Trainsplit sending data to Facebook?

typefish

Member
Joined
12 Sep 2019
Messages
24
Location
Heaton
I checked and TrainSplit has still been sending data to Facebook. I admit I am still confused as to what's innocent data-sharing and what isn't.
The data that is being sent to Facebook on the Trainsplit site is innocent - it sends across stuff like your screen resolution size, basic information about the page you're currently looking at

As a developer (not connected to Trainsplit), I find information like this very useful.
 
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

najaB

Veteran Member
Joined
28 Aug 2011
Messages
21,996
Location
Scotland
I admit I am still confused as to what's innocent data-sharing and what isn't.
That all depends what value judgement you ascribe to corporate intent. 99.9% of data sharing between sites is to tailor advertising. Some might say that's evil, others may say that it's useful. Either way, they just want to sell you more stuff.

The remainder has the potential to be harmful in that organisations other than advertisers can use the data to 'get into your head' and shift opinions subtly by using information about the sites that you visit to plant 'stories' that are more likely to catch your attention. For example, if they want to turn you to or against a particular political party, and know that you have an interest in railways (by virtue of visiting RUK) then rail-related propaganda pieces can be placed more prominently on sites that you visit.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
57,063
Location
"Marston Vale mafia"
The data that is being sent to Facebook on the Trainsplit site is innocent - it sends across stuff like your screen resolution size, basic information about the page you're currently looking at

As a developer (not connected to Trainsplit), I find information like this very useful.
Useful it might be, but we really should move away from collecting and sharing data because it might be useful, and more in line with both the letter and ethos of GDPR, namely that data should only be collected if it is necessary.

I can see no need at all for Trainsplit to send any data to Facebook (barring what would be necessary to fetch the image that constitutes the FB SSO link) unless you use the Facebook single sign-on facility (assuming it offers that). Therefore it should not do so. Or is that all it's sending, i.e. one HTTPS call to get the SSO link image?

Edit: sorry, SSO = Single Sign On, i.e. the way you can sign into various websites using Facebook or Google rather than registering for a separate account.
 

typefish

Member
Joined
12 Sep 2019
Messages
24
Location
Heaton
Useful it might be, but we really should move away from collecting and sharing data because it might be useful, and more in line with both the letter and ethos of GDPR, namely that data should only be collected if it is necessary.
If one wishes to spin it that way, then one could more than definitely say that collection of information, such as user agents, types of devices and screen resolution sizes - is definitely a necessary part of modern web development. Especially for an interactive retail website.
 

najaB

Veteran Member
Joined
28 Aug 2011
Messages
21,996
Location
Scotland
Useful it might be, but we really should move away from collecting and sharing data because it might be useful, and more in line with both the letter and ethos of GDPR, namely that personal data should only be collected if it is necessary.
You left an important word out there.
 

JB_B

Member
Joined
27 Dec 2013
Messages
926
The data that is being sent to Facebook on the Trainsplit site is innocent - it sends across stuff like your screen resolution size, basic information about the page you're currently looking at

As a developer (not connected to Trainsplit), I find information like this very useful.
What additional information do you get that isn't available from the DOM ?
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
57,063
Location
"Marston Vale mafia"
If one wishes to spin it that way, then one could more than definitely say that collection of information, such as user agents, types of devices and screen resolution sizes - is definitely a necessary part of modern web development. Especially for an interactive retail website.
It would be necessary for Trainsplit to collect that for their own purposes, but not to give it to Facebook.
 

typefish

Member
Joined
12 Sep 2019
Messages
24
Location
Heaton
What additional information do you get that isn't available from the DOM ?
Time.

I mean, time isn't wasted on writing things that already exist and are usable, and frankly, are probably better than I could make myself (due to more developers/ideas) if my time wasn't spent on other things.
 

najaB

Veteran Member
Joined
28 Aug 2011
Messages
21,996
Location
Scotland
It would be necessary for Trainsplit to collect that for their own purposes, but not to give it to Facebook.
What reason is there for Transplit not to give Facebook (or any other company) information such as the screen resolution of devices using their site? How is that incompatible with current data protection laws (letter or spirit)?
 

