
$19B later, Facebook now wants to own my phone - ilhackernews
http://www.geektime.com/2014/03/05/19b-later-facebook-now-wants-to-owns-my-phone/
======
stackcollision
What really drives me crazy is how people are still _surprised_ by this kind
of thing. I stopped using Facebook four years ago, and I think it was one of
the smartest decisions I've made. I value my privacy. There is so much
complaining online about how Facebook is taking over everything, yet there is
no _action_. If you have a problem with it, then don't use the service!

~~~
taariqlewis
I think Facebook has done a good job helping people enjoy the habit of denying
the importance of privacy in favor for a free service. I don't think many
realize what they've sacrificed because they value it so little.

~~~
f_salmon
> Facebook has done a good job helping people enjoy the habit of denying the
> importance of privacy

Well, that's what they make money off. It's their strategy/mission to
eliminate privacy.

On the other hand, 24% of consumers currently seem to be OK with the fact that
the NSA controls their iPhone:

[http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-
repo...](http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-
has-total-access-to-your-iphone/)

------
francip
Hi,

I work at Facebook, more specifically, I've spent a considerable chunk of my
time working on our Android app and the Android permissions we request. (I
also worked on that same area before I joined Facebook)

These permissions were actually added several months ago, long before the
WhatsApp deal was announced. There's no connection.

I want to correct some of the misrepresentations in the article.

The WRITE_CALENDAR permission: As many app developers will know, this
permission is needed by any application that wants to create a calendar feed
in the unified Android calendar storage, and create/modify events in it. In
particular, the Facebook app would like to give you the option to import your
Facebook events so that you can see them side-by-side with your other
calendars like Google Calendar, corporate Exchange accounts and so on. We
don't need to be able to send event invites or updates to attendees by email,
but we can't divide the pre-set Android permission into any smaller pieces.

We use the READ_SMS permission to automatically read SMS codes from people who
have turned on 2-factor authentication (called Login Approvals) for their
accounts, or for phone confirmation messages when you add a phone number to
your Facebook account. Unfortunately, the Android permissions system doesn't
allow us to specify that we would like to be able to read only SMS messages
from a specific number—the one we use to send these codes.

In general, we would love to be able to ask only for the permissions we need
for the specific features we expect people to use. However, Android doesn't
allow permission requests on demand; we have to request all permissions that
cover each feature at install time, and people must choose to accept or deny
all of them at once.

If you have specific questions about other permissions that our app requires,
don't hesitate to ask, and I'll do my best to explain how they're used. We
also have an official Help Center page that covers a lot of this material at
[https://www.facebook.com/help/210676372433246](https://www.facebook.com/help/210676372433246).

~~~
jasonjayr
Why do you need to read the SMS as it comes in? Why can't you implement 2
factor authentication w/o a SMS via TOTP, using something like Google
Authenticator? On all my accounts that I've been able to, I've turned on this
"Virtual Token" based authentication, it's no great burden to enter a 6-digit
number from my device to the screen when needed. Setting it up is a breeze as
well, simply scan a qrcode off the screen.

FB is a big company with a lot of smart people. This approach must have been
considered and then dismissed by at least one of your developers. Why the huge
push to confirm and maintain a phone # connection to the service?

~~~
francip
FB 2 factor auth works with TOTP. There is a code generator in our app, and
you can set it up with Google Authenticator or other TOTP implementations.

However, there are people in the world that don't know much about computers,
don't own a desktop, and their smartphone is the only general computing device
they have. Throw in that mix the issue that quite a lot of these people have a
low end device, where they can't install every and all apps they want. There
are phones (one of them on my desk) where installing Facebook, WhatsApp,
Messenger, and Hangouts pretty much maxes out the device memory. You can't
afford a dedicated authenticator app.

At the same time, there are a lot of people that like to logout explicitly
from their Facebook app before they close it.

So, no dedicated TOTP. No second device. Logged out, so can't use the built in
code generator. What's your option for still using 2 factor auth for security,
but making it as easy as possible for the legitimate account owner on their
primary device, because said owner might know jack about computers?

------
specialp
The whole reason why Whatsapp is majorly successful is that it was the exact
opposite of what Facebook is. People could download it, and then their address
book was integrated. No ads, no mining your information, no signup. It was not
successful due to viral marketing or integration with an all knowing social
network.

~~~
slig
Also, the people that matter in my life is in my phone book and vice-versa.
Not hundreds of people that I don't see in ages. Almost no clutter and no
managing.

------
doesnt_know
The problem is this doesn't even matter to the average user. They've been so
ingrained to just automatically accept these messages (EULA's, "warnings" etc)
that they have become meaningless.

Even if you do get the odd person that actually cares, the question becomes
"do I care enough to stop using this app". The answer is almost certainly no.
If you actually cared about your privacy, you probably would have stopped
using Facebook half a decade ago.

~~~
smacktoward
It doesn't help that (on Android at least) the control of permissions is so
granular. I understand the desire to give users very fine control over their
privacy, but the end result is that updates present you with a loooong list of
permissions changes, and we all know that the longer a list gets the more
likely it becomes that the user's eyes will just glaze over and they'll
reflexively hit OK.

This is exacerbated by the fact that all the permissions requests are
presented in the same way -- same font, same size, same color -- despite the
fact that not all permissions requests are created equal. If an app wants to
be able to talk to the network, that's a minor privacy concern. If an app
wants to be able to read my address book, say, or my emails or SMSes, those
are _major_ privacy concerns. Those are the ones you want the user paying
attention to and thinking about. The way the requests are presented should
reflect that.

------
stephengillie
I want to have the per-permission denial back. I used to be able to deny some
permissions while allowing other for an individual app. Here, I could turn off
the app's permissions to access SMS messages and control WiFi without
disabling its internet access or camera permissions.

This would cause some apps would crash, true, but at least I can control that
and work with it. It was removed from Cyanogenmod around 7.0.

~~~
eigenvector
If you have root, you can install this functionality with AppOps X.

[https://play.google.com/store/apps/details?id=com.colortiger...](https://play.google.com/store/apps/details?id=com.colortiger.appopsinstaller)

~~~
RexRollman
If he has root? I thought the selling point of Android is that it is open.
Certainly people don't still have to jump through hoops to root their devices?

~~~
ars
You still have to do it though, it doesn't come that way by default. But you
don't have to crack it first.

~~~
dTal
In the vast majority of cases, yes you do. I had to use an exploit to root my
phone. When I lost it and insurance got me an identical phone, there had been
a firmware update that patched the hole. Didn't update anything else, still
the same outdated version of Android, I just couldn't root it. I still haven't
been able to. It drives me mad.

------
lost_name
Didn't we just go over the SMS thing?

Jan 2014:
[https://news.ycombinator.com/item?id=7135219](https://news.ycombinator.com/item?id=7135219)

Feb 2012: [http://www.businessinsider.com/facebook-might-be-reading-
you...](http://www.businessinsider.com/facebook-might-be-reading-your-
texts-2012-2)

------
Zikes
I'm several versions behind on updating my Facebook app, because every update
brings a litany of new unnecessary permissions.

For a brief period Android offered the ability to selectively disable
permissions on apps after the fact, but that feature was removed. I'll
probably soon be switching to an alternative ROM that still supports it.

~~~
nakedrobot2
[https://play.google.com/store/apps/details?id=com.danvelazco...](https://play.google.com/store/apps/details?id=com.danvelazco.fbwrapper)

Tinfoil for facebook.

Basically it is a big condom for facebook so it does not stick its bejeezus
inside your private babushka. Or something like that ;-)

~~~
mjolk
babushka is a word for an older woman. what are you trying to say?

~~~
saraid216
I don't even know what bejeezus is supposed to refer to in this context.

------
hellbanTHIS
Isn't Facebook correctly assuming that if you use it you're okay with your
life being an open book? They've never attempted to hide it and everyone who's
uncomfortable with that has moved on, or at least using it very
conservatively.

So who exactly has a problem with this?

~~~
stephengillie
Just who are these people who have secrets? Which people depend on the
ignorance of the people around them to live their lives?

    
    
      Are you afraid your wife might learn about your mistress? 
      Are you afraid your business partners (bosses, coworkers, corporate contacts, government regulators) might learn about your communicable diseases? 
      Are you afraid your religious associates might learn about your immoral activity? 
      Are you afraid your children might learn about your illegal smuggling operations?
      Are you afraid your Amish friends might learn of your technology company?

~~~
freehunter
The question wasn't "who needs to keep a secret", but rather "who is depending
on Facebook to keep their secrets?" It's a valid point, the media has blared
long enough that Facebook can't be trusted with secrets. If someone doesn't
know that by now, they haven't done the due diligence that should be
reasonably expected of anyone communicating online.

------
z5h
Just use m.facebook.com from your browser.

~~~
dcustodio
yes! And at least in my phone it's faster than the mobile app.

------
glasshead969
I think Google should improve the way apps can ask access to these things.
just telling us whats going to be used is not enough IMO, in fact i see this
kind of dialog so many times and just tap through. I should be given option to
restrict access after the fact if i see it fit.

------
lukeschlather
What's funny is that they're concerned by the _additional_ permissions
Facebook is asking for. Facebook's app already has full access to contact
info, which they 'accidentally' used to wipe out everyone's email contacts. I
think after that debacle Facebook would have to literally wiretap the
mic/camera to actually sink any lower.

Personally, I still use Facebook, but I use a dedicated private browsing
window on my computer and Tinfoil on my phone:
[https://play.google.com/store/apps/details?id=com.danvelazco...](https://play.google.com/store/apps/details?id=com.danvelazco.fbwrapper)

------
ksrm
Bought a Nokia N900 last week and running Debian on it. Once you do a few
tweaks to fix the battery life and performance, it's brilliant. How sad is it
though, that despite being almost five years old, it's still one of the most
open, hackable phones around. Switching from Android to the N900 felt like
what switching from Windows to Linux felt like - like I have maximum control
over the device, with the freedom to modify anything (relatively) easily.

------
skybrian
If you don't want to quit Facebook, using it on desktop only in a separate
Chrome profile seems like a reasonable way to isolate it.

~~~
spinchange
There's always the mobile site on the phone/tablet instead of the apps and all
the permissions they require.

~~~
pandler
That's what I do. I think the mobile browser version even works better than
some of the older versions of their android app I've used.

------
dba7dba
I think Facebook started adding permission to read texts BEFORE WhatsApp
purchase. Or were they preparing before purchase of WhatsApp?

Either way, when I first heard about Facebook reading my texts few months ago,
I just deleted Facebook app from my android. Keeps me from wasting time
reading facebook posts on my phone also...

Thanks Facebook for helping me save save time.

------
eyeface
Everything else aside, what caught my eye was "Change network connectivity,
connect and disconnect from WiFi."

That seems bizarre.

~~~
jewel
[https://www.facebook.com/help/facebookwifi](https://www.facebook.com/help/facebookwifi)
maybe?

------
adamwong246
Seems Facebook is drawing inward to what they are really good at: letting
people communicate. They tried to be everything to everybody and suprise! they
alienated and aggravated their users with spam. If Facebook doesn't focus on
doing at least one thing well, the bubble will burst.

------
ENGNR
You don't have to stop using Facebook, just use the HTML version instead of
the app. I switched after the email debacle and it's been great, never looked
back.

------
jonknee
I don't use Facebook or WhatsApp, but what's with the calendar integration?
How does WhatsApp use your calendar?

------
jokoon
what saddens me is that when facebook was getting popular I thought "oh cool a
nerd like me might get laid thanks to a social network".

Wrong.

I can't remember the year I stopped using it, but I hope it dies, and quick.

------
steerj92
This is utterly ridiculous

------
notastartup
I think when I made the decision to stop using Facebook was when I created a
new account and realized how empty the actual value proposition was when you
were starting fresh.

I then realized that people on facebook I actually would've never met or even
hang out or even actively talk or like. People that matter are people that
have my phone number and skype and can meet me directly.

After this epiphany, I deleted my facebook, I no longer saw any value in
having a few hundred "friends" on a website that intrinsically offers no value
without the underlying participants, whom I valued to be close to zero, as
they were not within reach in real life.

I found skype offered all the tools I needed. I downloaded whatsapp only to be
hit with the same feeling I got from Facebook, these were merely tools acting
as social buffering mechanism for digital interaction but SMS already serves
this purpose well and voice conversation or meeting in person solves a far
better value.

Twitter, I'm also thinking of retiring. Instagram? Selfies? Things don't
change and that is human relationships, being on any of these platforms is a
self fulfilling prophecies.

