
Facebook Planned to Spy on Android Phone Users, Internal Emails Reveal - DyslexicAtheist
https://twitter.com/ashk4n/status/1099117028026118144
======
FakeComments
How is Facebook not producing malware?

I struggle to see how they’re legally different from malvertising: perhaps
there’s some vague terms about data or advertising (which also exists for
malvertising! you agreed to the ads!) but at no point was there a “meeting of
the minds” in which Facebook was authorized to bypass security mechanisms to
exfiltrate data from the system.

I don’t see how Facebook’s behavior is anything but classic “hacking”, and a
willful abuse of the CFAA.

I think it’s time we started addressing gigacriminals[0] like Zuckerberg: we
need to stop pandering to people who commit millions of crimes a day, at “web
scale”, and just use force.

If Facebook doesn’t want to get the memo that wanton criminality isn’t okay,
then it’s time to use force to correct the behavior.

[0] I use gigacriminal in the technical sense: I believe Mark Zuckerberg, as
the leader of an organization, has ordered over 1 billion criminal acts to be
commmitted for his profit.

~~~
deytempo
Send him to prison

~~~
riyakhanna1983
Lock 'em up!

------
Andre607
I know we have lots of FB employees at HN.

I would be genuinely curious to hear, via throwaway accounts if need be, about
how FB staff rationalise things like this happening.

Do you shrug it off as not a big deal in the long run? As FB still doing a net
amount of good versus what you perceive as isolated incidents like this? I'm
just in good faith trying to figure out how people willingly work and continue
to work for outfits that repeatedly engage in behaviour such as this. I know
there are lots of speculative reasons we can put forward, but I think we have
a great opportunity here in our community to have first-hand input.

~~~
beatgammit
I'm in a similar boat.

I worked with a group at Facebook, and I almost refused to take the project
on. I'm the type that has deleted me Facebook and uses a blocker to stop their
tracking, and when I showed up to work with the team, there were surprised
that I didn't have an account.

From what I could tell, the teams are fairly isolated and thus don't see the
forest for the trees. When someone points to an article like this, it seems
that they just shrug it off and think the author probably got it wrong because
it doesn't seem that way from the inside (again, they only work in isolated
teams, but still think they have enough of an insider's perspective to
discount it). Even huge companies we know now as bad had a ton of employees,
like Enron.

I would really like the perspective of someone "on the inside". Facebook is
one of the companies I trust the least with my data, yet they have so much
talent that I can't help but wonder how they convinced them to work there (is
it just the money?).

~~~
po7w0toqweug
Not a employee, and I like my data to be safe and not exploited as much as
anyone. But, let me try to take a swing at this.

First, obviously there is the money factor, you may choose to ignore it but it
is a big factor for many.

Second, the tech is truly state of the art and it is good experience/skill to
have/pickup.

Third, I'd say almost everyone passing judgement about people taking up such
jobs also judge having such jobs on your resume as a positive. That drives
one's value as a candidate up even post such a job. If people care so much why
don't they provide an incentive, would you hire someone who turned down such a
job compared to someone who gained experience in such a job? No one ever asked
me - so which jobs offers did you discard and why, during any interview.

Fourth, almost every big company has its scandals, now how does one decide
which ideal is worth giving up job offer for, is big financial ok? is big
pharma ok? is big tech ok? is big anything ok? is working on open source in
such a big something ok, say open source software others use at their jobs? is
a start up using questionable practices to get to the next level ok? define
what's ok according to you, and why do you expect that would be the same for
everyone else.

~~~
jka
Which technology at Facebook is state of the art?

I'd wager that for any area you pick - they probably have a lot of high-end
technology relating to image/video storage, data replication, machine
learning, and network-layer infrastructure - there are other more morally and
ethically sound places where engineers could learn and apply that same
knowledge.

We're already reaching the point where working for toxic companies is
considered a negative during resume review; I won't provide any such examples
here but the bay area tech scene is full of examples of environments where
being a former employee at a company can at least warrant raised eyebrows.

Scandals may occur; what matters is how the organization responds to them. And
yes it's certainly acceptable to leave an organization if you're not happy
with the way it has handled such situations.

The only point I find difficult to disagree with in your comment is the
monetary motivation.

~~~
po7w0toqweug
>Which technology at Facebook is state of the art?

Say data at scale, petabytes of data for example. I'd be curious to know if
you can name all companies that have this scale of data and are morally
acceptable to you. :) Google? Amazon?

> Scandals may occur; what matters is how the organization responds to them.
> And yes it's certainly acceptable to leave an organization if you're not
> happy with the way it has handled such situations.

While I can see your point of view, as an engineer you can find other
opportunities that may not be as lucrative but are comparably still good. But,
I also find it hard that its the engineers that get this judgement regularly
on HN while you give users and shareholders a free pass. A scandal surfaces,
repeatedly, users and shareholders don't care, nothing changes and for some
reason that's ok while engineers are expected to be the moral compass. Wonder
how many judging here use instagram/whatsapp/fb and/or own stock in such
companies, perhaps even have family and friends that continue to use these
services but somehow, I guess, its easier to judge strangers and expect them
to behave a certain way instead.

~~~
jka
For me personally, none of the 'really' major tech companies are; I don't
desperately enough need to work on the very cutting edge to trade-off against
morality. But I'm not innocent either, most actions have (ideally unintended,
and later rectified) negative externalities.

It'd be an interesting discussion to have with someone who feels like they
really _need_ to stay at the very peak of private data accumulation - because
in my view those actions are potentially very detrimental to wider society,
certainly depending on the culture. I'd extend more respect to Google than the
others from what I've seen, although opinions may vary elsewhere.

Regarding scandals and reactions - users and shareholders can and do care, and
they vote with their feet, or wallets, or ideally both.

The battlefield in these cases is over how much truth about the scandal and
resolution are published. A good organization will generally tend towards more
transparency in both, while perhaps keeping a few cards close so that they can
react to any potential retaliation (such is the world of rapid fake news that
we live in).

Edit: s/data accumulation/private data accumulation/

------
Nicksil
Save a trip to Twitter. Here's the link to the story:

[https://www.computerweekly.com/news/252458208/Facebook-
plann...](https://www.computerweekly.com/news/252458208/Facebook-planned-to-
spy-on-Android-phone-users-internal-emails-reveal)

~~~
creato
The twitter thread has a few of the source documents, and a few things not
mentioned in the story, this particular e-mail seems... interesting:
[https://twitter.com/ashk4n/status/1099146500725063680](https://twitter.com/ashk4n/status/1099146500725063680)

Also, that twitter user is a former senior leader at the FTC, and claims
something here to be "textbook @ftc deception":
[https://twitter.com/ashk4n/status/1099164648379580416](https://twitter.com/ashk4n/status/1099164648379580416)

~~~
throwaway00d36
Serious question -- how does Facebook keep getting hit with these 5+ year-old
emails getting published? Did they not have any email retention policy?

Is the root cause that they migrated off of email and did all their sensitive
discussions in "internal tools" with no actual data retention enforcement? If
so, that seems quite ironic.

~~~
dade_
Many people keep copies of emails. Perhaps they feel compelled to make the
information public, and maybe they felt more compelled once they received
their RSUs and cashed them in.

"Most full-time employees receive RSUs (restricted stock units) which are
shares that become sellable on a set schedule over four years. "
[https://www.quora.com/Do-Facebook-employees-get-stock-
option...](https://www.quora.com/Do-Facebook-employees-get-stock-options)

------
joeseeder
Where do fb recruit engineering talent ?

are we (engineers) really that indifferent to what organizations we support do
?

~~~
high_derivative
This is just an anecdote but being a PhD student at a well-known university in
CS I often hear from undergrads (via teaching) what they think about
companies/where they go for internships.

Observationally, ethics does not even enter the equation. Especially career-
driven students from backgrounds where name-brand prestige is important just
want such a name-brand on their CV.

Not that faculty are any better given how many academics effectively sign away
their lab to FB through 'collaborations'. All they see is resources to use,
name-brand recognition, a big personal pay-check, and publicity for their
work.

What I find most mystifying is that this is a literal non-topic. At best
someone may forward a blogpost about a security leak and make a snarky
comment, but I have never witnessed any political discussion.

~~~
joeseeder
I have had a quick run of an analysis - Academically vs Self trained Computer
Engineers among my peers.

From the small sample, it shows very strong correlation between working in
ethically questionable organisations and finishing Academia.

Is the opposite for most of my Self trained peers.

~~~
4ad
Anecdotal evidence, but that has been my experience as well.

~~~
fnordsensei
And mine as well, and anecdotal for sure. But, if there's something to it, I'm
not sure how to account for it. Though one thing comes to mind.

Some time ago, a study was performed in my home country to look into possible
correlations between academic performance and work performance among doctors.
As it turned out, the best performing doctors were not those with top grades,
at least not before entering medical school.

Those who did best had left high school with adequate grades, but not good
enough to get into medical school. Rather, they had spent time and effort with
supplementary studies to get their grades up to the level where they could
apply for medical school.

The possible explanation that was presented was that some of those who had
great grades straight out of school simply chose to become doctors because of
the promise of prestige and remuneration. Those who didn't, but still fought
their way into medical school, however, had a calling beyond money and status.

------
ggggtez
>Facebook, which charged 30% service fees on the transactions, revealed in the
internal email, “that an overwhelming majority of Apps using Facebook Payments
to solicit funds are likely fraudulent.”

No surprise here, again. Facebook launches a feature that allows criminal
behavior, reaps the profits, and only tries to roll it back after they are
under intense scrutiny.

There is an easy way to fix these repeated problems: Hire people who care
about ethics. Of course, the fact that they don't shows that they are only
looking for a rubber stamp.

What kind of "privacy" team do they have that approved all the garbage listed
here?

------
species9606
I work at one of Zuckerberg’s charitable organizations, but I’m considering
resigning because of this kind of thing. At some point it’s not possible to
separate the charity from the source of the money.

------
salawat
I think Computer Science needs to come coupled with exposure to a
philosophical ethics sub-curriculum. I run into too many intelligent people
who haven't ever spared a thought toward how to recognize "what is right? What
is wrong?"

Philosophy may not equip you with a concrete answer, but it definitely equips
you with the machinery to look at something and recognize there's more to the
question than some manager saying it's legit.

------
justapassenger
Yeah, everyone hates Facebook, but is there anything new here? Targeted
advertising based on location and relationship status? That's not a secret,
that's one of the biggest selling point of their product. Can someone explain
to me why should I be outraged?

------
AlexandrB
I've often argued that the basic "dumb fucks" sentiment from Mark Zuckerberg's
university days has not changed within Facebook's leadership and frequently
got push-back that Mark Zuckerberg has matured and is now a responsible
steward of our data.

I feel vindicated by news like this. It's pretty clear that privacy overreach
and violation at Facebook are not "accidents". It's standard operating
procedure.

