Hacker News new | past | comments | ask | show | jobs | submit login

One thing I can't quite find a straight answer to: is there any suggestion that either FB or CA broke the law here?

Note that I'm not saying that any of this is ok just because there was no illegality.




Unlikely, I've managed to work out what was happening (the news never really explains it - just a "data breach"). In the past if you gave it permission, a Facebook app could access information about your friends, e.g. their photos, name, gender, etc. I'm not sure exactly how much data.

Some sketchy apps harvested this data (which was against Facebook's terms and conditions for those apps). So the apps may have broken the law. I guess there is the question "should Facebook have protected the data better" but I doubt they broke the law exactly.

Anyway the stupid thing about this is that it was obvious that's what all these sketchy apps were doing at the time. Facebook app developers knew they could get this data, and the only thing stopping its exploitation was Facebook's app T&C's - i.e. "please don't do bad things".

There was even a setting to prevent third party apps accessing your data when given permission by friends. That's how obvious this issue was. (I doubt anyone used this option).

https://nakedsecurity.sophos.com/2013/04/03/how-to-stop-your...

Facebook removed the friends API in 2014 so this is all about historical data "breaches".




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: