
How Calls for Privacy May Upend Business for Facebook and Google - domevent
https://www.nytimes.com/2018/03/24/technology/google-facebook-data-privacy.html
======
bogomipz
>"But some trade group executives also warned that any attempt to curb the use
of consumer data would put the business model of the ad-supported internet at
risk."

Yes the "ad-supported internet" may be at risk. So what? Is it unreasonable to
think that this model might not actually be sustainable long term?

Why should this business model be any less vulnerable than any other business
model? Note to Big Tech - public opinion also has the power to "disrupt."

~~~
krylon
Furthermore, it is possible to run ads without collecting creepy amounts of
data on everybody.

Ads themselves are not so problematic. But the idea that companies have to
collect amounts of data that make the Stasi look like a bunch of privacy
activists is very much problematic.

~~~
bogomipz
Agreed. It's funny you mention the Stasi. When touring the old Stasi
headquarters in Berlin its tough not to think about how 25 years later a
company has amassed much more data on private citizens than Stasi could ever
imagined.

------
IBM
>The United States does not have a consumer privacy law like the General Data
Protection Regulation. But after years of pushing for similar legislation,
privacy groups said that recent events were giving them new momentum — and
they were looking to Europe for inspiration.

>“With the new European law, regulators for the first time have real
enforcement tools,” said Jeffrey Chester, the executive director of the Center
for Digital Democracy, a nonprofit group in Washington. “We now have a way to
hold these companies accountable.”

I'm super excited about the prospect of GDPR in America.

~~~
ttul
Effectively, you will have it, because it applies to European residents, and
it is difficult for companies to know for sure that you aren’t a European
resident.

~~~
madez
Well, not so much if the companies are really willing to.

They can block traffic coming from European IP addresses and require a legal
document saying that the customer is not European.

~~~
pandler
So, for all intents and purposes, shut themselves out of the European market?

~~~
madez
Yes. "Obey our rules or stay out of our market" seems like a reasonable thing.

------
shady-lady
Hopefully it will also change the "move fast & proper security is an
afterthought" model of startups.

Years ago(in CS degree before professional work), I used to wonder & be amazed
by how fast new companies(mainly U.S.) moved so quickly.

It wasn't because they had some secret sauce or 10x devs, it was because all
they did was focus solely on features & take shortcuts. Their customers data
security was an afterthought - e.g. production DBs open to anyone in
company(even the world in some cases(mongo)), no auditing or logging of data
access.

Maybe YC(& other accelerators) will make a security expert available to these
people...because young adults with 0 professional experience will probably not
consider security & rely on the defaults of whatever stack they're using to be
good enough. Even less consideration will be given when they're fed &
surrounded by a grow fast at all costs mentality.

Good security in their products needs thought & critical analysis put into it
& I'm not sure new devs appreciate it.

~~~
dominotw
> how fast new companies(mainly U.S.) moved so quickly.

I've worked in startup/mid size companies outside U.S and from what i've seen
its totally inaccurate to say that startups outside U.S move slowly because
they take privacy/security more seriously.

~~~
shady-lady
The reason I mentioned US specifically was because VC funding to support hyper
growth was historically & (still is) way more common there than elsewhere in
the world(Western Europe specifically). A condition which seems to almost
mandate the grow fast at all costs mentality.

It doesn't preclude anywhere else in the world from being lax about security.
I also have worked for multiple small/mid companies in Western Europe and,
anecdotally for me, data & thoughts to security are held in much higher
regard.

------
sqdbps
The Equifax thing didn't result in regulation and that was an actual scandal
with real ramification not a pile-on by a press seeking to vilify an ad
financed competitor.

Funny how the Times is using silly _metafilter_ vernacular now:

"the consumer surveillance model" \-- it's the same business model that's been
supporting news publication for more than a century.

As for the GDPR it's similar to the recent digital tax proposal and numerous
other initiatives by the EU intended to attack US businesses, the US
government doesn't share that motivation and it must condemn and push against
these EU actions.

~~~
corvallis
>It's the same business model that's been supporting publication for more than
a century.

I think there's an enormous difference between advertising in print,
advertising on the internet, and what is currently the status quo, which is
active surveillance of all information consumed and every movement that
individuals make across the internet and in the real world by data linked
through GPS/ cell phone location, credit card purchases, etc.

I'm aware that this is the new reality, but comparing it to print advertising
(or even pop up ads of the early internet) is disingenuous at best.

~~~
username223
> comparing it to print advertising is disingenuous at best.

