Hacker News new | past | comments | ask | show | jobs | submit login
Unethical Growth Hacking from YayView (lord.io)
356 points by luu on Jan 10, 2016 | hide | past | favorite | 117 comments



And you wonder why the European Courts have started to strongly enforce the right to data protection.

Us in the tech world need to be honest, we're bad at privacy.


See, I don't get this. Europe is acting as if it had a duty to protect its people from the bad companies that steal your privacy while you sleep, whereas in reality nothing happens if you don't explicitly give consent first. Don't want Facebook to use your personal data to sell you ads? Don't put it on Facebook. Don't want YayView to access your location at all times? Then don't give it access to it, it's asking you right there, even if it's being shady about it.

It's a little bit like if people had trouble using forks without stabbing themselves, and the proposed solution was to ban all forks in the country. Well perhaps more work should go towards teaching people how to use a fork, since they can be useful for meals, rather than banning them?

Don't get me wrong, it's a shame that companies like YayView exploit dark patterns to trick people into doing things they don't fully understand, but let's not ban all the things because of it.


I tend to fall on this same side of "people should be responsible for their actions" and, yes, it would be great if easy-to-understand education was readily available re: protecting one's privacy in the digital age. But I shouldn't have to become a part-time lawyer just to use Facebook (for example) to post baby updates. Who has time to keep up with all the little tricks these companies pull? I think the middle ground is 1) apps/sites need to be way more explicit and direct with the intentions they have for your information and 2) the every day user of apps/sites needs to start acknowledging his role in protecting his own assets.


> See, I don't get this. Europe is acting as if it had a duty to protect its people from the bad companies that steal your privacy while you sleep, whereas in reality nothing happens if you don't explicitly give consent first.

Well, that is one of the main jobs of a government in the first place. Companies will always try to exploit you as much as they're allowed to, and governments have the responsibility to make sure they aren't allowed to do that too much. European governments are doing their jobs.


In England the need for data protection laws was partly driven by employers keeping blacklists of "agitators". This was mostly construction industry keeping a list of union members who were engaged in legal union activity, often around safety. (UK construction at the time was pretty risky, one of the most dangerous industries in the country.)

Those employees had no choice whether their names were added to this black list. There was no appeal. No due process.

And when a company abuses it's data gathering and mining powers it's unhelpful to blame the user.


> This was mostly construction industry keeping a list of union members who were engaged in legal union activity, often around safety. (UK construction at the time was pretty risky, one of the most dangerous industries in the country.)

There was also (AFAIR) blacklists of suspects IRA terrorists, also in the construction industry. (Many Irish emmigrants to the UK were poor and worked in manual labour jobs like construction.)

Another example of data protection issues and "terrorists"


Consent shouldn't necessarily be regarded as transitive. The problem in this case isn't Facebook sending you ads, it is Facebook and other data sources allowing others to correlate all data about you.


> Consent shouldn't necessarily be regarded as transitive

I think you're on to something with this statement.

I'd feel much better if selling/transferring customer data was disallowed with explicit consent from the user for each company the data will be transferred to.

[] I consent to Facebook storing and using my personal data

[] I consent to Facebook transferring/selling my personal data to people and companies I add to my "friends list"

[ ] I consent to Facebook transferring/selling my personal data to Ad Tracker Network Inc

[ ] I consent to Facebook transferring/selling my personal data to User Data Broker Limited

With personal data being broadly defined to include anything that could correlate activity with an individual user (tracking ID, session cookie ID, name, location, etc).

I think the average person's understanding of how much they're being tracked would drastically improve if they seen this list of (opt-in) checkboxes when signing up to services.


In the Schrems case which overturned the Safe Habour agreement, one of the problems was that US law required/allowed Facebook to give up EU personal data, and there being no real way for EU citizens to challenge it. (Remember the US 4th Amendment doesn't apply to EU citizens in the EU).


That's totally wrong headed. They have deliberately deceived people into accepting prompts and neglected to give them all the facts. That's deception through omission, clear and simple.


I'm not saying they are not to blame, just that more work should be done in teaching the end user that they cannot trust everything they are told, much like in real life.


Then I don't get your original point, and I don't get how intentionally deceiving through ommission is not "real life".

Your original point was that you gave explicit consent for them to use your data. But you didn't, you accepted they would only use it for the stated reasons given to you. You didn't consent for them to use it for anything else!


The EU are demanding just that. That personal data is only used if it's freely, and unambiguously, given, Which is what EU law requires. Despite the scare stories, it is actually possible to legally work with personal data.

Let's be honest, shadily sneaking people into giving personal data (like YayView) is not "freely given consent". Facebook doesn't tell you that the FBI/NSA can spy on your data, so it's not unambiguously given consent.


> See, I don't get this. Europe is acting as if it had a duty to protect its people from the bad companies that steal your privacy while you sleep, whereas in reality nothing happens if you don't explicitly give consent first.

Platform is on within FB per default AFAIK. Users are exporting their friendslist without permission of their friends and bring it to apps like these. Defaults like these _are_ bad - and don't blame Europe for it.


I generally concur, but in this case, this guy agreed to share his information with facebook, not YayView. What if he's in a relationship and a friend of his girlfriend sees his profile on YayView, that could cause a serious issue in that relationship for no good reason.


>Don't want Facebook to use your personal data to sell you ads? Don't put it on Facebook.

The problem is that simply using Facebook gives them tons of personal information. They know who your friends are, who you talk to, what articles interest you from what you click, what websites you visit from the embedded Like buttons, and on and on. And this is without adding a single bit of explicit information about yourself to your profile. Facebook probably already knows what school you went to anyway, based on your friends.


The other problem is that using Facebook and the US Government/NSA/FBI has access to it too, without requiring a warrent. I don't think anyone agreed to that.


I've never created a facebook profile but facebook has a "shadow-profile" on me based on people tagging me in photos and inviting me and what not. So I never put things on facebook but there's still tons of info on me there.

And maybe forks would be banned if they were constructed in a way to make it extremely difficult to use, even for experts, without stabbing yourself? I'm thinking of a fork with some sort of magnetic pull, either towards the plate or towards your own forehead, so you can chose whether it tries to stick to the plate (making food not come to your mouth) or switch to the forehead pull and try to steer it into your mouth without stabbing yourself. That IMHO would be a more adequate comparison to what these dark-pattern infused sites/apps are doing.


But product recalls akin to your fork analogy happen all the time. Products that are more hazardous than they need to be, or that are more hazardous than a reasonable user might expect, are vulnerable to lawsuits and regulations.


Your comment -> "whereas in reality nothing happens if you don't explicitly give consent first"

From the article -> "View scans your Facebook friends and creates fake profiles for them."

Having a profile created, that others can edit, and you've never interacted with the app or company? That doesn't sound the least bit like consent. Closer to social rape.

Can I create an investor app, with fake profiles for all the leading investors, including some of whom invested in this company? I'm pretty sure lawsuits would fly. Although most consumers lack the resources of the investor class, they deserve protection to.


I want to live in a world where I don't need to worry about my information being disclosed by a third party. The world you propose is one where there is a chilling effect on sharing anything with anyone.


This is the "if you didn't want to get raped and murdered, you shouldn't have left your house" defense.


This has always been my take on the privacy issue as well as the related advertising issue. People freely connect to and send data to companies servers and then get mad that the company has and uses the data? What? People send requests to servers saying "send me whatever it is you have sitting in this location" then get mad when the company dared have a link to an advertisement sitting on their own damn server? What? You're the one that asked for it! You didn't even have to do anything with it! You could be running an ad blocker, left the ad link as a link, and consumed the content you want which the company still sent you simply because you asked for it! How cool is that? Free fucking data from someone's computer when they don't even know or have business with you.

But no! Apparently if you blindly connect to other people's servers, send them all of your personal details, ask them to send you effectively whatever they feel like, and then you executive that code indiscriminately, it's on them! Fucking ridiculous.


Searching for YayView on the app store, nothing comes up.

To find the app, search for these keywords:

    view meet your classmates
A possible connection to an app called Highlight is further indicated by the fact that the AWS landing page for the View app contains the string highlig.ht.

Any App Store user can report a problem with an app by first downloading the app (no need to actually run it, and it can't do any damage without being run), then visiting https://reportaproblem.apple.com and signing in. The app will appear at the top of the list of downloaded apps, and next to the app is a "Report a Problem" button.


I downloaded the app & reported it via that link. I encourage others to do so as well. It's shameful that this app was allowed through Apple's review process.


> no need to actually run it, and it can't do any damage without being run

How sure about this are you?

Some common apps like Hangout and Facebook misuse iOS features to run in the background despite Background App Refresh is turned off, AFAIK.


Up to iOS 7 at least, there was no way to run in the background without the app being launched at least once. I haven't worked with the latest two versions though.


Which features, exactly?

The only one I'm aware of is marking the app as a VoIP app, which means the system will keep it alive and let it occasionally check in with the mothership. But Apple heavily scrutinized apps marked as such to make sure they actually need it. And even then, I don't think they run until the user starts them at least once.

Even if the app could automatically run on download, it couldn't access any interesting information without being activated by the user and prompting to allow access to location, contacts, photos, etc.


iOS developer here. Pretty damn sure. All the ways I know of for running code in the background, and I've looked at this quite a bit, require at least one launch for them to be enabled.


That is not only unethical that is also illegal in some countries.

Also, this is the reason why you should have FB platform a) turned off and b) disallow that your friends "bring your data with them when they use apps".


For anyone curious on how to do this:

    1) Click the down arrow (▼) in the top right, then go to 'Settings'.
    2) Click 'Apps' in the bar on the left side.
    3) Click 'Edit' under 'Apps, Websites, and Plugins' then 'Turn Off'
    4) Click 'Edit' under 'Apps Others Use' and uncheck everything, then 'Save'.


Thanks, just did this, really useful info :)


Thank you.


> How did it get his photos? Well, he has friends who signed up with Facebook. View scans its user’s Facebook friends for other students, and creates fake View profiles

I thought the Facebook API does not allow pulling the complete friends list anymore. i.e. it excludes those friends that do not already have the corresponding Facebook app installed, precisely to stop this tactic?


The API docs don't mention any such restriction:

https://developers.facebook.com/docs/graph-api/reference/fri...


> Friend list now only returns friends who also use your app: The list of friends returned via the /me/friends endpoint is now limited to the list of friends that have authorized your app.

source: https://developers.facebook.com/docs/apps/changelog


Maybe web scraping then? It would not be so hard to make a focused scraper that scrapes the friends of anyone using the app.

Edit: I did a quick test and at looks like I can see the friend list of many users that is not in my immediate network as long as I am logged in to Facebook. It should then be easy to use something like Perls WWW::Mecanize to make a scraper that log inn and scrapes the profiles you want, as long as one do not need so many that Facebook detects and banns you.


But I presume they don't have the users' passwords to login with.


No they probably do not have the users Facebook password, but they do not need it for scraping, because they can just use their own use for that.

I have looked around on Facebook and it looks like one can see other users friend list, even if you are not in their immediate network.

Even if Facebook has a limitation, like you can only see the friend list of friends of friends the company behind this app could probably make some fake Facebook users and befriends someone on each university to get an ok coverage.


It depends on the privacy settings. Though the several iterations of privacy scaremongering and Facebook changing defaults resulted in people locking up their accounts like crazy, friend lists seem to still be visible semi-publicly for quite a lot of people. With more news like that, this will probably change too, though.


> Though the several iterations of privacy scaremongering

I'd argue that this is another case which shows that the privacy scaremongering isn't scaremongering, but the privacy issues are real.


It's totally a POV issue IMO, that's why I phrased it that way :).

For me, half of the Facebook's utility was the ability to check people out without having to commit to a relation with them first. A publishing platform, a little bit like personal pages of old, but much more streamlined and accessible to the mainstream. But it turned out there's enough bad actors around (stalkers, marketers) that people voted against this, and so Facebook is now a very locked down place. I think most of those fears people have are overblown, but well, that's only my opinion and it seems that most people disagree.


Though those concerns may be real, the privacy issue being discussed is still a trick employed by Facebook. By redirecting people's fear towards the amount of information that the public can see, they were able to keep them from talking about the original issue -- what Facebook tracks, saves, and uses for advertising.


<rant>

It's not the first time I will rant about this, but why use the word 'hacking' here?

YayView sort of exploited the system by automatically creating users from freely available data on the social networks, but is it 'hacking' per se? I think that YayView is not a hacker company, and just a startup using very unethical business tactics.

IMHO, term `hacking` is used everywhere to raise `click-bait-itness`, no matter it fits there or not.

</rant>


Hacker in this context means someone who quickly and cheaply creates new things, as in "it's hacked together". Like how we're on Hacker News, it's not a security website, it's a website for people interested in startup news. Growth hacking basically means any form of growth that doesn't come from a fat marketing budget or traditional brand growing methods. I definitely think their method counts.


I disagree. "Growth hacking" refers to "hacking" as in "the thing programmers do that make them oh so important in the XXI century". It's marketers doing collective "me too", they want to bask in the same glory, capture some of that positive halo that was created by IT companies that diluted the meaning of word "hacker". The word that itself doesn't mean much anymore within the commercial world.


Plenty of what programmers are doing isn't hacking. A team of top cs men making some process in google 0.1% more efficient doesn't seem very hacky even if it results in oodles of profit. What's more is this type of marketing is very much the result of hacker programming. Scraping social media profiles and then automatically email spamming the recipients is a system that was programmed, they aren't manually doing it (I hope!).


Of course! Most programming, and especially most professional programming, has nothing to do with hacking. It's a different culture. But it's also totally different culture to what "growth hacking" is doing to marketing. Astroturfing the hell out of your service doesn't make you a hacker. It makes you an unsophisticated asshole.


I mean, if all you do for a living is email spam then I wouldn't call that hacking, but seeing as this is a programming based startup and the marketing attempt required programming skill, I'm imagining this was put together by the same guy/guys that are on other days making new product features. If slapping together a marketing scheme that quickly lets you reach a lot of people without you needing to spend a lot of time optimising or upkeeping it isn't hacking then I just straight up don't understand how the day setting up a new feature and a day setting up the new spam bot are different conceptually.

I don't think being an unsophisticated asshole and a hacker are mutually exclusive. Plenty of hacking is unsophisticated and most people are assholes, hacker or otherwise.


> Plenty of what programmers are doing isn't hacking.

and plenty of hackers aren't programmers. In Eric Raymond's definition of a hacker http://www.catb.org/esr/faqs/hacker-howto.html it states:

"There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker."

I mention this because Merriam-Webster's definition on the other hand is somewhat flawed:

1: one that hacks

2: a person who is inexperienced or unskilled at a particular activity <a tennis hacker>

3: an expert at programming and solving problems with a computer

4: a person who illegally gains access to and sometimes tampers with information in a computer system

In particular, #3 doesn't mention hackers that aren't experts in programming but might solve problems with hardware/networking. A better #3 definition would be: "A person that computer programming, computer networking, or other technology at an expert level to come up with an innovative solution."


None of his article seems to try to defend his assertions at all so it seems odd to link to it unless this is an appeal to authority. In which case, what makes Eric Raymond an authority on the English language?

"-er" is a suffix used to turn verbs in to nouns. A kicker is one who kicks, a stabber is one who stabs, a hacker is one who hacks. While you can certainly create a stereotype of the general "stabber", it shouldn't and doesn't really come in to whether or not a specific act was a stab. If most people who stab others are large, hooded men, but a petite, bow tie in hair girl thrusts a knife through someones torso, she stabbed them. Talking about the incident? She was the stabber. She does it regularly enough for it to be part of her general description as a person? She is a stabber.

Now, seeing as two very common definitions of the word hack are:

A: to cut or sever with repeated irregular or unskillful blows

B : to cut or shape by or as if by crude or ruthless strokes <hacking out new election districts>

it seems both odd to take people whose relationship with programming could be describe this way and not call them a hacker, and to call people who program out of a love of freedom and voluntary mutual help hackers. How the hell do freedom and voluntary mutual help relate to the word "hack" at all other than just by correlation?

People who made programs in a non-professional environment were and are more likely to hack together their programs. This group of people historically has had some values as mentioned in your article there. But to say those values are now the requirements or the defining characteristics of the term? Ridiculous.

Most people who bowl do it for the fun of it. If bowling suddenly becomes a lucrative sport and I take it up simply to chase the money and don't intrinsically care for rolling a ball at some pins, am I not a bowler? One who is partaking in bowling? Who goes to the bowling club to bowl?


> In which case, what makes Eric Raymond an authority on the English language?

He is an authority on hacking and jargon: https://en.wikipedia.org/wiki/Eric_S._Raymond

In summary: every programmer/developer/software engineer is not a hacker and you don't have to be a software-hacker to be a hacker. If you want to learn the history of the term rather than try to define it, that would be great, rather than just debating it.


I appealed to the history of it! If Eric and friends arrived at the term "hacker" through means other than the word "hack" i'd honestly love to know how, but like I said, his writing doesn't touch on it at all apart from to say that him and his friends started as a bunch of hobbiests. The best I can do is surmise that as hobbiests they believed they were crudely cutting and shaping software. What else would be it be? An Acronym? Happy Automation Creation Kids?

Discussion with someone who disagrees requires debate to settle the matter. We apparently disagree. Either debate or remain silent on it.


> Discussion with someone who disagrees requires debate to settle the matter.

> Either debate or remain silent on it.

I disagree with you. I provided evidence showing that Eric wrote a dictionary of jargon including the term "hacker". I see no other reason to continue this debate because you obviously cannot click on the link to read what I provided, and I'm not going to take the time to copy and paste every detail here, which I won't force you to read anyway if you don't want to.

I do not have to remain silent, and you just contradicted yourself when you both said that someone had to debate if they disagreed but at the same time had the option to be silent. Did you ever take a class in logic? It would serve you well to study it.


>I do not have to remain silent, and you just contradicted yourself when you both said that someone had to debate if they disagreed but at the same time had the option to be silent. Did you ever take a class in logic? It would serve you well to study it.

I said it was required to settle the matter. I didn't say the matter had to be settled. Have you studied reading comprehension? It's incredibly useful!

>I provided evidence showing that Eric wrote a dictionary of jargon including the term "hacker".

He wrote something and called it a dictionary. Great! I can do that. Anyone can do that. It's not a credential. It's enough to garner interest, and like I said, I read the entry, but writing something and slapping Dictionary as a heading is hardly evidence of that thing being true. That evidence is what he fails to even try to provide. I have provided a definition of both the word hack and how the suffix -er functions. Neither seem to be in dispute so the idea that there's disagreement over the combination is frankly nuts.


Ok, write a dictionary where you've researched technical jargon and the history of the term hacker to a full extent and get back to us on that.


Not really. The programming part of "growth hacking" is, well, a part of it, but the general definition of the term is much closer to "using creativity and analytical thinking/practices to market a product/service." It's kind of glorified word of mouth marketing, but with landing pages and A/B tests. [All that said, as a startup growth guy, I pretty much detest the term.]


A question in the YC application asks about a time you hacked a system to your advantage, and is explicit that hacking does not solely refer to programming


> cheaply creates new things, as in "it's hacked together"

In other words it's marketing without much resources. Nothing much to do with hacking. When you repair your car with a used part or a part from a different model, are you "hacking your car" ? 

This word is getting way too much abuse, soon it won't mean anything anymore.


If you fix your car by slapping together a bunch of junk then yes you most certainly have just "hacked it together". I don't see how you can call this abuse, crudely modifying and creating things is the original and primary use of the term. If anything it's the "high quality, open source programming in pursuit of interesting problems" crowd that's butchering it. "It's just something I hacked together" has never meant "I carefully crafted the shit out of it" except for maybe in a dishonest humblebrag sort of way.


> When you repair your car with a used part or a part from a different model, are you "hacking your car" ?

If you follow a popular on-line tutorial for that, then not really.

But if you find yourself with a broken car, and you figure out yourself that you can fix it by duct-taping some otherwise unrelated component into it, and the resulting solution somehow works better than original, then yes. Hacking is about playful cleverness.


Growth hacking as I understand it means doing non-obvious ways to grow your company. I.e. finding ways to spread that aren't following the normal user acquisition channels.


Sadly, the easiest way to do something non-obvious to grow your company is to do something unethical. Like using "user acquisition channels" that are not meant for user acquisition.



Growth hacker and hacker are very different things


These roles look suspiciously like more traditional "business development manager" and "software developer" but I guess those titles weren't trendy enough so we hacked role titles and now everyone gets to be a "hacker".


”Growth hacker” is a term a marketer came up with to market marketers.


+1

exactly. There is business development, though if there is a article which title has 'developer' in it, it does mean `a software developer` mostly, unless you read a particular business development article.

Though `growth hacking`, personally, I think is made up buzzword, for some managers to feel good and cool, that they are like the hacker from 90s. Startup growth falls under `business development and management` in my head, not under `(growth) hacking`.


Plus it's pretty common and has been over the years. Spamming student accounts, creating fake profiles from harvested data, etc... There is nothing newsworthy about this app. Just report them to appropriate places (school's tech whatever to block their spam, facebook for violating TOS, ... something else?) and move on.


This app also violate numerous App Store rules, but getting Apple to do something about it takes an act of Congress. Still you hope someone at Apple reads Hacker News.


Fortunately, in case Congress is out of session, they do have a URL that can help: https://reportaproblem.apple.com


They are also breaking CAN SPAM by sending deceptive emails. It is pretty cut and dry that the email claims X, but that feature is no where to be found - at least based on what is written.

Tagged.com did a very similar thing to get users to sign up, and they had to pay over $1 million in fines back in 2009. This in itself may not be a big disincentive for many companies, but the consequences if it is done after a settlement are.


And I thought the App Store review process was there to catch these sorts of violations?


This reminds of an app that made reservations on your behalf in restaurants. The unethical part was that it made fake reservations before hand (with fake names) and then auctioned the name.


totally unethical, i agree. the part about the investment really surprised me. do investors have a responsibility to study the legality of that which they are supporting with their capital?


Yes, investors (or rather, their lawyers) do legal due diligence. Even so the company investing may have overlooked this and then there is still the duty of the company to inform their investors prior to investing of any legal issues.

It's complex, especially when there are multiple jurisdictions involved, the laws on these subjects tend to vary from place to place. Another complication is that (like many things during dd) this straddles the line between technology on the one side and legal on the other.

If I were to come across it during a dd I'd flag legal to take an in-depth look. (Regardless of it being un-ethical.)

Don't be surprised if to the parties investing this was not a red flag and they invested anyway, also don't be surprised if they simply were ignorant of the matter due to time pressure or unfamiliarity with the territory. Not all investments are done after a full process dd.


There's plenty of people willing to invest in things that are legally in grey areas. If the company takes off then the hope is that they will have an opportunity to influence policy. Basically if a company has a lot of money to throw around then there are plenty of politicians ready to re-write the rules. Uber for example.

The bigger surprise to me is that investors would want to fund a dating site - period. The dating site business is somewhat known for being hard to attract investors because of their churn problem due to losing two customers whenever there is a successful match.


I wasn't at all surprised to see this is a funded startup -- it's had a lot of effort put into the design and execution, and it just screams desperation to me. I imagine somebody is under a lot of pressure to hit their growth metrics, and they probably convinced themselves that throwing out the rulebook is ok.


Yes, of they have a responsibility to study the legality (and morality) of what they are investing in. However, I'd withhold judgement on the investors until we have reason to believe that they knew they were investing in this. Their last funding was in 2013 [1], and they have produced several apps. It's very possible that their investors don't know about this act.

[1] https://www.crunchbase.com/organization/highlight#/entity


> do investors have a responsibility to study the legality of that which they are supporting with their capital?

Perhaps, but we all know there is plenty of money to be had for a company that toes the line in terms of legality. "This may be illegal" is not the same as it being so.


Especially that throwing investor money at lawyers to ensure laws aren't enforced can be sometimes a viable strategy for a company trying to disrupt an existing market - like, say, transportation.


I guess a good term to describe this is - dark hat growth hacking.


I would be curious to capture all the network requests done by this app. Maybe we didn't see all the iceberg.


Won't View just get their Facebook authorization yanked now that this has come out? This is sort of a worst use possible in terms of disclosure and user-privacy to Facebook.


"View scans its user’s Facebook friends for other students, and creates fake View profiles that anybody can edit, "

"This is never disclosed to the user"

I thought that the Facebook API no longer exposed ANY friend info to apps, without special permission that the user grants! And that permission has to be reviewed by facebook.


If any Australians get caught up in this, I sure hope that YayView or their parent company don't have an Australian side to their business. One call to the Australia Privacy Commissioner, and they're toast.


Well, that's what happen when you use Facebook..


[flagged]


There's absolutely no question that this is unethical.

I put images and information online because I want to share them with my friends. TOS and legalities aside, that does not mean I want businesses to scrape it and use it to roll out the fake profile astroturf.

I don't care how much benefit their app might bring to me. Let me seek it out on my own. Don't sneak your way into my mailbox, and most certainly don't make it look like you've some sort of semi-official relationship with my school or teachers.


Cigarettes are immoral in my opinion despite extremely clear warning labels (which are on them due to government mandate) and nothing that would trip the moral filters expressed in the article.

If you don't think consequences matter, you're welcome to your view. I happen to have a different view of morals and ethics, and one that I studied to attain.


"the author shows that the outcome here is positive for people."

Tricking people into signing up for an app and then tricking them into contacting others? You sir, need to study ethics more seriously.


This is an absolutely horrible comment. You really need to study harder.

There is absolutely no way that lying your way to growth is ethical.


Vaccination is one of the one of the most important public health breakthroughs of the past 5,000 years - perhaps on par with sewage systems. smallpox has been eradicated by vaccines - it no longer exists in the wild - saving approximately 5 million lives annually[1]. This was a "slow and painstaking process" [2]. Polio is next. This happens if the vaccination program is successful. Vaccination can then also be ended, saving the United States $270M per year.

If a woman came to me as a doctor and wanted to put her town, country, and world at risk by opting out of one of the miracles of modern science due to misinformation she received elsewhere I would have zero qualms about looking her in the eye and lying "I beieve the Pope issued a papal bull last August requiring every Catholic to be vaccinated." Even though it is a lie and although I start my sentence with "I believe..." in fact I don't believe the bogus fact I then state, which I make up.

This would be highly ethical of me to do, and has full plausible deniability as I could simply say I believed it, that I heard that somewhere. Even though I didn't. Even though I'd be lying to my patient.

The fact that there are four respondents here who think that the likely outcome doesn't matter, and "there is absolutely no way" that lying to achieve growth is ethical, and "I don't care how much benefit the app might bring me", means that we have nothing more to discuss.

Go read a few thousand pages of modern ethics. The respondent who mentions the technical terms of utilitarianism and deontology has the right idea.

Absolutely the outcome, benefit, and the fact that the author's friends are heavy users who love it matter.

[1] http://www.unicef.org/pon96/hevaccin.htm

[2] http://www.who.int/csr/disease/smallpox/faq/en/ "Smallpox no longer occurs naturally since it was totally eradicated by a lengthy and painstaking process, which identified all cases and their contacts and ensured that they were all vaccinated. Until then, smallpox killed many millions of people.


What secret knowledge of ethics do you possess that makes it not the "matter of opinion" that it is for the rest of society?


Well, maybe he thinks ethical systems like utilitarianism or deontology answer whether something is ethical or not.

That said, I struggle to think of any ethical system that says lying to your users and tricking them into giving away personal information is 'moral'. The likes of Aristotle or Kant would probably consider this app and its design morally questionable.


You don't actually mean "the rest of society", you just mean some other programmers. Why don't you ask Serena, (the heavy View user mentioned in the article), any of her friends, your mom, a niece or nephew, anyone going to school, or any other random sampling of the population who would know about the app. If you don't think consequences and happy users matter then it's hard to have a discussion about ethics.


> Why don't you ask Serena, (the heavy View user mentioned in the article), any of her friends, your mom, a niece or nephew, anyone going to school, or any other random sampling of the population who would know about the app.

And yet, you believe cigarettes are immoral. Why doesn't the same "some of their users like them" argument apply there?

Consequentialism is hardly the only ethical theory out there.


you can ask Serena, any of her friends, your mom, a niece or nephew, anyone going to school, or any other random sampling of the population about whether cigarettes are good or bad. Including smokers.

If you look at it more deeply, the reason everyone knows the answer to this question is ethical intervention into the marketplace by the government, for example restricting forms of advertising and mandating labeling - in australia in contrast to most products cigarettes can only be sold in an unattractive dark brown drab paper color with no visual branding - this is how a pack of cigarettes looks in australia: http://www.rte.ie/news/2012/1201/356241-australia-bans-brand... - this intervention of course has an ethical basis and is either ethical or unethical.

But since apparently you are among the other downvoters here who agree that programmers who have never read a page of ethical reasoning have a black-and-white correct opinion about what is ethical I think we have nothing to discuss. I certainly regret sharing my opinion and will certainly do so more carefully in the future if at all.


Other than creating profiles for users that didn't sign up, which is over the line, the rest of this seems like just solid product marketing and user onboarding.


What about email spam


Indeed. I'm no lawyer, but isn't this likely a violation of the CAN-SPAM Act?


Also not a lawyer (and in the UK) - I tried to dig out a loophole for example "Your friend technically sent the message to you not us!" sort of thing

But no, as a layman I can't see how this is getting by the CAN-SPAM act. It doesn't give you the option to not send it and sends it anonymously. From the recipient point of view it's just a random unsolicited email. I guess it's one of those it's easier to ask forgiveness than permission things.

My guess is the moment someone with potential legal clout challenges this the invites will be changed to a "Do you want to invite your friend yes/no" system


It is surprising to me that this feels so negative to you. Every large social tech company - Facebook, Linkedin, Twitter, Groupon, LivingSocial (RIP), Tinder - have all used tactics similar to what you label 'dark patterns' to bootstrap their businesses.

If I am building a network driven product like a dating app or social network, you better be damn sure that it is going to be using 'growth hacking' (read:scraping) methods to increase the viral coefficient per user.

Would it also be news to you if I told you that 719 singles in your zip code did not, actually, want to see you tonight?


>It is surprising to me that this feels so negative to you. Every large social tech company - Facebook, Linkedin, Twitter, Groupon, LivingSocial (RIP), Tinder - have all used tactics similar to what you label 'dark patterns' to bootstrap their businesses.

That doesn't make it acceptable.

The people who fund, manage and work for these types of companies should be blacklisted in the industry.


Seems like you want to make a black list that is very very long. It will be interesting to see groups who tries to blacklist these companies.


> Seems like you want to make a black list that is very very long.

Probably. But it's long exactly because people are not willing to blacklist as much as they should.

The market is under no obligation to respect you. In fact, competitive pressures push everyone towards exploiting you as much as it is possible. So the limit of crap we're being served is the same as what we're willing to endure.


And no matter how big LinkedIn gets, I will not forgive them for spamming me five years ago when they were just starting. It was unacceptable then, it is unacceptable now, and it informed me right away that they are not the sort of company that I want to interact with.


And, more importantly, it is a company that you do not want to ruin your contacts view of you.


LinkedIn is like 15 years old. I was getting spam from them back in college.


> It is surprising to me that this feels so negative to you. Every large social tech company - Facebook, Linkedin, Twitter, Groupon, LivingSocial (RIP), Tinder - have all used tactics similar to what you label 'dark patterns' to bootstrap their businesses.

Yes, LinkedIn is well known for essentially spreading itself like a virus with a bunch of interactions unknown to the user and that's exactly why no one should be using it. If I see that someone has a LinkedIn profile it's pretty much a minus nowadays.


How dare people feel manipulated when small companies use dark UI patterns when big companies do it too. That is a false dichotomy if I see one.


I think you meant to type hypocrisy. It's definitely an example of a double standard, not a false choice.


This was why I stopped using LinkedIn an Groupon though. The others are slightly deceptive, but not to the point of blatantly invading privacy like that.


Frankly, judging from your profile, I'm afraid to be a Netflix customer now.


I wasn't remotely surprised when the NSA's numerous electronic surveillance programs were made public. Doesn't mean I approve.


In more civilised countries these practices are actually illegal.

Just saying.


The more civilized countries still let a lot of shit like this fly. Most of the advertising industry we have today would not exist in an actually civilized world.


Then we should start here and make sure that it at least doesn't become more companies doing these things.

I have all @facebook.com email on blacklist on my email server because I get daily spam from Facebook trying to get me to spend more time on the page, even with everything turned off.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: