40
submitted 1 month ago by absGeekNZ@lemmy.nz to c/newzealand@lemmy.nz

What the actual fuck!

top 9 comments
sorted by: hot top controversial new old
[-] BlueEther@no.lastname.nz 7 points 1 month ago

I don't understand why they need to share anything other than "this is the campaign we want to run" eg, "we want to run an ad campaign to target adults under 30 returning to NZ, the ad will be this 'Student Loan Repayment' copy"

[-] absGeekNZ@lemmy.nz 8 points 1 month ago

I don't understand why they are giving anything to Facebook at all

[-] Dave@lemmy.nz 2 points 1 month ago

Does anyone know more about this process?

If hashing anonymises the data, rendering it as a hash, how does Facebook use this information? How is it useful, and if it's not why upload it at all?

Also, do they upload the list then Facebook runs the hashing (after any US government secret requests have been processed), or is the hashing done before uploading?

I'm assuming it's so you have a unique hash representing the customer, but with Facebook's data if they know the birthday, name, etc then they could easily match it to a specific profile. And if they aren't matching to a profile then what makes it useful?

[-] Venat0r@lemmy.world 5 points 1 month ago* (last edited 1 month ago)

if they know the birthday, name, etc then they could easily match it to a specific profile

Thats exactly how they're able to de-anonymise the data... If it was truly anonymised then Facebook wouldn't want it...

[-] Dave@lemmy.nz 2 points 1 month ago

I just don't get what exactly is being "anonymised" and how facebook can use it in that state. What information is IRD uploading to target the ads?

Basically, I don't understand why they are uploading data that they think is anonymised. Either it's anonymous and there's no reason to upload it, or it's not anonymous. I really want to understand the specifics of this!

[-] Venat0r@lemmy.world 3 points 1 month ago* (last edited 1 month ago)

In short: it's not anonymous.

They're using a hash function on personally identifying information such as names, addresses, DoB and phone numbers, but Facebook and LinkedIn have enough data that they could work out what hashes correlate with which names, addresses etc. , which would enable them to correlate the hashed data with a specific person that has that data already, and from there they can correlate the hash of the data they don't have for that person with other people in the data that they do have the data for to add more data for that person.

e.g. Someone left NZ in 2015, but hasn't logged into Facebook since 2010, so Facebook doesn't have any up to date data on them, but if they run thier name and DoB through the same hashing function that the IRD used, and say they find one result, then they can update thier database with the persons new data from the IRD.

They just need to find users in thier data where there's only one result for each of the resulting hashes, and can also create new entries in thier database for people who've never even used Facebook but were in the data the IRD provided.

To understand the specifics you'd probably need to do an OIA request or something IDK.

[-] Dave@lemmy.nz 4 points 1 month ago

I guess my question is why they upload hashed personal information instead of not uploading the information at all.

I found some answers searching the Facebook help pages.

https://www.facebook.com/business/help/112061095610075?id=2469097953376494

https://www.facebook.com/business/help/341425252616329?id=2469097953376494

Long story short, though not explicitly stated, the idea here seems to be that they want to match name, email, phone number, address information you provide against records they already hold. The hashing is done by Facebook and is ostensibly to make sure Facebook already holds the info. I.e. they want to match the phone number to one they already hold, not add the phone number to an account they didn't have it for.

Long story short, nothing in here is anonymous, they don't pretend it's anonymous as the point is to match against real profiles, and IRD seem to have misunderstood.

[-] absGeekNZ@lemmy.nz 2 points 1 month ago

From the first line in the article

Inland Revenue is giving hundreds of thousands of taxpayers' details to social media platforms for marketing campaigns

I'm not sure from this wording, if this means that FB et al are requesting the data for their own advertising campaigns; or the IRD are using these platforms to advertise.

"The lists uploaded monthly are for things like student loans where the overseas-based customer population is constantly changing with people moving overseas or returning home."

Implies that the IRD is the one advertising. But then it goes into hashing, if the data is anonymized; how is the data used to target for example, the delinquent SL borrowers?

[-] Dave@lemmy.nz 3 points 1 month ago

Long story short, IRD are in damage control mode, saw that Facebook hashes the data, and hoped this meant they could spin it as anonymous. It's very, very not anonymous. I did some digging, which I put in another comment chain here: https://lemmy.nz/post/14206010/10952716

Basically, Facebook want to avoid having their customers break privacy laws for sharing data. Instead, the personal information like phone numbers, addresses, date of birth are hashed then compared against a hash of data Facebook already holds.

The idea is you aren't sharing personally identifiable data because facebook will only match data they already have.

However, the whole purpose is to match up a specific taxpayer to a specific facebook user. Not even close to anonymous, even if you squint and tilt your head.

this post was submitted on 09 Sep 2024
40 points (100.0% liked)

Aotearoa / New Zealand

1643 readers
15 users here now

Kia ora and welcome to !newzealand, a place to share and discuss anything about Aotearoa in general

Rules:

FAQ ~ NZ Community List ~ Join Matrix chatroom

 

Banner image by Bernard Spragg

Got an idea for next month's banner?

founded 1 year ago
MODERATORS