
Facebook tracks your private calls - daenz
https://twitter.com/mat_johnson/status/977325434030428160
======
torpfactory
It should be clear to everyone now that Facebook is engaged in building a
surveillance system which tracks every one of its users throughout their daily
lives. Though others will disagree, this kind of behavior, especially done so
without informing the user in full candor, is morally wrong.

As I've advocated in other commentary on this site: Engineers at Facebook have
a moral obligation either reform from the inside or quit. This kind of
surveillance apparatus should not be built, by either government or private
entities.

~~~
Erlangolem
I agree. Now what about engineers at Google, especially with their drone
program partnership with the DOD? How about engineers at Uber making cars that
are unfit for the road?Engineers in general need to either grow a spine and a
conscience _fast_ , or they need enforced ethical standards. It’s. It just
Facebook, although Facebook is particularly nasty, and there is no sign of
people giving upon their cushy jobs to do the right thing.

Mostly they seem happy to go public while babbling about how they’re “changing
the world” as in that pitiful letter from DropBox.

~~~
cma
We need more legal protections for corporate whistleblowers.

~~~
kyrra
What part of a DoD contract requires whistleblowers? Are we going to arrest
all of Lockheed Martin or Northrop Grumman?

------
Shywim
Some replies say that the user should take a second look at what permissions
they give, but in the case of Android apps the permission to use the Account
Manager (used to register a service account like Facebook, Google, Twitter or
any other things that need to synchronize in the background) is displayed as a
"Contacts" permission to the user.

So some apps like Facebook might synchronize or make other uses of contacts
with their service accounts, but many other service don't do anything with
contacts and doesn't EVEN request the actual contacts permission but their
permission request is still displayed as "Contacts".

How can the user be able to do responsible choices in giving apps permissions
when the permissions layer of the OS make no sense?

~~~
switch007
I may be misremembering/totally off base, but didn't Android go through some
rounds of "simplifying" or "renaming" permissions over the years to basically
obfuscate and confuse? (Or have they always been terrible?)

------
eterm
I've often seen this permission rationalised as "Well apps need to suspend
when a call is incoming", but why is ability to know if there is a call the
same permissions as knowing every call made and for how long?

Facebook may have been "given permission" but as people are discovering, it
wasn't really actually given permission. This is why there is such a notion as
_informed consent_ , because giving permission isn't always as simple as
agreeing to something.

------
shapiro92
Can we start putting some blame on the developers the product managers and in
general the IT team behind the facebook Android App?

Not only they executed it, they have thought of it, where to store it, how to
download it etc.

It is not just Zuckerberg who is at fault.

~~~
alex_young
Doesn't Zuckerberg control FB? Didn't he also control it in all of it's past?

All of the teams of people you mentioned work for him. They take direction
from him, and ultimately the buck stops there.

~~~
ajross
The point wasn't that the buck shouldn't stop, it was that the fact that the
buck passes someone isn't a defense. Lots of folks were involved in building
this disaster, and they all share blame too.

To Godwinize for clarity: Hitler wasn't the _only_ war criminal in Nazi
Germany.

------
cromwellian
What IOS iPhone permission do grant the app that allows this? Is it "Allow
Access to Contacts"? I mean, there's a difference between allowing say, an app
to be able to lookup and dial a phone entry, and an app getting _call logs_

They need to split that permission if it is combined with other stuff.

~~~
0x0
Apps written by "mere mortals" probably can't get that information. But
there's a whole API called "CoreTelephony" that's mostly gated behind an
entitlement,
[http://iphonedevwiki.net/index.php/CoreTelephony.framework](http://iphonedevwiki.net/index.php/CoreTelephony.framework)

I used to think Apple would never grant this entitlement to any other apps
other than those that are builtin to iOS, but then there was that whole Uber
framebuffer capture entitlement scandal...

~~~
sah2ed
Did the scandal _actually_ happen? The articles I found only talked of the
possibility for abuse by Uber.

[https://www.macrumors.com/2017/10/05/uber-removing-apple-
gra...](https://www.macrumors.com/2017/10/05/uber-removing-apple-granted-api/)

~~~
0x0
The big deal isn't what uber did or did not do with their magic provisioning
profile. It's the fact that Apple apparently sometimes hands out god-mode
provisioning profiles to 3rd party developers at all.

------
starchild_3001
My download archive has all my contacts' names & phone numbers stored. Wtf?
Why do you need this information in your data servers Zuck?

~~~
starchild_3001
I guess I now know how you recommend me those obscure "friends" like a
recruiter from a company I didn't join, or my gardener etc. Totally uncalled
for.

------
rukittenme
I would recommend everyone download their archive. I just did. 1.8mb for me.
All of it benign and boring. I honestly feel a little left out. But I did get
to read a lot of conversations I forgot I had. It was fun to remember "the
good old days".

------
indigodaddy
After this media blitz dies down, they'll likely soon just start directly
sending this to the FB servers from the application, without leaving behind
any localized files...

------
dotsh
Do we really need to go over and over with this again?

[https://news.ycombinator.com/item?id=16656604](https://news.ycombinator.com/item?id=16656604)
[https://news.ycombinator.com/item?id=16652387](https://news.ycombinator.com/item?id=16652387)

~~~
lucb1e
That, and the 10 other facebook-related posts currently on the front page. I
understand it's a huge revelation that facebook tracks people and shares the
data in ways and for purposes which we weren't aware of, but the news has been
nothing but facebook for a week now. For something that was mostly known
already (we knew they had it, just not that it was applied in this way), it's
getting a little tedious.

~~~
Zenst
Yes, it's like everybody is gaming the stock market options. Or finally the
reality of social media is catching up with the populus all at once.

I suspect the peak won't be reached until we read a court transcript with the
quote "show us upon this dB schema were Facebook touched you".

------
stevebmark
edit: misread

~~~
bcherny
If FB (or any other app) could record your phone's mic without you knowing,
that would be a GIANT security issue on Apple/Samsung/etc.'s part. As any app
developer knows, you need to explicitly request permission to record, and the
user sees a big red bar for the duration of the recording. Unless you're the
NSA or something, you're not getting around that.

------
alex_young
Apparently they serve your archive up on some dialup link or something. I just
noticed my archive is available (no email received though), and it's going to
take an hour to download 255 MB. On a 1G fiber link.

I guess this kind of complies with the GDPR. Seems like FB probably has fast
internet links somewhere.

~~~
_xgw
It took me about 15 minutes to download my 2GB archive on a 30Mbps connection
which seems normal to me.

