What the actual fuck!

  • Dave@lemmy.nzM
    link
    fedilink
    arrow-up
    3
    ·
    4 months ago

    Does anyone know more about this process?

    If hashing anonymises the data, rendering it as a hash, how does Facebook use this information? How is it useful, and if it’s not why upload it at all?

    Also, do they upload the list then Facebook runs the hashing (after any US government secret requests have been processed), or is the hashing done before uploading?

    I’m assuming it’s so you have a unique hash representing the customer, but with Facebook’s data if they know the birthday, name, etc then they could easily match it to a specific profile. And if they aren’t matching to a profile then what makes it useful?

    • Venat0r@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      4 months ago

      if they know the birthday, name, etc then they could easily match it to a specific profile

      Thats exactly how they’re able to de-anonymise the data… If it was truly anonymised then Facebook wouldn’t want it…

      • Dave@lemmy.nzM
        link
        fedilink
        arrow-up
        3
        ·
        4 months ago

        I just don’t get what exactly is being “anonymised” and how facebook can use it in that state. What information is IRD uploading to target the ads?

        Basically, I don’t understand why they are uploading data that they think is anonymised. Either it’s anonymous and there’s no reason to upload it, or it’s not anonymous. I really want to understand the specifics of this!

        • Venat0r@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          4 months ago

          In short: it’s not anonymous.

          They’re using a hash function on personally identifying information such as names, addresses, DoB and phone numbers, but Facebook and LinkedIn have enough data that they could work out what hashes correlate with which names, addresses etc. , which would enable them to correlate the hashed data with a specific person that has that data already, and from there they can correlate the hash of the data they don’t have for that person with other people in the data that they do have the data for to add more data for that person.

          e.g. Someone left NZ in 2015, but hasn’t logged into Facebook since 2010, so Facebook doesn’t have any up to date data on them, but if they run thier name and DoB through the same hashing function that the IRD used, and say they find one result, then they can update thier database with the persons new data from the IRD.

          They just need to find users in thier data where there’s only one result for each of the resulting hashes, and can also create new entries in thier database for people who’ve never even used Facebook but were in the data the IRD provided.

          To understand the specifics you’d probably need to do an OIA request or something IDK.

          • Dave@lemmy.nzM
            link
            fedilink
            arrow-up
            4
            ·
            4 months ago

            I guess my question is why they upload hashed personal information instead of not uploading the information at all.

            I found some answers searching the Facebook help pages.

            https://www.facebook.com/business/help/112061095610075?id=2469097953376494

            https://www.facebook.com/business/help/341425252616329?id=2469097953376494

            Long story short, though not explicitly stated, the idea here seems to be that they want to match name, email, phone number, address information you provide against records they already hold. The hashing is done by Facebook and is ostensibly to make sure Facebook already holds the info. I.e. they want to match the phone number to one they already hold, not add the phone number to an account they didn’t have it for.

            Long story short, nothing in here is anonymous, they don’t pretend it’s anonymous as the point is to match against real profiles, and IRD seem to have misunderstood.