Right. First, print advertising could only target the entire subscriber base.
Second, they had a limited amount of data on you based on voluntary surveys
and census tracts, not a list of every single thing you read, and where you
are every minute of every day. Finally, print publications actually cared
about reuse/misuse of their address lists. The list they sold you would
include some addresses they controlled, so if you resold or reused it, they
would catch you.

There are ways to deliver effective ads with a whole lot less surveillance.

~~~
dbt00
Also credit card purchase records.

------
yuhong
I just wrote a second draft of my essay on this exact topic:

[http://yuhongbao.blogspot.ca/2018/03/google-doubleclick-
mozi...](http://yuhongbao.blogspot.ca/2018/03/google-doubleclick-mozilla-
essay-second.html)

Among other things, I wrote about the sharing of remarketing lists.

------
akerro
Guys, seriously. Why is this a surprise for people? Facebook is a corporation
that literally lives from analysing and selling data about everyone, even
people who have not signed up for Facebook, WhatsUp or Instagram accounts.

Facebook android application asks you for the following permissions when you
install it:

This app has access to: Device & app history

    
    
        retrieve running apps
    

Identity

    
    
        find accounts on the device
        add or remove accounts
        read your own contact card
    

Calendar

    
    
        read calendar events plus confidential information
        add or modify calendar events and send email to guests without owners' knowledge
    

Contacts

    
    
        find accounts on the device
        read your contacts
        modify your contacts
    

Location

    
    
        approximate location (network-based)
        precise location (GPS and network-based)
    

SMS

    
    
        read your text messages (SMS or MMS)
    

Phone

    
    
        directly call phone numbers
        read call log
        read phone status and identity
        write call log
    

Photos/Media/Files

    
    
        read the contents of your USB storage
        modify or delete the contents of your USB storage
    

Storage

    
    
        read the contents of your USB storage
        modify or delete the contents of your USB storage
    

Camera

    
    
        take pictures and videos
    

Microphone

    
    
        record audio
    

Wi-Fi connection information

    
    
        view Wi-Fi connections
    

Device ID & call information

    
    
        read phone status and identity
    

Other

    
    
        download files without notification
        adjust your wallpaper size
        receive data from Internet
        view network connections
        create accounts and set passwords
        read battery statistics
        send sticky broadcast
        change network connectivity
        connect and disconnect from Wi-Fi
        expand/collapse status bar
        full network access
        change your audio settings
        read sync settings
        run at startup
        reorder running apps
        set wallpaper
        draw over other apps
        control vibration
        prevent device from sleeping
        toggle sync on and off
        install shortcuts
        read Google service configuration
    

It does literally ask you to grant access to your text messages and call logs.
Why would anyone expect Facebook NOT to use that data? You all cant be such
native, right?

~~~
rando444
Most people aren't that naïve.

The problem is not allowing a company access to your data. The problem is
_how_ it's used.

Just because you allowed another company to handle your data should not give
them carte blanche to do whatever with it they want.

This is exactly why Europe created the GDPR.. to prevent your personal data
from being processed by companies in unintended ways, or sharing your
information with 3rd parties without your consent, and heavy fines for
breaking these rules.

Just allowing a company access to your data and giving up at that point is the
attitude that people are trying to change, because that's not the way the
world should work.

------
stedaniels
OT: is this domevent account a new bot on HN? The name, frequency of posts,
closeness to article published times...

------
dabei
Maybe we should pause and think what value does Facebook provide to the users?
Is that value worth the $400B? Given how much we are connected through all
kinds of channels, the answer is a clear no. Sure you can say their
advertising business is worth that, but if they don't provide their users that
much value it's not going to last.

~~~
beagle3
The value can be argued either way. But remember the old adage: The market can
remain irrational longer than you can stay solvent.

------
everdev
Data breaches can take down a business, but privacy concerns are there
historical examples of that?

My thought is management gets fired and the company changes course by the time
the bottom line gets measurably impacted.

Companies are much more likely to fail by not innovating fast enough.

~~~
IAmEveryone
Cambridge Analytica, in about three weeks.

------
ForHackernews
One can only hope.

~~~
bitxbitxbitcoin
If we continue demanding and building the tools that enable privacy, we will
be able to get there. More cuz of the building than the demanding.

~~~
portofcall
This is definitely the right attitude, and I’d add the critical step of
talking about these issues with people who don’t know about them. It’s
frustrating, it can be alienating and it definitely takes time, but it can pay
off. Nothing beats building a useful tool (like Signal), but even useful tools
require publicity.

