
“So the silence from Facebook over the weekend is.. deafening.” - vinnyglennon
https://twitter.com/gavinsblog/status/1046717365520666624?s=12
======
intern4tional
I've seen several similar threads to this one on Twitter.

"Blah happened at Facebook and it is potentially a company ending event."

This causes me to almost immediately discredit them, as while serious, this is
no where near a company ending event for an organization that is headquartered
in the US.

Equifax lost the personal data of all Americans and is doing fine.

Facebook might get fined a metric ton of money, people in some portions of the
world might leave it, but the company will be just fine. You see, there is no
where else for those people to go. Presumably they're on Facebook for some
reason so they would want to find an alternative and there isn't an
alternative that is as easy to use that their friends and family will migrate
to.

Like many other compromises, this one will be forgotten. There is no wordlist
that will come out of it, no public artifact that will exist. People have
already forgotten about Adobe, LinkedIn is fading, and this one will
eventually join their ranks.

~~~
stephengillie
This is what climate change news feels like too.

> _" Blah happened at_ City/Nation _and it is potentially a_ planet _ending
> event. "_

It's hard to take Chicken Little serious. All of the sensationalism feels like
a magician waving a cloth with one hand, to distract the audience from the
other hand.

~~~
rimunroe
I don't know what to tell you. The sensationalism is there because it's a
catastrophic problem that requires major action.

There's consensus that a very bad thing is happening, its effects are already
being felt, and they will get much worse over time. Scientists have tried to
communicate this in every way, but people have hemmed and hawed or outright
denied it for so long that it's going to be bad no matter what at this point.
There are still things that can be done to reduce the impact, but the picture
isn't good.

~~~
stephengillie
Everything is a catastrophic problem to someone. Sensationalism is about the
worst way to communicate this, and is likely why so many refuse to believe.
The reality of climate change is that we're trading inhospitable poles for an
inhospitable equator.

Yes, this will be painful to those who have to adapt or relocate. But it is a
form of NIMBYism.

~~~
lancewiggs
There’s a lot more than weather to climate change. What if there were no more
fish? What if the ocean didn’t absorb CO2. Read more.

~~~
stephengillie
Life is full of scary problems. What if your car catches fire? Life can be
made scarier if you pretend that you have to solve all the problems yourself.
We can do anything, but we cannot do everything by ourselves.

If fish die, surely some other life form will fill that niche, and we'll eat
that. It's not as though humans are the most adaptive life form in existence.

------
KaiserPro
Well, I assume he's out to sell something.

1) He says you should delete your facebook account. It's too late, the data is
already there. Deleting does nothing.

2) "By company-ending I mean Facebook would _never recover_ from the
consequences of so much user data being dumped online for all to see" utter
conjecture. there are petabytes of data, dumping that online is hard.
Exfiltrating unnoticed is hard.

3) "This is potentially so bad that it could be called the Great Facebook Hack
of 2018. But again, we don't know how much stuff was stolen. Yet." Again
conjecture. This could be called the "great facebook spotted a hack on two
account and stopped it before it got bad"

This is pointless punditry from someone who literally is nothing to do with
facebook, has no contact with people close to the matter, and is just
guessing.

yes, that much data in someone's hands is bad, but so is google, and the
legion of databrokers and ad spinner.

~~~
gruez
>1) He says you should delete your facebook account. It's too late, the data
is already there. Deleting does nothing.

facebook monetizes data by using it for selling targeted ads. by not using
facebook, they can't sell you more targeted ads, which is something.

~~~
Retric
While true, a vastly more useful approach is to poison the well and give them
false data.

~~~
SnacksOnAPlane
I question whether this is really more useful. You'd have to show that
advertisers noticed that data was fake, and that they cared, and that they
cared enough to pull FB advertising.

To do that, you'd have to get a whole lot of people putting up false data, and
to do that, you'd have to make it very easy to do. Which would probably make
it detectable (you think your fake data tool will stay off their radar?).

------
dharmon
> By company-ending I mean Facebook would _never recover_ from the
> consequences of so much user data being dumped online for all to see. It
> would permanently end the company. Shareholders should be worried. We just
> don't know how much user data was stolen yet.

Exactly. I mean, just look at what happened to Equifax. Oh wait...

~~~
drewmol
There is an important distiction: Equifax's data is not voluntarily submitted
by the data subjects, while most of Facebook's is.

~~~
Redoubts
That sounds worse for Equifax

~~~
drewmol
Although I don't see this having a huge immediate impact on Facebook, the
distinction is that if Equifax neglagently releases your PII there is little
fallout as you are not the one providing Equifax with that data and cannot
simply stop feeding them data, when Facebook does it their data subjects can
choose to stop providing the data by exiting the platform. Facebook needs both
the user data, and those same users patronizing their service to maintain the
existing revenue stream.

------
kochb
This is a great example of a link that should be off-topic for HN.

There’s not one new material fact in the linked tweet, nor does it make an
attempt at fair analysis. It instead consists of hyperbole (“company ending”)
and unfounded speculation (“I imagine”). It’s just not a good starting point
for serious discussion of the breach.

------
21
The stock is down a measly 1.5%. Nobody gives a fuck.

Compare with TSLA Musk SEC investigation which caused a 10% plunge.

A misleading tweet is considered much more dangerous by the market than a 50
mil account breach. Investors know there are no real world consequences to a
massive breach.

~~~
joering2
From $219 to $160 thats “measly 1.5%” ? Maybe by Sesame Street’s Yellow Bird
math standards.

~~~
dsp1234
The closing price on Thursday was $168.84. The close yesterday was $162.44.
That's a 3.8% decline.

I'm not sure where you got the $219 price from, but the stock price was
nowhere near that before the breach.

~~~
jamie_ca
$219 is the stock's high price from this summer? The fall from there was
totally unrelated.

------
freeone3000
This thread is a little pessimistic. Why would facebook suffer any
consequences from this whatsoever? When has a data breach actually affected
the company?

~~~
anjc
As I understand it, this wasn't just a simple/typical security breach. The
hackers had access to people's accounts and for who knows how long. 50 million
people's private conversations and pictures being made public, for example,
would be the end of Facebook.

~~~
pmlnr
you underestimate the nihilistic attitude towards anything facebook vs privacy
related. I don't think there is anyone out there who even remotely thinks
their doings on FB is private any more, including PMs.

~~~
unimpressive
I think you underestimate the extent to which people think their PM's aren't a
big deal, until they get released and a torrent of sexting, gossip, illicit
relationships, bullying, and public scandal washes over society as fallout.

"I have nothing to hide" is the mantra of fools and people too domesticated to
even imagine the ways that malicious crooks and societal pranksters can have
it out for them.

------
strictnein
> "And is up there with the biggest (if not _the_ biggest) hacks of all time."

In what world is this even remotely the case? OPM, Equifax, etc are far more
serious hacks than this. Yahoo's multiple breaches dwarf the Facebook hack. 3
billion vs 50 or 90 million:

[https://money.cnn.com/2017/10/03/technology/business/yahoo-b...](https://money.cnn.com/2017/10/03/technology/business/yahoo-
breach-3-billion-accounts/index.html)

------
734786710934
This Twitter thread by Alex Stamos (former Facebook CSO) is a good rebut to
this:
[https://twitter.com/alexstamos/status/1046783533220421632](https://twitter.com/alexstamos/status/1046783533220421632).
Bottom line: you can do incident response quickly or correctly, but not both.

~~~
rachelbythebay
Don't forget about "neither". That happens too.

------
mindcrash
Simple.

I've done a shit ton of research on Corporate Surveillance in the past and
there are a lot of signs of a big discrepancy of what people think what is
stored about them in TAO and what is _really_ stored about them in TAO. (For
those of you who are not that into Facebook, infrastructure and/or devops: TAO
is Facebook's graph database)

One of the keywords here is "shadow profiles" or the nodes and edges within
the graph which are actually there but you can't directly influence as a user.
A good example would be the former colleague of a close family member who
never disclosed their place of work and without a current account whom
Facebook decided to recommend as a "friend" to another family member who
currently has a Facebook account but without an actual past or live connection
between the two -- true story, I shit you not.

So it's better to stay silent than proof yet again that there is a profound
case for GDPR-like regulation - like Brandon Eich recently recommended - in
the United States.

------
sidcool
This thread seems to have developed learned helplessness. This reflects very
badly of our confidence in the legal system. Equifax and tobacco industry
needs to be punished to feel the brunt of their crimes. But we seem to have
accepted the fate.

------
londons_explore
I would guess the silence is driven by lawyers and PR folk.

We probably won't hear anything until we start getting leaks from the
investigations of data protection regulators around the world.

~~~
gavinsblog
It's mainly driven by investigation I'm guessing, with the FBI in tow too.

------
newscracker
Why is the silence deafening? And what exactly is expected from Facebook?
Today it'd say it was 50 million affected, and in a day change it to up to 90
million, and a week later it'll become 130 million, then it'll be 150 million,
and then people will stop caring, as they have before, and move on.

There are three kinds of people — those who stopped using Facebook a long,
long time ago when the very first privacy issues came about; those who will
never stop using Facebook unless they're moving to Instagram or another
hotness of the day; those who may stop using Facebook after hearing about
privacy or security issues. The last category is very, very small. So is the
first.

The only way to get out of this mess is to have a "new hotness" that's as good
as (if not better than) Facebook and is privacy preserving, decentralized,
easy to use, etc. We're still a long way away from that.

------
oliwarner
"We don't know anything for certain but I'm double-dog sure you should sell
all your shares and delete all your logins." There's even nonsense about GDPR
in the comments.

This all stinks of shorting... And even if it's not, it's too sensationalist
to take seriously without more data.

------
anjc
Facebook, Whatsapp and Instagram went down globally for hours at the start of
August. There was no explanation about this major outage as far as I remember.

Does anybody know if it was related to this data breach? If so, why were
people only informed of the breach nearly a month later?

~~~
Cursuviam
No, it wasn't. I was interning there at the time and love to regularly check
the current issues page.

Also, they probably did just learn about the breach day of from the person who
was going to livestream deleting Zuckerburg's account.

~~~
anjc
Thanks. Were people as panicked inside Facebook during the outage, as I was as
a user trying to browse meme groups?

~~~
Cursuviam
More exasperated, I think? If I remember correctly, it wasn't too complex to
fix (maybe just a rollback), it just took sometime to push to prod.

Mostly my interactions involving the outage were just browsing memes about it
in shitposting@

------
Patrax
Is this person trying to dump FB stock for his own benefit? It makes me very
skeptic that he had to tweet 11 times in a very alarmist tone. If his opinion
is firm on transitioning from FB to a more private and secure alternative why
not just say that in 1 or 2 tweets in a tone endorsing other platforms perhaps
in a more positive manner?

------
shujito
The amount of attention on that Twitter thread makes me think how much people
really care about the issue.

Maybe I'm wrong, hoping it gets light later on.

