Two weeks ago I started to revamp the ToS;DR project. We aim at creating readable and rated version of terms of service (ToS), so that the next time you sign up, you won’t lie about being aware of the terms. Ignorance keeps you docile, we hope that by giving you full awareness of what you sign up for, we can pressure services and get some fairness in the terms.

So, to follow on the last post, Facebook ditched their Privacy Policy for a Data Use Policy. It’s mostly the same things, but this very long document has undergone some changes. Fortunately, we at Unhosted kept a copy of the previous version.

Without too many comments, here are some changes that caught my attention (what’s striked has been deleted from the previous version and what’s highlighted has been added to it.)

Your information

This is a modification we can spot here and there: in addition to “clicking”, “viewing or otherwise interacting with things” is enough to send data about you or about other people to Facebook. Connect that with the “Social Plugins” (aka the Like button) and you get a pretty good idea of what’s happening as soon as you see them appearing: you’re sending data about you, what you read, even if you haven’t asked for anything.

We receive data about you whenever you interact with Facebook, such as when you look at another person’s timeline, send or receive a message, search for a friend or a Page, click on, view or otherwise interact with things, use a Facebook mobile app, or purchase Facebook Credits or make other purchases through Facebook.

This one is fun. It looks like in the last version, someone forgot to mention the cookies here!

We receive data whenever you visit a game, application, or website that uses Facebook Platform or visit a site with a Facebook feature (such as a social plugin), sometimes through cookies. This may include the date and time you visit the site; the web address, or URL, you’re on; technical information about the IP address, browser and the operating system you use; and, if you are logged in to Facebook, your User ID.

We get here to an important fact of Facebook: it sells our data, all combined, without personally identifying information such as username or user ID. But it would be interesting to really be able to inspect these data… Is it really impossible to identify anyone personally? Or is it identifiable enough?

We only provide data to our advertising partners or customers after we have removed your name or any other personally identifying information from it, or have combined it with other people’s data in a way that it is no longer associated with you. Similarly, when we receive data about you from our advertising partners or customers, we keep the data for 180 days. After that, we combine the data with other people’s data in a way that it is no longer associated with you.

This one is a welcome addition:

Of course, for information others share about you, they control how it is shared.
We store data for as long as it is necessary to provide products and services to you and others, including those described above. Typically, information associated with your account will be kept until your account is deleted. For certain categories of data, we may also tell you about specific data retention practices.

Sharing information

If you do not make a selection, your information will be shared with the last audience you selected. If you want to change your selection later you can do that too on your profile.

I don’t really get this one:

Although you choose with whom you share, there may be ways for others to determine information about you. For example, if you hide your birthday so no one can see it on your timeline, but friends post “happy birthday!” on your timeline, people may determine your birthday.

“As a general rule, you should assume that if you do not see a sharing icon, the information will be publicly available.” Yes. Public is default.

People on Facebook may be able to see mutual friends, even if they cannot see your entire list of friends.
Some things (like your name, profile pictures and cover photos) do not have sharing icons because they are always publicly available. As a general rule, you should assume that if you do not see a sharing icon, the information will be publicly available.

That might be a useful feature to have a bit of control over what’s displayed. How is the implementation?

Your activity log is a place where you can go to view most of your information on Facebook, including things you’ve hidden from your timeline. You can use this log to manage your content. For example, you can do things like delete stories, change the audience of your stories or stop an application from publishing to your timeline on your behalf.
When you hide something from your timeline, you are not deleting it. This means that the story may be visible elsewhere, like in your friends’ News Feed. If you want to delete a story you posted, choose the delete option.

Other applications

Applications also get your age range, locale, and gender when you and your friends visit them. Age range (e.g., 18-21) lets applications provide you with age-appropriate content. Locale (e.g., en-US) lets applications know what language you speak. Gender lets applications refer to you correctly. If you do not want applications to receive this information about you, you can turn off all Facebook applications

When you first visit an app, Facebook lets the app know your language, your country, and whether you are under 18, between 18-20, or 21 and over. Age range lets apps provide you with age-appropriate content. If you install the app, it can access, store and update the information you’ve shared. Apps you’ve installed can update their records of your basic info, age range, language and country. If you haven’t used an app in a while, it won’t be able to continue to update the additional information you’ve given them permission to access. Learn more at: https://www.facebook.com/help/how-apps-work (…)

You always can remove apps you’ve installed by using your app settings at: https://www.facebook.com/settings/?tab=applications. But remember, apps may still be able to access your information when the people you share with use them. And, if you’ve removed an application and want them to delete the information you’ve already shared with them, you should contact the application and ask them to delete it. Visit the application’s page on Facebook or their own website to learn more about the app.

Sometimes plugins act just like applications. You can spot one of these plugins because it will ask you for permission to access your information or to publish information back to Facebook. For example, if you use a registration plugin on a website, the plugin will ask your permission to share your basic info with the website to make it easier for you to register for the website. Similarly, if you use an Add To Timeline plugin, the plugin will ask your permission to publish stories about your activities on that website to Facebook.

If you post something using a social plugin and you do not see a sharing icon, you should assume that story is Public. For example, if you post a comment through a Facebook comment plugin on a site, your story is Public and everyone, including the website, can see your story.

Advertising

Personalized ads

We do not share any of your information with advertisers (unless, of course, you give us permission). As described in this policy, we may share your information when we have removed from it anything that personally identifies you or combined it with other information so that it no longer personally identifies you.
We use the information we receive to deliver ads and to make them more relevant to you. This includes all of the things you share and do on Facebook, such as the Pages you like or key words from your stories, and the things we infer from your use of Facebook. Learn more at: https://www.facebook.com/help/?page=226611954016283
When an advertiser creates an ad, they are given the opportunity to choose their audience by location, demographics, likes, keywords, and any other information we receive or can tell about you and other users. For example, an advertiser can choose to target 18 to 35 year-old women who live in the United States and like basketball. An advertiser could also choose to target certain topics or keywords, like “music” or even people who like a particular song or artist.

Ads are tracking you even if you don’t click them.

if a person clicks on the add

if a person views or otherwise interacts with the ad

and now an example of how very incredibly useful Facebook is for humanity:

Advertisers of sci-fi movies, for example, could ask us to target “sci-fi fans” and we would target that group, which may include you. Or if you “like” Pages that are car-related and mention a particular car brand in a post, we might put you in the “potential car buyer” category and let a car brand target to that group, which would include you

Misc

Note that the access requests to your data are basically gone. If you’ve ever tried to “download a copy of your Facebook data” like I did, then you know how ridiculous this is.

Access Requests

We provide initial responses to access requests within a reasonable period of time, typically within thirty days. You can also download a copy of everything you’ve put into Facebook using our download your information tool.

You can access and correct most of your personal data stored by Facebook by logging into your account and viewing your timeline and activity log. You can also download a copy of your personal data by visiting your “Account Settings”, clicking on “Download a copy of your Facebook data” and then clicking on the link for your expanded archive. Learn more at: https://www.facebook.com/help/?faq=226281544049399

So in the end, no really fancy changes AFAICS.

For the official review of changes, see Facebook’s governance website.

Credits

I express my gratitude for Moresounds‘ music which helped me get through this boring task. Fortunately, this will soon be automated when the EFF’s TosBack is restarted.