Hacker News new | past | comments | ask | show | jobs | submit login
Why is the FB leak getting more attention and momentum that the Equifax hack?
116 points by s3r3nity on Apr 10, 2018 | hide | past | web | favorite | 50 comments
FB should definitely be held to the fire, but it frustrates me that there is more momentum to regulate FB and prevent a similar situation than what happened with Equifax.

The latter has more implication on damaging a person's prospects of living productively in society (think about all the stuff your credit score impacts) than the Facebook data leak.

At least FB is voluntary - you can't opt out of social security numbers.

Because normal people don't understand or care about what equifax is or does or has. They "know" what a credit score is insofar as it's a number that lenders care about. That's about it.

People are mad about facebook because it's an actual part of their daily lives and they "know what it is". I put that in quotes because it seems people are just now figuring out what facebook actually is, in terms of funneling man-cattle into advertisement pens.

Imagine if your company had some obscure HSA type benefit that you didn't really understand, and you could have made $2k in tax gains and didn't, and now the window's closed. Bummer, but i mean... whatever. It's all confusing accountant jargon anyway.

Now imagine that your company would expense $2k in meals as long as you filed for reimbursement within 72 hours, and you missed out on $2k of free lunch. You'd be mad as hell!

Same money. Different levels of personal "realness" based on comfort with the underlying concept.

> normal people don't understand or care about what equifax is or does or has

People also discount hypothetical harm versus tangible harm. We haven’t yet seen a massive fraud carried out with Equifax’s data. We have seen malfeasance resulting from Facebook’s negligence.

There is also an international component to Facebook which does not exist with Equifax.

I'd trade "Cambridge Analytica knows I like Saosin" for "hackers know my social security number" any day.

You're not alone.

Because Equifax was a hack, Facebook's situation was WAI.

Your bank putting a bad lock on the safe is different from the bank creating a back door where others get a red carpet to the safe.

Equifax's "safe" holds information about money that you borrowed, and some PII to tie it back to you.

Facebook's "safe" probably holds enough information to change your perspectives on a variety of issues, sway elections, break democracies, etc.

While both are undoubtedly important, Facebook should be objectively more important than Equifax due to the nature of the information that Facebook holds.

Who cares about money when so much more is at stake?

> Facebook's "safe" probably holds enough information to change your perspectives on a variety of issues, sway elections, break democracies, etc.

This is sarcasm, right?

Nope. Why do you think it is?

A large use case for collecting all the data about everything is what I just mentioned. Even if they themselves do not do these things, they allow others to do it using their platform.

I don't like linking to Stallman because it sounds like I'm a conspiracy theorist - but here you go: https://stallman.org/facebook.html#psych

> Equifax's "safe" holds information about money that you borrowed, and some PII to tie it back to you.

It also contains address, SSN, account numbers, etc. Which, for most people, is far more damaging than your FB profile.

But again, Equifax's hack wasn't WAI, it was a hack. Facebook's "leak" wasn't even a leak, it was WAI.

> It also contains address, SSN, account numbers, etc.

This is money.

> FB profile

This contains information about who you are (psychologically and physically). It can be used to change your mind about things with/without you realizing.

Though I'm not disagreeing with your point that one was an accident/bad practice while the other one was willful malice.

What I do disagree with (that OP mentioned) is that you can opt out of Facebook. They do keep shadow profiles of non-users as well. It's just as easy to opt out of SSNs as it is to opt out of Facebook.

Money is what allows me to provide a good lifestyle to my family.

Facebook, well...I don't get my news there. Most of my profile is blank, false, or misleading. A decade ago, I used it for more. Now, it's a couple of technical discussion groups and the event calendar.

Facebook is a blip. Equifax is the reason that I spent a lot of last week defending my bank account and cell service from takeover.

"This is money." x "This contains information about who you are (psychologically and physically)."

Well, that becomes a personal opinion call about what you care more about, not a objective comparison.

> It's just as easy to opt out of SSNs as it is to opt out of Facebook.

Yeah, no, it isn't. You can easily isolate yourself from Fb, even if you still use it.

And I think you've never went through identity theft, to think that. Identity theft can easily lead to bankruptcy, losing a job, tens of thousands in debt, etc.

What is WAI? I searched for “WAI” by itself and with “Facebook” and got nothing useful. You’re the only person using this acronym and no one else seems to be responding to it; do you mind clarifying it?

This happens a lot on HN. Personally I don’t mind it, but it is problematic for discussion.

I enjoy the puzzle of guessing acronyms based on context. Apparently it’s part of my MBTI personality type... and I think I got this one right as “working as intended,” but I only have the context in this case because I share the OP’s opinion on the matter at hand.

That illustrates the problem that using unidentifiable acronyms limits discussion by constraining your audience to those who already agree with you or share your expertise.

It's interesting that you realize they are problematic for discussion, yet continue on to use the acronym "MBTI".

I don't know what it stands for.

Sure, my apologies! WAI = working as intended. That is a common reason for closing a bug report, for example.

Sometimes known as "that's not a bug, it's a feature".

I believe they are referring to "works as intended".

I feel old every time I have to look something like this up on urban dictionary.

The Equifax breach affected data about people that was collected as part of practices that tie to big finance, whose behavior feels hopelessly disconnected from the everyday lives of individuals. It's the System, it's always been the System, and will probably always be the System, made sure of by lobbyists, inertia, and lack of good answers that are equally palatable to everyone on how to do it any other way.

For common people, there's a sense of helplessness, and for politicians there's a sense of inconvenient consequences for having punted the topic of national identity to the States and the private sector -- and too many barriers to achieving realistic progress on doing it any other way.

The Cambridge Analytica scandal is about data that was once relinquished by users voluntarily for a different purpose, or collected by Facebook as part of its normal operating practice, that found its way through multiple hands in unsavory backroom deals, and ultimately ended up with a radical actor who ostensibly used it to help a widely-derided candidate eke out a narrow and unexpected victory in the US presidency.

It's an issue that emotionally tugs at all sorts of people for all sorts of different reasons: multiple breaches of trust, a corporation's business model laid bare to everyone who's been unaware, the complete lack of accountability to the chain of custody of people's data, the unsavoriness (depending on the viewer) of some of the characters involved -- it's a story everyone can get upset about. More critically, it's a story that annoys politicians too, and unlike with Equifax, they are actually equipped and willing to take action on it.

I think the primary difference is that Equifax is more of an isolated incident while the Facebook leak is part of a bigger story. That bigger story is about what happened during the 2016 US presidential election, the Brexit referendum, and other recent elections. That story seems to have revealed a fundamental flaw with how democracies function in the digital age. Understanding and fixing that flaw is one of the most important things we can do as a society because our governments have a hand in every part of our lives. That goes much further beyond the hours and money that victims of the Equifax hack will undoubtedly lose.

> Why is the FB leak getting more attention and momentum that the Equifax hack?

Mainly because the news and other mass media feed on recency. Equifax is yesterday's news.

Also, Facebook is actually a concept in people's lives, whereas Equifax is just a kind of hidden parasite that large numbers of people are affected by, but do not interact with directly.

I suspect there are 2 main causes:

1) People perceive that FB might have helped Donald Trump get elected President of the United States.

2) The traditional media companies see Facebook as their rival and hate how Facebook can control access to a significant percentage of the population. Therefore, it is in their interest to amplify anything that has the potential to harm Facebook.

totally agreed with this. we had data leaks that involved our credit card, bank account, SSN, etc. but media & gov is tripping over fb leaking our likes and friendship connection? what crazy world are we living in? this seems more like a publicity stunt than anything else.

Part of it (I suspect) is that while Equifax's issues were egregious and woefully under-responded to, it still is essentially one thing...your FICO score and the info that feeds it, that was the main loss/breach.

To a lot of casual consumers, that still feels fairly attenuated from daily life.

FB on the other hand, is something people willfully interact with and hold 'private' conversations on and divulge personal data across a spectrum of areas. It feels more visceral and violating.

Yup, the Equifax breach affects "just money".

Facebook being evil impacts who you are as a person, what you will do, what you have done, etc.

I can uninstall Facebook and opt out of it. I can't uninstall Equifax. My identity was stolen. It's more than "just money". It's something I will have to deal with for the rest of my life. Always looking for my shoulder.

Facebook is insignificant by comparison.

The Facebook leak gives an opportunity to the media apparatus controlled by Dems to promote the idea that there's a link between Russia and the electoral result in the last US elections. I have not read an article about the FB without direct or indirect insinuations that it changed the US elections yet.

The underline narrative is that everyone who voted the wrong candidate was ill-informed or tricked on purpose, while everyone who voted for the right candidate is educated and well informed. I'm in mid-30s but in the world of politics, I never saw such a ferocious reaction form a losing party in a western democracy. Politically speaking, we live in very interesting times I believe.

However, anything that improves awareness about privacy issues is to be welcomed IMHO.

My take on this is, financial industries are old money firms. They have got their hooks in proper into the system. They can control the damage that can be caused by Congress. Tech industry is new money. They will first have to replace the old money guys to get the same respect.

I'm not a US citizen so don't know much about Equifax, but from what I have read about both issues (mainly through HN about Equifax) a main difference between the two cases is that companies like Facebook are way more visible and advertise that they have good will (they want to change the world, make it a better place, connect people, etc..), whereas sth. like Equifax operates in the background and does not try at all to convince you that they are a willingly benevolent actor. So Equifax was just another fuck-up, but at a bigger scale, whereas with Facebook it's more of a fraudulent PR. Moreover, Equifax was hacked, Facebook has been used as it was meant to to exploit people.

ISP astroturfing and the incoming government filter/firewall that they are helping build [1]. SESTA/FOSTA are also part of this.

The internet is being turned into hotel wifi and ISPs are the brownshirt errand boys helping it because of their privileged monopoly/network position in the aristocracy and plutocracy.

Partly it is because everyone knows Facebook and the division in our country is intense right now.

Mostly though it is because all that money that the ISPs used to put towards removing privacy protections and net neutrality are now aimed at censorship, tracking and control instead of innovation and expansion with new product offerings. ISPs know they will have the monopolies needed for implementing it and they will get deep access into the data to help their ad/tracking/data selling efforts.

"Goodbye" -- Internet in 2018

[1] https://www.wired.com/2017/04/internet-censorship-is-advanci...

Because equifax is not eating mainatream media's advertising pie i guess.

One word. Trump.

It’s as simple as that.

Politics, control, power.

He who controls the flow of information, controls the world - History is written by the victors - Ingsoc's Newspeak.

Simple, because Facebook are a threat to the entire way of life for mainstream press, so they will jump all over this, spin it and twist it in all sorts of wonderful, self serving ways to ensure their continued existence against the beast that is threatening to turn them into inconsequential dinosaurs.

At least in europe, people don't care for equifax, but Facebook is very popular and certain to generate enough clicks whenever it's mentioned in the title. To answer your question, the reason is clicks.

Probably has something to do with the frequency of how often people consciously use Facebook. Maybe they have comparable amounts of data, but Facebook puts a lot of effort into making you think about it all the time.

As an European I care very little about Equifax as it doesn't affect me.

Facebook on the other hand, affects me because I used to bena member and also because Facebook's tracking tentacles are all over the web.

TL;DR: the Facebook data leak is a global issue, the Equifax leak is only an American problem.

I think it's exactly that sort of helplessness. I never did have control over what was shared with Equifax or what they told other people about me.

"The latter has more implication on damaging a person's prospects of living productively in society"

Does it though?

If someone wanted to destroy you they'd rather have your psychological profile than your social security number.

The worst someone can do with your social security number is have some collectors (who legally can't collect money from someone who doesn't owe it) bother you.

The worst someone can do with your psychological profile is undetermined at this point, but it looks to be much much worse.

If you study machine learning, you'll encounter a definition of "bias" that initially seems to differ from the conventional definition, in that a system is "biased" by what it is capable of representing. If I have a simple AI system that I feed two numbers to, "yellowness" and "curviness", it's going to decide a lot of things that aren't bananas are bananas, because the representation that it has access to is very biased and is not capable of representing the full complexity of objects in the real world. This results in a classifier that is very "pro-banana biased".

I say "initially seems to differ" because in my opinion, if you meditate on it for a while, it becomes increasingly clear that the conventional definition is actually a moralistic (in every bad sense of the term) mess, and this definition actually applies very well and clarifies a lot of thought in this area. But that's just a sidebar.

The main reason I bring this up is that I'd submit the reason people are more upset about Facebook is that they find it much easier to represent Facebook in their minds than they do to represent Equifax.

Equifax is, on average... something... something... credit cards? Financials? Ugh. Complicated. I've got no representations for that crap.

Facebook, by contrast, is what I spend two hours a day in. It's what caused that entertaining family drama (depending on which side you were on) last month. It's where I reconnected with... you get the idea. Very easy to represent. Very easy to personify mentally, since the human brain that is optimized for tribal living on the savannas of Africa (more or less) reuses a lot of circuitry for things not in the original design spec, and we use our very capable "model complex behavior as stemming from human motivations" circuits a lot. And that personified Facebook just betrayed you by spreading gossip about you all over the place, without your knowledge (you knew about the rest of what it does), and for their benefit and to your harm. And is being very unapologetic about it.

So there's a whole complex of ideas readily at hand in our brain to understand Facebook. Facebook is basically being modeled as a friend, perhaps even your best friend, who just stabbed you in the back for their own gain. Yup, people are pissed. Where as Equifax was... something, err, people in an office and they dropped some papers on the ground or something? People's brains are readily able to represent Facebook using pre-existing circuitry, Equifax is just a confusing mess that most people can't get a handle on.

Bear in mind that we have a very-above-average concentration of people reading this post who do have the ability to understand Equifax. I'm speaking to the public case here. I also don't think the public is "stupid" on this matter; I just think most people lead lives that involve developing representations for all sorts of things I don't understand per se, but don't involve developing the rather artificial representations needed to understand the unbelievably complex financial industry that exists today.

Because it influenced the election in the United States.

Cool to see Russian bot talking points on HN now.

This was my first reaction as well, but I've met people IRL that seriously believe that the Equifax hack is more important than Facebook's tracking.

This is definitely a discussion worth having.

You say that like it's some sort of impossibly silly idea? I have to admit to not being entirely certainly how to score it myself, because in terms of direct damage the Equifax is worse, but in terms of what is corroding society Facebook is worse, and it is not immediately obvious to me how to compare the two radically different vectors.

The idea that the only possible reason to believe one side or the other is that one is in direct pay of a nation state spreading propaganda is probably one of the more anti-intellectual things I've heard this week. Or something like that. Don't have a great word for what this seems like to me. But it's definitely a "what???" moment.

Good points. I guess they are very different situations that can't be compared easily.

Well the latter is obvious to anyone with a healthy dose of cynicism and knowledge of what facebook is. The former is something you could not figure out on your own. The fact that someone is so incredulous to state that you have to be a russian propoganda pawn to think twice about the importance of these events is really scary... I guess we can thank american propoganda for the success of "russian propoganda" then...

Why now though? And why facebook specifically? Are we going to bring in google for gasp reading our emails?

Google will get called in if Trump manages to win in 2020.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact