this post was submitted on 09 Sep 2024
43 points (100.0% liked)
Aotearoa / New Zealand
1656 readers
17 users here now
Kia ora and welcome to !newzealand, a place to share and discuss anything about Aotearoa in general
- For politics , please use !politics@lemmy.nz
- Shitposts, circlejerks, memes, and non-NZ topics belong in !offtopic@lemmy.nz
- If you need help using Lemmy.nz, go to !support@lemmy.nz
- NZ regional and special interest communities
Rules:
FAQ ~ NZ Community List ~ Join Matrix chatroom
Banner image by Bernard Spragg
Got an idea for next month's banner?
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
In short: it's not anonymous.
They're using a hash function on personally identifying information such as names, addresses, DoB and phone numbers, but Facebook and LinkedIn have enough data that they could work out what hashes correlate with which names, addresses etc. , which would enable them to correlate the hashed data with a specific person that has that data already, and from there they can correlate the hash of the data they don't have for that person with other people in the data that they do have the data for to add more data for that person.
e.g. Someone left NZ in 2015, but hasn't logged into Facebook since 2010, so Facebook doesn't have any up to date data on them, but if they run thier name and DoB through the same hashing function that the IRD used, and say they find one result, then they can update thier database with the persons new data from the IRD.
They just need to find users in thier data where there's only one result for each of the resulting hashes, and can also create new entries in thier database for people who've never even used Facebook but were in the data the IRD provided.
To understand the specifics you'd probably need to do an OIA request or something IDK.
I guess my question is why they upload hashed personal information instead of not uploading the information at all.
I found some answers searching the Facebook help pages.
https://www.facebook.com/business/help/112061095610075?id=2469097953376494
https://www.facebook.com/business/help/341425252616329?id=2469097953376494
Long story short, though not explicitly stated, the idea here seems to be that they want to match name, email, phone number, address information you provide against records they already hold. The hashing is done by Facebook and is ostensibly to make sure Facebook already holds the info. I.e. they want to match the phone number to one they already hold, not add the phone number to an account they didn't have it for.
Long story short, nothing in here is anonymous, they don't pretend it's anonymous as the point is to match against real profiles, and IRD seem to have misunderstood.