
FTC Weighs Seeking Injunction Against Facebook over How Its Apps Interact - t23
https://www.wsj.com/articles/ftc-weighs-seeking-injunction-against-facebook-over-how-its-apps-interact-11576178055
======
s3r3nity
Not sure I quite understand the argument against Facebook here, though I might
just be missing something.

The market for messaging apps is pretty saturated with competitors at the
moment; if I didn't like their WhatsApp and Facebook accounts merging, for
example, I could just bounce to iMessage / Kik / Snap / Telegram.

Whether or not you agree / disagree with the security & user experience
argument from FB (I personally can see both sides,) the low switching costs
will always mean the user has quite a bit of power here.

~~~
freehunter
"The users can just switch" doesn't actually work when the switching costs are
high, and the switching costs for a social network are a lot higher than you
are making it seem.

If all of my friends are using WhatsApp, either I have to use it too or I have
to convince everyone to switch to my preferred app just for my sake. And in
the case of iMessage, I have to ask them to switch their phone too.

If these systems could interoperate with each other it'd be different, but as-
is, the switching costs are astronomical.

~~~
scarface74
So what should the government do? Tell all your friends not to use WhatsApp?

How do you propose that you get interoperability and security?

iMessage already interoperates with the standard phone messaging protocol -
sms.

~~~
giancarlostoro
The benefit of iMessage is the encryption. Which SMS doesnt compare to that
level of encryption used by Apple. Would rather iMessage be a paid for Android
app. I woulda bought it but I might just switch phones altogether. Sick of
Googles spying and political regime insanity (see Project Veritas).

------
rshnotsecure
Over the last 2 months, I've noticed Facebook has almost completely stopped
responding to any vulnerability finds or bug bounty tickets submitted. It's
gotten really bad.

For instance, right now all 70,000,000 of the Facebook users in Vietnam have
their information posted online on an open web server. I am not going to post
it just yet in the last hope that someone from FB will reach out to me, but
the info is their along with their IMEI number, cell phone number, information
on what ads they've seen and clicked on, etc. For some users there are
absolutely private messages, it appears to be only for Muslims in Vietnam
though (so not all nor am I saying all).

Until yesterday, the S3 bucket [https://whatsapp-
messages.s3.amazonaws.com](https://whatsapp-messages.s3.amazonaws.com) was
open. You can search CNAME records if you have a SecurityTrails subscription,
and this bucket belongs to a certain FB contractor. In fairness it could have
been something known as "Domain Shadowing" whereby you secretly hack a groups
subdomain records for evading firewall purposes, but in that case the argument
still stands.

It had over 13,000 pictures from various Latin American police departments
that change every few days while I tracked it.

NOTE: FB Security ppl, my email is in my profile.

EDIT: This is a very good paper from Tsinghua University in 2016 on Domain
Shadowing, which more people should be aware of. Check your subdomains, and
make sure you use the free option in SecurityTrails to do it. Passive DNS
checks aren't enough here:
[https://faculty.sites.uci.edu/zhouli/files/2018/09/ccs17.pdf](https://faculty.sites.uci.edu/zhouli/files/2018/09/ccs17.pdf)

~~~
spamfilter
I'm sorry, rshnotsecure but until you come up with those 5k words you promised
about ProtonMail, CreditKarma and a huge list of others being fronts for spy
agencies[1] your posts will only ever be titillating scuttlebutt for me.

Last we heard you had the lounge room covered in butcher's paper, plotting it
all out and _gave your literal word_ that you'd post that "report" within 96
hours. That was 42 days ago.

I have no idea if what you say about FB's server in Vietnam is true and I'm
not here to argue with you. The pity is that you post about interesting
things.

But if making big claims with unshakeable evidence "to come" which never
actually arrives is something that we deplore in our politicians and
mainstream media, why let it creep in here?

[1]
[https://news.ycombinator.com/item?id=21412052](https://news.ycombinator.com/item?id=21412052)

~~~
rshnotsecure
Here's the Vietnam server:
[http://125.212.244.27:9200/_cat/indices](http://125.212.244.27:9200/_cat/indices)

This is the indice you are looking for. 71,000,000 records.

yellow open fb_vietnam ChkUhOlHQpO_RozynrZdXA 1 1 71839979 11829285 10.1gb
10.1gb

You are right on the 96 hours vs 42 days thing though. It's a lot of work man.
No one has volunteered to help. There are a ton of ASNs what can I say lol. I
will post about CreditKarma today. Not ProtonMail.

Type in "openvpn.creditkarma.com" to Spyse.com please. What do you see? It
says it points to a server in Tunisia right? And that server has 10,000 other
host names on it almost all from...hnagroup.com? China's really really big
private conglomerate correct?

Anyway again you are right, but I'm tired, I posted the Vietnam server (at
least enough data to confirm amounts although we can debate purpose of cluster
which is fascinating).

EDIT: Damn it I just realized your account was created new a few hours ago.
Can't you use your real name like I do? Maybe email me?

NOTE: To your credit I finally posted. Like 1250 words but we'll get there. My
wife wants me to move the butcher paper after all :)
[https://blog.12security.com/](https://blog.12security.com/)

~~~
spamfilter
> This is the indice you are looking for.

I'm not looking for any indices. This is another classic fake news ploy -
piling one outrageous claim on top of another without ever actually
substantiating anything.

> Can't you use your real name like I do? Maybe email me?

Why? I don't want to chat. I want you to back up your claims the way you made
them - publicly.

> I finally posted. Like 1250 words.

832 to be precise, and a whole bunch of those making even bigger assertions
with even less proof offered. And a whole lot of stuff "tbd"

> we'll get there

I hope so, because we're not even close yet.

~~~
rshnotsecure
Lmao this is not a real person.

You should triple down and write another angry response. Other than this one
which is a little snarky (I apologize but it had to be) I promise I will
respond to that one as nicely and patiently as I have the others.

Big Hug []

------
pixelbath
In my opinion, the ship has already sailed for the FTC to have any say in how
Facebook interoperates its own applications. If they were truly concerned
about a monopoly on social media, _the sale of those apps should have been
blocked in the first place_.

What is the point of telling Facebook not to make their apps interact with
each other? Are they thinking Facebook employees _can 't_ see the databases of
their other apps? Is the FTC going to pretend they know anything about how the
databases are _supposed_ to operate? What about one big database with an App
field; would they know if Facebook did that? What about multiple databases on
the same server; is that an antitrust violation?

The entire rationale for looking at Facebook _now_ just seems like going after
an easy target. Either evaluate the antitrust arguments on their own merit and
break those apps off Facebook, or leave it alone.

------
batoure
The timing of some of this feels disingenuous... it wasn’t that long ago
Facebook completed their graph API migration... functionally their is not a
“platform separation” any more their are just different labels on Facebook
APIs this change is now heavily reflected in dev tools... Facebook will simply
argue that any disentanglement would have high impact to business and move on
with their day. The people who work for the government and do this stuff know
enough about how platforms work to know that the time to do this was over a
year ago before this huge shift was locked in.

------
neonate
[http://archive.is/FCE1L](http://archive.is/FCE1L)

------
rickncliff
If it got to that and it's not some sort of WSJ attempt to advocate for this
sort of thing, facebook must fight it tooth and nail, and stop these attempts
at governmental micromanagement once and for all.

It's suspect that they are going after tech companies which are national
treasures but are enemies to corporate media, it's strange that this sort of
action isn't being considered against actual malicious monopolists that the
press isn't constantly attacking. No one is suggesting going after disney for
instance even though they have that market cornered.

~~~
scarface74
What market exactly does Disney have “cornered”?

But it should give anyone pause when the government takes upon itself the
power to decide how a private company architects its solutions.

~~~
giancarlostoro
Entertainment. I guarantee anybody in your average household is a fan of
something Disney outright bought the rights to. Whether its Marvel (if I hear
about another reboot of X-Men or another Avengers movie imma pull my hair,
OTOH I did like Guardians... Yikes even I am falling for it!) then theres Star
Wars which has a huge following of people from all ages. The typical Disney
public domain rip offs as well. The insane amount of music they own the rights
to.

Here in Florida its scary how much power Disney has. They also own the media
to a point and you find it hard to see anybody speak badly of them within the
media. The amount of things I see covered up that never winds up in the media
genuinely scares me. How is it possible the media keeps specific things quiet
for Disney.

~~~
scarface74
There are still five major movie studios in the US and the minor studios like
Blumhouse and Tyler Perry Studios routinely put out movies that have a higher
ROI than the major ones.

As far as TV, there are plenty of TV studios and streaming services.

~~~
giancarlostoro
> and streaming services.

And now they're removing their content from those. They also own several of
those streaming services (ESPN, D+, and significant enough parts of Hulu). By
contrast their streaming competitors own one single serve (with maybe the
exception of Google and Apple who own music streaming services and video
streaming).

If nobody sets up a roadblock I fear where it ends, if it does.

I forgot to add a disclaimer: long before I was a developer I worked for
Disney. I'm somewhat biased, but I also attempt to not be blind. It's a
monopoly on your children to a significant scale. If they stop buying out
companies, it still feels like they've bought out some of the more major
fandom franchises.

I just went to check, and after their last major buyout they own all of the
Narnia movie rights.

~~~
scarface74
The entire idea of the internet was suppose to be “disintermediation”. Why are
we now wanting middle men?

