Hacker News new | past | comments | ask | show | jobs | submit login

What's utterly horrifying about this whole thing is how the media is acting as if this is some sort of surprise. Like what did you think was happening at a company collecting data about billions of people? Especially at a company that has a CEO who is famous for calling its own users dumb fu * * s? A company that experimented on at risk teens. Like come on.


Or lordy, didn't expect this comment to blow up this much. Do forgive me if it sounded a bit smug, that was not my intention. But the fact of the matter is this was something we were all warned about, we were shown countless examples of exactly this, not just us nerds, everyone, people like Edward Snowden risked their lives telling us about how all this data was being used against all of us. and yet everyone kept giving more and more, you were looked at like a tin foil wearing nutter when you told people not to give away so much information about themselves so easily.

At the end of the day, this is not really 100% facebook's fault, this is our fault, the fault of everyone who so readily made their information available without giving much thought to who sees it and what happens to it. And no just because you are not a techie you are not off the hook for not caring enough about your own privacy. I mean what level of technical knowledge is needed to know that once you post something online others can see it?

Funny thing is, this would all blow over after a few months, and everyone will go back to the usual habbits.

It reminds me of the Snowden leaks about mass surveillance programs like PRISM. I think most technical people expected something like that to exist ever since the internet became mainstream. Still, if it's just an "educated rumor" without hard evidence there's not much for the media to talk about. Up until now you could only say "it seems pretty likely that Facebook is doing something like that, but we don't know for sure". That's not enough to make an article and that's not enough to convince the general populace apparently.

In general it's pretty amazing how trusting the average human being seems to be as soon as computer are involved. I suppose that it's mostly out of ignorance and complacency. People seem a lot more careful when physical mail is involved than emails for instance. They also don't hesitate to share extremely intimate details about their private lives with a faceless corporation. Some of my friends willingly opt into streaming their position in real time continuously through their smartphones. That's terrifying to me but apparently very convenient for them. I think Zuckerberg agrees with my sentiment since that's the source of his "dumb fucks" comment.

I hope these articles will help change that mentality but I'm not overly optimistic. I read a comment on a forum earlier today that basically said "screw Facebook, I'll close my account and do everything from WhatsApp instead". I don't think it was sarcastic.

I think the trust is a new thing though, new to the social media age. I remember growing up with computers in the 90's and people I knew wouldn't even consider entering a credit card number on a website. Now we give them freely. People used anonymous handles on AIM. At some point this changed and people decided they could be themselves on the internet, which is a fine idea, but the trust just went too far.

And I believe Facebook was largely the site that got people comfortable using their real names and personas online.

Exactly. Another example is applications "phoning home" (desltop applications sending information back to the server) that not that much ago was considered a serious abuse. And people on forums would lambast you when you asked how to implement something like that. Now it's called telemetry and is the norm.

Indeed, I remember the backslash ZoneAlarm got for this. Lots of people changed to another firewall as a consequence.

This was visible when using credit cards in stores, too.

1990s: your signature needs to match exactly so we know it's really you!

2000s: you must enter a PIN that hopefully only you know?

2010s: fuck it just tap the card near the reader

Another educated rumor: As soon as Al Franken suggests regulating Facebook under Net Neutrality, pictures surface that destroy his political career.

What exactly would Net Neutrality do to Facebook?

Basically the same effect supporters were asking from NN for telecoms:


“No one company should have the power to pick and choose which content reaches consumers and which doesn’t,” said Franken. “And Facebook, Google and Amazon, like ISPs, should be neutral in their treatment of the flow of lawful information and commerce on their platform.”

And then one week later, his political career was suddenly over. Politicians got the message loud and clear; Don't F* with Facebook.

Is there any reason to believe that Facebook had anything to do with releasing the pictures of him groping a woman?

Stop them from making zero-rating deals with ISPs.

I doubt they'd even need to make deals. Customers would blame ISPs for Facebook being slow before they'd blame Facebook.

This doesn't even strike me as crazy or "out there" anymore, which is so sad.

> Some of my friends willingly opt into streaming their position in real time continuously through their smartphones

How do you avoid this? I have a GPS in my car with stored routing information, but if I need to navigate for someone else or get walking/biking directions, I am forced to do this. Printing out directions beforehand is something I did only a few years ago, but these days I don't always have a chance to do that.

I think he means his friends use location sharing apps, where you can actually tell people "Open this app/URL to see where I am right now.".

I remember installing a dating app one evening, and thinking "I'll look at it tomorrow.". Next evening, I opened and it said "This stranger and you were both at this subway station around noon!". Geezus Christ! I didn't even open the app the whole day! Uninstalled it straight away.

On Android, you can open your Google account settings and disable their always-on location tracking "service". Of course, you have to take Google's word for it, and that doesn't stop GPS from working for apps like Maps when you request it.

I usually leave Location services off. I'll enable them for 5-10 seconds, get the directions from Maps, then disable the Location service again. Of course, they can still estimate my location with cell towers (or WiFi, but I usually have that disabled as well), so it's not a perfect solution. Saves a lot of battery life, though.

you can can disable your access to it and its background upload to google. If you read the fine print the "anonymized" gps/cell-tower/wifi data is still used periodically by google to refine their maps etc. Same for apple, same for the GPS in your internet connected car.

I think the person you are responding to is describing something different. If you use, e.g. Google Maps, to get directions while driving, Google knows where you are in real time but no one else does. If you share your location on e.g. Facebook Messenger, your friends can see where you are for the next hour. Presumably there are other apps which will share it continuously.

> as if this is some sort of surprise

Most people don’t think “the data used to sell me milk could be used by politicians.” And those that do didn’t think “political ads today could be replaced by surreptitious foreigners tomorrow.”

If your reaction is “they should have known” you are in a Silicon Valley thought bubble. (I was until recently, too.) What you find “horrifying” is that bubble’s edges fraying.


“Of all the news crises Facebook has faced during the past year, the Cambridge Analytica scandal is playing out to be the worst and most damaging.

Why it matters: It's not that the reports reveal anything particularly new about how Facebook's back end works — developers have understood the vulnerabilities of Facebook's interface for years. But stakeholders crucial to the company's success — as well as the public — seem less willing to listen to its side of the story this time around.”


> If your reaction is “they should have known” you are in a Silicon Valley thought bubble. (I was until recently, too.) What you find “horrifying” is that bubble’s edges fraying.

What if your reaction isn't "they should have known" but rather "they should have listened when I told them this!"?

> What if your reaction isn't "they should have known" but rather "they should have listened when I told them this!"?

Then you, like me, are still figuring out how to message privacy as a priority to non-technical folks. Maybe it’s an issue of timing. My “delete Facebook from your phone and log out, by default, on your desktop” pitch was more productive yesterday than ever before.

Last Week Tonight did this bit brilliantly when they interviewed Edward Snowden - https://youtu.be/XEVlyP4_11M?t=1437 - in essence we need to get dramatically better at telling this story so everyone understands.

This is what many people would call a Teachable Moment. That rare opportunity when a person’s belief structures are shaken up enough that you can unstick their education by reintroducing and idea they previously resisted.

As a matter of fact, this is news and surprising for most users of Facebook even if it's not for you. By saying that no one should be surprised, are you not taking the same condescending attitude that you're pointing out in Zuckerberg?

This is not news.








The real discussion to be had is how do you know that the person is actually aware of giving consent, similar to how a recaptcha verifies whether or not you are a human. I see in the future, some sort of test for users, that verifies that they read the terms of service, as a form of consent for the user agreement.

Edit: Fixed all urls. All work except, cnn where you have to copy paste.

There can be no consent for the usage of your data, as it is impossible to grasp in what ways the data will be used exactly, what deep learning algorithms will learn from it and what impact it will have on your life and society as a whole.

Good. Under GDPR, if there can be no consent, there can be no data.

> some sort of test for users, that verifies that they read the terms of service, as a form of consent for the user agreement.

This will only happen if terms of service get vastly shorter, or if a law is passed that forces it. I would bet that any such measure would absolutely destroy user signup metrics, which means that not only do companies have no financial incentive to take such measures, but they also have an active financial disincentive to make the "I read the TOS, let me sign up now" process any more complicated than they absolutely must.

I'm also pretty sure that the everyday user would be pissed about that additional barrier to entry.

Fixed URL formatting so all links are clickable, and sorted roughly by year:

(2010) - http://www.zdnet.com/article/fbi-feds-collect-facebook-socia...

(2010) - https://www.technologyreview.com/s/418971/facebook-personal-...

(2011) - https://www.independent.co.uk/life-style/gadgets-and-tech/ne...

(2011) - https://blogs.wsj.com/digits/2011/09/26/facebook-defends-get...

(2011) - https://techcrunch.com/2011/11/01/researchers-flood-facebook...

(2012) - http://www.nytimes.com/2012/02/05/opinion/sunday/facebook-is...

(2012) - http://money.cnn.com/2012/03/22/technology/facebook-privacy-...

Also, I tried unsuccessfully to convert all those URLs to use HTTPS, but it either failed to connect or the server forced me back to HTTP. That's rather sad.

Well, it is extremely naive to think that Facebook does not use all the data they get about you. Then again, most people are very naive about this kind of everyday technology.

That's just your perspective. I live in the Germany where we have very strong data protection laws. Is it natural for people to assume that these laws are broken at such a large scale? And that abuse goes completely unchallenged for years?

Data protection laws are so strong in Germany that they let registration offices sell your data if you don't explicitly opt out. Most people don't even know whats going on and that they have to opt out to avoid that. Or German credit scoring institutions, who are allowed collect data about you even if you don't have any mutual agreement with them.

German credit scoring institutions collect data on behalf of banks, insurances, etc., and you need to consent that they send data to the credit scoring company. So you are actually consenting. If you never give consent to any such party, the scoring company must not store data about you (and most probably won't, they are tightly observed by data protection agencies).

It will become interesting with GDPR, when customers start to revoke their consent to exchange data with credit scoring companies.

I guess he wants to hint you to the fact that the "Einwohnermeldeamt" is allowed to sell your data to a "Addresshändler", see https://www.teltarif.de/datenweitergabe-adresse-einwohnermel...

Yes, that is a legitimate complaint.

I was only referring to the remark about credit scoring companies which I believe to be wrong

I agree with you that not everything is perfect in Germany with respect to data protection. Not even close. However, our data protection laws are uncontroversially stronger than elsewhere (specifically compared to the US), and I'm almost certain that the courts will find that Facebook violated them.

Maybe, but what sucks about Germany and the EU is the arbitrary nature of many laws, enabling them to selectively punish those who don't play their game. By not being able to define clear boundaries, you give them the power to rule over who can succeed and who not. Data is what fuels businesses in the end.

> but what sucks about Germany and the EU is the arbitrary nature of many laws,

In what way is the law used arbitrarily? I would like some sources for this claim.

AFAIK the law in the US is much more arbitrary in the sense that a lot of it is case law. Until such a case has been before a jury, and jurisprudence has been established it's basically a coin toss.

The thing that may feel arbitrary is simply the fact the laws in Europe actually enforce privacy, whereas a company, and people, form the US expect that these laws are teethless.

This registration office law has finally been changed to opt-in just this year.

> Is it natural for people to assume that these laws are broken at such a large scale?

Across international boundaries where those laws may be difficult to enforce because other countries are not in sync with them? Hell yes. Call me cynical, but...

> Is it natural for people to assume that these laws are broken at such a large scale? And that abuse goes completely unchallenged for years?

In Germany where data-leaks (which are a symptom of insufficient data protection) at telecommunication providers seem to happen on the regular, with no (reported) punishment as a result, yes I think that is a bit naive.

If you're dealing with large companies, it is. You should assume that. I have no doubt every major company in the world is covering up some serious crimes constantly. And FB has been egregious and it has been covered by the news. Also, why do you expect German laws to protect you from an American company?

More specifically, I think many people are naive about how it can be applied to their lives.

Every company tracks you. From what you purchase at target, to broad pattern behavior tracking on the web via ad companies, I think most people know their being tracked at various stages for various reasons.

However, is it bad that target knows I like to buy grass fed beef? Probably not. It reveals some things about me, but I am far less concerned, as are most I imagine. This same mindset is what fuels people when they don't care what FB/etc is doing. Not that it's right/wrong, but I think people don't care who knows about their lunch or catpics. Thinking that's all that FB could gain out of it.

Humans in general are really bad at thinking long term. Nothing bad happens immediately when you sign up to FB, when you post personal information, when they sell your data, etc. For a lot of FB users, it might be 20 years before they regret their actions. That's just a hard feedback cycle for people.

You must probably don't know how powerfull this analytics are. Is it possible to correlate and infer all kind of data, based on other signals, what kind of person are you.

For example if you drive a bicycle and eat beef, most likely you have a certain income, have a certain family type ( you use same IP!! ) , which means you might have a certain political view and concerns. And this is where targeted manipulation is active, they can drive you in a certain direction. Psychology at it's best.

This is how you win an election.

Agree completely. Does it say much more than my job though? My car? my public travel patterns? etc. There's a reasonable about of information about me that I expect cameras on every corner to know.

Giving my information to FB/etc though? That's another story.

It's both naivety and lack of understanding, which as I've said before is by far the #1 problem with getting people to want more privacy.

It's really not that they "don't care" about privacy, even if they themselves think that's what it is. They usually say that because they don't understand the 1,000 horrific ways in which that data about them could be exploited, from personal blackmail situations, to identity fraud, to manipulating elections, to using it against them in court in a possible future conflict with law enforcement, and in many other situations.

I've seen people who are typically quite "anti-privacy" because "they want to benefit from Alexa, Google Assistant" and other such gimmicks, and "aren't scared" if Google or Amazon holds their data, because after all it's not the government holding it (ha! good one).

But now they've deleted their Facebook accounts, because they're finally beginning to understand the implications of these companies holding all of this data about them and how it could be abused. And it's still early days. It's only going to get worse from here, as we see more such abuses using Facebook, Google, Amazon's data, carriers', and other data hoarders' data.

Most people are extremely nontechnical and are inadvertently ignorant rather than naive.

People that don’t have jobs working with data, who are not technical or mathematical, aren’t going to know.

Are people not taught about "stranger danger" as kids anymore? Why do they just trust that someone won't abuse the information that they hand over?

That isn’t what this article is about.

If people just followed a little bit the news, we had the PRISM scandals going on for years, it's hard to not notice that.

Yes, this is news. However, it really shouldn't surprise any users of facebook that facebook would find ways to monetize their data, being carelessly abusive in the process.

Well, I was with you right up until the gratuitous equivalence to Zuckerberg.


No, they're not.

Look, I'm a developer, I'm somewhat privacy-conscious, and I quit Facebook years ago because they're slimy.

But "doesn't keep up with technology and privacy news" is not the same as "dumb". For any product as big as Facebook, there are people of all kinds using it, including many who are brilliant.

Is it wise to trust Facebook with your data? No. But not having come to that conclusion doesn't make someone dumb. Please don't be so condescending. I'm sure many of those "dumb" people could be condescending about some of your life decisions based on their own expertise. But it's not helpful.

Parent comment is making a sarcastic reference to Zuckerberg's comments about facebook users.


Why do we censor words? Aren't we all adults here? Does HN have a policy about this?

We're adults here but that doesn't mean we should pursue a higher level of discourse.

If you want cursing or other low content, there's always Reddit.

Self-censoring is in no way 'a higher level of discourse'. Not using curse words is one thing, but in some situation (esp. like this where a direct quote is used) there is no real reason to censor swear words in an adult conversation.

Exactly. It's not that you are not using the word if you put several asterisks instead of the actual letters.

I know it's originally from a Zuckerburg quote but the point is that if you want to call someone a dumbfuck, call them a dumbfuck. Censoring the latter half doesn't somehow elevate the discourse.

I mean on average the readership of HN are vastly more likely to be aware and care about their data and identity privacy than the average facebook user. so in this sense you're not wrong.

Just so the quote [2004] isn't out of context:

Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS

[Friend]: What? How'd you manage that one?

Zuckerberg: People just submitted it.

Zuckerberg: I don't know why.

Zuckerberg: They "trust me"

Zuckerberg: Dumb fucks

I'm sure you can do a better job at illustrating your point than ressucitating a +10y old quote from Zuck, 19 at the time.

Teenagers and college students say a lot of condescending, dumb, immature stuff in group discussions. It's not news and no evidence at all.

> I'm sure you can do a better job at illustrating your point than ressucitating a +10y old quote from Zuck, 19 at the time.

I don't need to. Facebook just illustrated it for me.

It's the core of the business. I'm sure we'd all like to have more recent direct quotes, but Zuckerberg is much more careful with his public image than he used to be. We have to infer it from the actions of the company he controls. I see no evidence anything's changed besides the PR.

Back then, it actually was "dumb" to give a random website so much personal information. Facebook had no reputation. Zuck could have stored passwords in plaintext and hacked email addresses and Paypal accounts. Now, we know that Facebook is a legitimate business, so we know they aren't going to do anything too illegal with our data.

It’s a raw quote. Is it inaccurate?

IMO it’s very apropos because it sums up the core attitude of the company. That 19 year grew up to become one of the richest and most powerful men on the planet, with unchecked power.

It's not some random edgy thing he said - he is literally describing his attitude towards the actual thing under discussion, the sanctity of people's private data on thefacebook.com. And the attitude displayed is not just questionable, but Literally The Worst. I suppose we're meant to believe he had some kind of spiritual awakening about it? I'm sure becoming a billionaire really made him see the error of his ways.

Oh please. Aaron Schwartz never said anything like that at his age. Mark Zuckerberg is not a baby, not even at 19.

> Teenagers and college students say a lot of condescending, dumb, immature stuff

Please. 19 is not 5.

You forgot the preamble, "Yeah so if you ever need info about anyone at Harvard - Just ask."

Makes it even creepier. He was willing to dox people for social cred, before he realised the data had financial value.

Got the original screenshot perhaps?

I mean this is HN not Reddit, so I expect most people to know the context of that comment by now (on this site) and his apology and explanation of it.

On Reddit the normal person can be forgiven for not knowing the full context of quote, but this quote has come up on HN many times over many years.

can you help me out here? what is the context/explanation?

The context is he was 19 and the quote's from an instant message conversation.

I've never seen an "explanation." It seems self-explanatory. I haven't seen an apology either, but this was in the New Yorker:

When I asked Zuckerberg about the IMs that have already been published online, and that I have also obtained and confirmed, he said that he “absolutely” regretted them ... Zuckerberg’s sophomoric former self, he insists, shouldn’t define who he is now.


“The media” has always been sceptical of Facebook, and I’d love to see examples of them “acting surprised”. In fact I would guess your scepticism was always informed mostly by what you and those you socialize with read in “the media”. The current scandal’s staying power in the news is similarly based on journalists’ pent-up suspicions finally finding a vehicle to be expressed in public.

These stories are newsworthy because they represent the break from generalized scepticism to specific examples of harm. If the New York Times had waged a nebulous campaign against Facebook without clear evidence it would have rightly been accused of getting ahead of the facts.

As someone who considered himself reasonably well-informed about the privacy implications of Facebook, the "friend permission" was still news to me. That Facebook would share my profile data with a third party because some Facebook contact of mine "allowed" it, is utterly horrific. It is also a clear and massive breach of EU data privacy laws. (Which unfortunately seem difficult to enforce against international companies at the moment; the GPDR can't come soon enough!)

In any case, if this should have been known by everyone already, I guess Facebook has no reason to panic if it's all over the news now. Just a bit of publicity for them, right?

There were settings to disable it, but really they should have been private by default:


It was fairly well known at the time I thought.

I 100% agree, it's the friend permission thing that is criminal. Facebook no doubt covered their asses legally via the TOC, but I hope that the misleading nature of the (complex and ever-changing) privacy settings is mentioned in a lawsuit one day.

It's not a surprise to most readers of HN, but most people are not readers of HN, and take things at face value, where face value is what they see in advertisements and hear from their friends.

People still have an expectation of privacy, even when, from an HN perspective they should be extremely skeptical about having such an expectation.

"Parakilas, 38, who now works as a product manager for Uber, ..."

So from one reckless company that doesn't give a damn about the law to the next. Who teaches developers that it's okay to work for anyone as long as the tech is cool and the salary is great?

> Who teaches developers that it's okay to work for anyone as long as the tech is cool and the salary is great?

Who teaches them otherwise?

Absent parental/primary-school-instilled ethics, rather a lot of engineers operate in a bubble of like-minded (and similarly-employed) people, making large amounts of money, and are often insulated (voluntarily, deliberately, or accidentally) from the impact of their work.

What could be changed to improve on that situation? I've heard simplistic suggestions to "sue the C-class until they learn/abandon the incredibly lucrative profit motive", "fire/imprison engineers whose changes harm people", and "make the bridge-builder stand under bridge they built" (whatever that means in a software context). Those seem utopian. What tangible, plausible changes can be made to improve on developer accountability (for their work) and discernment (about prospective employers)?

Make your new hires watch the multiple camera feeds and lidar of that woman being run over again and again until they really really understand that they're working on life-critical systems.

That might help if you're making something that, if broken/misused, can directly physically harm people.

What about if you're making a social media app, and the ethics are less clear-cut? It's not like you can show every new hire footage of Trump and drive home the negative impact of data mining/sharing--the causal link is tenuous, the viewer might sympathize politically, or they just might not care about politics.

Ethics in the abstract is very hard to teach; object lessons are easy.

Even nerds understand that one painful social experience can have lasting negative effects.

It’s blinders. Plain and simple. I’ve worked with too many developers who will pander for money. A few that tried to shame me for not being on board (my life skills tell me calling someone a whore in a team meeting is a bad career move but it doesn’t stop me from staring at them and thinking it). When enough money is on the line principles get set aside. We like to think our cohort are above this sort of thing but the evidence clearly doesn’t support it.

I think a lot of software engineers (past me included) are genuinely persuaded that tech really is going to change the world for better and that it’s the way to do good social changes, because “politics is too complicated”.

Then the corporate koolaid of come and tell you you’re doing the most important thing in the world and you just eat it.

Well, the reason is that people in general aren't often ethical, when they seek to benefit personally. It's not taught; it's the default setting.

I wish a little philosophy and ethics were part of the curriculum. This would not be to inculcate normative values, but to help eng students clarify what they believe, and what the implications are.

That said, most engineers I've met who work on sketchy stuff are either naive, apathetic, or suffer from massive cognitive dissonance.

The latter will too often regurgitate the self-justifying language of the business people in their companies.

Ever listen to ad tech people spew absurdities about people wanting to be engaged with "their" brands? How about the justifications for massive data collection and analysis - targeted ads are so much better for people. Pfft.

Then there are, say, NSA engineers who convince themselves that what they do is necessary, if illegal. That said, I saw a lot of NSA LinkedIn profiles that swapped out NSA for DoD a few years back.

Company leaders tend to hand employees ideas and the slogans to repeat to themselves and others. The internal spin is huge and insidious.


My undergrad Computer Engineering curriculum as far back as the mid 90’s offered a dedicated “social and ethical issues in computing” course, which included not only ethics but the societal issues around hacking, copyright, automation, robots, etc. Do these courses no longer exist? I think tech professionals ought to agree to Do No Harm and be held accountable when they do. Problem is the vague and debatable definition of “harm”.

Every ABET accredited degree (CS and/or CE) has a minimum requirement for ethics courses. The software industry just doesn't have a minimum requirement for accredited degrees (or any degrees at all, for that matter).

I actually know Sandy and he’s a conscientious guy who cares about this stuff. He’s a good dude who wants to make positive change by being in the conversation.

There were many people working on the Manhattan project who then later became nonproliferation advocates. I personally would rather that people feel like they can work for companies that have made mistakes and voice their opinions about where things should go. It would be pretty hard to find out what is happening at companies if there weren't former employees talking about it.

> So from one reckless company that doesn't give a damn about the law to the next.

Uber doesn't appear to have historically given a damn about the law, but AFAIK it has historically given a damn about its users. Facebook, OTOH, doesn't appear to be giving a damn about its users.

As for the law: there are plenty of unjust laws out there; I respect someone who fights unjust laws such as the taxi monopolies. I don't respect someone who fights just laws.

Why should Facebook give a damn about their users? Users are the raw material. It’s like asking a car manufacturer to give a damn about the feelings of sheet metal or how emotionally satisfied door handles are.

You get to work with cool stuff and get paid money! Who cares about ethics, it's not like you suffer consequences on failure. (I'm not entirely sure the companies do either...)

Yes, I think we are ready to grow out of the "arrogant jerk" phase of tech.

The tech wizards who build things and run these companies:

1. Are not smarter than you

2. Do not have your best interests in mind

3. Will lie to you repeatedly

4. Will do everything to avoid negative attention or consequences

Stop worshipping anyone. Not Jobs, not Zuckerberg, not Gates, not Musk, not anyone. They aren't on your team. I don't care if they look like you or represent something you are really passionate about, you still need to be skeptical.

Bravo! While I hope that some (IE, Musk) have our best interests in mind, it’s of utmost importance to keep in mind that any individual (and particularly, any organization) has their bottom line as their top priority.

This exact same scandal broke in 2012 only it was with Obama’s campaign. It is humorous to see the media much more outraged when Republicans do it, as if it wasn’t that big of a deal when Obama did it.


Edit for interesting link to the 2012 Facebook election data story.

The media likes to get people's eyeballs just as much as FB. They will over react to get views.

If those little radio buttons in privacy settings do literally nothing on the backend, then FB could have a massive legal/financial battle if they knowingly ignored user preferences and sold off unaggregated data for profit.

What did you think was happening at a company collecting data about billions of people?

I'd expect it to use it for advertising targeting. The privacy settings I've put on there exclude other uses.

Surely you understand the difference between the media reporting on facts vs. general public speculation.

Well, for the past few years, the media has been a "partner" of Facebook. Now it's not any longer. Seems like a wrong move for Facebook to dump the media like old clothes. Whoops.

I even remember such articles from TheGuardian before decrying that people are "going dark" - no, it wasn't about using Tor or VPNs. It was simply about using tracking protection.

A lack of novelty is no reason to be dismissive.

I just posted a comment but I will reply here too. The bullshit excuse that used to circulate, even on HN, is that Facebook would never sell the data directly because it was too valuable. Instead they would just sell targeted advertisement.

None of this would have come to light if the "right" person had won the elections. The moment Trump won, the campaign against social media began, first with the "Fake news" meme, then "Russian hacking", YouTube's adpocalypse and now "Facebook data breach". Some people are getting very scared that the traditional manufacturers of consent are losing their grip on people's minds.

And I am not in support of the mass surveillance exercised by those companies, just noticing the timing. When Obama won, his data scientists were hailed as geniuses. What do you think they were doing?

I don't think anybody is arguing against using data science in elections. What people are talking about is data theft, stealing private info(like emails, photos, etc) and stuff like that.

Its a bit like comparing withdrawing money from your bank account and robbing a bank.

> Facebook was surprised we were able to suck out the whole social graph, but they didn’t stop us once they realized that was what we were doing.

> They came to office in the days following election recruiting & were very candid that they allowed us to do things they wouldn’t have allowed someone else to do because they were on our side.

An Obama Campaign data scientist from the 2012 campaign explaining how they did the exact same thing but Facebook were ok with it "because they were on our side".


Everybody knew about the data leaking for 'quizzes and games' since 2009 http://www.cbc.ca/beta/news/technology/facebook-breaches-can...

WikiLeaks also covered this earlier in their spyfiles warning. People don't care that a political opinion survey being spammed around by their friends is actually harvesting their details in a campaign dossier to manipulate them directly later.

> Like what did you think was happening at a company collecting data about billions of people?

"A more productive answer to someone saying something you agree with is “I agree”, not mistakenly berating them for not agreeing sooner." (https://news.ycombinator.com/item?id=16627766)

It's not like huge numbers of people didn't know about global warming before society started caring about fixing it.

I can't disagree enough with a "blame the user" attitude.

First, it absolves the perpetrators, who are definitely in the wrong. I include both FB and CA in this category.

Second, it is becoming clear that there can be no such thing as "informed consent" in a networked world with respect to data privacy. Zeynep Tufekci, whose writings I heartily commend, had a good article on it a few weeks back.[1] She argues both that the actual uses known of that data are not fully described in consent waivers, and also that it is not possible to know ahead of time how that data will be combined, recombined, projected, analysed, and used in the future to fully consent to all those things. Even if you could do so for yourself as an individual it's not possible to consent to the effects of the combination of an entire society's data as a whole, on others.

Again, it's not possible to obtain informed consent in today's privacy environment, so let's stop blaming the victims.

[1] https://www.nytimes.com/2018/01/30/opinion/strava-privacy.ht...

> Funny thing is, this would all blow over after a few months, and everyone will go back to the usual habbits.

It can't blow over in the UK or the EU, because it is seriously f-ing illegal in those places.

Yes, we "knew" it was happening before this (hence all the regulatory steps taken that were dismissed as anti-American protectionism), but we were lacking hard evidence, so all we could do was reinforce regulations and regulatory authorities.

Now that shit has leaked, it's simply not an option for those authorities to not act. Not to mention the fact that they really, really want to act.

So no, this will not blow over. Maybe in the US and/or the media, but not where it matters.

> What's utterly horrifying about this whole thing is how the media is acting as if this is some sort of surprise

I agree. A couple of generations ago the media was much more combative and willing to take on the powers that be (and each other). By this time most media outlets would have been saying "told you so (many times)". Unfortunately, now media mostly follows trends and competes on beauty of their talking heads, which is a lot safer than, say, investigating slavery or organized crime.

Yeat, especially considering that:

- This was part of an open API, you just needed to sign up for free. There is no data breach.

- EVERYONE was using it - this consisted mostly of games like Farmville. This is how they can show your friends progress and their profile pic.

- It was shut down more than a year ago.

Actually there is no newsworthy thing at Facebooks side at all, the new thing is that companies built games just to harvest this data and use it for something else.

“I am shocked to learn that there is gambling going on in this establishment.” “Here are your winnings, sir”

I don't understand how you seem to be surprised some people find this horrifying. /s

It's like the diesel scandal, IMO. Everybody in the industry knows what's going on, but that doesn't mean the industry's Overton window isn't liable to be reset with severe repercussions once the general public gets looped in.

I know this is HN (where it is probably less of a surprise) but for a wider audience taking this kind of opportunity to write a smug comment might just be harmful to them, their privacy and their rights.

Would you rather the media report on unsubstantiated rumors and assumptions, or would you rather they wait to report things until they have evidence, or a source who can verify the information?

Facebook offers their service FOR FREE. What did people expect?

I would call my users dumb fucks too if I was 19

Fascinating to watch - it shows how much power media has to put a topic on the global agenda if it fits into their preferred narrative.

Facebook's current problem is that they've now created a lot of enemies and they're running short on friends. This isn't quite as bad as it sounds, because creating enemies when you reach this scale is inevitable, so the mere fact that Facebook isn't everybody bestest bud ever is not intrinsically a problem. However, one of the fundamental ways to defend yourself when you reach this scale is to act with a certain amount of ethics and decorum. Ethics are not just about being good to other people, because all sensible formulations of ethics have reciprocity in them, so if you are good to other people, even your enemies will, if begrudgingly, cut you some slack.

Facebook has reached this size but has not prepared itself for it, and what's happening is that they took a bit of a stumble, and absolutely nobody is rushing in to defend them because they've burned all bridges. The media hates them for the economics of taking over the media industry and their ad revenue, and making them dependent on them. Conservatives have a pretty solid case that they are being censored by the platform systematically, even if it isn't true they feel it is true, so no friends there. It's pretty obvious that Facebook can expect no help from the Republicans in general. The Democrats may not hate Facebook, but there's no positive reason to burn very much political capital on helping them. (After all, they didn't deliver this time, did they?) And increasingly, the chickens are coming home to roost with their customer base, as fears about surveillance, power, and abuse of power are now going from vague fears to metastaticized, realized issues with Facebook that appear to affect it down to its very core.

It's not just the media narrative, though that's true enough... everybody is now at best neutral towards Facebook, and they're accruing enemies fast, not least of which is an ever-increasing portion of their own customer base(s).

How will they get out of this one? It's possible this will just die down this time. But these forces aren't going anywhere, and if it isn't already too late for Facebook to change course on this, the clock is definitely reaching midnight fast.

You have a point there. Genereally speaking I agree that Facebook itself is on it's path down. Do they have enough money to just hang in there and buy the next thing 'what the kids like'?

They already have. There's massive migration towards instragram, owned by FB, and whatsapp has always been huge (owned by FB).

Let me guess. It’s a globalist media conspiracy to take down Trump?

I don’t think you have to be a conspiracy theorist to find this weird.

Facebook has been aggressively monetizing user data for years. They are just one player in an entire industry built around this business model.

The existence of this industry is most obvious to technically literate, who you can generally identify by their use of strong ad blockers and password managers. But it’s been reported on before [0]. Online privacy is not a new concern... just look at the “Facebook is listening to me” meme.

So what I want to know is: why now? Why Cambridge Analytica? Why Facebook?

Here’s my best take so far.

1) Facebook’s user base is so big that it’s a relevant political constituency, and thus democratic governments have a reason to care.

2) Facebook creates an expectation of privacy and illusion of control that doesn’t exist with public-first platforms like Twitter

3) Cambridge Analytica is a scummy company in many respects, not just their work with Facebook data. They got lots of Facebook data from a third party who probably wasn’t authorized to sell it to them. This makes them a good candidate for regulators to make an example of.

4) Cambridge Analytica is closely tied to the Trump and Brexit campaigns, both of which are regarded as “dangerous perversions of democracy using lies to exploit vulnerable people” by exactly the kinds of political and media organizations that are driving this story.

Overall, I think this is a “Pigs get fat, Hogs get slaughtered” situation. The industry’s toxic practices are finally causing enough damage that institutions responsible for protecting the public (government, real media) are responding.

Bravo, I say.

[0] WaPo has an article explaining this on the front page today https://www.washingtonpost.com/business/economy/facebooks-ru...

No but in the grand scheme of things, things like the Yemen Civil War that has been ongoing since 2015 has gotten less attention in our media than a single Donald Trump tweet.

For lack of a better word: sad!

It would be sad if you were correct, but you're not https://www.bbc.co.uk/search?q=yemen+civil+war

The plain number of articles on a topic is not a useful measure for their impact. A dozen newsticker reports will be remembered less than a single frontpage article.

I would be optimistic if most Americans actually read the BBC ( or read, for that matter). I would venture to say most however, do not. For example, a popular right wing propaganda news source that most Americans watch has had a handful of articles this year, and skimpy coverage on air.

Do you find it hard to believe that an organization based in the UK, and citizens of that union, are more interested in whats going in Yemen than an organization based in the US, and of course the citizens of that union.

I know whats happening in Yemen, I've read the facts, and now I don't care anymore. I don't want to see it in the news everyday because it wasn't relevant to me when I read about it and it has practically zero chance of every being relevant to me.

What Trump said about xxx person at yyy place is varying degrees of relevant to my life, all of those degrees more so than Yemen.

If Fox had a large Middle Eastern demographic that it's advertisers cared about, you would see Yemen Nightly at 7:30 without question.

> Do you find it hard to believe that an organization based in the UK, and citizens of that union, are more interested in whats going in Yemen than an organization based in the US, and of course the citizens of that union.

Yes, because on the other side of that conflict is the Saudis, who are one of our biggest "allys", and of course, the other side of the coin is the general hypocrisy of caring what goes on in other parts of the world and not this one because it doesn't fit a specific narrative.

> What Trump said about xxx person at yyy place is varying degrees of relevant to my life, all of those degrees more so than Yemen.

I don't know how to not say this in a disrespectful way, but I really feel sad for you on a personal level if that's truly what you think. I have a feeling that you are just attempting to be a contrarian in this instance.

There is a concept called "News Values" which explains this. https://en.wikipedia.org/wiki/News_values

Anything Donald Trump says is more relevant to the west than Yemen.

Not at all. Just media's desperate hunger for any story that paints Trump in a bad light. The recent video evidence on Cambridge Analytica shows that they were at least shady in their operations. But their approach to targeting voters and scraping Facebook userdata would have been described as brilliant data wizzardry if it were done for the other side.

You can perform brilliant data wizardry without deceiving people. Micro-targeting has been around since the 60s. There is a huge gulf between finding people receptive to an ad whose content you publicly endorse and creating astroturf sites and fake news content to manipulate people's world view.

I keep seeing comments which equating cheating and cleverness. If I win a chess game by moving making illegal moves this is not a sign of my brilliance. If you can't distinguish brilliant play from cheating, perhaps you don't understand the game.

The Obama campaign literally did the exact same thing as CA.

See this thread: https://twitter.com/cld276/status/975564499297226752

Here's Time describing exactly the same tactic of friend-mining and using the data for targeting, and praising it as a game-changer: http://swampland.time.com/2012/11/20/friended-how-the-obama-... ctrl+f privacy -> no results

When we do it it's awesome, when they do it it's a data breach, it's a privacy violation, it's a breach of trust, and it requires government regulation.

What is cheating, in reality? What are these rules you endorse? What makes a hypothetical not cheating but a hypothetical presented as fact cheating?

And it was described as brilliant, when Obama did it in his campaigns.

It was also described as "groundbreaking", a "game changer", and "an application that will change the way campaigns are conducted in the future" [1].

When Obama's campaign did it, it was heralded as the future of democracy. Even the social media director for Obama's 2012 campaign acknowledges that they did the exact same thing that CA is being blasted for now [2]. I'm not sure why you're getting downvotes other than people just wanting to suppress the truth.

1: http://swampland.time.com/2012/11/20/friended-how-the-obama-...

2: https://twitter.com/cld276/status/975568130117459975


... the campaign literally knew every single wavering voter in the country that it needed to persuade to vote for Obama, by name, address, race, sex and income.

...the digital-analytics team, led by Rayid Ghani, a 35-year-old research scientist from Accenture Labs, developed an idea: Why not try sifting through self-described supporters’ Facebook pages in search of friends who might be on the campaign’s list of the most persuadable voters? Then the campaign could ask the self-identified supporters to bring their undecided friends along.

...They started with a list that grew to a million people who had signed into the campaign Web site through Facebook. When people opted to do so, they were met with a prompt asking to grant the campaign permission to scan their Facebook friends lists, their photos and other personal information.

So, they used Facebook data, including "Friends" lists and personal information that those "Friends" had never directly consented to providing to the campaign.

Quoting a conservative source:

[1] How did Facebook react to the much larger data harvesting of the Obama campaign? The New York Times reported it out, in a feature hailing Obama’s digital masterminds:

The campaign’s exhaustive use of Facebook triggered the site’s internal safeguards. “It was more like we blew through an alarm that their engineers hadn’t planned for or knew about,” said [Will] St. Clair, who had been working at a small firm in Chicago and joined the campaign at the suggestion of a friend. “They’d sigh and say, ‘You can do this as long as you stop doing it on Nov. 7.’ "

In other words, Silicon Valley is just making up the rules as they go along. Some large-scale data harvesting and social manipulation is okay until the election. Some of it becomes not okay in retrospect. They sigh and say okay so long as Obama wins. When Clinton loses, they effectively call a code red.

[1] https://www.nationalreview.com/2018/03/cambridge-analytica-s...

Really brutal how unashamed they have become about their biases. No wonder people are getting so angry against the media and big tech while those still play the facade of a fair game.

Did you actually even read your own link? I don't think it says what you think it says. That story you linked is about how democrats in 2006 wanted to do more data collection but couldn't agree on whether it should be the DNC or a private firm that did the data collection. The one thing they could agree on was that data collection was something they should be doing.

The post I was commenting on claimed similar actions were, or would have been lauded if carried out by Democrats. I simply posted an article critical of similar moves.

A CEO Mark Zuckerberg who started (or so) the whole thing to get data on his study buddies.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact