
Facebook’s Surveillance Machine - imartin2k
https://www.nytimes.com/2018/03/19/opinion/facebook-cambridge-analytica.html
======
gfodor
I was one of the co-founders of an early social VR startup and observed first
hand the technical capabilities that these applications will afford bad actors
to use for surveillance. You can easily capture voice, body tracking, and
interaction data, and basically record a full view of the world through the
eyes of another human being. It's quite remarkable being able to record and
play back a copy of yourself in seconds from a remote server, but the
potential for abuse is immense.

Facebook's made a move, probably the biggest move of any company, into VR.
They bought Oculus for $2B while everyone else was scratching their heads.
Social VR is their focus at Facebook proper, and they are leaving the _entire_
rest of the VR ecosystem to their subsidiary Oculus. Isn't it obvious why? VR,
if it becomes the dominant form of human communication, will make their
current surveillance machine look like a joke. Facebook would be in a position
to be an intermediary for every human interaction on earth that doesn't take
place in physical space. It's nice to see the public become aware of what
they've done before they are able to take it to the next level of nearly being
inside of our heads.

This is the primary underlying motivation for why we are working on building
an alternative open communication platform for Mixed Reality at Mozilla. We're
heads down building stuff now but you can expect to see us shipping things
soon.

[https://blog.mozvr.com/enabling-the-
social-3d-web/](https://blog.mozvr.com/enabling-the-social-3d-web/)

~~~
mliker
VR hasn’t taken off as promised and the hype is dying down now. The headset is
too clunky in its current incarnation. People view it as a novelty item rather
than a useful tool, so I’m inclined to believe this won’t be the massive
surveillance tool VR proponents think it’ll be.

~~~
gfodor
Untethered standalone VR devices are likely a prerequisite to any mainstream
adoption and are shipping this year. Your guess is as good as mine if they
will reach mass appeal, but to assume VR is not viable before these devices
are available at low prices is probably wrong.

The one to keep your eye on is the Oculus Go which is a self contained device
for $199. (Also a Facebook product, probably going to have all this social
functionality burned in. My guess is this is their first big play.)

~~~
root_axis
> _Untethered standalone VR devices are likely a prerequisite to any
> mainstream adoption and are shipping this year_

Not good ones though. Any VR headset without positional tracking is
essentially a google cardboard.

~~~
soylentcola
Sure, but when the iPhone came out I'd already been using Palm and PocketPC
smartphones for a few years. At the time I thought "any smartphone without the
ability to install third party software, send MMS messages, use a GPS radio to
locate me accurately, copy and paste, or even change the ringtone is
essentially just a feature phone".

Things start out simple, limited, clunky, and expensive. Occasionally they
become capable, svelte, commonplace, and affordable after 5 or 10 years of
development and refinement.

~~~
root_axis
Yeah, I think it's pretty safe bet that it _will_ get there, I just haven't
seen any announcements regarding an upcoming _standalone_ tetherless headset
with positional tracking.

------
bambax
> _Facebook makes money, in other words, by profiling us and then selling our
> attention to advertisers, political actors and others. These are Facebook’s
> true customers, whom it works hard to please._

And you just figured this out now? This is like saying "wow, who knew we would
get so fat by feeding only on pizza, hamburgers and coke, aren't those
companies evil".

Well, yes, companies are evil. They don't work for you; they either sell
something to you, that is usually bad for you (why else would you want it), or
take something from you, that they can then sell to somebody else.

> _Should we all just leave Facebook? That may sound attractive but it is not
> a viable solution._

Of course it is. It's the only solution. If you think Facebook's management
care about anything else except the number of active users, you're crazy. The
only way to have them change their ways (maybe) is to make that number go
down. It's also good for you, like drinking water instead of soda.

~~~
fortythirteen
> Should we all just leave Facebook? That may sound attractive but it is not a
> viable solution.

Leaving not just Facebook, but Twitter, Instagram, and all other social media
of its ilk is an extremely viable solution. It's like quitting smoking. For
the first month or so you feel off-kilter, but, after a while, you can't
imagine going back. Life is quantifiably better without it.

Realizing that I don't need up to the minute updates on _literally everything_
has done amazing thing for my mental health in the last year.

~~~
scarecrowbob
There is a certain amount of second hand smoke in the room, though.

1) I can quit my social media, but people are still creating a lot of content
with me in it that is being used. I don't need to take a poll about which
potato I am if all the posts my friends tag me in are mined for data.

2) While social media is in itself great for cloistering my own community,
it's still the case that vast numbers of my compatriots are involved with it
and it will continue to be affected by it.

"Just leaving" isn't going to solve either of those problems.

I wholly agree, by the way, that leaving it is a personally good thing. I
still use, but I heavily filter it and I have several 0-tolerance policies for
unfollowing / blocking / etc. I probably ought to quit, but the crushing
loneliness and disconnection of being a 40-year-old, divorced, atheistic
remote worker who is quitting drinking make it about my only social
interaction short of buying groceries.

