this post was submitted on 09 Sep 2024
43 points (100.0% liked)

Aotearoa / New Zealand

1651 readers
9 users here now

Kia ora and welcome to !newzealand, a place to share and discuss anything about Aotearoa in general

Rules:

FAQ ~ NZ Community List ~ Join Matrix chatroom

 

Banner image by Bernard Spragg

Got an idea for next month's banner?

founded 1 year ago
MODERATORS
 

What the actual fuck!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 2 months ago (1 children)

Does anyone know more about this process?

If hashing anonymises the data, rendering it as a hash, how does Facebook use this information? How is it useful, and if it's not why upload it at all?

Also, do they upload the list then Facebook runs the hashing (after any US government secret requests have been processed), or is the hashing done before uploading?

I'm assuming it's so you have a unique hash representing the customer, but with Facebook's data if they know the birthday, name, etc then they could easily match it to a specific profile. And if they aren't matching to a profile then what makes it useful?

[–] Venat0r 6 points 2 months ago* (last edited 2 months ago) (1 children)

if they know the birthday, name, etc then they could easily match it to a specific profile

Thats exactly how they're able to de-anonymise the data... If it was truly anonymised then Facebook wouldn't want it...

[–] [email protected] 3 points 2 months ago (1 children)

I just don't get what exactly is being "anonymised" and how facebook can use it in that state. What information is IRD uploading to target the ads?

Basically, I don't understand why they are uploading data that they think is anonymised. Either it's anonymous and there's no reason to upload it, or it's not anonymous. I really want to understand the specifics of this!

[–] Venat0r 3 points 2 months ago* (last edited 2 months ago) (1 children)

In short: it's not anonymous.

They're using a hash function on personally identifying information such as names, addresses, DoB and phone numbers, but Facebook and LinkedIn have enough data that they could work out what hashes correlate with which names, addresses etc. , which would enable them to correlate the hashed data with a specific person that has that data already, and from there they can correlate the hash of the data they don't have for that person with other people in the data that they do have the data for to add more data for that person.

e.g. Someone left NZ in 2015, but hasn't logged into Facebook since 2010, so Facebook doesn't have any up to date data on them, but if they run thier name and DoB through the same hashing function that the IRD used, and say they find one result, then they can update thier database with the persons new data from the IRD.

They just need to find users in thier data where there's only one result for each of the resulting hashes, and can also create new entries in thier database for people who've never even used Facebook but were in the data the IRD provided.

To understand the specifics you'd probably need to do an OIA request or something IDK.

[–] [email protected] 4 points 2 months ago

I guess my question is why they upload hashed personal information instead of not uploading the information at all.

I found some answers searching the Facebook help pages.

https://www.facebook.com/business/help/112061095610075?id=2469097953376494

https://www.facebook.com/business/help/341425252616329?id=2469097953376494

Long story short, though not explicitly stated, the idea here seems to be that they want to match name, email, phone number, address information you provide against records they already hold. The hashing is done by Facebook and is ostensibly to make sure Facebook already holds the info. I.e. they want to match the phone number to one they already hold, not add the phone number to an account they didn't have it for.

Long story short, nothing in here is anonymous, they don't pretend it's anonymous as the point is to match against real profiles, and IRD seem to have misunderstood.