Hacker News new | past | comments | ask | show | jobs | submit login

> Asked what kind of control Facebook had over the data given to outside developers, he replied: “Zero. Absolutely none. Once the data left Facebook servers there was not any control, and there was no insight into what was going on.”

Um, well yeah. This is the case any time you give data to a third party. They now have a copy, and you can't control what they do with it.

Exactly. What kind of controls could there possibly be?

Even doing an audit wouldn't necessarily reveal anything. If somebody has data that they want to hide I'm not sure how much can really be done to force them to reveal it.

The controls are agreements that make getting caught doing the unauthorized act painful enough that it might be enough to deter the act in the first place.

If the price is high enough, bad actors will be willing to breach NDAs/CDAs/licensing agreements/etc, but at least then you can be seen as having done more than zero.

Might have been prudent here.

Well, NDAs/CDAs/licensing agreements/etc can make disclosure to non-authorized 3rd parties very painful for your customers/partners/etc to contravene your requirements for what they do with data, intellectual property, customer lists, etc.

This doesn't stop external attacks, of course, but it can reduce internal risks.

Facebook could have had more than zero control, if it had wanted.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact