
Why We Disagree with The New York Times - sqdbps
https://newsroom.fb.com/news/2018/06/why-we-disagree-with-the-nyt/
======
zaroth
Facebook’s response seems perfectly reasonable to me.

\- Obviously in order to integrate FB functionality into a Mobile OS UI
requires an API to render the data being displayed.

\- If your phone has a home screen widget which shows friend data, obviously
that friend data came from a Facebook API call.

\- If you type your Facebook username and password into a settings dialog in
order to enable that home screen widget to function, that’s pretty obviously
consenting to enable the functionality.

\- There once was a day when we _demanded_ our social media platforms to
provide these “open access” APIs to specifically allow for accessing our own
social feeds on our own devices.

We trust our user agents to render our private information on our devices.
Sometimes we even trust our user agents to leverage network services to
improve the on-device performance (i.e. Amazon Silk)

If and when user agents exfiltrate our personal data off device for data
mining purposes (i.e. Chrome Omnibar) it should be disclosed and opt-in.

It sounds like Facebook provided an API to device manufacturers to allow them
to deeply integrate social features on device. This has historically been
considered a Good Thing. It sounds like they put together a legal agreement
that required these device manufacturers to take due care in implementing
these features to protect user data. Also seems like historically this is what
we would call a Good Thing.

When you enter your username and password in order to view your Facebook feed
— that’s called a “user agent” and that’s something _appreciably_ different
than a third party quiz app sucking in friend feed data.

However, Chrome Omnibar aside, user agents are not expected to exfiltrate data
in any way, and if that occurred, that would indeed be a story I’d like to
read, and my ire in that case most certainly wouldn’t be directed against
_Facebook_.

~~~
michaelmrose
My email client has full access to the contents of my email but the author of
said client has none. Although my client has credentials these are stored
locally and like my email never communicated to the creator of my client.

If the device makers applications merely fetched data on behalf of users and
displayed it on their machine it would be no more of a problem than my email
client.

In the first place it looks the apis provided access to data the users had
opted not to share in the second place the times article seems to state that
partners partook of that data themselves rather than merely acting as a client
example

"Facebook acknowledged that some partners did store users’ data — including
friends’ data — on their own servers. A Facebook official said that regardless
of where the data was kept, it was governed by strict agreements between the
companies."

Before deciding if facebook's response was reasonable did you even bother
reading the times article?

~~~
mic47
> "Facebook acknowledged that some partners did store users’ data — including
> friends’ data — on their own servers."

This statement from the article is meaningless, as many legit things might
mean "third party storing data" as: 1.) Storing and editing contact imports,
if user wants. This is technically friends data, but it's my contact list. 2.)
Proxy-ing and caching: we are talking about shitty phones mostly before
android and ios were mainstream, so "store on their servers" could be as
simple as an artefact of implementation of non-html facebook client app on
that shitty phone. Example of such artefacts: custom notifications channels,
caching, downscaling of images. I think that blackberry did proxy all of their
communications through their servers (not 100% sure), so if Facebook was
available, they probably also had to store something on their servers.

The journalist didn't even attempted to distinguish between "my device is
calling this api" and "company is doing requests" and resort to conflating
those two and ambiguous "some partners did store users". This is example of
journalist trying to create a story instead of getting to truth. If they would
dig deeper, and try to figure out which companies stored data, what type of
data (was it contact import, caching, or did they download full graph?), and
what was purpose, it would be valuable article.

------
jbeckham
I had a Windows phone that used these API's. When Windows Phone 7 came out,
Facebook didn't create the Facebook App for that OS, Microsoft did. It looked
like what you expected Facebook to have built and it worked like the Facebook
App that other platforms had. The whole purpose of the API agreement with
Microsoft was to guarantee that the Facebook App they wrote would still work
years down the road. Microsoft did not have access to my data. They were
allowed to write an app that allowed ME to access my data.

The NY Times article makes it sound like Microsoft was allowed access to my
data. They were not. They were allowed to create an app that had access to an
API so I could access my data from the Windows Phone device.

~~~
detaro
The NYT article says that Facebook told them that some partners stored that
data on their servers. Do you have a good citation that this does not refer to
these device integrations, given you so strongly claim it doesn't? (It's very
well possible that it's a misleading quote by the NYT, or a misunderstanding,
but I don't see a clear answer in any of what we know) That's from my
perspective the critical point here.

~~~
albertgoeswoof
Surely that applies to every API in existence, for example, on the HTTP API
I'm using right now to post this comment, I know that Mozilla stores some of
my data on their servers (through FF Sync), and HN know that's possible, but
it's not up to HN to ensure Mozilla aren't taking that data and selling it
elsewhere.

~~~
eat_veggies
HN didn't design the commenting API specifically for FF Sync to use though.

------
albertgoeswoof
I unexpectedly agree with FB here.

If NYT are correct then we can kiss goodbye to APIs that are used by any
services that are not explicitly written and signed by the service provider.
In the extreme that means you won't be able to log in to facebook on the web,
only via a facebook app, because there's no guarantee that a 3rd party web
browser isn't stealing data. That goes for any and every service dealing with
personal data, and we pretty much lose the open web.

I want to protect user's data as much as anyone, but if a user deliberately
installs a 3rd party app and enters their credentials into it, then they are
consenting to that having access to their data under that app's privacy
policy/terms. This should be obvious to all users, especially where GDPR
advice has been implemented.

~~~
alangpierce
> In the extreme that means you won't be able to log in to facebook on the
> web, only via a facebook app

Taking that even further, if you really want to avoid the need to trust
anyone, you'd need to run an operating system created by Facebook running on
hardware created by Facebook. Otherwise, the OS and hardware vendors of course
have access to your personal data. I guess it's all a spectrum, and certain
hardware/software vendors you just need to trust (or at least assign blame to
them, not Facebook, if they maliciously steal your data).

------
seanalltogether
The limited responses so far in this thread only reinforce many companies
decisions to pull support for public apis. How many years have developers been
complaining that twitter and facebook have been restricting access to apis for
3rd parties, but now all of a sudden they're evil for ever offering apis to
begin with?

~~~
vorpalhex
There's nothing wrong with offering a public API. There's everything wrong
with offering a secret, non-public API where you give a third party I didn't
consent to full access to all of my data.

See how that's a bit different? One of them is offering public information
(say, stock quotes), publicly. One of them is offering private information (my
sexual orientation and date of birth) to tons of third parties I didn't
consent to having that information shared with.

~~~
esrauch
Surely it is only giving blackberry the information if you type in your login
credentials on a blackberry right?

I don't see how the situation is actually different now: if you run the
official Facebook app on your Galaxh phone then Samsung could scrape and
exfiltrate the data anytime it wants. It is Samsung's fault if they do it not
Facebook's.

~~~
jakelazaroff
According to the New York Times article [1] the third parties were able to
obtain information about you if a friend signs in on their phone, no consent
from you required:

 _> Facebook’s view that the device makers are not outsiders lets the partners
go even further, The Times found: They can obtain data about a user’s Facebook
friends, even those who have denied Facebook permission to share information
with any third parties._

[1]
[https://www.nytimes.com/interactive/2018/06/03/technology/fa...](https://www.nytimes.com/interactive/2018/06/03/technology/facebook-
device-partners-users-friends-data.html)

~~~
md224
Not siding with FB here, but their response appears to address this:

> Contrary to claims by the New York Times, friends’ information, like photos,
> was only accessible on devices when people made a decision to share their
> information with those friends.

Maybe the confusion is that FB isn't treating these integrations as "third
parties" since they're supposed to be pseudo-official FB apps?

 __Edit: __Thinking about it further, this is the crux of the matter, isn 't
it? Whether or not an FB-approved "mobile experience" counts as an official FB
app or a third-party app?

~~~
manquer
Sharing with friends is not the same as with data mining third party apps such
friends install

------
spankalee
I'm no huge Facebook fan - hardly use it these days, but...

These apps are just alternative Facebook clients. Don't we _want_ a system
where you can use different clients to access your own data?

If the problem is not trusting the client, well, that'll be a problem for any
such system, even some utopian fully open, distributed and federated social
network - until you build an open source client yourself.

~~~
gengkev
I think the problem is Facebook's lack of transparency here. As a user,
suppose I have some information that I've marked as "not available to third-
party apps". Then I might be surprised to find out that Blackberry's servers
have access to that data via a secret API, even if it is to implement a
"Facebook experience".

~~~
cjhopman
Would you also be surprised to find out that Mozilla (Firefox), Google
(Chrome), Samsung (Android Browser), Microsoft, etc. all have access to that
data?

------
criley2
Crazy that everyone in here is defending Facebook.

\- How on earth does Facebook justify giving direct API access to information
that users have, in every setting possible, marked as private?

\- How on earth does Facebook justify offering deep API access on users who
have literally disabled API access to their data?

It's ridiculous, and it's more ridiculous that users here are conflating
"basic API access with a sane permissions system to give you control" with
"deep API access with no privacy controls whatsoever that openly defy existing
privacy controls".

It's not acceptable, and frankly, this is EXACTLY why government regulation of
data online isn't a possibility, it's an inevitability. Because when the
penalty for ignoring the user's selection of "DO NOT MAKE MY DATA AVAILABLE
OVER THE API" and "DO NOT MAKE MY DATA AVAILABLE TO FRIENDS OF MY FRIENDS" etc
is now billions of dollars in damages and potentially criminal charges for
executives, _magically_ , these violations will stop occuring.

Until then, everything in this document is either a lie or sufficiently
legalese'd that it's worthless, just like the lies that they told to Congress,
just like Zuckerberg's lies to E.U. as well.

I cannot wait until it is a crime to share private user data against their
will. We live in a wild west and the past 10-15 years are proving just how
much sheer damage we have caused in society by not criminalizing disrespect of
digital privacy.

