Hacker News new | past | comments | ask | show | jobs | submit login
Suspending Cambridge Analytica and SCL Group from Facebook (fb.com)
330 points by ilamont on Mar 17, 2018 | hide | past | web | favorite | 152 comments

> Protecting people’s information is at the heart of everything we do

Thanks for striking down the bad guys, Facebook, our ever vigilant guardian of personal information.

That's exactly what I wanted to say. Talk about the fox guarding the hen house... none of these parties--Facebook included--can be trusted with any data. They're all out to make a buck with it!

> They're all out to make a buck with it!

It's not even that though. If someone is reselling your companies data to a third party without authorization, you put both the company and it's key people on the persona non grata list. Large well run corporations and a lot of smaller companies have black lists like that and they use them.

I 100% believe in the fox to guard the hen house...from the other foxes.

No point in sharing dinner.

Exactly. Facebook really wants to protect your personal information - it's their competitive advantage. If other companies all have your personal info too, then it's less valuable to Facebook. The last thing they want to do is let it get out.

If you've decided to share your info with Facebook, well, that's on you. But Facebook isn't going to share it.

Are you serious, defending Facebook here?

There can't be a single repository of online data, which by design gives the repository owner too much power and control. Blaming the users for falling for it is like saying we can't have regulation because markets can self-regulate themselves.

After the last 3 years, anyone who defends Facebook comes across as disingenuous, naive or for a lack of a better word, a shill in my book.

Saying Facebook wants to protects your personal information is the most hypocritical statement, I've heard yet.

I don't think you and parent disagree. Facebook will do a good job of 'protecting' your personal data because that allows them —exclusively— to benefit from it. Though the definition of 'protecting' might differ, Facebook's might sacrifice that protection to benefit at any point. As a user, you're not in control of that transaction and will never benefit.

Also lets not forget Facebook as to appear somewhat protective of data, or they'll scare off even more user. Negative consequences of users sharing their data have to appear dystopian fiction.


Uhm, there are many companies that have access via the FB API to users' data and the data of their friends. E.g. CA/SCL. The TOS says you're not allowed to pass it on to third parties but that is exactly what CA/SCL did and FB didn't do much about it when they found out.

So much for protecting your personal info. That is why such a stink is being made about this story.

This fallacy of pre-defending a corporation from ever doing anything wrong or acting against their own (short term) self interests because "their business depends on it" needs to stop immediately.

It's a fucking joke, their way of protecting is to say, "app developer, you're not allowed to do these things.". It's like a bank who leaves people's money in a field, and "protects" it by putting up a sign that says "dear visitors, you are not allowed to steal this money.".

The best way for them to maintain their walled garden is by restricting 3rd party access to the data. This isn't to protect users, it's to maintain and improve their wall.

You don't remember all their silly breaches and lapses of security about a decade ago do you?

Or are they reformed now?

They do want to protect its profitability for them ;)

And politics aside, this is analogous to Craigslist vs 3Taps, Radpad and so on.

well, you need to have it in order to protect it

It is as weird as we define how to kill a lobster is more humane.

"humane" does not mean "human".

Excuse me, I think you dropped this -> "</s>"

Just as a great comedian doesn't laugh at their own joke, great sarcasm is best served without a sarcasm tag.

All my favorite comedians laugh at their own jokes... Dave Chappelle, Chris D'elia, and Bill Burr.

I disagree when the medium is text; it's harder without tone to hear.

You have a point there. It is definitely harder to hear tone in text.

But does that mean one should always put in a </s> tag? It may ruin the joke.

As an example, this was one (or two) of my highest-voted HN comments ever:


If I'd added a '/s' tag to those comments, it would have spoiled it, wouldn't it? Part of what made it funny was that I played it straight, and people believed I was sincere almost to the end - or beyond.

But now I fear I have led us far off topic. Back to our regularly scheduled discussion of Facebook, watchful defender of our privacy.

And the funniest part is, you're essentially describing jitter, which is timing differences between successfully and accurately reconstructed bits, and jitter can really wreck audio quality. So you only think you're being sarcastic, while on a higher level you're alluding to a deeper understanding of known audio playback issues that are quite real and legitimate :)

So the joke was on me all along... Now that's funny.

Sarcasm doesn't work in short text. It just causes confusion and adds nothing, since it just relies on the reader to decided whether the utterance means its face value or opposite.

Most insightful thing I read today.

I think Poe's law isn't that absolute. Given HN style, I could tell his post was sarcastic.

Among other things it's virtually a HN rule at this point that the top voted post is critical. A purely positive post is a clear red flag and indicates sarcasm or some other snark.

I have never been prouder of a negative 4 votes. I will carry them with pride.

Some additional context on Cambridge Analytica. I'm guessing Dr. Aleksandr Kogan (who also had his FB account suspended) was Cambridge Analytica (and the Trump campaign's) source of data on individual Facebook profiles:


> Cambridge Analytica used its own database and voter information collected from Facebook and news publishers in its effort to help elect Donald Trump, despite a claim by a top campaign official who has downplayed the company’s role in the election. ... In another case, in the late stages of the November election, Schweickert said the company acquired data on voters who voted early – data it collected from local counties and states – and linked the information to individual Facebook profiles.

I urge everyone to watch this video from Cambridge Analytica about their techniques with big data and psychographic profiling leading up to the 2016 election. Very dystopian, it almost feels like a seminar with a Bond villain. Quote from the video:

> "we were able to form a model to predict the personality of every single adult in the United States of America."


Edit: also this article is a good read about how they used Facebook likes to build up profiles. Also contains a summary of the video: https://motherboard.vice.com/en_us/article/mg9vvn/how-our-li...

So, I'm far to the left of most people, and I'm no fan of Trump, but I watched that video and I got the sense I usually get from reading about ML/big data, people seem to be selling these as more than they actually are. It almost is intuitive if not, I guess, what most people who study market research already know: you tailor your message to your audience. Even on a personal level, anyone who has navigated real life with real people knows that you have to communicate with people in the way that they will be most receptive. Nowhere are they "planting" ideas in people's heads, nowhere are they brainwashing people, they are merely saying the same message (for example, defend the 2nd ammendment) to people who might already agree in a way that they'll receive it. The big 5 personality traits are an already well known and documented idea, and even without that, in your day-to-day life, you learn what people's personalities are and you tailor how you communicate with them anyway.

The thing that they seem to bring to the table however is the massive amount of personalized data. That is the issue here, because that data can be abused by nefarious actors if it were to fall in the wrong hands. What usually takes a much more personal touch (like going out to voters, talking to them, or if you can't do that, have teams on the ground that talk to voters and tell you before your speech what they care about and why) can be done in mass due to essentially aggregating private data that users "agree to" obliviously or even don't consent to. That is the issue at hand, not like Cambridge somehow warped the people in Wisconsin's brains to mush and made them go to the polls.

Yes, M.L. is always sold on the metaphor and not on the reality -- that's partly because its advocates are really unable to distinguish animal consciousness and cognition from computation.

Machine Learning models are tools for computing specific predictions. They are not thoughts, have no concepts, etc.

The model isnt what it is used for. A model isnt what it describes. The ability of an ML system predict a person's action isn't a reasoning process. A rock rolling down a hill predicts the path of water rolling down a hill. The rock isnt thinking about it.

Describing ML models as if they were cognitive gives people the impression that computers possess the relevant concepts and understanding which is why its seems scary. It's just current through a write to a fancier dial.

Can you please recommend a book or something on these 5 traits and tailoring communication with people based on their personality ? It sounds interesting and something that would probably be especially useful for me.

>> "we were able to form a model to predict the personality of every single adult in the United States of America."

That would be dystopian if it weren't so ridiculous. They can do nothing of the sort- predict the personality of any adult in the USA. At best they might be able to make predictions on a population basis, but anything more precise than that is out of the question. Behaviour prediction on an individual scale is pure, unadulterated fantasy.

This is just typical overselling of a service, by people who can use maths to obfuscate the fact that they 're making it up as they go along, targeted to people who wouldn't understand the maths if a five-year old explained it to them anyway.

Did you watch the video? They claimed real results helping Ted Cruz in the primaries with this sort of hyper-targeted advertising.

The access they have to online data sources would absolutely be enough to start correlating things to build an individual profile. Say you can link someone's FB, Twitter, (HN?!) account posts, likes, shares, to credit card data, maybe even search keywords from shady advertisers, to vehicle registration records, tax records, census data, etc.

Do you really think this profiling is that far-fetched that they need to BS everyone? It doesn't have to be perfect to be many times more effective than untargeted ads...

Wait. The very same Ted Cruz who is now president of the United States of America?


After the primaries they were hired by Trump. Trump is the president now.

So they're 50-50?

How do I know they weren't the reason Cruz lost? How do I know that they didn't lose the popular vote for Trump? Take their word for it?

No thanks.

They worked for a more successful candidate in the general.

Sure. If they keep working for winning candidates in the future, then maybe I'll be convinced that they aren't just BS?

If they even exist in the future, I guess...

In fairness, you don’t need to be able to do it for every person if you can target a few hundred thousand across a few critical states. Even with a relatively low success rate in changing minds or encouraging/discouraging turnout you can yield results - 2016 was only decided by ~70k folks in 3 states.

> a seminar with a Bond villain

Incidentally, the psychologist mentioned in the FB statement appears to have changed his surname to Spectre.


Yes. He says he changed his name from Kogan to Spectre after his wedding.

See: http://cpwlab.azurewebsites.net/CV/Aleksandr%20Kogan%20CV%20...

Christ, I’d have trouble suspending disbelief if I read this in fiction! It’s too on the nose.

The video above was 7-week before the Trump campaign and this one is after the result and a sort of review of the "success":


> form a model to predict the personality

I can do a model of personality using ML/DL anytime as well, it's a piece of cake. How good the model is is another question; I'd be surprised if they were significantly better than random noise given how pathetic "science" of psychology is.

Yes, I think it's more the "of every single adult in the United States of America" that is the disturbing part.

Wow everything about this guy just gives me the chills.

Honest question: is this just masked preparation for GDPR?

It looks to me that CA may have gathered and shared FB data, and FB has suddenly realized that they have a GDPR violation on their hands.

IANAL, but I have seen articles suggesting that people will need to re-consent to the use of their data, and I could see this being a problem in this case, where the consent was never given in the first place, but FB would have to be able to report on how that data was being used.

Specifically, it looks likely that CA's data violates GDPR Article 9 section 1 - https://gdpr-info.eu/art-9-gdpr/ - completely.

GDPR violations for a company of Facebook's size would be substantial. In Facebook's case, if the fines were deemed to be "aggravated", the absolute maximum fine would be 4% of FB's annual revenue, or $318Million USD.

Fast-track GDPR then inject the fine money into the NHS with compliments from the EU.

Is GDPR retroactive? I doubt so.

Yes in that it has no consideration on when the data was captured or acquired. And there is a trickle down to anyone you have or passed the data onto.

Ok so you should take care of the data you posses now, but if you have shared the data with third party then I guess this is now their business to obey the law? I just don't see how you could possibly be forced to go and police everyone you have ever shared the data with.

Be interesting on this one. GDPR has explicitly called out legal obligations for the data controller and the data processor. Controller is the one you consent to data collection, processor is 3rd party carrying out processing on behalf of controller. If data sold then it is passed to another data controller.

In this case user has apparently given, some level of, consent to Cambridge Analytica. I don't know whether that would then make them a data controller in their own right or whether they still be treated as a data processor. If former then user would have to engage directly with CA for right to erasure or FB need to invoke T&C's. If later then it's down to FB T&Cs and then FB would have to inform CA of user invoking right to erasure.

GDPR will a minefield for consumers and organisations for at least another 2 years until we have some case law that backs it all up

I think the way GDPR could be consider retroactive is that the data you hold now is subject to the same test for explicit consent etc. as the data you collect now. So if you hold data now that was not collected in a way that is in line with GDPR you are in breach.

However if hypothetically FB sold CA some data in 2015 without their users consent then it is CA that has the problem now as it has no consent to the data, not FB

Dump facebook. Just do it.

Make your final posts informing your friends how to contact you by email. Follow up with a reminder or two over the coming weeks and delete it.

It will be the best feeling you ever had from doing something with your facebook account.

And after you dump facebook, invest in creating a strong social network in real life.

Since early 2017, I’ve stopped posting, scrolling mindlessly through the news feed, giving a shit how many likes things I say or appear in garner, and subjecting myself to the collective fear and anger of my bubble. It’s been great! On the rare occasion that I need to go on (a friend has invited me to something and the details are on Facebook), I can get in and out without getting sucked in. Given this, I have no motivation to actually delete my profile, but I also don’t want to be a regular user ever again.

> It will be the best feeling you ever had from doing something with your facebook account.

I second this, deleting my Facebook account was the best decision I made in 2017

I've not been on fb for the past 3-4 years, the absolute best decision I have ever made, no more trying to decrypt cryptic statuses from people you have no interest in and 100% less pictures you could care less about.

>> In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.

So basically FB's problem is that Kogan passed the data to third parties, without FB's knowledge and -I guess- without FB being in on the deal. Because FB's whole business model is to hoover up its user's data and sell it to "third parties".

Third parties who may then do with it whatever they like, without users having any control over it. You know- like Kogan just did.

FB is trying to pretend they're the responsible party in this - "Protecting peoples' information" is what they do, they say. Well, no it isn't. Trading peoples' information is at the heart of everything they do. And this is just one more example of why it is so harmful.

Someone please correct me - but I don't think that FB sells data. They use it for their own uses, and customers of their advertising platform can use that data to target groups, but I don't think they sell their data to 3rd parties. Am I wrong ?

My understanding is that Facebook act as the 'ad broker' themselves, as opposed to selling the data on to third-party ad brokers.

Nobody outside of Facebook has any way of knowing. That’s the problem.

Uh, anyone that bought data from Facebook would know. And people they spoke to about selling data.

FB monetizes data by letting people use it for ad targeting, not by selling it.

Story from March 2017 about this:


>In late 2015, the turkers began reporting that the Global Science Research survey had abruptly shut down. The Guardian had published a report that exposed exactly who the turkers were working for. Their data was being collected by Aleksandr Kogan, a young lecturer at Cambridge University. Kogan founded Global Science Research in 2014, after the university’s psychology department refused to allow him to use its own pool of data for commercial purposes. The data collection that Kogan undertook independent of the university was done on behalf of a military contractor called Strategic Communication Laboratories, or SCL. The company’s election division claims to use “data-driven messaging” as part of “delivering electoral success.”

>Shortly after The Guardian published its 2015 article, Facebook contacted Global Science Research and requested that it delete the data it had taken from Facebook users. Facebook’s policies give Facebook the right to delete data gathered by any app deemed to be “negatively impacting the Platform.” The company believes that Kogan and SCL complied with the request, which was made during the Republican primary, before Cambridge Analytica switched over from Ted Cruz’s campaign to Donald Trump’s. It remains unclear what was ultimately done with the Facebook data, or whether any models or algorithms derived from it wound up being used by the Trump campaign.

>In public, Facebook continues to maintain that whatever happened during the run-up to the election was business as usual. “Our investigation to date has not uncovered anything that suggests wrongdoing,” a Facebook spokesperson told The Intercept.

>Facebook appears not to have considered Global Science Research’s data collection to have been a serious ethical lapse. Joseph Chancellor, Kogan’s main collaborator on the SCL project and a former co-owner of Global Science Research, is now employed by Facebook Research. “The work that he did previously has no bearing on the work that he does at Facebook,” a Facebook spokesperson told The Intercept.

The Intercept is so wildly underrated (and unfairly disparaged). Vital reporting.

Wow. From the laughable shell companies, to the use of underpaid contractors for questionable deeds, to the "we can do whatever we want" terms and conditions, to hiring one of the chief perps, these people never cease to amaze.

It's too easy for this information to get out. There's basically no penalty, you just use as you want and year's late facebook cuts you off? So you start a new company, owned by a new llc, get the lawyers to sign the 'i am not evil' doc and repeat.

There's no way this will have any impact until there are criminal citations on the people involved. In this case, because it's the us, there's not going to be anything criminal. Facebook, you need to sue companies that do this into oblivion. You are rich and can stand up.

In europe, there's gdpr, the us has no defense. Remember, the chinese and russian govts (probably) were the ones that hacked the company that had all the security clearance applications. Basically, everyone but average americans have access to us govt employee's private information. There must be some blackmailing going on.

GDPR will most certainly reach into US businesses as well as EU businesses. Any business collecting data on EU users will be subject to the GDPR.


Though as the article points out: "There are still questions about how the EU will enforce these actions against U.S. and other multinational companies [...]"

European companies that exchange PII with US-based companies in order to provide features to their customers and value to themselves are terminating those contracts and turning to EU-based companies.

Even though many US-based companies are attempting to comply with GDPR, European companies which use their services aren't prepared to take the risk of being in breach of GDPR.

Or US business are making a big show that the data is hosted within the EU in order to retain the business.



Here's the thing. When you give your data to Facebook or anybody else you no longer control it. Laws, policies, user agreements, none of that really matters. You don't control your data once it is no longer in your possession.

I don't know if it really is in fb's best interest to sue them. It might in fact be in their interest to allow the players to come back because that would benefit their bottom line.

Eventually fb will suffer enough about this kind of stuff that it will hurt their rep. I hope.

I'm getting downvoted why? Isn't it true that's it is too easy to do this? The us govt wasn't hacked? see https://www.washingtonpost.com/news/federal-eye/wp/2015/07/0....

Now my downvote question is getting downvoted. It's very meta. Let's see if my downvote downvote question get's downvoted.

Posts on "why is this down voted" always get downvoted, mostly because they're unanswerable and not germane to the actual topic under discussion.

It's also against the guidelines. https://news.ycombinator.com/newsguidelines.html

This is an especially egregious case because it was well-known a long time ago that Kogan extracted a lot of really sensitive user data via the Facebook APIs that could be used for precision ad targeting. It says a lot about FB that they took this long to take any significant action other than getting a pinky promise from multiple companies that they deleted the data.

Even if they deleted the data, they could have retained information generated using that data which would allow them to effectively abuse the original data for ad targeting - which they did years ago. FB had opportunity to know this long before now.

It's bewildering that they knew this huge amount of sensitive data got into the hands of unauthorized third parties and were willing to treat assurances as a sufficient remedy. At the very least, all of their ad targeting should have been carefully vetted, but it seems ridiculous to let these third parties continue operating on the service when they had already demonstrated a willingness to blatantly violate the FB ToS and use unethical tactics for ad targeting.

In practice FB users aren't informed enough to know what this means or care about it, but missteps like this really demolish any argument that FB cares about user privacy or ToS enforcement. They had a huge amount of time to realize this was happening and take action on it. At this point it seems unlikely that CA and SCL are the only companies doing things like this - it's not exactly a secret that these techniques are effective. If they wanted to make it clear to third parties that this wouldn't be tolerated, they should have cracked down years ago.

Facebook employees worked with the campaign to help with their digital strategy. Directly.


I guess there would still be advantage to targeting adds even more directly (using RNC voter data combined with the FB profiles).

> It's bewildering that they knew this huge amount of sensitive data got into the hands of unauthorized third parties and were willing to treat assurances as a sufficient remedy.

What exactly should they have done? It’s data, once someone has it, game over. It’s like trying to unring a bell.

Manditory warning notices on all pages of FB, detailing about how your privacy can be compromised, your democratic rights infringed by using FB, in the same vein as warning notices on cigarette packs, or medication packaging.

They could have made at least a cursory attempt to bolt the stable door none the less.

I see no evidence that they have made any efforts to prevent a recurrence.

What stops them from creating a holding company and getting access from that? Seems like a rat and mouse game and feels like more a PR move because of recent bad news exposure.

> What stops them from creating a holding company

Nothing. Just like the adtech industry in general. So much of the spam and fraud could be stopped if there was even minimal regulation and actual consequences, but there isn't, so these actions are usually little more than PR, especially once all the damage is already done.

After the midterms and even possibly 2020, the future isn't going to look great for these companies.

You assume they won't lather rinse repeat using yet another way to get all the data and manipulate public opinion?

I wouldn't be surprised if we see a mass ban on all FB analytic tools. Perhaps FB can create a new source of revenue where they either use that info for their own political aspirations or sell it to others they support.

This is big enough that Facebook is likely to stay on top of it. The company had become somewhat famous in its field, and they can’t easily turn that into new clients without alerting Facebook and the media.

I don’t understand why it was legal for trump to hire Cambridge Analytica, which is foreign owned, to influence the presidential election.

I also don’t understand why Russia gets all the news, when this foreign election tampering was so much more effective and done in the open.

[edit: Downvotes. Wow. My comment is certainly on topic, so I guess “Foreign corporations shouldn’t participate in our elections” is controversial(?)]

What I wonder is why Israel is so ignored when they have orders of magnitude more money and influence in Washington than Russia. One of the top lobbyists in the US is AIPAC, giving money directly to politicians. The hypocrisy is absurd.

This is slightly OT, but they registered as lobbyists and we know where the money comes from - US citizens. Not that I agree with their message, but we have made this type of bribery legal in the USA.

How is lobbying bribery?

How is it not? Campaign contributions in return for votes.

That’s not lobbying. Lobbyists don’t give money to candidates. They do events, write blueprint for complicated laws etc.

There’s a lot of shady shit going on, and PACs are basically legalized bribery. But it’s important to be a bit nuanced when you want to effectively argue against these practices.

That too. Trump’s son-in-law apparently took a $30m bribe from the Israelis while working for the administration to broker a Palistinian peace deal, but that’s a bit off topic (since the article is about how he accepted foreign aid during elections, not his open corruption while holding office).

Hiring Cambridge Analytica is legal (just need to declare it publicly). Receiving contributions from foreign sources is illegal. Not too tough to suss out.

So, he pays putin $1, and then russia gate goes away?

He publicly asked for Russia’s help with the election...

That doesn’t sound like it would hold up in court.

Actually, no, when a political campaign buys something, they have to pay a fair price, or it's illegal. You can see that issue invoked many times during every election.

Trump didn't hire them, they worked for free for his campaign and the Brexit campaign because it serves their owner's political views. They refuse to work for politicians they dislike.

No, actually, no. People can volunteer their personal labor for campaigns, but if a corporation gives data "for free" or a lawyer pays off an adult industry actress "for free", that's a campaign contribution.

There’s no prohibition against paying foreign companies. Just like the campaign can buy Samsung phones, they can hire South African graphic designers or British PR consultants.

We are utterly shocked to discover that people have been invading our customer's privacy to manipulate them politically, without our consent. Sorry, their consent, I meant to say without their consent. Furthermore, we had no idea that this was going on, as we were reading a really good book at the time and the radio was on really loud. That said, we are paying attention now and you can trust us with everything from here on in, as we are really nice and competent, honest.

read: how dare you not pay for this data

Curiously, just weeks ago, Alexander Nix (CEO of Cambridge Analytica) stated, in a letter to UK Parliament, that they gather no such information:

"On 8 February 2018 Mr Matheson implied that Cambridge Analytica "gathers data from users on Facebook." Cambridge Analytica does not gather such data."

Quoted from 'Letter from Alexander Nix, CEO, Cambridge Analytica, to the Chair of the Committee, 23 February 2018' (PDF), linked from this page: https://www.parliament.uk/business/committees/committees-a-z...

— So it would seem that they've been caught with their pants on fire then?

It is interesting to see Arron Banks (Arch Brexiteer and the money(under investigation by the Electoral Commission) behind Leave.EU) calling Nix a liar on Twitter recently.

It is alleged that Banks colluded with other pro-Brexit campaigns to spend a lot of money with a CA subsidiary. By spreading it around the groups they would have been able to breach the election spending limits. It is also alleged that the money itself came from outside the UK (which is also illegal)

It's a twisted web but here is an entry point with Carole Cadwalladr of the Guardian. https://www.theguardian.com/technology/2017/may/07/the-great...

Anyone else suspicious that Zuckerberg may be gearing FB to ban the analytic tools of his competition if/when he runs? If Zuckerberg does run, I wonder to what extent FB will be his personal tool? Could you imagine if an old school news paper baron ran for president and his journalists always wrote in his favor?

He's got full control right now, and opinions of him seem pretty negative overall (esp. wrt privacy/trust). I can't imagine it'd be any easier to manipulate opinions en masse if he were actively seeking office.

People aren't that dumb, but it is still pretty scary that he'd be able to scientifically design an electoral campaign that can be updated in real time using various FB tools. No other politician has access to power like that.

I can't imagine what kind of coalition he could assemble. I don't know if it would win, but if he takes whatever position his data tells him, the only obvious thing that would sink him would be his lack of authenticity. Imagine a candidate that always had an appealing take to a slim to large majority on whatever issue (for people that don't know too much about the issue).

In the previous 2016 race, HRC was perceived as inauthentic and lost. DJT was perceived as authentic to a substantial fraction the right (not the media class, though that has changed with the direction of the wind) and inauthentic to the left.

Zuck is a Democrat, he’d get a pass on all that, especially if it meant getting Trump out of office. Let’s not kid ourselves, hardly anyone in the media and government would make a stink about what he does with FB to get elected.

This is all hypothetical of course, he has to be one of the most unlikeable people in ages, and the reception to his “I identify with you, middle Americans” tour really solidified that feeling.

Yeah, there are large numbers of billionaire CEOs with far more charisma and public support than Zuckerberg (like Mark Cuban and Elon Musk). Hate him or not (I'm in the former group), Trump also has charisma. Zuckerberg has brains but not an ounce of charisma or PR ability.

I'm inclined to agree with you, but I'm also in agreement that I'm not sure he could win anyway. Zuck would be the personification of neoliberal imperial agendas so I imagine the establishment, perhaps on both sides, would line up behind him.

If he was going to run, he would want win and manipulation carries too much risk. I think it's likely that he uses FB analytics to determine what most people already want, then make that his platform.

I don't know what people thought of William Randolph Hearst during his lifetime, but I think Zuck has made himself toxic enough that he can't run for US President (or God) for quite awhile. He's rich enough that he can probably build an island or planet for retirement, though.

I'm 99% sure there's no way anyone would vote for him, regardless of anything.

People said the same thing about Ronald Reagan and Arnold Schwarzenegger before they were each elected as Governor of California.

They at least had charisma and decades of being beloved movie stars working in their favor.

Zuck could hire Jesse Einsenberg for the ads.

Hearst did this, was some outcry about it

I wonder how many apps do this and continue to do it. FB just looked for any reason to do something about these problematic companies to appease their favorite politicians.

The only things that can be trusted is the things does not require trust.

Are they actually pretending that they give any credence to the personal information that a Facebook app could access? Back years before Facebooks IPO a professor I worked with had an idea to study social networks using Facebook as a dataset. They would make an App that would collect personal data and create conclusions. She looked into what Facebook collected and promptly stopped the data collection system. From my understanding any App that integrates with the Facebook platform has a large amount of data that can be mined. I think they started restricting this but still if you let an app attach to your profile all sorts of wondrous things can be found out

Cambridge Analytica Lead Data Scientist Job Description

"Python for machine learning with SciPy stack and scikit-learn. Applied knowledge of SQL"


I'm curious to see what FB does to mitigate this sort of data grab in the future. Is there anything stopping them from creating a walled garden around user data? For instance, they could enforce that any code with access to user PII has to be run on their servers, and all results can only display aggregate data? It still can be manipulated, but it seems like it would be harder

There’s nothing they can do. Once you have access to the data it’s as good as copied.

FB would have to not give personally identifying info (PII) to the app in the first place. The main reason apps (from a user's perspective) need PII are 1) Display it to you or someone else in the app, or 2) perform a calculation or action on it (e.g. send a text to a phone number, or display an add to women age 20-28). If all I have is a user ID, FB can make it possible to do both without ever access PII.

For #1: PII could be embedded using an iframe and a url. You could even pass data (such as templates) in with url params

For #2: FB would expose endpoints that allow actions (such as send this email to the user). They could make it as generic as they needed, up to running arbitrary code on a VM, minus networking calls.

Facebook without PII is worthless. All that security is irrelevant when you can just bypass it all through the analogue hole. Chrome Headless just makes it easier.

Given that both are in the sleazy data business and FB is the dominant incumbent CA has a good anti-monopoly case and it will be pleasurable to watch them fight it out. Whoever loses, we all win.

Any tech site that provide private user data via an API needs to make sure that data is guarded like it was their own site, as if their own employees were accessing the data.

Maybe what's needed is a PCI-compliance standard or a HIPPA-act for general user data?

GDPR is coming. In my opinion it has flaws and I'm personally not a fan (big corps will have resources to comply and small ones will find it to be a barrier to entry), but if you want regulations this is as strict as it gets.


As a startup founder, GDPR is an enormous pain in my butt. As a human, I think it's terrific.

A lot of the adoption pain reveals just how much we built businesses that couldn't care less about what individuals would like done with their data over time. If GDPR had been alive early in the web, I think we'd see different and more human business models, and technology to support them.

Isn’t this the intent, if not the implementation, of GDPR?


That seems like the only way out of this mess. Reading this, there's not a good reason to not sell user data to interested third parties if the only consequences are getting your app removed and your account suspended.

I wonder what percentage of Facebook's revenue comes from political advertising? In an ideal world, I'd like to see all political advertising banned from their (and similar) platform.

One single person (Dr. Aleksandr Kogan) did all that damage, Facebook? And you think that the current method of enforcement is okay?

Read: only Facebook has the right to pass data to "firm that does political, government and military work around the globe."

> In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe.

I guess Facebook is mad that Aleksandr Kogan profited from selling Facebook user info without Facebook taking a cut.

i wouldn't be surprised to hear that FB was at the same time also selling data directly to CA, such are the times in which we live

rvo on Mar 17, 2018 [flagged]

Good. We can expect such behavior from vile conservative companies like Cambridge Analytics, funded by Mercer and the cause for Brexit. Why are they even allowed on FB? Such extreme groups should never be allowed.

Could you please stop using the site for political and/or ideological battle and start commenting civilly and substantively? The guidelines should be quite clear on this.


I apologize if I did something wrong. It's a political post and I am just trying to make the point that we should hope and expect FB to be moral and do the right thing. They control so much of our information that they should make sure far right ideologies (ok, far left also) should never be able to manipulate the data for their purposes.

If such a discussion is not expected on HN, I am probably in the wrong place.

> vile conservative companies

> cause for Brexit.

> Such extreme groups should never be allowed.

I surmise "extreme" in this context merely means "conservative" or "isolationist".

Voting for Brexit is hardly extreme or fringe. So much so, in fact, that most of the UK did so.

CA's political stance is basically irrelevant here, they're mercenaries. "Liberal" companies of this stripe would easily do the same thing if given the opportunity. The sort of work they do is intrinsically compromising unless your business is operating with a very firm moral/ethical code and it really hinders your ability to chase opportunities and maximize revenues.

It's not a coincidence that Google ditched 'don't be evil', and doing that doesn't indicate a twist to the far right or anything of the sort: It's just the reality that being a wildly profitable advertising firm can require a lot of moral/ethical flexibility that leads to outcomes like what we have here with CA & SCL.

The significance of CA's politics is specifically that they gave their services for free to a political campaign that aligned with their goals, which is already of questionable legality - and in this case, likely expected and possibly already received regulatory kickbacks in exchange. But that doesn't really matter in the context of FB deciding to enforce rules.

EDIT: To clarify, Trump's campaign did pay CA but sources have claimed that they received a deep discount.

Naming a liberal-leaning political consultancy that is this slimy would help. (The DNC’s behavior during the primaries comes to mind, in fairness to your argument)

I would say the DNC is not very liberal, it's more corporatist/neoliberal, which is not progressive at all. And their reach/tech is pretty low tech.

Can you name a liberal company equivalent? I'm having trouble coming up with anything close to this sort of behavior except maybe the Russians pretending to be liberals to rile up Americans as part of an equal opportunity rile up Americans of all political stripes campaign.

FB and Google are huge companies and control majority of the information people get today. We should want them to be moral arbiters. Otherwise what else can we do? Most of us are so gullible.

We should absolutely not want corporations to be arbiters of morality.

No, of course not, but like everything, it's a spectrum. I wouldn't want a big corporation like FB to play a meaningful role in deciding what is and what is not moral (or factual), but at the same time I don't want FB to be a trivially manipulated medium for targeted disinformation and divisive propaganda. For example, a hostile state actor doing things like showing white rural retirees ads for fictional BLM recruitment drives to stoke fear/hatred/misunderstanding among the US population.

A completely hands-off approach is also corrosive and destructive. They're stuck trying to thread the needle, to balance civic responsibility while avoiding being an overbearing gatekeeper. I don't think it's possible to pull it off in such a way that they are not overstepping bounds in one direction or another, but as long as the pros outweigh the cons of whatever approach they take, it'd still be infinitely better than doing nothing.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact