
Ask HN: Did Facebook really do something wrong? - anilshanbhag
Users can use Facebook to connect with other people. In the process they share their information on Facebook. Facebook can use this information to categorize users based on their interests and serve them targeted advertising. Advertisers <i></i>do not<i></i> see who saw their ads unless the user interacts with the ad.<p>Now the platform itself is open and can be used by others in their apps to get user data. In such a case, the user himself approves sharing his data on Facebook with the app. This is what happened in the case of Cambridge Analytica. Users used a 3rd party app which collected data. They voluntarily did it. The app then shared it with Cambridge Analytica. The app developer got data from users and used it in ways he didn&#x27;t disclose to his users.<p>Facebook makes close to no money from these third party apps. I have written apps in the past which ended up collecting user information which just sits in my database. I don&#x27;t see how Facebook can prevent exploitation of this data as it can&#x27;t be monitored. They could just shut down the pipe but I believe that will again make many people mad. The app developer is at fault.<p>Given above, I feel its the app developer at fault and not Facebook.<p>TL;DR Facebook advertising doesn&#x27;t leak user information. Cambridge Analytica&#x27;s approach would fail if people simply stopped using 3rd party apps.
======
latexr
> In such a case, the user himself approves sharing his data on Facebook with
> the app.

Most users are non-technical and have no idea what this really means. To users
it means “if you don’t approve you won’t be able to use this”, so they do.
It’s like giving candy to someone who doesn’t understand nutritional facts —
all they understand is it tastes good, not that it’s also bad for you.
Facebook and other companies know and take advantage of this.

Also, it’s my understanding the Cambridge Analytica app also pulled data about
friends of people who used it, so even if you hadn’t consented to the app you
were still scraped. _At the very least_ Facebook is at fault for having a
system that allows personal information of non-consenting users to be taken by
third-parties.

~~~
anilshanbhag
I sort of agree. However note that when you pull data about friends, you don't
get information about friends who have a higher privacy setting. Also, you
can't get personal information about these friends through the api, however
you could just web scrape it for many.

~~~
Lx1oG-AWb6h_ZG0
“Higher privacy setting” is kind of meaningless when Facebook seemingly goes
out of its way to make the settings page hard to use. You pretty much need a
PhD at this point to understand what all the toggles do, and even then it’s
not enough because they automatically opt you in to any new feature. I
remember at some point in the beginning when they kept resetting all my
privacy settings because they refactored their features but didn’t preserve my
old privacy setting... I just gave up at that point and stopped bothering.

------
onion2k
Facebook _definitely_ did something wrong. Facebook makes developers sign up
to an agreement that states they won't pass the user's information on to other
parties. Kogan did that and Facebook failed to stop him, and then failed again
when they didn't follow up sufficiently with Cambridge Analytica. Putting in a
framework to protect user's data and then failing to act on it means they
failed to protect their users.

Kogan and Cambridge Analytica also did things that I would consider wrong, but
that doesn't let FB off the hook.

~~~
masom
What would be Facebook options to stop Kogan or Cambridge Analytica?

They already have the data, other than suing, what's possible here?

~~~
kbrwn
They could have banned CA from operating on FB much sooner.

They could have sued the developer in court to send a message to other bad
parties.

They could have notified the users that their data was used improperly.

------
redm
The reports have been so vague as to what Cambridge Analytica did its hard to
know what they have or how they used it.

I feel like the political climate is so energized right now that everyone is
freaking out instead of waiting for details and specifics. Facebook seems to
be taking this very seriously and, generally speaking, I've always been
impressed with Zuckerburgs ability to be introspective and make changes
instead of digging in his heels.

I'll give them the benefit of the doubt for the moment while all this shakes
out.

~~~
danso
What exactly has been vague about what CA is accused of? You don’t believe or
can’t understand how data from a purportedly academic app was used to harvest
data from millions of user friends? Or how that data was then sold to a
commercial entity?

~~~
redm
Companies have been scrapping information off Facebook since they opened up
the platform. We had to abandon some plans to use Facebook as a social
mechanism for photo sharing because of new restrictions Facebook added in
2016. My point is, IMHO, Facebook has been continually tightening controls and
adding more privacy features for years, so in this case, I give them the
benefit of the doubt.

~~~
frankzinger
What doubt, though? They gave unconsenting users' data to third parties for
years. It was policy. They knew what they were doing but didn't care.

(And I'm not sure what you mean by "scraping", but this was not anonymous web
scraping, it was done through APIs these devs were given access to by
Facebook.)

~~~
PDivide
The problem wit this argument is that they ARE consenting users, they just
don't care enough to know. From the facebook sign up page "By clicking Create
Account, you agree to our Terms and that you have read our Data Policy..." On
the data policy they say that your data is given to third parties. The problem
is that common sense has been removed from our society. You DON'T need a PHD,
as another poster said, you merely need common sense.

------
frgtpsswrdlame
(Part of) the problem is a lack of transparency to the cost you pay.

>They voluntarily did it.

If we're going from voluntarist morality then it seems okay initially but
there are two main complicating factors that I see.

(1) Facebook and this app appear to be free. In reality they have a cost but
because that cost takes the form of something other than money, the monetary
value is obscured.

(2) Even the data itself is obscured from the user. Users don't know what data
they've handed over, how it's been collected, what conclusions have been drawn
from it, who it's been sold to, whether it's been combined with other data
sources, etc.

Even the most voluntarist among us would probably see something wrong with the
US healthcare system where you can't know the price of your services until
after you've accepted them. Social media data collection is even one worse
step than that because you _never_ find out what price it is you've paid.

A fix to this is radical forced transparency, just like what GDPR is going to
do.

------
danso
You don’t see how Facebook could prevent exploitation? After 2014, they
restricted access to friends data after CA first blew up. But they knew in
2012, the Obama campaign had similarly abused TOS to harvest friend data and
to perform analaysis and cross-referencing with (such as identifying friends
who are also on campaign donor lists).

Saying that people could just write a web scraper anyway is a bullshit
rationalization. The technical barrier is high enough that it would make it an
extremely costly option, certainly more costly than all the other data sources
that campaigns traditionally use.

FB may not have outright committed evil, but they sure didn’t seem to
prioritize safety for their users. And that’s enough on which to consider
judging them accordingly.

~~~
epmaybe
When you say abused, do you mean that the campaign did not violate it in 2012
but took advantage of the lenience Facebook allowed them? Thanks

~~~
danso
According to what campaign workers told the NYT, the harvesting of data seems
most certainly to have violated FB’s TOS, especially regarding the storing of
data for reasons other than caching performance:
[https://news.ycombinator.com/item?id=16624506](https://news.ycombinator.com/item?id=16624506)

But FB has the right to decide when to enforce TOS or not. It seems they never
did so, not just for Obama but for other operators as well. Pretty sure most
FB users would be surprised that their data was knowingly analyzed by a third
party as thoroughly as the NYT article describes, with FB’s knowledge.

------
thisisit
While the title is framed to get people's input; in the text you proclaim that
the issue is not Facebook but the users. So, what you are asking is - _I am
convinced Facebook did not do anything wrong but prove me otherwise._

The problem with that there is no way to prove a negative. And you already
have the biggest defense - "...but people shared their data willingly".

Still, here's my view on this - Facebook is designed to collect data but it
also is designed to keep people engaged so that they share _even more_. They
also make it easy for people looking to collect data.

Their whole business model is around data. So, I wouldn't be surprised if
there is a leak showing Facebook specifically courting CA, just like twitter
did with RT:

[https://www.theguardian.com/media/2017/oct/27/russias-rt-
rev...](https://www.theguardian.com/media/2017/oct/27/russias-rt-reveals-
twitters-pitch-to-sell-millions-of-dollars-in-2016-election-ads)

------
z_
I'll leave this here, I don't want to pressure HN into learning anything about
privacy or Facebook's practices though:
[https://phys.org/news/2018-02-belgian-court-
facebook.html](https://phys.org/news/2018-02-belgian-court-facebook.html)

------
sanxiyn
I agree. I find [https://newsroom.fb.com/news/2018/03/suspending-cambridge-
an...](https://newsroom.fb.com/news/2018/03/suspending-cambridge-analytica/)
accurate about facts.

On the other hand, in Facebook's own words, "In 2015, we learned that a
psychology professor at the University of Cambridge named Dr. Aleksandr Kogan
lied to us and violated our Platform Policies". If Facebook learned this in
2015, why are they suspending violators in 2018? That part is blameworthy. But
I agree the primary blame lies at Kogan, CA, SCL, etc.

------
Yoric
Yes, the app developer is definitely at fault.

The question at hand is whether Facebook could/should have done something/more
to avoid this kind of situation. I do not have a definite answer to this
question, but one could imagine both technical and legal means that can be
used to avoid such abuse of data.

The other question at hand is whether Facebook should be allowed to hold this
kind of power. Again, I do not have a definite answer and if the answer is
"no", I have no idea how this could be implemented.

------
dz0ny
> Facebook advertising doesn't leak user information.

It exposes too much data to advertisers/app, which most users unknowingly
agree to. Which is still Facebook's problem and should be regulated. I think
the downfall of FB has just started and Google is quite lucky that their
efforts with G+ fell, because if they succeed they would be in same position.

Cambridge Analytica use of data is immoral and legality should be decided in
courts.

------
hitgeek
facebook basically did nothing to ensure third party apps & developers were
not violating its data access and sharing policies. most developers know it
has always been pretty easy to harvest data from facebook by tricking users
and once you have the data you can do whatever you want with it.

facebook probably didn't do anything illegal, but many people feel they failed
to sufficiently protect user data from bad actors.

It the absence of laws or regulations to punish facebook, the only recourse is
for users to leave the platform. this probably won't happen b/c most people
don't know or don't care. but if we think its in the public good to protect
this data we should seek to pass some regulations that require platforms like
facebook to meet an acceptable threshold of data protection.

given the effects that harvesting facebook data can have on elections, its
probably a good idea for regulators to step in.

------
xmodem
One issue is that the older version of the graph API permitted third party
apps to access your full friends list and data your friends had shared. So I
post photos and statuses, and those aren't just visible to my friends but also
to third party apps my friends are using.

------
notacoward
The crux here is the difference between affirmatively doing something wrong
and failing to do enough right. I'm not going to wade into the rest of the
debate, but I think anybody giving an answer should try to be clear _which_
question they're answering.

