Hacker News new | past | comments | ask | show | jobs | submit login
Mark Zuckerberg testifies before Congress (theguardian.com)
431 points by m1 11 months ago | hide | past | web | favorite | 462 comments

"Is it true facebook can track user browsers even after they are logged out of facebook?"

Zuck: "I need to get back to you on that"

Facebook doesn't delete all cookies (for instance, there's an `sb` cookie still set) in their logout response. They may choose not to do anything with the cookies that remain, but the technical answer to the question is yes. And even if they currently did delete all cookies, there's nothing from preventing them from introducing cookies that do remain.

Zuck knows this is generally feasible - he's a talented software engineer. The question was ambiguously worded, and Zuck could have clarified or answered that it's generally feasible but that Facebook has tight controls around the usage of that information. It's the panel's responsibility to not let him get away with that type of maneuver, and they don't have the type of real-time support that, say, a news anchor has (with earpiece and live research staff) to handle interviewing domain experts in an optimal way.

This is all supposed to be politically scary and demonstrative of the fact that very few people actually knows what is going on. Which all the more scary to me because these are the people who are supposed to understand what's going on so they can have proper oversight. This entire issue reminds me of the time the supreme court tried to wrap their brains around the (finger quotes) "the cloud".

What's really sad is that nobody has been addressing just how creepy the internet is getting. Like the fact that with just 500 likes the social network can insinuate more of your personality than your lover. Or how Google can predict what you will likely like to eat for breakfast tomorrow based on the kind of stuff you are buying at the store whenever you use reward cards that is gets cross referenced to your browsing habits that insinuate moods.

We are really over engineering the internet to the point that we have a "don't touch that red button" being installed into our lives where nobody knows what it does until it gets pressed, we end up wrecking our cars and are left wondering why the car manufacturers thought it was smart to install NOS in our cars without our knowledge in order to remain on the cutting edge (and thus competitive).

I'm deriving a perverse kind of pleasure from all this. Maciej Ceglowski has a fantastic talk called Haunted By Data, where he compares data to radioactive waste: we collect a lot of it, and ultimately don't know how to handle it safely and responsibly.

He ends the talk with a warning that unless the tech sector is careful, they will have their own Three Mile Island, and will forever afterwards be regulated into the ground. Facebook and Google are almost begging for it. May we see them become a shadow of their powerful selves in not too distant a future.

  ...with just 500 likes the social network can 
  insinuate more of your personality than your 
...and get absolutely everything wrong with such assumptions in the process, including whether or not it's possible to lie when using the Like button.

For advertising purposes it really only depends as a whole how truthful a picture the likes tell. If the likes are on average 70% truthful it is still going to be more effective targeting than not using them at all.

Which is the point. People need to stop seeing "better than a coin flip" as "knowing you better than your lover".

It's a reference to a study where they had an algorithm fed with a certain number of facebook likes compete against personal acquaintances (including spouses) in predictig personality traits. The algorithm won:


But what's the supposed ground truth that spouses and algorithms were tested against? Self reporting? Some other glorified coin flip algorithm that maybe just did the same mistakes as the "thumbs" algorithms? An export panel populated with people that, unlike the benchmarked spouses and acquaintances, used the same jargon as the algorithm authors?

(Glancing over the footnotes it seems to be (b), some other algorithm)

The beauty of adtech: it's perfectly fine to be wrong as long as advertisers think you are right.

On meta level, this "better than your lover" meme/study is surprisingly enlightening.

The parent's argument assumes though that this kind of accuracy is achieved regularly and consistently today, which is way different than the report of one study.

It doesn't need to be consistent in order to be horrifying.

The fear is that big data tech will become radioactive.

Imagine a bus full of school kids crashes because the driver was a recovering alcoholic who fell off the wagon.

Some smart SV engineer realizes their tech spotted the driver visited AA groups regularly & his wife just left him. The algorithm knows this data makes him an excellent target audience for _new alco-energy drink!_.

It doesn't really matter if the technology is even capable of that yet, what matters is that this is the sort of outcome that adtech engineers are trying to create.

>>> This is all supposed to be politically scary and demonstrative of the fact that very few people actually knows what is going on.

I just realized we are not even talking about AI.

> They may choose not to do anything with the cookies that remain, but the technical answer to the question is yes.

I think you could say the same thing about IP addresses. A website might log the IP addresses of people who visit them, or they might not, but quite a lot of tracking is feasible. The problem with focusing on feasibility there, is that you end up with an answer like "yes, just like every other website in the world, Facebook can track you when you're logged out." Assuming Zuckerberg has been coached to High Heaven not to gives answers like that, it seems fair to respond to the question as though it was asking about the internal details of what Facebook does with cookies / IP addresses / browser fingerprints.

While a website may be able to track you via IP address within itself, it can't track you across websites like FB can since their code gets injected to a lot of websites (which they do use to track you when you're signed in - my guess would be the same holds for when you're logged out).

They need the website to add their code in order to track you. The website could just send the IPs as easily.

Just an IP is presumably not enough to fingerprint someone.

Still, the website could just share your user agent etc

Browser fingerprinting is already alright, even without world-class data centers with several server rooms the size of football fields, and world-class AI experts tuning those many rooms of servers to intelligently track and classify people online.

Cookies are almost certainly irrelevant to FB's ability to track people, and Zuck certainly knows it.

His response there was an unequivocal lie.

I was thinking the same thing. Why are we at hacker news focusing on cookies when we know about all the other more devious ways of tracking?

Cookies? I would assume Facebook is using the latest tracking techniques like canvas fingerprinting and other ways to identify users uniquely on the web.

I though canvas fingerprinting can't track individual users, but only segments based on the underlying graphics substrate?

Even if they can't track single users solely based on canvas fingerprinting, it gives them a big additional piece of information, to narrow down specific users.

I get the distinct impression that Zuckerberg has been briefed to say "I'll get back to you on that", on anything that might be controversial. Probably some wisdom in that as it defuses a lot of emotion that could arise if certain information comes out in this setting. But it's also disingenuous, even if it avoids a lynchmob for now.

"I'll get back to you" was essentially "On the advice of council, I would like to exercise my fifth amendment right". It was like a Chapelle skit at times.

Also coached well on “That is a very interesting question, Senator.”

Every time he said that or "This is a very important question", the honest way to finish the sentence would have been "..which I'm not going to provide an answer to".

I do not have the facebook app on my phone. I downloaded Instagram and it magically knew one of my email addresses (not the one used with my facebook account). I deleted it, mashed the keyboard for the new email address, declined syncing contacts, blocked the permission as well as every other permission, and lo and behold it still shows all of my facebook friends on instagram as suggestions. Fucking creepy.

Even if Facebook doesn't get the data through you, it still gets your data from people you know.

It was people who don't have my phone number or any other information including people who I am not friends with and only messaged once from a buy/sell group.

I am guessing because I used the app at some point on my phone it fingerprinted it, then Instagram goes and fingerprints it when you install and links your account even when you decline to do so.

Spammers get your email address the same way by hackers who hack your friends.

Lots of ways this could happen but people often forget about GPS/location services which are very accurate. I'm not sure if you have never had FB app on your phone, but even if you never installed FB app on your phone there could still be geo-associations inferred.

Think about the times your phone is near your friends phones, how your phone probably sits in the same space every night, the overlap between your IP location to whatever other devices connect behind your NAT which also send data to FB.

If you previously had Facebook or Messenger installed on the phone it's possible they saved some user info on the device or in the cloud linked to your device ID.

AFAIK device uuid has been unique to device+app for at least 2 years now (iOS).

device + app having a unique UUID has been going on longer than that.

3 years ago uber got popped for this:


I can tell you that fingerprinting is still possible today.

It’s company not app on iOS, you get a new one if you delete every app from one publisher

Honestly is there anyway that he could explain the Facebook Pixel/ad network that wouldn't just be describing any ad network?

By definition, ad tracking (cookies etc...) is opaque to most people and explaining it publicly would make it seem like FB is doing something more nefarious than others.

It's an important discussion but his response would just make FB seem way worse on that specific issue than highlighting how the entire ad network ecosystem works.

This is a good point, but FB brings the "real name policy" to the data broker's world. Being able to link real people with real credit profiles, and real web browsing habits is a game changer. Many of us were ranting and raving all of over HN ~2010/2011 about the issues FB represented, but we were tinfoilers and haters.

Even those of us without FB accounts (with forgone networking opportunities) are at risk because we all have friends without the same cynicism.

The real name policy is kind-of irrelevant. Data brokers can see what FB account is logged in and link with your real name via credit card transaction codes and e-commerce tracking cookies.

It is relevant, because Facebook does not let you create new identities.

> Honestly is there anyway that he could explain the Facebook Pixel/ad network that wouldn't just be describing any ad network

The only ad network in front of Congress today, was Facebook. 'Everyone else is doing it' or 'this is the nature of the business' doesn't qualify as an excuse. Perhaps it could have been good for the large public to know what goes on with ad networks these days.

> It's an important discussion but his response would just make FB seem way worse on that specific issue than highlighting how the entire ad network ecosystem works.

Any legislation that comes out of this hearing wouldn't apply only to Facebook. Facebook admitting the extent of its tracking could help clean up the "entire ad network ecosystem."

There's so many "I need to get back to you on that".

It's a good strategy, all the media coverage is about his actual testimony today, whereas when he sends an update to the committee next week, it will not make as big of a splash as this one.

Exactly. Far better to admit to something in a follow-up letter to Congress than admit to it on live TV.

Does anybody know if any of these folow-ups make it into the Congressional Record at a later time?

Even if it is, most of the media bang would be him admitting to it on video.

Especially since you can be sure that update will be reviewed and probably reworded by legal first.


Edit: Found it, Question from Mr. Wicker ~1:36 in https://www.youtube.com/watch?v=qAZiDRonYZI

I think the issue they are talking about is called fingerprinting.

“No, not wittingly”

It's pretty cringe-y so far. From The Verge's liveblog: "I would liken this hearing so far to a precocious college junior explaining his major to his grandparents at Thanksgiving"

It's a really odd line of questioning from people who don't seem to understand the subject matter. This gem made me laugh out loud:

    Senator: How do you sustain a business model in which users don't pay for your service?
    Zuckerberg (in a disdainful tone): Senator, we run ads.

Edit: I directly transcribed the exchange

The question and its answer succeed in getting Zuckerberg on record (in the Congressional Record, no less) as saying that his business model depends on advertising, with all that that implies about the relationship between Facebook and its users.

Think of it as like when you're on the witness stand and the attorney asks you a question. It's not because he doesn't know the answer. It's because he wants you to say the answer, to make it part of the public record and to have the jury hear it.

Speaking of juries, the arrogance of Zuckerberg's answer wouldn't win any points with a jury, either. He walked into a trap right there.

It's fun to bust on our parents & politicos but I'm pretty sure anybody who managed to raise you, or especially get into the Senate, has a much more extensive and nuanced understanding of life (and politics) than you think.

> Zuckerberg on record (in the Congressional Record, no less) as saying that his business model depends on advertising

This has never been secret and has been "on record" for a very long time. I think most people will see the absolutely dismal lack of technical understanding by Congress rather than any arrogance by Facebook as they too get fed up with these aimless questions.

Have you ever written an introduction to a technical document before? You make statements in there that are obvious, not because the reader doesn't understand, but because you want to bring the reader into the right frame of mind with the right set of facts before them as context for the rest of the document.

Questions like this are really just asking Zuckerberg to introduce his business in a controlled way.

Alright that's fair, I guess I misinterpreted the original comment as if this was cleverly teasing the information out of him vs just repeating the fact as background for the hearing.

> This has never been secret and has been "on record" for a very long time.

Been a secret to "whom"? Not secret to technical people, no. There are plenty of non-technical people who still don't understand the "you are the product not a customer" trope. They see this free "talk to your family" service which sometimes shows ads which they ignore. They might answer the "how FB makes money question?" with "I don't know, maybe some people pay for it. Or maybe they are just nice and give it away for free".

Other questions might have been stupid but that particular one was typical of how a police investigator might start questioning or how a lawyer might cross examine a witness.

> I think most people will see the absolutely dismal lack of technical understanding by Congress

Back in the day I used to think of lawyers asking witness questions on the stand the same way: "Why do you ask him if he knows the victim, of course he does, these lawyers are sure not very bright..."

>I think most people will see the absolutely dismal lack of technical understanding by Congress

You really think most people have more technical understanding than these senators?

That's not necessary to realize that these senators do not.

Also yes, based on their questions and age, I do think most people have a better understanding. Just the expressions of the other audience members and staff in the room shows the frustration.

I doubt the hearing audience represents the general population, and I have yet to meet anyone not involved in software development who understands anything about how it works outside of niche, semi-related circles.

Tv and newspapers is funded by advertising. Nothing shameful in that.

I've said this before, but I think most people don't have a problem with advertising, per se, but with the tracking required for super effective advertising.

When Google first showed up and just tossed some ads at the top of your search results based solely on the search terms, that was actually helpful. It wasn't something that people were creeped out by until they were tracking you everywhere to sell even more targeted ads.

Since newspapers and TV don't have that tracking capability, the advertisements are annoying but not unsettling, I think.

Depends on your values, I suppose.

It's fun to bust on our parents & politicos but I'm pretty sure anybody who managed to raise you, or especially get into the Senate, has a much more extensive and nuanced understanding of life (and politics) than you think

You say that, but I'd just like to remind you that Louie Gohmert (my home state fwiw) was a judge. And is now in the house.

I think he was trying to get at something here though: can you run a business that is free for some people and isn't ad based? To which I think the answer could be nuanced. Maybe a large enough population pays $4/month and can thus subsidize some part of the population that doesn't have that privilege. Note I'm not actually advocating that, just saying I want to give the guy a benefit of the doubt that he was trying to move the conversation somewhere new and creative.

I think a lot of these questions have been like that, but ultimately the senators couldn't figure out how to phrase what they were getting at and both sides floundered to understand what was going on.

edit: as an example was another senator, "mr funny guy", who was trying to ask if facebook tracks how people use other apps or devices, I'm still not sure, even when they aren't logged in or something. I saw 3 possible questions that he was trying to ask and they all would have been good but I don't think either of them understood what he was asking so they went back and forth uselessly. Could have been some hard hitting commentary on the bundling of permissions, or the bundling of fb with a phone, or the ability for fb to track other app usage, or the ability of fb to track users on websites even when not logged in. oh well.

>large enough population pays $4/month and can thus subsidize some part of the population

Just in case, FB ARPU in US in Q4 2017 was $27. People who talk about "i ready to pay 10$ per year if im not tracked and not exposed to ads" _seriously_ underestimate FB money-printing ability.

Think about it, FB makes almost as much as NFLX per US user (admittedly in Q4, the hottest quarter in advertising), but you dont need to enter your credit card. At all.

Indeed. At the rate their monetization is likely to grow as advertising & economy (retail etc) continues to shift online, just continuing the existing growth trend and assuming a slow-down over time, it's extremely likely Facebook will reach a ~$200 per year ARPU in the US/Canada market within five years or so.

There is no large audience in any developed market willing to pay $15+ per month for Facebook just to remove ads.

If someone comes along with a service that fulfills the same niche that Facebook does, charges $9/month, and has a guaranteed (audited) enforcement of personal privacy ... I'd do it. I like being connected to my family & some friends.

The problem is getting from zero to critical mass with that model. Though I guess that doesn't stop a lot of other companies with less plausible revenue sources from getting seemingly endless money thrown at them.

9USD a month is a consequential amount of money for a huge chunk of the population of even developed countries.

I agree. Like every other product in the world, I would base the price on what the local market supports.

Don't get me wrong, I don't think it would ever work, because I may value my privacy at more than a few bucks a month, but it's a near certainty that the vast majority of the population disagrees with me. They don't see the cost there, so they ignore it. By the time they ever realize what it was they gave up and for how little, it's too late.

Especially when the alternative is "free"

> The problem is getting from zero to critical mass with that model.

But you just said you just need your family and some friends. That doesn't sound like critical mass is needed. Just convince your family and some friends to join with you, and enjoy the service together. Then your friends can invite their friends and family, and so on and so forth.

Technically users are entering their credit card information somewhere down the line after an ad click, many times on a website "shadier" than Facebook because sane advertisers make more money than they spend.

I wonder two things though. 1) would their operating costs be lower if their infrastructure wasn't designed around this user tracking and advertising model? 2) regardless of the answer to number #1 but especially if that answer is yes, do they _need_ an ARPU of $27 to get by? Could they survive on $10? (of course I recognize not everyone can pay that, it's a privilege etc)

Yeah I understand the goal of capitalist companies is to endlessly print more money for the shareholders and the promise of ever better advertising enables FB to keep pulling in the dough. But maybe something like social media shouldn't operate in that context.

None of these people (i.e. legislators) should be involved until/unless they decide to learn how this stuff works.

It sounded like no one even proofread and edited their questions or lines of reasoning. There should be a panel of non-partisan people, not even experts, taking the dumb out of their questions before they engage. It was a waste of time. Even some strong questions and ideas were shutdown because they couldn't formulate it, and then the internet turned it into another way to laugh at congress.

Maybe there needs to be an old-lawyer to SME translator doing the talking too. This person questions a SME on behalf of the senators and they can speak up or seek clarification when needed. Proofread questions and competent speech.

> There should be a panel of non-partisan people

And right there is where your plan fails.

I know...the number of underhanded partisan questioning or advertising from these senators was sad.

I really liked your first post and building a platform to enable such things is completely simple. Please don't take the cynical/self-defeating attitude. Promotion is not my strong suit. Be careful with people that want to be the watchers of the watchers without laying out clear principles ahead of time.

What, you don’t think that someone who believes WhatsApp is an email client should be allowed to legislate technology? /sarcasm

> can you run a business that is free for some people and isn't ad based? ... [some users] subsidize [others].

Absolutely! Github, Dropbox, etc, that's how tons of "freemium" companies work.

> Maybe a large enough population pays $4/month and can thus subsidize some part of the population

That's how WhatsApp started to fund itself, I remember there being a nominal annual charge ( £1 ) for some users but not for all. There didn't seem to be any obvious rule as to who was pinged to pay-up, perhaps it really was random.

But that was discontinued after they were acquired.

I think you're misunderstanding the intent: obviously they are aware of that. Hearings commonly involve asking basic questions

I know that was probably the intent, but the senator sounded genuinely confused. It didn't sound like a deposition-style question.

I see so many lawyers adopt this same tone. Something about crafting a narrative or something - maybe to get the interviewee to be a little more open than they normally would because they underestimate the knowledge of their interviewer, or just to make the interviewee make the mistake of thinking the interviewer is generally ignorant/stupid.

Zuck actually deflected that one well, and didn't have to elaborate unfortunately (or the Senator was ill prepared). There's a lot more to facebook ads than just "we show ads". To which degree do they sell out users' info to the advertisers?

Agreed. I’ve been involved in a few of these regulator type of questioning and they all speak the same way. It has the effect of making the (obvious) answer seem criminal. People in real life don’t talk that way because it can come across as rude.

That senator, Orrin Hatch (R-UT), is 84 years old. He may be genuinely unaware of how sites like Facebook make money, though his expression after Zuckerberg answered seemed like he was entirely aware of how basic the question/answer was.

If the guy is smart I'm pretty sure it's an act. Most legal professionals seem to have their emotions on lock

> It's a really odd line of questioning from people who don't seem to understand the subject matter.

Maybe but that particular quote "Zuckerberg (in a disdainful tone): Senator, we run ads." is not an example of it. Sometimes they ask really basic questions, not because they don't know the answer to it, but to enter it into the record. It's how a police or how cross examination starts, get them to admit basic stuff then later make them contradict themselves. Another reason for basic "stupid" questions is to provide information for others who many not be aware. We all know how FB makes money, but that might not extend to people who aren't proficient technically (think grandparents, parents, aunts, uncles...).

Interesting take. I actually read that as a 'softball question' from one supporter of adtech 'free as in beer products' to another. As in, aren't these people who are outraged funny? How else could we create something for free? It was in effect a signal 'don't worry, this won't turn into any meaningful regulation affecting your bottom line.' Don't be duped by people who 'play dumb'. There are many examples of people who don't understand technology in Congress, I don't think this is one of them.

I think question like this are important for the record

If this is not going to be a meme I don't know. He has beautiful smile at the end there :)

Timestamp for this exchange?


Senator: "If I email someone over WhatsApp about Black Panther, will I see ads about Black Panther?"

Zuckerberg: "WhatsApp messages are fully encrypted."

S: "But can it spit out some algorithmic thing that will affect ads?"

Z: "Facebook's systems don't see the content of your messages."

S: "But could they talk to each other, even if no human ever sees the content?"

This question (like many others) was frustrating, because it was worded in such a way that was incredibly easy for Zuck to dodge. Of course FB isn't using your encrypted messages for ad purposes, because they can't. But messages sent from FB Messenger, not from WhatsApp, are unencrypted and so are likely used for ad purposes -- but of course the question wasn't worded in that way.

The way they scoped that question to WhatsApp and not Messenger seemed quite deliberate.

Of course it was deliberate. Him admitting they serve ads based on Messenger content means nothing, we already know that they do.

WhatsApp is sold as an E2E encrypted service, and an admission that WhatsApp message data (or even metadata) is somehow used for advertising as well would be a huge admission.

Maybe. But I believe the conversation at the time was about how FB tracks its users and what data it uses for advertising purposes, not about WhatsApp's encryption, or lack thereof. I meant deliberate in the sense that the question was worded in a way that made it easily dodge-able with a "no, we don't use your encrypted WhatsApp messages for advertising purposes", instead of "yes, we read the content of your FB messages for advertising purposes."

> Him admitting they serve ads based on Messenger content means nothing, we already know that they do.

I don't think that has been confirmed (source if so?), and I think that's what the question should have attempted to confirm.

Exactly, the point is Facebook at anytime can change the client to show ads, or send some of the text up for analysis. The point being the user is not in control. It's all based on trust. Do you trust Facebook won't do it? Do you trust Facebook won't be hacked and does it, etc.. some of the senators attempted to highlight that. One guy asked if Zuckerberg could few is stuff, and Zuckerberg had to admit that technically he could.

I suppose there is some value to Zuckerberg dodging whether FB connects what it knows from WhatsApp data with their advertising platform. Even if it's metadata.

But they're probably doing so much more with Messenger and their 'shadow profiles'.

It's so frustrating how close they get to asking the real questions...

"The Facebook hearing is the greatest generational divide I’ve ever seen. It’s like watching WWII generals question somebody on drone strikes and cyberwarfare."


That's an entirely bullshit statement by the twitter user.

WW2 generals were very arguably some of the greatest military minds the world has ever seen. They rapidly adopted what was radically new military technology at the time and figured out how to use it extraordinarily effectively through understanding it.

Eisenhower, Montgomery, Rommel, MacArthur, Patton, Bradley would immediately understand drone strikes.

I guarantee their questions would be vastly superior in every regard to what I just watched at the hearing today.

Not to mention, the military effort practically included the invention of computers.

WWII generals invented drone strikes (V2, anyone?) and cyberwarfare (using computers to disrupt operations).

Setting aside the incredible lack of understanding, if he'd asked the same question about FB messenger he would have hit a pain point.

You missed the answer.

Z: "No, you would not see ads about Black Panther". (Paraphrased, don't have transcript)

Right. The point was how confused the senator was about how encryption works

I guess I'm still confused about this matter. As I understand it, nothing was exploited. A company used intrinsic capabilities of the system to do a job. Are we just raising the question of whether this is an appropriate business model? I suppose that's a good discussion to have.

I'm just a bit miffed that we're effectively holding another obscenities hearing while the only thing going on with the Equifax debacle is that a tech manager has been charged with insider trading.

nothing was exploited

Assuming you're only considering the computer security definition of "exploit", I'm not totally sure why this matters.

User data was obtained via means not allowed by Facebook. Facebook realized this & didn't disclose it to the US government or its users, as required (or, at the very least questionably required) by its consent decree with the FTC. Based on this, it's not out of line for the government to question Facebook about this.

>User data was obtained via means not allowed by Facebook

That's what I'm asking. 1) Is it alleged that CA found a flaw in FB's design and 2) did something illegal with it? I've seen accounts alluding to that, but that makes me think that it is entirely by design and it's just be framed negatively for the greatest political impact.

It's illegal for foreign nationals to make direct or indirect contributions to US politics. So the line that has to be drawn is one connecting that law to the CA scandal and its alleged use to drive the strategies of the Trump campaign during the 2016 election.

I don't know for sure if Facebook can be seen as being complicit in breaking US election law. I think their issues are completely domestic as it stands right now. But I'm not a lawyer.

It's all fascinating. How do we reconcile a facebook bot account that may be, at best, loosely tied to Russia, according to some speculators with a foreign national and intelligence officer, Richard Steele, compiling a op report on the Republican presidential candidate?

Ahh, the phantom downvotes. Would you like to address my point? Why is it okay that a foreign national campaigns for one candidate and another foreign national campaigns for another?

The way Cambridge Analytica's got its data was a little nefarious...as I understand it, they obtained data through ways Facebook discouraged (but still enabled).

Whether you consider that an 'exploit' or not is subjective. It's certainly not an 'exploit' in the more common infosec sense.

But the real issue here is that Facebook was complicit in electing Donald Trump. It's political.

>But the real issue here is that Facebook was complicit in electing Donald Trump. It's political.

This bit is really terrifying to me. I don't support Trump, but the idea that we're going to make it even harder for "unapproved" political candidates should make everyone's skin crawl.

I thought the issue was that foreign actors were able to use Facebook to push for their candidate of choice, not that Trump was "unapproved" (why do you use quotes? that phrase doesn't appear anywhere in the comment you're responding to).

I don't believe for a second that this much fuss would have been made over this issue if Trump had lost the election. Some law enforcement action may have been taken, but it wouldn't have been front page news. The reason for my quotes is that Trump is "unapproved" which is the explanation for the scale of the reaction. I don't particularly approve of him either, but considering the real motivations of the people writing regulation is important.

Of course there wouldn't be as much fuss about it. Trump losing the election would imply that the attempts at influencing people were unsuccessful. At a glance, that would indicate that regulation is unnecessary (though detailed analysis could show otherwise).

Foreign spending on political FB ads was a drop in the ocean. Especially when you consider it played to both sides (acknowledge it leaned towards Trump), was not all in swing states, and a lot of it was after the election. This is almost certainly not about them.

So, in other words, only regulate to prevent challengers. This is precisely what Facebook and the political establishment hope to achieve.

Why is it important that Facebook was the medium? Zuck just done saying that they identified 400-500 Russian accounts the were politically active. The "unapproved" in quotes part there is that these are Russians.

Simultaneously, there were tens of thousands of foreign nationals demonstrating in the streets of major cities all over the country, and this is "approved." This is why I'm left wondering: what are we after?

> foreign actors

First it's Russia and now it's Cambridge Analytica. Unless you can trace CA's business activities to foreign hires or somehow devaluing the influence of the former for the latter, even though the Russian angle was what was being pushed around for a good while as The Reason Trump became so favoured (rather than actual failures of the Democratic party!), methinks it's just the alphabet agencies and co. looking for excuses.

This was all happening at the time when Obama was over in France campaigning for his preferred candidate. Why is that not considered equally improper?

I'm okay with it when the political candidate is as objectively bad as Donald Trump

i thought that the data flow was:

1. FB users took a personality survey conducted by some researchers at Cambridge University.

2. Then one of those researchers sold the data they'd collected on FB users to the newly formed Cambridge Analytica.

3. The Trump campaign employed CA and CA used this data to directly message FB users who'd completed the personality survey

At some point, FB learned of this unapproved resale of this data and requested that CA delete the data set. But CA did not delete the data set.

Assuming I have the story right, what I don't quite get is: why didn't FB start aggressively suing people who'd taken this data and misused it? FB could have started with a lawsuit against the researcher who sold the data in the first place.

CA told Facebook that they did delete the data set. FB (if you believe their timeline) only discovered they lied when the scandal started circulating in the news.

Thanks for additional info and clarification.

So ... what about now? Wouldn't it be a good move for FB to start taking legal action against CA, the survey group, and anyone in sight in order to create the impression that they want to protect user data?

I'm thinking of corporations like Oracle, Microsoft, and Disney (very litigious corporations) -- isn't this a good time for FB to start acting more like those companies?

Facebook sent forensic auditors to investigate CA. There was a general public perception that this was sketchy (what if they're really trying to destroy evidence implicating themselves?), and they were asked to stand down by British law enforcement.

Facebook's position is that they should have done more to stop companies like CA from being in a position to abuse user data - and implicitly, that there's no need for strong regulations to make them do it. Suing everyone in sight would make it seem like they're trying to create a narrative where they did nothing wrong.

The survey was a decoy. By taking the survey, you got a screen that asked if you wanted to allow the survey to have access to your profile. If you said yes, it got all of your data from your facebook account, including all of the data on your friends that your account has access to. The survey itself was basically a trojan horse and irrelevant.

The real issue is that, as noted by Thom Tillis, this "feature" was most likely used by others, up to and including, the Obama campaign.

When you ask general questions you get "We did not do anything illegal, we did something wrong though; but, people do not read Terms Of Use/Privacy, and they do not read manuals"

When you ask very specific questions you get "I need to get back to you on that", right?

There is clearly a conflict of interest there. In a public hearing the CEO of his own company is basically forced into giving up their trade secrets on how and why his company even got so successful in the business of ad targeting.

The question is: In his place, what would you do? Tell everything and potentially break your own company, your system, life achievement, whatever? Or be careful and vague to save it? I'm not trying to defend his position, but rather to understand it. In any case, he maneuvered himself and his company in a situation where it'll be impossible to keep secrets anymore. Nothing will ever be the same, and he is responsible for it, because it was his idea and his intention behind enabling his company to connect people by selling ads.

Trade secret ? What would that be ? Is there a secret sauce to Facebook's success beyond the early mass adoption and dedication to adtech/attentioneconomy from the beginning ?

I believe so, yes. Why else would they be so successful? Any other attempt to replace Facebook (or even copy it) as a social network had failed or remained insignificant. Why? I think, because they cannot agree on how to finance their services on large scales. Facebook has vast monetary resources and they know to manage them.

I imagine the story of Facebook as this. In the beginning Facebook was just another campus project gone wild. But then there was an idea to grow beyond the campus, somehow. The question arose: where do we get the money? Answer: Well, we do online ads. Later: How do we grow world-wide? We need even more money, we need to bring in and convince investors, that we have a vast network of ads and that's basically a dead-sure cash cow. So, Facebook mutated from an innocent campus project into a cash cow, just because that's the way it goes. But, it doesn't mean that it's right. So, the question is: What does Facebook do to keep ahead of its competition (Apple, Google, ... as Zuck said)? It's a trade secret, right?

> Why else would they be so successful? Any other attempt to replace Facebook (or even copy it) as a social network had failed or remained insignificant.

Would this not be adequately explained by the first movers advantage (or maybe not the very first, but very early), coupled with the network effect?

No, as Facebook was not first. Myspace was a thing, and before that Friendster.

I would suggest that it was a first mover's advantage into mainstream society. My mum and dad have never heard of Friendster and My Space

But these weren't the same products as Facebook.

> What does Facebook do to keep ahead of its competition

It's just the network effect. Google Plus was ahead of Facebook in multiple ways, but it just couldn't take off (sure the fact that Google set unrealistic goals and followed an awful strategy didn't help)

G+ UI was bad for mainstream adopters.

Well if they do something they want to conceal they call that a 'trade secret' :)

It's a crass kind of life achievement if all of his life has lead up to adtech. I refuse to believe that there is no middle ground between what facebook is doing and what the average user would like to see them doing.

Well that's an interesting juxtaposition. His life achievement would then be "he connected people all over the world" but what he essentially did "was selling ads and he was good at it".

There's always a middle ground. You give up a bit of privacy and benefit from some product "free of charge". See? The questions are how much is "a bit", who decides what is in it and who decides who gets what? To agree on middle ground there need to be ground rules/terms. So, the problem is that Facebook alone is deciding upon which rules users get to use their services.

There's no business incentive to scale down your ad sales even if you charged your users for the service.

I agree with you that there needs to be ground rules/terms, but in the form of regulation.

If Google chose a middle ground, they'd give away the Pixel phones for free, or at least heavily subsidized. But they don't have to, so they don't.

If no one stops you, sell on both ends.

> There's no business incentive to scale down your ad sales even if you charged your users for the service.

There's arguments for and against this:

For: Newspapers and magazines are an example of selling a product full of advertising.

Against: However many online businesses and a lot of iOS/Android apps do offer paid plans that turn off the ads and nothing else.

> a bit

It all revolves around what you define as 'a bit' and as long as there is a billion more to be earned by stretching that definition it will be stretched.

Middle ground would be possible after solo bootstrapping. Any form of distributed ownership will bring expectations of profit without responsibility.

Wow. I didn't expect that he'd speak in favor of 'special features like facial recognition' by arguing that it's how we can be competitive with 'other regimes like China'. That seems like a comparison I'd avoid if I was facebook.

Not if you're talking a group of Senators who have always voted for state-sponsored spying on citizens.

I now feel inspired to watch Dr Strangelove again. We can’t allow a mine shaft gap!

I mean if you’re pitching TO the regime....

This image from Reddit purports to be Mark’s notes from the meeting: https://i.redd.it/egi0jlf096r01.jpg . Some interesting stuff in there if true.

“Don’t say we already do what GDPR requires”

“Lots of stories about apps misusing Apple Data. Never heard of Apple notifying anyone”

That's funny when Tim Cook immediately addressed concerns about FBI backdoors and there's a wealth of information on Apple's website about how they use local data protection with the secure enclave, and iOS 11 gives you information on protecting your personal information when you install it.

I did not expect Lindsey Graham to rake him over the coals over their lack of a competitor. I'm not normally a fan of Graham having lived under his 'representation' for almost nine years. But I had to respect him for that bit.

Am I missing something? Take the Senator who spoke about monopolies. An oil monopoly is bad because we all need to get to work and trains need to run. Microsoft monopoly, arguable but I can see how it can be bad. All companies end up using Microsoft and this affects everyone, hospitals, schools ... Facebook is optional, we won't starve, hospitals won't close, aeroplanes will continue if we delete Facebook. Is this an acceptance that modern man cannot but keep up with the Jones. Just because my neighbour and school friends are on Facebook, I need to be on Facebook. Don't mind though me as an African we have some way to go before this becomes a burning issue.

Are there are job offers on Facebook? (That's a genuine question; I don't have an account.)

Perhaps some service providers are only (or primarily) contactable for complaints via Facebook (and maybe Twitter and a couple of others), and therefore to contact them you need an account with one of those companies.

So perhaps to participate in society without a disadvantage, you need an account with Facebook Inc, or at least I think that's the idea.

(Also, there are alternatives to oil! If you don't like the service provided by Oil Inc, you can buy your energy from Electricity Ltd instead.)

> Are there are job offers on Facebook? (That's a genuine question; I don't have an account.)

IIRC, they're trying to become the blue collar linkedin.


Hahaha, I can't even begin to wonder how bad that experience will be considering how awful marketplace is.

It's actually pretty good. One of the only things I'm really proud about pertaining to Facebook. Many blue collar workers, especially those out of the workforce need any assistance they need and it's HARD to gain motivation to apply via LinkedIn or individually find places. From this, it's right on Facebook, they understand the UI and the first initial step in the job process becomes a lot easier and then it cascades after that. I like how it's targeted to blue collar work as well.

“Please only show my job posting to people affiliated with white culture”

> Are there are job offers on Facebook?

They just launched that recently! Maybe soon!!!

Not participating in facebook puts you on a social disadvantage (during an interview for a job, the question of a lack of facebook account came up and the interviewer noted negatively that they weren't able to confirm my CV that way, I didn't take that job)

Facebook as a monopoly is bad in the same way that Microsoft as a monopoly was/is bad because while you can still work on your computer using Linux, you'll have a hard time opening Word documents from the latest MS Office release that contain non-trivial formatting.

You can probably still use the document but you are disadvantaged.

It's a quasi-monopoly. They don't operate a resource necessary for survival, Microsoft never did either, but not participating in their quasi-monopoly puts you at a disadvantage.

He failed to answer a simple question of who can their users migrate over to when they are not happy. Wonder if that will come back to hurt him.

It probably will come back to haunt him. I just feel all sorts of other issues are being blamed on Facebook. Humans can be horrible, there was a genocide in Rwanda. Facebook wasn't needed (not sure it was around back then). If we going to blame Facebook we might as well blame the Mobile phones for enabling us to have Facebook. I feel they should stick to the privacy issues which are true issues.

>Humans can be horrible, there was a genocide in Rwanda. Facebook wasn't needed

Sure, but that doesn't mean we don't evaluate new issues as they crop up. If FB is unwittingly aiding in a genocide then it's reasonable to ask questions. People killed other people before nuclear bombs were invented, but they changed the playing field and allowed for far more destruction than was previously possible.

I agree with you. I just felt the manner in which the question was asked implied that Facebook was responsible for the Rohingya crissis. Even if Facebook wasn't available the Rohingya crissis would still have happened. Groups of people have been prejudiced against other groups for thousands of years.

Sure Facebook could implement some system that uses AI and humans to catch hate speech. Then the debate shifts to what exactly is hate speech, should Facebook a private company be determing what hate speech is? Truth be told it is the Senators who should be determining what hate speech is and providing the laws that balance freedom of expression and hate speech. It isn't Facebook's job. Yes it should be discussed. I felt Senator didn't think through or didn't know what the implications of allowing Facebook to determine what content is allowed and what content isn't allowed.

Just because Facebook wasn't necessary to commit genocide isn't really a valid point

I’m streaming it along side graphs of Facebook’s stock price here: https://twitch.tv/tareqak and I posted it on HN earlier here: https://news.ycombinator.com/item?id=16803453 .

Thanks to all who came to watch. I stopped the stream now because it’s been over 20 minutes since the markets have closed and I’m not adding value at this point. The links to my sources are still live. They just took a brief break as well.

Thanks again.

https://www.twitch.tv/washingtonpost is continuing to stream the testimony. Some of the questioning sounds tougher now, so it's a shame that markets are closed.

I found that CNBC offers some after market data. It's not good as what I had before, but it's better nothing, so I'm streaming again here: https://twitch.tv/tareqak .

There needs to be a square for: "In general..."

Live from the testimony, emphasis mine:

> MZ: "There will always be a version of Facebook that is free.

Coming soon, Facebook Pro(TM)! Literally putting a price on your privacy.

I mean, it's trumpeted from the rooftops here that if you don't pay you are the product. What is the alternative if not charge the user for the service?

Paying for the service doesn't automatically mean you aren't the product.

Also, not paying for a service doesn't mean you're the product e.g. open source software

> Coming soon, Facebook Pro(TM)! Literally putting a price on your privacy.

I imagine that will play out like Apps on iOS and Android that you buy the Ad-Free version of only have have Ads show up a year later.

You buy your privacy and they change the ToS sothat you're not.

It's a pretty sensible solution no?

Facebook isn't useful to customers without wide adoption.

Facebook can't have wide adoption if it's paid.

Facebook needs revenue.

People want to guard privacy.

I caught that too, can only imagine what the public at large will think of this were it to happen.

From how the stock market is reacting, some people clearly don't think the public at large will care

They won't; people spend a lot of money to farm virtual crops. That same group of people will do whatever it takes to keep farming.

Nothing. The general public doesn't care, only us nerds on websites like this do and when you think about it, it's a very sad and disturbing reality.

I call BS on actual deleting all user data when someone deletes his account. If some whistle blower proves otherwise is he liable for prosecution for perjury?

Define deleted. Do you mean the data itself is purged, or simply marked as deleted and rendered inaccessible?

If you mean purged, then do you also mean that it is zeroed off of the disk by a multiple low-level pass?

This would be hard to prosecute for perjury as the definition of "deleted" can be construed in many ways.

This is the sort of word game that surely wouldn't last ten seconds in any courtroom.

"Did you delete the data or not?"

"Yes, we deleted the data."

"Then how is it that we're all sitting here looking at it?"

This modern fiction of pretending something is deleted just because someone set a flag called "deleted" has about as much relevance to actual deletion as the evil bit in an IPv4 header has to actual Internet security. It's not deleted in any technical sense, nor in the common English meaning of the word.

But the reality is that is exactly what is happening when you delete a file. It sets a flag as deleted in the file system. The data reminds there until overwritten. Computers have worked this way since forever. Also if you look at the definition of delete it matches this. To remove by striking out or canceling, not to remove all remove all traces.

But the reality is that is exactly what is happening when you delete a file. It sets a flag as deleted in the file system.

Sure, but no-one is testifying before a senior government committee that such files were "deleted" in a context where deletion is clearly understood to mean making permanently irretrievable. If the committee called any IT expert to give evidence and asked if data had really been deleted under those conditions, surely no-one who understood the technicalities would say yes.

Computers have worked this way since forever.

A lot of things have been done "since forever" in the computer age. The fact that some of those things might not be good ideas and public awareness has finally reached the point where something might actually be done about it is rather the point here.

The point people are trying to make is that properly practiced law can't be circumvented by these kinds of arguments.

If there was a requirement to do something with the data and it was not done then you failed, technical jargon and implementation details are irrelevant.

I really do not think this is accurate. I have been in a courtroom when a file was described as 'deleted' and then an expert witness 'recovered' the 'deleted' file, which was entered as evidence.

Delete is a technical word that has a specfiic meaning. Unlike most language, technical terms are (to some degree) clearly defined and should not change over time or with common usage. Whether people misinterpret the word arbitrarily is not important when experts are being consulted - they use the word as defined. The word delete means what it means, and any expert giving testimony about it would use the same definition. It certainly doesn't mean removing information completely from existence with no possibility of it surviving in any way or ever being retrieved.

Recovering a deleted file is identical to the concept of recovering a shredded document. Its more about intent and purpose rather than result. A shredded document is intended to be destroyed, but its obvious that it can be recovered if you got all the pieces. If you however put the paper in the basement and simply pretend to have destroyed it then I can see how a court would object.

Let think of an example where a government employee has a requirement to destroy documents and computer records as part of normal operations. Would marking the document as "destroyed" and then put in the basement be acceptable? Similarly, would marking the computer record in a database as "inaccessible" be enough? I personally doubt that the court would accept either method.

Delete is a technical word that has a specfiic meaning.

Respectfully, if that were true, we wouldn't all be having this discussion.

Respectfully, the fact that we're having this discussion means some participants aren't adhering to the technical definition. There's a meandering, geographically and socialogically heterogeneous definition that is non-technical. In court, I believe a technical expert would use the former, not the latter (unless specifically required to do otherwise).

What do you think that definition is? I've never seen a single, authoritative, technical definition of the term, nor anyone with the authority to write one.

English courts don't like to give specific technical meanings to words. They prefer to use the everyday meaning as understood by the reasonable person.

I understand this is perhaps a cultural difference to the US.

But the file system overrides the (former) file content eventually. You don't have a guarantee you can retrieve the content anymore. You'd need to use forensic tools for that anyway. I think any jury can understand this. Setting a flag in a database column is a big difference, as the data never becomes purged eventually.

Well, you could also encrypt the data with a per-user key and throw that away when you delete the user. No the data was not deleted, but access to it is.

There are ways to design data retention around deletable constraints like this. The bigger question is more like “do we trust facebook to agree with us on what deleting an account acually means?”

For isntance, i’m curious if you delete your account whether they still do the shadow account tracking. I’m betting they do.

But what does it mean to "throw [the key] away"?

Are you operating at scale? I hope you have a very robust backup system (including enough that you can even recover from something like the Sony hack), and so you're going to need to ensure that you delete it from those systems. And then, you're dealing with 100s (1000s? 10000s?) of these deletions a day. Do you want that to be instant? Are you really that confident in your deletion that you want it instantly overwriting your backups? How are you resistant to the Sony hack in that case? ...

I don’t know about a general purpose system for this, but it’s generally easier to proactively delete or make inaccessible something in a singe data store. Encryption reduces the problem to a single element in a single data store. You’re not wrong, but it’s a problem worth solving for the ability to not have to solve the problem 1000 times over for each bit of user data.

Thank you. Judges and Senators are not happy when you try to play these word games with them. And you don't want to make a judge or a senator unhappy.

The question: "Whether or not Mr. Bennett knew of your relationship with Ms. Lewinsky, the statement that there was 'no sex of any kind in any manner, shape or form, with President Clinton,' was an utterly false statement. Is that correct?"

"It depends on what the meaning of the word 'is' is," Clinton responded.

[0]: https://www.cnn.com/2017/08/17/politics/tbt-clinton-grand-ju...

There is zero chance Zuckerberg is perjuring himself in front of the Senate. There is probably some obscure legal meaning of "delete" that Facebook follows.

I worked on this system. It takes several months because it's infeasible to purge old backups etc, but eventually it's all gone. The process for deleting accounts is separate from the normal content deletion process and is quite robust.

He is not under oath in this case.

You're always under oath in front of Congress, but if they don't swear you in you can't be prosecuted for perjury in that testimony.

Some poor Senator just went on a rabbit hunt to discuss FB's bug bounty program. Who are these Congressional staffers?

Tech illiteracy is on full-display; we're not even talking 'power-users' (who were on UseNet, btw), these people are lost. Zuckerberg had to be gracious and say his team would follow-up on many things that it was clear the Senator didn't even understand. This is supposed to be our smart chamber.

Disagree. Several controversial questions were dodged by saying his team would follow up. While it's attractive to paint politicians as incompetent buffoons, let's not forget each of them has their own staff and understands what it means to delegate to your staff and not have answers immediately on hand that only a staff expert would understand.

I'm pretty sure both of you are correct. There was a large amount of tech illiteracy on display but, at the same time, Mark dodged TONS of questions and spoke indirectly like a professional.

That entire testimony was very unsatisfying, in my opinion.

Politics is always a performance.

Regardless of the technical literacy of the individuals, they need to ask questions that their constituents will want to know they asked. They are covering their bases so that the media can't play a "Gotcha!" game and say "You were representing the people of the Great State of $YOUR_STATE_HERE, and you didn't even ask Facebook why they invite hackers into their own systems?!". This would look bad for the politician if, by some crazy happenstance, the bug bounty becomes implicated in the boogeyman of the big bad "Russian hackers".

While I don't discount the possibility that many such lines of questioning were borne out of sincere ignorance, the public perception is what matters, regardless of individual competence, knowledge, or ability.

These committee events are just exhibitions to allow politicians to score points back home. Any real work will be done by grossly overpaid lobbyists writing policy that benefits their clients, and grossly underpaid Congressional staffers just trying to work it through the session while protecting Their Guy from potential damage/backlash.

This was what I was trying to get at.

>That entire testimony was very unsatisfying, in my opinion.

After watching dozens of hours of congressional hearings over the past 2 years, this is not at all surprising. These committees have no teeth.

He wasn’t even under oath

>>That entire testimony was very unsatisfying, in my opinion.

The goal was not satisfaction. The goal was to allow the Senators to be able to tell their constituents they did something about the Facebook problem, to the vast majority of whom "Congressional hearing" will sound serious and consequential.

edit: The downvotes tell me that most people don't understand how these committees work. Here's a hint: they have no teeth. Nothing will happen as a result of this hearing.

It’s all done for the media, soundbites, constituent communications, and fundraising. I once worked for the energy and commerce committee, and it’s a total crap show.

That doesn't make any sense.

If you're receiving questions that weren't published prior to the interview it's perfectly understandable that not all questions can be answered immediately. In fact, I'd be more suspicious if he answered everything without needing to follow up. If however you're the one raising a question, I think it's your responsibility to ensure that you or someone on your team someone does some basic research and due diligence beforehand.

Saying that oh look it's okay they're not incompetent, it's just they just delegated to people who were incompetent doesn't make it any better.

> If you're receiving questions that weren't published prior to the interview it's perfectly understandable that not all questions can be answered immediately. In fact, I'd be more suspicious if he answered everything without needing to follow up.

Right so I'm not expecting him to answer _every_ question without referring to his staff. There were, however, key controversial questions which he did not answer by claiming he didn't know something immediately.

> If however you're the one raising a question, I think it's your responsibility to ensure that you or someone on your team someone does some basic research and due diligence beforehand.

Zuck was brought in front of the committee to discuss troubling behavior and troubling allegations. While you don't want to ask a nonsensical question, I don't think there's a requirement to be very informed about the subject matter. A number of questions by the committee seemed exploratory or seemed to be simply looking to clarify some rumor/allegation, some were indeed technically misinformed or misunderstood questions, but by and large a lot of the questions that were asked were competent and necessary.

> I don't think there's a requirement to be very informed about the subject matter.

Why would you think that? This is a time limited, one day high profile public hearing.

I think it's actually two days. That's what they said on the CSPAN radio stream, anyway.

One day for each house

> There were, however, key controversial questions which he did not answer

Can you give some examples please? Having not watched much of this live, nor read the paraphrased feed, I'm interested to know what controversial areas you think were dodged.

- Roger Wicker asks whether Facebook can track browsing activity even when a user is logged out of Facebook. Zuckerberg responds that he's not aware and he'll have his staff follow up, then later admits that cookies exist. They obviously do track this, as stated in their documentation: https://www.facebook.com/help/186325668085084

- John Cornyn asks whether all of a user's data is deleted when their account is deleted. Zuckerberg says, "We should delete all your information." Cornyn: "Should, or do??". Zuckerberg: "We do".

- Later on, Cory Gardner reads parts of Facebook's terms of service stating that backup copies of data may persist for some time after an account has been deleted. Zuckerberg pulls the old, "I'm not sure how it works, I'll have my team follow up". He really seems to want to avoid saying outright that 100% of your data is deleted, because it isn't, "log records" (open to broad definition) are only somewhat anonymized: https://www.facebook.com/help/125338004213029

- Gardner also asks whether Zuckerberg thinks users are aware that they are tracked every time they are logged in in another tab and visit a website with a Like button on it. Zuckerberg says, he thinks people are aware, they should be able to infer that from the context we show them about their friends liking the page.

- During questioning by Sheldon Whitehouse, Zuckerberg says users can download all data Facebook has about them. This is false. The "download your data" button only gives you data from your direct interaction with Facebook, and definitely does not include the sites they've tracked you on around the Internet.

Not sure whether any of these dodges bordering on lies could be prosecuted for lying to Congress, but sure would be interesting to see that tried.

Thanks. Very insightful. Hopefully UK parliament will pick up on his obfuscation and prevarication when they interview the CTO. For what it’s worth, I don’t think MZ was straight up today - and as legislators realize that, it makes it more likely FB will be broken up. If not by the US, then because the EU will force it. I’m seriously unimpressed that MZ has not grasped his situation.

Yep. The amount of "my staff will follow up" was on par with Sessions' "do not recall" statements.

The fact that they called Zuck out on "what hotel did you stay at last night" and "if you messaged any friends in the last week, can you please share the first names of the people you messaged in the last week?"

and Zuck: "no I will not share that publicly"

Senator: "Well, thats the reason why we are here, isn't it?"

Appearing incompetent usually happens because they are actually incompetent.

The fact that they were prepared with these questions only makes the matter worse with the majority being irrelevant and aimless shots in the dark. They are the designated lawmakers with the power here, they absolutely need to do a better job.

Both politicians and Facebook have different incentives.

Facebook has to stay competitive and work with realities with the world. Politicians are paid from taxpayer money and don't have to pay for their decisions.

Politicians are not stupid. They can hire smart tech people to ask smart questions but it does not matter to them. Ted Cruz will still keep his job even if he asks stupid questions. Marc on other hand lose billions of dollars if he makes stupid decisions.

The politicians there do not care about privacy or you and me. That is just pretence. All they care about is how they can benefit from Facebook's $$$$. How can they use Facebook's success to gain more power.

Most of these politicians support unauthorised searches and snooping. These hearings are all farce and I hope Zuck comes out as a winner.

> Zuckerberg had to be gracious and say his team would follow-up on many things that it was clear the Senator didn't even understand

IMO on way too many things, even when it was clear that the senators did understand what they were asking.. and it wasn't because of grace or politeness, it was the new 'I plead the fifth'

This might come across as naive, but I think it is impressive that 1) A lot of politicians are getting their talking time, some more knowledgeable than others, 2) the politicians engage overwhelmingly in good faith on their own level, without being intimidated

I would also argue that a healthy dose of tech illiteracy (if that's what you want to call it) is precisely what we need in this situation. Tech minded people will always find a way to decide in favor of technology. They are loyal to the technology. We need people who can look at all of this from the unbiased perspective.

> Tech minded people will always find a way to decide in favor of technology.

I’m pretty tech minded, and I fucking abhor Facebook and Google for the way they behave as a matter of business.

Don’t assume that because you might feel inclined to give tech a pass because it’s tech, that others would too.

Fair enough. I shouldn't have used the word "always".

This is relevant to my comment below. ( https://news.ycombinator.com/item?id=16806430 ) Don't make the mistake of thinking what's happening on the surface of this is what's really happening.

I'm pretty sure that he asked if someone found bias in an algorithmic implementation would they qualify for the bug bounty program? Mark deflected by saying devops? (maybe i'm confused)

Poorly paid, overworked, with an overblown sense of importance.[0]

[0].I work on Capitol Hill

The Senate is not supposed to be the "smart chamber" but the chamber that lessens the House's power to vote for the vagaries of the moment. This is also why the Senate but not the House confirms appointments and approves treaties.

Mark Zuckerberg does not believe he has a monopoly. He believes there is an alternative to Facebook in the way that different car manufacturers have different competitors.

Surely he can't mean this, right?

>Mark Zuckerberg does not believe he has a monopoly.

I tend to agree with him. Facebook just happens to be the most popular Internet social network, right now, but there is nothing that makes it a monopoly.

Anyone could replace it, there is nothing actively stopping them from doing so.

I'm sure for decades the Ford Motor Company was thought of as a Monopoly... and then they went bankrupt, and that's just one company that comes to mind right now.

Ford was never considered a monopoly. GM and Chrysler have been around since the early days. And even in the Model T days there were plenty of other cars. Also, Ford never went bankrupt, you might be thinking of Chrysler or GM, both of which filed for bankruptcy in 2009, although neither ceased operations (so not "bankrupt" in the colloquial sense).

Facebook, on the other hand, what other network can I use? Twitter isn't really the same thing. Most people outside of China don't have WeChat (and why would I voluntarily give anything to the Chinese government). Same with LINE (Korea, Taiwan) and VK (Facebook for Russia). Instagram, which really isn't the same as Facebook is owned by Facebook, as is WhatsApp. The only competitor is Google+, and is that even still going? Is it really a competing social media network if no one I know is on it?

This reminds me of a Woody Allen joke:

Two elderly women are at a Catskill mountain resort, and one of 'em says, "Boy, the food at this place is really terrible." The other one says, "Yeah, I know; and such small portions."

All companies eventually go bankrupt, or change in some fundamental way.

By your definition, nothing can ever be a monopoly, can it?

>> Mark Zuckerberg does not believe he has a monopoly.

> I tend to agree with him. Facebook just happens to be the most popular Internet social network, right now

And it will remain the most popular one as long as it's allowed to continue buy the up and coming ones. People are fleeing Facebook for Instagram.

If they were viable competitors like Instagram, Whatsapp or even Snapchat, FB would try to buy them out and become monopoly-like again. But there is no perception that the gov should question these mergers for this industry.

>Anyone could replace it, there is nothing actively stopping them from doing so.

Sure there is; all of the people on FB already. The fact that the software can be replicated is not the only consideration. If, in practice, they have a virtual monopoly due to user lock in then it's a reasonable debate to have.

I'm certainly out of my depth on the legal end of this, but your definition is far too simplistic.

>virtual monopoly due to user lock in

But users aren't locked in. They have not paid a yearly fee which still has 11 months left, they don't have to pay a fee to leave, and they don't have to pay a fee to join the other network.

Users can come and go as they please, and there are alternatives they can use, if they choose.

If they don't want to use the other network because their friends aren't on it, that's just their choice, not "lock in".

Sure they are. I could go to some other social service... but literally no one I know will be there. In my mind, that's a form ot lock in. I'm not saying FB is evil because it has a large user base, but for many there really is no alternative. Note that MZ ducked this question in the hearing and there is a reason they bought whatsapp (and that reason isn't "talented developers")

Your premise only exists in a simulation where humans aren't human, where instead they're robots that think solely rationally and are not inconvenienced by anything. That's nearly the exact opposite of how people behave.

When you're actually dealing with human customers and users, it's nearly impossible to convince them to switch once they're comfortable with a product or service. Those people have to be tremendously inconvenienced to do so, while simultaneously being presented with a great alternative - often it requires a 10x-style superior product that isn't just great, it's a huge leap over what's already available.

Switching costs are immense with Facebook. If you have 100 friends on there, and you're the first to abandon their network and move to a new social network where none of your friends exists - that's a huge cost for the average person. It may or may not be a cost to you, it is an immense cost to most people. That also applies if you attempt to maintain profiles on both networks, it's a time and annoyance/inconvenience cost, people hate such.

> there is nothing that makes it a monopoly. Anyone could replace it, there is nothing actively stopping them from doing so.

While I don't entirely agree with this line of argument, it's usually argued that there is in fact a very massive cost in attempting to do so and that Facebook has a very large moat with its network effect. It's very difficult to unseat an entrenched & dominant company in any field first of all, second you need large amounts of capital to compete in such a set market. You have to change the minds of practically every adult American and switch them away from a product they already know and are comfortable with (that is also 'free' to use), that's beyond difficult.

Look at how much capital Facebook raised pre IPO, you will need more than that to unseat them; no venture capitalist is going to give you that (which is why nobody is seeding Facebook competitors with billions of dollars, despite the fact that they'll earn $20 billion in profit this year; it's the same reason nobody is seeding Google competitors by the thousands).

> I'm sure for decades the Ford Motor Company was thought of as a Monopoly... and then they went bankrupt

Ford Motor Company has never gone bankrupt. Perhaps you're thinking of GM, which has been dominant in the US over Ford since 1932.

There's other ways to communicate with other people online, you see? That's overlap! /s

Weird because he does everything he can to protect his monopoly by buying promising social companies while they're young.

He bought Instagram because they are talented developers, not because they are a competitor. /sarcasm

If we're talking globally then Facebook is quite obviously not a monopoly.

Just within the US, I guess you have to conclusively define what it has a monopoly in, i.e. what is "social networking". For online messaging there is iMessage, Hangouts, Skype, Snapchat. Photo sharing - Snapchat again, Twitter, probably even just email. For videos there is YouTube. For maps and check-ins there is Foursquare, Yelp. And the concept of having an online identity tying all these services together is done by Google as well.

He should have responded with every company having a chat platform, social graph, and ad platform. So google, linkedin, twitter, apple, microsoft, and so on. Then consult with the grandkids for an explanation on how things actually work. Trying compare FB that has been around for 14 years vs. the automobile for over a 130 years was silly.

FB is about making $$ with ads, the social aspect is a drug for the eyeballs. Why didn't they just ask him if he considered himself the worlds digital drug dealer?

Congress acting all worried "you have our private information and going to use it against us", where were you when the net neutrality vote was the topic?

People here told me Google+ was amazing and that everyone worth associating with was on there.

Is that no longer true?

Unless you're suggesting that nobody I interact with in real life is worth "associating with", then that statement has never been true.

Well he's certainly not going to testify that he thinks he does.

Mark has always thought his primary competitor is email. Let that kind of hubris sink in for a moment.

He's smart and capable but I don't think he has perspective. Perhaps he never did.

Why do you think that‘s hubris? I think that‘s a great way of looking at Facebook and what it provides.

What hubris?

Why didn't telephone companies suffer from a similar network effect, and isn't there a monopolist in telephony?

Can we apply the same principles in the case of Facebook?

They did suffer from a similar network effect, which was only broken when AT&T accepted a consent decree to spin off all its regional providers.

There's Google+

I actually liked Google+ but let's be honest, dozens of users is not a social network

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact