
‘People You May Know’ helped Facebook grow exponentially - one-possibility
https://marker.medium.com/the-untold-history-of-facebooks-most-controversial-growth-tool-2ea3bfeaaa66
======
interlocutor
In the early days, Facebook logged into user's email accounts and stole
contact information without users' knowledge or authorization. This was
possible because people used the same password for their email and Facebook, a
practice common especially back in those days. This is one of their sources
for PYMK.

In fact Facebook has used this technique very recently too:

A security researcher noticed the tech giant was prompting some users to type
in their email passwords when they opened an account to verify their identity.
And after they were caught... Social networking giant Facebook said on
Wednesday evening it may have “unintentionally uploaded” the email contacts of
up to 1.5 million users on its site, without their permission or knowledge,
when they signed up for new accounts since May 2016.

Read more about this: [https://www.nbcnews.com/tech/tech-news/facebook-says-
it-unin...](https://www.nbcnews.com/tech/tech-news/facebook-says-it-
unintentionally-uploaded-1-5-million-users-email-n995741)

~~~
uoaei
"Unintentionally uploaded"

Because you just happened to accidentally interact with the API in just the
right way and downloaded the information to just the right database and
deployed a service to production which just happens to access that data...

I don't understand how that statement right there isn't literally
incriminating evidence. They admitted to uploading the data explicitly, and
"unintentional" is a straight up lie based on how software works.

~~~
presumably
> "unintentional" is a straight up lie based on how software works

This is a very dangerous statement to make.

Large systems are not like hackathon projects where you might understand and
hold the entire scope and flow in your mind.

Software absolutely can and does lead to unintended outcomes, else there would
be no bugs.

~~~
bathtub365
You’re saying an entire system was added to integrate with user email
accounts, download all their contacts, and upload them to a database at
Facebook, accidentally?

~~~
presumably
Please respond to the actual contents of my post, and not a strawman version
of it.

I’m saying what I said, nothing more.

> Software absolutely can and does lead to unintended outcomes, else there
> would be no bugs.

Edit: also see this:
[https://news.ycombinator.com/item?id=22429620](https://news.ycombinator.com/item?id=22429620)

TFA explains how the system was added, it’s absurd and intellectually
dishonest to interpret my post as saying what you wrote.

~~~
close04
Have you noticed how no feature that brings monetary value to the users is
ever accidentally added? I never accidentally received money from these
companies, extra storage quota, personalized email address, premium account,
etc. And certainly never something that you get to keep once they realize the
mistake. The fact that they have such weak controls when it comes to
protecting you but such strong controls when it comes to protecting themselves
can only be a calculated decision. And the number of precedents of such
"mistakes" that are _always_ to their advantage is the proof.

It's a mistake only the first time. Knowing they get away with it every time
and reap the reward is just an incentive to do it again and again. And people
finding excuses and justifying this as being acceptable is one reason they get
away with it. They rely on advocates for ignorance and defeatism to make such
incidents feel like a banality, "oh well, what can you do", "it could happen
to anyone", etc.

How many situations would you consider excusable where bad things happen to
you because someone "accidentally" removed the step where you were informed
what's happening and could say no?

~~~
dspillett
_> I never accidentally ... extra storage quota_

Raises hand as an example of someone who essentially got a free server upgrade
from 500G to 2T storage recently, due to people following a fixed procedure in
a slightly unusual circumstance without thinking.

"Positive" accidents do happen. People just don't tend to shout about them
publicly as much as they do about those with negative consequences or that
affect many at the same time.

 _> someone "accidentally" removed the step where you were informed what's
happening and could say no_

In this case I can easily see this accident happen. A junior was told to
remove those parts of the UI. That person has little of no knowledge of the
back-end and does not have time to dig or think further because they have
other work tickets assigned to them to get on with, just did the job and moved
on.

Facebook may be deliberately shitty a lot of the time, that doesn't mean they
aren't sometimes accidentally stupidly shitty too.