SickyNicky

Verified Rep - TrainSplit.com
Joined
8 Sep 2010
Messages
2,485
Location
Ledbury
Although I think najaB is correct in that there are no legal issues with using scripts such as these, I have removed the Facebook script from the master page now. I thought that I had done it before, to be honest, but it slipped though in one location.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
57,063
Location
"Marston Vale mafia"
What reason is there for Transplit not to give Facebook (or any other company) information such as the screen resolution of devices using their site? How is that incompatible with current data protection laws (letter or spirit)?
The letter of DP law is that you don't collect or transfer data about an individual unless you need to. This data may or may not be personally identifiable, but to me the spirit is that you only collect ANY data that you need, not just because you want it, and you do it transparently. This would include data about their machine because that's a possible vulnerability.

It's also worth bearing in mind that many people object to FB and so would not want data about them or their machine transferred to them unnecessarily.

Trainsplit would probably be in order collecting anonymised statistical data about their users' devices in order to better serve them, but transferring it to Facebook is well beyond that remit and I can understand why it would make some people quite unhappy if they are not a user of that platform.

Although I think najaB is correct in that there are no legal issues with using scripts such as these, I have removed the Facebook script from the master page now. I thought that I had done it before, to be honest, but it slipped though in one location.
Thanks, definitely the right thing to do.
 

JB_B

Member
Joined
27 Dec 2013
Messages
926
Time.

I mean, time isn't wasted on writing things that already exist and are usable, and frankly, are probably better than I could make myself (due to more developers/ideas) if my time wasn't spent on other things.

OK, thanks - that's an interesting answer.

I agree that the bits of information you've mentioned so far are "innocent" but if that's all your talking about then they're certainly trivial to obtain directly.

I would never choose to get that info from a third party (least of all facebook).

Possibly I'm a bit old-fashioned in this respect.
 

najaB

Veteran Member
Joined
28 Aug 2011
Messages
21,996
Location
Scotland
The letter of DP law is that you don't collect or transfer data about an individual unless you need to.
As you said - data about an indvidual. "A user visited the site using Mozilla with a screen resolution of 1024x768" tells you exactly nothing about the individual. "Don't send data to Facebook" stands on its own feet, there's no need for a faux appeal to data protection law. It's exactly the same as "Due to health and safety..."
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
500
I've dug a little further, and when I open the trainsplit app (without me trying to log in), it tries to access:

app-measurement.com
graph.facebook.com

I guess that the thinking behind that is that those two sites pay something (a tiny amount?) to trainsplit for the data that I am a train user, which can be sold on to an advertiser who will place tailored train adverts on web pages that I view in future.
 

SickyNicky

Verified Rep - TrainSplit.com
Joined
8 Sep 2010
Messages
2,485
Location
Ledbury
I can absolutely confirm that is not the case. I will ask the app developers why it's there.

Edit: app-measurement is Google Firebase Analytics. We use that to ensure that everything's running OK and to ensure that problems get flagged up quickly.
Edit2: graph.facebook.com is used to access Facebook information without needing to login to Facebook. See https://developers.facebook.com/docs/graph-api/using-graph-api/.

I'm not sure why the latter would trigger if you're not logged in, but I'll ask the question.
 
Last edited:

bob007

Member
Joined
21 Nov 2019
Messages
9
Location
Slaithwaite
With the app, the only way to stop sending data to Facebook is to remove any integration with them (and removing the Facebook SDK). If you must integrate with Facebook, don't use the SDK and just use the API directly. The SDK sends telemetry to Facebook whether you're logged in or not. Zoom (the video conferencing company) decided to remove it, explaining why here https://blog.zoom.us/zoom-use-of-facebook-sdk-in-ios-client/
 

TUC

Established Member
Joined
11 Nov 2010
Messages
2,315
So I might get adverts and offers on things I'm interested in rather than general ones? Yes please.
 

Bletchleyite

Veteran Member
Joined
20 Oct 2014
Messages
57,063
Location
"Marston Vale mafia"
That's pretty much my view on it - if I'm going to get adverts they might as well be useful ones.
I personally find all that to be slightly amusing, as any targetted advertising I see tends overwhelmingly to be for something I have already purchased.

It's like the whole thing is designed to encourage "buyer's remorse" but not to actually sell stuff! :)
 

mmh

Established Member
Joined
13 Aug 2016
Messages
2,643
I personally find all that to be slightly amusing, as any targetted advertising I see tends overwhelmingly to be for something I have already purchased.

It's like the whole thing is designed to encourage "buyer's remorse" but not to actually sell stuff! :)
Yes, and it's even sillier when the adverts are served by a company who know you've bought something, not just looked at it.

People claim Amazon are terribly advanced with "The Algorithms." They can't be that advanced, they seem to think there's such a thing as a collector of replacement Nissan windscreen wipers.
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
500
Only if you have a Facebook account. Think about it, if you don't have an account who or what would they associate any tracking information with?
Apparently they create shadow profiles for everyone.

The average Facebook user will consent to sharing their phone contact list and email account with Facebook, and from that they can build a database of everyone.

There are examples of lawyers and their clients being suggested to each other as Facebook friends even though they have only interacted on a professional basis.
 

najaB

Veteran Member
Joined
28 Aug 2011
Messages
21,996
Location
Scotland
There are examples of lawyers and their clients being suggested to each other as Facebook friends even though they have only interacted on a professional basis.
That's not quite the same as creating shadow profiles for everyone though, is it? Member A has B's phone number and Member B has A's phone number is a reasonable basis to tell each other that they're both on Facebook.
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
500
That's not quite the same as creating shadow profiles for everyone though, is it? Member A has B's phone number and Member B has A's phone number is a reasonable basis to tell each other that they're both on Facebook.
I agree, it wasn't a good example!
 

robbeech

Established Member
Joined
11 Nov 2015
Messages
3,112
One I've told before on here I’m sure, I once logged into gmail on someone’s laptop to send a file by email to someone else (they were in the room but their laptop was company issued and would not allow the use of usb sticks, but would allow files in emails). I then logged out again. A few hours later the owner of the laptop’s 13 year old son appeared as a suggested friend on Facebook.
 

bob007

Member
Joined
21 Nov 2019
Messages
9
Location
Slaithwaite
That's pretty much my view on it - if I'm going to get adverts they might as well be useful ones.
Would you be equally pleased to be shown factually-incorrect/heavily-biased political adverts?

For the government to use the data (this does happen) for spying?

It's not just about advertising products
 

WelshBluebird

Established Member
Joined
14 Jan 2010
Messages
3,278
One I've told before on here I’m sure, I once logged into gmail on someone’s laptop to send a file by email to someone else (they were in the room but their laptop was company issued and would not allow the use of usb sticks, but would allow files in emails). I then logged out again. A few hours later the owner of the laptop’s 13 year old son appeared as a suggested friend on Facebook.
Are you suggesting that you think Google send info to Facebook from Gmail? I doubt that as in terms of data usage, they are competitors.
Did you use Facebook on any device connected to the same WiFi Network as the laptop? Or did you open any emails that could be from or related to Facebook (some emails have what is called a "tracking pixel" in them for this purpose). If so what likely happened is that Facebook noted both you and the son had used a device from the same IP address in a short period of time and so assumed you would know each other.
Even if that isn't the the specific reason you were suggested him, it will be something similar. Pretty much any time something like that happens with Facebook, there will be a decent explanation (that is often true of products being advertised too, despite people still believing Facebook or Google listen to all their conversations and show ads based on them).
 

AnkleBoots

Member
Joined
8 Jan 2017
Messages
500
This feature is on 100k apps! I had had no idea it was so widespread, clearly Trainsplit is doing nothing out of the ordinary:

For the uninitiated, a lot of apps today use an Advertising identifier (IDFA). It allows developers and marketers to track activity for advertising purposes.
Plenty of marketing agencies backed by Google and Facebook run campaigns to record purchases, usage time, user actions, and subsequently serve personalized ads.
Over 100K apps on the App Store today have the Facebook or Google SDK integrated which tracks and sends your data to the tech giants and third party brokers.

When iOS 14 rolls out to the public this fall, users would be greeted with a dialog that asks them to “Allow Tracking” or “Ask App Not To Track” their ad identifiers.
The above is from https://medium.com/macoclock/apple-...ollar-ad-industry-with-one-popup-2f83d182837f
 

Top