
A Man Who Stood Up To Facebook - krissara
http://www.npr.org/sections/alltechconsidered/2016/10/13/497820170/the-man-who-stood-up-to-facebook
======
CapitalistCartr
Orin Kerr is the country's leading attorney on Computer Crime Law(1) and The
Volokh Conspiracy writers are a powerhouse in Constitutional Law generally.
Its almost certainly too late for Vachani and Power Ventures; Facebook have
destroyed them, and any ruling is only symbolic, but for the rest of us, a
correct ruling is essential for the future of a free Internet.

Here is Orin Kerr writing about Power Ventures:
[https://www.washingtonpost.com/news/volokh-
conspiracy/wp/201...](https://www.washingtonpost.com/news/volokh-
conspiracy/wp/2016/07/12/9th-circuit-its-a-federal-crime-to-visit-a-website-
after-being-told-not-to-visit-it/)

1) [https://www.washingtonpost.com/news/volokh-
conspiracy/wp/201...](https://www.washingtonpost.com/news/volokh-
conspiracy/wp/2016/10/13/the-path-of-computer-crime-law/)

~~~
War_Machine
After Power's IP addresses were blocked by Facebook, couldn't Power use the
user as proxy to access Facebook instead? In other words, have the user
(through some Power provided tool I suppose) access Facebook and feed Power
the information it wants to send.

~~~
downandout
The problem is that this probably violates Facebook's TOS. Enabling a TOS
violation for users as a business model would make for a pretty easy tortious
interference lawsuit by Facebook against Power.

~~~
wtallis
It seems like it would be pretty hard to draft TOS that prohibit the user from
running a program on their own machine that requests, processes, and outputs
data on the user's behalf without banning more traditional user agents like
web browsers and proxies.

~~~
downandout
If I remember correctly, Facebook prohibits users from supplying third parties
with their Facebook Login credentials for the purpose of that third party
logging in on their behalf.

Edit: From Section 4(8) of the Facebook TOS [1]:

 _" You will not share your password (or in the case of developers, your
secret key), let anyone else access your account, or do anything else that
might jeopardize the security of your account."_

[1]
[https://www.facebook.com/legal/terms](https://www.facebook.com/legal/terms)

~~~
wtallis
How does that apply to the suggested workaround of the user running the
necessary content scraping on their own machine and pushing the results to
Power?

~~~
proksoup
To be specific, we mean like a chrome plugin or something at that level,
right?

------
athenot
The elephant in the room is that facebook wants to directly engage with their
users in order to control the advertising aspect. This startup uses the side-
effect of Facebook (platform for friends to share stuff) while cutting out the
business value proposition (advertising).

This is sad because I'm increasingly getting annoyed at Facebook's
positionning between me and my friends. It's promoting behavior that is
different from real life as they stand to gain from stoking outrages and
heated discussions: more active user engagement!

~~~
whybroke
>It's promoting behavior that is different from real life as they stand to
gain from stoking outrages and heated discussions: more active user
engagement!

This undoubtedly has very serious consequences beyond merely being annoying.
Trending untrue news stories, encouraging post-true controversy and providing
an echo chamber for these things to intensify and become ingrained.

And doing these things on a enormous scale to a huge percentage of the
population such that vast swathes of people can no longer even agree on basic
facts.

It would be interesting to see how much of the bizarre political events in the
west are a result of social media in general and Facebook in particular.

~~~
zardo
I've recently started seeing what I can only call christian jihadi propaganda
on my newsfeed.

The Clintons assassinated Scalia and they are going to force you to renounce
God or put you on the cross.

~~~
ZainRiz
Bro, I'd ask you to not use the word "jihadi" as a slur. The word means one
who strives, physically or mentally, for the sake of good. The fact that it's
been hijacked by deviant so-called "religious" groups doesn't change what the
word really represents.

And reinforcing the notion that those deviant groups are jihadis just
strengthens the claims of ISIS and Al-Qaida that they're the ones properly
following their religion, when more than 99% of the muslim world rejects them
completely.

~~~
hueving
It's ways higher than 1%. [http://www.politifact.com/truth-o-
meter/statements/2016/jul/...](http://www.politifact.com/truth-o-
meter/statements/2016/jul/20/newt-gingrich/gingrich-9-pakistanis-support-
isis/)

Almost 1 in 10 supporting savage violence and meaningless destruction.

It's not the poster that made it a slur, it's the insane violence supported by
a non-negligible portion of Muslims that made it a slur.

~~~
whybroke
Twice that rate of Germans (16%) and Americans (18%) think the Sun goes around
the earth.[1]

So does 9% really indicate a key culturally defining characteristic?

[1] [http://www.gallup.com/poll/3742/new-poll-gauges-americans-
ge...](http://www.gallup.com/poll/3742/new-poll-gauges-americans-general-
knowledge-levels.aspx)

~~~
hueving
As long as thinking the sun goes around the earth doesn't induce violent
murders, I don't care.

------
treve
> "The word spam is kind of like calling someone a rapist. It has — in [the]
> digital world — calling someone a spammer is the worst thing you could
> possibly call them."

I really don't feel that spammer and rapist are even in the same league.

~~~
deckar01
It's not the same, but it is a powerful metaphor. Wanted email is to
consensual relations as spam is to physical violation.

~~~
kazinator
It's a very bad metaphor, because the "spammer" term is thrown around casually
in IT and is often false. For instance, someone might be called a "spammer" if
they post a lot to some forum, by someone else who disagrees with them.

If you equate "rapist" with "spammer", you might be regarded as trivializing
"rapist" accusations as being usually false and frivolous in the same way.

~~~
ghurtado
> If you equate "rapist" with "spammer", you might be regarded as trivializing
> "rapist" accusations as being usually false and frivolous in the same way.

I don't think he was equating the two at a legal or moral level, just
presenting an analogy with regards to:

\- The likelihood of false accusations being similar in both cases (higher
than the norm)

\- The devastating social consequences of falsely accusing someone of either
crime, even where no proof exists

Having said that, there are circles where false accusations of "rape" are
sometimes thrown around rather frivolously, and where the term is being
stretched to include other lesser crimes, such as crimes of expression
("verbal rape") and sexual harassment. You may not be familiar with these
circles, but they do exist. If you've ever heard someone use the term "he
raped me with his eyes": this is the action that trivializes the actual crime
of rape.

Making the observation that this subculture exists in no way trivializes
actual cases of rape.

I think this may have been the intent of the analogy.

~~~
dalke
Even when considered only as an analogy, and not the serious point about
trivializing "rapist", it's a lousy analogy.

Consider a panhandler asking you for money on the street, someone passing out
fliers in a mall, a street hawker, or even someone asking for directions.
These can all be unwanted physical interactions.

Think also of the religious people who go door-to-door asking very politely if
you've found everlasting life, or historically (thinking now of the Hare
Krishnas and the movie 'Airplane') at an airport terminal.

Or for that matter, someone working in a boiler room call centers.

I submit that spamming is much closer to these unwanted public interactions
than anything like rape.

Furthermore, calling someone a spammer does not have "devastating social
consequences", despite what Vachani said. For example, stand up at a
conference and yell "the speaker is a spammer!" What devastating social
consequences might the speaker face? Is it as devastating as calling someone a
speeder, a pot smoker, a thief, a rapist, or a murderer?

~~~
ghurtado
> I submit that spamming is much closer to these unwanted public interactions
> than anything like rape.

None of those things are illegal, so you've already failed the most basic test
for the analogy. Furthermore, you still seem to be missing the point that this
is not an analogy between spamming and rape, but between _falsely accusing
someone of spamming and falsely accusing someone of rape_.

> Is it as devastating as calling someone a speeder, a pot smoker, a thief, a
> rapist, or a murderer?

In your contrived hypothetical, any of that name-calling (because nobody could
seriously call that an "accusation") would have the same consequences: none
whatsoever for the target and being laughed out of the room for the "accuser".
I'm sure you already realize that.

Of course, this is not at all what anyone is talking about. We're talking
about falsely accusing someone of spamming, in a _credible_ manner, and _from
a position of authority_ , which is exactly what happened to the individual in
the article. If you don't think this had any consequences for him, then may I
suggest that you read the article.

Surely you understand that there is a very big difference in consequences
between yelling "spammer!" at the next person you see vs a multibillion dollar
corporation suing you for being a spammer and sending their hordes of lawyers
after you.

~~~
dalke
Spamming is not illegal, if it follows the CAN-SPAM Act of 2003.

FB claimed that Power Ventures's actions fell under the CAN-SPAM Act, and was
a violation of the act, and was a willful violation so FB could get 3x damages
as restitution, plus attorney fees.

There is nothing like that in rape law, where some rapes are legal and some
are illegal. There _are_ things like that in anti-peddling laws, which might
allow only licensed peddlers in a region, or in telephone solicitation laws,
which might restrict when calls can be made or prevent solicitors from calling
people on a no-call list, or anti-bill posting laws which restrict posting a
few public bulletin boards or kiosks, or anti-begging laws which prohibit
aggressive panhandling.

That's of course the legal distinction. Perhaps there is a cultural similarity
in antipathy between the two that I don't recognize?

You point about my hypothetical is valid. I was thinking more of conferences
with an anti-sexual harassment policy which obligates the organizers to be
more responsive to claims of rape than claims of murder, even if there is no
other evidence.

So, here's something more concrete. In
[http://www.swordandthescript.com/2014/06/linkedin-spam-
reels...](http://www.swordandthescript.com/2014/06/linkedin-spam-reelseo/) we
see that Grant Crowell complained about "crass spam" by ReelSEO in advertising
for their conference. He provided evidence of receiving on Linkedin, in one
week, "the same message sent four different times, from three different
people, including Greg Jarboe, co-founder of the marketing firm SEO-PR."
ReelSEO (now known as Tubular Insights) responded to the complaint by by
saying 'opt out'.

This is not illegal spam under CAN-SPAM. However, and IMO, Crowell does
correctly refer to it as spam. This is within the usual cultural definition of
spamming.

What are the "devastating social consequences" which resulted from that
verified claim? I note that ReelSEO is still in business, under the new name
"Tubular Insights". Should Crowell and others avoid using the term 'spammer'
for anything other than verifiable CAN SPAM violations, because of these
consequences?

Now, imagine that someone made a claim of being raped, and had evidence to
prove it. Do you really think that the reactions would be the same? (Nor can
one "opt out" of rape, showing yet again it's a poor analogy.)

As for "a multibillion dollar corporation suing you"; I look at how ACORN was
shut down due to partially falsified and selectively edited videos when the
ACORN members did nothing illegal or inappropriate. The devastation came from
how FB's money and power could magnify any sort of FUD.

Now, I can be wrong. Wikipedia tells me that ~1% of all spam really meets CAN
SPAM's requirements, so there are a lot of spammers out there. Who else has
faced the devastating social consequences of being called a spammer?

~~~
ghurtado
Some very valid points indeed.

> What are the "devastating social consequences" which resulted from that
> verified claim?

If there's one thing I can confidently back off from is having used the word
"devastating". That was, in hindsight, rather hyperbolic.

I think at this point I'm defending the analogy far more than I intended to.
I'm not in love with it, I just thought it was being misperceived as an
analogy of consequences of the crime itself, when to me it was meant to
illustrate a comparison between two crimes which (justly or not) are known for
being associated with false accusations / low burden of proof.

> Who else has faced the devastating social consequences of being called a
> spammer?

If we drop the words "devastating" and "social" from the question (which I
realize I introduced), the answer would be "any business who has unfairly been
blacklisted by mail providers, blacklisted from Google search results, has had
their hosting account suspended, or has been targeted by things like DDoS
attacks". These cases do exist, and I've worked at companies affected by this.
I do agree now that the consequences (specially at a personal level) are
clearly not as serious as being falsely accused of rape.

Thanks for the discussion :)

------
kbenson
_Vachani is based in Brazil, where life is more affordable. He flies into San
Francisco a lot, though, in an ongoing effort to stay in the tech biz._

So, open question, how much cheaper does it have to be in Brazil to make it
worthwhile to live there because it's cheaper, if you are flying into SF a
lot? I mean, I know SF is expensive, but presumably if you are willing to make
~$600 flights on a regular basis, you would be willing to commute a few hours.
Within two hours of SF, things aren't exactly _cheap_ , but they are cheap
relative to SF. How much cheaper does Brazil have to be (living in at least a
moderately sized city) for this to effective, assuming he flies into SF 8
times a year?

This of course ignores other reasons he may want to live in Brazil (such as
family), because that wasn't how it was presented.

~~~
kareemsabri
Rent is the killer in SF. Forget about Brazil and imagine even a cheap
American city.

1BR apartment in SF is ~$3300

1BR apartment in New Orleans is ~$1300.

$24K/yr in savings on rent alone. Even if you fly in 8 times per year, for a
round trip cost of $1K with food and accommodations, you're still well ahead.

If you live abroad, and can earn USD and take advantage of the exchange rate,
you're even farther ahead. A 1BR apartment in Sao Paolo is ~600USD.

~~~
kbenson
> 1BR apartment in New Orleans is ~$1300.

Sure, but my point was that if you view SF as integral for some reason, you
can find 1BR apartment rentals for ~$1300 (and 2 bedroom for $1400) an hour
North of SF. If you're willing to go slightly over 2 hours from SF (which if
you've considering flying in occasionally isn't bad at all), you can find 2 BR
apartments for <$1000 in Ukiah.

It's not a beach in a tropical climate, but it sure is cheaper, and you could
actually swing commuting in once or twice a week without too much strain
(depending on whether you do it during rush hour). Too rural for you?
Sacramento, the state capital, has apartments available for not much more (and
a similar non-rush hour commute).

There's a trade-off going on here, and I'm wondering at what point it makes
more sense to fly in from outside the country compared to just commuting a few
hours occasionally.

~~~
rokhayakebe
I am sure living in Ukiah is different from Sao Paolo.

~~~
kbenson
Well, yeah. But living in SF is different than Sao Paolo as well.

The point is one lets you get to SF (which we are assuming is important for
the purposes of this discussion) within a couple hours with a car at the cost
of gas and you can go back home a the end of the day. The other requires 12+
hours in a plane and costs of $600+ per trip, and you need to find a place to
stay when you get into SF.

Each have benefits and drawbacks. I just thought it would be interesting to
discuss those.

------
achow
Because of this I discovered the book 'Chaos Monkeys' and immediately bought
it! The top Amazon review decided it for me..

Amazingly accurate coverage of Facebook's internal culture, the good, the bad,
and the ugly. (Plus much, much more!)
[https://www.amazon.com/review/R2GQCWUZKVOY10/ref=cm_cr_dp_ti...](https://www.amazon.com/review/R2GQCWUZKVOY10/ref=cm_cr_dp_title?ie=UTF8&ASIN=B019MMUAAQ&channel=detail-
glance&nodeID=133140011&store=digital-text)

~~~
krissara
Its been on my to read list as well. We need more insight into the business
practices of big tech companies like FB and Google, that control so much
wealth.

------
szx
So you own your data but they won't let just any app touch it. Apps need to
comply with certain conditions and FB retains complete control.

Where it gets interesting is when someone like this guy tries to circumvent
this arrangement by having the user willingly supply them with their
credentials.

FB would never blame the user, even though that's arguably the correct way to
respond, because that's a PR disaster. Whether the guy in this particular
story seems shady or not, it seems inevitable that FB would take the path of
litigation to destroy anyone who exposes the dissonance in the way they run
their business.

~~~
joesmo
If FB retains complete control, you don't own your data. If you own your data,
FB (or any other party) cannot retain complete control. Otherwise, what is the
meaning of "own" that you have redefined the word to mean?

~~~
odbol_
Own in the very legal sense that it is your Intellectual Property, even though
you have no real control over it once it gets into their hands.

~~~
joesmo
After the license you give FB and most other such sites, yes, while legally
you own the material, practically you no longer do because they are legally
allowed to do whatever they want with it. I'm not going to address the
stupidity of copyright law here, however.

------
the_watcher
This highlights two major issues, to me:

* Wow does the CFAA need reform.

* With the rate that tech is advancing, it's becoming a problem how unfamiliar with it many in the justice system are. It's not a knock on them at all - it's hard to keep up for those of us working in the industry. I'm not sure what the best solution is outside of trying to make sure that the laws are as correctly formulated as possible, and even that's only a partial fix.

~~~
jedberg
> With the rate that tech is advancing, it's becoming a problem how unfamiliar
> with it many in the justice system are.

People say that a lot. But yet you don't really hear doctors saying "how can a
judge hear a case about a medical issue!" (look maybe some say that but not a
lot).

The court has a solution for this -- they have expert witnesses and amicus
briefs.

The problem is that technologists are allergic to politics (filing amicus
briefs is basically politics as is lobbying), so they won't do what they need
to do to make tech issues heard.

~~~
the_watcher
> But yet you don't really hear doctors saying "how can a judge hear a case
> about a medical issue!"

This actually is something that comes up reasonably often. In fact, when I was
in law school, an entire week of Torts was spent on precisely this issue. It's
not unique to technology, but the _frequency_ in which it comes up, as well as
the total number of people directly (by that, I mean their day to day life
could materially change overnight) is much higher.

You aren't wrong about technologists and politics, though. I hadn't really
thought about amicus briefs as a solution, thanks for pointing it out.

------
panic
Cross-network dashboards like the one described in the article help make the
world more open and connected. Facebook ought to be supporting this guy.

~~~
lucb1e
For those like me who missed it at first, "make the world more open and
connected" is Facebook's "official mission" (i.e. what the PR department
claims they do).

But it's directly in contrast with what makes them money, so obviously they
won't.

------
yunruse
_Facebook is not appealing the spam decision and, the spokesperson points out,
it has won on hacking so far._

The wording of 'won on hacking' is extremely worrying, if it is verbatim.
Facebook seem to act here as if they can steamroll over power-users who stray
too far from the 'norm', so to speak, without consequence: while it is true
that all companies must try to save face, accusing an app developer of hacking
and spamming is too far.

I guess not appealing the spam decision is some small humility, but treating a
lawsuit like a competition to 'win' has certain implications on Facebook's
strategy.

------
anewhnaccount
Didn't Facebook used to ask to log in to your email to import your contacts to
look for friends? Sure, unlike LinkedIn they at least actually asked first,
but I think it shows how there's one law for the incumbent and quite another
for the rest.

------
gondo
Isn't this similar case as Zenefits vs ADP? Power Ventures accessing Facebook
on behalf of their users, same way as Zenefits was accessing ADP? I did not
follow the Z vs A case, just barely remember that it happened.

------
xseven
I wish all the articles had an unbiased TLDR attached to it.

I came here for the clickbait, not the story!!

~~~
lucb1e
Dude realized "hey, you own your content, not Facebook, even after you post it
on Facebook. So with users' consent, I can download their data from Facebook
and display it on my own website, right?" Thus he wrote something where people
would enter their Facebook and other social network logins, and the site would
aggregate their data. Basically a cross-platform social network.

Facebook was the only website to respond at all. They sued them for
downloading data. (You own it, but when you try to get it out, you can't.)
Facebook called it "spamming" and "hacking". The courts didn't really
understand the topic (the article claims) but finally in the 9th district
court the spam claim got thrown out and Facebook said they won't challenge
that decision because there is still the hacking claim to be fought over.

How asking someone to give you a password for a specific purpose and then
using that password for that specific purpose is hacking is beyond me. But
then the article is fairly one-sided so I don't know the full story. The legal
battle continues.

~~~
gwbas1c
Maybe they were scraping or abusing an API? That's a bit of a stretch of
"hacking."

------
nchelluri
Wouldn't it (or couldn't) it be a violation of TOS to share your FB password
with another site?

Does FB now have an option like Google to export your data? I thought that was
a nice touch on Google's part; I vaguely remember reading it was championed by
some people in the company who really wanted to avoid locking people in out of
their own moral convictions.

I confess to not seeing the bigger picture here: I don't see how all of this
can be equated to locking a user's data into Facebook. Would it be against TOS
to write a FB app that crawled a user's graph and downloaded all of their
data?

~~~
ebzlo
You can export your data:
[https://www.facebook.com/help/131112897028467/](https://www.facebook.com/help/131112897028467/)

------
jedberg
If I say you can put your diamond ring in my house and then give you a key,
but tell you that if you want your ring you have to let me talk to you for
five minutes every time you get it, and then you give your key to a friend who
I don't like, don't I have the right to keep that person out, even though you
gave them the key I gave you?

Basically this guy is your friend I don't like.

I understand not liking the walled garden, but if you don't like it, then you
shouldn't enter it in the first place. Don't go into the garden and then give
your friend a key to the place just to avoid me.

~~~
kodablah
I think this is a poor analogy. You could get closer if you changed this:

> but tell you that if you want your ring you have to let me talk to you for
> five minutes every time you get it

to:

> but mumble to you (unintelligibly, interspersed with vast amounts of
> mumbling about other things) that if you want your ring you have to let me
> talk to you for five minutes every time you get it

While many on this site keep up with some of these things and can weigh the
cost/benefit of using a walled garden, many do not. To tell someone "if you
don't like it, don't do it" while completely avoiding the question of
subversiveness on the part of the contract maker is disingenuous and not
giving both sides of the argument a fair shake.

------
6stringmerc
Sounds a lot like the product in question relied on a Man-In-The-Middle-As-
Service protocol and I can reasonably conclude why other service providers
might find that approach as unwelcome and written-out of their Terms of
Service. I don't see Facebook taking the same approach to something like
LastPass. I'm not inclined to give either party in this one a whole lot of
blanket endorsement or scorn, I think each side has some noteworthy concerns
regarding both motivation and methods.

------
happyslobro
This man is a hero of our times. I am going to show his story to all of my
Facebook friends. Fuck Zuck.

~~~
sctb
> _Fuck Zuck._

Please don't include this in comments on Hacker News.

~~~
zanethomas
why not?

~~~
meichenf
Be civil. Don't say things you wouldn't say in a face-to-face conversation.
Avoid gratuitous negativity.

When disagreeing, please reply to the argument instead of calling names. E.g.
"That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
zanethomas
I would say it to his face, but point taken. :)

~~~
colejohnson66
Fair enough, but just because you'd say it to someone's face doesn't make it
civil

~~~
zanethomas
But here's the problem with censorship (which you have said the previous
writer should impose upon himself):

I consider what Facebook is doing to be far more uncivil than use of the word
Fuck. Should the word Facebook be censored because what it refers to offends
me?

------
gjolund
I have said it before, and I will say it again.

Facebook is the folly of our generation. We are already paying the
consequences of giving away our right to privacy, and it is only going to get
worse.