 _> would you consider excusable where bad things happen to you because
someone "accidentally"_

Of course this doesn't _excuse_ it, just explains it. There was a fault in the
management and/or work review processes. _Someone_ should have had the
opportunity to put two and two together and failed to do so. And there should
be some fallout. To use a rather extreme analogy: accidentally killing someone
through gross ineptitude is still a punishable crime (manslaughter), I would
agree that accidentally breaching data collection rules through gross
ineptitude should be too (though I doubt the coders/testers dealing with the
"UI cleanup" ticket could be said to be responsible).

~~~
close04
We're talking about different things. You're considering just the coding
accident of an employee removing this and forgetting that. I'm talking about
the intentional decision of not validating this in a better, more robust
fashion, at least when it comes to issues that have a huge impact on security
or privacy. This was a calculated decision. Whether it was done by not putting
in place or by removing all the obstacles that could have prevented this makes
no difference. After the first privacy "accident" they should have had in
place all the processes required to make sure such an issue doesn't happen,
then go unnoticed for so long.

If 5 years from now VW has another "rogue engineer" everybody will wonder how
is it possible that it slip through the cracks again. Facebook let things like
this slip through the cracks again and again.

> Of course this doesn't excuse it, just explains it.

It _excuses_ it the second it's made too look like a random accident but
somehow keeps happening again and again the same way, _always_ to their
advantage.

P.S. I'm sure no company accidentally gave such upgrades to 1.5 million users
and let them get away with this. And they also didn't accidentally do this
again and again. You highlighted perfectly the difference between an accident
and an "accident".

~~~
kd5bjo
> I'm talking about the intentional decision of not validating this in a
> better, more robust fashion, ...

In my experience, deciding not to do something is unlikely to be intentional.
Instead, the something that’s not done simply never presented itself as an
idea.

Do you have any _evidence_ that this particular lapse was premeditated, or did
you come to this conclusion based solely on your prior opinion of their
actions?

~~~
close04
> In my experience, deciding not to do something is unlikely to be
> intentional.

That's some weird experience. A _decision_ is by definition intentional. It's
literally "a conclusion or judgment reached after consideration". The moment a
person with power of decision is made aware of an issue both action and
inaction become conscious, deliberate decisions.

> did you come to this conclusion based solely on your prior opinion of their
> actions?

That's quite the assumption given the above and the fact that I was pretty
clear that it's based on their continued stream of "mistakes" that tend to be
massively in the company's favor. Almost feels like you made it in bad faith.

How many mistakes would you say it takes to make one start beefing up their
internal processes so millions of people don't accidentally suffer repeatedly?
How many before you start to at least consider that it can't be constantly
attributed to bad luck? Would you feel different if a company kept
overcharging you by mistake and never returned the money or fixed the issue?
But now it's "just" and endless stream of your private data. Uncommon sense...

~~~
kd5bjo
I was imprecise and overly snarky in my original reply, and for that I
sincerely apologize. I’d still like an answer to the half of my question that
you ignored, so let me try again in a more neutral tone:

In my experience, most instances of someone (or a company) not doing something
are not examples of conscious, intentional decisions but rather an unconscious
process of the proposed thing not coming to mind. As a concrete example, I
haven’t made a painting of anything since grade school. The vast majority of
days, I didn’t consider and discard the idea of painting; the idea simply
never presented itself.

While Facebook’s history must absolutely be taken into account when trying to
discern their motivations, I consider it fundamentally unjust to judge any
given incident solely based on behavior in other incidents— otherwise, you
leave no path to redemption for the alleged transgressor.

As such, I would like to know if you have any evidence _specific to this
incident_ that indicates it was intentional rather than an accident, as
claimed.

~~~
close04
> the idea simply never presented itself

But then you base your reasoning for the "unintentional mishap" on the
assumption that Facebook leadership (engineering or management) simply never
had the idea to do anything about these issues even after they happen
repeatedly? How many times can you claim ignorance and an endless string of
"we'll do better"s? [0] [1] [2] [.....]

They do it because they get away with it. They get away with it because people
are encouraged to think that they're mistakes and "everyone makes mistakes".
But every one of these mistakes costs you, and benefits them. There's no
accountability and that's exactly what you are pushing for now.

> I consider it fundamentally unjust to judge any given incident solely based
> on behavior in other incidents

Not solely, there's also the matter that they benefit from every one of them.
Zuck _founded_ his business on collecting data without user approval. With
your reasoning you can make the concept of precedent irrelevant. You just turn
them into completely separate incidents with no prior knowledge and then use
wishful thinking to assume they were all mishaps.

You can shoot someone once by mistake. But what if you do it 15 times? And
even true mistakes cost. Yet these "mistakes" never cost Facebook anything.
They just employ an army of posters to insist it was a mistake and downplay
the whole thing.

There's no amount of wishful thinking and downplaying that can compensate for
common sense and prior experience. There's no reasonable way in which, in good
faith, you can assume _all_ these are mishaps. There's a long string of
incidents that benefit them that serve as evidence.

P.S. You name one incident in the history of the world that you think is
indefensible and I will use your reasoning to completely dismiss your
accusation ;). Really, if you stand by your reasoning that shouldn't be hard.

[0] [https://www.reuters.com/article/us-facebook-privacy-
apologie...](https://www.reuters.com/article/us-facebook-privacy-apologies-
factbox/factbox-i-know-we-can-do-better-zuckerbergs-many-facebook-apologies-
idUSKBN1HH0GY)

[1] [https://www.wired.com/story/why-zuckerberg-15-year-
apology-t...](https://www.wired.com/story/why-zuckerberg-15-year-apology-tour-
hasnt-fixed-facebook/)

[2] [https://time.com/5505441/mark-zuckerberg-mentor-facebook-
dow...](https://time.com/5505441/mark-zuckerberg-mentor-facebook-downfall/)

~~~
kd5bjo
> You name one incident in the history of the world that you think is
> indefensible and I will use your reasoning to completely dismiss your
> accusation

This is, in fact, why I prefer seeking more context and understanding to
making accusations.

------
AlexandrB
This quote from Zuckerberg is something else:

> “We don’t view your experience with the product as a single-player game,” he
> says. Yes, in the short run, some users might benefit more than others from
> PYMK friending. But, he contends, all users will benefit if everyone they
> know winds up on Facebook. We should think of PYMK as kind of a “community
> tax policy,” he says. Or a redistribution of wealth. “If you’re ramped up
> and having a good life, then you’re going to pay a little bit more in order
> to make sure that everyone else in the community can get ramped up. I
> actually think that that approach to building a community is part of why [we
> have] succeeded and is modeled in a lot of aspects of our society.”

This attitude of "we know what's good for you" is apparent in more and more
modern tech products. I find it pretty gross, especially when applied personal
data. It's also a convenient after-the-fact moral justification for decisions
that improve the bottom line of the company at the expense of its users.

~~~
Kaze404
I know this might be off topic but a billionaire making a comparison to wealth
redistribution almost reads like a parody to me.

~~~
reaperducer
The same billionaire who spends tens of millions of dollars bulldozing houses
around his in order to increase his privacy,† then tells the commoners that
wanting privacy isn't normal.††

† [https://www.sfgate.com/tech/article/Zuckerberg-to-
raze-4-hou...](https://www.sfgate.com/tech/article/Zuckerberg-to-
raze-4-houses-surrounding-Palo-Alto-7940437.php)

†† [https://www.huffpost.com/entry/facebooks-zuckerberg-
the_n_41...](https://www.huffpost.com/entry/facebooks-zuckerberg-the_n_417969)

~~~
mrlala
Physical privacy vs virtual privacy are two very different things, so it's
disingenuous to pretend they are exactly the same.

~~~
solotronics
He tapes over his camera on his laptop because he doesn't trust it. I do too
and don't think this is odd behavior.
[https://www.theguardian.com/technology/2016/jun/22/mark-
zuck...](https://www.theguardian.com/technology/2016/jun/22/mark-zuckerberg-
tape-webcam-microphone-facebook)

~~~
mrlala
That is physical privacy.. it's so someone can't SEE YOU. Not track your
online activity.

~~~
visarga
Lack of privacy in online activities can be even more damaging today.

------
RcouF1uZ4gsC
> A sex worker found Facebook recommending her clients, who did not know her
> true identity. A sperm donor got a suggestion for the biological child he
> never met. A psychiatrist learned that Facebook was recommending that some
> of her patients friend each other on the service.

It is amazing how little pieces of information that are likely innocuous by
themselves can be combined to develop a pretty thorough understanding of
relationships.

~~~
hbosch
The first and last must just be geolocation based, right? Like, these two
people are in a room together every _X_ day for _Y_ hours... they probably
know each other.

The sperm donor guy, though... facial recognition? No idea.

~~~
axlee
More likely adress book / phone contacts import.

~~~
titzer
The geo thing is really happening.

~~~
Slartie
I also have the theory that they are using WiFi names / AP MAC addresses as
well. If you happen to be connected to the same private WiFi network, you
probably know each other.

~~~
jodrellblank
Facebook has a patent for using dust and scratches on photos to track which
camera they came from. But they claime(d) not to be using WiFi or Geolocation
for the PYMK feature - [https://gizmodo.com/facebook-knows-how-to-track-you-
using-th...](https://gizmodo.com/facebook-knows-how-to-track-you-using-the-
dust-on-your-1821030620)

~~~
Slartie
Based on the track record of other Facebook claims of the "we don't do X"
type, this is basically proof that they do and/or did do both of these things.
Maybe "accidentially" and "unintentionally" ;-)

------
choward
They kept sending me "do you know [person I probably don't know]" as
notifications on my phone! This was the last straw that made me delete the app
and my account entirely a few years ago.

One of the big annoyances in life is being notified or bugged about something
I don't need to be notified about. This keeps getting worse with modern tech
all the time which has slowly led me to stop using anything I don't have full
control over.

~~~
ConsiderCrying
If only that applied to everyone. Most people will get ten crappy
notifications with one good one and go "Oh, well, not too bad." I think I used
the 'People You May Know' feature a bit when I first joined but, as time went
on, it really just became "This one guy who once worked at the same place as
you and maybe knows someone you know". These algorithms are very smart and
that's their problem - they overestimate the number of connections an average
person makes.

~~~
anticensor
A normal human can sustain relation with 40 relatives, 150 friends and 1000
acquittances. FB algos are (deliberately) tuned for twice those numbers.

~~~
wolco
I understand your point but honestly humans are varied. Some can handle more
some less. People self regulate.

------
the_watcher
> It’s almost certain that Facebook watches your email and sees whom you are
> contacting. Probably your calendar as well, to see whom you’re meeting with.

What? This is a pretty explosive accusation with very little direct support
beyond "they've done things that this is similar to". How would they be able
to do this for, say, Gmail and GCal users? I could see it being technically
possible, but Google seems pretty likely to both frown on this and be capable
of prevention.

------
the_watcher
> But monthly was a better indicator, because someone consistently on the
> service for a full month was likely there to stay.

That is not what a monthly active user is, even at Facebook. A MAU logs in
once per month, a DAU logs in once per day.

~~~
joegahona
Yeah exactly, and I think it was DAU/MAU that Facebook started obsessing over,
not just MAU.

Is there a difference between an "active user" and just a "user"?

~~~
jiofih
A “user” is an account. Active means logged in at least once in X periods.

------
not2b
It's not a mystery; Facebook was getting people to upload their contacts and
mining those for People You May Know. Some ex might still have the divorced
spouse in contacts, particularly if they share a kid. Two clients of the same
psychiatrist will both have their shrink's number in contacts.

------
ada1981
Imagine being talented and having your big heroes journey be within the
context of something that is a net negative for the world.

------
Funes-
Yes, Facebook got into our e-mail accounts. Yes, Twitter did too. They--plus
Instagram and WhatsApp (all part of FB)--sell our data, corrode our personal
lives, society as a whole, and democracy. Unfortunately, complaining about it
won't be effective, as it's been proven to fail miserably for years. The only
thing that's going to stop this is coming up with FOSS, fully distributed, not
for profit alternatives that can do a good job at connecting people and
serving humanity.

------
fortran77
I'm pretty sure Facebook used to suggest people who searched for your name as
a "Person You May Know".

~~~
weci2i
Facebook absolutely did this. A couple years ago I had a junior dev under me
that management would not allow me to fire. And it’s so much worse than just
the person searching. His feed recommended my close connections to him just
because I watched his page.

He spent 75% of most days working for personal clients outside our company.
The remainder of his days were spent pimping his projects on Facebook to build
his personal brand. He was not a rock star programmer. His work was beyond
subpar and he needed extra time, not less. We weren’t connected but I stalked
his profile for time stamps and evidence. He lived at least 1.5 hours outside
my locations except for the office.

One day he overheard me and another coworker discussing Facebook oddities and
he interrupted, “Facebook keeps recommending (insert my wife’s name) as a
connection.” He did not know my wife’s name and they had never been in
proximity of one another.

~~~
zeta0x10
Interesting story but why mention that you were not happy with his work? It
just seems orthogonal to the story (that FB suggested your wife, implying the
social graph was built via your workplace to your wife and that he may have
searched for you and you for your wife).

Not to dismiss your story, I am just interested about the reasoning.

~~~
weci2i
No problem. I was just trying to give a little context for why I was stalking
the guy. In trying to avoid looking like a creeper I see how it just came off
as petty. Neither was my intent. I appreciate the check.

~~~
zeta0x10
Ah, thanks that makes sense.

------
spookyuser
I deleted my original Facebook account almost 5 years ago, and this is
slightly off topic but I recently made a brand new facebook account just to
use marketplace, I gave the bare minimum of information you could give and
even used a brand new email address, as soon as I entered my phone number to
verify my account I got the creepiest friend recommendations, they must have
been pulling them from whatsapp because they were insanely accurate, and that
was just with my phone number, with a brand new account and a brand new email.

------
romwell
Ah, the wonderful feature the spies on my location to suggest me friends that
are in my phone book, but aren't connected on Facebook in any way whenever I
get to actually hang out with them.

------
bluedino
LinkedIn does the same thing. The first week of my new job I even started
getting the spouses of my new-coworkers in my LinkedIn "people you may know"
feed.

------
hnick
Perhaps we should rename social media to viral media.

------
lightgreen
Almost everything grows “exponentially” when it grows (companies, population,
virus infections etc). When exponent is 0.000000001 it is also “exponential”
grows. And decline is also usually “exponential”. It is basic math and common
sense. The author actually meant “fast”, and the word “exponential” is a
marker of poor quality title.

~~~
sornaensis
Exponential means your input is the exponent, eg y=2^x or y=e^x.

------
gabruu
Facebook also uses whatsapp contacts to show pymk. I added someone on whatsapp
whom I never met, but was dealing for business in different continent and was
shown in facebook very next day. I was not surprised, but decided to stop
using facebook soon.

------
dep_b
The most fun feature and also one of the biggest reasons I quit Facebook is
that the people you unfollowed would get you in their PYMK list to punish me
for silently unfollowing them.

------
Havoc
It's also freakishly location sensitive lately. Like people sitting <5 meters
of me rather than the previous...in same part of building level

------
0xff00ffee
For everyone ITT complaining about FP/IG/WA... If you are still using them,
why? Why can't you just walk away?

------
TLightful
Facebook ... the coronavirus of the internet.

------
barrenko
You got a product when your users interact with other users while you sleep.

------
Yhippa
Paywalled so I'll just barf my opinion about my feelings on that feature. I
get recommended the most random people who are friends-of-friends I've never
met. There have been so many bad suggestions that I assume they're all wrong.

I guess everyone else had the complete opposite experience based on the
article title

~~~
adrianmonk
I think they just err on the side of false positives. You can always ignore
the friend suggestion if it's someone you don't know. If they fail to suggest
someone you do know, that's a missed opportunity.

Some of this is inevitable. For example, their algorithm was eager to suggest
one particular person to me, and it did so multiple times even though I did
not know the guy. It was someone who had worked at the same company as I did,
in the same department, but quit the company slightly before I was hired. So
he and I had easily 10 Facebook friends in common. Facebook had good reasons
to suspect that I knew the guy. Even though I didn't, I might have, and they
have no way of knowing for sure, so they might as well just ask.

