
Facebook Gave Device Makers Deep Access to Data on Users and Friends - sna1l
https://www.nytimes.com/interactive/2018/06/03/technology/facebook-device-partners-users-friends-data.html
======
arthurofbabylon
Most notable pieces I took from the article: 1) Facebook does not see third
parties (such as BlackBerry) as “third parties.” 2) Facebook told Congress
that it disabled third party access to user data, but in actuality did not.

My own strong interjection: Facebook’s competitive advantage is its disregard
for ethics. Somehow, Zuckerberg has been able to convince a lot of smart
people to do unethical things and build unethical technology, while the
competitors have a harder time doing the same. This disregard for ethics has
allowed Facebook to “grow at all costs.” Meanwhile, the more conscientious
programmers and entrepreneurs (or at least those held more accountable) are
busy wrangling with the real challenges and intricacies of civilization. (I
personally prefer it that way - I like my work being tied to the well-being of
society.)

~~~
TAForObvReasons
> This disregard for ethics has allowed Facebook to “grow at all costs."

There's a great phrase for this: "move fast and break things". When you
believe it is ok to break small rules and norms, it becomes easier to break
larger norms and ethics and rules. This philosophy took SV by storm, but at
its core it's always been about disregarding things like laws and ethics, and
now we are seeing the world that created.

~~~
greglindahl
You might think that that's a great phrase for it, but many other people don't
interpret "move fast and break things" to mean what you think it means.

I'm all for criticizing things that have gone wrong, but you're using an
overly-broad brush.

~~~
tmalsburg2
I wish I could agree with you're more nuanced viewpoint, but seeing a whole
industry making insane amounts of money based on abusive and deceptive
business models suggests that there truely is a broader issue. Whether the
underlying attitude is best describe by "move fast, break things" is debatable
but we can't easily dismiss the idea.

~~~
Vinnl
I think the point is that that quip usually refers to technical breakage, i.e.
"it's better to ship more often and potentially break something that you then
fix equally quickly, than spending thrice as much time analysing the problem
to ensure there's no breakage in the first place". In other words, an entirely
different meaning that what the grandparent meant when they said it was a
great phrase for it.

~~~
Angostura
The point that the poster was making was that while the phrase normally refers
to its technical development philosophy, it seems that it also seems to
reflect Facebook's attitude to other issues, such as regulation and privacy.

~~~
sharemywin
and uber and theranos. and probably others. airbnb had a lot of people that
broke their leases and deed restrictions and local zoning laws.

------
knoepfle
What is this describing? First-party apps with Facebook integration and/or OS
features connecting to Facebook? The leakage of Facebook information onto
MS/Apple/Blackberry servers would be concerning, but having Microsoft software
connect to Facebook on a user's device sounds harmless (to the extent we trust
MS/Apple/Blackberry software to not leak information so accessed). Right now
I'm giving Apple similar access to every single communication I make through
my computer, to my bank accounts and health records, to all the work I do for
my employer.

This distinction wasn't made clear in the story (or I can't read) and it's an
important one. Privacy is complicated enough already.

~~~
saagarjha
Yes, I didn't quite understand that. Apple had this to say:

> An Apple spokesman said the company relied on private access to Facebook
> data for features that enabled users to post photos to the social network
> without opening the Facebook app, among other things.

So is this like what connecting your Facebook account in Settings does? Allow
you share pictures through the share sheet in Photos or whatever? What does
Apple get to see, and what stays on the device?

~~~
GeekyBear
>is this like what connecting your Facebook account in Settings does?

It depends on the platform.

On iOS you could post various types of information to Facebook, and you could
sync Facebook contact and calendar data to the local device.

[https://www.cnet.com/how-to/understanding-facebook-
integrati...](https://www.cnet.com/how-to/understanding-facebook-integration-
on-ios-6/)

Aside from letting you share information and sync Facebook contacts and
calendars, Windows Phone 7, for instance, pulled in a lot more data to
populate it's People hub.

>For all intents and purposes the People hub is the Facebook app for Windows
Phone 7. If you’ve supplied your Facebook login, the default “what’s new” tab
will serve as your news feed.

[https://www.anandtech.com/show/3982/windows-
phone-7-review/7](https://www.anandtech.com/show/3982/windows-
phone-7-review/7)

~~~
reaperducer
Apple told the Times that it wasn't involved with this since September of last
year. I wonder if this is why it's no longer possible to update your Facebook
status from the Notifications panel.

------
hackinthebochs
This and the discussion here is obnoxiously bad. Facebook gave some device
makers special APIs to access authorized data. This is literally no different
than a web API or scraping facebook HTML, just more streamlined. What you guys
seem to be objecting to is that non-facebook code was able to interact with
authorized user data. But that is a necessary feature of displaying data of
any kind (unless facebook owns the entire software stack). This is a non-
story.

And HN's facebook derangement syndrome continues.

~~~
Latteland
No, you are wrong, this is a pretty egregious mistake. They defined device
makers as service providers, and then allowed them to do things that even
third parties weren't allowed. Yet they claimed they shut that stuff off to
third parties (so they lied by omission). "No, we don't allow third parties
anymore to do that kind of stuff" (but there's this large group that can do
it, but we aren't calling them third parties). This wasn't just another way to
get at the data. The NYT article goes into some detail about what they allowed
them to do.

~~~
zaroth
This is like saying that Chrome, Edge or Firefox are “third parties”.

Embedding user agent functionality into the OS is _not_ the same as third
party access.

Talk to me when a device manufacturer is caught exfiltrating this user data
off the phone and then aim your pitchforks at _them_.

~~~
cyberpunk0
Google, Firefox, and Edge are not Facebook so yes they are third party.

~~~
cjhopman
And does it upset you that when a user signs into facebook in one of these
browsers, facebook allows the browser access to that user's data and even data
of that user's friends? Even when those friends have explicitly disabled
sharing of facebook data with third parties?

~~~
wooter
HN has reached a level of popularity where its attracted too many non-
engineers that love jumping into these threads with ignorant, reactionary,
hyperbolic responses. every post on uber/tesla autopilot has at least a few
people calling for elon to be tried for manslaughter for car accidents. really
shows the stupidity of the mob. this thread is another great example. if only
it were benign and didn't have real, foolish policy implications like the GDPR

------
hublott
Response from FB: "Why We Disagree with the NYT"
[https://newsroom.fb.com/news/2018/06/why-we-disagree-with-
th...](https://newsroom.fb.com/news/2018/06/why-we-disagree-with-the-nyt/)

~~~
evincarofautumn
The NYT article is definitely overblown. It’s popular to hate on Facebook
about privacy, and yeah, they’ve made mistakes in the past, but that’s largely
because they’re just engineers trying their best to do the right thing. IMO
they need more _non-engineer_ types to inform them what “the right thing”
actually is, when it doesn’t align with the typical attitude of “Oh, there’s a
technical solution to this problem!”

> the BlackBerry app had access to all of the reporter’s Facebook friends and,
> for most of them, returned information such as user ID, birthday, work and
> education history and whether they were currently online.

User ID and birthday are both public information, and people typically share
work and education history as public (or at least “networks” thereof, for
finding friends). AFAIK online status is the only thing that’s usually
friends-only, but perfectly reasonable to share with a device messaging app.

~~~
cdubzzz
I generally agree with you that this piece is a bit sensationalistic but...

> [...] they’re just engineers trying their best to do the right thing.

What makes you say that? Beyond potential abuses of data by third parties (or
whatever), I would expect that most FB employees are trying their best to _get
paid_. Whether or not all or any single one of them cares about “the right
thing” is mostly unknown to outsiders. I have always assumed, based on FB’s
overall business model, that there is a general disregard for any particular
interpretation of “the right thing” at least when it comes to the privacy of
the platform’s users.

~~~
evincarofautumn
I worked there in the past. Everyone I met was earnestly trying to do good
work and afraid of getting fired or sued for doing something that would impact
privacy and thereby FB’s bottom line. Facebook is strongly incentivised to
protect user data because that is their primary market advantage—having ad
targeting data that other ad networks don’t. Leaks and breaches of trust are
bad for business and bad for the RSUs that employees and acquirees are given.

~~~
hvis
There is a huge distance between "Doing the right thing" and "doing one's best
to avoid getting sued". There are lots of things that are legal but frowned
upon in a decent society.

And no, Facebook is not "just engineers <...>". There are lots of other
positions who make high-level decisions, e.g. decide how the company is going
to make money.

------
sigmar
>The company continued to build new private APIs for device makers through
2014, spreading user data through tens of millions of mobile devices, game
consoles, televisions and other systems outside Facebook’s direct control.

So Facebook says "we don't sell data," but they are giving manufacturers
access to data in exchange for being integrated/pre-installed on the device.
How is that not "selling" data? Just because they aren't receiving cash?

~~~
makomk
They're not giving manufacturers access to data in exchange for being
integrated/pre-installed on the device; they're giving those manufacturers'
apps access to data because they need that access in order to be able to
present that data to the users who are accessing Facebook through those apps.
It's not a quid pro quo, it's something that's fundamentally necessary for the
apps in question to actually allow users to interact with Facebook through
them.

~~~
sigmar
That might have been true in certain cases, but the article makes it clear
there were other situations:

>Facebook acknowledged that some partners did store users’ data — including
friends’ data — on their own servers. A Facebook official said that regardless
of where the data was kept, it was governed by strict agreements between the
companies.

Furthermore, why would they be putting an end to all these "partnerships" if
they were "fundamentally necessary for the app"? Manufacturers can turn to the
normal api that any other app dev uses.

~~~
makomk
If you read the NYT article, there's one pretty obvious reason why they can
get away with ending the partnerships now: almost everyone has smartphones
that can just run the official Facebook app. It probably also helps to
understand that on a few of the older platforms, almost everything went
through the manufacturer's servers, including email and sometimes even web
browsing.

While I guess technically they could've use the normal API and only got the
same information as Farmville or any random quiz could, this would have the
result that - depending on what phones your friends used - you wouldn't be
able to share information with all your friends without also sharing it with
Farmville, Cambridge Analytica, and all the other shady Facebook platform apps
that weren't held to the same privacy standards. That doesn't seem like a win
to me, particularly since getting someone to click "yes" on a permissions
dialog is a lot easier than creating a widely-used hardware platform and
convincing them to use it.

(Of course, given just how many intrusive permissions it demands, getting
everyone on the official Facebook app arguably isn't a great leap forward for
privacy either.)

------
chiefalchemist
Having read (been warned) "Chaos Monkeys" and "Dragnet Nation" this comes as
no surprise.

[https://mobile.nytimes.com/2016/06/29/business/dealbook/revi...](https://mobile.nytimes.com/2016/06/29/business/dealbook/review-
chaos-monkeys-is-a-guide-to-the-spirit-of-silicon-valley.html)

[https://www.npr.org/books/titles/281981849/dragnet-
nation-a-...](https://www.npr.org/books/titles/281981849/dragnet-nation-a-
quest-for-privacy-security-and-freedom-in-a-world-of-relentless)

Editorial: It's startling to me how outfits as reputable as NYT can time and
again parrot a narative (e.g., FB is better than sliced bread), and then after
the fact report on something that was right under their nose all along.

Given the book review (link) above, it's as if they don't read their own
publication. If I have to connect the dots myself then I'm going to stop
reading - which I essentially did, many years ago.

That said, SV has become the ultimate cult / religion. All those followers and
zero heretics (i.e., whistleblowers). The irony that so many of the faithful
champion the likes of Snowden et al is as funny as it is frightening.

~~~
yk
> Editorial: It's startling to me how outfits as reputable as NYT can time and
> again parrot a narative (e.g., FB is better than sliced bread), and then
> after the fact report on something that was right under their nose all
> along.

That is almost completely a problem of the format of news articles, and that
journalists have to write for a lowest common denominator. Take as an example
from the NYT article:

> Details of Facebook’s partnerships have emerged amid a reckoning in Silicon
> Valley over the volume of personal information collected on the internet and
> monetized by the tech industry.

That, plus the next paragraph, is basically the entire context the NYT can
give about a discussion about privacy that ranges from the inception of the
Internet, spawned numerous NGOs like the EFF, etc. To present an sort of
accurate picture, they would need a five volume work, so they have to rely on
their readers already knowing something about internet privacy, and this is
only meant as a reminder.

The same problem seems to be with the entire article, the NYT seems to define
"third party" as any party that is not Facebook, while Facebook defines "third
party" as app developer. If I understand the NYT article, and Facebook's press
release [0], the entire kerfuffle seems to be about an legacy api that can
only be accessed by device makers, and it is entirely unclear if device makers
have to exfiltrate the data from the individual devices, or if they have
access to FB's databases. [1]

The problem in the context of writing articles is, that one needs a quite
technical article of the same length as this one to explain the lowest common
denominator news reader what the difference between those two scenarios is.
(Remember the average reader does not know what an api is, does not know what
local or remote means in the context of handheld devices, does not know the
difference between an OS and an app, and in general is not a programmer.)

The quality of news gets even worse, because market pressures push newspapers
like the NYT to conform to a certain set of newsworthy topics and to a
specific framing of these topics. They have to adhere to a certain set of
newsworthy topics, because people who talk with their co-workers about news
don't really appreciate it, if their newspaper did not write anything about
the topic. And they are pushed to a specific telling of these topics, because
some of their readers are checking different newspapers and if they have
incompatible framing of the news, then those readers will at some point
conclude that the majority of newspapers is right.

[0] [https://newsroom.fb.com/news/2018/06/why-we-disagree-with-
th...](https://newsroom.fb.com/news/2018/06/why-we-disagree-with-the-nyt/)

(h/t to whoever posted it in the comments)

[1] Note, in the first case FB did constrain the ability of the device makers
to access data on the phone, by getting them to sign TOS of the api. In the
second case, FB is just lying about a breach of privacy for any reasonable
definition of "third party."

~~~
philipwhiuk
> the NYT seems to define "third party" as any party that is not Facebook

This is what third party _means_

~~~
srj
I'm still a bit confused as to the facts here, but it seems this is about the
client software having access to data via apis authenticated with user
credentials. If it's the software acting on the client's behalf, I don't view
the client as third party (it's the user itself). Something along the lines of
the old Farmville app would be third party.

Now if blackberry or apple had carte blanche access to data via an API that
was authenticated just based on the company credentials, that would be
different.

------
josefresco
Facebook's old policy: Move fast and break things.

Facebook's new policy: Move fast and deny everything.

I'm only half-joking as I was surprised to see a Facebook rebuttal so quickly
after an article like this. It seems a new strategy is in place, to not let
these article fester. The problem is their response is devoid of actual
content, or even actual rebuttals to the main points of the NYT article.
Mainly that FB does not consider these vendors as "third-parties", and that
friends data is accessed even when sharing is explicitly disabled.

~~~
goalieca
> I'm only half-joking as I was surprised to see a Facebook rebuttal so
> quickly after an article like this

>Market Cap: 561.740B
[https://www.bloomberg.com/quote/FB:US](https://www.bloomberg.com/quote/FB:US)

Not surprised at all. Their business model depends on it on people uploading
all of their personal information, thoughts, and feelings into the machine for
analytical processing. If that trust/relationship dies, facebook dies with it.

~~~
laumars
I think the problem isn't so much a question of users trust in Facebook but
rather users apathy with regards to their own privacy.

I think most people are aware enough that _they_ are the product - I just
think they don't really care all that much.

------
jumelles
Here we go again... it feel like there's no way to break out of this cycle
where companies routinely go unpunished for bad behavior. Facebook, Equifax,
Wells Fargo...

~~~
Iv
The problem is that "bad behavior" is a concept in flux. Facebook never hid
what their business model was: sell your personal data to third parties. Only
a few privacy activists were concerned. Others reactions went from "meh" to
"it's actually smart!" (Remember when Obama's campaign was praised for its
innovative approach profiling voters?).

It took Cambridge Analytica for people to realize that they did not want this.

I have been paranoid about Facebook since day one, but there is something I
won't do: blame them for coming up with a business model that is legal and did
not seem to concern users ethically either.

The hearings of Zuckberg have been shameful. As much as I love seeing him on
the grill, I have more contempt for the lawmakers in front of him, who
actually enabled Facebook to become such a monster by either facilitating or
simply not understanding what it was doing.

Facebook is a problem, but the ones responsible for this situation are not to
be found within the company.

~~~
ailideex
> The problem is that "bad behavior" is a concept in flux. Facebook never hid
> what their business model was: sell your personal data to third parties.

So not to interrupt the outrage mob here ... but facebook did not sell data to
these companies. And actually I'm not aware of any case where people are
outraged where facebook sold peoples data, including the Kogan case.

~~~
Iv
Sure: [http://fortune.com/2018/03/20/facebook-congress-cambridge-
an...](http://fortune.com/2018/03/20/facebook-congress-cambridge-analytica/)

------
11eleven
It seems a lot of these tech companies' competitive edge is to ignore
regulations and rules (other examples: Uber, AirBNB) to grow a massive user
base 100x faster, as they hold onto the "scrappy startup" image.

Once they have achieved their scale and network effects, they can just promise
changes and do an apology tour in response to any regulatory or public
backlash after it happens.

~~~
cjhopman
> promise changes and do an apology tour in response to any regulatory or
> public backlash after it happens

Except they aren't apologizing for this. And they shouldn't, it's a non-issue.
The next article is going to be about how facebook shares user's data with
third parties (chrome/firefox/opera/nefarious browser #3/etc) without any sort
of agreement about how those third parties use the data.

------
radicaldreamer
Nothing will change Facebook's behavior except heavy regulation or the threat
of a breakup.

~~~
Iv
And no one should be surprised by this either.

Violating privacy is their business model. As long as it is legal it would be
stupid for them to change it.

As a former French banker (now standup comedian) once said: "Hoping to
regulate companies by asking nicely is like going to the prostitutes with a
flower bouquet"

------
zaroth
This appears to be an API to integrate Facebook chrome and functionality into
a mobile OS UI;

> “An Apple spokesman said the company relied on private access to Facebook
> data for features that enabled users to post photos to the social network
> without opening the Facebook app, among other things. Apple said its phones
> no longer had such access to Facebook as of last September.

...

> Usher Lieberman, a BlackBerry spokesman, said in a statement that the
> company used Facebook data only to give its own customers access to their
> Facebook networks and messages. Mr. Lieberman said that the company “did not
> collect or mine the Facebook data of our customers,” adding that “BlackBerry
> has always been in the business of protecting, not monetizing, customer
> data.”

> Microsoft entered a partnership with Facebook in 2008 that allowed
> Microsoft-powered devices to do things like add contacts and friends and
> receive notifications, according to a spokesman. He added that the data was
> stored locally on the phone and was not synced to Microsoft’s servers.”

The story recounts how the BlackBerry Facebook view could... not surprisingly
in any way... render your Facebook friends’ information which you are
_supposed_ to be able to access.

But the NYT apparently thinks this is nefarious in some way.

> “The Hub also requested — and received — data that Facebook’s policy appears
> to prohibit. Since 2015, Facebook has said that apps can request only the
> names of friends using the same app. But the BlackBerry app had access to
> all of the reporter’s Facebook friends and, for most of them, returned
> information such as user ID, birthday, work and education history and
> whether they were currently online.

> The BlackBerry device was also able to retrieve identifying information for
> nearly 295,000 Facebook users. Most of them were second-degree Facebook
> friends of the reporter, or friends of friends.”

...How the hell else do you suppose the UI was rendering your Facebook Feed?!
Maybe they thought BlackBerry used magic unicorns to render the Facebook UI
components on their Hub view.

If only there was a term to describe when media sites write a non-story to
stir up fake controversy by smearing a popular target...

~~~
cryptoz
Your entire post boils down to, "just trust the billionaires!"

No, we won't. They are liars and cheaters, the lot of them, and we aren't
going to trust them any more. They said in court "we didn't do that" so then
you post it here that everything is okay, but I don't trust it. Not one bit.
None of us do, or should, trust what those companies say.

Mark Zuckerberg is a liar. The whole concept of, "We're doing the right thing
with your data, just trust us" is ridiculous. He _already_ called you and I
and every single one of us a literal "dumb fuck" for trusting Facebook with
the data. Mark Zuckerberg would be banned from HN for vile language if he were
here. Clearly, we are not meant to trust him or any of them at their word.
They lie and they know it.

 _NO_ , zaroth, I do not believe a single part of any of the quotes you wrote.
I don't believe them. We also know that Zuckerberg was intentionally
misleading or lying in recent EU appearances.

> How else was the UI rendering your Facebook Feed?!

This kind of incredulous, "we must have Facebook on our phones, what else were
we supposed to do?!" is silly. Facebook and these partners clearly overstepped
their bounds.

> But the NYT apparently thinks this is nefarious in some way.

What? You then quoted the NYT listing a series of facts. Nowhere does the NYT
say anything like nefarious or anything like that. You are making things up.

> ... fake controversy ...

Did you just call this whole thing fake? Like, the controversy itself? It's
not fake..... This HN thread's existence proves the controversy is real. This
stuff _is not fake_.

~~~
zaroth
I get it that you are channeling Stallman and that you think your device is
spying on you. And by all means lets fight that fight and write those stories.

But that’s not the story that the NYT has published here.

I’m incredulous that programmers and hackers would feign surprise that a UI
rendering a Facebook feed would necessarily use an API which returned a data
structure with... your fucking Facebook feed.

If device manufactures or OS developers (Apple, Microsoft, Samsung, Amazon,
Google, etc.) are exfiltrating personal data off of your device — and BTW my
Facebook feed would be the least of my concerns in that case — prove it, and
the point your pitchforks at _them_.

~~~
detaro
The article cites Facebook as the source for partners having that data on
their servers. Is that evidence enough?

~~~
zaroth
Which partners? In what form? For what purpose? Are we talking about cache
data like Amazon Silk? Encrypted backups?

It doesn’t help the discussion to conflate user agents with third party
applications.

But user agents do sometimes push our private data to their own servers — like
Chrome’s Omnibar — and if and where that is happening, and how that data is
used, absolutely should be disclosed by the device manufacturer.

~~~
detaro
If the bit about "on their servers" didn't refer to device partners I would
have expected Facebooks response[1] to the article to call that out as
misleading, but it didn't. I hope too we'll see details somewhere to get a
better judgement of how bad/not bad it is.

[1] [https://newsroom.fb.com/news/2018/06/why-we-disagree-with-
th...](https://newsroom.fb.com/news/2018/06/why-we-disagree-with-the-nyt/)

~~~
zaroth
Thanks for the link!

I had not read Facebook’s response but it seems to me to perfectly describe
what actually occurred with these APIs and highlights what NYT got wrong with
this story.

------
seorphates
"Facebook Gave..."

Well, that's like problem number 15. Number one is to look at what you're
giving to facebook.

Number 2 is to look at how much control you have over the intimacy of your own
life and those around you, using or not.

Number 3 might be to look at how many phones/devices you can root, rip and
reset (I mean, c'mon, the personal data sink on a phone is enormous and most
have little to no say about what can be on it and when much less port and
comms control).

Number 4 is maybe that any middlin' IQ ass with a badge or a note with some
letterhead can scoop your kit. (See Number 1.)

Number 5 - Who makes the rules? (Don't think too hard on it, please.)

Et cetera.

Facebook is easy. Fasebook is sleezy. Facebook is free. So? I think I'll trust
my peers well before I trust any piece of must-have with a logo that gives you
only tactile controls, at best. The masses do not choose wisely. (See Number
5.)

If you do the sharing then you need to do the caring. Button it up and bring
it down. Believe it or not your likes are your own and if you don't like what
they're doing now then shut it down. I know it's easier said than done for
some but the keys to the kingdom are in corporate hands now. Good luck.

------
jsgo
Well, if you want to have your social network app preinstalled on a lot of
phones, I guess there's either paying for it or offering up your users.

iPhone doesn't have it preinstalled, no, but if memory serves, there were
integrations built in. At least for a while.

Why would they need this data though, really? Once you've bought the device,
they could get at the interesting data outright if so inclined?

------
dillondoyle
I would love to see someone with an old BlackBerry write up whether this uses
a unique endpoint (different from public api) especially to see if it would be
possible to 'spoof' a BB device to get the data.

------
40acres
Can't wait the apology commercial.

~~~
jsgo
maybe another Zuckerberg nationwide tour that he'll chronicle on Facebook if
we're lucky.

------
matchagaucho
The first 500M Facebook users were signing up for _" the graph"_.

The NY Times piece even goes so far as to illustrate this in diagrams.

The graph was a phone book replacement... "white pages" for the Internet.

It was only when public discourse on FB pivoted to religion and politics; both
very private and personal topics; that sentiment pivoted towards privacy...
and removing themselves from discoverability on the graph.

------
aylmao
"The company continued to build new private APIs for device makers through
2014"

"Michael LaForgia, a New York Times reporter, used the Hub app on a BlackBerry
Z10 to log into Facebook." \-- this is a phone announced in 2013.

I understand the concern with Facebook, but this article is presenting
information from 4 years ago as if it's news.

~~~
icebraining
It's news if people didn't know. Plus FB itself says that 60 companies used
these APIs, and only 22 of those have ended as of today.

------
parvenu74
> "In interviews, Facebook officials defended the data sharing as consistent
> with its privacy policies..."

Facebook's EULA pretty much gives them _carte blanche_ to do whatever they
want with the data you've provided them. Of course, who actually reads EULAs
or cares about privacy anymore?

------
yuliyp
Alternatively worded: Facebook let RIM build Facebook for Blackberry.

------
jfasi
This paints Facebook’s recent marketing campaign in a new light. Here I was
thinking we were dealing with a company finally that decided to get their act
together and turn themselves around, when in reality it was actually just
Facebook trying to whitewash their reputation ahead of all the horrible abuses
they knew were about to be exposed.

~~~
smt88
Until the top execs are removed, don't believe there's a sincere desire to
change at Facebook

------
DesiLurker
just switch out of FB. you dont have to quit social media just find a more
suitable network (I personally like ello). the crux of the issue is that they
know they are a monopoly and wallstreet knows that too so these things will
continue until there is a moderating force like people leaving. otherwise I
doubt there'll be much happening to rectify these issues for they are the core
of their business model not some happenstance things.

btw mozilla created a FB jail thats fully open-sourced a few months ago. use
that on FF and it should alleviate some desktop tracking. access
here:[https://www.mozilla.org/en-
US/firefox/facebookcontainer/](https://www.mozilla.org/en-
US/firefox/facebookcontainer/)

------
foobaw
Worked at an OEM. We preloaded Facebook apps in our phones in exchange for
user data. I can't provide more information on how the data was used but I
would trust Facebook on this case.

~~~
abawany
I always found it suspicious that on new (Android) phones with manufacturer
ROM, the Facebook app was almost always uninstallable (system app).

------
paulie_a
Shooooooooocking. This getting pathetic. Personally I am using Facebook less
and less and attempting to block it as much as possible.

~~~
choward
I think it's pathetic when people complain about something and continue to use
it. That's why companies are allowed to get away with so much bs.

------
zerostar07
At which point can facebook start suing around for [slander/damages]? It's not
like they did all this in secrecy , they were quite open about their platform
with developers (which has helped developers warm up to a company that
basically sells gossip). They never will of course, because they 'd be
retroactively judged with today's standards. E.g. I find their unfair
advantaging of the Obama campaigns a lot more troubling than this.

~~~
pjc50
You can't sue for libel over accurately reported news? The bar for successful
libel actions is _extremely_ high in the US, as well.

------
graysonk
I mocked up a new Facebook apology ad:
[https://i.imgur.com/EWDJjwx.jpg](https://i.imgur.com/EWDJjwx.jpg)

Let me know if marketing wants to license it.

------
moedersmooiste
When is Facebook giving full disclosure? Why do we have to find out like this?
Facebook knows exactly which entities have been harvesting data. Just tell us
already...

------
newscracker
I for one do not expect Facebook to change much unless there's a big shakeup
from the top, including removing Mark Zuckerberg, Sheryl Sandberg and others.
What they have shown repeatedly is contempt for their users in the guise of
apologies and remediations that go nowhere. Since such a shakeup is unlikely
to happen, the other thing that could happen is a breaking up of the company,
which I'm guessing (this is not a prediction) will happen in a couple of
years. To start with, Instagram and WhatsApp would have to get unwound from
this mess by becoming individual and unrelated services.

I don't have a lot of hope on social media platforms respecting user privacy
and avoid massive data collection and/or sharing. Privacy in today's world is
for the privileged people, in various ways.

~~~
marticode
I don't believe there is much synergies between FB and Instead anyway, and
even less so with WhatsApp which seemed to be have been bought out strictly to
stop it from growing into its own social network.

But I don't see the US ever breaking up FB in the coming decade, as the agenda
is clearly not to fight monopolies and trusts.

~~~
newscracker
Any breakup, if it were to happen, would be likely to be triggered mainly by
the EU, IMO. For all the complexities that EU regulations sometimes bring in,
I see the EU as the only hope in such cases.

~~~
johnchristopher
When has the EU ever break up a world class monopoly ?

~~~
chibg10
When has the EU ever _produced_ a world class monopoly?

------
sparaker
Stop using Facebook already ... it's a liar and deceiving social network.

------
jimjimjim
they haven't changed. they will not change. why should they change. this is
their normal. they are rotten to the core.

------
arbie
Why this is shocking, or even news?

When you create and use a Facebook account (or when a shadow profile is
created _for_ you), Facebook has (and has _always had_ ) the right to share
anything and everything you publish on _their_ platform with anyone they have
a legal responsibility to (e.g., law enforcement) or commercial agreement with
(e.g., advertisers).

All Facebook content is essentially public and should be treated as such.

~~~
PostOnce
We (society) made the rules, and we can change them. We have the power to make
laws dictating how Facebook can use the data, regardless of what the contract
says, regardless of their current "obligations", and regardless of how
"public" this data might be. We made new laws about medical data -- we can
make news laws about social data.

That's what these stories are about -- things we can think about when drafting
this new legislation, or interpreting old legislation.

Our system of laws is not set in stone, we can update it, and we will--for
better or worse.

~~~
spookthesunset
Why does the law need to change for this? Facebook should disclose what they
do with your data, and that is about it. At that point, it is really up to you
to decide if you want to play ball...

~~~
PostOnce
So Facebook gets to make the rules? The law changes whenever we feel like it
should, that's how democracy works.

You say why should the laws change and why shouldn't we individually decide
whether or not to play ball?

For one thing, Facebook creates profiles of people who don't have accounts,
but for another, and more importantly:

Why should companies not be able to dump toxins in rivers? It's up to us
whether we want to buy from that company and contribute to pollution -- _or we
could start up an EPA_... which we did. Same deal with Facebook, sort of.
Society can make whatever rules it wants, the only natural law is chaos, and
of it we make order.

~~~
matz1
Yes you should fight to change the law if you don't like it and likewise I do
not think the law need to be changed nor the more regulation is needed so I
will fight it too. In this case the harm (if any) that fb make is not
substantial enough for me to care.

------
product50
Now read this and do make sure you type the takeaways like you did for the
NYTimes article above: [https://newsroom.fb.com/news/2018/06/why-we-disagree-
with-th...](https://newsroom.fb.com/news/2018/06/why-we-disagree-with-the-
nyt/)

~~~
icebraining
Doesn't actually deny any of the accusations, except maybe for the "access to
friends' data not being shared" (for which the NYT should be criticized for
being too vague - it's not clear how and why they "believed" it wasn't
shared).

I like the part "all these partnerships were built on a common interest" \-
tautologies always sound good.

As for the only actual defense (the data agreements), it was already in the
NYT story.

~~~
dhimes
And, _Contrary to claims by the New York Times, friends’ information, like
photos, was only accessible on devices when people made a decision to share
their information with those friends. We are not aware of any abuse by these
companies._

Parsing: _friends’ information, like photos,_

I have a friend named Tammy. Tammy has photos.

 _was only accessible on devices_

Someone/thing can access these photos

 _when people made a decision to share their information with those friends_

I decided to share information with Tammy. I now have access to her photos. I
open some silly fb app. That app now has access to my friend Tammy's photos.
According to this, Tammy may not even know that those photos have been
compromised. She may have a son who is gay, but not out yet, and Tammy (being
the understanding parent) is sharing with people she trusts. Now, unbeknownst
to her, everything is out in the wild.

This is the problem.

 _We are not aware of any abuse by these companies._

Were you looking? Did you care? Do you now?

~~~
makomk
So basically, your argument is that it's a dangerous attack on users' privacy
for Facebook to allow users to view it through any app but their own, no
matter how strict their contracts with the app developers, even if those
developers are big companies like Microsoft with a lot to lose if they get
caught doing something malicious? That it's an attack on gay rights for the
Facebook walled garden to not be maximally strict and absolute in its grip on
what software people can use to interact with their friends on it?

Because that's what we're talking about here: apps that allow users to access
their Facebook accounts and interact with their friends through them. Not
shady Zynga games or information-mining quizzes, but alternatives to the
official Facebook app that are only allowed to "provide versions of the
Facebook experience" and are created by major device manufacturers.

I'm curious how Facebook's continued willingness to allow web access to
people's private information fits into all this too. After all, the user's web
browser has access to all this dangerous personal information about their
friends, it can certainly do all kinds of malicious things with it, and
Facebook doesn't even have any kind of contractual relationship with the
browser developers preventing this. Given how many shady browser extensions
are out there this is certainly being abused right now. Should Facebook take
down their web version too in the name of protecting gay children?

~~~
dhimes
So basically your argument is that corporations should be trusted to self-
police, because they know that bad things would happen if they get caught
misbehaving? Like, Microsoft would be destroyed if they were found to be
sending users' information to their servers and the average user didn't
realize it?

~~~
systoll
Quite the opposite.

The moment facebook provides a way for a person to use a device to view
information, they've simultaneously produced something the device's OS could
use to exfiltrate that information. There's nothing facebook can practically*
implement to allow Windows Phone users to use Facebook while preventing
Microsoft from exfiltrating data.

Drop the API, and they can scrape webpages; it doesn't remove any fundamental
barrier to information. If Facebook wanted/needed to limit access to this
information from untrusted device manufacturers, a website is out of the
question, and you couldn't just release a windows/android/linux app — you'd
need to go per-manufacturer.

This leaves pretty much everyone worse off. [though it'd be pretty great for
Apple.]

Users need to trust the manufacturer of the devices they use. There's room for
regulation/enforcement to ensure that they can.

But holding services responsible for vetting the platforms that can access
their data makes open platforms like _the web_ untenable, and doesn't fix
anything.

* Impractically, facebook could send and show encrypted data which can be decrypted by the user via pen & paper.

