
New York governor orders probe into Facebook access to data from other apps - tareqak
https://www.reuters.com/article/facebook-new-york/new-york-governor-cuomo-orders-probe-into-facebook-access-to-personal-data-idUSKCN1QB2BK
======
temp1928384
Anyone else working in tech for the past few years having more frequent
existential crises about what they have enabled?

I have never worked at FB, but I've worked at a few well known yet somewhat
controversial companies (in fintech, marketplaces, etc.) that I sometimes feel
uneasy about.

~~~
asark
Took me several years past school just to get used to the ordinary level of
dishonesty and scumminess that's common to pretty much all business, let alone
the worse stuff. Sometimes I think my parents (and, to be fair, children's
media) messed up by giving me such a keen sense of right and wrong. Enough
otherwise-decent people (like, almost all of them) seem to just look at you
like there's something wrong with you when you bring this stuff up that I
caved, since the alternative seemed to be becoming a living-off-the-land
recluse, or a monk or something.

But I still hate it. Still feel like I'm kind of ruined in some sense for not
going the really, really hard route to avoid it all. Every day. Some jobs more
than others, but even at the best I sometimes go home catching whiffs of
something that make me think my _soul_ must have stepped in some dog shit on
the way.

~~~
frereubu
It's difficult to tell from your comment how old you are, but I'm in my late
40s and it took me until well into my 30s to find the balance that works for
me. It's difficult when so much work seems to require being unquestioning /
amoral at best and immoral at worst. The only fixed ideas I had in my head
were not working for defence or advertising companies (thanks, Bill Hicks). I
now make a nice living running a digital agency that builds websites almost
exclusively for third-sector clients (education, non-profit, government etc.)
but it took me quite a while to build the skills that would allow me to do
that. I can highly recommend starting your own business, no matter how humble,
once you've gained enough skills to make what you do valuable to the kind of
people you want to work with. The added benefit of working in the third sector
is that I'm generally working with nicer people. I think this is partially
just the kind of people the sector attracts, but also because the people who
work in it aren't so conflicted about the value of what they're doing. So many
people I've worked with in corporate environments get fixated on things like
status and money, and it just seems to make them bitter and miserable. Along
the way I remember one guy in HR in particular who got incredibly excited
about me building a link between their HR system and their website so a job
that was posted on their HR system automatically turned up on their website. I
couldn't believe how small his world had become.

------
chmaynard
Ever wonder why Facebook is giving everyone on earth so much free software and
processing power? They seem to be making money, how do they do it?

[10 minutes of deep thought]

Ok, we get it. If someone offers you something of value for free, politely say
"no thanks" and run the other way.

Edit: If a for-profit company offers you something of value at no cost, you or
someone else will end up paying for it later. Advertisers pay Facebook for
your personal data, and you suffer because your privacy has been violated.

~~~
jniedrauer
> If someone offers you something of value for free, politely say "no thanks"
> and run the other way.

Where does free software fit in this?

~~~
doctorpangloss
It's great that "if it's free, you should run away" or "if you're not the
customer, you're the product" or any of those other sayings are finally been
seen as extremely reductive.

~~~
vageli
> It's great that "if it's free, you should run away" or "if you're not the
> customer, you're the product" or any of those other sayings are finally been
> seen as extremely reductive.

Is it really the case that we've forgotten "There's no such thing as a free
lunch?"

~~~
Jonanin
That's not the same thing.

------
dillondoyle
I assume this is other apps using FBs analytics toolset? Where I can send a
custom event with {email:dillondoyle@gmail.com, data: {likes_dogs: 1,
likes_cats: 0}} or what they are mad about is {weight: 120, has_hiv:0} ?

IDK seems silly to me or maybe I'm in too deep and can't see the forest for
the trees.

~~~
kekebo
if this is related to the Facebook Mobile SDK it seems that it is sending a
lot of data home by default and that setting it up for ethical data collection
isn't straightforward for most developers[0]

[0] at least for android, based on this talk:
[https://www.youtube.com/watch?v=y0vlD7r-kTc](https://www.youtube.com/watch?v=y0vlD7r-kTc)
(35C3 - How Facebook tracks you on Android)

edit: add video title

~~~
harryf
Thanks for posting this - great talk!

------
politician
nit,

> Facebook is facing a slew of lawsuits and regulatory inquiries over privacy
> issues, including a U.S. Federal Trade Commission investigation into
> disclosures that Facebook inappropriately shared information belonging to 87
> million users with the defunct British political consulting firm Cambridge
> Analytica.

Cambridge Analytica is not defunct, but rather changed its name to Emerdata.
It's too bad Reuters didn't get that part correct.

[https://www.theregister.co.uk/2018/05/02/cambridge_analytica...](https://www.theregister.co.uk/2018/05/02/cambridge_analytica_shutdown/)

~~~
awalton
> Cambridge Analytica is not defunct, but rather changed its name to Emerdata.

Not technically correct, but basically the truth. Cambridge Analytica declared
bankrupcy in May of last year and the creators of that company created
Emerdata and rehired many previous employees of Cambridge Analytica. Their HQ
is even in the same exact building.

They're just playing the shell game, really. "Oh no, we're not the bad guys,
we are just mostly made up of those old bad guys and do exactly the same thing
in exactly the same way with the exact same location as those old guys... But,
as you can clearly see, we have different bank account numbers and a different
company name, so we're not the same thing at all."

~~~
NeedMoreTea
The trouble is, it works. Depressingly well.

Every story out there is about Cambridge Analytica, only a tiny proportion
have been written recently enough to mention the phoenix. Yet they often
won't, or give entirely the wrong impression like TFA here (defunct - oh
that's a relief it's all over then). The number of old pieces that have had an
update is so low as to be effectively none.

So we have to wait for the next scandal.

~~~
awalton
> The trouble is, it works. Depressingly well.

It does... if countries allow it. There was either some fear that this was
happening or deliberate intent to keeping this from happening with the case of
North Korea's sanctions - my memory's a bit fuzzy since the class I took where
this came up some many years ago.

E.g. Some unethical people would setup a black exports shipping company to
ship stuff to North Korea, and then when they got caught, they'd declare
bankruptcy, liquidate hardware to some shell or holding company, shut that
company down, create a new legal entity, rebuy all of the same equipment from
the holding company, and restart the same old behavior. While the courts waste
their time chasing defunct companies, the bad actors get to continue their bad
behavior. This is just a new version of that game that's even easier since
there are far fewer physical assets that need to be shelved or hidden (perhaps
even none if the servers are all in someone's cloud).

Countries have largely stopped this kind of sanction-avoidance behavior by
arresting the people in charge, ceasing assets to prevent them from being
relabeled under the new company, and freezing accounts to prevent
recapitalization under these kinds of shell corporations, in addition to
requiring strict compliance around interactions with these sanctions countries
and business entities.

tl;dr: the CA folks should be sitting in prison right now, and Facebook and
Google should be sanctioned and require strict supervision in the way it
shares data with its customers, to prevent this kind of microtargeted-
electioneering-as-a-service. Laws like the GDPR won't actually stop anyone
from collecting onerous data, since it basically only requires people to
consent to it, and as we've seen with EULAs, people are willing to click
through anything if it gives them the end result of using an application. The
time for a law like that would have been literally 15-20 years ago, before
companies like Facebook could tell you what someone's likely eaten for lunch
or Target could tell when someone's gotten pregnant by their purchase
histories. Unlikely we're going to be unringing that particular bell now...

------
dade_
Playing dumb doesn't cut it. Prosecutors needs to go gangbusters. In the
meantime, I am now alarmed enough to Kill Facebook with fire(wall rules).
[https://topnetworkguide.com/how-to-block-websites-using-
pfse...](https://topnetworkguide.com/how-to-block-websites-using-pfsense-
firewall-feature/)

------
chiefalchemist
> "The report said that the company can access data in some cases even when
> the user is not signed into Facebook or does not have a Facebook account."

I realize frivolous comments on HN are frowned upon but frankly this leaves me
speechless.

~~~
sp332
They're called "shadow profiles".
[https://yro.slashdot.org/story/11/10/18/1429223/facebook-
is-...](https://yro.slashdot.org/story/11/10/18/1429223/facebook-is-building-
shadow-profiles-of-non-users)

~~~
peterwwillis
How does nobody know about these? Shadow profiles have been standard in every
large advertising network for 15-20 years at least.

If your ad content is on lots of different web properties, you can "track" a
user across each one, inferring data about the user one piece at a time, until
you have a large profile. Then you use that profile to target ads/marketing.
They never have to directly give you any data, but you can make money off of
what you learn.

That's the entire reason "tracking" on the web exists. To build shadow
profiles for direct marketing. Nobody thought Facebook was doing it too?

~~~
chiefalchemist
One reason could be that FB has __never__ publicly (afaik) positioned itself
as an "advertising network." It's also gone on record (afaik) to say it's
__not__ akin to traditional (print) publishers. It has said time and again it
is a social network, and it's going to save the world.

Mind you, I'm not completely naive. I don't trust MZ & SS, but your
expectation that every know and understand the inner workings of all the large
aadvertising networks feels a bit excessive.

~~~
peterwwillis
I don't expect most people to know about it, I just find it odd when news
outlets make industry knowledge seem like a secret they're only now revealing.

"This just in: Door locks on most buildings can be easily picked, film at 11"

------
minimaxir
Direct response to the WSJ article published _a few hours ago_ :
[https://news.ycombinator.com/item?id=19226480](https://news.ycombinator.com/item?id=19226480)

That was fast.

~~~
jzylstra
Outline'd WSJ Article:
[https://outline.com/ZUGZzz](https://outline.com/ZUGZzz)

Tangentially related article, with demands made earlier this month, by
Germany's Federal Cartel Office (WSJ):
[https://outline.com/Rwbzv4](https://outline.com/Rwbzv4)

>The authority ordered Facebook to make changes to its terms of service and
how it collects user data. Data collected by the social network from third-
party apps and websites can’t be assigned to a user’s Facebook account without
their consent. Data gathered from Facebook-owned apps such as WhatsApp and
Instagram also can’t be assigned to Facebook accounts without user consent,
and if consent isn’t given, the data can only be used within the scope of
those apps.

------
davix55
For years it was common knowledge the extent to which Facebook collects data
but only now it is fashionable to speak up. FB's lobby machine will make sure
no action is taken, ever.

------
pweissbrod
Is there some sort of a security site which rates android apps by their level
of respecting privacy, something above and beyond the quality gates of the
play store?

------
Animats
The Reuters link is crashing Fennec F-Droid, the version of Firefox without
the tracking. Anyone know why?

------
trumped
yes, they access to personal data

------
joering2
Serious question: what do people expect will come up from all these lawsuits?
AFAIK Facebook has been sued over and over again since almost the beginning.
None of these suits are criminal in nature so noone will go to jail. Even with
billion dollar penalty these are penuts and usually gets the stock up now that
investors know this specific case is closed. So really whats the purpose of
all of this? Its like hitting Moon with millions of asteroids and whether
craterred or not, it keeps spinning.

~~~
SpicyLemonZest
The point of a lawsuit isn't to destroy Facebook or its leadership. It's to
stop them from doing some specific thing, and get compensation for the damage
that specific thing caused.

~~~
joering2
Oh I see thanks. So they only break law once get punished and never break it
again. Because 0.000000005% of their revenue will teach them a lesson.

