What the actual fuck!

  • Venat0r@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    4 months ago

    In short: it’s not anonymous.

    They’re using a hash function on personally identifying information such as names, addresses, DoB and phone numbers, but Facebook and LinkedIn have enough data that they could work out what hashes correlate with which names, addresses etc. , which would enable them to correlate the hashed data with a specific person that has that data already, and from there they can correlate the hash of the data they don’t have for that person with other people in the data that they do have the data for to add more data for that person.

    e.g. Someone left NZ in 2015, but hasn’t logged into Facebook since 2010, so Facebook doesn’t have any up to date data on them, but if they run thier name and DoB through the same hashing function that the IRD used, and say they find one result, then they can update thier database with the persons new data from the IRD.

    They just need to find users in thier data where there’s only one result for each of the resulting hashes, and can also create new entries in thier database for people who’ve never even used Facebook but were in the data the IRD provided.

    To understand the specifics you’d probably need to do an OIA request or something IDK.

    • Dave@lemmy.nzM
      link
      fedilink
      arrow-up
      4
      ·
      4 months ago

      I guess my question is why they upload hashed personal information instead of not uploading the information at all.

      I found some answers searching the Facebook help pages.

      https://www.facebook.com/business/help/112061095610075?id=2469097953376494

      https://www.facebook.com/business/help/341425252616329?id=2469097953376494

      Long story short, though not explicitly stated, the idea here seems to be that they want to match name, email, phone number, address information you provide against records they already hold. The hashing is done by Facebook and is ostensibly to make sure Facebook already holds the info. I.e. they want to match the phone number to one they already hold, not add the phone number to an account they didn’t have it for.

      Long story short, nothing in here is anonymous, they don’t pretend it’s anonymous as the point is to match against real profiles, and IRD seem to have misunderstood.