
Zuckerberg and Sandberg can't be trusted to handle data leak fallout - SirLJ
https://www.cnbc.com/2018/03/22/cramer-facebooks-zuckerberg-sandberg-cant-watch-over-data-leak.html
======
pdeuchler
Can we stop calling this a data leak? This was business as usual. What
Cambridge Analytica did is SOP for almost every organization that's large
enough to do their own ad targeting. I know personally of several information
brokers that are actively buying and selling these kind of data sets on
exponentially larger scales, not to mention hundreds of middlemen in the
advertising industry that each have their own databases. I'd be willing to bet
at least half the users of HN work at companies with splunk databases that
could be used to infer a lot of the same data CA used. I made a Facebook app
in college that was used by under a thousand people and I remember being able
to scrape email addresses from friends of friends. Am I crazy or does everyone
just have their heads in the sand?

Framing this as a "Facebook data leak" makes it seem like the problem was
people we don't like got a hold of our precious data, not that our entire
industry is funded by the mass harvesting and reselling of personal
information.

~~~
chomp
Yeah, I thought about this, but not calling it a data leak normalizes the
activity. ~200k people installed an app that gave up ~50 million users' data.
Those users may have consented to handing over their data in the ToS they
agreed to, but it still feels icky. I'm perfectly fine calling it a data leak
if it means more press coverage about bad data practices at modern Internet
companies.

------
anonu
Not picking sides here in the FB debate, but how can you trust anything that
Jim Cramer says? The guy failed spectacularly during the financial crisis. He
flips a coin, chooses a view, and goes with it...

~~~
TwoNineA
Even a broken clock is right twice a day. And I would even go much further by
saying that not one Facebook employee should be trusted to handle the fallout.

~~~
joe_the_user
Well, given that trust is relative, this scandal seems to involve a whole lot
of people implicitly saying you should trust them more than Facebook.

And that's the thing. I don't trust Facebook but I would trust less any plan
to externally regulate Facebook.

The government already _forces_ Facebook and Google to divulge information to
them. No one should trust any public Internet forum with their personal
information but there's a lot of "impersonal information" that's still safe to
share. The best way to deal the recent revelations is to stop giving up any
information online, not to Facebook or to anyone. Posting text to Facebook or
whoever is secondary. (browse and post anonymously but keep a "vanilla" social
media profile for border and other other fun).

This all comes down to Facebook selling a kind of "privacy" that's been
inherently rendered meaningless by the Internet age - privacy where "people
know" get your data but somehow this information won't leak beyond this porous
group.

------
ohf
Why serious breaches of trust such as this don't immediately receive outside,
completely foreign, third party (all of it!) investigation is beyond me. None
of this should be news - it should be implied. For the same reasons PDs
shouldn't "investigate" their own abuses.

------
squozzer
So, is it the consensus of HN that this incident is more or less important
than Equifax incident, and why?

~~~
aylmao
Much less, for sure.

1\. Equifax had a security breach. Facebook just had an instance of a 3rd
party misusing data they were known to provide to external developers. Aka,
Equifax lost data that should never left their servers, vs Facebook found out
some data, amongst the ton that leaves their servers on a usual basis, was
misused. Don't get me wrong, that's bad, but not "we got hacked and lost a ton
of info that should very much be ket secret" bad.

2\. Facebook involved 50 million users. Equifax involved 143 million [1].

3\. Equifax leaked credit card numbers for 209k people, and dispute documents
with personal identifying information of 182k people [1]. It's unclear exactly
what info about users was harvested from facebook, but there's no API access
to credit card numbers for example.

4\. Repercussions; CA claims huge influence elections because that's what they
sell, of course they'll market it like that. There's some debate about their
effectiveness [2], and it's worth adding they're not the only or the first
ones doing it (Obama used micro-targeting with Facebook data too). The way CA
got their data is just more sketchy, and of course, involvement with Bannon
makes it all the worse.

One can't pinpoint what exactly happened with the Equifax data, but it's clear
it could be sold and used for identity theft and other fraud, since it
includes SSNs, addresses, and in some cases credit card and license numbers
[3].

It's bad that Facebook wasn't quicker to address the issue, inform users or
take actions to find other leaky 3rd party apps, but Equifax was IMO
definitely much much worse.

[1]: [https://www.consumerreports.org/privacy/what-consumers-
need-...](https://www.consumerreports.org/privacy/what-consumers-need-to-know-
about-the-equifax-data-breach/)

[2]: [https://www.theverge.com/2018/3/20/17138854/cambridge-
analyt...](https://www.theverge.com/2018/3/20/17138854/cambridge-analytica-
facebook-data-trump-campaign-psychographic-microtargeting)

[3]: [https://www.forbes.com/sites/winniesun/2017/10/02/what-
you-s...](https://www.forbes.com/sites/winniesun/2017/10/02/what-you-should-
do-now-after-the-equifax-security-leak/#1f3ea0c12123)

------
neo4sure
Says the guy who told people the economy was great just before the biggest
crash in history. I don't listen to this guy and never trade on his advice.

~~~
cvaidya1986
‘Experts’ are right until they are wrong.

------
smoyer
Please mark this as having auto-play video - I just disrupted a quiet room at
work and I never watch the videos anyway.

~~~
vog
In my humble opinion, this should be the task of the browser, not the task of
every site that links somewhere.

Moreover, I always mute the speakers of my computer, for exactly that reason.
When I do want sound, I usually connect my headset or an external speaker. The
computer's speakers remain muted. In the rare cases where I do want to use the
computer's speakers, I unmute them, and mute them when I'm finished. This is
so seldom that it's not a big deal.

Back to browsers, I wonder why those implemented auto-play for videos in the
first place. More specifically: I wonder why they auto-play audio, as I don't
see that issue with animated GIFs. Moving ads are annoying, but not remotely
as bad as an unexpected sound.

The upcoming Firefox versions are very promising in that regard:

"Block video auto-play: Firefox will provide users with a way to block video
auto-play that doesn't break websites."
[https://wiki.mozilla.org/Firefox/Roadmap](https://wiki.mozilla.org/Firefox/Roadmap)

"Implement new autoplay policy"
[https://bugzilla.mozilla.org/show_bug.cgi?id=1382574](https://bugzilla.mozilla.org/show_bug.cgi?id=1382574)

~~~
FLUX-YOU
chrome://flags also has an autoplay setting that requires user interaction
before playing media

~~~
jzl
I was reading about this recently here: [https://www.chromium.org/audio-
video/autoplay](https://www.chromium.org/audio-video/autoplay)

Even the strongest setting "Document user activation is required" isn't good
enough. It means one click in the page will cause the video to start playing,
which is annoying and highly game-able. I don't want a click somewhere on the
page to cause a video elsewhere on the page to start playing. Every content
site is going to do something to require you to click, like not showing the
whole article and having "Click to expand".

I've been using AutoplayStopper and it works wonderfully:
[https://chrome.google.com/webstore/detail/autoplaystopper/ej...](https://chrome.google.com/webstore/detail/autoplaystopper/ejddcgojdblidajhngkogefpkknnebdh?hl=en)

Once you start using it it's shocking how many (attempted) autoplay videos
there are that you never noticed.

~~~
vog
It is really a pity that there are so many browser extensions who get this
right, but the browsers themselves don't.

That's why it is so refreshing to see at least one of them (Firefox) actually
trying to get it right.

The technical term for a browser is "User Agent". That naming may be historic
and old-fashioned, but it was named that way for a reason. It's time to
restore the original meaning, to make the browser an agent who actually acts
on behalf of and in the interests of the user, not the website creator.

------
debt
"Cramer previously said it may be time for the social network to hire an
'internal special prosecutor' to get to the bottom of its data scandal."

I think it may be time to hire a new CEO.

------
lerax
I hope this is the start of the end of all facebook legacy. We deserve on 20XX
more than a full laggy PHP system as social network.

~~~
LinuxBender
The language they code in is PHP, but it is rebuilt as highly optimized C. Not
justifying this, just adding for clarification.

~~~
aylmao
Technically it's not PHP either, but Hack, which is like PHP with types.
Nitpick; it's not PHP like TypeScript is not Javascript, but kinda is.

