
Snapchat Employees Abused Data Access to Spy on Users - jmsflknr
https://www.vice.com/en_us/article/xwnva7/snapchat-employees-abused-data-access-spy-on-users-snaplion
======
dev_throw
I understand that centralized systems are much more efficient than P2P when it
comes to high bandwidth communication. But as of today, it would be possible
to create a completely decentralized Snapchat (signed ephemeral videos that
are shared between two parties). The routing would be the only non-trivial
component of this, but it could be solved with a DHT. Why do we continue to
trade convenience for privacy? Such a solution would protect from most third
parties, including government requests.

As someone without much knowledge of implementing decentralized communication,
am I missing some knowledge, or is it solely lack of interest?

~~~
stevewodil
What happens when one peer doesn't have internet access for a moment and a
snapchat is delivered at that moment? How do you build "retries" into a
decentralized infrastructure? If no server is storing the content, couldn't
someone fill up my phone storage simply by sending me videos repeatedly? The
infrastructure forces my phone to instantly download the content, because no
one is paying for storage of it before it gets routed to me right?

These are genuine questions because I don't understand everything either

~~~
jsharf
It wouldn't make sense for your phone to be part of a P2P network. It's only
connected to your radio tower, and not really anything else.

Also, you could define a maximum file limit size, and at that point your phone
would be considered backed up, and then if no other route is found, the
transfer is cancelled after a certain timeout.

~~~
inflatableDodo
>It wouldn't make sense for your phone to be part of a P2P network. It's only
connected to your radio tower, and not really anything else.

That is only a software bug.

------
malvosenior
I’ve heard early (~2008) Facebook employees bragging about this type of thing.
They used to specifically look at who was looking at other people’s pages (aka
“stalking” them). They were absolutely doing this for purely personal reasons
and thought it was cool enough to brag about it at parties.

------
deytempo
What is always strange is how everyone expects the default is this Not
happening. People are often bored and nosy and if given the opportunity, they
will spy on each other. All primates do this.

~~~
alanh
well… clearly employees Should Not do this.

Here's what you aren’t seeing, if I may: Consumers see the end product. They
intuit rules based on what they see. _I only see pictures and videos sent to
me, and then they are gone._ From this their mental model becomes _No one can
see media that is not sent to them, and the media is gone after it has been
seen._ This is strikingly different from the way a developer at Snapchat
models the world: _We run a big warehouse full of data and media. We present
this media to users based on logic that prevents arbitrary non-admin users
from seeing others ' content and from experiencing that content repeatedly.
Oh, and we should eventually get around to writing that cronjob to delete old
media. And once we rule the world, we can spend time playing with end-to-end
encryption, maybe._

People aren’t stupid (mostly). They are just ignorant (in the literal sense).
They are extrapolating in a way that makes sense in a physical world but not
in the digital world.

The clearest analogy is that of actual dice vs. video gambling or the virtual
spinner in a free-to-play game. With actual dice, what you see is what you
get: fair odds. But that virtual wheel is 'weighted' to end on the worthless
prize right after the jackpot space nearly every time.

------
smn1234
yet again the excuse is made, in defense of abusing data access privileges,
that ... "logging isn't perfect"

------
busymom0
Just a few days ago, I read about how Facebook fired employees who were using
internal data to stalk women. I am going to assume this is the case for all
social media:

[https://www.vice.com/en_us/article/bjp9zv/facebook-
employees...](https://www.vice.com/en_us/article/bjp9zv/facebook-employees-
look-at-user-data)

------
bschelsea
Complying with legal requests, fighting child pornography is not optional.
Unless you are of course Mastodon etc.

I don’t understand the article it quotes unnamed “former” employees who might
very well could have been the ones who got fired for improper access.

~~~
procinct
Can you explain your statement about Mastodon? I’m out of the loop on that one

~~~
alanh
i think the implication is that a platform need not police its content if it
is truly p2p and not actually storing or responsible for the content on it.
with mastodon, the company is not running the servers people connect to in
order to use mastodon, iirc.

------
matmann2001
Of course they did.

------
paulcole
Really shocked by the allegations. Has any unethical behavior like this ever
happened in a Silicon Valley startup before? Would there have been any way to
see this coming?

~~~
X-Istence
This post really needs a /s on it for full effect.

~~~
AlexandrB
I think without an /s it acts as a great sieve, sorting between the idealists
and the cynics. Personally, I got the satire right away (cynic).

------
microcolonel
I think Hacker News should start displaying "(duh)" at the end of headlines
about things that should have been obvious, or which could safely be presumed
in lieu of evidence to the contrary.