~~~
telchar
This is OT, but perhaps you could join a structured exercise or sports group,
like an ultimate Frisbee team or CrossFit. Having a regular group you can meet
up with is usually pretty feasible without Facebook. It's good for you (don't
go overboard and hurt yourself) and good for making friends.

------
cyphar
> Should we all just leave Facebook? That may sound attractive but it is not a
> viable solution.

It's the only sane response, and has been the only sane response, for the past
decade. The only counter-argument given by NYT is that in some countries
Facebook has a stranglehold. I don't see how that's relevant to people who
don't live in those countries. As for organisers of political groups
exclusively using Facebook (which is just a terrifying idea for a number of
reasons), just pull a Stallman and email them explaining the problem with
Facebook and ask if there's another way of staying abreast of the group. You
can't fix the problem if you don't even try.

By not exercising your ability to protest against systemic and deep-seated
abuse of user privacy, you're just making the world worse for the people who
don't have that option currently (because it just tightens their
stranglehold).

~~~
gt_
“Protest” by way of market choice is such a tired fallacy. It’s really amazing
so many HN readers are so ready to take such outdated philosophy to the grave.

~~~
cyphar
I am in _very strongly_ favour of GDPR and other similar regulations. I just
also think that enabling giants like Facebook to abuse you by admitting that
you are unable to function without them is a bad strategy. Diversify if you
can, and regulate to protect those who cannot. Nobody said you cannot approach
something like this on more than one front.

~~~
Pokepokalypse
My (individual) approach has been to try to carefully curate my content where
it's associated with my Real Name: FB and LinkedIn. LI especially - I think
everybody does this.

I am absolutely not the person I portray on FB. Co workers. People I know,
they're all pretty aware of this.

It is an extra level of intimacy in my personal relationships that I allow
them to know the real me.

Other social networks, where I can use sock puppets - I get out my
frustrations by talking about things I would never talk about on FB. In this
way, I maximize the usefulness of these tools, and I minimize my usefulness as
a tool for them.

------
hellofunk
I wish quite badly that the benefit of deactivating FB would outweigh the
inconvenience, but FB has become such a mainstay that I'd lose touch with lots
of people I really have no other way of contacting. I could say "good
riddance," if there is no other way to contact them then perhaps they are not
important enough to my life, but that's just not true. Or what about all the
local forums (FB groups) in my city that have lots of immediate help about all
sorts of things -- I'd immediately lose access to all that. I wish there was a
better way, but I can't see myself getting rid of FB without a notable
disruption to my life. #sad

~~~
anonu
What happened to good ol' emails? Serious question... Can't you organize
amongst friends with emails? I hate to suggest Slack as well... But there are
alternatives is the point...

What about Meetup.com for bigger groups?

~~~
gotofritz
How old are you? I am asking because I remember full well the pre-facebook
days when people would send around 'funny videos' to groups of friends, with
no chance of opting out, getting your email address shared with people you
don't know, filling your inbox with crap, etc... Something like FB is hundreds
times more convenient

~~~
CaptSpify
wat

It's _insanely_ easier to filter those things out with email.

It's been years since I've used FB, but I don't recall any very good filters
for those types of things, and in fact they are incentivized to show you more
of them.

~~~
gotofritz
No it isn't - not if the same person sends you a mixture of useless and
usefule emails. And it doesn't solve the problem of your email adress being
made public.

With FB, you simply go on it when you feel like / have the time.

~~~
CaptSpify
Yeah, actually, I do that all the time. Regex's are awesome, and so is
spamassasin. There are plenty of other "rule-based" type tools out there too.

What is the problem with an email being public? I don't think I understand
what you mean.

~~~
gotofritz
Yes, of course, we all have the time for endless fiddling with regular
expressions... please

~~~
CaptSpify
I never said you had to. I provided a list of tools. You have yet to bring
anything worthwhile to the discussion except to complain about tools you don't
understand.

------
Azeralthefallen
Maybe i am misunderstanding something about this whole issue, but was there an
exploit or a bug that allowed this to happen on Facebooks end?

I guess my confusion is that whenever someone grants third party access to
your facebook, you can query that users list of friends (which i have seen
used for things like games and high scores, etc). But you didn't get the full
friends profile, instead you got a small subset of it. Did they find some way
around that and managed to retrieve the full user profile?

If not then isn't Cambridge Analytica at fault here for misusing someones
data? Facebook provides an API and users consented to allowing a third party
to access their data. I guess you could remove the friends list, from the API.

~~~
wepple
I don’t think there was any exploit. My understanding is that a third-party
app asked for access, and people gave consent, and CA mined data.

I’m the last person you’d see defending FB, but this just seems like the same
thing everyone has been doing on FB as a platform since FarmVille launched
years ago?

~~~
rovek
A major part of Facebook's culpability here is that they knew for 2 years that
tens of millions of their users were being profiled as part of a political
propaganda war on their platform and their response was practically nothing.

Edit: FB also knew the data was collected under an academic license and was
being processed, outside that license, for financial gain.

~~~
Azeralthefallen
I guess my question is from a security standpoint, how do you prevent
something like this if you were facebook? Do you ask any company who does a
huge number of API requests requesting peoples friends lists? To verify how
they are using the data? How do you actually confirm they are doing what they
said?

According to the article only ~200k people installed the app and consented.
Unless there was an exploit, you get a minimal version of the data in their
friend list (user id, name, that is all i really see) not a full profile. So
didn't they only really get the names of 49.8 million people?

Is the solution to just not allow allow a third party token to access a friend
list, and only your personal information?

I am not trying to defend what is going on, i am just struggling to see how
they were able to use the extremely minimal amount of information the friend
list api returns to make a full profile on 50 million people.

~~~
rovek
This might be an interesting read if you haven't already, still doesn't go
into too much tech detail unfortunately.

> What the email correspondence between Cambridge Analytica employees and
> Kogan shows is that Kogan had collected millions of profiles in a matter of
> weeks. But neither Wylie nor anyone else at Cambridge Analytica had checked
> that it was legal. It certainly wasn’t authorised. Kogan did have permission
> to pull Facebook data, but for academic purposes only. What’s more, under
> British data protection laws, it’s illegal for personal data to be sold to a
> third party without consent.

> “Facebook could see it was happening,” says Wylie. “Their security protocols
> were triggered because Kogan’s apps were pulling this enormous amount of
> data, but apparently Kogan told them it was for academic use. So they were
> like, ‘Fine’.”

[https://www.theguardian.com/news/2018/mar/17/data-war-
whistl...](https://www.theguardian.com/news/2018/mar/17/data-war-
whistleblower-christopher-wylie-faceook-nix-bannon-trump)

------
rtx
We have to decide if people should have powers like this.

"Build tools that measure the rate and spread of stories and rumors, and model
how it works and who has the biggest impact. Tools can tell us about the
origin of stories and the impact of any venue, person or theme.

Connect polling into this in some way. Find a way to do polling online and not
on phones. Analytics and data science and modeling, polling and resource
optimization tools. For each voter, a score is computed ranking probability of
the right vote.

Analytics can model demographics, social factors and many other attributes of
the needed voters. Modeling will tell us what who we need to turn out and why,
and studies of effectiveness will let us know what approaches work well.
Machine intelligence across the data should identify the most important
factors for turnout, and preference.

It should be possible to link the voter records in Van with upcoming databases
from companies like Comcast and others for media measurement purposes.

The analytics tools can be built in house or partnered with a set of vendors."

Edit- Source - [https://wikileaks.org/podesta-
emails/emailid/37262](https://wikileaks.org/podesta-emails/emailid/37262)

------
mattbierner
Seeking advice: how do I tell friends and family about the negative aspects of
Facebook without coming across as all “I don’t even own a TV” or “meat is
murder”? Is that even possible?

~~~
bgarbiak
It's not only Facebook though. If you look for a restaurant at Google it will
show you a link to that restaurant's website, opening hours, etc. but also:
how popular the place is at any time, and how much time people spend there.
All thanks to tracking phones.

In case of Google you can disable that in the phone's settings (and trust that
opt-out works), but you can't really do that with your phone operator. Or with
the apps that do the same but don't brag about it.

To answer your question directly: I showed a search result page to my friends,
and showed them how to disable location tracking. Some were terrified, but -
sadly - most of them didn't and don't mind being tracked.

~~~
antocv
> Some were terrified, but - sadly - most of them didn't and don't mind being
> tracked.

For those friends, I ask them if they can just carry this nickle of mine for
me, it will track them and Ill know where they are if I need them. They all
refuse to be tracked by me.

Then I ask them if they want a raspberry pi or a router from me, with ads
blocked and personal access to my virtual private network with access to all
my movies music etc, but dont worry of course _I_ will see every domain-name
your computers lookup, Ill even warn you, friend, if I notice bad-name
lookups, and I pinky promise not to remotely access the router.

They all act like I am a creep and refuse. But, google, an entity they dont
even know or have a relationship with - thats fine to let them into their
house and know what time they watch porn and how long.

When the surveillence is put into context like this, it usually works, friends
smirk and think one more time.

~~~
freehunter
>an entity they dont even know or have a relationship with

That's the important point. Google and Facebook don't give a shit about me.
I'm one of many data points, in a vat with hundreds of millions of other
people.

How many people will search Google for porn, sometimes really embarrassing
stuff? And no one cares. Google certainly doesn't care. But you'd find less
people asking their friends for porn or sharing their porn preferences with
their friends, because my friend can and likely will judge me for it. But
Google doesn't give a shit. Google's not going to tell my other friends how
weird I am.

~~~
antocv
That is the point indeed.

Google and Facebook, will stab you in the back without blinking, to them you
area nothing but a number, and sell out your data faster than your friend
will.

Even further, Google and Facebook, will drown you in ads and manipulate your
mind, sneak in "features" and change your privacy-settings, while your friend
will help you avoid it.

You do make a valid point, how low we have sunk, that people will actually
trust a company over their own friends. That people would trust a company with
"personalization" everywhere, yet believe they can hide in the masses. If they
can give you a personal feed, they know you exactly you not an anonymous mass.

> Google and Facebook don't give a shit about me.

They dont give a shit, they are not your friend, and you cant hide behind a
number or massive data, their whole game is figuring out the massive data
points. Sayin you will hide behind the masses is saying you will be nobody,
you will not have anything to say. Thats hard.

------
gerbal
It's worth looking through Zenyep Tufekci's other op-eds [1] and her fantastic
book "Twitter and Teargass" [2]. A lot of her analysis borders on prescient.
She's someone to pay attention to.

[1] [https://www.nytimes.com/column/zeynep-
tufekci](https://www.nytimes.com/column/zeynep-tufekci)

[2] [https://yalebooks.yale.edu/book/9780300215120/twitter-and-
te...](https://yalebooks.yale.edu/book/9780300215120/twitter-and-tear-gas)

~~~
hendler
Agreed. TED talk was good too.
[https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dy...](https://www.ted.com/talks/zeynep_tufekci_we_re_building_a_dystopia_just_to_make_people_click_on_ads)

~~~
4h53n
A realistic dystopia, lovely.

------
g09980
Am I understanding correctly is that the primary blame on Facebook is in
enabling apps (via API) to collect data?

This stuff has unfortunately existed for years, no different from an Android
"beautiful waterfall wallpapers" app that also happens to ask for permission
to access your contacts/messages. People consent to their data being public
(sometimes in second-degree through their friends), data gets collected. And
what about all those helpful Chrome extensions that want access to all of your
browsing tabs?

I never authorize third-party apps on my accounts (or even install non-local
Chrome extensions), but I'm likely in the minority.

------
ahartmetz
It is interesting how much traditional media likes to bash Facebook - they are
competing with it for advertising dollars after all... The only thing that
surprises me is that it took them so long. Maybe they had to wait until they
could do it without opposing public sentiment too much.

That said, I vastly prefer traditional media over Facebook. You can do
propaganda on both, but only Facebook has and exploits everyone's personal
data. On traditional media, campaigns also need to be balanced to avoid
alienating the general public, while on Facebook, extremist ads can target
extremist people with no downsides.

------
joering2
If someone thinks about building a new, better and more mature social network
where users data wouldnt be sell to the Facebook’s tune, this is your time!

You dont have to have your startup listed on stock exchange and answer to
shareholders how you squeezing out every possible penny out of your users; you
just need to show enough ads to keep servers running and paying for salaries.
And now you dont have to show off to everyone that you so nice tou only make
$1 salary per tear — keep a cool million bucks annul to yourself. Thats a
small percentage of ads shown and small percentage of dollars collected that
Facebook is harvesting right now, to be able to run similar size of
enterprise. And you be on your way of helping out our civilization in truly
noble way.

------
mark_l_watson
Better than average article about long term dangers posed by Internet super-
companies like FB and Google. The author is a professor of information and
library science.

The only way, I think, that we in the USA can solve this problem is to pass
user rights and privacy laws similar to those in Europe. Given our corrupt
political system this will be difficult but I think possible if enough
individuals keep contributing to the EFF, ACLU, FSF, etc. It takes money to
fight back.

~~~
inanutshellus
> Given our corrupt political system

This is an unhelpful "truism" that encourages us all to lose faith in a system
entirely built on trust. It's a sentence easy to bandy about--especially
unqualified--and impossible to counter (in any government).

It also fails to bolster your argument. Your post without those words would be
just as effective.

Please reconsider.

------
ensiferum
I think it's time to finally close the FB account, move on to Firefox and
disable 3rd party trackers and start using VPN routinely.

~~~
ccozan
But careful with the VPNs.

They are leaking and selling data too. Can't find the article at this moment,
but there was on HN not long ago.

~~~
mirimir
Sure, there's no way to know.

But it is possible to distribute trust across multiple VPN services, such that
none of them alone can compromise you. You just nest one VPN inside another.
It's easy using VMs. Most simply, connect to one VPN provider in the host
machine, and to another in a VM. Using pfSense VMs as VPN gateways, you can
chain more deeply. It's the same idea that's behind Tor using three-relay
circuits. But less anonymous, because routes are static.

~~~
ccozan
Do you realise that this kind of behaviour will make you automatically a
suspect? Remember, is not the data that you transfer, but the metadata of it
which is always visible.

Maintain appearance of normal, but block just what is doing really harm, like
advertising and certain cookies. And don't post anything personal online. Use
firefox on private window.

~~~
mirimir
Which "you"? Mirimir, for sure. But being a suspect is unavoidable for that
persona. However, to my ISP and its friends, I'm just a VPN user. Who
torrents, which is pretty common where I'm located. I've never connected
directly to Tor, even.

And what metadata? All Mirimir metadata points to the final VPN service. I'm
sure that resourceful TLAs could use traffic analysis, and walk either way
through the VPN chain. But I can't imagine that I'm that interesting. And
indeed, I doubt that they'd find much to prosecute. I mean, all that Mirimir
does is write about this stuff, mainly here and on Wilders Security Forums.
And occasional stuff that's published by IVPN.

Other personas do more iffy stuff, such as seeing how well Freenet nodes
worked as Tor onion services. Freenet being sadly loaded with CP. But those
personas used different nested VPN chains, and then Whonix for Tor. So they're
not related to either Mirimir or my meatspace identity.

Also, there are no overlaps in interests or Internet activity between Mirimir
and my meatspace identity. In communications as my meatspace identity, I
rarely use English. Not with family, friends or clients. Occasionally in work-
related stuff, but never in social media. So there's not much basis for
stylometry.

Finally, I must say the the setup is extremely easy to use. I have VPN client
in the host machine, plus several pfSense VMsxas VPN gateways, which can
easily be arranged and rearrabged in nested chains. I introduce new middle VMs
occasionally, but generally don't change the entry and exit very often. Just
update VBox and the VMs periodically.

------
twsted
"Should we all just leave Facebook? That may sound attractive but it is not a
viable solution. In many countries, Facebook and its products simply are the
internet."

_That_ is the problem.

------
3chelon
> Some employers and landlords demand to see Facebook profiles

I may be wrong - please correct me if I am - but I'm pretty sure that's
illegal?

------
zeveb
This isn't limited to Facebook. Yesterday I saw that PUBG just came out for
Android. I've heard great things about it, so I looked for it on the Play
Store and took a look at the permissions. It demands the ability to read my
phone's logs & see running apps. What possible reason could it have for that?

It's a free app. While I know that there are in-app purchases, is Tencent also
selling information about me if I install it?

No thanks — I chose not to install it.

The modern web/app/software platform is built on users trading their privacy &
security for value, rather than trading money for value. I'd really rather
just pay.

~~~
stordoff
> It demands the ability to read my phone's logs & see running apps. What
> possible reason could it have for that?

Possibly anti-cheat?

------
Teracotage
Let's not forget that Alteryx sells the data of 123 Million American
Households. That data Was Exposed Online
[https://www.upguard.com/breaches/cloud-leak-
alteryx](https://www.upguard.com/breaches/cloud-leak-alteryx) "the data was
part of a product - the Alteryx Designer With Data - that sells for around
$38,995 per license. In its own marketing for the Experian service, Alteryx
notes that the database contains "consumer demographics, life event, direct
response, property, and mortgage information for more than 235 million
consumers." 'It included an extraordinary range of personal details on
residents, including addresses, ethnicity, interests and hobbies, income,
right down to what kind of mortgage the house was under and how many children
lived at the property. In total, there were 248 different data fields for each
household, according to the researcher who uncovered the leak data this week.

Whilst there were no names exposed, Chris Vickery, a cybersecurity researcher
from UpGuard, told Forbes it was simple to determine who the data was linked
to, either by looking at the details or by crosschecking with previous leaks.
He found the data was sitting in an Amazon Web Services storage "bucket," left
open to anyone with an account, which are free to obtain."
[https://www.forbes.com/sites/thomasbrewster/2017/12/19/120m-...](https://www.forbes.com/sites/thomasbrewster/2017/12/19/120m-american-
households-exposed-in-massive-consumerview-database-leak/#61b6cc047961)

------
prepend
The positive outcome of this could be society’s shift away from marketing to
meaning.

This isn’t unique to Facebook. It’s true of many large media companies that
rely on advertising (Comcast with NBC, Disney with ABC, NYTimes, Google, etc).

Facebook is just among the best at advertising’s extreme optimization.

The election is high attention now, but I’m looking for research on whether
society is worth off from drinking Coke and sitting for hours watching video.

------
zhyder
It's interesting that we have 2 big scandals in tech right now: one with
Uber's self-driving car killing a pedestrian, and the other with Facebook
revealing too much data about users and their friends to third-party apps.
With Uber, we're asking for data (telemetry leading up to the accident) to be
recorded and access to be more open. With Facebook, we're asking for access to
be more closed; ironic that we usually criticize Facebook for being a walled
garden.

Assuming data needs to be recorded in the first place to make the products
work better, what's ethically better, open access or closed? Is it better for
a few big tech companies to wield so much power with their troves of user
data, or is it better to distribute it across numerous companies/governments
who can be even more unscrupulous (e.g. Cambridge Analytica, Russia)?

EDIT: even now, with full benefit of hindsight, should Facebook allow
accessing friend lists with user permission (would lead to more cases of abuse
by third-party apps), or not (would perpetuate their walled garden and
monopoly on social media)?

~~~
n4r9
I'm not sure that's a useful binary. In both cases we're asking corporations
to handle their data in a responsible way. Neither open nor closed is
absolutely more ethical, it depends on the context.

------
tn_
Not that this would ever happen..probably, but if Amazon were to offer users a
$20 amazon store voucher to get users to disable their FB account and port all
their pictures to a social media solution they build, I could see myself doing
that. This platform would only be accessible to users with Amazon Prime
accounts and that would be a way for them to keep it ad-free.

------
gotofritz
This is good because it might make people question what they read on FB, but
the reality is that (a) the whole digital economy is based on that. FB are no
better than Google or Apple (who know where you are, right now!) or a miriad
others (b) FB serves some purposes (my old aunt wouldn't be able to work out
email, but FB is easy enough for her, for example) and (c) it seems that the
trend is away from 'public' platforms like FB and towards non publicly
accessible groups such as WhatsApp groups (also owned by FB..) or Telegram or
Snapchat etc, so an anti-FB backlash may not achieve much in terms of a
"healthier public discourse"

Also, it all depends on how you use it. I subscribe to a lot of food based
groups and art events groups, and share next to nothing about what I do. OK,
some AI can infer that if I like Lebanese AND Mexican I am probably left
leaning. OK, now what? What are they going to do with that info?

------
mfrommil
In many cases, industry self-regulation can be a good solution to protecting
customers from being wronged. PCI is a great example- there can be huge fines
on merchants that don't meet strict regulations for handling customer
financial transactions according to the strict standards set by PCI.

What has become extremely clear from this situation is that we are far past
the point of self-regulation being the answer for protecting personal data.
Facebook knowingly enabled a 3rd party to pay $1-$2 to 300k people to acquire
facebook data that may have been marked private/don't share for 50 million
users. Roughly $500k for 50 million people's personal data, or in other words,
a penny per person. This data is connected to influencing the election of the
POTUS. There needs to be significant overhaul of how personal data is
protected or this will continue to happen.

~~~
Juliate
> In many cases, industry self-regulation can be a good solution to protecting
> customers from being wronged.

PCI is a self-regulation by self-interest: not to protect the card holders,
but merely to protect the card issuers first. Because legislation made issuers
responsible for most mishaps in payments.

What are documented examples of industry self-regulation in the interest of
customers? (true question, I'm genuinely wondering about it)

~~~
lostlogin
The trick is to have customers that aren’t users.

------
owly
Serious question, to where are companies who were previously dependent on FB
moving their advertising and marketing?

~~~
freehunter
That's a very good question. As a business owner, as far as I'm concerned I'm
tied to Facebook. As someone who writes a local blog, Facebook is where I get
most of my information about my city.

The Internet (and this thread) is full of people telling you to get off
Facebook and go to something else, but especially for businesses, what else is
there? I have thousands of followers on Facebook and Facebook drives 90% of
the traffic to my site, meanwhile my email newsletter has 6 subscribers.

When I'm walking, I like to know where my next step is before I take it.
Without that, shutting down Facebook means shutting down my business.

A lot of people here are telling me to take the step, but can anyone tell me
where my foot is going to land when I do?

~~~
kossae
In that case I would recommend pushing as many subscribers over to your e-mail
newsletter as possible. I'm sure this has already been attempted to some
degree on your part, but e-mail marketing is very effective when done right
and could potentially displace some negative impact from if/when Facebook
decides/regulates that your business is no longer needed on their platform.

~~~
freehunter
>if/when Facebook decides/regulates that your business is no longer needed on
their platform.

That's really my fear, I'm trying to create a critical mass where Facebook
isn't required anymore. I took a big hit earlier this year when they decided
to stop showing people content from pages. But a huge problem is, any article
I write that doesn't get posted to Facebook gets zero hits. Posting to
Facebook gets thousands of hits. No one is visiting my site without being
provided a link to click on. And my audience is Millennials, which is a
demographic that doesn't use email as much as others.

Even pulling all my current followers into the email newsletter, though,
doesn't solve the problem of finding a new audience. Right now I can pay
Facebook $1/day and reliably get 30 new followers every week. Even though my
audience is all within my small town, building that audience on Facebook is
far cheaper than even the most conservative physical advertising plan.

That is assuming, of course, that Facebook followers translate into actual
readers. And it certainly has been an ongoing struggle to get Facebook to show
my content to the people who have explicitly opted-in to see my content.

The two situations I face: either rely on Facebook (which is cheap and easy)
until the day they decide I shouldn't be a business anymore, or do anything
but Facebook, which is harder and more expensive. That's why people use
Facebook: no one trusts it, but it's so damn easy, even when they constantly
make it harder.

------
chiefalchemist
I read "Dragnet Nation" shortly after it came out.

[http://juliaangwin.com/dragnet-nation-available-
now/](http://juliaangwin.com/dragnet-nation-available-now/)

And a couple years later "Chaos Monkeys."

[https://mobile.nytimes.com/2016/06/29/business/dealbook/revi...](https://mobile.nytimes.com/2016/06/29/business/dealbook/review-
chaos-monkeys-is-a-guide-to-the-spirit-of-silicon-valley.html)

Obviously there are others, as well as articles in between.

In terms of FB et al, we are the product. They know this. We know this. And
the prevailing (USA) cultural wind is "Privacy? Who needs it?"

If there's a surprise, it's that its taken this long for this issue to get any
significant attention. Let's see how long it lasts. If it lasts.

~~~
camillomiller
Here in Germany online privacy is a social value, and Facebook is gonna have a
even harder time from now on. I don't see it happen in the rest of the world.
I give this three months: when the news cycle will have died out, for Facebook
it's gonna be business as usual. Zuckerberg is in such a denial about the real
mission of his creature, that I don't see how it will ever be able to steer
the boat, even if he wanted to. Does he ever lie in bed at night, staring at
the ceiling, asking himself "what the fuck did I create"? Will he ever?

~~~
1over137
Why do you think Zuckerberg is in denial? (Honest question.) Seems to me he
knows exactly what he's doing.

~~~
camillomiller
Ok, this may sound bad, very way-out-there and not P.C. at all, so forgive me
in advance, as it is my (almost fictional) speculation: I think he's in denial
because of his lingering autism.

My theory is that, for Zuckerberg, Facebook has always been a perfect data
machine to figure out the complexity governing social interactions. The same
social interactions that have always escaped him in real life, due to his
high-functioning autism.

Facebook, for the first time in history, made possible to quantify social
interactions. The next step after such an enlighting discovery (it really is,
actually) was to scale the analysis on a global level. Everyone - in Mark's
mind - couldn't do but benefit from such formalization of social interactions.
He might have asked himself: if only social interactions where as easy to
analyse as a calculus problem, or as simple to formalize in a giant set of
rules as grammar, wouldn't we all be better off?

Years later, he's still so autistically enamored with his own Leviathan, that
he's now in denial about the evil applications his beloved monster has made
possible. He's still positive that such a perfect machine can't be used for
bad purposes. Sure, there have been speedbumps, but the road is still
stretching towards a brighter future where technology can help us rationalize
the irrational and ethereal world of mutual interactions.

Long story short: he's an autistic with a delusion of grandeur about his own
creature. Such delusions are aggravated buy the shield put up around him by
his fellow executives, such as Sheryl "only good news" Sandberg.

Again, this is nothing but my own literary divertissement. He might just be
another silicon valley asshole executive, and that's it.

------
Nitramp
I think it's worth noting that there's a big difference between (1) allowing
advertisers to display ads on your platform based on user profiles (e.g.
matching certain demographics etc) on the one hand, and (2) handing out
arbitrary user data on the other.

With the former, you stay in control and are able to enforce access and use,
including the guarantees you gave users on how their data is handled. With the
latter model, you're handing over the keys to the castle to random and
possibly quite shady third parties that you cannot have the slightest chance
at controlling.

It seems rather reckless to do (2), both regarding your responsibility towards
users, but also economically – if a bad actor exfiltrates all user data into
their competing ad service, you have little to keep them from doing that.

------
cja
"Should we all just leave Facebook? That may sound attractive but it is not a
viable solution. In many countries, Facebook and its products simply are the
internet. Some employers and landlords demand to see Facebook profiles, and
there are increasingly vast swaths of public and civic life — from volunteer
groups to political campaigns to marches and protests — that are accessible or
organized only via Facebook."

I have a Facebook account so that I can participate in groups used by clubs I
belong to and so that I can follow musical artists. My account has no friends
and I have entered no information about myself.

Problem solved?

------
nomercy400
How convenient for Facebook that large dubious data collection practices like
this are exposed only two months before the European GDPR privacy law comes
into effect.

------
newnewpdro
The only reason this stuff is being reported on in this way is the president
they successfully got elected sucks.

None of this is news. Facebook has _never_ been regarded as some kind of
privacy-respecting entity. Users have been willingly participating in the
exchange of privacy for convenience as far as I can remember.

------
sidcool
Technology has yet to face its A-bomb moment that physicists faced decades
ago.

------
zby
Physicists became aware about the ethical implications of their work after the
A bomb - with information science there will not be any such sharp censure -
but the implications might be even more profound.

------
rufugee
They collect browser histories? Shouldn't that technically be impossible
unless they're using their ad partners across multiple sites?

~~~
dictum
No need for ad partners; their share button scripts are enough for this task.
(Google Analytics is the leader on this technique, compounded by secondary
tracking inside Google search results, but FB is one of the leading third-
party request destinations in the web)

------
DyslexicAtheist
when talking about Cambridge Analytica we should also discuss Palantir

from 5 years ago:
[https://www.popsci.com/technology/article/2013-06/mysterious...](https://www.popsci.com/technology/article/2013-06/mysterious-
silicon-valley-company-helping-nsa-spy-americans)

Palantir ‘wields as much real-world power as Google, Facebook, Amazon,
Microsoft and Apple, but unlike them, Palantir operates so far under the
radar, it is special ops.’
[https://channels.theinnovationenterprise.com/articles/is-
pal...](https://channels.theinnovationenterprise.com/articles/is-palantir-a-
force-for-good-or-evil)

Yes, that's the same Thiel who is suing Gawker for outing him while developing
predictive analytics that disproportionately target minorities.

See: Peter Thiel’s Palantir wins $876 million U.S. Army contract
[https://www.bloomberg.com/news/articles/2018-03-09/peter-
thi...](https://www.bloomberg.com/news/articles/2018-03-09/peter-thiel-s-
palantir-wins-876-million-u-s-army-contract)

[https://www.theverge.com/2018/2/27/17054740/palantir-
predict...](https://www.theverge.com/2018/2/27/17054740/palantir-predictive-
policing-tool-new-orleans-nopd)

not just facebook but Silicon Valley has in general a total disregard for
privacy. You can't hate on Facebook from another corner of the swamp. Also we
should be thinking about what's ahead in IoT (Turning IOT sensor data into
behavioral insights) [https://www.sentiance.com/](https://www.sentiance.com/)

Not to mention the gazillion IoT devices with poor factory reset which is the
web's equivalent to delete-account function which only disables a users login
but retains the data.

apologies for my emotional tone, this obviously has hit a nerve.

~~~
kaybe
Wow, sentiance is super creepy.

~~~
ParanoidShroom
I was recruited to work there, since they are from my local neighborhood I
know them some time already. They have a history of analyzing data with
financial support from Samsung. They are a smart bunch, don't have bad
intentions towards people. That being said, their goal is indeed ... Well not
something I value personally. But they are all good guys that are eager to
make an amazingly powerful product. I agree that the result can be abused.
That being said, there should be a middle ground where both parties should
benefit. I normally don't comment, but I don't want to see them look like a
villain. They are excited engineers.

~~~
toss1
>they are all good guys that are eager to make an amazingly powerful product

Lovely. They are also devoid of vision and ethics about the likely results of
their actions. In short, they fail to consider the saying:

"The road to hell is paved with good intentions".

Have they even considered the question: Which of their targets would EVER
sign-up for their service?

Who are their customers, and why would they pay for the service? The only
plausible reason to pay Sentiance is to understand a target's behavior at a
fine-grained level in order to insert a stimulus to get them to do something
they would otherwise not do willingly. (or a stalker, to assault them).

So, they are making a wonderfully powerful tool to enable strangers to change
a target's behavior without permission. Yet they are not bright enough to
avoid putting a "sign up" popup on their website in a way that interrupts
their own video.

They will enable someone to cause serious damage to our world. Please get a
message to them that they need to stop and shut down.

If they want to build something REALLY powerful, they should pivot to building
something to allow us to DETECT & PREVENT other software on our
phones/computers from doing what they are now trying to do.

I'd pay for that, and I'm not the only one.

------
Ancalagon
All these articles coming out now definitely feel like a smear campaign
against facebook. Im not saying I agree with facebook's actions, or that I
even enjoy the site. But is anyone really surprised by any of this?

------
therealmarv
Close a FB account is no option... ever lived in a country where FB is
essential? It's maybe not USA or many bigger Europe countries but if you go to
smaller countries (where Google Maps is even bad) you will loose a lot
(groups, buying/selling, advices).

~~~
TheCoelacanth
Just because you don't have a Facebook account doesn't mean they don't have
data about you. They create a shadow profile for people whose existence they
have inferred from other people's accounts.

------
titzer
“It is difficult to get a man to understand something, when his salary depends
on his not understanding it.”

― Upton Sinclair, I, Candidate for Governor: And How I Got Licked

Facebook and Google are not evil. They are made up of ordinary people with
ordinary likes, dislikes, biases, histories, failings. Those people don't have
to be evil or wrong or even misguided to give rise to this situation. No
matter how much they try to (and want to!) do the right thing, they are just
trying to make money. Everyone's economic incentive is to make more money. The
shareholders demand it!

Economics is what underlies all of this, and it is completely inescapable. The
market is rewarding those who track users and profile them in order to predict
their behavior, jam ads in their face, or sell them stuff. Entities that do
this make _more money_ than entities that don't. Like, _a lot_ more.
$100billion/yr more. So. You are going to get more companies finding more ways
to track and profile people to figure out how to _make more money_. Facebook
and Google and Twitter and ad networks and everyone else can be absolute
_angels_ in their hearts, but the sheer mathematics of economics is like a
pervasive wind that just keeps pushing them in this direction.

You either push back, _HARD_ , with your feet and with the law, or you suffer
the consequences along with everyone else.

~~~
hudon
> Facebook and Google are not evil. [...] Everyone's economic incentive is to
> make more money.

I don't buy the claim that everyone just wants more money above all else and
you seem to agree if you're claiming that people can "push back, _HARD_ ". We
all have the capacity to place ethics above money. Never questioning the
impact of your actions--especially when it affects the lives of millions--and
simply doing what greed dictates, is indeed a form of malevolence, or
"evil"... the 20th century is a testament to that.

Furthermore, if a company's leadership is filled to the brim with these
unethical and greedy people, I believe it's acceptable to call the company
evil as well.

Tech just needs to stop building tech for tech's sake and start thinking
deeply about humans... and holding each other accountable.

~~~
titzer
> Furthermore, if a company's leadership is filled to the brim with these
> unethical and greedy people, I believe it's acceptable to call the company
> evil as well.

I think that's fair. My point was that Facebook and Google and others don't
_have to be_ evil to give rise to this situation, economics just does. That,
of course, doesn't mean they aren't.

Furthermore, a company's leadership swearing up and down that they "aren't
evil" does mean a hill of beans if they give rise to evil through their own
economic actions.

