Hacker News new | comments | ask | show | jobs | submit login
The Facebook Current (stratechery.com)
103 points by mercutio2 9 months ago | hide | past | web | favorite | 65 comments

I think a good outcome would be if Facebook were forced to sell WhatsApp and Instagram.

It would punish Facebook and send a strong signal to other social networks. But Zuckerberg continues to have his baby and can compete on fair terms with rising social networks.

The US Government retains its mass surveillance tool, probably their main concern.

Voters get to keep using Facebook and feel like something has been done. Their representatives look like they’ve responded and everything goes back to normal.

Users can vote with their feet if they still feel so inclined, and use Instagram and WhatsApp instead.

New startups could compete in the space knowing that they weren’t facing one behemoth.

The fact that the FTC allowed Facebook to acquire them at all is a great signal that our current antitrust regulation does not understand the power of networks in the context of monopolies.

Doesn't even need to be considered as a punishment, merely sensible anti-monopoly regulation. You shouldn't be able to buy your closest competitors so that you form a monopoly.

Punish them for what, exactly? Showing ads?

I don't think punish is the right word. Even if Facebook had been more clear about its privacy policies from the get-go, I think you could make a solid argument that having Instagram or WhatsApp as separate companies would be better for the creative destruction we want out of capitalist competition.

> Instagram or WhatsApp as separate companies would be better for the creative destruction we want out of capitalist competition.

The rise of Instagram and WhatsApp IS creative destruction! Creative destruction occurs with or without breaking up Facebook...

I'll be honest I have no idea what you're trying to say.

Is it creative destruction to have a single company control so much of the time people spend on the internet? That sort of entrenched market power is going to lead to less innovation in general, because they don't need to worry nearly as much about people flocking to new apps or advertisers who would then have cheaper ways to reach consumers.

I don’t think creative destruction means what you think it means...

They don’t control anybody’s time. I don’t use Facebook. Nobody is forced to use Facebook.

That is both legally and morally up for debate. As the article describes, popular opinion is swaying against the kind of cavalier use of personal data for their benefit alone.

Legally, perhaps less so, but it is at least possible at this point that they violated FTC agreements they had in place.

So I used Facebook for years. Even if my personal information was inadvertently accessed by advertisers, nobody was damaged by it.

I just don't understand the outrage.

Sell to whom and how is the real question though?

Should Instagram/WhatsApp together be their own public company? I don't think that's the worst scenario, though it might accelerate the death of Snapchat if you have a completely focussed investment in Instagram.

>Sell to whom and how is the real question though?

To the public? They could spin off WhatsApp and Instagram (shall we call them Baby Faces?) as public companies and sell them to whoever buys the shares.

One of the most interesting proposals to me was the concept of an information fiduciary:

SCHATZ: In the time I have left, I want to — I want to propose something to you and take it for the record. I read an interesting article this week by Professor Jack Balkin at Yale that proposes a concept of an information fiduciary.

People think of fiduciaries as responsible primarily in the economic sense, but this is really about a trust relationship like doctors and lawyers, tech companies should hold in trust our personal data.

Are you open to the idea of an information fiduciary and shrine and statute?

ZUCKERBERG: Senator, I think it's certainly an interesting idea, and Jack is very thoughtful in this space, so I do think it deserves consideration.

So I went and dug up the paper they're talking about. [1] It's really interesting and I think probably does a better job than most of the other proposed regulations. Typical regulation is to set forth processes that companies must follow. If instead we just tell companies that 'you're responsible for not misusing this' we don't get all the bloat that can shut out small businesses, it avoids first amendment issues and instead of being antagonistic or alternative to anti trust action, it complements it.

[1] https://lawreview.law.ucdavis.edu/issues/49/4/Lecture/49-4_B...

I'm currently watching Mark Zuckerburg give testimony to the US House, which started at 10 AM EDT. It's available to watch on https://energycommerce.house.gov/hearings/facebook-transpare... , which has some additional supporting documentation (written testimony). It's also being streamed on Twitch by the Washington Post (https://www.twitch.tv/washingtonpost). I also have a stream like yesterday alongside Facebook's stock information (https://news.ycombinator.com/item?id=16811290), which I posted on HN earlier.

One thing that I noticed to be a sharp difference from yesterday is Mark Zuckerburg's stance on GDPR-like protections for people everywhere. I might be wrong about this account, but yesterday he said that GDPR protections will only be available in Europe. Today, he said the GDPR-like protections will be available for users everywhere. He said yesterday and today that Facebook was already implementing portions of the GDPR for years. I don't have a clip for the above yet, and I might have misheard.