~~~
prepend
“How on earth does Facebook justify offering deep API access on users who have
literally disabled API access to their data?”

Here how it seems really non-crazy to me as a programmer. Let’s say I make
phone with a Linux OS. I want to make an app to let users check Facebook on my
weird OS. I ask Facebook, they say no. I then build an app to call their API
and let users do stuff.

All my app does is call the API and show it to the user. In order for the app
to function it has to use private data. But the data are not retained or
analyzed, just used to operate the app.

This is how all 3rd party apps work. The APIs were not for the general public,
but only to trusted third parties. The alternative is that only Facebook can
build and show apps.

So this is pretty much how APIs have worked forever and why you only install
apps and log into apps you trust.

It would be like complaining that Adobe Reader can read private files from
your laptop via Windows/Mac APIs. Of course it can, this is good. It’s bad of
Adobe were to misuse the data.

~~~
pmontra
Private means that I (the user of my own FB client) can see my private data.
That's obvious. What must not happen is that I can also see data that my
friends, or their friends, marked as private. This doesn't happen in the
official FB client and must not happen with any API.

~~~
prepend
And it didn’t happen with FB’s API. Your friends could see their private data.
You could see yours. The apps were not able to show your private data to
friends and vice versa without breaking their contract with FB.

It would be like being concerned because both you friends both use Chrome to
access your individual, private bank accounts. Google accesses your private
information, with your permission, to display data on your screen. It’s only
bad if they misuse that data.

------
kerng
This is the same they said about Cambridge Analytica initially... but you
can't just blindly trust others (in this case apparently 60 companies got
priviliged access). If it's technically possible, then someone will do it.
When your data is gone, its gone.

How naive is Facebook really?

~~~
dreamcompiler
They're not naive at all. When it's not in your business interest to
manipulate reality, you manipulate perception.

~~~
nemild
I think it's a more complex picture. I did my own deep dive after years of
reflecting on this:

 __Inside the Bubble at Facebook __

" Management will laud what employees do, show them selective facts that
justify their views, and hire/promote those who behave similarly to them.
Employees in isolated teams with training in a single function may not realize
the broad, unintended effects of their company's work. They'll assume the best
of their coworkers that they've developed friendships with from working in the
trenches, without inquiring into the larger effects they're having."

[https://www.nemil.com/tdf/part1-employees.html](https://www.nemil.com/tdf/part1-employees.html)

Would love feedback.

~~~
assblaster
Sounds like nuclear weapons research in Tennessee during World War 2: only
inform employees enough so that they can carry on the work without
jeopardizing the mission (building nukes vs building a platform which owns
people's information).

~~~
dsfyu404ed
Telling people "just enough" was more of a security thing than a psychology
thing.

X vs the Manhattan project isn't really a good test for the ethic of working
on X.

You don't need to work hard to motivate people to start creating the atomic
bomb when the Nazis are doing the same thing and a good chunk of your team
fled the Nazis.

You don't need to work hard to motivate people to keep working on an atomic
bomb when the alternative is a few million people being killed in the invasion
of a bunch of islands that the inhabitants have pledged to defend to the death
and thus far made good on their promise.

The Manhattan project is much less morally ambiguous than recent tech scandals
(the words "recent" and "scandal" relative to the general population, people
who follow tech have seen this stuff coming a mile away) because the cost of
inaction in 1945 was so much higher than today. It's not like anyone was
working hard to make Facebook IPO happen because they thought it would
slightly reduce the chances of their relatives dying half way around the
world.

------
mlb_hn
Facebook's making the distinction between allowing a device to offer Facebook-
like services (which require Facebook functionality) and third-party apps that
suck up all your friend data.

On the one hand, Facebook's got a point, that if you want to be able to use
Facebook on a device without going through the Facebook app or the website the
device needs to be able to authenticate onto some sort of API.

On the other hand, the NYT article makes the claim that the makers of the
devices got access to the Facebook data, writing "Facebook acknowledged that
some partners did store users’ data — including friends’ data — on their own
servers". However, Facebook never followed up on that in their article, just
pointing out that if you are logged into Facebook on a BlackBerry that the
BlackBerry can make the same requests you could if you were logged into
Facebook through the web browser.

The question that matters which neither side addresses well is how much of
that data makes it to device maker servers (for a while, the NYT homepage was
claiming 'dozens' but they removed that and it doesn't appear to be
substantiated in the article).

There are related worries with the device having access to the Facebook data
itself, but at that point you need to start worrying about malicious activity
by device makers in general. E.g. will my phone start sending my web history
back to its maker as well? my bank account numbers?

~~~
arcbyte
The fact that "data made it to device maker servers" is a stupid, meaningless
point. Of course it hit their servers. And it should hit their servers. It's
idiots who don't know what they're writing about causing hysteria among
idiot's who don't know what they're reading in order to sell advertising
dollars.

And the whole time they're pointing at facebook as the corrupt ones.

~~~
mlb_hn
I'm not sure it's meaningless. It seems to me that there is a distinction
between [device manufacturer X is building their own copy of Facebook's graph
by acquiring friend data] vs [device manufacturer X allows a user to login to
Facebook and access friend data on their device without having to use the web
browser].

~~~
arcbyte
Nobody was doing either of those things. Theres a whole plethora of innovation
and social network competition and integration that happened in the 2000s.
Google Friendfeed.

------
supercanuck
It seems they don't really disagree but are simply saying, its not as bad as
you think. Is there anything factually incorrect in the New York Times
reporting?

~~~
makomk
It's one of those articles that's technically true-ish so long as you redefine
words to mean something very different from what people would expect them to,
but is written in a way designed to misinform basically everyone who reads it.

For example, when they say "Facebook Gave Device Makers Deep Access to Data on
Users and Friends", they mean Facebook let them write software that could be
run by their users and give those users access to information their friends
had shared. There's nothing technically untrue about this, but it gives a
false impression about what information Facebook made available to who. It
makes it sound like Facebook gave a big fat chunk of user data to device
makers as a bribe to include Facebook on their devices, when in reality we're
talking about giving their software the access it needs in order to actually
provide access to Facebook in the first place.

I've seen a lot of very confused comments here and on Twitter as a result.

~~~
pishpash
> It makes it sound like Facebook gave a big fat chunk of user data to device
> makers as a bribe to include Facebook on their devices, when in reality
> we're talking about giving their software the access it needs in order to
> actually provide access to Facebook in the first place.

These two things are not mutually exclusive. They effectively did both, even
if the intention is unclear. You must have forgotten how bundled apps on OEM
Windows worked.

------
bluesign
NYT says: ‘Some device makers could retrieve personal information even from
users’ friends who believed they had barred any sharing, The New York Times
found.’

FB says: ‘Contrary to claims by the New York Times, friends’ information, like
photos, was only accessible on devices when people made a decision to share
their information with those friends.’

This is the only disagreement as I can see.

~~~
romwell
Well, this is a huge difference.

If FB is correct here, then the whole thing is a non-issue. Some API giving
access to the data otherwise available through a _web browser_ is a _good
thing_.

On the other hand, if an API provides access to information that isn't
accessible through a web browser (and doesn't show in the official FB app),
then it's reasonable to loudly complain.

~~~
rando444
NYT said _relationship status, religion, political leaning and upcoming
events, among other data_ were shared.

FB saying "we didn't share photos" is trying to say "well, we didn't give away
everything"

------
captainmuon
Incredible, they are using the current controversy to represent their locking
down of the API in a good light. Facebook didn't restrict their API because
they were privacy-conscious. They restricted it so you could not build
experiences they did not want:

\- You cannot sync your address book contacts with facebook in order to get
profile pictures (you used to be able to do this)

\- You cannot write an alternative Facebook client (with a better timeline, no
ads, ...)

\- You cannot write a complete bridge to another social network (e.g.
implement Federation)

\- You cannot build a P2P (serverless) application over Facebook. E.g. a chat,
or something to send a file to a friend on Facebook, or to initiate a
TeamViewer-like session.

All of these are either explicity forbidden by policy, or have been closed by
specific changed to their API.

To be honest, I don't care too much that people were able to scrape data I put
up voluntarily. The German Facebook clone was called StudiVZ - Student's
Directory. This sounds a lot like a telephone book, and that was the mindset
and expectation I had when signing up to Facebook. Create and curate a profile
for friends and friends-of-friends to see, and I didn't care much if others
saw anything, because it was irrelevant to them. I mostly cared about meeting
people - being found, and finding other people. In this light, I'm more
concerned about data freedom than data protection. While the latter is
important of course, it's unfortunate that the former is always forgotten.

------
arh68
A lot of people are missing the point, debating whether this was reasonable or
not.

Mark got away with telling Congress ~"we don't share with third parties" and
now they're saying Blackberry's not a third party.

If it's all okay, why didn't Mark come clean? and tell his Congressmen? He had
a chance to explain this arguably-harmless behavior, but he chose to sidestep
it. Why? Did he not understand the question?

It's fine that this data-sharing is maybe reasonable. It's not fine that Mark
withheld this from Senators. This is _exactly_ what they were asking about,
and given the chance to _explain_ , he chooses silence. He gets to avoid the
public debate while the techies argue amongst themselves.

~~~
Sacho
It seems like Mark would always have to answer 'yes' to that question, since
accessing Facebook via the web means you share your data with Google(Chrome),
Mozilla(Firefox), Microsoft(IE), etc..

(Also any OS/kernel manufacturers who get access to your data through your
usage of the OS or TCP/IP stack).

Facebook is sharing your data with Blackberry in the same manner.

I don't even see a consent difference, since you need to explicitly consent to
sharing your data by entering your Facebook user/password into the Blackberry
UI app. Similar to how you write your user and password into Chrome, thus
"sharing your data" with Google. It also doesn't seem like there's any
evidence that the UI apps were _intended_ to _secretly_ collect and store
data(Was "The Hub" an unknown feature?)

I don't believe the evidence presented here invalidates Mark's answer. His
answer would have been meaningless if he had taken the definition of "third
party" put forward in the NYT.

------
phlo
In this specific instance, the Times article might be overblown.

They specifically mention that they were able to use BlackBerry Hub with a
reporter's account to query Facebook data. The article never states whether BB
Hub connects to Facebook directly, or whether it receives data from a
BlackBerry-operated service.

The latter case is clearly user-hostile. If BlackBerry (the company) can read
user data and Facebook claims not to allow 3rd-party access, then that is bad,
and it should be treated as a breach of the user's trust.

The former case is more complex. As a user, I care a great deal that I can
access Facebook using my choice of browser, whether that's Chrome, Firefox or
Edge. I shouldn't be limited to the top three either. Some users may prefer a
browser that works with their screen readers, others may prefer the built-in
browser in their smart TV, and others yet might prefer a unified messaging
app, like BB Hub.

The distinction between what happens locally or in the cloud is often unclear,
and it's not getting any better. Chrome on Android wants to accelerate mobile
connections by routing them through a compressing proxy. I can get an extra-
secure version of chrome from authentic8 to protect against malware, with the
caveat that it runs in their datacenter.

I feel that the tech industry in general, and Facebook in particular are
struggling to tell users what happens with their data. Sometimes it's because
things actually are complicated, and sometimes just to hide obvious overreach.
The obvious blowback: complaints, strict regulation and mistrust. As the
people who build and run systems, we should strive to do better. Regain the
trust lost by past mistakes, and get back to the point where one could
realistically apply hanlon's razor to reports of user surveillance.

------
textmode
The author does not provide a link to the NYT article to which this is a
response. Maybe it was just an oversight.

[https://www.nytimes.com/interactive/2018/06/03/technology/fa...](https://www.nytimes.com/interactive/2018/06/03/technology/facebook-
device-partners-users-friends-data.html)

------
bo1024
This is a really interesting moment and is worth some introspection.

On one hand, Facebook is clearly correct: If FB makes an API, and a user gives
an application (written by a third party and run on a fourth party's device)
their username and password, then FB cannot be blamed for the application
using the username, password, and API to retrieve private data. Indeed, that's
the point.

On the other hand, appearances make it look like Facebook is hiding some
things: why is this not a public API? What trust are you putting in these
third parties, what are you giving them that not everyone would be trusted
with?

But most of all, people are waking up to the vulnerability of their private
data. They are realizing that some things they've been taking for granted for
years are dangerously insecure. So we have users, such as reporters, suddenly
realizing that their device has access to all the data you view on it. Any
third party app you give your FB uname/pwd to has access to everything on your
Facebook, and the only limitation is whatever their terms of service are. (So
does any software that app runs on top of.) Coming to this realization, we see
backlash not always correctly directed. It would make at least as much sense
to call out those third parties rather than FB, and ask them to prove they do
nothing nefarious with this trust.

Is it too optimistic to hope this will stir mainstream interest in free and
open source software?

------
arthurofbabylon
In this FB response, they seem not to disagree with any of what the NYTimes
had to say. This is called justification, not disagreement.

------
AzzieElbab
Your real data has already been mishandled by anyone from banks to healthcare
providers to governments. This mass hysteria about FB is just silly nuisance
constantly getting blown out of proportions by turf wars between FB and
traditional media Oh and this particular case FB is calling the nyt fake news

~~~
theyinwhy
With all that inside knowledge you probably should blow the whistle.

~~~
AzzieElbab
whistle whistle

------
davidw
The fact that you can't read messages (without switching to 'desktop mode') on
their mobile web app is such horse shit. Yuck.

~~~
hackerman12345
That's what the Messenger app is used for.

~~~
saudioger
Well no... there's nothing technically stopping them from supporting messages
on mobile.

This is what they do on mobile:

* Lie to you about how many messages you have

* Ask you to install an app to see those messages

* Upon installing the app, give them permission to mine your data

------
duxup
>These partners signed agreements that prevented people’s Facebook information
from being used for any other purpose than to recreate Facebook-like
experiences.

Two people you don't know made a deal about how to use your information
without telling you. There is no reason to think they are going to keep that
deal, no reason to think anyone is actually checking up on your information,
and no reason to think either of them cares... and no way to know if anyone
actually keeps the deal... and probabbly no recourse even if you did know
someone broke the deal.

------
agentPrefect
As a non-user of Facebook, I completely take their side with all of this.

1) If people don't want to read the fine print, whose fault is that? 2) How
have we gotten to a point where we are abdicating our choice voluntary, and
then acting begrudgingly toward the new owners when they misuse it?

I must apologize for my cynicism here, but we've been going around this
mountain for a very long time now (circa 2013 IINM?). I'm getting tired of
hearing how people are feeling violated due to their own actions.

------
md224
Correct me if I'm wrong, but my impression is that this all comes down to one
basic question:

Does a Facebook-approved "mobile experience" count as an official FB app or a
third-party app? It seems to me that the FB post is trying to frame it as the
former, and everyone who's upset is trying to frame it as the latter.

Is that what this entire disagreement is about? Because if it is, maybe it
would help if we just focused on that question.

~~~
pishpash
Did you consent to anything that Facebook approves when you consented to using
Facebook? Did you consent to the transitive property?

How does Facebook approving of some obvious third party make the third party
not a third party? Approval and third party status are orthogonal.

------
bobbyi_settv
I didn't read/ watch the testimony before Congress. Did they flatly claim that
"we no longer share private information with third parties"? Because if so,
this post seems to confirm that that was a lie, even they give (arguably) good
justifications here for why they share private information with some third
parties.

------
niuzeta
This is the article that this article responds on:
[https://www.nytimes.com/interactive/2018/06/03/technology/fa...](https://www.nytimes.com/interactive/2018/06/03/technology/facebook-
device-partners-users-friends-data.html)

~~~
julien_c
This should be the top comment.

------
chiefalchemist
Perhaps Zuck isn't as bright as we all think? This reply is far too tech-
heavy, and jargon-littered to be taken seriously as a reply to something as
mainstream as the NYT.

Their PR problems aren't rooted in SV, yet that's who this is targeted to. It
doesn't make (good brand) sense.

~~~
JumpCrisscross
> _Their PR problems aren 't rooted in SV_

Silicon Valley is the last place I'm consistently hearing full-throated
defenses of Facebook. It makes sense to keep one's base in order.

~~~
chiefalchemist
That might be sure. But it's still not their bigger / biggest PR problem.

~~~
JumpCrisscross
> * it's still not their bigger / biggest PR problem*

It's the only one that could matter to them. Congress flopped when Zuckerberg
testified. They are clearly no present threat. And we haven't seen a wave of
action from states' attorneys general. We have no evidence users are
decamping. And by extension, the advertisers are staying.

The only weak point is in (a) recruitment and (b) political support from the
tech community. The first can be solved with money. Fortunately, Facebook has
pots of that stuff. The second relies on keeping the armies of defenders, who
call every Congressional office on their own accord on a strikingly-regular
basis, working.

For an example of what happens when one loses their base, look at Uber. It
went from teflon to pariah virtually overnight.

~~~
chiefalchemist
> We have no evidence users are decamping.

Last I saw (on HN) was teens usage is down.

As for Congress...do you trust them not to loop around again?

The fact that FB believes SV is all they have to focus on is what created this
mess in the first place, yes? Nuff said.

~~~
Bartweiss
> _Last I saw (on HN) was teens usage is down._

Teen usage has been dropping for a while, though, with corresponding rises in
Twitter, Instagram, and Snapchat. Are there numbers saying teen usage reacted
to these stories at all?

------
newscracker
Security related issues need some time to investigate and to produce a proper
report. This post seems like a knee jerk reaction. Actually, while this sounds
like more PR fluff in a poor attempt to stem more scrutiny, I'm confident that
there will be more reports from other sources providing a stronger case
against Facebook's claim on this topic. This post makes it clear that Facebook
is clueless if there are any weaknesses or breaches (despite shutting down 22
partnerships).

------
miracle2k
The New York Times should be ashamed of itself. Facebook let companies like
Apple integrate with their platform.

To do so, these companies sent the same sequence of bytes from your mobile
phone to the Facebook server, as the Facebook app does, or as any person can
do. I can write my own Facebook app today, and there is nothing that Facebook
can do about it, except sue me.

THAT IS A GOOD THING. LITERALLY FIVE MINUTES AGO THE COMMUNITY WAS FIGHTING IN
THE COURTS FOR PACKAGES SENT OVER THE INTERNET TO NOT BE CRIMINALIZED.

Remember the whole thing about violating the terms of services of a company
which forbids scraping making you a criminal hacker?

The only thing Facebook said to Apple is: Let's make a deal, we will not sue
you, you put our logo into your phone, also we promise not to break your app.

No data was given to anyone! This is literally my iPhone/Samsung/Blackberry
running an app that gives ME access to MY Facebook data.

It doesn't even go to Blackberry's server! The nerve of people to pretend as
if the data ON MY PHONE is someone in the hands of a third party, as if my
phone really belongs to the manufacturer. Again, we used to be fighting for
the idea that these devices should belong be unlocked, should be under our
control. Now you guys pretend that data my phone downloads from Facebook is
somehow a violation because I decided to use an app that someone else wrote.

There is no possible universe in which that is bad. Think about the
ramifications of these new ethics that people suggest here.

~~~
detaro
The NYT article says that Facebook told them that some partners stored that
data on their servers. I note that this Facebook rebuttal does not refute that
point in regard to the device partners. (Which could be a possible confusion
or misleading quote in the NYT article, conflating all partners with the
device integration partners, so I'd like it to be clarified somehow)

~~~
miracle2k
Sure. I still think that is fair enough, in particular since there are actual
contracts involved here.

However, as you say, it is not clear at all. If that is the problem, the New
York Times should write an article about that, not 5000 words of all kinds of
insinuations, with the goal, it would seem, to generate the maximum amount of
confusion, least amount of education, and thus the most amount of outrage.

------
mcguire
" _Contrary to claims by the New York Times, friends’ information, like
photos, was only accessible on devices when people made a decision to share
their information with those friends._ "

Hasn't FB had a history of assuming the decision was positive if the user
didn't opt out, through a difficult procedure?

------
Rjevski
Oh I am so sad, Facebook is “victim” of lies and poor reporting, let me get my
tiny violin.

Facebook lies every possible time, it’s built into their perverse business
model. Even if the article was actually wrong, it’s only fair that they get a
taste of their own medicine every once in a while.

------
fixermark
It is, of course, useful to remember that "These partners signed agreements
that prevented people’s Facebook information from being used for any other
purpose" was ostensibly the back-stop against the mass-harvesting undertaken
by Cambridge Analytica, also.

------
mushro_Om
I feel the response is similar to Apple's antenna-gate. Using competitors
along to prove their point. Could have communicated better. Good that they
took steps couple of months ago to close their legacy APIs. That's the only
key takeaway from the post.

------
blueprint
> It’s hard to remember now but back then there were no app stores.

Bunch of nonsense. Of course there were.

~~~
coding123
Yep - I recall that the first iOS version that pre-integrated FB I recall
specifically writing an email to a friend of mine that worked at Apple to
blast Apple for including it - when there was a perfectly viable option for
them to use the app-store. They didn't reply to that email, but we remained
friends. That was about 8 years ago.

------
bbzealot
A bit off-topic, but it bugs me how the picture in the article shows a
Blackberry Bold running the BB10 OS, which never supported such device. I
wonder why they showed a (probably) photoshopped device instead of a real one.

------
djhworld
> All these partnerships were built on a common interest — the desire for
> people to be able to use Facebook whatever their device or operating system.

Facebooks best interest, not 'common interest'

~~~
methodover
No, the user's interest. Users were logging into these devices, presumably.
They wanted to access their Facebook account on them, Facebook and the device
manufacturer figured out how to do it. It sounds like everything is working as
intended, there.

------
ptero
> These partners signed agreements that prevented people’s Facebook
> information from being used for any other purpose than to recreate Facebook-
> like experiences.

That is a big door and a pretty open use case. I am not buying into "and this
is actually good for the users" story.

To me, FB must clearly choose how to handle this: (A) "we made a mistake,
sorry; we will fix it" or (B) "this is working as designed; if you do not like
it, go away". They could probably justify either case both internally and
externally (better ethics vs better revenue), but trying to stand in the
middle as they have often done in the past will likely backfire. Buy more
popcorn. My 2c.

------
diogenescynic
Who in their right mind would trust Facebook over the New York Times? Try
again Facebook. I’m kind of glad they are doing this, I think it will speed up
their decline in the end.

------
AdmiralAsshat
"We Disagree": the last refuge of a company's defense when they have
absolutely nothing else to counter or rebuke their opponent's argument.

------
GuardianCaveman
It seems like a lot of Facebook employees are commenting on this thread. I
wonder if they have tools to influence the public argument similar to the
Russians.

------
amaccuish
I wouldn't be worried about BlackBerry, it's Samsung. I will never use their
phones again with their fingers over every part of the Android pie.

------
ddtaylor
I don't have high expectations for a company that says they take privacy
seriously while constantly invading it and playing dumb.

------
paradroid
People don't read terms of service. In using your phone who knows what you
agreed to let your phone company do with your FB data.

------
whytaka
So will Facebook take legal action against these companies who violated their
service agreement?

------
oculusthrift
Imagine if this same thing happened with Microsoft and imagike people’s
reactions.

------
vqng
lol where are these people back then when Facebook released the APIs? I bet
even if they were asked to give consent, they would not be able to foresee
what's happening today.

------
saudioger
Their argument here is basically like being accused of murder and using "since
murder is illegal, we did not murder someone" as a defense.

------
Jaruzel
> This took a lot of time — and _Facebook was not able to get to everyone._

Spoken like the true Anti-Privacy Overlords they are. :(

------
mathinpens
writing this was a mistake. this is clearly a deceptive pr spin fluff that is
entirely non-responsive to the specific concerns raised in the new york times
article.

------
jacobsheehy
It reads like a long defensive argument, "how else did you expect us to make
huge sums of money"? It is exactly as tone-deaf and legalese as you would
expect. There is no new information here; Facebook says legal contracts
actually protect your data so it can't go anywhere, "just trust us", etc.

> These partners signed agreements that prevented people’s Facebook
> information from being used for any other purpose than to recreate Facebook-
> like experiences.

That sentence does not make any sense. Signed agreements _do not prevent_ your
information from being used in other ways. That's insane, literally.

> Contrary to claims by the New York Times, friends’ information, like photos,
> was only accessible on devices when people made a decision to share their
> information with those friends.

In the past, Facebook Legal has stated that once a Facebook user has signed
up, they consent to having psychological experiments performed on them with no
further notice or direct consent. Facebook has acted on this and intentionally
made hundreds of thousands of people fall into a depression, just to see if
they could, and then they bragged about it. The sentence quoted above
_actually_ means "friends’ information, like photos, was only accessible
[whenever and however we wanted to]" as Facebook considers those people to
have _already_ "made a decision to share their information with those friends"
when they signed up.

~~~
_red
>Signed agreements do not prevent your information from being used in other
ways. That's insane, literally.

The real insanity is with the users. FB did the most obvious thing. The user-
base somehow magically thought they were providing all those free services
because they were nice guys.

It was obvious to anyone since the beginning that FB was a clearinghouse for
private data trading. How else could the model remotely work?

~~~
untog
> It was obvious to anyone since the beginning that FB was a clearinghouse for
> private data trading.

I tire of this argument that users should _obviously_ know they are trading
their personal information in return for access to a service. They don't know
this. It's obvious in a conversation with any (even lightly) tech-illiterate
person that nothing about how the modern internet economy works is obvious.

Think back to the emergence of the web as a truly popular medium. There was no
Google Analytics, no FB tracking buttons that follow you around on every web
site you visit (that one is particularly egregious - FB users are tracked even
when they aren't on facebook.com, and we expect users to just know this?),
just advertisers buying a banner ad slot from the owner of a web site. Back
then social networking was, what, AIM? That was free and they didn't harvest
user info for it. The change has been gradual, and the idea that users should
have kept up with every development that led us to where we are today is
preposterous.

When this has happened in the past the answer has been clear: knowledgable
people come together to pass laws that benefit individual citizens who have
neither the knowledge nor time to learn.

~~~
vasilipupkin
Sure, but do we just absolve people of all individual responsibility to think
even a little bit and make educated choices? I think there is more evidence
that people just don't really care about this issue. After all of this came
out, FB use didn't really go down.

~~~
acjohnson55
I think it's absurdly unrealistic to expect people to do in-depth due
diligence on all of the services they use. Modern society requires us to trust
innumerable service providers and _their_ dependencies to enable so much of
the convenience we take for granted. What little knowledge we do have about
abuse comes from the accountability of these companies to regulators like the
FTC and FCC.

Realistically, I think we have three choices:

\- We can't have nice things.

\- Rampant exploitation of individuals, due to vast asymmetry of information.

\- Regulation, with its costs and inefficiencies.

But I think there's very little precedent of real accountability deriving from
collective consumer action, even in cases of overt abuse (think Wells Fargo).

~~~
vasilipupkin
I disagree completely, honestly. If you are signing up for a service like
Facebook and they are asking you to click a bunch of boxes, it's not
unrealistic to expect you to

a) either understand what you are clicking on or b) just refuse to click on it

what is unrealistic is to expect society to babysit you every single time a
moderately complex choice is presented to you.

~~~
untog
But surely all the evidence suggests that it _is_ unrealistic, given that
reality shows us over and over that people don't read these boxes before
checking?

Do you read the entirety of every twenty page EULA before using a new app?

~~~
olkid
Actually, I do(almost always). But, that leads to it's own set of issues. My
banking session timed out before I finished reading it. Another service I've
been using for over 10 years just added new legal that I don't agree to... now
what? That service has a network effect... so, I have to leave? drat! Truth
is, most online services ask for more than I am willing to concede. That is an
issue.

------
zajd
"Because we're paid to" \- FB PR team

------
billysielu
Funny they don't like fake news when it's about them.

~~~
zakk
It seems to me that the NYT allegations are not exactly fake news...

------
dbg31415
In every situation, people from Facebook would probably be better off if they
didn’t talk.

This article is really just skeezy. Reads like “we were just doing all the
stuff you accused us of, but it’s ok because we are huge creeps too.” It’s so
cringe-worthy.

~~~
mkirklions
FBs reputation reminds me of AOL....

------
stealthefocus
The one thing I really miss since leaving fb in March, are the groups. Things
like playing in local sports pickup games are easier because everyone has fb
so the groups were more active. I now use my wife's account for this, but I
really wish another option had some traction, then I could leave fb forever.

~~~
mkirklions
I dont think there is anything wrong with using FB for things you want.

I dont scroll anymore. I check it for events and messages.

Thats it.

Do that 1-2 times a month, all my facebook needs are met.

~~~
oprah2018
I don't even read anyone else's posts. I just post pictures of my amazing
life. I use it like a diary. Or a time-series multimedia database.

