Hacker News new | comments | ask | show | jobs | submit login
Mark Zuckerberg's Facebook hearing was a sham (theguardian.com)
483 points by DyslexicAtheist 10 months ago | hide | past | web | favorite | 252 comments

I was struck that on the surface it looked quite adversarial. Senators were trying to ask fairly pointed questions (despite any technical ignorance). But underneath the surface, the two parties here have fairly well aligned goals -- less freedom on the Internet. The senators want to show that they're doing something, and Facebook welcomes regulation in order to suffocate would-be competitors with it. I'm sure they're going to collaborate to find something that works well for both of their interests. We're witnessing the death of the free internet. It was a nice experiment while it lasted.

it was a sham because asking hard questions would require them to admit FB being an important asset for US own intelligence operations.

If they drill too deep they'd need to face very uncomfortable questions about other platforms too, e.g Palantir (Thiel was right there lurking ;)). Facebook is the Internet in many countries (making them less resilient and even more prone to meddling than the US). And so looking at it from the IC perspective FB is too big to fail:

- Remember Palantir worked with CA on the Facebook data it acquired: https://news.ycombinator.com/item?id=16690721

- Remember how confident in May 2016 Thiel was of a Trump presidency and when he openly started endorsing Trump? Was he operating with more knowledge than available to the general public: http://fortune.com/2016/05/10/peter-thiel-trump-delegate/

- His $1.25 million donation in October 2016 seems even more interesting now: https://www.nytimes.com/2016/10/16/technology/peter-thiel-do...

- Leaked Palantir Doc Reveals Uses, Specific Functions And Key Clients https://techcrunch.com/2015/01/11/leaked-palantir-doc-reveal...

- This is who runs PRISM: https://talkingpointsmemo.com/edblog/is-this-who-runs-prism

Oh and Palantir enables Immigration Agents to Access Information From the CIA: https://news.ycombinator.com/item?id=13895827

Also more uncomfortable questions: https://twitter.com/RidT/status/983789426340921349

Everything about everybody, living or dead, is known in near real-time.

We got a demo of Seisent, since bought by LexisNexus, mid-2000s. Our use case was to uniquely identify patients to improve record matching across heterogeneous databases.

Back then, Seisent was just based on publicly available data. It spanned all of North America, The Caribbean, and a good portion of Central and South. In those regions, every single person has been unqiuely identified. Easy to do thru process of elimination with that much data.

When shown my own data set, everything about me was right there. Everywhere I've ever lived, worked. My entire legal trail, like mortgages, marriage. Seisent even inferred my ex-wife's affair (FOAF).

Seisent sold their tech (big graph database, query language, some gear) to the NSA. Who was able to add non-public data. Like phone records, electronic transactions, etc.

That was 10+ years ago. Now I imagine they're slurping data up globally.

Siesent, Palantir, Facebook, Google, Amazon, Apple, etc effectively know everything about everybody.

I assume foreign efforts are doing the same.

I really doubt this is true, given how poorly targeted advertising performs, how much stuff credit-reporting agencies get wrong, and how much stuff intelligence services miss.

I'm sure they have a lot of data, but like anyone else, it's dirty data, and it's difficult to draw meaningful conclusions from it.

What measure of proof do you require?

PS- One of Seisent's selling points was helping to solve cold cases. The successful example I remember was matching MOs from a set of crimes in multiple areas and then identifying all the persons matching the profile who could also be in those areas at those times.

> What measure of proof do you require?

How about a single targeted advert for a product I want to buy? (Note: products I already bought and then start seeing tons of advertisements for don't count)

> PS- One of Seisent's selling points was helping to solve cold cases.

Did it actually help solve those cases? I haven't heard of any dramatic drops in unsolved murders, or huge numbers of cold cases being closed.

If they really do "effectively know everything about everybody", they're keeping damn quiet about it.

Man, I really wish the paranoia around Palantir would die. It's a federated database search system, and that's it. It searches multiple databases, and returns combined results. With all this complete paranoia around it as a company, people seem to have the impression that it's magically summoning data out of thin air, when in reality it's a glorified JOIN statement (obviously a simplification, but you get the sentiment).

Yeah, Thiel is more conservative than most big names in tech, but that's not surprising given that Palantir started focused on the national defense space.

Oh, and "PRISM"? Yeah, that's just a data importer. Completely separate from the secret CIA project, it's just a classic naming conflict. It was originally named "Palantir Data Importer" or something of that ilk, but Palantir loves fancy names, so re-branded it Prism (which is actually a clever name, as prisms takes white light and separates it into colors, much like the importer takes unstructured or semi-structured data and separates the entities and relationships).

Source: Am former Palantir engineer

Here's the Palantir section of the hearing.


SEN. MARIA CANTWELL (D-WASH): Thank you, Mr. Chairman.

Welcome Mr. Zuckerberg.

Do you know who Palantir is?


CANTWELL: Some people refer to them as a Stanford Analytica. Do you agree?

ZUCKERBERG: Senator, I have not heard that.


Do you think Palantir taught Cambridge Analytica, as press reports are saying, how to do these tactics?

ZUCKERBERG: Senator, I do not know.

CANTWELL: Do you think that Palantir has ever scraped data from Facebook?

ZUCKERBERG: Senator, I'm not aware of that.


CANTWELL: Have you heard of Total Information Awareness? Do you know what I'm talking about?

ZUCKERBERG: No, I do not.

CANTWELL: Okay. Total Information Awareness was, 2003, John Ashcroft and others trying to do similar things to what I think is behind all of this — geopolitical forces trying to get data and information to influence a process.

So, when I look at Palantir and what they're doing; and I look at WhatsApp, which is another acquisition; and I look at where you are, from the 2011 consent decree, and where you are today; I am thinking, “Is this guy outfoxing the foxes? Or is he going along with what is a major trend in an information age, to try to harvest information for political forces?”

And so my question to you is, do you see that those applications, that those companies — Palantir and even WhatsApp — are going to fall into the same situation that you've just fallen into, over the last several years?

ZUCKERBERG: Senator, I'm not — I'm not sure, specifically. Overall, I — I do think that these issues around information access are challenging.

To the specifics about those apps, I'm not really that familiar with what Palantir does. WhatsApp collects very little information and, I — I think, is less likely to have the kind of issues because of the way that the service is architected. But, certainly, I think that these are broad issues across the tech industry.

> CANTWELL: Have you heard of Total Information Awareness? Do you know what I'm talking about?

> ZUCKERBERG: No, I do not.

Hard to believe someone who has spent the past decade looking at how to monetize data has never heard of TIA.

I mean, it's probably more convincing than "I'm not really that familiar with what Palantir does".

Your average Ivy League CS grad is familiar with the bottom-line summary of what Palantir does - all the claims about secret projects aside, they do give tech talks and put product demos online. Zuckerberg is claiming he's not even familiar with that stuff?

The initial section about Palantir was very well rehearsed - Zuckerberg immediately clammed up.

oh and Sarah Jeong just now:

"Going to tweet out amounts received by each Congressperson from Facebook since 2014 as they speak in this hearing"


this is worth gold!

Sweet! There should be a rule where, whenever a politician is on TV talking about some subject, there needs to be a graphic in the corner showing the total dollar amount of donations that politician received from the 3 most relevant companies.

Like Amazon that Amazon prime feature, X-ray! That would be amazing.

Facebook never was part of 'the free internet', in fact it is a force strongly against the free internet.

> Facebook never was part of 'the free internet', in fact it is a force strongly against the free internet.

That's the point.

Imagine the result of all this is a piece of legislation that doesn't hamper Facebook in any significant way but imposes large fixed compliance costs on tech companies.

Facebook is huge, they pay the costs without even noticing. People who want to dethrone Facebook, or replace it with some decentralized alternative that actually protects privacy, are killed in the cradle by the new fixed overhead.

Facebook gets what they want and the Senators get to look like they've done something, meanwhile nobody pay attention to the fact that the same Senators are about to get a load of campaign money from Facebook.

> some decentralized alternative that actually protects privacy, are killed in the cradle by the new fixed overhead

I don't follow you, how would a decentralized (and presumably non commercial) alternative be affected by this?

Besides the fact that legislation is typically a local affair Facebook would have an advantage versus another commercial player, and whoever wrote the law would most likely focus on those aspects that would have an impact on such players as well.

So for a non-commercial, decentralized and/or federated alternative this would be a huge boon, rather than that it would be killed in the cradle.

> I don't follow you, how would a decentralized (and presumably non commercial) alternative be affected by this?

Are you anticipating a specific exemption for non-commercial operations? That hasn't been true historically.

For example, the notice and takedown rules in the DMCA require you to register an agent with the copyright office. There is no good reason for this when you have the info listed right on your site, but it makes a great trap for the unwary for anyone without the resources to hire a lawyer to tell them that, and causes grief for distributed networks where it isn't clear who should have to register and it almost certainly isn't the case that every participant actually has. Because the law came about as a negotiation between the big players with nobody even considering how it would affect small businesses and individuals or network architectures different from the then-dominant ones.

Or the regulatory nightmare in finance that has successfully destroyed a huge number of small nonprofit credit unions, or the medical industry where none shall enter without an entire law firm on retainer, etc.

People have just gotten used to it so they don't see what's missing. The idea that any individual or even pair of individuals could conduct a medical trial in today's environment is quite ridiculous, so nobody expects it to happen and then no one is surprised when it doesn't. But that was once the source of most of the progress in modern medicine before it was de facto prohibited by law.

It may be true that federated systems won't be affected because of a lack of enforcement, but that's cold comfort. Plenty will opt out of a system where they have to break the law in order to operate, even if the law is almost never enforced. And laws that everyone violates but are almost never enforced are inherently dangerous because they give the government a pretext to go after whoever they want for unrelated and pernicious reasons.

Yup. Textbook regulatory capture.

Ok so what’s the solution? Is the only other option no regulation and accepting the fact that what Cambridge Analytica did is going to be the way things are done from now on? Just wondering what the constructive path for advocacy is now.

> Ok so what’s the solution? Is the only other option no regulation and accepting the fact that what Cambridge Analytica did is going to be the way things are done from now on? Just wondering what the constructive path for advocacy is now.

A little antitrust enforcement certainly wouldn't hurt -- stop letting Facebook buy its competitors. More competition would do two things. First, less people on each network, so less impact for each mistake. Second, more competition creates market pressure. It's much more problematic for Facebook to be able to do this and get away with it because they have a monopoly and users have no alternative, than for them to do this and lose all their users to a vibrant competitive marketplace, serving as a lesson to anyone who would do the same thing.

It also wouldn't hurt if the government would just overtly support decentralized systems. The internet itself, The Tor Project and most of the other decentralized technologies we have all came out of government research grants. Which we don't do nearly as much as we used to in this space.

We could also roll back some of the existing bad laws -- like SESTA -- that are already making it harder for small players to compete.

I think that was his point. Facebook's ascension corrodes the Free Internet

On an unrelated note: I always wonder how people nowadays identify the Internet with WWW. There are so many ways to use the Internet in a way not even remotely related to the current power struggles between greedy businesses and duped users, with incompetent governments meddling in from time to time.

If I had to guess, I'd guess that less than 5% of current internet users have ever knowingly and intentionally used "the internet" via any protocol that wasn't HTTP. Even that might be an overestimation.

Companies like Google and Facebook have effectively turned the web into "the internet" for the vast majority of people. Even e-mail has essentially become "the web" for most people thanks to services like gmail capturing so many uninformed and unsophisticated users. IRC, too, is mostly lost to services like Slack.

Corporate interests have mostly erased the concept of an open, decentralized, multi-protocol internet from the public consciousness.

Could you elaborate?

The Internet is the infrastructure plus a set of protocols, with HTTP being just one of them. The protocols the most heavily used tend to be regulated (at least in the EU...), the rest - not so much. So each time I hear someone talking about "the death of the Internet" when they mean regulation related to the WWW, I feel at least we as "hackers" should remember this important distinction because sooner or later, once the web becomes even more regulated, we might want to turn to these remaining protocols in order to communicate more freely, and without the blessing of people who create web browsers (that became so complex you practically can't compete here unless you have tons of money).

There's a flip side to this: in part thanks to this lack of regulation, anything outside the popular protocols tend to be blocked in an increasing number of network.

I can see this becoming so bad that the only way to communicate freely would be to tunnel our stuff through TLS on port 443. (That is, doing what looks like HTTPS.)

> There's a flip side to this: in part thanks to this lack of regulation, anything outside the popular protocols tend to be blocked in an increasing number of network.

That is definitely not the result of a lack of regulation. The networks doing that are predominantly not public networks like Comcast, they're private internal corporate networks. The issue is they're a large enough minority that they can't be ignored. But that can't be fixed with regulation of public networks.

In fact, it's caused by certain regulations and pseudo-regulations like PCI-DSS, which require the default-deny policies you're referring to.

I stand corrected, thanks.

That's true. Fortunately, if everything else fails, we should always be able to connect on 443 via stunnel for example, no matter what protocol we use. That's the price to pay for the net getting more complex and more abused.

Unfortunately, that's not true. Corporate networks got rid of plain old proxies that just passed anything SSL on 443 many years ago. In order to meet regulatory requirements to record employee communications, pretty much every US company of any decent size uses a proxy (blue coat, zscaler, palo alto, etc.) that executes MiTM attacks on all SSL traffic. If it's something other than HTTP over SSL, or if it's to a blocked hostname, it won't go through.

The sad part is that a lot of people don't even seem to care.

When my relatively small company announced that they were installing a Palo Alto firewall and that everyone needed to install client side certificates in order for web browsers to continue working, it set off major alarm bells in my head that led to one conclusion -- "No more non-work related web browsing at the office. No exceptions."

Most of my coworkers (albeit mostly those in support and not developers, but still people at least somewhat familiar with the way computers work) only cared that they'd still be allowed to visit Facebook during the day.

I was assured that "nobody was actively looking at employee web traffic" but that doesn't matter. They didn't even think it was a big deal to put this new monitoring in writing until I made a big stink out of it, and they added this to the employee handbook:

>Each of these communication avenues are subject to monitoring by the IT Security Manager, a supervisor, or the President. When using any of these communications, be aware that a business record is made, which is retained by the company and becomes the company's property. This business record may potentially contain sensitive personal information related to the sites you are viewing and into which you are logging on, including user/password information. If you do not wish to share such information, it is suggested you do not access those items using [employer]'s network.

We can go one step further, and put our payload into an encrypted body in an innocent looking HTTP request. Thus begins the game of cat and mouse…

I couldn't agree more, the world wide web is definitely just a piece of the internet. I remember the battles over chat protocols, the scourge of p2p protocols and even the move from email to webmail and back again.

The web has always been a bit contentious for instance the browser wars are still being fought in some way even today. The problem is that the web is where developers were able to build without concern over who the powers that be even were but now the web has been turned into a creepy surveillance machine.

Our current president even paid Cambridge Analytica to socially engineer all of us. Turns out the tricks that hackers used to employ have been appropriated for use by the web monopolies. I can't think of a way in which this turns into anything good for the average person.

  the scourge of p2p protocols
Scourge? Which of the peer-to-peer networking protocols is a scourge?

Surely, you aren't suggesting p2p itself is conceptually an abomination in general?

How many people use it this way? Internet without people doesn't have much use. Internet with only geeks on is better, but still pretty limited.

I operate my own mail server. To send and receive email, I use the imap and smtp protocols. No need for the web there, unlike Gmail captives.

There was this thing called "newsgroups", some day before my time. Wasn't the web.

IRC is still a thing. So is XMPP. Isn't the web.

I'm not sure what you mean by "internet without people". There are plenty of people outside of HTTP.

I use Gmail over IMAP and SMTP, only logging in through the web to change server-side mail filtering rules.

But yes, as much as I love the web, it's funny how people forget (or never realized) there are other protocols.

> less freedom on the Internet

The regulations should be non-technology specific. Simply it should provide rules about customer/user data. Even if I use pigeons. (But not RFC 1149.)

Some regulatory requirements are manageable by a large, established company but not a startup. For instance, requiring human review of user content is going to be tough in a high growth phase.

America needs to look at citizen privacy laws like they have in Canada and the E.U.

For example if I log into the Facebook business manager for a company I can see tons of data on Americans but not nearly as many details for Canadians, it's because of these laws. The new E.U. laws are even stricter with regards to personal data and how it's used, no matter who you are.

Why there is no demand for this level of protection in the States by its citizens and representatives is crazy.

Anyone who expects goodwill from Facebook, Google or any company is seriously misguided. Privacy laws need to be in place, actual laws that are bound my the federal legal system, and not just state regulations.

> Why there is no demand for this level of protection in the States by its citizens and representatives is crazy.

The U.S. is culturally much more opposed to government interference in citizens' interactions, compared to Europe. The U.S. started as a rebellion against an authoritarian government.

I suspect this is because a lot of the first Europeans who migrated to North America were the self-reliant type who actually would flourish best if left alone. What we see as help or protection, they see as interference. (This doesn't explain Canada. Inexplicability is one of Canada's many charms.)

Canada is still a constitutional monarchy so that's a difference from the U.S. that has shaped its culture.

But that's exactly how it works in many other lines of businesses, e.g. in construction. Many small companies can't provide compliance with the required codes, so they're forced to work their way up the ladder slowly or create joint ventures. Sure, that way you probably can't become a billionaire in a few years, but also bridges fall down less often because of it, so in the end it's not necessarily a bad thing for the society.

Software and construction are not analogous. For one thing, no one is talking about regulation of social media that has to do with life and death matters. Are you proposing that no one should be allowed to create a video sharing platform unless they can prove in advance they can actively monitor all uploaded content, regardless of how popular they get?

> For one thing, no one is talking about regulation of social media that has to do with life and death matters

You may not believe that if you live in Myanmar or Kenya. Large amounts of behavioral information in the hands of the wrong people can absolutely be a life or death issue.

I'm not saying there are no life and death matters, I'm saying no one is talking about regulation that would address them. I could be wrong, I'm not current regarding the relevance of Facebook and those countries.

What makes you think large companies are more capable of developing reliable, secure software?

Huh? Isn't the point of this whole comment chain that large companies are able to comply with regulations that protect user safety that small companies might not be able to? In that case it's self evident why a large company is better able to protect user safety.

Organization size doesn't really correlate to software reliability or security. But that's not where the problems with Facebook and online privacy generally are. Any org of any size can follow rules like not sharing user information with third parties (though eliminating business models dependent upon that could be limiting).

Smaller organizations would have a much harder time complying with legal changes that significantly erode the Safe Harbor provisions of the DMCA that make platforms not responsible for the actions of their users.

That’s assuming the regulations work instead of just throw obstacles in the way of new companies.

> That’s assuming the regulations work instead of just throw obstacles in the way of new companies.

Not only that, laws have a tendency to set a particular model in stone.

The model large companies use is to collect everything they possibly can and then use bureaucratic processes to control access.

The model small companies and individuals use is to minimize the data they collect and use technical means to ensure that the company has no access to the customer's data at all. This obviously tends to be more secure.

But if the bureaucratic process is required by law regardless of whether it's really protecting anything, the more secure model becomes impossible -- you have to collect all the data because it's the only way to make enough money to pay for the bureaucratic overhead.

> The model small companies and individuals use is to minimize the data they collect and use technical means to ensure that the company has no access to the customer's data at all.

There have been a zillion startups that have had collecting user data baked into their business model.

> There have been a zillion startups that have had collecting user data baked into their business model.

And they can rot like Facebook. Nobody is trying to save them. The problem is you're destroying anyone whose model isn't that.

Not sure what your definition of free internet is, but mine is one where the users are free, not the businesses.

Since when are businesses not users of the internet?

We obviously mean freedom for individual users lacking the resources of big organisations to defend themselves and protect their own rights.

Come on this isn't a game of semantics.

The experiment referred to was one where the web was a level playing field that didn't differentiate between different classes of users. The fact you see this is as a silly semantic point underscores the original point about that experiment being over.

Edit: I can only speculate as to why people don't like this, but in case it makes a difference it's intended only as historical background for people who missed the start of the experiment.

I think business are providers not users.

Those two things are positively correlated

Not necessarily. The ultimate aim of each business is to crush the competition and become a monopoly. If they succeed, and we do have some de facto monopolies now, they can do whatever they want and users/customers have little or no choice. Regulations limiting the power of companies are designed do counteract that.

It doesn't matter if Google crushes the competition in search. You do not actually have to use their search engine, that's part of the freedom of the Internet. Further, you're not entitled to their search engine, that's also a critical aspect of actually having the freedom to use the Internet as you see fit.

They can't do whatever they want. So long as the Internet is free from overbearing government restrictions and the ISPs aren't segmenting it (locking users into restricted sandboxes), you can go wherever you want without using Google search, or shopping at Amazon, or using Windows, or using Chrome, or using Facebook, or shopping on eBay, or paying with PayPal.

The only real limiting premise as it pertains to the Internet, are the ISPs and the backbones.

So long as you can get on a free Internet, engineers can perpetually build their own new products at will, crafting new tech universes that didn't exist before. They have been doing that non-stop in every category for the last two plus decades since the Web took off.

Don't like Chrome because it managed to acquire 99% of the market? Fine, spin up your own clone and put it out there. Or use Firefox or Edge a dozen other lesser used competitors.

Don't like Go or C# or Java? Fine, use one of 37 other languages.

Don't like Google search? Fine, use Bing or DuckDuckGo or a dozen other less well known search engines. Build a new one maybe, nobody is stopping you, maybe it's time for a new search paradigm.

Don't like AWS? Fine, use Hetzner, or Digital Ocean, or a dedicated box provider, or Vultr, or Linode or Google Cloud, or Azure, or build your own new competitor.

There are vastly more options today, in essentially every way, than there were in 1995 or 2005.

The free Internet has worked extraordinarily well. It has never stopped producing alternatives, and alternatives have never stopped existing. The only thing that can crush it is government regulation, specifically if they fuck that up.

I don't disagree with you. That is why I said positively correlated, rather than perfectly. My comment intended to concur with the parent comment: "the two parties here have fairly well aligned goals -- less freedom on the Internet. The senators want to show that they're doing something, and Facebook welcomes regulation in order to suffocate would-be competitors with it."

We most likely will not see any trust-busting as you're describing here. We'll more likely just see more side-effect legislation like the net neutrality repeal or FOSTA/SESTA that will just consolidate power for a few parties and the government at the expense of small businesses.

I don't really understand what the big deal is here. All this data was given to facebook. Ads are inherently propaganda, how is the use of this data any different? If I decide in my terms of service that i can use your data however i want, including mining your messages and selling it to an evil dictator, i should be able to do that. If you agree, you are free to use my plateform, if not, thats fine too, you can't. me, and a group of people whom i've paid have developed this app, how can you restrict my right to do as i please with everything that comes out of it? If i want to shut down facebook tomorrow, i can. If it's against what is in my terms of service, sue the living shit out of me, and force me to update my terms to reflect reality or delete the app.

>Facebook welcomes regulation in order to suffocate would-be competitors with it

Sounds like a libertarian conspiracy theory to me, especially when we still don't know what these hypothetical regulations would look like. For instance if they make it easier to access your data, download and delete it they might somewhat weaken the lock-in effect of Facebook and level the playing field somewhat.

Beyond that and even if they make it slightly harder to build a social network in the future it doesn't mean that a reasonable amount of regulation is not worthwhile. If you want to start a bridge-building company you'll have to abide by a massive amount of rules, yet I'm not really sure I want to let the "completely free market" decide what a safe bridge looks like.

The concept of regulatory or legislative capture actually a mainstream one; hardly deserves the conspiracy label. Further, the author's claim is well supported by ongoing legislative efforts as well as those efforts of the administrative agencies. There's a legitimate and level-headed reason to have concern.

I'd call it skepticism or pessism at worst.

I'm not saying that regulatory capture doesn't happen, I'm saying that it doesn't necessarily happen every time a new piece of regulation is introduced. Saying that any hypothetical regulation introduced after this Facebook fiasco (and all the other data breaches of late) will benefit Facebook and hurt competitors is not exactly what I would call level-headed skepticism.

Doesn't mean that we shouldn't be very careful about what comes out of this whole discussion and maybe make our voices heard if we deem it unfair or ineffective but we're not there yet.

> Saying that any hypothetical regulation introduced after this Facebook fiasco (and all the other data breaches of late) will benefit Facebook and hurt competitors is not exactly what I would call level-headed skepticism.

Can you name a piece of US federal legislation regulating a major industry passed in the last, say, 30 years, where this was not the case?

Vehicle safety regulations.

There aren’t very many small or startup auto makers, so it’s hard to assert that safety regulations don’t function as a barrier to entry. Not that it isn’t a good barrier to have!

> There aren’t very many small or startup auto makers, so it’s hard to assert that safety regulations don’t function as a barrier to entry.

Well actually...


Notice the number created before vs. after 1967, when the feds started passing vehicle safety regulations.

Also notice how many of those created after 1967 (e.g. Geo, Saturn, Hummer) aren't actually independent, they're just retired marks of the existing incumbents.

Because the safety regulations are designed for huge companies. The companies literally provide cars to the government to be crashed for testing purposes, because destroying a few cars is nothing to Ford or GM.

Easy to say without seeing the proposals.

Regulation can be awful or insignificant.

My state requires strippers to fill out a license and pay 50$. Changed nothing.

However, my state also requires you to put down 1M to start a bank. Thats definitely regulatory capture.

Its too soon to know whats going to be required of data. Databases might become significantly worse to program and require teams to maintain at government standards.

> Regulation can be awful or insignificant.

No benefits at all, really?

Remember pre-regulation leaded gasoline and cars without seat belts?

I think both of those examples had regulation where industry had already moved forward.

I dont know the history of leaded gasoline, but I worked in safety, and car companies were definitely moving toward safe vehicles.

From 1985:

"Auto makers, who have been fighting the introduction of air bags for nearly a decade as too costly and only marginally effective, have gone a long way toward their goal of bypassing the federal regulations. "


From 1990:

"But the history of catalytic converters reveals another side of Detroit. The industry refined the technology only after Congress imposed strict limits and deadlines and foreign car makers threatened to develop cleaner engines."


From 1985:

"The American Petroleum Institute, a trade group, said that the refining industry had been making efforts in anticipation of today's rules to ''insure against future supply disruptions.

'But the announced lead-reduction schedule will create a substantial problem for the refining industry in providing motorists with adequate quantities of high-quality gasoline at reasonable costs,'' the institute's statement said."


> Sounds like a libertarian conspiracy theory to me, especially when we still don't know what these hypothetical regulations would look like. For instance if they make it easier to access your data, download and delete it they might somewhat weaken the lock-in effect of Facebook and level the playing field somewhat.

What is the ask here? A ZIP with all your information? A JSON file with your friendship graph? How would that be readable to most people? I doubt that Facebook's data structures are so portable that they could just be placed into another social network? Even assuming you have the data, Facebook's value is in the IP and ML algorithms. Facebook sure as hell isn't giving those up.

Even assuming all that, how does it take us further forward than what we have now?

There's a lot of arguments to the effect of 'something needs to be done' but not much detail on what an alternative looks like.

> What is the ask here? A ZIP with all your information? A JSON file with your friendship graph? How would that be readable to most people? I doubt that Facebook's data structures are so portable that they could just be placed into another social network?

Making scraping of your personal data a statutory right, including the building and distributing of tools for it.

No need to force FB to publish anything, just prevent them from blocking anyone who uses a tool to scrape their own data through the regular UI. This should draw the boundaries of responsibility in the right place.

This would allow e.g. a “messaging” bridge which automatically interfaces with the messages part of the site, and bridges it to any tool (or API) you want. At least per user per account. This would force de facto federation without putting a burden on FB.

But then this brings us back to square 1, "tools" can just scrape user messages/content without authorization and then use that to collect data on those users. If the whole point is to solve the Cambridge Analytica fiasco, this is just going to make the situation 10x worse.

How about "information submitted by a person to a third party is still considered private"?

The disingenuous loophole the government is so fond of whereby you sharing information with a third party suddenly negates ALL expectation of privacy and 4th Amendment protections is a farce. Signing up for Facebook should not be a "first sale" of your personal information or right to privacy.

Of course, no tech company that has ridden the free ride of harvesting personal data would be on board with ANYTHING like that.

They can keep their IP and algorithms if they want, but if I don't consent to the fruits of my existence being fed through them, then that is where it needs to stop.

No company should feel safe with involuntarily increasing a user's digital footprint. Period.

That covers not asking to and being explicitly told not to. A person has an inalienable right to maintain final authority over their digital presence. The only exception that makes sense to me is for the press. Though I haven't thought that implication through completely yet.

I genuinely don't have the answers to your questions. I'm just against shooting off the whole idea that there might be an answer worth considering because of the dogma held by some people that "regulations == bad". Let's wait until we actually see what these people propose (which at this point might very well be nothing at all), then we can scream bloody outrage that our freedom is in danger.

If something needs to be done let's at least give one chance to the people who seem to be trying to do something.

Measures to protect users' data and privacy will not strictly kill a "free" internet -- there are lots of reasonable caveats such as number of active users, total revenue, number of employees that would allow a small business to compete.

I always wonder who is saying things like "reasonable regulations"

Do you run your own company and find the regulations dont require you to hire a multi-thousand dollar legal team at every turn?

Are you an internet user that thinks that what the government says wont be exploited?

I worry that my kids will be unable to start businesses due to regulations, or rather their friends wont be able to start businesses. I am a top 4%er and I'll simply pay for the legal teams needed. I know my competition making 40k/yr cannot.

I'll tell you, I've worked for a business small enough to avoid needing to hire a "multi-thousand dollar legal team" and a few of the things that I know happened while I was there leave me very suspicious of the things I didn't know about.

> Are you an internet user that thinks that what the government says won't be exploited?

Nope, I'm a normal person, not actually a strawman. As long as there's government, it will be exploited; but, you're throwing out the baby with the bathwater by arguing that because people will exploit loopholes, we should eliminate (all) regulations. Instead of supporting a representative that tries to eliminate two regulations for every new one, how about supporting a half-intelligent representative?

You're worried people won't be able to start businesses? Where is Facebook's big competition? Can your kids' friends start a business now to compete with Facebook? No -- so why are you worried that they won't be able to do something in the future that they can't do now?

>Can your kids' friends start a business now to compete with Facebook? No

I disagree with this. I think at the current time they can.

I think you're overestimating how many people who don't read places like Hacker News actually care about this. But I'll admit I could be wrong on that.

In any case, the reason they might be able to at the current time is the blood in the water from the "reasonable regulations" people.

>and Facebook welcomes regulation in order to suffocate would-be competitors with it.

What??? I watched most of it, and while Zuckerberg agreed that legislation in some areas are needed, he was quite clear that most times that he does not think legislation is the answer. He said that they would internally implement things.

Multiple senators kept trying to get direct yes/no if he would support such regulation and he would say "I look forward to my team discussing that with you" when they wanted hard "yes" that he would champion regulation.

So I don't understand your post at all...

What counts as a free internet? Can an internet which is monitored and which the governments in power have ability to enforce penalties of what they consider misuse ever be considered free? How does one decide what material can be outlawed while still maintaining a free internet?

We really do need an Internet Party, the basis of the party is a fair open internet market.

The more you're free to amble around the Web 'liking' things the more data Facebook can accumulate and the more lucrative you become. Why would they want to restrict that?

As for stifling competitors, Facebook actually benefit from a free-for-all Internet because they can watch trends and identify what needs to be done to capture each successive generation of users, slowly folding them into the big Facebook family.

I don't like the company but I don't think they want to lock the Internet down . I reckon they know that will just lead to something really disruptive and destructive that they won't see coming, like some app that spreads by sideloading.

Just the next first step off the current plateau onto a slope of improvement. FB is garbage pork barrel software anyway. Something cooler is coming along right around the corner. The design space is wide open it's just about who can grab more users. FB UX has never really changed much in ten years and old people use it. Need I say more?

The article points out that the extremely short time limit for each senator's questions made following up on anything almost impossible, but their overall poor understanding of the topic was just as significant.

It was obvious that, for a lot of the senators, the questions had been supplied to them and they didn't really understand what they were asking beyond a superficial level. They'd start out with a pretty solid question or two, but then be completely unable to follow up. Quite a few of them ended up wasting almost their whole time getting sidetracked by unimportant misunderstandings.

They should have had subject matter experts asking the questions. Instead there were people had no idea what they were talking about, wasting time on shout-outs to their sons/nephews or whomever (I was only able to follow it for a minute).

The CEO needed to be under oath so that lying would carry consequences, and they needed someone who could cut through the BS of how some of the answers were worded.

We need more programmers, engineers, etc running for office.

The best part was someone asked if Facebook tracks you even if you've logged out of their website. Holy shit, moment of truth for Zuck, I thought. Nope, he deflected by saying he'll get his team to get back to the senator, and then he spewed jargon ("I know websites use cookies [bla bla] for security"). Oh, he knew the answer, but he couldn't say it in front of all the cameras watching. And of-effing-course he knows what cookies are.

And also he emphasized too much how people are in control of what data they share. The better question is, what data does Facebook save that the users can't see: all the analytics, all the location tracking, all the websites they visit. I didn't volunteer that data to you, Zuck, and I can't even control whether you have that data or not! (Well ok, on desktop I have Ghostery that blocks many many tracking pixels...).

If under Firefox I also recommend "Decentraleyes" as well. This one loads CDN resources locally instead, so google's overused jQuery CDN is not hit, but a local copy of jQuery is loaded instead. There's another one called "Don't touch my tabs! (rel=noopener)" which I also recommend. As well as using Firefox Containers and some of their plugins, including the one that isolates Facebook for you.



Don't touch my tabs! :


Decentraleyes also makes a Chrome and Opera extension:


"Don't touch my tabs" does not exist on Chrome, but some random author created an extension that adds rel=noopener to all _blank links:


I actually see the cookies remark as a mis-step -- the politically correct answer was "my team will get back to you" but the engineer in him couldn't resist trying to "correct" the senator who was trying to portray Zuck as technically ignorant.

Stop using Ghostery and switch to uBlock Origin.


IIRC, Ghostery is a company that used to work with advertisers in the past (when it was owned by a company called Evidon). It also collects data from its users.

uBlock Origin is a low footprint (compared to other ad/tracker blockers) extension primarily maintained by one person who refuses to even take donations for it. Scroll down to the "About" section on the GitHub page [1] and see this Wiki page on donations [2], which at this point in time states:

> Why don't you accept donations?

> I don't want the administrative workload coming with donations. I don't want the project to become in need of funding in any way: no dedicated home page + no forum = no cost = no need for funding. I want to be free to move onto something else if ever I get tired working on these projects (no donations = no expectations).

> Have a thought for the maintainers of the various lists. These lists are everything. This can't be emphasized enough.

Also see uBlock Origin's manifesto. [3]

For me, using uBlock Origin along with Privacy Badger [4] from EFF is a good combination.

[1]: https://github.com/gorhill/uBlock

[2]: https://github.com/gorhill/uBlock/wiki/Why-don't-you-accept-...

[3]: https://github.com/gorhill/uBlock/blob/master/MANIFESTO.md

[4]: https://www.eff.org/privacybadger

Pretty sure they got sold or something a bit back. There was also this: https://lifehacker.com/ad-blocking-extension-ghostery-actual...

But it would be more important for those engineers would also need to have a solid understanding of the law, which is a highly detailed and nuanced field. I think this isn't an implementable solution. Maybe you get a more-technically-knowledgable version of Ron Wyden who then sits on several subcommittees, but you're not going to get 10% of the Senate to be software engineers. After all, one could just as easily say that we need more senators who are nurses, petroleum engineers, hydrological engineers, pilots, soldiers, teachers, tax accountants, actuaries...

I think a better solution would be either:

1) When elected officials run for office, they explicitly state who their go-to advisor for internet and technology matters is. That way, they are not so reliant on the technical advice of lobbyists. The flaw in this is that now those advisors' opinions on unrelated matters are subject to scrutiny. I can easily imagine a scandal because it turns out that some senator's advisor said something dumb about abortion 5 years prior to an election. I'd like to say "well, don't judge the advisor on things unrelated to their area of expertise", but where do you draw that boundary? Is someone's opinion on domestic violence or prostitution really irrelevant to how they advise a senator on FOSTA?

2) The UK has been framing the House of Lords as a council of experts for a while now. I don't know how well it actually works as one though.

Doesn't the house of Lords have some members appointed by the church, others by birth, women weren't allowed to be Lords spiritual until 2015, and women still aren't allowed to inherit some seats today?

Hard to take that seriously in any regard, much less as 'experts'.

How would bishops not qualify as experts? To be sure I have no interest in the thing they're experts in, but I could say the same for performance art or make-up and presumably there are experts in those fields too.

You can't inherit any of the seats any more, you can inherit a title that means the other Lords could pick you for their chamber without anybody else sending you, this was supposed to be temporary but no other mechanism has ever been approved to replace it. But nobody automatically gets a seat, either they were sent there or they were chosen by the others.

The majority (> 80%) are life peers, appointed in theory for being distinguished in their field. So yes, many experts among them. For example: https://www.parliament.uk/biographies/lords/lord-winston/177...

The UK has been framing the House of Lords as a council of experts for a while now. I don't know how well it actually works as one though.

It's basically pot luck, unfortunately.

Sometimes the Lords have quite enlightened debates, where several contributors clearly do have expert knowledge in a field and others do respect that and politely defer to those with more relevant experience. Consequently, sometimes they really do send proposed laws back to the Commons with helpful amendments suggested.

However, sometimes they have no idea what they're talking about at all. It's not unusual to see a committee of Lords hearing evidence from high-ranking civil servants on some issue where the entire session looks like one old, rich, out-of-touch person after another declaring an interest due to their own business activities and all of them collectively missing the point for several hours.

It's not a universal truth, but I'm afraid discussions around science and technology subjects tend to fall into the latter category, other than perhaps on medical matters, where there does seem to be enough knowledge and expertise within the Lords to allow constructive and intelligent debate.

I think you're underestimating the many engineers out there who deal with contracts, and the laws regarding their profession.

> one could just as easily say that we need more senators who are nurses, petroleum engineers, hydrological engineers, pilots, soldiers, teachers, tax accountants, actuaries...

I agree! That's what my "etc" was for. I would love to see more everyday people run for office so our elected officials can be a better representation of the everyday people they're supposed to represent.

> The flaw in this is that now those advisors' opinions on unrelated matters are subject to scrutiny

Well, that and there's no reason to think that the candidate won't just reach into the lobbyist pool to pick their advisor.

Still, you're absolutely right that having lawmakers that are themselves technical experts is not super important, or likely. They always rely on staff, and that's fine. No one person can know everything about everything.

Maybe I'm too cynical about politics, but it appears to me that the point of these hearings is not to solve or investigate anything, it's to generate soundbites that voters or potential future voters would like. It's not even that important what the reply is, as long as the politician asks the hard question and demonstrates his concern, and if it makes the news & press, that's victory for them.

Note how many of the senators who voted to expand surveillance programs and the NSA became suddenly very concerned for privacy. They just wanted to try and dunk on him and get in a sound bite.

And the guardian is pissed that the dunks weren't fierce enough I guess. I'm not sure what they expected, I thought it was like every congressional hearing ever.

> Note how many of the senators who voted to expand surveillance programs and the NSA became suddenly very concerned for privacy

Ok but even from their perspective, and I'm trying to not give too much credit here, but there is a difference between giving specific, authorized government agencies a blank check to spy on whoever they want to in order to achieve their mission of national security, and giving a blank check to any company that wants to collect unlimited information and surveillance on its users in order to accomplish whatever goal it desires. They're very different questions even though they both involve personal privacy.

And cover their own ass against contributions he made to their campaigns... "I was hard on him so his money doesn't buy my influence."

What I find particularly annoying in this kind of hearing is the condescending tone of the politicians. They are eager to put the blame on someone else when they are ultimately the ones who vote the laws.

You're not wrong, but on the flipside... do we really want them sitting around all the time thinking up laws they can enact to prevent every possible wrongdoing in society? It's a reasonable expectation that people self-govern with some morality and ethics and not look for every possible way to advance at the expense of someone else.

Company (mis)handling of user information is not exactly a new, one-off problem that came up just this one time. I would argue it's the exact problem they should be trying to curb with legislation, except for the fact they'll undoubtedly get it wrong since they'll look to "industry experts" like Mark Z for guidance.

This is the key point in the television farce. The politicians, more so or just as much as Zuckerberg, are trying to save face.

Yeah, that's pretty much the entire purpose of Senate and Congressional hearings and always has been. When those groups want to get something done they do it behind closed doors.

Absolutely! It's complete grandstanding. I really wish someone would go Howard Hughes on them.

This is so true. I was watching a Congressional hearing with the head of the SEC and FCTC about Cryptocurrencies about 2 months ago and I clearly remember Elizabeth Warren asking a completely unrelated, derailing question. I remember thinking "What the hell is she doing?" and then "I bet that you're going to find some Youtube clip: 'Elizabeth Warren totally GRILLS head of SEC!'"

A photographer present at the hearings was able to get a picture of the notes Zuckerberg brought: https://twitter.com/becket/status/983846618263891968.

These are the same elected officials that approved ISPs selling usage data? The same officials that were silent when Snowden released what he had? Etc.

Do I trust MZ and FB? Yes, as much as I trust Uncle Sam. Hint: Not much. The sham is on us. Again.

+1. Zuckerberg should have pointed out exactly who voted for the renewal of the FISA surveillance program in Jan. "Look, if an American citizen is angry enough and chooses to never share any more data with Facebook, s/he has that right and the ability. With the NSA/CIA/FBI/TSA/Homeland Security/traffic cameras/license plate readers/stingrays, there is no opt-out. Period."

In theory yes. It would be entertaining.

The reality is, he'd be screwed.

Nor can we discount FB isn't a favored front of sorts for various "data collection agencies."

p.s. I find it (sadly) funny how so many are upset with ZM and FB, but are completely unaware about Snowden, Obama's expansion of the Patriot Act, etc.

FB is the obvious scapegoat. It currently has to play the role, even if it hates doing so. But for how long?

This is a good explanation of why this hearing was so poorly designed such that nothing could be discovered. I highly doubt it was accidental.

What type of discovery would you like to make? It seems to me that whatever fb has they control and do with as they please and have the money for lobbyists and lawyers to corporate-splain their actions away and pay the occasional fine (cost of doing business). I'm having a hard time understanding why any of what is known is at all a surprise to someone who understands tech.

>I'm having a hard time understanding why any of what is known is at all a surprise to someone who understands tech.

The vast majority of FB users don't understand tech, and that's the root problem.

These hearings aren't for technical minded people. If they were, there would be technical minded people asking the questions.

But still, what type of "discovery" is being hoped for?

Showing how billions of people's psychological profiles can be algorithmically weaponized against them would be highly informative I would think. That way the average user would understand the types of things they are "consenting" to when they write a blank check for their personal information.

If a qualified person was asking the questions, the public would then know the reality of the situation, as well as get a decent look into how honest Mr. Zuckerberg is.

I suspect what we watched was fairly well scripted theater, right down to the humiliating booster seat as well as the talking points cheat sheet that he "accidentally" let a reporter get a picture of. This wasn't about discovery, truth, or justice, it is about shaping public opinion.

But hey, maybe I'm wrong, maybe what comes out of this will be some reasonable regulations that the technical community will more or less agree do in fact provide substantial improvements to privacy of individuals. I'd happily take the other side of that bet though.

I am of the opinion that if we let FB continue in its reckless treatment of its users data, people will eventually flock to a better platform when one emerges. UseNet/IRC were much better social platforms for privacy, but the ease of use/convenience much worse.

I am glad of this whole debacle simply because people won't act like I'm a freak anymore just because I won't use FB.

"This wasn't about discovery, truth, or justice, it is about shaping public opinion."

Agreed. And the irony completely stomps on the absurdity meter.

> But for how long?

usually hype cycles last a few months, until the next outrage takes over to keep people busy.

I should have been more clear: How long before FB pushes back? And what might that look like? Is Congress capable of regulating something like FB? They can't solve immigration / DACA.

Why would FB push back in the first place? Assuming their bottom line is not being hurt, they 'll be glad to be best buddies with the congress.

Ego. And power. Those drive a lot of history.

I would be shocked if the government was not a major customer of FB.

Per (the book) Dragnet Nation, there is plenty of data being sold. And yes, not all buyers are the private sector.

If you think of what we do know, the unknowns are likely 10x as freightening.

Mark is more like an Emperor come to visit affiliated crowns than a servant being questioned by his masters.

Maybe the Senate’s deference in part is motivated by their belief he may run and win in a few years and they hope to win favor from a man they may end up working for.

Secondly perhaps it is motivated by them not wanting to appear too knowledgeable nor too much of a threat to Mark, to put him at ease, lest they otherwise provoke his wrath.

Third I think their attitude is certainly motivated by the awareness, from those in governments, just how powerful internet giants, particularly FB, are. I believe in no small ways have these companies upended the conventional relationships of individuals, and corporate individuals, to the state. They command vast resources, such as people and intelligence ( and automated processes pertaining to them, i.e, algorithms or bureaucracy, pick your favorite term ), traditionally the purview only of state entities.

I’m quite sure that many in government consider these companies are direct threats to the future of their model of governance. But they also feel they must handle them very delicately. Because they do not want to risk a premature confrontation they are unprepared for.

But if any person alive today was going to mount some sort of the future coup against conventional government, spearheaded by the new tech elite, then Mark is a perfect candidate. He is a student of history and demonstratedly strategically effective.

In this light, perhaps the biggest takeaway of a public questioning such as this is how much of a theatrical side show and possibly a distraction it is from the new reality these powerful groups find themselves contesting.

> Maybe the Senate’s deference in part is motivated by their belief he may run and win in a few years and they hope to win favor from a man they may end up working for.

The US Senate doesn't work for the President. They're part of independent branches of government.

And it's beyond naive to think Zuckerberg could ever win for President.

Just because Trump could do it, doesn't mean Zuck could.

You have to be likeable. You have to be good on camera. He was the villain in his own movie for gods sake.

Conservatives hate him because he is a liberal nerd. Liberals hate him because he is a corporate tool.

We will accept stupid. We will accept dishonest. We will accept mean.

But we won't accept entitlement or arrogance. There is nothing less popular than a genius or wealthy person who knows they matter more than normal people and acts like it.

Trying to act like a "normal person" is the most important part of being a politician. He will never do that to an acceptable level.

He may have an advantage no one else does, with demographic info from Facebook. He may be the person who could basically appoint any person he wants to the office of the Presidency. But that doesn't mean he could appoint himself.

If a person logs out of Facebook, and Facebook continues to track them anyway, then that’s clearly violating consent, and there was a meeting where someone said “we need a way to track people who explicitly do not want to be tracked” and everyone in the room nodded.

Facebook tracks everyone, every time. Tracks users and non users. Tracks even people trying to avoid that company.

For example, the infamous pixel code.

  <!-- Facebook Pixel Code -->
			fbq('init', '477623695968553' );			fbq('track', 'PageView');

			<noscript><img height="1" width="1" style="display:none"
			<!-- DO NOT MODIFY -->
			<!-- End Facebook Pixel Code -->

I have NoScript set to blacklist any JS from any Facebook domain. Breaking half the internet by default is worth it to neuter this invasive tracking.

NoScript doesn't stop the tracking. See the noscript tags in the html example of the post you replied to.

This is one of the reasons I really like uMatrix. In addition to giving really fine-grained controls over what you load (by type of asset, by domain given current domain), it gives you really great visibility into what a webpage is doing, and where it's sending data. I have mine set up to act like NoScript by default -- to block first-party JS.

You end up noticing some surprising things. For example, yesterday I read an article (http://www.lowtechmagazine.com/2015/10/how-to-build-a-low-te...) from Low-Tech Magazine, about how to build a "low-tech internet" (an article I really liked, BTW). Happily, the page loaded just fine without any JavaScript, but I still noticed in my uMatrix panel that the page was trying to load various assets from 20-some domains, about half of which uMatrix recognizes as tracking domains. A little disconcerting for a site called Low-Tech Magazine.

Appropriately, the very site this article is sourced from, The Guardian, readily derided Facebook for its invasive tracking aspects. Another link on HN then pointed out that The Guardian themselves spread data out to 56 tracking services.

Que sera.

Oh, that is dastardly, I didn't see that. I also have every FB domain set to null in my hosts file, but I think it's time to extend that to my internal DNS too!

I'm currently blocking these domains using uBlock:


In diaspora* you own your data. You don’t sign over rights to a corporation or other interest who could use it. https://diasporafoundation.org

Written in ruby, difficult to install. Have a look at the install requirements.

Like all ruby apps you need a full build environment and tons of dependencies, and if by chance a specific gem fails to compile you are toast in dependency hell.

Given the goal of the project an easier to install and use stack would have helped them.

These aren't user issues, though!

All users have to do is go to https://podupti.me/ and pick a pod.

That's what I did a few weeks ago and I have begun drawing my friends over to it. Every few days I go on facebook and talk about what I've figured out about diaspora.

I've also begun posting my hobby content on diaspora first, then facebook a few days later. When I post on diaspora, I post the invitation to see it on diaspora.

Listening to Zuck's weaseling yesterday I felt vindicated.

The server requirements seems quite easy to install (a server, a database, the ruby/gem stuff, and git).

Not sure how well the package manager works with the long list of gems - https://github.com/diaspora/diaspora/blob/develop/Gemfile

I installed it a couple of weeks ago to see if it might be a fit for a volunteer org I am part of.

It is not difficult to install. What is wrong with Ruby? I like Ruby.

I was underwhelmed with what Diaspora actually is though.

Which sites is that on? When webmasters use Facebook comments or authentication that gets inserted?

All websites where the webmaster wants to leverage Facebook's ads and retargeting. So probably half the websites out there.

Facebook even tracks people who aren't Facebook members. It can build profiles on people who aren't members to learn more about people it can identify and suggest ads/products they might be interested in too.

I believe writers from the Guardian would sooner hand over control of the United States to the EU rather than try to understand why the US does things differently; but I think this question bears repeating: ethically, what has Facebook done wrong?

Understanding the full context of this hearing is vital to your opinion on the matter. I'm nobody with an outsider's perspective, but to me Facebook has made very few errors in bad faith. This whole uproar has been about Facebook's well known (or, what I once thought was well know, I guess) practices as a data and advertising platform. We know Facebook cooperates with governments around the world to produce data on its citizens. We know what can happen with our data if we _let_ it fall into the wrong hands.

I started using Facebook when I was 13 in 2007. (As a side note, I think Facebook should not be sharing data about minors to any parties.) I filled out a fair few questionnaires and I may have even participated in "Your digital life" somewhere along the line. At that time I started using Facebook it was providing an interface for establishing informed consent (basically their OAuth flow), to the extent at which it was reasonable for them (which to this day extends beyond the requirements of the law in the US as far as I know.) I consented to sharing my data with the 3rd party, which was essentially a license for that party to own that data. I knew that, and I did it anyway because I couldn't predict the ramifications of its collection and aggregation by a hostile party.

I think the people who are most upset about this whole controversy are the ones who blame it for Russia's Active Measures.

In my opinion, the solution isn't a GDPR-esque approach. I think we have to teach people why data is valuable and how it can be used against them. This is important for both creating an intellectual barrier to the efficacy of propaganda and so that people can make real, informed decisions about their privacy so that when they're asked if they want to share their friends' birthdates and phone numbers, they know what their answer should be.

  I consented to sharing my data with the 3rd party, which
  was essentially a license for that party to own that data.
Imagine you're not a facebook user. When Facebook sucks up your name and phone number and e-mail address out of your buddy's phonebook, along with all the messages and calls between you, have you consented?

What about when you get a 'shadow profile' based on tracking buttons and pixels on other websites. Have you consented?

How about if you've brought from example-retailer.com in the past and they upload your full contact and mailing details to Facebook to make an ad campaign that targets (or skips) existing customers?

When you don't participate in anything like quizzes on FB Platform, but your grandma does so FB hands your details over to the quiz company anyway as part of Grandma's list of friends, have you consented?

What about when you deliberately haven't given certain data to Facebook, and they buy it from a advertising data broker instead?

IMHO people who think consent is the only issue here don't fully understand the problems.

I agree with your argument but you should stop using grandma as an example of a non technical user. I am a grandma.

Is the problem that facebook is just too good at what they do? Lots of companies build profile databases of people for various reasons. Lots of the "people finder" websites scrape or buy data directly from municipalities. I'm no fan of facebook, but why on earth do we allow the DMV to sell their data? I'm more upset about that than granny. It seems as though our culture and laws don't have much of a foundation for respecting any right to data privacy of individuals.

>When Facebook sucks up your name and phone number and e-mail address


Christ, there are probably hundreds of data firms that have this basic info on most everyone in their target group.

There are levels of privacy, and freaking out because your friend shares his contact list is about the lowest one I can think of.

You have consented to your friend having your data in his phonebook...it has nothing to do with Facebook. Its like saying that if your money is in a bank, and that bank gets robbed then the theives are responsible for you getting your money back, not the bank. You as a third party have no recourse on Facebook, but you should against your friend who shared the phonebook with consent

As for the grandma analogy, you indeed did consent to your data being shared, as thats what you agree to as being part of Facebook

The problem is that the world you're arguing for is one where I get all my friends to sign a contract before I give them my personal details. Nobody wants that, not even in exchange for whatever Facebook provides. It's a perverse expectation rooted in some kind of idea that all human exchange must be regulated by some contract.

And thieves are indeed liable for returning money.

It doesn't have to be a contract, it can just be trust, of the same type that people use to tell friends their personal feelings or whatever. If you know someone's who's a gossip, they might be fun to talk to but you wouldn't tell them you cheated on your wife because you don't trust them in that way.

So in other words no different from my expectations today.

But what's the real answer?

Imagine my friend writes down my phone number in his iPhone's contacts list, and then installs an app – let's say some random game. The game asks for permission to access contact info, which my friend grants because he's careless. The game steals contact info and does various nefarious things with it.

In this analogy, Facebook is Apple, and Cambridge Analytica's app is the phone game. I don't think there's a good solution to this problem, except to make it harder for third-party apps to access contact information, which both Facebook and Apple have been doing.

Or make it illegal to harvest this type of information without express consent from the first party. Meaning that in order for the game to gather the contact info it must ask everyone in your contacts list if it's okay.

It doesn't stop your friends from oversharing but it creates a contract between you and the party requesting your information so there's now some legal recourse for how they use your data. And if the law creates liability for app distributors to ensure apps follow the law then Google and Apple are now on the hook for allowing violations.

So then would it be impossible for me to write down your phone number in my phone, without my phone's contact list app asking you for permission first? That seems kind of excessive.

In my first post above I am arguing against this. So no.

What I am arguing for is that it should be against the law for third party apps to copy your contact details from someone else's phone without your permission.

How do you make someone liable for returning privacy?

  As for the grandma analogy, you indeed did consent
  to your data being shared
I didn't do the quiz, though - so I didn't get the "Allow Access?" prompt [1] where I consented to share my data with the quiz company.

Is Facebook saying that consent form is irrelevant, and they're entitled to share your data with new companies without showing you that form to get your consent? If so, that seems like the kind of deliberately deceptive approach to that gets people asking for GDPR.

[1] https://jibjabbloggedyblog.files.wordpress.com/2010/06/34454...

> I believe writers from the Guardian would sooner hand over control of the United States to the EU rather than try to understand why the US does things differently

"Zephyr Teachout is an American academic, political activist, and former political candidate."

> In my opinion, the solution isn't a GDPR-esque approach. I think we have to teach people why data is valuable and how it can be used against them.

No solution that involves teaching or educating users will work. It's simply not possible without some drastic measures such as a real change in school curriculum and waiting for the older generations to pass. It doesn't work with IT security, it will not work with privacy either.

The value of people's data is precisely _why_ GDPR is important. I should be able to take it away from you after I granted you temporary access to it.

since I don't have full understanding of GDPR what is to prevent companies requiring access being granted for any use of their website?

if you have exchanged funds with a site how long are they allowed to keep the data. there are tax implications regardless

In short, under GDPR a company isn't obligated to offer you services if you refuse to allow them access to information they require.

GDPR defers to data retention laws for all other purposes.

Your data on FB is worth precisely one thing to them: the ability to target you with ads on FB. When you don't use FB, it's useless to them.

Except if that data is shared with third-parties for profit. Then the data may be useful to them even if you are not logged on. Since they also track you from any other page that uses their API / share buttons, this "worth" does not necessarily decrease regardless of usage. You also cannot easily (or at all) revoke these third-parties' access to your data.

Add to that the risk of them not providing good enough security regarding access to the data (such as with the Cambridge Analytica case), and giving them access to so much of your data becomes an additional problem to consider, since you have no control over that data sharing whatsoever.

Facebook ad targeting does not require you to use Facebook.

Facebook Audience Network is a display ad network like Adwords.

It's deployed widely across the web and mobile apps.

Most of the people who use facebook are not technically proficient so they will not have your understanding of what they are giving up when they use FB. This was brought home to me when my sister called in a panic when the FB news broke.

Even for the technically proficient there were issues. For instance, FB changes the privacy policies without notifying anyone. When FB rolled out the friends of friends feature my son was in college. He continually rejected my friend requests saying "we have something better than friendship." Then one day I could see his entire feed. I debated if I should let him know - and finally I called him. He immediately disabled the friends of friends feature. In my opinion this was a data breach.

Two things were the final straw for me. The first was that friends behavior was releasing my data when my friends acted irresponsibly. The second was that FB was tracking data offline of FB.

You cannot teach people to not speed on road or drive under influence. Or at least not everybody. I have a really hard time to believe that people will be able to internalize the risk or bad consequence of social media in the next decade of their life. Yes, in an enlightened world that would be the best solution but can we afford to run the test ?

When you signed up for Facebook, was there a screen that said, "Facebook will take all the information you provide, regardless of format or intent, and monetize it as much as possible, as well as share it with government agencies"? You knew this going in. Many people know this and don't have Facebook account. A lot of people did not know this and are just finding out -- that's where the "outrage" comes out. (A fourth group are those who didn't know and don't care.)

What might be worse is that had Facebook actually put that screen up, most people would not have bothered to read it. Very few people ever read "Terms & Conditions" and that's a problem. (Just like not reading "Permissions" when installing an app.)

>Very few people ever read "Terms & Conditions" and that's a problem.

Many people seem to be blaming this on the individuals for not reading it, but I would argue that the problem here is a legal system that allows this kind of dark pattern to be considered consent.

>Very few people ever read "Terms & Conditions" and that's a problem.

People don't read them because they can't read them.

>read: look at and comprehend the meaning of (written or printed matter) by mentally interpreting the characters or symbols of which it is composed.

Terms & Conditions are deliberately obfuscated by lawyers and encrypted in legalese. Decrypting these documents into plain english for the average users would go a long ways to breaking the Pavlovian conditioning of checking a Terms and Conditions checkbox for "free" apps.


Facebook is a bad actor. It's good if we can do something about it.

But Facebook is not the root of the problem. There will always be bad actors.

The root of the problem is that people don't care.

I told me friends and relative, again and again, about those issues. I answered any question. I did research, on MY time, to answer their concerns, for them who would not dare spending a second on it. I listened patiently to the witty comments on the fact I didn't have a FB account, for years.

They just didn't care enough to make any effort, any change.

And they still don't, no matter what the scandal feels right now. They will forget tomorrow.

And even if they didn't, they will blame the bad actor, not their choice. And it will start all over again with another bad actor. That's what happen with crazy ex, lying politicians and bad movies.

Now I (somewhat) get that choosing what you buy has a high impact on you life, and so I gave up on expecting people to vote with their wallet. It's sad, because that would have a huge effect, but it's the reality.

But "not using Facebook" is different than choosing to move out of a city or not having a car or other life altering decisions. It's just a communication tool. We have so many.

So I have currently zero empathy for the "victims" of this leak. Quite the contrary, I feel a little angry. Because I have to leave in a world that could be much more beautiful if only people, sometimes, just sometimes, though about the consequences of their life instead of just going with the motion. And this affects much more than privacy. And it's unfair.

>So I have currently zero empathy for the "victims" of this leak. Quite the contrary, I feel a little angry. Because I have to leave in a world that could be much more beautiful if only people, sometimes, just sometimes, though about the consequences of their life instead of just going with the motion. And this affects much more than privacy. And it's unfair.

And the very fact that you insist on blaming the individuals for a collective problem is why problems like this are so hard to solve.

If so many people don't care about this issue, despite its importance, maybe you should stop blaming them and expecting them to magically start caring, and start thinking about how our society leads them to believe it's not an issue?

Chalking everything up to “society” is a great way to never get anything solved.

Change starts with oneself. Connecting on an individual level, making changes on an individual level, understanding and valuing even minute consequences on the individual level - that’s what going to bring about permanent change. Not more groupthink.

We have brains and decision-making abilities for a reason. Yes, I understand society has a very influential role in how we go about our lives. But that is not some catch-all excuse for not taking any responsibility for our individual behaviors. There are two sides to the coin that both need to be addressed.

So how do you suggest we solve the problem without collective actions? What "changes on an individual level" do you think need to occur, and how do you expect them to come about?

Because to me, it seems like the individualist's prescription is just to judge people for making bad choices and hope they make better ones in future.

The individual is the functional unit of society.

When you choose to address society, what you’re really doing, if it’s going to work, is addressing the individuals of that society.

Address a bunch of individuals. Or address one individual and have him address 2 people he knows. Etc. More than one way to skin a cat...

TLDR; to skin a society of cats, one way or another, each individual cat needs to get skinned.

Saying "society is just individuals" is reductive to the point of uselessness though. People exist within a system of social and economic realities, and the choices they make, indeed the choices they can make, are shaped by that system.

And therefore, many choices which would improve society only make sense as collective choices. An individual deciding whether to delete their facebook account is deciding between privacy violation or social isolation. In that context, the privacy violation might actually be the better choice for the individual.

When people criticise that choice, they're noticing that collectively it would be better if everyone made a different choice. But it's pointless to blame individuals for not making a collective choice. If we actually want people to make that choice, we need to act collectively, and transition away from facebook in a coordinated way.


Re-read what I wrote, and then name something I wrote that goes against what you have said about collective action and coordination.

For starters, I did not say “society is just individuals.” I said that the individual is the functional unit of society. When you want society to act on something, what you’re really saying is that you want individuals of a group to act on that, collectively.

When you command an army you’re effectively commanding each individual soldier.. as the soldier is the functional unit of the army. When you want the army to move from one side of the valley to the other, what that translates to is for each individual soldier to move from one side of the valley to the other.

If someone is petitioning for social change and fails to lead individuals - the functional units - to change, then there’s not much happening at all besides someone blowing hot air at “society”

I hear you - but hopefully the individualists prescription is really one they are taking themselves and not forcing onto others, but leading by example.

Collective action is just a bunch of individual actions. Yes there is power in syncing up, regardless, it still stems from an individuals decision to take action, with or without others.

I don't know that their belief is a cultural problem, or at least one that's changeable.

The book "The Design of Everyday Things" has this idea that users of things fall into one of two broad groups:

a) users that want fine control and expertise, and are willing to sacrifice simplicity to get it b) users that want simplicity, and are willing to sacrifice control to get it

I think that most issues of privacy and security boil down to the simple fact that most people are in group b (really, I think that's true of any issue you care to choose). They don't care, and they won't.

The cultural change that could make a difference is when the more secure, more privacy-positive options are also the easier and simpler choices.

I feel like I understand this situation fairly well and I still use Facebook, is that a mistake or very bad idea?

I don't know you, I can't tell. I would advice to stop, but facebook is just the tip of the iceberg. It's about doing (as much as it's humanly possible, we are small weak creatures after all) what we can to create a society in which we want to live in.

And for that, before voting, before anything political or big, there is the day to day life. What you you consume. What you communicate. How you behave.

I don't pretend it's easy. I fail at it most of the time, most of the days. I've failed since I was born.

But it's what matters. Not facebook in particular.

What part of "Private Message" do you not understand. These data rapers were stealing peoples "Private Messages"

The term "Private Message" is not complicated. They stole peoples data straight up. Data thieves. What they do is hide behind these screens you defend. Written by scumbag lawyers to not be understood or clear.

I have an understanding of "Private Message." Probably the same as you. Does Facebook have the same understanding? No.

If Facebook said, "Facebook will take all the information you provide, regardless of format or intent, and monetize it as much as possible, as well as share it with government agencies," I would read that as there is no such thing as a "private message" on Facebook, since it says, "all the information your provide."

This is the comment of something who hasn't read the terms and conditions.

Yes, the hearing was a sham, but not quite in the way the OP thinks. To quote Hannibal Lecter, in turn quoting Marcus Aurelius:

> Of each particular thing ask: what is it in itself? What is its nature? What does he do, this man you seek?

What do senators do? Primarily, they get themselves elected. They see that Facebook might have a role in that. They're trying to figure out if it can help them, or help their opponents, or if they can turn it from one to the other. Secondarily, while there's so much negative sentiment about Facebook (I'll write about journalists' role and agenda in fanning those flames another time), they want to be seen as asking hard questions. They don't want to be asking hard questions until they know where the advantage to themselves might be, but they want to seem that way. Anything else is just window dressing.

Of course it was a sham. No one's interests are aligned to getting this solved.

Facebook want to get away with as minimal regulation as possible, and any regulation that does happen it wants to harm its incumbents.

Politicians want to get re-elected, and want regulation in so far as it harms the chances of anyone 'doing a Trump' and using social media to unseat their own Congressional seat. They're not that exercised about privacy otherwise they wouldn't have spent the last year arguing for a right to hack people's phones.

Users want to make the right noises / virtue signals to their friends about privacy but ultimately don't want to pay for Facebook.

'Researchers' want to make a name for themselves off the back of this issue and appear on TV but Oh My God don't ask me any questions about how this actually works or what an alternative looks like.

The media and publishers want the exposure and ad revenue that comes from running this story, but want to avoid anyone asking any difficult questions about them signing over their involvement in FB schemes such as Instant Articles or how they track their own users.

The process worked exactly as designed - it allowed everyone to have their pound of flesh while ensuring nothing actually gets done.

Best summary that I've seen thus far.

It does sound like it was a sham. However, what is really going to make a difference now that Facebook has critical mass is people voting with their feet. This doesn't just mean attempting to remove yourself from their system but also communicating broadly how the system actually works. Most of my non-tech friends still just see it as a way to keep up to date on what is happening in the world.

Babylonbee seem to be doing a good job of spreading FBs transgressions via satire: http://babylonbee.com/news/mark-zuckerberg-promises-to-do-be...

Q. Can the users completely delete their data ?

Zuckerberg: Yes, there are two options. First to deactivate because students and want to suspend and come back because they want to study for exam. Second option is users can totally delete all their data.

Where is the second option anyone from Facebook ? There is only an option to delete the account after you DIE, not an option to delete it when you are alive.

So many lies.

Thanks. But I could not find the link anywhere, can anyone even get here from Facebook page: https://imgur.com/1ijzgqV

From what I remember, you need to click "Learn more" in the "Deactivate your account" text which will take you to a help page that allows the deletion of the account as well. But yes, it is very much hidden and not meant to be found.

It was fun to watch Congress pretend like there's something to legislate here, and to watch Zuckerberg pretend like whatever legislation Facebook helps write might be a burden.

The openness to the idea of AI modulating discourse so that we don't ever have to feel uncomfortable was my favorite part.

It was painful to watch. From Zuck's smug, condescension, to the Senators grappling with how to ask the softest question while still looking tough.

I find it ridiculous that a company that runs a web-community should be held accountable for what it's users do, while weapons manufacturers are not. Why not just hold the people that breached their terms and conditions responsible like we do with guns?

Why was there no discussion about the price discrimination which occurred in the last election, and to be fair, probably also happened in previous elections? No other media company is allowed to do this. Does the Honest Ads bill even address this?

Facebook Bans for Anti-Putin Poetry on Your Wall

After the ban they also enabled forced pre-moderation on all my wall posts (everything I post to my wall gets marked with "We removed this post because it looks like spam and doesn't follow our"), so now I cant post anything at all. Do we need more proofs that Zuckerberg is a Putin's friend? Hello, Facebook! I'm a citizen of Russia who is just being critical of Russia and Putin. How much Russia pays Zuckerberg to censor dissent opinion and promote Russian puppets, like Donald Trump?

Ted Cruz scored a lot of points from conservatives on Twitter but he was a client of Cambridge Analytica!

It seems as though everybody in the room has a very different agenda and even more different level of education on the subject. Some seem to be using it to grill Zuckerberg, some to setup discussion and some to air dirty laundry. It's a bit of a circus in there.

Current hearing live on Youtube: https://news.ycombinator.com/item?id=16812334

The author used the term "monopoly" six times in the article. Facebook is a lot of ugly things, but "monopoly" is not one of them.

Play along @

Zuckerberg Senate Bingo: http://mfbc.us/m/nk7mja

The idea that a senate hearing could be anything but a sham is rather innovative. Are the authors naive, stupid, or evil?

Damn social logins. The biggest one is Spotify. They require you to make a whole new account instead of just unlinking your FB one, and then all of your playlists etc are gone.

I’m going to set aside a day to migrate all of my services, but it’s going to be a pain. Worth it.

I made the smart choice a long time ago to never use one of those social logins. It actually kept me off of Stackoverflow for a long time. I'm not even particularly socially minded or privacy conscious -- I just don't think one coordinated login is a good idea.

Smart choice, wish I didn’t make that mistake.

I did this a couple months ago. You can share playlists from your original account with your new account and copy them over. You can even make a playlist of your saved songs and and save them all at once to your new library (select all > Save to your Library)

Awesome, thanks for the tips.

You can ask the Spotify customer service to migrate your data from the old account to the new one. I did and they transferred all my content.

I actually did contact them and ask and they were the ones that told me to just open a new account as they couldn’t disconnect it (which I obviously knew to be BS).

Maybe I’ll try again asking even nicer...thanks for sharing.

"the senators elevated him to a kind of co-equal philosopher king whose view on Facebook regulation carried special weight. It shouldn’t."

Why not though? I assume he holds more sway than any senator of any country.

True, although the senators are there to protect the people and they can't protect the people from someone if they take advice from that person.

You're not going to get the "real deal" with the next hearing. If anything, they're going to take it easy on Facebook.


Not to mention, Zuck had a private meeting with lawmakers on Monday. I wonder what they talked about then. I assume at a minimum they reminded him that he can't talk about any government spying that facebook assists with.

Just watching this now on youtube, and surprised to hear Zuckerberg say he isn't aware of the term "shadow profile", even though he confirmed in the previous sentence that they collect data on people without Facebook accounts. Very odd denial of a term he is surely familiar with.

If you have any doubts that this wasn't a sham just look at how well FB stock did yesterday.

If greater regulation in the social network space comes along, it's probably a win for Facebook. They have the resources to implement compliance. One more barrier to entry for any aspiring competitors, as if any more were needed.

What's all those lobbyist doing? I thought that they were supposed to advise them in a way that would be beneficial to the citizens?

I haven't seen many Congressional hearings but what I have seen is always a sham. Are these things ever more than just for show?

Listening in I could not help but see parallels from Monty Python's Bridge of Death sketch.


Especially with the follow up question..

i guess it's about time, all state level elected bodies, should dedicate 5-10% seats ... at least ... on an extremely specialised profession basis, such as software, medical etc ... look most of these guys are lawyers by profession that's massively over represented in all houses everywhere .... why just we can't ....

This is a flawed view based on the premise that elected officials would somehow be incapable of grasping the concept of "having special advisers". You might be interested to know that Hong Kong has a system similar to what you're describing. It's not working out to well (hint: one's expertise is useful only in narrow cases, while corporatist self-interest applies all the time).

FB is now too big to fail.


I would not call this an "article from The Guardian"

Come on, The Guardian is not some Medium blog hoster. You can't say this being in their opinion section means it doesn't count. If you discounted everything tagged as opinion, their front page would have a whole lot of empty spaces.

> "Come on, The Guardian is not some Medium blog hoster."

Why make the distinction? I don't trust the opinions of journalists over the opinions of the general public, both can be informative and both can be misleading.

Cambridge Analytica was probably a "Pearl Harbor" moment for the US government, they probably wanted to put regulations on Facebook for a long time.

Yet it is not new and how is it different than when Obama did it?


I have had enough of the latest anti-Facebook vitriole. A lot of people want to see someone, preferably Zuck, drawn and quartered, but I don't. He has accepted responsibility for mistakes and has agreed to do more to protect its users. I believe him. I also believe he has earned a chance to redeem himself, considering the value that Facebook has created for society at little to no cost to its users.

Most of the Hacker News community has benefitted by Facebook, as users or through myriad successful open source projects. To take with both hands and to bite is unethical. It is wrong.

Facebook and Zuck aren't the only people who need to change.

> considering the value that Facebook has created for society at little to no cost to its users.

Is Facebook a net positive for society? Every positive use of the platform I've seen has been offset by a negative one. Maybe I just have bad friends.

Also the "little to no cost" is debatable, when the users have been packaged and delivered as fresh marketing meat to firms like Cambridge Analytica in exchange for a $500B market cap.

I've never used Facebook but isn't its success mostly being "at the right place at the right time"? There were social networks before it and I'm not really sure what's so unique and revolutionary about Facebook. I think the main differentiating factor over something like MySpace was the use of real names and the more "adult" interface which lined up with the complete "mainstreamification" of the internet in the 2nd half of the 2000's.

As a thought experiment do you think that in an alternative universe where Zuckerberg doesn't exist there's no social networks? People started using Orkut, MySpace and friends then around 2008 decided "nah, this is silly" then went back to ICQ and sending emails?

Facebook's success factors were 1) seeded with Ivy League students 2) access to capital 3) no contrition.

> considering the value that Facebook has created for society at little to no cost to its users.

Would you mind listing the positives (and negatives as well) that you believe facebook created for society? I'm strongly against Facebook, but I'd be happy to be convinced of its generally positive effects. Though please don't mention their Open Source contributions, that's not Facebook, the social media network.

How do I downvote?

You need to have more karma points on your profile. The downvote privilege has been at around 500 karma points (for a long time). That point is only the threshold, and the privilege is granted after going above that threshold. But it supposedly increases over time. The Unofficial Hacker News FAQ [1] has a lot more information.

[1]: https://www.jacquesmattheij.com/the-unofficial-hn-faq

After users reach 501 Karma, they gain the ability to downvote another comment

You can read more about undocumented features of Hacker News here [1].

[1] https://github.com/minimaxir/hacker-news-undocumented

You need to reach a certain karma threshold, I don't remember the exact value.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact