back to article Activists hate them! One weird trick Facebook uses to fool people into accepting GDPR terms

Facebook has been accused of purposefully misleading netizens into accepting its GDPR-friendly privacy policy – by tricking them with fake notifications. Folks are shown the social network's updated terms and conditions to agree to, with what appears to be pending notifications from friends in the top right corner – such as …

  1. Anonymous Coward
    Facepalm

    Being honest about data-collection isn't an option anymore is it ?

    A LOT of American companies are resorting to sneaky tactics or they're simply blocking everyone from Europe...

    F*ck 'em...

    1. Mark 85

      Re: Being honest about data-collection isn't an option anymore is it ?

      Well, if people in Europe would just say "no" and not use FB or the others when they try to pull sneaky crap like this, it would it the companies' bottom lines really hard. I'd be willing to bet that things would change real fast then.

      The companies for now seem to be testing the waters on what they think they can get away with. Don't let them off the hook!!!!

    2. bombastic bob Silver badge
      Unhappy

      Re: Being honest about data-collection isn't an option anymore is it ?

      "A LOT of American companies are resorting to sneaky tactics"

      Not THAT many, just a few high profile ones from what I see.

      Yet, if they have to 'sneak', there must be something inherently wrong with what they're doing.

      It reminds me of GWX.

    3. Voland's right hand Silver badge

      Re: Being honest about data-collection isn't an option anymore is it ?

      Oh it is. But not if you are a slime.

      I got an honest and compliant GDPR notice two days ago. JUST ONE - out of all notifications, popups and mails in my mailbox.

      It was from Kasperski - they forced an update on the app with a name change so you had to go through the GDPR screens to reactivate it on the phone. What is remarkable is not them doing it. The remarkable part is them being the only ones which followed the law (so far). There was a separate marketing, separate data collection consent and the app agreed to function exactly as it should with no functionality cuts if these two were not ticked off.

      1. phuzz Silver badge

        Re: Being honest about data-collection isn't an option anymore is it ?

        I'd love to be a fly on the wall in all the marketing departments who've spent all last week trying to work out how they can still spam people, only to send out their GDPR email and receive a flurry of unsubscribe requests instead.

        It's almost like people don't like, or want, marketing emails.

        1. Anonymous Coward
          Anonymous Coward

          Re: Being honest about data-collection isn't an option anymore is it ?

          > It's almost like people don't like, or want, marketing emails.

          It's the GDPR emails from companies you've never had dealings with (ie, they have your data anyway) that are especially concerning, as they are almost certainly fishing rather complying.

          1. Anonymous Coward
            Anonymous Coward

            Re: Being honest about data-collection isn't an option anymore is it ?

            "It's the GDPR emails from companies you've never had dealings with (ie, they have your data anyway) that are especially concerning, as they are almost certainly fishing rather complying."

            Unless it is recruitment companies, they are not phishing, they generally have scraped your CV from some location and wish to continue using it.

            I have sent many delete requests to many recruitment agencies who have absolutely no reason to hold my data.

            1. Anonymous Coward
              Anonymous Coward

              Re: Being honest about data-collection isn't an option anymore is it ?

              I haven't received a single GDPR email from a company I've never dealt with directly.

              Paranoid for the win.

            2. Alan Brown Silver badge

              Re: Being honest about data-collection isn't an option anymore is it ?

              "I have sent many delete requests to many recruitment agencies who have absolutely no reason to hold my data."

              They've had 2 years to delete it. At what point will the small claims tsunami against offenders start?

        2. John Brown (no body) Silver badge

          Re: Being honest about data-collection isn't an option anymore is it ?

          "only to send out their GDPR email and receive a flurry of unsubscribe requests instead."

          That's not what's supposed to happen. Unsubscribe is supposed to be the default action if the subject doesn't actively subscribe. But most seem to either not know that's how it should happen or are actively pretending they don't understand so as to scam the users.

        3. Alan Brown Silver badge

          Re: Being honest about data-collection isn't an option anymore is it ?

          "only to send out their GDPR email and receive a flurry of unsubscribe requests instead."

          If they don't have your explicit consent already, then you don't NEED to send an unsubscribe.

          This makes law what was ASA policy anyway - and the reason it's been made law is because industry self-regulation (and the ASA as self-proclaimed "regulator") has utterly failed.

      2. iron

        Re: Being honest about data-collection isn't an option anymore is it ?

        I've visited several websites in the last week who asked if I wanted to allow required cookies, personalisation cookies, tracking cookies or advertising cookies using a simple dialog. These sites made it easy to select my preferences and (assuming they actually act on my choices) complied with GDPR simply and effectively. They actually make me want to visit those sites again, unlike Dell or WD with their huge lists of companies they set cookies for whom I have never heard of that lost them business when I closed the tab in disgust.

        1. DropBear

          Re: Being honest about data-collection isn't an option anymore is it ?

          That's remarkable considering all the websites I've seen presented their cookie (or miscellaneous consent) begging popups with a sole "agree, puny human!" option and nothing else - some of them quite literally covering the bottom third of the screen with no other way* to make them go away.

          * ...unless of course you routinely use a pick-and-kill add-on like HackThis or uBlock Origin's "zap", which swats** them off the screen post haste - until you hit refresh or click on anything, when you have to start anew.

          ** ...unless it doesn't, because the element in question is somehow un-pickable / does not get detected at all; in which case selecting "Inspect object" from the context menu then "delete node" once you found it achieves the same thing. Yes, only until you click anything. Yes, I AM pissed, verily, thanks for asking.

      3. Anonymous Coward
        Anonymous Coward

        Re: Being honest about data-collection isn't an option anymore is it ?

        As to Kaspersky, whilst they have rolled out a GDPR version I am presuming it will still be "total" rather than concurrant activations limited".

        Not really a problem for most "home users" i.e. those that do not rebuild the OS regulary, as I do, to remove what the AV has missed and what the OS vendor have snuck in via backdoors. Needless to say this is Windows we are talking about as linux addresses their own security problems rather than having their customers rely upon third parties to have any protection.

        When you hit Kaspersky's total activations limit then they demand that you send them a copy of the email their webstore sent, presumably so they can get your payment details even if you went via a third party seller.

        If you bought retail or from another web store then they say "tough" we demand it, or you can't use your perfectly valid license.

        So just having a compliant version for Europe is not enough when they still have a process that requires you to give up your privacy via coercion. For my part being asked for proof of purchase twice and only on the last time having them admit that this was the reason that the service was removed not that the license was suspect or had been used on more than one IP at a time was enough for me to now be looking elsewhere.

        I am looking at the retail box now and if it has any notice of "total activations limitation" then I cannot see it.

        Admittedly once I complained then they did reset the activation limit and apologised but ignored that my time had been wasted and that 4 of the 5 licenses were unusable whilst they dicked me around.

        So whilst I agree that the US attack on the company was completely unreasonable so is Kaspersky's stealth policy on total activations as a way to collect personal information.

        1. Alan Brown Silver badge

          Re: Being honest about data-collection isn't an option anymore is it ?

          "So whilst I agree that the US attack on the company was completely unreasonable so is Kaspersky's stealth policy on total activations as a way to collect personal information."

          If they don't have a EU office (and therefore EU regulators to whap them for this), then surely at that point you can invoke "unfit for the purpose that it was sold for" and go for a refund from the retailer?

          Enough of those and Kaspersky will wish it was only the regulator spanking them.

    4. Anonymous Coward
      Anonymous Coward

      Re: Being honest about data-collection isn't an option anymore is it ?

      "or they're simply blocking everyone from Europe..."

      ... a bit like the way a number of banks in Europe have started refusing to allow US citizens to hoild accounts with them (Similar reasons - US have banking reporting laws for accounts held by US citizens with huge potential fines so some banks have decided its not worht the risk having American customers - maybe websites outside teh EU will think the same about having EU custoemrs)

      1. Alan Brown Silver badge

        Re: Being honest about data-collection isn't an option anymore is it ?

        Unlike EU banks holding USA bank accounts being susceptable to large fines, USA entities holding any data about EU individuals _or preventing them from checking up on what data is held_ are susceptable for fines.

        Unless the ChiTrib and friends have wholesale dumped all their EU data then blocking access at this point is an admission they've been breaching the law and they're now preventing EU citizens exercising their rights to verify data and demand deletion. (Hint: they haven't)

  2. Wellyboot Silver badge

    FB

    Once a ....

    Always a ....

    You really expected anything better from them?

  3. Anonymous Coward
    Anonymous Coward

    Big-Tech vs Big-Tobacco vs Banksters

    For 2 decades 2 companies with no ethics have been criminally invading privacy, merely apologizing after getting caught, and paying paltry fines (just the cost-of-doing business).... Now superstar lawyer Max Schrems is firing billion dollar sueballs on day one of GDPR... Sounds great! - But....

    Schrems' fight is reminiscent of the fight against Big Tobacco in the 90's ('The Insider' 1999 movie)... Or Banksters post 2008. Look at the Volcker rule now, its getting watered down. So this is going to be an uphill battle for sure. Big-Tech lobby for the laws they want and own politicians. GDPR is a mere experiment, no one knows how the law will shake out...

    The problem here is, Big Tech has a much greater end-game here. They can delay fines for years and keep appealing. We know that, so that wont change! Facebook / Google rely on the ignorance / laziness of people and lack of real choice in the market... Will that ever change... Who here even knows where this phrase comes from: 'We are the native people's now'....

    1. Charlie Clark Silver badge

      Re: Big-Tech vs Big-Tobacco vs Banksters

      GDPR is a mere experiment, no one knows how the law will shake out...

      Hardly an experiment. It's EU law with the ECJ as ultimate arbiter. It's been drafted based on cases with non-EU companies, which is why fines can be turnover based. Previous ECJ judgments against non-EU companies have been upheld.

      Seeing as how easy it is to persuade people that "they've nothing to hide" I don't see why companies aren't being smarter about this.

      1. fidodogbreath

        Re: Big-Tech vs Big-Tobacco vs Banksters

        GDPR is a mere experiment, no one knows how the law will shake out...

        ...which is equally true of any law; or indeed, of most human endeavors.

    2. Anonymous Coward
      Anonymous Coward

      Re: Big-Tech vs Big-Tobacco vs Banksters

      > Will that ever change...

      More optimistically, let's hope so. After all, Microsoft took it on the chin when told to provide browser choice in the EU - admittedly far too late, but the direction of travel was clear.

  4. Teiwaz

    Didn't notice that

    FB has been hassling me for at least a year or two couple of times a week about unread status peek, pokes or photo tags, I have a page because relatives, but I don't go near FB.

    It is interesting to see who is still posting their life to it regularly. There's one relative I'm expecting to be caught up to no good in a public lavvy any day now, I'd expect that to be posted as worse have gone on there.

  5. Nate Amsden

    Wonder what would happen

    if Google and Facebook just decided to shut down stuff in Europe entirely for say 30 days.. that would be really interesting to see. Just leave a message on their websites that say something like "whoops give us some more time to make things GDPR compliant, in the meantime we can't let you use our services".

    Are there european social networks that would explode over night? European web search engines? European Youtube? And what would happen when/if google/facebook turned stuff back on would the traffic come flooding back to them?

    (I have never used facebook and my usage of google is quite minimal, I switched to bing as my search engine when I changed to Palemoon browser(Nov 24 2017), seems to do the job fine, though I still use google on firefox/android(minimal google usage there) -- I do use google maps though as bing maps really doesn't show much useful info, or maybe it's a browser compatibility issue with bing). My usage of youtube is quite minimal as well(I don't use any streaming services).

    My switching to bing was really just an experiment, would I notice much by not using google, and I just haven't been bothered to change it away from bing since, I know there are other alternatives as well. I haven't had any cases where I felt I needed to go to google search to find something(that I could not find on bing search).

    1. veti Silver badge

      Re: Wonder what would happen

      I doubt if there are replacement services that would pop up overnight. What there is, however, is plenty of people smart enough to create one, if Google/Facebook were rash enough to leave the market open for them.

      "Cutting Europe off for a month" would also provide those potential rivals with all the boost they need. They could market themselves as both the patriotic choice and the prudent one, the one that wouldn't be cut off arbitrarily on the whim of some unaccountable American. They wouldn't need to get up and running in 30 days - after a PR gift like that, they could take a year or so and still claim huge slices of the market.

      I'm pretty sure that creating an opportunity like that is not on Google's or Facebook's roadmap.

      1. Paul Crawford Silver badge
        Facepalm

        Re: Wonder what would happen

        People might get some work done and speak to their friends?

        1. SkippyBing

          Re: Wonder what would happen

          'People might get some work done and speak to their friends?'

          Wash your mouth out!! I don't have friends to speak to, just to make my nascent drinking problem socially acceptable by sitting next to me in the pub.

        2. Ken 16 Silver badge
          Flame

          How dare you!

          I manage to dodge work and avoid friends without a Facebook account

    2. Mark 85

      Re: Wonder what would happen

      I don't think that will happen as the stockholders will have a fit about the drop in income/profit for even just a month.

      1. Charlie Clark Silver badge

        Re: Wonder what would happen

        I don't think that will happen as the stockholders will have a fit about the drop in income/profit for even just a month.

        Handy then that Zuckerburg has a perpetual controlling interest in Facebook. This is the case with most of the Silicon Valley darlings.

    3. NoNBNforMe

      Re: Wonder what would happen

      I really don't think that any other social network would be able to take over from Facebook without having the same issues as Facebook. Their business model is to provide your personal data to the highest bidder. How will any other network make money without charging the end user?

      1. Anonymous Coward
        Anonymous Coward

        Re: Wonder what would happen

        How will any other network make money without charging the end user?

        They could still make plenty of money by being a lot less devious and prolific in the extent to which they pimp users' data. Most people will accept a "free, but we need to make money somehow" offer. Problem is that these corporations want limitless permissions and no transparency or accountability to users.

        Take Facebookerburg. Pretax profit was more than half of total income. They've got no meaningful liabilities to service, so it isn't like they're recovering some vast capital investment. Which means they're just a leech sucking money from advertisers (by virtue of abusing users' data) and then hosing that to the crooks of Wall Street. No worthwhile risk, no talent or innovation, no effort, no ethics.

      2. onefang

        Re: Wonder what would happen

        "How will any other network make money without charging the end user?"

        Or maybe some federated open standards system that isn't out to make money could take off? You know, like email.

        1. Anonymous Coward
          Anonymous Coward

          Re: "How will any other network make money without charging the end user?"

          One billion users. Charge two pounds/dollars/euros/whatever per year. That should keep them going.

          Used to be the case that WhatsApp did something similar.

          1. Alan Brown Silver badge

            Re: "How will any other network make money without charging the end user?"

            "Used to be the case that WhatsApp did something similar."

            And if FB hadn't hoovered the up, they would have croaked within 12 months of that point.

    4. Charlie Clark Silver badge

      Re: Wonder what would happen

      Are there european social networks that would explode over night?

      I'm not sure there needs to be. Growth over the last couple of years has been in messengers, particularly WhatsApp, and fashion-darling Instagram. WhatsApp is currently limited by use of the Signal protocol as to what Facebook can mine it for, though that is changing, but there are numerous drop-in replacements. For YouTube there is Vimeo.

      Basically, it would be bad business to let users find out that they can live quite well without the snooping.

  6. Anonymous Coward
    Anonymous Coward

    Genuine question

    I don't have a Facebook account. Should I be worried about this GDPR thing?

    Recently, I see 'updated privacy regulations' notification emails sent by podcasts, newsletters etc which I had subscribed to many years ago. 'Updated user agreement' on forums, websites, blogs.

    1. Alan Brown Silver badge

      Re: Genuine question

      "I don't have a Facebook account. Should I be worried about this GDPR thing?"

      If you'd like facebook to remove your shadow profile, yes.

      Bug Brother has been watching you for some time and building up your profile - so he can sell you stuff.

      1. Mark 85

        Re: Genuine question

        If you'd like facebook to remove your shadow profile, yes.

        There's a Catch-22 in this. You have to open a Facebook account to kill off the data slurpage or at least the data have on you up to that point. But, that might be changing.... doubtful though. Numbers of "users" (active or not) are their stock in trade.

  7. Anonymous Coward
    Anonymous Coward

    So glad I'm not affected

    Hasn't prevented me from sending Max Schrems' NOYB a largish bung, though.

    1. Mage Silver badge

      Re: So glad I'm not affected

      You are if you use Websites that have Google or Facebook scripts.

      1. alain williams Silver badge

        Re: So glad I'm not affected

        You are if you should use Websites that have Google or Facebook scripts.

        That is why you run browser addons like noscript and RequestPolicy for. You just never allow facebook or google analytics. Not perfect, but a great help.

      2. rmason

        Re: So glad I'm not affected

        Similarly if a friend, your spouse or family members use FB messenger - then 'they' have all your text messages, they know who you are, which FB profiles you interact with (via text message) etc etc.

        You're not unaffected, they just have a slightly lower amount of your info than they do a regular FB user.

      3. N2

        Re: So glad I'm not affected

        You are if you use Websites that have Google or Facebook scripts.

        So you browse the web without NoScript or a decent hosts file to edit such garbage out?

  8. Mage Silver badge

    Facebook Income

    "Facebook derives most of its income from gathering as much personal information about people as possible, and then packaging those records to be useful for advertisers."

    Incorrect. That's their marketing to advertisers.

    The income comes from selling advertising space, not the illegal & abusive gathering of personal information. Same with Google.

    Google last night on search: Agree our T&C or stop using ALL our services. Can be solved by deletion and blocking cookies.

    1. Matthew Brasier

      Re: Facebook Income

      It is true that their income comes from selling advertising space, but the value of that advertising space is created because it targets individuals based on their gathered personal information. If I am an advertiser, I am going to pay considerably more for an advert on a page of someone who fits my target demographic and has had conversations about my products with their friends, than for an advert on a page of a random individual.

  9. Adam 52 Silver badge

    "Under the European law, companies are required to gain consent before they are allowed to use individuals' personal data"

    For crying out loud, has Kieren not read anything about GDPR?

    1. Rainman

      > "Under the European law, companies are required to gain consent before they are allowed to use

      > individuals' personal data"

      > For crying out loud, has Kieren not read anything about GDPR?

      In the context of this article which is referring to targeting advertising, which has to utilise data relating to EU data subjects in order to work, this is correct. Consent must have been gained before using that data for targeted advertising. A user should be "opted out" by default and just experience un-targeted ads. AFAIK Facebook doesn't do ads which aren't targeted, as that's it's USP.

      1. Adam 52 Silver badge

        I would dispute that the article relates specifically to target advertising, primarily on the grounds that it only mentions advertising once and processing data a lot. But that's by the by because...

        I don't see anywhere in GDPR that requires consent for targeted marketing. See GDPR recital 47 “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.

        People have a right to object - but that's an opt-out, not an opt-in. Or, as the ICO puts it:

        "The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing You must tell individuals about their right to object. An individual can make an objection verbally or in writing. You have one calendar month to respond to an objection."

  10. Havin_it

    How about this?

    Maybe a GDPR maven can answer this.

    Where would the law stand on FB (or whoever) charging money for non-slurped access? (This might or might not include also not getting served ads, or that could be an additional pricing tier.)

    Asking for a FriendFace...

    1. Rainman

      Re: How about this?

      > Maybe a GDPR maven can answer this.

      > Where would the law stand on FB (or whoever) charging

      > money for non-slurped access? (This might or might not

      > include also not getting served ads, or that could be an additional pricing tier.)

      > Asking for a FriendFace...

      GDPR is quite clear in that "consent" for data collection cannot be a condition of service. So they could charge for their service if they wish (assuming you're prepared to pay for it) but the issue of data collection remains the same. You could pay for a service but still legally allowed to opt-out of data collection.

      Paying for a service which does not sling ads at you is something else entirely. GDPR does not cover ads and does not regulate on them. Some websites already offer users an ad free version of their service for a token annual subscription.

  11. Gotno iShit Wantno iShit

    I found it exceedingly difficult to click on that taboola style title. My index finger just wouldn't push the mouse button.

  12. onefang

    Activists hate FaceBook? That's the only reason I joined FB, is coz the activists groups I wanted to be a part of use FB to get themselves organized, despite my attempts to get them to use something more sane.

    1. John Brown (no body) Silver badge

      I assume then they are not privacy activists? That would blow my irony meter into orbit!

      1. onefang

        You assumed correctly.

  13. Wolfclaw

    Time to make an example of FB and hit them with 4% fine, Zuck and his butt monkeys will soon back track and stop being a pr!cks.

    1. Anonymous Coward
      Anonymous Coward

      A whole 4% you say.

      I can feel them quake as we speak...

      1. Rainman

        Re: A whole 4% you say.

        Well 4% for every breach ... by the time they're done wouldn't be much FB left. Besides if FB got wiped out in one go by one truly massive fine then it wouldn't be anywhere near as much fun to watch. I'd have to ram popcorn down my throat by the fist-load.

  14. trog-oz

    Facebook can scrape my data

    Every "fact" about me on my two FB profiles are fake.

  15. anonymous boring coward Silver badge

    Not a lot to be surprised about there really.

    My LG phone gave me a rare update, which was all about privacy invasion.

    I declined under threat of not getting any more updates.

    But I haven't had a real update for over a year anyway.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like