12:42 PM: A Congressman (Mr. Lujan, New Mexico) just used the word "shadow profiles", and is asking about how much information Facebook has on non-users.

I was wondering about this too: MZ's leaked cheatsheet said "... don't mention we are GDPR-compliant already". GDPR-compliant, not GDPR-like. He never brought that speaking point up. Does this mean FB can comply with GDPR everywhere but will choose not to?

In terms of software, it usually takes more effort to segregate/separate features (think like an having if-statement, "IF IP-address from EUROPE" versus not), so I definitely think it's both possible and technically easier to give GDPR protections to everyone. However, there might be data storage and reporting requirements that I am unaware of and are onerous to deliver. Cynically though, giving GDPR protections to all users will probably affect the quality of their ad-targeting process, and therefore, Facebook's bottom line.

GDPR compliance seems pretty all-or-nothing. It wouldn't be sane to respond to a "hello, are you complying with GDPR for my data" letter with "You aren't a European citizen so we don't have to". If you're wrong, you get screwed over. The only sane options IMHO is either set things up to be GDPR compliant or to have zero business presence in Europe and tell them to pound sand.

It wasn't brought up in yesterday's hearings, but Facebook/MZ has actually avoided making any sort of commitment as to whether they will apply GDPR globally, or just within Europe.

GDPR compliance limits the data they can collect, which makes their product (ad space) less valuable, which reduces order volume/price, which reduces stock price, which means they will avoid if possible.

Does it actually? My understanding of GDPR is that it's more about notifications and responding to requests rather than limiting companies from doing things.

No, he said it yesterday, too, and a week ago in a Facebook post/transcript. However, it's highly unlikely Zuckerberg is being misleading here and only certain parts they're picking and choosing will be enabled in the US.

> We intend to make all the same controls and settings available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We need to figure out what makes sense in different markets with the different laws and different places. But—let me repeat this—we’ll make all controls and settings the same everywhere, not just in Europe.



unlikely or likely that Zuckerburg is misleading? Could you please clarify?

HN linked your twitch link incorrectly, so here's the correct link: https://www.twitch.tv/washingtonpost

That might have have just been me. Thanks! I'll fix it.

I’m sure I did hear him emphasize it yesterday.

The fact that there's no worthy competitor to FB shows the power of the network. Zuckerberg has been really smart to acquire instagram and WhatsApp to avoid the possibility of irrelevance.

If not for the acquisitions, I think FB with this kind of heat would have started being irrelevant to some of the users and many of the advertisers. The govt should have had been keeping a tab about these things in the first place. It's little too late for regulations.

Even breaking up them would not help. How do regulators would make sure that the systems from different apps under FB umbrella are not sharing data with each other?

> shows the power of the network

How do stories of MySpace, Orkut, Hi5, Mixi, StudiVZ, Bebo or LiveJournal fit into this narrative?

They all had massive networks and a first-mover advantage to boot.

What really needs to happen is GDPR here in the US. To force the Facebooks and Googles of the world to pay for the data breach liabilities (perhaps insurance could cover a breach - it would at least force them to price it).

You want to profit off my data (esp. through shadow profiles)? I should have a right as to whether you should and how.

This would inherently limit the utility of such breaches like CA and whatever might happen with your Google data.

Why should you "own" data that happens to be about you? If someone writes on a piece of paper that they saw you on a street at some time, should the paper now be your property? Going further, if we had the technology to selectively erase memories, do you think someone should have the right to have other people's memories erased pertaining to them?

I just can't get behind this premise at all. Nothing is being taken from you when Facebook makes a shadow profile and you don't have any copyright or other intellectual property rights over your name, the fact that you went to x high school, the fact that you lived in town y, etc.

> Why should you "own" data that happens to be about you?

We are on a rock hurling through space at millions(?) of miles per hour, depending on your frame of reference. We literally write our own laws, in order to shape our destiny as we see fit. Or, we used to anyways.

An entity like Facebook having so much data on such a large portion of the population (not just US citizens, but citizens of the entire planet) merged with the increasing power of big data algorithms and understanding of human psychology is a very dangerous tool of persuasion.

Personally, I happen to believe that the reason this risk is suddenly getting so much "public support" is because politicians have come to a bi-partisan realization that having an independent entity with this much propaganda power is dangerous - the bi-partisan aspect is interesting as I think it's fair to say silicon valley "leans left" and would tend to be more favorable to democrats, but the last election demonstrated the risk inherent in that stance. Hence, a "spontaneous" flood of newspaper and TV articles with the subsequent (in my opinion, would be interested to hear disagreements on the chicken and egg aspect of it) awakening of "public outrage".

> Nothing is being taken from you when Facebook makes a shadow profile

Something is clearly being taken. The fact that it's being assembled without my consent is disturbing, the fact that FB has repeatedly been reckless with securing that data is even more worrisome.

Your privacy (and possibly safety) is being taken. If a burglar can use exfiltrated FB data to know when I'm vacationing, it's information that makes me less secure.

If insurance companies think I'm at a higher risk for expensive treatments, I may be denied or forced to pay a higher premium (perhaps without knowing why).

Let's try a different tack than ownership: it can be seen as stalking.

So you are ok with me having a picture of your children naked on my CDN ? Or you having sex with your wife ? I shadowed it by using the camera on your phone, you gave permissions without reading.

Appeal to Extremes? In a society where we interact with other people we are okay with some information about us being 'out there'. I am okay with you knowing my school, but not that I am uncircumcised.

Edit: Not that I am with OP on shadow profiles or what Facebook is doing. I think it is okay to use people's data for advertisements and other monetary benefit but you should tell that clearly to people and it should be a big opt-in decision point with lots of information provided. I just wanted to point out that your argument is a fallacious argument.

Yes but where do you draw the line ? Fb would cross mine, and it's why i never had an account.

MZ was getting grilled this AM about if FB would implement those GDPR features to protect US citizens and MZ said it would be available to all users.

Which is funny to me that a congressman (it was a man, I didn’t catch his name) would push for that since they obviously aren’t interested in protecting citizens data with laws or regulations.

There is a substantive difference between "FB will support GDPR compliance features in US" vs. "USG has implemented GDPR and plans to enforce it".

In the latter case, FB doesn't have any requirement to actually not monetize non-EU folks.

As the article mentions, this would possibly cement Facebook's position in the market, as they have the resources to comply, whereas "the next Facebook" might not.

This is one possible explanation as to why Zuckerberg is conciliatory to any call from congressmen for regulation.

If "the next Facebook" is also going to mishandle my user data because they can't possibly comply with privacy regulations, then quite frankly I don't care if they can't make it.

I don't think the article is arguing against regulation--it is arguing for competition.

Thompson's point is that the real issue is not privacy, but that Facebook is incentivized to disregard privacy because that have zero competition. That is, they have the luxury of disregarding user privacy because they have a monopoly on the social network (and have been allowed to strengthen it through acquisitions).

I'd argue that both regulation and competition are necessary. Regulation to make data protected and portable, while punishing breach of data, and competition to allow the market to create alternatives.

Right now people don't leave Facebook because there is nowhere else to go, and no way to take their graph with them.

I like hearing actual proposals for how to "do something about Facebook" as opposed to all this hand-wringing. I guess I'm just expecting everyone to get upset and then go back to business as usual.

If you want to solve the problem its relatively easy. Follow the money.

Ban micro targeting by advertisers, with only textual context and location allowed. Ban platforms like Google and Facebook from offering micro targeting. Marketing managers and their agencies will be held accountable.

This should be easy to enforce and will stop the creepy stalking and data hoovering at source as there is no incentive.

But no one wants to solve the problem, only go through the motions of solving it. These capabilities are too valuable for government and propaganda.

There was a statement by Senator Sullivan that I found revelatory, if not surprising; he talked about how almost every single lobbyist in D.C. is involved in the Facebook scandal in one way or another. I had never really considered the fact that virtually zero special interest groups can possibly be neutral here... tobacco, firearms, alcohol, religious groups, food and agriculture, entertainment, finance, the government itself as well as quasi-government orgs (DNC, RNC, PACs) — every single one of these has grown to rely heavily on micro-targeted advertising in modern times. Stripping FB of the means to micro-target doesn't just affect FB's bottom line, it potentially affects every industry in the country, perhaps even the entire first world.

Do you think any Congressperson will sever a lucrative outreach opportunities for these groups, who are also their largest donors?

Because of unnatural time constraints nobody was able to press on his defense of "you own your data because we made a download your data button" which is a dramatic oversimplification of how the adtech ecosystem actually works. In addition, I feel that the format and time constraints were carefully set up to avoid this more important discussion, because Congress needs FB, and FB needs Congress.

Do they need each other because they hope to utilize them for re-elections, or is it simply because they have so much money and Congress wants some too?

More of the former but probably a little bit of both.

My biggest frustration is some of the questions came close to forcing some real answers, the biggest being data deletion. Zuckerberg was always extremely careful when it came to questions of account deletion. One question asked "when a user deletes their account do you erase the data", Zuckerberg visibly tripped up and referred back to "data is deleted". There is quite a bit of discussion online on whether FB simply marks the data in their database as deleted or whether it is actually removed.

(Disclaimer: I left FB several years back, this may not be completely accurate today. However, I would be surprised if this in particular has changed.) I worked on this system. Account deletion is a completely separate process from content deletion. The latter can in some cases just mark data as deleted or ready to be garbage collected, but the former actually deletes everything associated with an account. There are some nuances that are hard to explain well in front of a bunch of Senators though: your messages to other people will still stay in their inbox, it's not feasible to purge backups so there are tapes with your data around for several months. Also, derived data (ML models, etc) trained with the account data sticks around, although this isn't really identifiable info.

>There is quite a bit of discussion online on whether FB simply marks the data in their database as deleted or whether it is actually removed.

This shouldn't be a discussion. I can't think of a single non-toy database that actually deletes data when you press DELETE. All the LSM databases (pretty much anything using Facebook's RocksDB) doesn't actually remove data until a compaction event - and MySql/Postgres don't actually delete data until you a VACUUM occurs. (then there's whole minefield of did the OS actually remove the data, or did the filesystem just mark the affected area as deleted, but didn't scrub the bits). Then theres the backups - FB may have a ton of backups in cold storage that may have your data that wasn't removed.

The conversation about "FB simply marks the data in their database as deleted or whether it is actually removed." is unfruitful. The answer is "no" for almost every company on the planet, not just FB.

I don't think that's a meaningful comparison. There's quite the difference between "The data can be readily returned from the database if you omit the NOT deleted clause." and "You can use forensic tools to get data back. Maybe."

There is obviously a certain leeway in time allowed for a deletion request to actually be fulfilled.

But other than that: if technology gets in the way what people and the law demand, it's technology that needs to change, not people.

Exactly - and for all intents and purposes, that should be good enough. If the data is marked "deleted" and then written over within some reasonable amount of time (whatever their VACCUM cycle is to rewrite the immutable partition) then that should be good enough.

Now as for backups, this is much harder. I don't know how reasonable it is to ask them to discard backups in cold storage - seems like a compliance nightmare that would absolutely punish smaller players that can't build infrastructure to do that.

Regarding backups, I think the answer might be: "keep the backups only as long as you need".

Is it really reasonable for an active site to keep backups older than a couple of months? A year?

> Postgres don't actually delete data until you a VACUUM occurs.

FWIW, a large portion of cleanup happens on access. If the entire page will not be accessed until the next VACUUM that doesn't change anything, but in OLTP workloads that space will often be reclaimed much earlier.

Doesn't change anything about your larger point though.

I find it odd that they're singling out the monopolistic nature of Facebook, when monopolistic/oligarchic industries are the norm in America.

That it's the norm doesn't mean it isn't problematic.

That's a pretty recent development. I don't think you would argue that was true until the 80s/90s.

The single strongest indicator of the inflection point where a giant company begins to implode is when the CEO is hauled into Congress and people start talking seriously about anti-trust and breakup. Standard Oil, A&P, General Motors, IBM, Microsoft, etc, etc. Bigness breeds inertia, arrogance, myopia and abuse. The only way to make a "monopoly" last is with strong government protections.

Zuckerberg says he's making a lot of changes at Facebook and trying to make it better for everyone. The real question is are they? With tremendous power that Facebook has they can really topple governments or make new governments. Their power needs to be kept in check.

One Man’s Tool Is Another Man’s Weapon

- Bane

But Killing Someone With A Lawn Chair Is Still Non-Intuitive.


It seems comical to me that tech becomes a Congressional issue once the average age of it's users are that of members of Congress.

One of the questions has literally been "What is Facesmash and is it still active?".

I am picturing that this person looked at his agenda last night, saw "Facebook hearing", opened Netflix, and started watching the Social Network. He got bored 20 minutes in and shut off his TV.

Zuckerberg is a Russian puppet. I can prove that, because Facebook banned me for anti-Putin poetry in Russian!

That's not proof of anything...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact