Hacker News new | past | comments | ask | show | jobs | submit login
How Facebook's Safety Check Works (highscalability.com)
104 points by xasos on Nov 17, 2015 | hide | past | favorite | 50 comments

Hey everyone! FB engineer here who wrote the original code for this and gave the talk during @Scale 2015. There's a recording of our talk here: https://youtu.be/ptsCWGZW_P8?t=333

That's a bit more visual and easier to understand. At the end of the day its really just DFS with seen state and selective exploration :)

How does FB decide which disasters qualify for the safety check and which do not?

As described in a post by Zuckerberg, before the Paris attack it was only activated for natural disasters. Paris was the first time it was activated for human disasters and they will be doing it more in the future.

Respectfully, that doesn't answer the question. What is the current policy for determining use?

Probably "If the people in charge of running it decide it is worthy"

The real reason, which they probably can't say, is how much media attention it gets in the USA.

Why was this down-voted? Doesn't it have a high chance of stimulating meaningful discussion?

I'm entertaining the notion that this is a way to justify some new privacy-invading feature. I'd love to be wrong, and I'm open to a statement from a FB employee, if such a thing were possible.

Or perhaps it motivates the idea that if you do not use facebook you can never be completely "safe".

"Never let a good crisis go to waste."

I think the post had a bit of a frantic working backwards and managing PR tinge to it. A cyclone/tsunami also takes place over an extended period of time, and is very similar to a human disaster.

In any case, it is a really nice feature and the fact that they will start using it for more disasters is undoubtedly a good thing.

Sorry, I don't have time to see the video right now, but I am wondering if it isn't possible for you to use something like Hadoop/Hive/Presto to simply get a list of all users in Paris on demand.

Hive and Hadoop are offline -- it can take ~45 minutes to execute a query on our entire user table (even longer if it involves joins) and certain times of the day its slower (during work hours usually). Not only that, but once the query executes some engineer has to go copy and paste into a script that would likely run on one machine.

Doing this in a distributed async job fashion allowed for a lot more flexibility. Even better, we can even change the geographic area as the algorithm runs and those changes are reflected immediately.

>The average distance between any two of Facebook’s 1.5 billion users is 4.74 edges. Sorry Kevin. With 1.5 billion users the whole graph can be explored within 5 hops.

Nitpicking here, but that does not follow. Starting from a random user and hopping 5 times in all directions you'd expect to explore about half of the graph.

Your post is technically correct, but I think that you'd be likelier to explore more- say, 80% of the graph. I suspect that there are small pockets of extremely unconnected people which creates a long tail, distorting the mean.

Unless the data can somehow be shared how is anyone to know what the structure is? There is no point in speculating...

Yeah, I noticed that, too. Just because 4.74 is the average doesn't tell you enough to know how many people you will reach by exploring 5 hops. Also, they clearly are not including unconnected people in their calculation - there are lots of people who are probably unconnected to the general population. I know from when I used to work on facebook apps that I had a few accounts only connected to each other.

A longer, more involved article from late September has a bit more information: http://highscalability.com/blog/2015/9/28/how-facebook-tells...

>If a friend is in the same area then a push notification is sent asking if they are OK.

One thing that I'd like to understand is how "area" is defined. The limiting factor is, of course, finding out something has happened, but someone at Facebook has to draw a border that encompasses everyone at risk but minimizes those out of harm's way. An earthquake is almost easier - there's (relatively) rapid data on the epicenter and size - but in an event and place like Paris, there have got to be some hard calls made in real time. Who are the people and teams involved there, and how do they make those decisions? I'd love to see that.

They probably are very generous - I'd imagine the entire country was defined as the "area". The system doesn't work very well if there's false negatives and people don't see it, and if someone sees it but shouldn't all they have to do is hit that they're OK.

Not quite @chipperyman573. A few points to make here:

-- Since we only have city-level location for most users, declaring the area isn't as hard as drawing on a map. We usually just select a number of cities, regions, states, or countries that are affected by the crisis.

-- We always allow people to declare themselves into the crisis (or out) in case our geolocation prediction is inaccurate. This means we can be a bit more selective with the geographic area, since we want to be pretty high signal with our notifications. We actually use notification click-through and conversion rates as downstream signals on how well a launch went.

-- For something like Paris, we actually just selected the whole city and launched. Especially with the media reporting "Paris terror attacks," this seemed like a good fit.

I got a safety check because my home city is listed as "Paris", but I was not actually in Paris. I consistently reject requests to share my location though, so it's possible Facebook has more precise information about other users.

France is a pretty big country. If you are in Nice, you are a nine hour drive from Paris. It would seem a bit silly to ask if you were okay, and not someone in Belgium who is much, much closer.

It is only about 248 thousand square miles... which is smaller than Texas.

> The average distance between any two of Facebook’s 1.5 billion users is 4.74 edges

Pretty crazy to think about.

> If you are in an area impacted by a disaster Facebook will send you a push notification asking if you are OK.

I guess that's great during an earthquake but can be terrible when you're hiding during a terrorist act.

If it's any comfort, most people have push notifications turned off for the main Facebook app (understandably since we send quite a few of notifications). However anecdotally some of the survivors of the attacks mentioned that they got phone calls from concerned friends / families while hiding in the Bataclan, which was understandably stressful.

Maybe for this kind of events (when people need to hide) you should postpone the push until the situation become calmer?

On the other side, the push notification can alert people yet unaware of the situation, and save their life.

I guess we will have to wait until Facebook brilliant AI team can automagically figure when it's pertinent to push that crucial notification!

What kind of context hints could be used? heartbeat rate? analyzing ambient sounds like screams, detonations, explosions, or silence? analyzing surrounding voices to detect emotions like anger, distress, pain or fear in smartphone owner voice or other people? extracting dangerous location from media streams, and correlate with geolocalized users' positions? using other geolocalized users' answers (safe/not safe)?

I'm aware some proposition are not really realistic (yet) or somehow really creepy.


Also, back to earthquakes, using context hints of lot of smartphones going from 'still' state to 'tilting' state, in a relatively localized region, could you detect earthquakes occurring quasi real-time? and push a warning notifications to your friends faster than the quake waves? « possible incoming quake in 5 seconds, brace yourself » ( à la https://xkcd.com/723/ )

If the safety of your products depends on disabling features, you should stay out of anything remotely safety critical.

What the hell, this can be said about anything. As GP provides an example for, even an unexpected phone call can be unsafe.

In my opinion, "other things are just as bad" is as good an argument as "if you turn it off, it's not dangerous".

I still think it's not smart to send push notifications in an active shooter situation for a feature that is made to give people who are not involved peace of mind. If you consider such risks, and not get defensive right away, you will find that solutions can be pretty simple, e.g. a banner inside the app, instead of a notification.

I think shooting was aready over before people over at Facebook even knew something is going on. I imagine they wouldn't even turn it on before the information hit mainstream news.

Most of the trainings that I've gotten for active shooter-type events (gov't employee; they're frequent these days) advises you to silence your phone since the first thing that's gonna happen when the news shows up is everyone is gonna call you anyways.

On a darker note, first-responders to the Paris attack distinctly recalled people's phones still ringing in their pockets when they arrived.

Here's the video from @scale that explains it if you are interested: https://www.youtube.com/watch?v=ptsCWGZW_P8

I wonder what Facebook will say when the governments of the world realise they can use this capability to contact their own citizens - especially if Facebook's continued operation in that country is contingent on its cooperation.

'Safety Check' is just the end user experience; the underlying mechanism is a way to propagate messages invasively across a geo-social network. Like any technology, 'good' or 'nasty' depends on how it's used.

Usually this is enforced at the cellphone carrier level. The US has the amber alert protocol which also has a function for the president to dispatch any message (and can only be used by the president iirc), and that level of message can't be turned off via settings.

Even in our best countries FB usage is never 100%, so cellphone / landlines makes a bit more sense.

> The US has the amber alert protocol which also has a function for the president to dispatch any message (and can only be used by the president iirc), and that level of message can't be turned off via settings.

This is the Wireless Emergency Alert system, which carries Amber Alerts, Alerts about imminent threats to life/safety, and Presidential Alerts. The last (and only the last) can't be disabled in settings, because the legislation requiring support for the capacity required that Presidential alerts not be disabled. (The system is basically the mobile-device equivalent of the broadcast Emergency Alert System.)

I suppose I hadn't really thought about why they'd use Facebook when you can just message all the cellphones in a geographic area. Your reasoning makes sense.

Incidentally that article implies that Facebook contstantly tracks your geo location even when you do not expressly check in.

That's not exactly correct; we don't have GPS-level location information for the majority of our userbase (only those that turn on the nearby friends feature).

We use the same IP2Geo prediction algorithms that Google and other web companies use -- essentially determining city level location based on IP address.

We are not OK with the NSA doing this and (theoretically) not viewing the data.

We are OK with Facebook doing this and exploiting the data for monetary and market advantages.

Generally people are ok with Facebook doing it because they can opt out.

If you notice, the times people really get upset about companies tracking their personal information is if it's either not disclosed or it's done in a shady manner.

Also, capitalist societies tend to treat state actors differently than private corporations. It's much easier to choose a new corporation to interact with and the state tends to have a lot more personal/private data about you (which you're required to share with them).

Yeah ok but how many end-users are conscious enough of the situation to OPT-OUT of such an intrusive policy?

On the same vein as accepting every terms and conditions that comes your way, I think most people are severely uninformed about this. It's like how many people believe software engineering is "magic", they believe Facebook or the government will protect them with "magic". Hint: there is no magic.

> Yeah ok but how many end-users are conscious enough of the situation to OPT-OUT of such an intrusive policy?

Well, I meant opt-out as in "not use". Plenty of people don't use Facebook because of the privacy implications. And as another use mentioned, this is the reason that people are so upset about Facebook's shadow profiles, because it removed your ability to opt out of their tracking.

You can't opt out of Facebook's shadow profiles.

Don't confuse your opinions with ours.

Personally I'm struggling to see the dividing line between the two entities. The NSA is a supplier of information for both US corporate interests, the state and the military industrial complex. Facebook is similar except it gets its funding from private equity and advertising revenue, whilst the NSA draws money from the tax payer.

url seems to be down. Any url for the cached content?

WhatsApp now uses Facebook Messenger's protocol ... FYI

how do you know?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact