Hacker News new | comments | show | ask | jobs | submit login
Facebook spamming users via their 2FA phone numbers (mashable.com)
550 points by pinewurst 10 days ago | hide | past | web | favorite | 367 comments

Finally, somewhere I can appropriately vent about this.

About TWO years ago I was constantly annoyed by the 'secure your account: add your phone number here' banner frequently displayed at the top of the page upon loading FB, so I input my number to make it disappear for good. (Also, they kept hiding the 'x' (close) icon in different spots, making the banner difficult to dismiss.)

A few days later I got a text message containing a Facebook notification. I was flabbergasted. What an EGREGIOUS misuse of personal information. Completely under the guise of account security... Facebook had in reality acquired another way to keep their brand under my nose.

Naturally I was livid so I spent the better portion of the day scrubbing whatever sensitive information I could. Sure enough, the banner came back a few days later. And here we are.

I realize that the proper solution is to terminate my account and never attempt to log back in.... but I've had my account since 2006 and despite the company's terrible practices, I'm really not interested in disconnecting for good at this time

That thing facebook does with demanding your phone number, that's my favorite dark pattern. Apple does the same thing with iOS upgrades.

First you pose a seemingly innocent question, like 'would you like to give us your phone number so we can keep your account secure?' or 'would you like to upgrade to new iOS?'. Then you take away the NO option. You replace it with 'i'll decide later'. And by doing so, you make it not a choice for the user. You make it a statistical guarantee that sooner or later, most users will cave in and hit yes, even if by accident. iOS is an extreme example of this - when you say you don't want to upgrade, you are immediately prompted with a pin code request as if your device just locked itself, and your reflex is to punch in the pin to unlock it again. But if you read what it says at the bottom, it's asking for your pin to get permission to schedule the upgrade that you just said no to.

Whoever the designers are who came up with this stuff, fuck them. This shit is going to be in ethics textbooks in a decade or two. I hope someone from the facebook UX team is reading this, I hope they know their day job is to make the world a worse place.

When I first opened up the Netflix mobile app and it asked me if I wanted it to show me notifications I thought "hey, that's nice, most apps just start spamming me without asking". I clicked "No thanks" and went on my way.

It turns out, though, that it asks that _every_ single time I open the app. It's really annoying and I'm about to allow them only to block them at the OS level.

This is one reason some folks prefer Apple. iOS had privacy options at the OS level for years before Android got into the game (yes xPrivacy but not everyone can root)

So, enable Netflix notifications but disable Netflix notifications at a system level? Seems like a silly reason to prefer iOS, considering every modern Android has the same feature.

He's just saying that iOS had this feature way sooner than Android did

And android could sync my contacts through the cloud (google servers) to a new device and edit online, syncing the other way before iOS. What's the point?

Could whoever downvote explain? It's a feature that Android had first... The fact is, today, they both have Feature X, so debating who had what first doesn't add to a constructive argument was my point.

You asked for explanation and I did explain. You replied to me with something that could be seen as an attack. I don't know his point, I just explained his comment, that's all. I didn't downvote you though.

If you look through the parents, I didn't ask for anything. Also, the point made was that iOS had features first... Android has had other features first... they've both had the feature in question long enough to be in place through several hardware refreshes (given an average ownership of 1-3 years), so the preference doesn't hold as much weight.

You're changing the topic.

The post I replied to was effectively "iOS had features first" my reply was that "android also had features first" ... the point being that there have been enough hardware refreshes where the features in question are on both platforms reducing the weight of the argument.

If you buy a current Android phone, it will have privacy controls for 90% (guesstimate) of apps in the Play Store.

You can allow/block permissions from any app, no matter what Android version it targets. If the app targets a version below 6.0 (Marshmallow) then the app won't ask at runtime and Android will warn you that block a permission for that app may break it.

Ah yes, I forgot about that.

100%, you mean.

I'm guessing this is a bug. It asked me once (per device), and never asked again. Or I'm too trusting, and this is indeed a change in behavior for new customers.

I had the same issue. I said "yes", then went in the settings and disabled it. I wasn't asked again.

Interestingly, that happened to me on my Android tablet, but not on the Netflix iOS app

It’s still possible on iOS but if you declined the official pop-up once you can’t show it again. But you can annoy the users with different and equally intrusive pop-ups asking you to go to settings to change it for example.

As an ethical UX designer, unethical UX designers/PMs/ need to be shamed for creating/allowing dark pattern in their work. This goes against the fundamental tenets of empathetic UX design and in downright manipulative and bordering evil.

But who/where do we draw the line for "ethical" design? Every design decision is on a spectrum, and anything above helping someone eat, sleep or shit, is to some degree "un-needed" design.

I'd say anything that faces a user in a digital experience that utilizes cheap psychological or behavioral manipulation/UI obsfucation to benefit from their interaction in achieving a desired business metric/outcome in which a user may not have otherwise consented to/authorized said interaction had the user interface been written clearly in plain language (no jargon) and accessibly designed for the common lay person (user testing).

In design, everything is intentional and I fail to believe these cheap UI tricks were anything other than intended as designed by whoever designed it. Any seasoned UX designer worth their title knows if what they are designing removes their agency in deciding on how to act or if it feels icky or wrong in a manipulative sense.

But where do you draw the line between offering genuine convenience for the end user and UX tricks? Is underlining a link unethical because it's giving undue weight to highlight an action you want the user to notice? (I know, reductio ad absurdum, but I think it's valid to point out personal interpretation of ethics can be stretched beyond usefulness).

That's more of a rhetorical point - I don't believe most things related to "morality" can ever be as clear as black/white, ethical/unethical, and think it muddies waters to assert it does.

Considered design does not always exactly equal purer-than-pure ethical design.

Out of curiosity, who or what has designated you an “ethical UX designer”? I’m sure you could find an Apple designer who would claim that forcing people to upgrade ensures that their device is patched and secure, preventing many potentially livelihood threatening problems down the line, so they are just as ethical of an UX designer as you are, if not more so since you do not want to protect people from their device being hacked into and their personal info stolen.

"Out of curiosity, who or what has designated you an “ethical UX designer”?"

Simply put, I would never allow these dark design patterns into the product if I was the designer, by arguing that it would affect perceived trustworthiness of the company and brand credibility if dark patterns start to become pervasive and the norm across the product. As a professional UX designer, it's my duty to be the voice of the user and I'd put my neck on the line to make sure I voiced my concern before they went over my head and implemented dark patterns. I'll never sign off on it.

The issue is a lack of accountability by designers/PMs who hide behind the company name when these dark patterns are exposed. In an era when companies like Facebook sway political elections through their dark pattern designed newsfeeds, watchdog groups and regulatory bodies need to be created to keep them in check.

What was described is not "forcing people to upgrade" but tricking people into unintentionally upgrading. Your argument can be used to justify the former but not the latter.

Only if the incessant streams of breaking updates were primarily about device security would this be a valid argument.

The invocation of “primarily” here suggests that your mind is refusing to address reality because it conflicts with your ideals.

What an amazingly deep analysis of a person's mind just based on a few words.

From the UX I've studied it seems that ethics is unrelated. Typically in consumer apps the goal is to increase MAU and engagement and UX is dictated by whatever moves the needle on those areas. It's hard to separate whether people are using the app more because of it's better design through UX design feedback loop iterations or if it is a dark pattern.

For example it is entirely plausible that the sms notification being sent once you put in a 2FA number is completely unrelated. In a normalised database there will only be one phone number for multiple uses. If notifications are set to send to the phone number by default and 2fa uses that phone number the app will not necessarily have knowledge whether the phone number was entered due to a 2fa prompt or something else. It only checks for a phone number and acts accordingly. The 2 people/teams who designed each feature would most probably have no idea how else the number is being used such is the nature of complexity.

> In a normalised database there will only be one phone number for multiple uses.

No! Normalization does not mean keeping only one copy of each piece of data, regardless of category and context. I see this behavior all the time in junior and even some senior devs, both in databases, and when they code.

A piece of information has a type, but it also has a context. A 2FA phone number is different than a marketing contact phone number. It should never be normalized into just one field.

My favorite example of this is people re-using a constant in multiple places in code just because it happens to have the same value. Imagine you have a constant defined as `USER_DISPLAY_AS = 'first_name'`. Then, somewhere, you are building sorting and want to be able to sort by first name or last name. You notice you already have a constant that contains a value 'first_name', so you use it. Not you have tied two completely different things together in your code because you thought you are being DRY.

I don't disagree with you on the type issue but you can see in a large organisation how this would easily fall through the cracks. It's also entirely plausible that an intern came up with the sms notification idea and it wasn't caught in code review. I don't really subscribe to Hanlon's razor but in this context I can understand how it could happen quite easily.

This is a type of error that is often found in code and data modeling. I haven't come across a name for it yet. It most definitely can and does fall through the cracks, in small, medium, and large organizations. It is a code smell and should be eliminated whenever it starts happening. However, it is often quite subtle, and a developer's ego is often stronger than the explanation for why it should not be done that way.

I shall dub it "Krystian's Overoptimistic Denormalization Error", or KODE for short.

> From the UX I've studied it seems that ethics is unrelated. Typically in consumer apps the goal is to increase MAU and engagement and UX is dictated by whatever moves the needle on those areas. It's hard to separate whether people are using the app more because of it's better design through UX design feedback loop iterations or if it is a dark pattern.

No matter which metrics you choose, you run the risk of PM's ordering unethical means of increasing those metrics. A bakery can measure itself by sales volume and ensuing revenue numbers - that doesn't by itself prevent bakery managers from adding addictive drugs to the recipes, nor does it mean that those are poor metrics.

What it does mean is a) the company made some poor hiring decisions along the way, and the best way to deal with that problem is by having some b) ethical review board.

I like the example here. I want to outwardly acknowledge the obvious force that is preventing the baker from putting drugs in their recipe: government regulation and law enforcement.

I am an American but I am well accustomed to learning that other countries are able to prevent certain consumer abuse before it replicates at massive scale by acting early and adjusting along the way.

Does this happen in Europe?

We're just introducing the GDPR Europe wide which iterates on the member states existing privacy laws to provide definitive rights to any human in Europe, and obligations to any company dealing with their information.

Abusing the 2FA number is likely illegal in most member states now, and is definitely so at the end of May.

Probably you mean EU when you say Europe

Absolutely, sorry- bad habit

MAU = Monthly Active Users

It is a nasty dark pattern but I think in the case of iOS upgrades you can somewhat justify it - it’s important that users upgrade to avoid security issues etc. Of course really, iOS upgrades should be so pain-free that no one would ever want to say no, but that’s a different story!

iOS upgrades have long been synonymous to me to having to go through a dozen modal screens nagging me for apple services...

iOS devices in general. Spend two months away from one and you'll have about 3-5 modals pop up at different times while you just start to use the device. Awhile ago I was using an old iPad, dismissed a several modals and started reading. One modal that I dismissed previously came not more than two minutes later again, completely interrupting me. Stopped using it after that, wanted to throw it against the wall.

I suspect that their motivation to push users to upgrade has far more to do with their planned obsolescence than anything to do with keeping users secure.

I wouldn't be so sure. Security issues are bad publicity. Even Microsoft patches known pirate copies of their os for security reasons.

I see no basis for thinking that whatsoever.

> Then you take away the NO option. You replace it with 'i'll decide later'. And by doing so, you make it not a choice for the user. You make it a statistical guarantee that sooner or later, most users will cave in and hit yes, even if by accident.

Fucking YouTube and their "Would you like to merge your account with your Google Account and use your real name forever more? Yes / Soon."

I'd still like to know, what the particular difference between that acquisition and Facebook's acquisition of WhatsApp is, that made so many countries block the sharing of data between WhatsApp and Facebook, but not the sharing of data between YouTube and Google.

If it really is just that asshole prompt that made the difference, then man, did Facebook fuck up. They should have just blocked people from using WhatsApp until they volunteer their data.

WhatsApp has a shitload of alternatives, and it's much easier to switch. YouTube users had way more investment in retaining their account and not switching to another video hosting service (the best alternative is Vimeo I guess?).

I've only had a FB account for a very short while and that was 8 years ago or so, their disrespect for user privacy creeped me out back then already, never went back.

If WhatsApp had forced me to link to a FB account (and thus make a new one), I'd have told my friends "yeah that's nice you can message me on a different platform from now on". And I wouldn't have been the only one.

There's no social network for people refusing to use FB, so we don't know each other :) But there is way more of us than you'd expect (and from many different corners of society too, not just the tech crowd, friend of mine is a doctor and she's very intent on privacy, even if she sometimes lacks the tech knowledge to make the "perfect" choices, she's much more hard core about it than I am, as if I didn't have enough reason already for respecting the hell out of her).

YouTube did that a while ago too, when they were trying to get everyone to make a Google+ account.

Websites also do that screen-covering style popup on load with the two options like:

   Yes I'd love to sign up
   I'll sign up later
Neither of those are my true answer of "no" and as dumb as it sounds I don't really like lying by clicking the "I'll sign up later". Their loss because I usually just close the site instead if the box doesn't close when I click outside of it.

There's the other type where they imply the user is an idiot for taking the "no" option, as in:

   Yes I'd love to sign up
   No, I hate great deals

Same thing that they've done with the new Wifi toggle on the quick menu on iOS 11. You CANNOT turn off Wifi. It just "Disables it temporarily". They do this so that when you are home and your phones plugged in and on do not disturb its automatically downloading updates over Wifi again. This was the final straw for me.

My non technical partner was regularly finding herself out of data because she would turn off WiFi for some reason, forget to turn it back on again, and use a months data in a week. Since that change, it’s never happened. Yes, the option is misleading, (although there is a banner saying “turning off nearby WiFi until tomorrow”) but the vast vast majority of people don’t really turn off WiFi and want it off for good, they mean “I don’t want to use WiFi right now”. If you really do want to turn off WiFi, it’s in settings. I’d rather have a convenient feature that does what I want, even if it’s over use an un-updateable device where all the core services are tied to one of the largest tracking companies in the world, thanks.

You don't want to see annotations on _this_ youtube video? That's fine. I'm sure you'll want to see them on the next one.

Good call, but I'm a bit confused how that would increase engagement, unlike the other patterns here.

They do a similar thing with Apple Pay too. In order to get rid of the Badge on settings, you have to run through the wizard and cancel out at the end.

Google does it too, so does Twitter. They're all fishing for your mobile number but 'for your own good'.

this behavior in iOS drives me absolutely insane. and somehow apple gets away with it when it's just as intrusive as the shit microsoft and facebook do.

in that interface, and in mac os x as well, it seems it will upgrade at a certain point anyway, no mater what you choose. i always answer remind me later, and i will often come home to my macbook pro or iPad having been restarted due to an upgrade. the macbook is particularly annoying when it upgrades because it leaves about 10 minutes or so of stuff left to do that isn't triggered until i go to unlock my computer. so i come home having something urgent to do, try to wakeup and login to my macbook only to find it needs to finish the installation i never chose to do (or at least never intended to do). and still apple gets away with it.

> Whoever the designers are who came up with this stuff, fuck them.

Are you sure you're laying the blame at the feet of the right people? I'm a design lead on a mobile game and I find myself in a constant battle against these kind of shenanigans with the PM team.

I would argue that you have an ethical responsibility to fight that battle.

Here in Australia, when you become a software engineer, you join the Engineers of Australia, become a chartered Engineer with some additional civic rights and responsibilities, and swear an oath which includes upholding ethics values, much like doctors swear an oath to do no harm. I hope this kind of thing becomes universal and more prominent with the younger generations. If we want to make the world a better place (and most people who set out to do engineering do), we must put ethics and the good of society above KPIs and profits and individual company valuations.

I've been an Australian software engineer for 20 years and this is the first I've heard about "Engineers of Australia". Source?

I think parent is referring to Engineers Australia (formally, the Institution of Engineers, Australia), which is the professional body to which most engineery-engineers belong.

Most "Bachelor of Software Engineering" degrees offered by Australian universities are EA-accredited and contain mandatory engineering courses that EA requires. Most CS/IT degrees that don't have "Engineering" in the degree name are only accredited by the ACS (or potentially not accredited at all).

I'm also an Australian software "engineer", I don't have an EA-accredited degree, and the more I see of this industry, the less certain I am that we get to claim the mantle of "engineer" with the professional responsibilities that go with it.

What would be your proposed alternative to engineer?

Even though I hate how these companies take advantage of people, I hate restricting freedom even more. I prefer having the freedom to manipulate and be manipulated into these kind of traps instead of sending people to jail because they did something people don't like.

And we have the freedom to not use products that mistreat us, I left facebook a year ago and I'll soon install lineageOS on my cellphone, limiting myself to only open source apps.

I love the argument that severely diminishing your capabilities and quality of life in relation to others equates to “freedom.”

Keep in mind if more people were proactive about their own digital landscapes, things like LineageOS and open source software would not seem like second rate diminished quality of life to people like you.

Oh fuck it I was trying to be nice but this has got me going. In my opinion it's certifiably dillusional to think that Google and Facebook equate to a higher quality of life. Holy shit that's crazy. It's bonafide brainwash.

I've severely scaled back my dependence on Facebook and Google the last few years and I could not be happier. It's made me pursue real social interactions again. My personal laptop is poewered primarily by free and open source software and in the last year or so has become so smooth it's putting macOS to shame (I am not making that up for the sake of argument).

Idk what has convinced you that Facebook and Google equal better life, but I can only pray you wake up some day and remember how to live life that isn't managed by someone else's server...

I should add I don't disagree with society regulating behavior that negatively impacts society, but I don't think your chosen method of arguing that point is intellectually sound. And in this case I really find it hard to imagine how you'd regulate user experience of an opt in service such as these companies are providing.

>Keep in mind if more people were proactive about their own digital landscapes, things like LineageOS and open source software would not seem like second rate diminished quality of life to people like you.

If wishes were horses then beggars would ride. I prefer to deal with the world as it is rather than the world as I’d like it to be. Also keep in mind that if more people with proactive about their own digital landscapes, they’d be spending more time managing their platforms and less time doing the stuff they actually want to do. It’s solipsistic to think everyone should have YOUR preferred priorities and time allocation.

>idk what has you convinced that Facebook and Google equal better life

Not having to sound like a fussy prig anytime someone wants to get in touch with me is kind of a thing. Not having to have a “well actually, don’t you know that Facebook is bad!?” discussion whenever I meet someone new who wants to stay in touch with me, likewise. It’s like that old joke about “how do you know if someone does CrossFit/is vegan?”

“Real social interactions” means actually being able to participate in the social interactions where people are having them. I don’t know why you think being able to keep in touch with distant family via WhatsApp, or not not having to create extra steps for people who want to send me photos, or not needing to insist on a special process for inviting me to things are all valueless functions. What you’re proposing is like the equivalent of insisting, after the invention and mainstream adoption of the telephone, that people come to your house and drop off a visiting card if they want to speak with you.

As a tech lead I fight such dark patterns to a bloody battle.

It’s our responsibility to call out on bullshit like this.

You are one of the people that can actively make a difference. So yes. Many of us can't because we're not anywhere near any of these decisions.

It's somewhat puzzling to me. Do you really disagree with these practices? Because you are in a (relatively) unique position to do something about it.

Have you ever noticed something that is just wrong in society but couldn't really think of any plan of action to work against it? Maybe you live in one of those places where your vote doesn't really count, one way or the other. Know that feel? Or maybe you recognized injustice somewhere but it's just so far removed from your area of influence that you'd need to upend your life, change career or education to even begin pulling it right.

Of course you can always donate money or I guess, advocate, tell your friends, etc. But that doesn't really do anything (or very indirectly), and you know it in your heart.

This time you have an opportunity. So use it.

On this particular topic, all I can do is encourage you to act and make the world a little bit better. On other topics, I look out and try to notice such opportunities to better the world from my own sphere of influence, and try my hardest to be virtuous and do the right thing (we might not even agree on what is "right", as I don't know you), even if it's hard and it requires exposing myself to risk, going against the grain.

> I realize that the proper solution is to terminate my account and never attempt to log back in.... but I've had my account since 2006 and despite the company's terrible practices, I'm really not interested in disconnecting for good at this time

Well, that's the real problem, isn't it? If users aren't punishing Facebook by leaving the platform in droves, then what incentive does Facebook have to stop its consistently user-hostile business practices? Obviously it does not care about complaints alone: so long as engagement metrics are up, the users' opinions can be damned.

The good news (for those of us that don't like Facebook) is that it seems like users are leaving it—or at least that's the picture I get from stories/comments submitted here on HN.

I left Facebook. But mainly because I realised that it's a real poor way to keep in touch with anyone. Gives you the feeling that you are keeping in touch when in reality you are just sharing photos and quotes in a medium that's very noisy with adverts.

If you never comment on each other's posts, then you aren't interacting. However, it is a great way to "keep appraised" of how people are doing.

There are a ton of people I've met throughout my life and around the world, but only a handful with whom I want to interact regularly. FB, annoying as it is, at least let's me know if they are doing ok.

"apprised", not "appraised".

> FB, annoying as it is, at least let's me know if they are doing ok.

For some arbitrary definition of they. I've had a father of a childhood friend die and I didn't notice for two years. But that weird Australian friend of my former roommate that I helped through public transport from the airport last year? I get her drunk pictures. They didn't even like each other.

If you don’t like what you’re seeing, click the “hide stuff like this” option. I used to complain at end, then a friend forced me to use that feature and I rarely see something I don’t care about now (but still miss stuff I do care about as I don’t check FB that often).

> click the “hide stuff like this” option

I've clicked that button for plenty of sponsored links and hit "unfollow" for people I no longer seek input from. But there are hundreds more where they came from.

This is perhaps viable, like transparently maintaining multiple sets of subscribers to different types of posts is an option. Although the mental overhead of maintaining these sets, and the risk of addressing the wrong crowd, are both too big for me.

My current method of keeping an address book in a spreadsheet, and an active, short list of people that I wish to see, has, however, beat social media when it comes to intimacy and not wasting time.

Billions of dollars invested into machine learning and online tracking, and still I have to manually tell the thing about my interests.

> online tracking

Do the websites you visit define who you are (with zero context on why you visited it)? Do all the friends you have provide clear signal to what you want?

I don’t care how much $$$ is poured into ML, garbage in will always be garbage out. Something has to feed the model and if it’s all passive clicks with no strong signals from you, you get crappy results generally.

Those billions are focused on the company interests, not yours.

It lets you know how they say they’re doing, and nothing else. If they have a bot updating their status, maybe not even that much.

If you message them you can know

If you’re relying on active messaging, why bother with FB?

For me, it's basically network effects - FB is already set up, I can find people quickly (I don't have alternative contact details for some people), I know the recipients active use FB so will see it, and it's easier to send long messages on PC rather than a mobile device.

I also tend to need to message people at odd hours, and a Facebook notification feels less intrusive/urgent than, e.g., an SMS.

Because that's the only reliable way I can message my friends. I'm not sure what else would work, people change/lose numbers all the time. Email is the worst. Not really much solutions out there if you want to keep in touch with your friends.

I personally mostly use messenger.com, rarely use the news feed anymore.

Because everybody else is using FB for messaging? Network effect is a real thing.

Unfortunately, there are a lot of events/organizations that organize almost exclusively through Facebook. Unfortunately, there effectively no other free platforms with a critical mass of sign ups big enough to be used in that way.

  Unfortunately, there are a lot of 
  events/organizations that organize almost exclusively
  through Facebook
And there are services that require a Facebook account in order to use them. But you know what?

If your business, event, whatever relies on the fact that I have a Facebook account then fuck you very much! I'm not interested.

It's all good if you are in a position to say no.

Eg. I've seen some housing communities use FB for their mailing lists.

I think the best option is to create dummy throwaway accounts if there's something on FB you really need access to.

Except that I want to partake. I'm not willing to drop out of my hobbies just because of this, this isn't the hill I'm going to die on.

Of course there is Meetup which is certainly large enough for everything except the most niche event.

Meetup is one of the spamiest products ever

Never seen spam in Meetup. I hooked up my personal calendar with Meetup and it added quite a bit of events into my calendar which was a bit spammy but it's only because I had told Meetup I was interested in all that stuff and it was easy to shut off and filter out.

WeWork bought Meetup recently so I don't know if any of that will change now.

It isn't free to set up a meetup on Meetup.com though (which arguably helps keep the spam away).

Google Calendar/Hangouts/Maybe even plus?

Everyone has the gmail they probably created just to sign up for Facebook, since it seems this younger generation doesn't believe in email.

The younger generation seems to call Facebook by the name MomBook. Facebook is losing younger people by the millions.

I don't think that the problem is that there aren't suitable alternatives. More like, how would I force everyone who uses Facebook now to use something else?

Some of what I need to arrange can be done with calendar invites.

In my book this is more or less another proof that you should be vary of vendor lockin and that under no circumstances whatsoever use any such system for communication. It is bad enough to change phone number but you simply can't change facebook to something else and continue as usual.

I guess this leaves email, SMS and IRC as the main remaining options.

Somehow this needs to be communicated to the general public, but I don't have the slightest hope that this can be solved.

The future sucks.

I've been thinking about making an easy-to-use RSS client, so non-technical people can use it and post the stuff that they would otherwise put on facebook (before it got invaded by videos and ads) or twitter.

Have you tried mastodon?. Imagine Mastodon, but with a bloggy/(2008's facebook) vibe instead of a twitter clone.

There would be no ads, because it's decentralized, just like mastodon. The feed would be chronological, and the interface would desincentivize spamming (links wouldn't have thumbnails or previews).

The idea is to make a clean and simple blog interface with a profile section added, where you could put some contact information and a profile pic.

In fact I made a little preview of what I would like it to look like. What do you guys think? https://i.imgur.com/DSD1wE0.png

Also in that vision: * Manton Reece's Microblog, also build on feeds * Indieweb. No feeds, just webpages with Microformats.

Email, SMS, and actual phone calls satisfy almost all of my communication needs.

The only problem I have is about once every few weeks someone wants me to Skype/Hangout/Facetime/whatever-the-other-video-chat-options-are. I really wish video chat was handled by telecoms in the same way phone calls are. Standard and ubiquitous.

For small video calls (especially just 2 people), a WebRTC system like https://appear.in is good enough and avoids lockin.

On appear.in I get a message telling me I don't have access after allowing access to camera when I use Firefox, so seems to be another site who is Chrome only

Yep. As as a European WhatsApp has become as essential as breathing. Just the thought of coordinating all my contacts to switch over to another app is scary.

Unless WhatsApp ever charges money. That would get people to move.

> Yep. As as a European WhatsApp has become as essential as breathing.

Sorry to burst your bubble, but I am an European, and I have never used WhatsApp.

I don't use WhatsApp myself but I was surprised to find that members of my extended family (mostly in their 50s) had started using it to stay in touch rather than Facebook.

Also, from what I have read, WhatsApp is very popular in UK political circles (MPs, SPADs etc.).

I don't use WhatsApp myself but I was surprised to find that members of my extended family (mostly in their 50s) had started using it to stay in touch rather than Facebook.

They're still using Facebook, just one of its other shapes.

I think when people refer to Facebook they mean the social networking site, not a product of Facebook Inc.

If you genuinely consider a phone app as essential as breathing you should reevaluate your situation before it goes away or causes you issues. If your life and communications ever become hampered due to WA there's no one to blame but yourself. It's a large point of failure for people that rely on others so heavily.

WhatsApp charged money before they were bought by Facebook

> I guess this leaves email, SMS and IRC as the main remaining options.

But how are those not also vendor lock-ins?

Email and IRC are completely vendor-agnostic protocols. I'm not as familiar with SMS, but it's much less centralized than Facebook - any user on any SMS provider may contact any other user, not only ones with the same provider.

And in many countries, you can port your number to other providers, much like with email (if you have your domain).

You can text anyone on any network.

Anyone in your home country.

For me, and I don't think I am unusual in the US at least, texts to anywhere outside of the US, Canada, and Mexico aren't allowed without paying extra. Texts to many countries aren't allowed at any price.

Sucks to be at your Mobile Provider.

I can text literally any phone number, given I have enough money booked on the account. SMS is by nature not centralized, the data is exchanged between mobile providers.

If you were to start your own mobile provider, you could text anyone everywhere given you manage to get peering.

"...Well, that's the real problem, isn't it? If users aren't punishing Facebook by leaving the platform in droves, then what incentive does Facebook have to stop its consistently user-hostile business practices?..."

And the reason they're not leaving and don't want to leave? Where else are you going to connect up with old friends and remote family members?

I said it when Facebook started growing like gangbusters. Facebook is the frickin' devil. It uses your friends and family against you. For a free service, it sure costs like hell.

> Where else are you going to connect up with old friends and remote family members?

Wait, are you really suggesting that Facebook is the only way to keep in touch with old friends and remote family?

You can connect with them over email, SMS, or even not at all. Or you can use Facebook and experience the downsides that everyone is mentioning. This is a timeless story where a company provides a service, people get used to it, then complain when the company changes the service against their liking. You are and have always been free to communicate as if FB never existed. They owe you and your family nothing. But in many cases people prefer to pay the costs of using the service. They're not the devil just because you fail at communication without them.

>And the reason they're not leaving and don't want to leave? Where else are you going to connect up with old friends and remote family members?

Pick up the phone. There's FaceTime, Skype, text messages, actual phone calls, going to visit, sending letters, sending emails.

Or, if you can't be bothered to do any of that maybe you should not even bother trying to connect?

people could start writing letters again, that would be interesting

Maybe you could find a way for people to even send mail electronically. Over the internet. Almost a sort of an e-mail type of thing, if one were to be so bold as to coin a new word for it. Us smart internet engineers could even probably come up with at least 5 well-defined protocols that no one actually adheres to. This could be fun!!!

we could call it pen-mail ... part of the protocol could be that only letters written with a quill pen at a desk in a room with a fireplace would be able to be digitized and transmitted through pen-mail

> If users aren't punishing Facebook by leaving the platform in droves, then what incentive does Facebook have to stop its consistently user-hostile business practices

A huge GDPR face slap could definitely help. I'm really curious to see how this plays out.

While GDPR should be a privacy win for users, it is a giant pain for us as a small business. 1% of our customers are in the EU and the administrative overhead (as portrayed by our legal counsel) is unbearable at our price point. We decided to pull out of the EU, along with the other players in our niche.

May I ask what your niche is?

> The good news (for those of us that don't like Facebook) is that it seems like users are leaving it—or at least that's the picture I get from stories/comments submitted here on HN.

This is good news in the long term, but in the short- and medium-terms it means Facebook is going to get desperate and start deploying more and more dark patterns like the one the GP is talking about. Considering their reach, I shudder to think of what a desperate Facebook will look like for the Internet.

I think that’s actually the case. In the many years I used facebook I don’t think I received a single email from them (only from that shitty trip advisor fb app that was spamming me like there was no tomorrow). Like many others here I got annoyed by my facebook feed and simply deleted the facebook app from my smartphone which means I now only connect once a week or less. Almost immediatly I started receiving a lot of facebook spam on my email. Clearly they have an algorithm “shit this user is leaving, let’s try to get him back” (algorithm which effect was only to aggravate my annoyance level). They must be worried about that.

the fewer that people use the network (FB) the less valuable it will be

HN crowd is a quite special case.

Elsewhere in the world, FB is assumed as to be the standard. My romantic life has been very disappointing, so some time ago I tried creating a Tinder account (it is the only dating [yes you read it right, dating, not hookup] app that has entered the popular consciousness in this country and thus has a significant amount of female users). Last time I checked, they still required a FB account.

I think you can now sign up on Tinder with a phone number

The amount of people that complain about a service, product, or company, yet continue to be customers, astounds me. And then they wonder how they get away with their practices.

Post hate-comments on every Sponsored Post you see. I'm hoping eventually they will implement an algorithm to blacklist people like me from ever seeing ads.

Not really. Every user who experiences is going to accrue anger, resentment, distrust for the platform, and they'll treat it accordingly, and when an alternative arises, switch.

IMO Facebook should totally lay off security confirmations, account bans, and all that stuff because it just antagonizes people, unless the user actually does something significantly harmful to other users experience, ie largescale spamming (not just regular sharing), actual fake news propaganda (not just sharing a political story), actually abusing an account (not just using untrue details to protect their own privacy but otherwise using Facebook in an OK way).

Otherwise, yeah, I think everyone's going to jump ship at first opportunity, because they don't get treated that well as users.

They definitely are. And for users like me they certainly aren't getting their money's worth... I use FB purity, ublock origin, and have spent the better part of the last year using the 'on this day' feature to scrub historical information from the platform.

As a tool Facebook still has valid use cases for me. The benefits of keeping it edge out any negatives. So for now I will stay. Unless any egregious election meddling information comes out, in which I'll seriously reevaluate that decision

> to scrub historical information from the platform.

You know they never actually delete user data, right? They don't delete your data if you actually delete your account, much less if you just delete a post. They just stop displaying it then.

This is something I wonder about. I'm certain they never delete anything, because in aggregate all that data is surely very valuable and will be for years to come. However, I hope that by marking it for deletion, it becomes more likely that it gets stored on increasingly distant/cold media, increasing the likelihood that over the years it gets overwritten or corrupted or some drives fail. If times get difficult, maybe they'll mark my data as low priority, and let it get overwritten to save some money. Can anyone shed some light on this - is this just wishful thinking? Is storage too cheap?

Another thing I wonder about: perhaps if some companies want your facebook data, they might pay a rate and see all current information on your facebook. By deleting your data, you've denied these lower-tier companies from accessing it. I suspect that with enough money, they could buy access to deleted posts too. But such companies are probably fewer in number.

> is this just wishful thinking? Is storage too cheap?


In essence it’s cheaper to store than delete.

They're very serious about data preservation.


This is why I'm never giving them another piece of data for as long as I live. I haven't logged in for years and I blackhole Facebook emails to a folder I scan periodically just in case someone from years ago needs to get in touch with me.

Interestingly enough, these emails occasionally get past my inbox filter, and I have to update my regex. I imagine this kind of circumvention is someone's full time job, which just repels me further from the platform.

is_deleted: true

Okay we're done here, folks!

I don't want to delete my account either, because I use fb to stay in contact with friends spread around the globe. (Granted: Very rarely to post something in local groups also.)

But my bookmark points to facebook.com/messages and I practically never look on my feed. I guess (/hope) I'm about as valuable as a deleted account to facebook. Please feel free to correct me if you have some insights into this!

I just think you need to be cognizant of how Facebook is tracking you across websites as well. It's not just the information you have associated with your account, when you are logged into Facebook, you are tracked wherever you go. Now, there are certainly ways to limit this using plugins, etc.

Yikes- wow, even from my computer browser- not even from my cell phone? If I have facebook password autosaved, log in, check facebook, and close the window without logging out, is it still tracking me? Damn. I did NOT realize this.

I also recommend installing EFF's Privacy Badger extension. It shows you everything that is tracking you across the interwebs.

Look at any other website - is there a FB Like button saying "25 of your friends liked this"? Congratulations, FB now knows you visit that site.

Facebook reports of active users to their shareholders every month. You're an active user, you're valuable. The information you share via messenger, is equally valuable.

Use messenger.com instead of facebook.com/messages to get rid of the distracting notifications.

I do the same.only use it to message some people. I try to pull them into hangouts or signal because at least they are more or less jist a chat app so dont provide me useless notifications.

> then what incentive does Facebook have to stop its consistently user-hostile business practices

Once upon a time in the USA, and in some nations today, there was/is regulation in the public interest. Why not try it in the USA?

You aren't required to use Facebook. You can, in less than one second, stop using it.

It isn't electricity, roads, water. It's freakin' Facebook.

The point wasn’t that they have a monopoly, it was that they have unfair business practices.

You can file a TCPA complaint [0] against Facebook for spamming your mobile number after you've instructed them to stop ("revoked consent"). There are a number of stories about TCPA around the web [1].

[0] https://consumercomplaints.fcc.gov/hc/en-us/requests/new?tic...

[1] https://www.forbes.com/sites/legalnewsline/2017/09/05/tcpa-d...

(IANAL, this is not legal advice.)

What I found especially grating about that banner was the version that said "These friends all shared their number".

At least three of those stood out to me as the kind of person to never do that, so I asked, and they hadn't. Facebook was blatantly lying and trying to influence me by showing the people that I interacted with the most on their website at the time.

I had a similar experience around a year ago, with Facebook texting me a notification out of the blue to the number I had set up for 2FA. In a show of futile-yet-satisfying passive aggression, I texted back "go away" to the robot... which promptly posted it as a status update on my timeline, to the confusion and concern of my friends until I noticed and took it down.

What a brilliant dark pattern! Make people's assumed private snotty replies to them public and visible to their peers.

They out passive aggressived you like a ninja.

They have the advantage in the power balance of the relationship.

>I've had my account since 2006 and despite the company's terrible practices, I'm really not interested in disconnecting for good at this time

Having a Facebook account is like being in an abusive relationship. You've been together for a long time, and you keep hoping they'll change, but they never do, and it just gets worse and worse. The sooner you realize this this and get out, the less additional time and energy you'll waste.

To add to this... I also made my account sometime in 2006, right after you didn't need an .edu anymore. It was a great platform, because it combined my friends, photos, and events.

So I could find out about an event, go and meet people, and then find them later in the photos and friend them. It snowballed very quickly, and it helped that I was really into photography at the time. It really was the perfect social platform for me at the time. It contributed greatly to my life.

For me, the main motivation to stop using it and eventually leave was all the frontend changes that made the website clunky and tedious to use. It used to be a joy, and now it's just... Well, IYCSSN... Even m.facebook.com, and many of the features are broken on it.

I deleted my account a year or two ago, after a couple of failed attempts, since there was a 14-day cool-off period before they would actually "delete" your account.

I recently made a new one just for keeping up with a couple of event spaces, but that's basically all I do on it. That, and I friend all the spammer accounts that send me requests, because, why not? The more the merrier. I'm pretty sure that's where most of the growth is coming from at this point.

> I realize that the proper solution is to terminate my account and never attempt to log back in

I've had a "terminated" account that occasionally gets emails inviting me to "Log back in with one click". When I originally tried to delete the account, it told me it would be actually erased a month after. That was 6 years ago.

Yeah. It's no secret that they never fully let you disconnect. If you're serious about it, seems like you need to create a burner email account with an absurdly complex password, update FB to use this account, and you know the rest

I have a similar problem with email spam, except at the bottom of every email there is a link to "disavow_contact" - the problem is it does nothing

They do actually have a "delete" switch, but it's harder to find than the "deactivate" one. I've made this mistake before, then with a quick google for "deactivate vs delete facebook" I learned how to do it right.

Surely GDPR will force them to actually delete the account when you terminate it (+/- mandatory data retention requirements).

To have your account erased as opposed to "deactivated" (which doesn't really do anything) the surefire method is to spam gore images on popular groups.

I'm pretty sure even then they don't actually delete your data. They just make it impossibly for you to reactivate your account.

Interestingly I've read an anecdote that in the EU you can write them and say "Either delete my account or return my access to it.", and because they don't/can't delete accounts...

>I was constantly annoyed by the 'secure your account: add your phone number here' banner frequently displayed at the top of the page

Use uBlockOrigin, it's good at fixing these type of shit.

The most underrated comment of the whole page.

I like writing hate comments deriding advertisers for their horrible products and waste of ad spend on every sponsored post I see. Facebook wants me to be the product they sell to advertisers - so I want to be a negative-value user.


Investment Product -> "WORSE THAN A PONZI"

Anything -> "Only an idiot would buy this."

Not sure you can win at this game. I wouldn't be surprised if facebook pushes engagement notifications to you friends saying 'Person X commented on product Y with all caps comments! Exciting? Shocking? You decide! (After a short 45s pre-roll video ad)'

It's worth mentioning that you can be sued if the company can prove damages. In the UK, the burden on the plaintiff is even lower.

Better to make it appear to be your opinion, as opposed to a (false) statement of fact.

> but I've had my account since 2006 and despite the company's terrible practices, I'm really not interested in disconnecting for good at this time

This behavior does not encourage FB to self-correct.

Disconnecting is the best thing you can do for yourself. This company has manipulated you so much that you're actually addicted to it. Just look at what you wrote. You're too invested and addicted to leave a website that willfully and repeatedly violates your privacy? You're better than that.

I must say, his statement did remind me of my friends who smoke(d).

Anecdata: I deleted my FB account a few months ago, every few weeks I get an SMS asking if I need help signing in. Also get the same message emailed to original account email address and (!) my work email address - which I've never entered into Facebook.

The work address part is just terrible and totally unethical. Facebook might have gotten your work address from other people who have shared their device/services address books with it, but I thought this is used only for more profiling and targeting, not blatant misuse!

This is also why I vented about Facebook's new face sign-in for "security". It was extremely obvious and expected that Facebook will use that biometric data for much more than just security, and in fact I was sure that security was just a pretext, and not even a top 3 reason for doing it.

Facebook is right up there with Uber in terms of shadiness. You can't ever trust them - they've shown us that too many times to count at this point. And there's no "earning the trust back" with Facebook, not that they would ever try to genuinely do that.

Oh, and Google does this crap with the phone number, too. This is why I hated it when they pretty much forced you to use a phone number for 2FA a while ago. They also know very well what a terrible 2FA option the SMS code is at this point. But they keep it around so they can get your phone number for advertising reasons, which I guess trumps all.

If despite these practices and despite you realizing what a horrible breach of trust this is you still don't consider it the last straw and do not get your account banned (which erases all information about it forever, at least from the public view, as opposed to "deactivating" it which leaves all the information and posts there which makes it almost equivalent to simply not logging in), then you are a part of the problem. You are forcing the other users among your friends to remain on this user-hostile platform and you are responsible for its domination. You have to draw the line somewhere. Enough is enough. They are showing you that they consider your privacy worthless. Somebody has to be the first to leave the website.

Deleting Facebook is hard but it’s the moral thing to do.

  About TWO years ago I was constantly annoyed by
  the 'secure your account: add your phone number here' 
That and an obnoxious, flashing add "It seems you live in Wherever, please klick here if you live in Wherever!" were the actual reason I "deleted" my account about 3 years ago.

With all that shit they pulled during only that period it just proves that it was the right decision to make.

I never looked back.

It might sound harsh, but from your comment you know exactly what you were doing and the probable consequences.

At this point I'm not quite sure simply terminating is the best way forward, sanitizing a profile with disinformation ( or straight filling with garbage up to the brim) might work better?

Very good example of the importance of using open protocols only. By using proprietary protocols like facebook, you completely lack control, they can change whatever they want and you have to take it or quit for good, which can become difficult when you have so many contacts only over that proprietary protocol. If your e-mail provider pulled shit like that, you could simply change to a different provider, or even use your own mail server.

Of course there is some peer pressure to join those proprietary networks. But friends will also keep contact without those networks. I never had a facebook account, never joined whatsapp, never used twitter, and am still alive!

> I'm really not interested in disconnecting for good at this time

This is all they heard.

Not really, I think better solution is to get prepaid number specifically for 2fa. Get separate email for it and always use FB in incognito mode or in firefox container. I think you can minimize your exposure to FB and don't have to give up on it. Depends on how much you need it. I use it mainly for chat. So I have messanger lite on my phone and that is about it. I do not really post/like/commment on feed. I share photos with specific people that I think are interested not broadcasting on the wall.

Terminating is impossible. They made it that way and have told this numerous times.

Now you know how they get their info and now you can get creative with it. Info doesn't always have to stay the same.

The mobile number is the holy grail. You can buy all sorts of evil information from the carriers, and your number is sort of a public key representing you in other contexts.

I knew they would do something like this so I never put it in.

Jiffy Lube spammed their customers via SMS and got sued for $47m.

Source: https://www.tatango.com/blog/how-the-tcpa-impacts-text-messa...

I don’t know the details about FBs (mis-)use of SMS for this particular situation and IANAL, but perhaps they accidentally opened themselves up to this massive liablitly.

The problem is shitty defaults.

I recently added a new phone number to Facebook, and I had to specifically disable getting SMS notifications from FB, it's on by default.

I don't even know why they still offer them. I understand the utility of SMS notifications for FB 10 years ago, when smart phones weren't the norm but most people have the Facebook app installed on their phone, I don't need 2 notifications.

> I realize that the proper solution is to terminate my account and never attempt to log back in

I disagree with this point. Service providers, of any flavour, whether paid, or free†, should be regulated to only use your contact details for actions you have pre-approved.

† free - conditions apply, nothing is free

Oddly enough I did consent to receiving notifications and they kept turning them off on me.

Why not play the two big TechCos off each other? Use a Google Voice phone number on an account whose backup is "user@facebook"

That way you've decoupled those particular services and annoyances from the rest of your life.

user@facebook.com email addresses were killed, even in their reduced, forwarding-only form, on May 1, 2016.

So that's not going to work.

Well... drat.

I'm confused because I have never found dismissing the secure your account interface hard to close.

This is one of many reasons why GitHub is my only social network.

Primarily, I just don’t like being a product.

Things like this are the reason that when a company starts spamming me, I update my account with the company's own information.

I started when no matter how many times I tried to unsubscribe, Walgreens kept using my phone number (which is supposed to be used to verify that the right person is getting the prescription) to spam me flu shot notices, auto-refill offers, and more. So now those robocalls go to Walgreens HQ.

Most companies list an email address and phone number for their PR departments on their web sites, so these are what I use since they're not hidden and go to real people.

I know this doesn't work for 2FA, but it's certainly satisfying in other scenarios.

I do the same with B2B email spam. Just give another spammer's info, so company A spams company B, B spams C, etc.

I've got a small list with CEOs emails, numbers, etc.

Not legal, but I like it

For a while, you'd be asked for your post code when buying TV equipment (UK). Whilst it wasn't a legal requirement to provide, a lot of places would be really awkward about it if you didn't. I took a small amount of satisfaction in providing the Downing Street post code.

It's now no longer an issue as companies aren't required to ask for and forward that data to TVL so they don't ask (and I'm probably ordering online so they have it anyway).

I generally use webmaster@[their domain] so they get the SPAM instead of me.

It's not legal? What part is illegal?

When a website offers you a quote about water fountains/new printers/whatever, I doub't it's legal to say that you're company X and that you'd be interested in this particular quote.

I'd be interested in seeing a specific law or case where that sort of thing was illegal. Lying by itself isn't illegal (in the United States at least, i dunno about elsewhere)

It's pretty clear from some simple googling that he ended up somehow activating a feature called "Facebook Texts" (the key giveaway -- that replying to the texts posted to his wall):


I believe that he didn't set this up intentionally and it may very well be a bug that caused him to be signed up, but as bad as Facebook is I'll eat my shoe if they signed up every single person who gave a 2FA phone number to this service.

Not to detract from the fact that Facebook's nagging is indeed a huge problem.

> I'll eat my shoe if they signed up every single person who gave a 2FA phone number to this service.

Facebook doesn't have to sign up every 2FA person. It can pick a few hundred or thousand and see what happens. If engagement increases, then more 2FA people are brought on board.

If this isn't widespread, it may not be the user's fault. It may just be the camel's nose under the tent.

The evil of unrestrained A/B testing.

I've heard engagement increases if you give the impression a family member is going through a personal crisis, perhaps facebook ought to look into the technique, seems excellent for the metrics.

No. Look at the following tweet. He explicitly says that he hasn’t enabled this and posted a screenshot of his settings:


Update: Matthew Green just experienced the same thing, in the midst of tweeting about the security implications of abusing 2FA phone numbers this way:


It's a default that's checked when you add your phone number.

I'm not happy that it's a default, but when I added my phone number I had no trouble noticing it and disabling it.

My wife started getting these after she hadn't logged in for a few weeks. We thought it was them getting nervous about a lost user. Since she hadn't logged in, it definitely wasn't her accidentally checking a "please text me spam" button.

I found a similar thing with email notifications. If you regularly login to FB and look at your feed they will leave you alone. Delete the app from your phone or neglect logging in and you’ll start to get email notifications about the silliest things. Of course they don’t contain much more than “so and so shared a link” without any description of what was shared (trying to get you to login and look.) Not quite as bad as 2FA number, but irritating nonetheless.

Facebook has been steadily decreasing the usefulness of its email notifications in order to push more use of its app and website. The old notifications used to give you the content and allow you to reply through email, but not anymore.

The notifications are also dark-pattern hard to manage. If you don't want a type, you have to wait to receive an example of it to unsubscribe. Their central notification page only allows you to re-enable particular notifications, but give no way to disable them individually.

Facebook is a terrible product that can't die fast enough.

> Facebook is a terrible product that can't die fast enough.

For the sake of humankind, I'd rephrase it as "Facebook is a terrible company that can't die fast enough."

They may not realize, but they really badly reinforce why people leave.

If you try and deactivate, there’s a horrible series of hoops to jump through which just make the service feel so desperate.

If you minimize your usage, you get flooded with desperate emails trying to convince you to login.

If you’ve stepped away out of fear it’s becoming a low-grade attention merchant full of bad practices, these tactics just reinforce the idea that you really really are doing the right thing backing away.

Back when I had the Facebook app installed on my phone, if I didn't open it for a long period the "so-and-so posted an update" push notifications would eventually slow to a trickle and ultimately peter out altogether. But if I so much as touched Facebook, the floodgates would re-open and I'd be spammed with them throughout the day, until the process repeated and they died away again.

In a weird way Facebook ended up conditioning me to avoid using it.

I have blocked all of FB's allocated networks worldwide on my machine (via a look up of allocated IP space and fed into iptables / ipset).[0] So FB doesn't even get "phantom" traffic from me (indirect traffic from FB logos / js on random websites). I only log into FB a few times a year and only via a temporary VPS in another country and using an incognito browser tab.

So now FB has taken to emailing me complaining that they are missing me and that I should log in.


WAYNE: I don't own A gun let alone many guns that would necessitate an entire rack. STACEY: You know Wayne if you're not careful you're gonna lose me.

[0] https://news.ycombinator.com/item?id=15222936

EDIT: fixed link to go direct to the comment

I know a few people that completely block every IP range owned by Google, Amazon, or Facebook.

Most of that works fine, sometimes some shitty websites are on AWS or GCP or load JS frameworks from their CDNs, but the worst is:

You can't connect from Android to their WiFi anymore.

Android pings a Google server, if it can't open a connection, it immediately disconnects. In Android 8.1, there's no way around that anymore. You can try every setting in the WiFi settings, and it won't change a thing.

Can the response be faked?

Probably, considering that domain is HTTP only, but why is this even necessary?

Sometimes I do want to connect to a local network without internet.

Oh I agree, it is a very one size fits all fallacy kind of mistake.

I always enjoy a wee chuckle to myself every time I get down voted on HN for expressing humour; I feel like a modern common man G.B.S.

'My method is to take the utmost trouble to find the right thing to say, and then to say it with the utmost levity.'

> If you regularly login to FB and look at your feed they will leave you alone.

This is false. My nan has an iPad she basically only uses for Facebook, and her email is unusable because she has thousands of messages from Facebook. I have no idea why they send thousands of emails to somebody who logs in every day and never ever opens one of their emails but they do.

Also they reset your notifications settings regularly. I have disabled the email notification settings at least 5 times but after a while they keep coming again.

The social media behemoth has seen a decline in traffic in recent weeks along with millions of users leaving its platform [...]

Two years ago I said that Facebook will be dead by 2020 [1] and that line made me check the current situation, we are right on track and linear extrapolation still hits zero in mid 2020 [2]. As mentioned in the original thread, don't get fooled by the normalized numbers, the search traffic for Facebook is enormous and chances are good that any search term you consider popular will be indistinguishable from the horizontal axis if you add it for comparison. But »facebook« is already down from ten to four times »porn«. And yes, the trend can and possibly is at least partly due to other factors, some are also discussed in the original thread.

[1] https://news.ycombinator.com/item?id=11442935

[2] https://trends.google.com/trends/explore?date=all&q=facebook

Wishful thinking. Facebook may be struggling in 2020, but they certainly won’t be dead. I’d wager they’ll still have more than a billion DAU.

Edit: do you have an explanation for why this graph has been cratering for years while Facebook’s MAU and DAU have continued to climb?

Also, see Youtube’s search trend. Pretty sure it hasn’t been dying for years now.

This just isn’t a good signal, sorry.

My best guess is that the active user numbers are not representative. Once you have an Facebook account checking once a day if something interesting happened or sending a few messages makes you an active user, I guess, but in my book that does not mean you are really using Facebook.

I still visit Facebook almost every day, mostly to chat with friends, even though my feed has mostly become an uninteresting desert years ago and I rarely - less than once a month - post, comment or like something. So if I am not an exception, then looking at the number of users posting or commenting on any given day might vastly differ from the number of active users but I admittedly don't know how exactly Facebook defines those.

And if you look at the search traffic for MySpace, Google+, or the German StudiVZ and MeinVZ [1] it certainly tracked the rise and fall pretty exactly. Finally the YouTube search traffic is essentially flat for me since 2012 besides a step at the beginning of 2016 due to changed data collection methods.

[1] https://i.imgur.com/SGci58n.png

Ah, I see. So in this case, “dead” means billions of people who login multiple times per week and the accompanying tens of billions in ad revenue.

May we all have startups that suffer such a fate.

Seriously though, I’m not sure what your point even is. Facebook doesn’t care about how often you login or why, as long as ad revenue keeps flowing. And those numbers have grown like crazy over the period where you say their search traffic (and thus their userbase) has been cratering. I just don’t see it. Every meaningful metric for Facebook that you can find for the period in question points to the search trend not being a reliable predictor.

Also, my point with YouTube is that their search trend has been flat or declining since 2012, but YouTube as a platform has been anything but over that time period.

Not a useful signal.

Most people access Facebook through the app or directly to the website.

Google search traffic is not a good indicator of Facebook users or popularity.

That is not really a convincing argument, even if nobody used searching to get to Facebook, the search traffic would still reflect the general interest in Facebook. But given the huge search traffic it is not convincing that nobody uses search to access Facebook to begin with. So one has to at least argue that the decline in search traffic is due to user migrating from browser to app or something along that line. Also see the comments in the old thread.

Everybody uses power utilities, but what's the search volume for power companies?

Low but constant [1] and it is the constant volume that matters, not the volume on itself.

[1] https://trends.google.com/trends/explore?date=all&q=%2Fm%2F0...

Previously, the search traffic will have represented general interest plus people using it to get to the site. You'd expect a decrease as more and more people use the apps, or web browsers get better at autofilling the domain rather than it becoming a search, even if the level of general interest remains the same (anecdotally, circa 2011 most people I knew would use Facebook on a PC; now most use a mobile app).

There's probably a decline, especially given the myriad messaging apps that have come to prominence more recently, but not as sharp as the searches would suggest.

Are you sure about that?




Those graphs suggest that while the trajectory is bad on this graph, any other site doesn't come close.

Sure, the search traffic is huge but so is the rate it is falling at. If it stopped right now, it would still be a very huge site, but are there any indications that it does? Are there good alternative explanations for the decline in search traffic that would not indicate a decline in popularity of Facebook, for example can the decline be matched with users migrating from browser to app? I failed to find a satisfying alternative explanation.

Besides that, I noticed a decline of the popularity of Facebook among the people I know at least about 5 years ago. I only looked at the search traffic for confirmation years later when that trend was pretty obvious from personal experience because I was interested whether that was a general trend or only due to me and the people I know becoming older or something like that.

Add to that that I talked to some young teenagers last year that somewhat proudly told me that they don't have and never had Facebook profiles and for all I know Facebook really is on the way down. Whether everyone just moves over to Instagram and WhatsApp and what all that implies for the company Facebook is of course also a different matter.

Maybe in the U.S. I was in Asia few months ago and I came across people who were new to Facebook. Facebook still has a honeymoon period with those people who just discovered their 'new' platform. Given the massive population in Brazil and India that would be a sizable chunk of users.

But financially problematic for Facebook. They built an expensive cost base that relies on advertising for users with high nominal income. Advertisers pay far less for Indian and Brazilian users. That's why the decline in US users is so important, not because they lose traffic but because it's directly linked to revenues.

> Importantly, Lewis isn't the only person who claims this happened to him. One Facebook user says he accidentally told "friends and family to go [to] hell" when he "replied to the spam."

Wow. I deleted my FB acct. 8 or 9 years ago because it kept getting worse and worse. It's just sad to read about it now.

From my POV, Facebook is like a TV series that had an incredible first few episodes but quickly grew progressively and irreversibly worse, with a large percentage of its users only hanging on now with grim determination.

We've probably hit peak FB...or perhaps FB has jumped-the-shark using your TV series comparison...either way, any news about the decline of FB is good in my book.

Like most products it started as something pure and simple, but once all the various business strategy dips got a chance to put their hands on it, it was ruined.

Like so many things. It is so saddening that we nerds do this to ourselves, allowing the wonderful things we build to be ruined by foolish idiots, time and time again

I believe we just getting into a period of social networks phenomena, where everyone is sick and tired of the big Facebook, and soon a fresh new thing will pop-up... This network will be smoother, nicer and smarter approach to social networks than Facebook is and will serve same users, just more mature. Sure few years ago FB was such giant that noone could touch it. But since then the cost of Cloud-computing and serving millions of connections per hour went drastically down, and its never been a rocket science to design and program basic social network.

I just wonder if we already have such network and I just happened not to hear about it yet :)

Literally the "walking dead" of internet products

I suspect facebook is doing an even sinister version of this in India. It runs what is called an free mobile authentication service for startup called Account kit. A lot of apps use it to authenticate mobile numbers because it s free.

However, I suspect that facebooks intention behind this are not charitable at all. With this service facebook is able to get your phone number even if you dont give it to it. As long as you have installed any app on your mobile phone which uses Account kit to authenticate, facebook will be able to get your phone number and associate with your facebook account.

We talk about how Uber has lost the way, but somehow Facebook escapes all criticism. I think facebook is so lost at this point that they might as well shut the company down and go home.

Facebook Insider: That is nothing compared to how Facebook uses your phone number on a another persons contact list then aligns that with cookie activity on your computer to get friend recommendations to other accounts that are unrelated to your phone number. The use of your personal phone number internally at Facebook is perverse.

If you block Contacts access on your phone (iOS/Android) can Faceboook still access your contacts ? Are you aware of any loopholes that lets Facebook access someone's contacts ?

If some of your contacts have this enabled then they can rebuild the network.

There was a case not so long ago where unrelated patients of a psychiatrist were suggested as friend to each other. The only possible link is that they all had the psychiatrist in their contact or vice-versa. The friending suggestion by itself was an outing of private medical information.

My wife is a private practice speech therapist. She goes to great lengths to separate her personal social media from work social media. She has separate work and personal accounts for Facebook, Google, WhatsApp etc. Still she gets friend suggestions for her clients on her personal accounts. And it's not just once or twice, usually her suggested friends list is almost the exact same as her current client list.

Its creepy, and slightly disturbing to realise just how much effort they are putting in to mapping out your life and acquaintances even when you try to prevent it.

That's possible. People are probably giving Contacts permission to Facebook without thinking twice.

Although I recall a comment by a Facebook engineer about how they link users based on their IP addresses. So if you and your coworker are connected to the same WiFi at work Facebook can easily figure out that you both work at the same place.

WhatsApp says hello!

This happened to me too. The value of being on facebook is an illusion. In person relationships are vastly more rewarding, both emotionally and financially.

No, it's not an illusion and it has nothing to do with facebook only relationships (I don't even know what that is). All the people I contact on facebook I have in person relationships with. For well over the past 3 years its primary function has been as an organizational tool for my close group of friends. Few of us update our status or regularly post on there anymore. They live in different cities, states, or countries now. Groups and events make a fantastic way to plan a vacation with friends and has all the interactive features you'd want for that sort of a thing (messages, RSVP, polls, etc) that e-mail simply can't give you, and the fact that facebook is completely ubiquitous among my friends make it really the only choice for the job (although I do suspect this is due to our age range- we are all mostly in our early 30's - I think if we were older or younger this would not be as true).

Until someone makes an organizing tool that can break the network effect facebook has with my friend group, I'll have a facebook account.

Its not that hard to sign up for an account on airtable or trello or whatever service.

It is hard to have all your friends on that specific service.

> Until someone makes an organizing tool that can break the network effect facebook has with my friend group, I'll have a facebook account.

Is that really something people do - substitute in person relationships for Facebook ones? "I could hang out with my SO today, but I guess I'll just go on FB instead"

Many people do this habitually, though not so explicitly.

Well, every time you choose to do one thing, you also choose to not do a million other things.

A lot of people are experiencing real harm to their mental state from habitual social media use.

In person relationships being more rewarding doesn't mean that Facebook has no value. I personally get a lot of value out of being on Facebook

Many of us have family spread all over the country. I can keep in contact with them all via a facebook group instead of one at a time over the phone or group text (...not that my mother would understand how to do that) or the like. Even if you don't appreciate how it connects you to your friends (if it even does), surely you can appreciate how it can connect you to your family.

I completely agree. I don't use FB for anything other than keeping up with my family that live in different states. I don't have any casual friends on FB, and especially not co-workers. For seeing pictures of my nieces and nephews and various family gatherings that I can't be a part of FB works fine. But I don't follow any brands or willingly subject myself to advertising...all the stuff that FB wants you on their platform for I willingly ignore.

I refuse to add family on FB because I try not to use it at all. There are some community groups that I use it for or I'll be left in the dark. I've had good luck getting family on Keybase. No ads, no frills. Messages, groups, photos and encryption. What isn't too like. I like my git repo, but that is just a bonus.

Facebook has been asking me to add my mobile number to secure my account. It even prepopulated the input field with my mobile number that I never shared with them! My best guess is that their app farmed it out of the phone adress book of one of my friends. Either way, they definitely overstepped the mark here, in my opinion.

Do you use Whatsapp? Unless you opted out during the short window they offered during the summer, Facebook got all your Whatsapp contacts and data, and that of course includes your phone number: https://www.cnet.com/how-to/how-to-stop-whatsapp-from-sharin...

It'd be very easy for Facebook to cross-reference multiple address books (even 1 would be enough) and create "virtual profiles". E.g. if Alice is not part of the Facebook/Whatsapp ecosystem but Bob, Charlie and Donna are, and they all have Alice's phone number (unique identifier!) on their phone. If all 4 hang out together a lot and Bob, Charlie and Donna upload a lot of pictures of all of them, and they diligently tag people who have accounts, then Facebook can probably figure out the 4th person (which face they've stored for their recognition engine) is probably Alice.

And if Alice, like the poster, never gave Facebook her phone number, but Bob, Charlie and Donna have it under "Alice Lastname", and they're all friends with Alice Lastname on Facebook, Facebook can probably be certain to say "Store your phone number, we think this is it.". Or to word that properly, "Confirm your number, although we already know this is it."

I do not but a number of my friends are using the Facebook Messenger, Facebook App and Whatsapp.

Slightly related peeve: if you enable 2FA on Facebook they will never expire any existing browser cookie or mobile app token. Thus whoever gets their hands on your desktop or a device, even months into the future, will bypass 2FA.

That's not true, you have the ability in settings to see all old sessions and revoke device approvals. It's pretty easy to clear out your old machines.

True, because removal of _all_ existing sessions and tokens should be automatic when 2FA is enabled (you're saying to FB: I only want to be using FB if I've completed 2FA). Under what circumstances would the user want existing sessions to live forever on old devices? (I can answer that : they would want that when they were making their money from advertising "engagement").

If you remember and know where to look.

Google eventually asked if I wanted to remove a phone I'd stopped using 2 years ago the other day.

Google's is pretty easy:


Under Device activity

Google also reminds me regularly to review app passwords. Facebook has never asked me to review a list of apps that I allowed to authenticate with.

Unbelievable. When signing up for 2FA, FB never said what else it would be used for. From a legal standpoint, aren’t companies are supposed to say what the phone number will be used for when asking for phone number?

Somebody from FB - please tell us this is a bug.

Well as far as legal protections go, nothing definitive, and they can always argue their statements about enhancing user experience would cover this.

Check westlaw on it https://content.next.westlaw.com/6-502-0467?transitionType=D...

I think the real issue, is people think they are doing one thing, but doing another.

depending on the age of your account, you'll notice that the notifications for SMS maybe defaulted on, this didn't matter if you didn't have a phone number associated with your account. When you add a phone number to your account, its not "solely" 2FA, you add the number to your account, and 2Fa is enabled, just like all the other default setting that apply to phone numbers.

which is why when people are responding to the SMS its posting on their wall, its because what their settings are set to do.

see the settings below where they can disable this. https://imgur.com/a/6pOHH

It's another case of people screaming to the heavens about evil megacorp. when in reality they can't be bothered to check their own settings.

> It's another case of people screaming to the heavens about evil megacorp. when in reality they can't be bothered to check their own settings.

Facebook's settings are often opaque and unintuitive, and some of the stuff around notifications qualifies as dark patterns. Also, as you mentioned, Facebook has a history of using selfishly-chosen defaults which are often not what a user would likely want or expect.

I'm not going to fault people for complaining about getting tricked into settings they didn't want.

I won't defend their practices in most cases, changing the news feed to recent for example is far more work than it should be, and reverts randomly.

but this setting is Settings>Notifications it's not really buried.

I suppose I'm not upset at people who discovered the issue, but I am annoyed at mashable.com for making it a specifical when it shouldn't be, quoting a "a self-described technosociologist, professor at UNC" and their uninformed statements.

Another Facebook dark pattern: they hid everybody's email addresses from their profile and showed a new @facebook.com email address. They claimed they had simply introduced a new setting letting you show or hide email addresses individually. However, it was already possible to set the privacy on an email address to "only me", effectively hiding it.

Judging by how the response has been to companies leaking and abusing our data, I don't know that it will make a difference if it's a bug or intentional.

"aren’t companies are supposed to say what the phone number will be used for when asking for phone number"

Not yet. Can't wait for the EU general data protection regulation (GDPR) to come in effect, which includes such a requirement - it won't affect USA users directly, but hopefully it will force some companies to change their behaviour worldwide.

Sounds like a good reason to send the spam text message filing report. How much is the fine per incident?

$0 if you own enough lobbyists and congressmen.

That kind of response is too cynical, and just discouragement from actually trying to fight the problem.

Cynical? I'd call it realistic. If anyone wants to fight the problem, delete your account. That is the only value that you can take away from that company.

> Cynical? I'd call it realistic.

That's what all cynics say.

> If anyone wants to fight the problem, delete your account. That is the only value that you can take away from that company.

No, that's clearly false. You can use your account to spread an understanding that Facebook is bad (lots of stuff in the news to share, like this), or you could abandon your account but leave it up with a profile pic saying you don't use it anymore (sort of like a reverse take on broken-windows theory). Politics and lobbying representatives is slow, but does have results (all the lobbyists in the world can't counter steady constituent calls on a non-partisan issue). But you're a cynic, and probably gave up before giving much though about what could be done.

I really hope this is a sign of the end times for Facebook. I genuinely believe that the world will be better off without it, and its effect on culture, mental health, work habits, and socialisation. _Especially_ for young people.

We might be seeing the (slow) decline of Facebook, but in no way will we see the decline of social media that causes those bad effects.

Unless there is a sufficient cultural backlash for social media _in general_ to become 'uncool'.

"Look at that loser. Spends all his time checking Instagram."

Is it Machiavellian to wonder how we could memetically inoculate children against social media?

It could become a low class thing like consuming soda.

No. Not at all. We teach kids about a lot of dangers already. Some are real, some are highly exaggerated. For-profit social media is a thing we’re starting to realize may be a complicated, subtle danger. Maybe all social media. Maybe just corporate-owned social media.

Yeah, that's what I meant :) I run my own Mattermost server for friends and family.

Seriously, why do the rank-and-file of Facebook engineering allow this to happen? Does anyone stand up to their employers anymore? Or does everyone just drink the koolaid and ask no questions?

These things are never spelled out in any plans. They're done piecemeal, by separate teams, incrementally over long development cycles.

One team implements 2FA, and they add a way for users to enter their phone numbers as a second factor. The engineers are fine with this because it's for the users' benefit, so they can secure their account.

Another team implements the mobile notifications, which a user has to turn on explicitly. The engineers there do this for the users' benefit, for those users that want notifications by phone. They're opting in, after all.

Sometime in here, the fact that the phone numbers are being collected for 2FA gets forgotten. This sets the stage for a third team, who is tasked with improving engagement numbers. They see that lots of inactive users have phone numbers associated with their accounts. Maybe they might be interested in something their friends are doing? So they try an experiment where they send a notification to these users, and a large percentage of them engage with it! That must mean that the users were interested in the notification right? After all, they opened the link or replied. So they roll it out to a wider audience, and the engagement numbers go up. Awesome! Pats on the back all around.

To be clear, I have no idea about how this actually happened, or if this is the right chronology, or anything else. It really doesn't matter, my point is that this is how this sort of thing happens in large organizations. No one has the whole picture, and in their own world view everyone thinks they're doing something good for their users.

But if you put them all together, and sprinkle in a little willful ignorance, you get Facebook spamming their users on their 2FA numbers.

Occam's razor suggests otherwise.

To me, Occam's razor says that a grand, company-wide initiative is unlikely, and it's more likely a series of isolated projects that individually make sense and that well-meaning engineers can work on in good conscience.

This is actually a scarier prospect: it means that a large organization can do unethical things even when almost all individuals involved act ethically. This makes it hard for an individual engineer to ensure that their own actions don't contribute to unethical behaviour.

If you personally won't do it, the person next you, or your replacement, may.

Toeing the party line sucks at any job, but it's part and parcel to receiving a paycheck assuming you aren't doing something downright illegal.

Used to be SWEs were so powerful that we could by virtue of the fact that replacing one costed so much

But now, where juniors are hired by the dozen and internships are now a seeming requirement (internships being a worker's first -- and now mandatory, it would seem -- induction into drinking the techbiz koolaid), where lifers are getting more and more scarce... I guess you're right :/

FB (among other web sites) continually asks for my phone number. I continually ignore their entreaties. I always suspected they could not resist the temptation to use it like this. I really expected them to sell it to telemarketers.

Not only asks but I've had it display what it thinks is my number and asked, "is this your number?".

I've consistently denied telling it my phone number. Of course it has it via whatsapp now but I've repeatedly made clear I don't want it associated with my facebook account. Reading this news I'm very glad I've put up with its demands and not linked it just for 2fa.

Call the President. PHONE NUMBERS:

Comments: 202-456-1111.

Switchboard: 202-456-1414.

> I really expected them to sell it to telemarketers. reply

I doubt they'd sell it to telemarketers, but they'll use it for every dark pattern under the sun to increase your engagement. Frankly, your engagement is much more profitable to them than a one-time sale of an email list.

They're not mutually exclusive.

Yes, because having exclusive access to that breadth of data makes it valuable. Once they share all their data it's not worth much anymore.

Did they stop asking for email login passwords?

(I haven't been there in a while, this being just one of the last straws.)

Reposting my comment from the other thread:

I’ve always been suspicious of services that use SMS as the primary 2FA mechanism. TOTP is more secure and convenient, but it doesn’t allow the service to collect and extra datapoint. Using a communication channel intended for security as a method to boost falling engagement is as shady as it gets.

Matthew Green’s twitter thread[0] on this is an interesting read.

0: https://twitter.com/matthew_d_green/status/96376666146678784...

This is terrible and totally shit. FB had opt in by default spam notifications when I provided my number and as I stopped using the service regularly spammed my number. I turned off notifications and then the password reset link didnt work via phone. Also, the random intentional "security" interruption to force you to send a selfie to train their AI model.

Not as egregious, but Twitter last week started spamming my email once a day with a “HEY YOU SHOULD SIGN IN AND CHECK OUT YOUR NOTIFICATIONS” message.

After 5 days of that I finally bothered to look. The notifications were about someone mentioning me in December.


How about not doing that?

The same thing happened to me a few weeks back when I got an email about my “twitter birthday” and how I should post something.

I just deleted my account instead.

I had the same thing happen with Facebook texting me to post after I turned all notifications off in settings, which was the final straw that got me to delete my FB account too.

Now it’s a pattern I repeat everywhere: if your site emails me, I always will click unsubscribe, and go through every possible setting you have to stop you. If you email me again, I delete my account.

I just remembered that I got an "password reset" email from facebook like a month ago?

I didn't log in to my FB account since 2008 or so.

For a minute I was baffled and thought someone might be trying to hack my defunct profile (but why?) and my instinctive reaction was to log in and reset the password but gave up and forgot about it.

But now that people keep mentioning shady "come back, come back, to Mordor we'll take you" tactics, this sure smells fishy.

Anyone else got an unsolicited PW reset email after not using FB for a long time?

Yes, this follows the same strategy. All they want is to lure the user back. Either message will say reset password, or trouble logging in.

Network effects work both ways. Can cause a meteoric rise, or a dramtic decline.

If they're not processing STOP as an opt-out, they're in major violation of the CTIA's rules on short codes.

They are also at risk of a TCPA violation for sending unwanted communications without consent.

If you send a STOP, though, won't that cause you to stop getting 2FA codes as well?

I'm not sure if the rules carve out an exemption for that.

If they don't, polluting the 2FA short code with other types of messages is doubly bad.

these aren't marketing campaigns and a part of your subscribed service, they aren't violating anything, and aren't required to process short codes in this case.

It's my understanding that any short code must respect the STOP wording as an opt-out.

It’s a good thing they have Instagram and WhatsApp, because their flagship property seems like it’s going down the tubes. Those acquisitions were in 2012 and 2014 though. Wondering what’s next.

A platform created to addict people is now beginning to act like an addict begging for a fix?

Can't wait to see what their rock-bottom looks like.

MySpace, tumbler and digg are probably good examples.

Problem is Facebook is still using the original revenue model that has made it rich, which requires engagement. Unfortunately they encourage engagement using the techniques that initially made it grow, which the market is now tired of. Facebook needs to diversify. Take a note from amazon, Netflix.
cwkoss 10 days ago [flagged]

Engage on every sponsored post... but engage with it in a way that the advertisers will dislike.

ex. Health product -> "I heard this product causes cancer."

I know you meant well, but please don't duplicate comments on HN. I'm sure that's why they were flagged.

The idea behind this site is intellectual curiosity. That shrivels under repetition.


Someone added my phone numbers on 2FA and now I am able to login to their account, without a password.

It's not really 2FA if you can login with just the one factor of the phone… Maybe you unconsciously reset the password to your own at some point and it's saved?

Agreed. But its not even my account. I have similar things happening to me, except those messages are linked to my google voice number with someone else's account. One click and I am able to login. I had to block that number from receiving facebook updates.

Seriously! It always drove me nuts that they sent emails when you didn't check your facebook regularly too. I used to get so many damn emails. "This person shared this." "This person liked this" etc and I didn't give a shit that's why I didn't check Facebook in the first place. So why the hell would I want a message about it? This is so much worse. I'm not checking facebook why the hell would I want a text about it?

GDPR is looking better every day isn't it? Honestly I wouldn't trust Facebook with my cat's name.

Just reading this may have just pushed me over the edge to delete my account... except i need it to use tinder and bumble. I already havent signed in for months and i feel great. I only use messenger, but now im starting to see annoying ads polluting my messenger list.

You don't need to use your account. Not viewing ads hurts them enough and if you don't login they can't count you as an active user. The overall number of users is unimportant anyway and they won't delete your data, so no reason to deactivate the account.

Tinder no longer requires Facebook, I believe.

As this stream of negative facebook articles continue, I can't help but feel duped about my experiences with it.

I've quit fb since new years, but I can't help but wonder if I was played the whole time. I feel like they advertised fb as an altruistic platform, when in reality, I was just a means to marketing dollars and they fed whatever altruistic lines they wanted to keep me coming back.

Serious question: does fb purely exist as a company in order to sell our information? Do developers at fb believe they're making the world a better place? I'm not saying developers _need_ to make their career about making the world a better place. I do, however, feel like that's the line fb was feeding about their company culture.

> I feel like they advertised fb as an altruistic platform

Zuck's "Facebook's mission is to give people the power to build community and bring the world closer together" always felt like a stretch. If they were altruistic, they would be a B corp or a non-profit, not a Delaware-based C corp. Never forget that companies are run by Boards and that your data can be reappropriated if the company is merged with another.

Hell, even Enron's mission statement was:

> We treat others as we would like to be treated ourselves....We do not tolerate abusive or disrespectful treatment. Ruthlessness, callousness and arrogance don't belong here[1]

> when in reality, I was just a means to marketing dollars and they fed whatever altruistic lines they wanted to keep me coming back.

Meh. It's marketing. You typically don't tell the most attractive person your worst qualities when they first see you. You try to make a good impression by highlighting your more attractive qualities and staying quiet about the others.

The NSA doesn't tell you it's watching all of your internet activity and correlating it to build profiles on you and your 6 billion fellow great apes. The NSA's marketing is to try and make you forget that it's there, one of the reasons it was dubbed "No Such Agency". When the CIA and the NSA do make their rare public statement, they talk about themselves as the "intelligence community".

BP doesn't advertise itself as a cost-cutting, Deepwater Horizon spilling, exploding rig megacorp. They advertise themselves as the company that saved the Gulf Coast from near permanent economic collapse.

VW doesn't advertise itself as a lying, massively polluting company that makes more cars than any other. They advertise themselves as the "people's car" that is small and cute and sleek. Oh, and they lied that one time, but they learned from their mistakes and they are making amends.

[1] http://www.nytimes.com/2002/01/19/opinion/enron-s-vision-and...

Every company exists to make money.

What's the legal situation for this in the US?

Pretty sure, this is illegal in most of the EU already, but the GDPR will definitely prohibit it on the basis of the data clearly not being used for the originally specified purpose.

I can't wait for GDPR to take effect and I won't be lazy to go through every f*ckin option on my Windows PC, Android phone, Google account etc. and report every bit that violates it. I see it as a revenge for all these years of dark UI patterns.

OK, so my hunch was right.

It's not only Facebook, BTW. Whenever you provide those "additional details" to "secure" your account, be sure there's a high probability they will be used elsewhere.

In my case, I provided a personal email address to Azure as an alternative email. That email address had an Azure account associated with it. Microsoft merged the two accounts without me asking for it and (not very surprising) it caused some issues displaying the subscriptions properly to the point that their support asked me to create an empty subscription with a brand new email address.

I experienced this a few months ago and it was the last straw for me - it really feels like they're willing to do anything to drive engagement and ramp up addiction. This was after I'd removed messenger and facebook from my phone (having them really push hard for me to use messenger creeped me out; it's obviously in order for them to track my location). I've crippled facebook via chrome extensions to the point that it's only a place for me to check messages and keep in touch with local groups/events, and I'm slowly moving off of it entirely.

Consider trying https://mbasic.facebook.com/

It's a JavaScript-free version :)

Also works with the Tor hidden service https://mbasic.facebookcorewwwi.onion/

Ahh, I got a friendly SMS "reminder" to log back into Facebook when I got a new phone.

Haven't logged back into Facebook since I got the new device, primarily because I don't use Facebook all that often.

But despite the outrage here, I can see the vast majority of Facebook users finding this sort of thing useful. I know it seems counter-intuitive but there are A LOT of people that use and like Facebook.

To break away from the newsfeed for good the most effective method is to just start unfollowing everyone and everything who appears in your feed. After a few days of satisfaction from clicking, the wall becomes 100% empty and stays so.

Much more effective than deleting your account or exercising any other kind of self-control. Good luck with having the determination to start following everyone once again -- not going to happen.

It used to be if you get a notification you could go into settings and "disable this type of notification". But they removed that screen and you still get shit even with EVERYTHING disabled. I really hope they get what's coming to them soon

I think it's worth pointing out that all the screenshots I've seen so far are from iMessage. I too have 2FA activated but never got spam like this via text (I have an Android phone and no FB app installed, only Messenger). So I wonder whether it's specific to an iMessage plugin or something similar?

EDIT: Apparently this is US specific.

No fucking way. A company whose revenue absolutely depends on user engagement is coercing users into engaging with the platform.

I'm shocked. Shocked to hear about this. I can't possibly imagine how this could've happened. It's time to rethink everything we know, rewrite C in rust, and put the social back in media.

Misusing 2FA for "engagement" is indeed more than you should expect from any company. That looks very desperate and I haven't heard of other companies using these tactics.

Facebook becomes LinkedIn

I think you'll find LinkedIn is actually becoming Facebook.

The best decision I made in 2018 was to start a new year without Facebook. I deleted my account permanently.

Tangentially related, make sure to remove any phone numbers you no longer use. I started receiving sms FB notifications for another person's account (I'm guessing they switched numbers). The link in the message logged me directly into their account. I reported it, but they said this was expected behavior.

Just get multiple phone numbers. It's easy these days and totally worth it. They're only $1 / month and being able to keep your real number separate from all these BS sites is great. Plus, for 2FA social engineers aren't going to get you just by working your network.

Why exactly should I spend my money because Facebook can't behave itself? I'm not the problem; Facebook is.

Google voice is a free phone number ;) I have a couple for 2fa if i ever truly want it. The danger of 2FA is that you are trusting your phone service provider. A semi-common hack is to socially engineer a phone provider into transferring the target's phone number from their service to your service provider under a false or stolen identity. Now you can control the phone number, tie it to your own device, and recieve the 2fa sms at your own device.

I removed my number from my Facebook account when I realized that FB was linking my WhatsApp conversations to my FB account using my phone number and displaying ADs on my FB feed based on my WhatsApp conversations. What a desperate move by FB! losers! lol

A good way to avoid this is to stop using Facebook. I wish everyone would abide by this.

Between this and Onavo, I think FB need to check themselves. I only keep an FB account so I can check in on people easily, but I'm borderline tempted to just clear out of there and bring as many people as I can with me.

I don't understand why they require your phone number to do 2FA, and prefer it over any OTP app like Google Authenticator. It's 2018 Facebook.

Maybe they like phone numbers. Nevertheless Google Authenticator's permissions are in another league completely and one should probably be as suspicious of Google as Facebook.

Version 5.00 can access: Camera

    take pictures and videos

    create accounts and set passwords
    full network access
    control Near Field Communication
    use accounts on the device
    control vibration

I guess it needs camera access to use QR codes? Maybe NFC falls in the same category. Not sure about the others though.

Using 2FA number for ads? Are they doing it in Europe too? (Where there are harsh laws against using data for a purpose it wasn't collected for.)

Have anybody believed to their pledge "to never spam you and only use it for ensuring your account security?"

I did because other companies respect that. This is the first time I hear 2FA misused for marketing/engagement. I use my phone with Google, Dropbox and others and never received unsolicited text messages.

Delete your facebook/instagram/whatsapp/<facebook owned> account asap. The sooner the better.

No reason to delete it. They won't delete your data anyway and they only count active users. Just not logging in hurts them as much as deleting the account.

How do I make it stop? They’re texting me updates about people I haven’t spoken to in years.

I still get this, such a pain. I thought it would go away. But 3 months later, nope.

This happened to me a while back. So I disabled 2FA on Facebook.

I find it dissuading to read an article when the actual article itself is confined to <1/2 of the browser screen.

Good time to remind everyone: If you are not the customer, then you are the product!!

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact