mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

371K
active users

FB had to disclose a full list of database tables that contain user identifiers and a list of 'data pipelines' for analytics.

Unsealed court doc, 255 pages, listing 11,051 Hive tables and 1,190 source code files, from the NdCal/US lawsuit via @jason_kint@twitter.com:
storage.courtlistener.com/reca

@jason_kint@twitter.com So 11,051 database tables that contain IDs or other means of identifying a FB user, and thus may contain 'personal data' under the GDPR.

Did the Irish regulator or other EU authorities ever assess the legal compliance of this data processing? Did they even see this list at all?

@jason_kint@twitter.com Of course it's difficult to make solid conclusions just based on the names of Hive database tables, but the list still provides interesting insight and is certainly very useful for further investigations by courts or regulators.

Feel free to post interesting findings below.

@jason_kint@twitter.com FB database tables related to 'People You May Know' (PYMK)

(cc @kashhill@twitter.com)

Wolfie Christl

@jason_kint@twitter.com @kashhill@twitter.com contact_importer_matched_*
contact_upload_address_book_*
contact_upload_check_term_accepted_*
contact_upload_device_id_in_session_*
contact_upload_pymk_output_*
contacts_storage_*

device_info_event*
device_info_identifier_match*
device_signals_bluetooth*
device_signals_clvisit*
device_signals_deanonymization* (🧐)
device_signals_fingerprint*
device_signals_location*
device_signals_sensors*
device_signals_wifi_active_scans*
device_user_assoc*

background_location_batch_upload*
background_location_collected_ios*
background_location_signal_update*
background_location_wifi_state*

android_background_location_platform_event*

android_power_app_wakeup_attribution*
android_power_cpu_thread_attribution*

home_prediction*
home_router_reboot_device_signals*
honey_mobile_connection_event*

geoapi_is_traveling_prediction*
geoapi_location_jump*
geoapi_user_geo_grid_counts*
geoapi_country_profile_gps_match*
geoapi_histogram_deanonymization*
geofence_at_place_detection*

ios_location_services*
ios_location_visit_detection*
ios_platform_deep_link_share_flow*
ios_push_registration_events*
ios_scroll_performance*
ios_universal_link_opened*
ios_metrics_detection_impression_mismatch*
ios_feed_privacy_invalidation_polling_funnel*

There's more, e.g.:

nearby_friends*
nearby_places*

fitbit_active_users* (?)
epsilon_events* (the data broker?)
iab_*

salesforce_sync* (!)
sfdid_sync* (Salesforce ID sync?)

hub_mental_health_events* (h/t @korolova@twitter.com)
hub_mental_health_sessions*
mental_health_gratitude_logging*

custom_audience_pii_match_keys* (!!!)

custom_audience_user_upload*
custom_audiences_offline_offsite*

ads_custom_audience_customer_file_source*

lookalike_custom_audience_realtime_seeds_inc*
lookalike_custom_audience_realtime_seeds_offsite*
lookalike_features_v6*

graph_api_hits_third_party*
graph_api_hits_third_party_data_returned*
graph_api_potential_uid_leaks* (🧐)

health_graph_api*

first_party_graph_api_access_logs*
first_party_api_scraping_logs*

photo_match*
photo_match_sync*
photo_tagging_suggestions*
photo_location_suggestion*

fr_cookie_updates*

mobile_http_request_fbc*
mobile_http_request*

url_website_events*

ads_pixel_traffic*
ads_pixel_default_track_event*
ads_conversion_traffic*

ads_data_set_matched_events*
ads_data_set_offline_tailed_events*
ads_custom_data_event_partitioned_with_user_location

si_banhammer*
si_blackhole_filter*
si_blackhole_require_captcha*
si_dangling_assocs*
si_fake_engagement_user_scores*
si_fake_or_hacked_or_self_compromised*
si_fanout_target_ids*
si_outbound_clicks_signals*
si_same_datr*
si_spam_fake_mau*
si_ufac_abusiveness_features*
maybe_fake*

offline_signal_ingestion_events*
offline_solutions_for_brands_whitelist*

offsite_engagement*
offsite_conversion*
offsite_payments*
offsite_signals*
offsite_signals_short_retention*

onsite_events_actions_data*
onsite_feature_signals*
onsite_targeting_signals*

signals_server_to_server_integration* (?)
signals_smart_targeting_events*

signals_action*
signals_platform*
signals_health_events*
signals_growth_surface_impression*
signals_iwl_pixel_helper_upsell*

time_in_app_events*
time_spent_active_users*

online_events_raw_predictions*

unfriend_coefficient*

social_fabric_friend_presence_ufi*

unified_interception_events*

ad_device_idfa_reset*

user_phone_action_history*
cell_tower_info_detection*

ads_partner_integration_api_log*
app_events_matching*
app_events_pii_matching*

wa_targeting_model_scores …'wa'?

shopify_synced_discount_checkout_events*
ds_nielsen_ip_geo_prediction_empty_ip*

moat_nht_signals*
moat_sivt_signals*

loyalty_3p_api_logger_inc_archive*
loyalty_3p_events_logger*

fx_growth_identity_syncing*
fx_identity_sync_v2*
fx_unlink_by_account_deletion* …what's 'fx'?

The doc provides some insight into the heart of Facebook's global surveillance machine. But it's just hints not explanations.

A lot of acronyms, some of them might make sense when systematically looking into the docs. I didn't even manage to get into the file repository stuff…

And btw. this list of 11k Hive database tables with user identifiers:

- does not include anything related to other FB/Meta products like Instagram/Whatsapp
- excludes 'temporary' tables, 'infrastructure, operations, product testing' tables, and tables with 'transformed' data

🤔

Scheiße auf Mastodon.social läuft Code, bei dem irgendeine Klammer fehlt, die *SQL verblutet grad in @wchr's Thread.

$> [Ctrl]-[C]

Ah nee, warte. Wolfie, kennst Du pastebin?
Ach, jetzt begreif ich's. Das ist so ne Art Atzventzkalender für sql-Pentests.

$> DROP, Wolfie, DROP!

@blausand Falls das ein Vorwurf sein soll, ich hab ein paar Stunden unbezahlte Arbeit investiert, das durchzuschaun, bei Bedarf einfach unfollow...

Keine Sorge das war inhärente Anerkennung:
Ich hab immerhin ein paar unbezahlte Momente investiert, lustig klingen zu wollen.
Bei mir steht aber 'stets bemüht', bei Ihnen heißt es zurecht:
Gut gemacht, @wchr !

@wchr

> denanonymization

Why?! It's all so tiresome...