppose, but even if they do nothing, users can still control what advertisers see. If sexual preference is the kind of information you consider to be only your (or your friends') business, you should configure your profile appropriately. At best, the researchers are causing a tempest in a teapot. There's a fairly easy fix that anyone can implement, without Facebook having to do anything.
Re: (Score:2)
I agree, but gender is part of the policy:
Re:Which part of this is "inadvertent"? (Score:4, Interesting)
It's not even an issue with privacy settings though. I just read this part of the summary and went, "uhh, well yeah, duh!"
The researchers said that persons seeing the ad would not know that it had been exclusively aimed at them solely based on their sexuality, nor would they realize that clicking on the ad would reveal to the advertiser, by implication, their sexual preference in addition to other information they might expect to be sent, such as their IP (Internet Protocol) address.
So essentially, if you had been on any site, and you clicked on the advertisement from any website, your IP address would get sent so that you can be redirected from the adserver to the website. (This is how they know the Ads are working, if it was a direct link to the website, the adserver wouldn't be the proper referer). So now the adserver has your IP and will use BY IMPLICATION your sexual preferences. Seriously, this doesn't even DEAL with Facebook.
So the question is whether the ad is being shown to them based on their information - whether Facebook is giving up the information in the first place. Now thats a big doozy. It hasn't been proven, but its highly suspected. I would normally think that Adservers are catering to me based on my IP, but I've had other people use my computer and its shocking how the ads immediately cater to them after starting a facebook session.
Then there's this juicy nugget.
For its part, Facebook 'downplayed the study, saying that the site does not pass any personally identifiable information back to an advertiser
Emphasis mine. Well - no, it's not sending it BACK to the adserver, the adserver hasn't made a request yet. Facebook says to itself "I need to load a page. There's going to be an advertisement here. Hey advertising server, here's who is lookin'" and the Adserver serves up the correct ads.
Devil's in the details, right?
Re: (Score:3, Informative)
Did you not read the article? This was information that was marked as private, but obviously is not. That's the problem.
Re: (Score:2)
This was information that was marked as private, but obviously is not. That's the problem.
Did you read the article? Nowhere does TFA say that the information was culled from people who'd marked their sexual preference as private. All the article said was that the users didn't know why the ads were served to them, because that wasn't disclosed. It also said that it's against Facebook policy to target users based on "sensitive" demographic information (age, gender, and presumably sexual preference). If the article had said that sexual preference was hidden by the users, that would be worth a s
Re: (Score:2)
But this can happen regardless of your privacy settings. You set your profile to include the fact that you are gay. You make that private, and manage to keep it private no matter how many times they change things. But the fact that it's private doesn't mean advertisers can't target ads based on it. So the advertisers set up an ad which doesn't look like it has anythi
Re: (Score:2)
But this can happen regardless of your privacy settings. You set your profile to include the fact that you are gay. You make that private, and manage to keep it private no matter how many times they change things. But the fact that it's private doesn't mean advertisers can't target ads based on it.
Do you have a source for that information? The article doesn't say that advertisers are targeting private information, or that they can see private information.
Re: (Score:2)
The example in the article of a nursing program, for instance : perhaps anyone who applied to the program via THAT ad would be rejected out of hand.
So they're going to spend money on an advertising campaign to solicit applications from.. people they don't want as clients?
What?
Re: (Score:2)
Uh... The ad was for a nursing school....
Re: (Score:2)
So if your options are set not to display a profile field to people other than your friends, does that also mean Facebook will not use it in targeted advertising?
Re: (Score:2)
"If it's on your Facebook status, and you don't have it covered with restrictive privacy settings"
I thought that (at least, I heard they used to) Facebook sold some of your personal information no matter if you had them hidden with 'privacy' settings or not. Is that not true?
Re: (Score:2)
Re: (Score:2)
I don't see any controls which allow me to share something with anyone who specifically looks at my Facebook page, but not with advertisers. But besides that, if it's against Facebook policy for advertisers to use certain data, why are Facebook giving that data to the advertisers in the first place? If there's a specific set of data which they may use, pass them that data, and don't pass them a primary key which allows them to scrape my public page.
Re: (Score:2)
Just because it's on your Facebook status, doesn't mean you want the whole world to know.
see what you did there? kinda contradicted yourself. if you post something on a site that's ABOUT sharing information with the world, (that openly has told people that several times) and only pretends to keep information private so people will stop thinking about it: it's public.
as much as people want to keep secrets, they seem to be really REALLY -REALLY- fucking bad at it. if you want to keep your preferences a secret: don't post them in "a secret corner of the internet"... there are none.
and for t
Re:Which part of this is "inadvertent"? (Score:5, Insightful)
Re: (Score:2)
Does that also count if you get hacked?
Re: (Score:2)
Re: (Score:2)
"Just because it's on your Facebook status, doesn't mean you want the whole world to know." Wait. (looks ^ at address bar) It says yro.slahsdot.org up there. Damn, I thought maybe it was portal.twilight.zone or some such. DAMMIT man! Have you been paying attention, or not? EVERYTHING ON FACEBOOK is accessibly by anyone with the will to snoop. It doesn't even require much skill - just the will to snoop. One more time: if it's on the intartubez, it ain't private. Go to the blackboard, and write that one thou
Re: (Score:2)
I've never been a paranoid one, and even in this case I don't think it's a *huge* deal (it's certainly a deal, but not a huge one), but I think what they are getting at is that this gives them the ability to connect the dots. Say you have an ad for a job opening that is only shown to gay people. User clicks said ad, and is sent to a specific entry point which can be recorded. User proceeds to apply for job. I'm not sure that this can cause much damage... if they weren't looking for gay people they wouldn't
Re: (Score:2)
Exactly, and this is different than "Joe likes Red Cars" because it starts tying in a preference that has social implications.
Re:Which part of this is "inadvertent"? (Score:4, Insightful)
Which is really your point. Given the degree amount amount of homophobic bigotry and violence, I'm not really sure that FB should be facilitating anything like this. Plus, is there really a legitimate reason to be advertising things which aren't gay specific to only gays? I mean I can understand targeting gay bars to gay men, but nursing school?
Re:Which part of this is "inadvertent"? (Score:4, Interesting)
Re: (Score:2)
Re: (Score:2)
Rape is rarely about sex. It's usually about power.
Sounds like rape and politics have a lot in common.
Re: (Score:2)
Way too much in common. You know there's midlevel bureaurats fapping to all the little ants under their control and surveillance.
Re: (Score:2)
Sure, but I think this is a problem on the user end. It doesn't have anything to do with Facebook, per se. If a user is paranoid about it, they can hide their preferences from non-friends or simply not disclose it.
I'm not saying people don't have a cause to be cautious about what to disclose to whom. I'm just saying that it looks to me like Facebook gives you all the tools you need to avoid disclosing things you don't want to disclose to strangers.
Re: (Score:2)
Has nothing to do with your privacy settings. It has everything to do with clicking on an ad that only a member of a targeted group can see. If you can click on the ad, you must be a member of the target group.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm sure paranoid people wouldn't like it. But paranoid people have the option of either hiding their sexual preference or omitting it altogether. It's not required information, and it's not information that's required to be public.
There's that word again. Please see this post [slashdot.org]. I'd be interested in your feedback.
Re: (Score:2)
Re: (Score:2)
I understand that paranoid has a definite meaning. My parents both work in the mental health field. But, rightly or wrongly, "paranoid" also has a layman's meaning. It so happens that the layman's meaning of "paranoid" is closer to the clinical meaning than you get in a word like "schizophrenic", which to the general public means someone with a split personality. The difference between "paranoid' in the layman's sense and in the clinical sense is just a matter of degrees. Paranoia is an irrational fear
Re:Which part of this is "inadvertent"? (Score:5, Insightful)
I really don't know what has happened in the last several years. The desire that people not know information that is none of their business is suddenly described as "paranoid", a term for a medical disorder. This is absolutely bass-ackwards. In fact, it's downright pathological and a great example of Newspeak. It so clearly serves those who wish to deny privacy that it's bordering on the miraculous that most people don't notice. Really, only large masses of people could be so stupid/blind/oblivious/whatever you want to call it.
I say we turn the tables. Let's stop using words like "paranoid" to describe people who want random strangers to leave them alone. Instead, let's choose a word that's the inverse of "paranoid" to describe the asshats who intrude into the lives of others and then claim that data as their own to use as they please. I tentatively suggest "Orwellian" but am open to suggestion. Maybe Panopticonians would work, except that fewer than six syllables would be a plus.
Re: (Score:2)
Re: (Score:2, Interesting)
I have had gay targeted ads show up on my facebook before. It has been awhile though. My sexual preference is left blank, but I must have an unusually high percentage of gay male friends. I'm out to most people so it didn't out me or anything, but it was kind of scary that it could correctly guess my sexual preference.
Cowboys fans, beware! (Score:2, Funny)
We're on to you...
Re: (Score:2)
You caught me, I'm a grits lover.
Re: (Score:2, Insightful)
You can't be trolling if you're just ripping on fans of a rival team. Have a sense of sportsmanship modder.
soooo..... (Score:3, Insightful)
Plus the ads were targeted at people whose profiles explicitly said they were gay, so how was anyone/any fake profile "outed"
Re: (Score:2)
If only someone would write an article explaining what the problem is...~
Re: (Score:2)
Many times, the little label your parents attached to you is the least valuable bit of data in the database. Demographics, credit card or ss#, even home address are more valuable. I don't care who I'm robbing, I just care if he's got lots of money and leaves his house unguarded.
Re: (Score:2)
That's two fierce posts so far which are doing the "narrow interpretation of the facts" thing.
The thing is, maybe you outed yourself under one site, maybe even a pseudonym, you get served a certain ad. That advertiser sells that site's user info to its other marketing partners. Except because the user entered their info to something else, and now that ad ring has a preference attached to that email address anywhere on the net.
This is seriously in "well *this time* they restricted it to openly declared profi
Re:soooo..... (Score:5, Interesting)
No, you don't understand. Facebook has a policy saying they won't disclose personal info, like what age you are.
Now, suppose an advertiser says "target this ad at people born in October of 1978" ... Facebook says "OK". So all of these people's birth months are revealed to the advertiser, in violation of the policy. Thru essentially costless micro-targeting, advertisers (or any attacker with $) can dig out whatever info they want. There's a simple and obvious way for an attacker to get a list of people based on a piece of information Facebook has said they're keeping private.
There is a big difference between someone clicking on an ad for, say, a gay-dating site -- when you click on an ad, you know you are implicitly signaling some level of interest in its content to the advertiser -- and clicking on an ad (*any* ad, it could be for a car or for dog food ... the content of the ad could have *nothing* to do with the audience targeting) that happens to be targeted based on a specific database query.
If a piece of information is promised to be kept private, private should not equal "disclosed to third parties who pay us."
Re: (Score:2)
To be honest, I think you're burying the lead, here. The real question is, why the hell is Facebook sending the id of users who click on ads back to the advertiser? If the goal is to track unique clicks, you could just as easily hash the id before sending it on, thus disconnecting that id from the fb account itself.
Lazy or malicious, you decide (Score:2)
It is the old HTTP referer leakage problem.
When you click on any link on any site, the browser sends the URL that the link was found as part of the HTTP request for the linked page. This is useful to webmasters as they can see who is linking to them. This becomes a problem, however, if the URL contains private information encoded into it.
For example, when you are logged into facebook, the URL of the site contains your user id. Thus any* website that is linked from your facebook page will see your user id wh
Re: (Score:2)
Sorry for stereotyping, but it's like the way a lot of them speak. They sound gay. Why exactly is that? Is it because they want to speak that way or is it some kind of genetic thing? Seriously.
Re: (Score:2)
AFAICT, the "gay lisp" appears to either be a myth or is a regional thing. None of the gay men I know exhibit it in the slightest.
If they didn't know (Score:5, Insightful)
[...]such as their IP (Internet Protocol) address.
If you don't know what IP stands for in 'IP address' then you're on the wrong site.
Re:IP (Score:4, Interesting)
The MAFIAA is furiously trying to make "IP" mean "Intellectual Property" in the public mindshare. The ugly thing is when you smash both acronyms into the same sentence you get Halloween Horror.
"I recorded that this IP is stealing my IP and demand he be sued into bankruptcy".
This just in... (Score:4, Insightful)
Re: (Score:2)
Reminds me of Project Gaydar (Score:5, Informative)
A year ago, some MIT undergrads wrote up a short piece called Project Gaydar [boston.com] which showcased how they were able to successfully identify gay men who were still in the closet.
Facebook might not expose this information directly (via the "sexual preferences" profile information), but your friends list is enough to extrapolate it. Since there's money in that kind of data and it is easily fetched via the Facebook API, it's being done.
Re: (Score:2)
From the article you cited:
The two students had no way of checking all of their predictions,
Sounds like they didn't actually "successfully identify gay men" to me.
Re: (Score:2)
I know where to go to buy a gay cruise, for instance.
But do you know where to cruise for gays?
Bada-Bum!
So, this is awkward. (Score:2)
Does not pass any personally identifiable info... (Score:5, Interesting)
Facebook DOES pass personally identifiable information, albeit inadvertently.
As a Facebook Ads user, I have tracked down people who have clicked my ads EASILY.
How?
Your unique Facebook user ID is passed through the refer string each and every time you click on an ad.
Simply copy down this ID and paste it in the USERID variable below.
http://www.facebook.com/profile.php?id=USERID [facebook.com]
Tada.
So I screwed up my profile and initially... (Score:2, Interesting)
Said I was interested in men rather than that I was a man. So I got some really really gay targeted ads. Gay dating services, special razors to shave with, all very fun. Try it and see.
The real issue is that the current terms of service allows yhem to share your groups and interests, which likely can identify you as being close to the GLBC.
Lesson learned from a previous incident (Score:5, Interesting)
I sometimes hang out on a web forum, and they have a special forum where you could post anonymously - it's not really anonymous, as you still need to login and post, but the postings do not show your user id or IP addresses, so it appears totally anonymous, except to the web admins. So people post a lot of random crazy stuff there which would embarrass themselves if it had not been anonymous.
Then one day the forum upgraded their software, and due to a bug, all posts inside that anonymous forum suddenly showed all user IDs - including the old ones. That quickly turned into a sh*tstorm as people ran around screaming in panic with their underwear.
The lesson: do not post anything if you don't want others to find out it's you.
Re:Lesson learned from a previous incident (Score:4, Funny)
Then one day the forum upgraded their software, and due to a bug, all posts inside that anonymous forum suddenly showed all user IDs - including the old ones. That quickly turned into a sh*tstorm as people ran around screaming in panic with their underwear.
Oh, to do that with Slashdot and watch the fun.
Actually *checks the mental post history* um, never mind that.
Re: (Score:2)
IIRC, /. is actually designed not to store the details of which user made the post. It got mentioned when they took down a post because the CoS threatened to sue.
Re: (Score:2)
afaik the only forum that truly allows anonymity coupled with verifiability (that is to say nobody can impersonate your online personality) are the 2ch-style boards, including 4chan. For those who don't know, you can key in any nickname you want when posting, but trailing that is an encrypted hash of whatever password you attached to it - therefore no 2 people can post using the same nick. No registration, no verification emails, no password, no mothers maiden name.
Wait, what? (Score:4, Interesting)
Are male nurses required to be gay?
Re:Wait, what? (Score:5, Insightful)
Yeah, exactly. This is why we have a national shortage of nurses. It's because straight men don't want to go into a profession where their job title is the same as the word for "have a baby suck milk form your boobs." On the other hand, there's no shortage of male "paramedics."
Re:Wait, what? (Score:4, Insightful)
I don't get the funny mod. I was being 100% serious. Nursing isn't a "manly" enough field, there's a social stigma (albeit, a shrinking one) attached to being a "male nurse," so many men who would otherwise be talented at it shy away; this has caused real shortages in healthcare.
Ideally speaking, there should be more women in engineering as well, but fortunately for current engineers' supply/demand curve, there aren't.
"Facebook 'downplayed the study...." (Score:2)
];)
It's a matter of trust (Score:2)
Facebook's massive failure re privacy is pretty much the status quo, no need to rehash that.
However, let's presume a person treats their sexual status as something super secret, worthy of protection. You know, so secret that at the very least, they keep it from their general "real-world" social network, if not their closest friends and family. This involves care: watching how they talk, walk, dress, and who they associate with. Yet when it comes to websites run by strangers they're more than willing to let
Where do you specify sexual orientation on FB? (Score:2, Funny)
I just looked at my FB profile, and I don't see where they even ask for my sexual orientation. Do they infer it from people's relationship status or something?
Re: (Score:3, Informative)
Facebook has ads? (Score:2)
Out-gay Facebook users? (Score:2)
Re:OK... (Score:5, Informative)
According to several of my (very out) gay friends, putting your sexuality on facebook tends to lend its self to a lot of random messages from people who want to meet up at truck stops.
No joke.
Re: (Score:2)
According to several of my very not-gay friends, having someone switch your sexuality on facebook tends to lend its self to a lot of random messages from people who want to meet up at truck stops.
Re: (Score:2)
don't clickthru on ads for nursing programs for men.
I'm not really sure what makes male nurses gay. My ex-gf is a nurse as are all her friends, and of the guys I met that are nurses, none of them were gay. I get the whole maternal desire to care for people and that it might attract a higher-than-average amount of gay men, but being a male nurse does not make you gay.
Re: (Score:2)
... but being a male nurse does not make you gay.
That's because everyone knows that SPIDER-MAN will make u gay.