
Cow Game Extracted Facebook Data - jameshart
https://www.theatlantic.com/technology/archive/2018/03/my-cow-game-extracted-your-facebook-data/556214/?single_page=true
======
throwaway84742
Google must be sweating bullets right now. Every single Android app seems to
require access to every single thing, and there are hundreds of thousands of
them with a significant user base. Some do most certainly misuse the data they
collect. Maybe a small percentage, but a small percentage of 100k is still a
large number.

~~~
leggomylibro
Google is in a bit of a different position. The most information that a
malicious app on my friend's phone can access about me is what my friend has
stored on their phone about me.

Personal things like messaging history and contact information are certainly
enough to build a 'social graph', but what Google does not let apps do is
access the information _that Google stores about me on their servers_ just
because my friend has both my number and a greedy app on their phone.

~~~
trendia
CA was able to extract a personality profile from just likes.

Imagine what an app could do if they had access to your entire message
history! (Why would anyone give apps access to their messages? So that they
can send / receive special emoji, for example.)

~~~
criley2
So these days Facebook requires you to sign a contract to get any significant
data or permission any more.

I don't think Google does that...

------
guelo
This whole scandal is very weird to me. Everybody has known this about
Facebook forever. Most people have gotten bit at one time or another with apps
that spam their friends or do something else shady. And most people have
learned to be wary of Facebook apps.

Not that we shouldn't be outraged. I'm glad we finally have outrage. We should
have all been outraged a long time ago.

~~~
danso
> _Everybody has known this about Facebook forever._

This is not even remotely true, especially when it comes to the general
population. I'm not trying to slam you here, I was of same mindset too, since
at least 2009 (I stopped using API in 2013 and assumed things were clamped
down).

I don't want to be a nag on his, e.g. _Mustnt assume everyone knows what you
know!_ Rather, I think this is an advantageous mindset to have. Anything you
know in your profession, especially when it comes to tech or data, you can
assume plenty of people (including future customers) don't have a damn clue.

~~~
fareesh
I think the point here is that the media has failed in its responsibility to
inform. If we knew, they knew, and the reason the public didn't know is
because they media didn't turn this into prime time news, the way the
Cambridge Analytica story has been positioned. That matters.

~~~
untog
Did the media know? The attention being given to the Cambridge Analytica story
_by the media_ suggests that this is a new finding to them.

I think one of the societal problems we have right now is an overwhelming lack
of tech literacy. It affects the media but also (and more importantly)
government. People simply don't understand this stuff, and the problem isn't
going to go away, because if you _do_ have tech knowledge you can make far
more money as a developer than you can as a journalist or politician.

~~~
fareesh
The media most certainly knew that Facebook data was being used for political
campaigning.

[https://www.theguardian.com/world/2012/feb/17/obama-
digital-...](https://www.theguardian.com/world/2012/feb/17/obama-digital-data-
machine-facebook-election)

From the article:

> Barack Obama's re-election team are building a vast digital data operation
> that for the first time combines a unified database on millions of Americans
> with the power of Facebook to target individual voters to a degree never
> achieved before.

Also

> Consciously or otherwise, the individual volunteer will be injecting all the
> information they store publicly on their Facebook page – home location, date
> of birth, interests and, crucially, network of friends – directly into the
> central Obama database.

> "If you log in with Facebook, now the campaign has connected you with all
> your relationships," a digital campaign organiser who has worked on behalf
> of Obama says.

------
vanattab
I am all for taking a look at these privacy issues and seeing if we can
develop some new regulations to address these concerns but the way the media
covers this story is a complete joke. Obama was labeled a political geniuses
who was truly in-touch with the young generation when he used the Facebook
graph api to micro target ads but when Trump campaign uses the exact same
approach to micro target ads it is a despicable act that assisted in "theft"
of the election.

EDIT: In an attempt to protect my karma from those who have drunk far to much
kool-aid I should point out I did not vote for Trump and I think he is a total
clown. I just think the current clickbait/outrage media culture is far more a
danger to the american values I cherish then 3 more years of this ass-hat.

~~~
unfunco
I don't think it's a fair comparison, people weren't (or at least, fewer
people were) screaming fake news back then. It's not micro-targeting or
advertising that has people riled up, it's the way it is being been used.

~~~
vanattab
Exactly my point! People are not upset by "psychometric advertising" they are
upset that the other side making use of the technique. If you honestly think
both sides don't use the technique to engage in despicable disinformation
campaigns you've probably already drank a fatal dose.

------
dictum
Off topic, but since we're revisiting the skeletons of the past decade:

Act I - [https://www.theverge.com/2012/2/7/2782947/path-ios-app-
user-...](https://www.theverge.com/2012/2/7/2782947/path-ios-app-user-
information-collected-privacy)

Act II -
[https://twitter.com/davemorin/status/976624270477545472](https://twitter.com/davemorin/status/976624270477545472)

------
mnm1
I'd be shocked, shocked to hear of any companies that didn't take data against
Facebook's tos. I did a few Facebook integrations back in those days and none
of my employers have one fuck about us violating tos. This wasn't exclusive to
Facebook integrations either.

~~~
gaius
The TOS is _meant_ to be violated, so they can boot you at any point for any
whimsical reason in the future.

If it wasn’t it would be enforced in the code

~~~
Shish2k
How exactly does one enforce in the code a policy of "you can use the data
you've collected for the purpose you stated, but you can't use it for any
other purpose, nor share it"?

------
bwang29
The news title finally mentioned "brokers."Much have been talked about the
ease of collecting and extracting data, I'm wondering when it comes to SELL
data, how easy would that be and through what process a developer could find a
broker? And at what price? Is there a way to find a list of these brokers?

Would it be difficult for facebook to be aware all data brokers in the market
and also at what price point, under what agreement and and estimated
transactions volume?

~~~
rhizome
It strikes me as a little distasteful to ask for a roadmap to that business
model these days.

~~~
lainga
Do you find white-hat pentesters distateful, too?

~~~
rhizome
No.

------
drcongo
Link without an adblocker-wall:
[https://outline.com/wKv6uB](https://outline.com/wKv6uB)

~~~
leggomylibro
There's no 'adblock wall' if you have a script blocker such as NoScript, even
with scripts from 'theatlantic.com' allowed.

It is a bit tedious to manually allow js on websites to get them to work
properly but...gee, just refer to the article's topic. Scripts from
'facebook.net' are somewhat ironically, but predictably, loaded with the page.

------
MikeGale
Facebook's officially stated approach of "it's the user's decision" is right,
in my view.

The problem is that they were, and are, insincere in saying that. The user has
no option to say NOPE I'm not giving you, that, that, that and that. No way to
see what something does before giving them anything at all.

If that was done right users would have the choice.

Failing that Facebook is culpable.

The trouble with the culpable or "rule of law" approach though is that it's up
to politicians, maybe bored law enforcement people, maybe some bribery and
corruption. i.e. it generally works poorly if at all, all too often it
achieves the opposite.

I say avoid legislation and give individuals their own control. Real control.

------
newsat13
"For years, these transmissions were even conducted unencrypted, until
Facebook required apps to communicate with its service over a secure
connection."

Wow.

~~~
JetSpiegel
There was even Firesheep at some point.

------
ggg9990
The day I discovered all Likes were public I went and deleted all of them. God
knows who got them before I did that (and I’m sure Facebook still uses them).

------
zeta0134
This website redirects away from the article after a short while if you run an
ad blocker. I won't turn mine off, for reasons that ironically have to do with
a distrust of third party tracking networks.

EDIT: NoScript did the trick.

~~~
jasonmp85
I've just stopped reading anything on The Atlantic. Sites that do such things
are complicit in this problem.

~~~
chipperyman573
I see this comment all the time, what people often fail to realize is that if
you won't turn off your ad-blocker, the website _doesn 't want you_. You cost
them a small amount of money to deliver the content (bandwith) and they invest
a modest capital into creating the content (paying writers, etc), and you
offer nothing in return.

This doesn't mean you have to stay; if this behavior annoys you, don't read
their content. But don't complain that their website is "sending you away",
because that's exactly what they want. You laid out your demands (ignore the
fact that I'm using an ad-blocker), and they're showing you the door.

~~~
ballenf
Can you imagine if Walmart banned classes of visitors who were unlikely to
purchase things even though they use the toilets?

~~~
Splines
Stores do this already. Signs which read "Restrooms for customers only" are
not uncommon.

~~~
ballenf
That's not a "class" of customer, that's a status of being/not being a
customer.

Class of customer, in the sense of the question, is a visual attribute of a
customer making them unwelcome due the low probability of them being
profitable for the store.

