I assume the response was for the same reason relationship advice from strangers is always "break up immediately." People are really bad at judging things they know only one thing about.
Technical: companies got the data in a way that system was designed. No abuse there.
Legal: companies didn't adhere to TOS and used data in a way that were not supposed to. This is why is it called abuse.
Also, how does the provided link support claim that they are not necessarily enforceable legally? I read it but saw only criticism of TOS in general, nothing about whether they are or are not legally enforceable.
If you grab data hosted on facebook or any other website, without having an account, where is the explicit contractual agreement? Are HTTP requests contractual agreements? MITM/DPI'ing facebook users who connect via your hardware contractual agreements?
The extent that is abuse, is that facebook (or any other site) service is engineered in such a way that makes such information it collects available to any degree in the first place. True, anyone can make dubious claims of abuse.
>Also, how does the provided link support claim that they are not necessarily enforceable legally? I read it but saw only criticism of TOS in general, nothing about whether they are or are not legally enforceable.
"These "terms" are actually purported legal contracts between the user and the online service provider (websites MMORPGs communication services etc.) despite the fact that users never get a chance to negotiate their contents and can often be entirely unaware of their existence."
purported legal contracts != legal contracts, i.e. just because someone says it's a legal contract, doesn't mean it actually is.
Oh, learned the new word today. Do they have also some analysis that say why TOS should be purported legal contract and not valid legal contract?
> If you grab data hosted on facebook or any other website, without having an account, where is the explicit contractual agreement?
I assumed that we were about platform API abuse. In such case, each developer had to agree with TOS before he is allowed to use the API. So in this case, developer explicitly agreed to terms that subsequently broke. So I think it can be called "abuse". It's not random HTTP request.
For random HTTP requests, that is much less clear. My stance on this is that as long as you are respecting robots.txt, and not trying to circumvent any blocking measures by the site you are using, everything is fair game (in general, maybe there could be exceptions). I don't think it's right/moral to violate those two. And whether it is legal, it depends on jurisdiction, who you are scraping (I am assuming we talk about automated access), if you respect robots.txt, if you try to go around blocks, ...
Two interesting cases in scraping I know about are these ones:
> MITM/DPI'ing facebook users who connect via your hardware contractual agreements?
I am no expert in law, but MITM/DPI to extract data sounds highly illegal. I don't think that TOS have to handle this case.
> The extent that is abuse, is that facebook (or any other site) service is engineered in such a way that makes such information it collects available to any degree in the first place.
So you are arguing that Facebook should be walled garden, with minimal possibilities for users to share their data with developers (not that I disagree). I don't think this is problem with existence of these platform / capabilities, but that the users are not understanding implications of what they are allowing (but doing that is gargantuan task, they will probably invent new nobel prize for anyone who manages doing that).
Even assuming that, developers who check in their credentials to public repos, third parties that use such never agreed to the terms. You can do this do today, without agreeing to facebooks terms (i.e. go to github, get access tokens, connect to "open graph", no accepting terms or creating accounts needed).
>Do they have also some analysis that say why TOS should be purported legal contract and not valid legal contract?… For random HTTP requests, that is much less clear…
It's not really about random HTTP requests or not, it's that any of this will have to be argued in courts. From the examples you have listed, in the US, this is not really in Facebook's favor (unless they can scare people to stop doing such before getting to the courts).
>So you are arguing that Facebook should be walled garden, with minimal possibilities for users to share their data with developers (not that I disagree)…but that the users are not understanding implications of what they are allowing
Personally, I don't think facebook should be this at all, and although they may have sold developers on their platform, this has been less of the case over all as time goes on (bait and switch). They say they want to connect the world, but what they really mean is that they want to connect the world on their terms (and they have every right too, but they can't necessarily stop others from doing something).
I don't think it is facebook's responsibility to give its users any illusions of privacy since any "friend" they have on the platform or any third party app they connect with is just another attack surface agaisnt such: by design. I think every user of any platform needs to take to protections in their own hands, if they care about such, first and foremost. Expecting governments/corporations/organizations to coddle them and provide everything that they desire without doing anything for oneself, is just naive to how humans have operated throughout history. It's been over a decade since facebook has been around, people can keep saying that people just dont understand, but I will think people will keep saying such even after another decade (or more) if facebook is still around.
if I go to pastebin and find login credentials dumps, i can login to those services without accepting any TOS. Yet, I would probably go to jail of caught. This seems to be similar case. but I doubt that user access token (that you need to access that users data) is somewhere on github. app user token sure (as sometimes you have to ship it with the app, or app can be opensource), but user access tokens are like passwords, so they should not be in the code.
Anecdotally, most of the outrage I’ve seen has come from white men in their 50’s who don’t actively use the platform. I don’t mean this as a jab, I literally have seen the most outrage from this group although I’m not sure why. Perhaps it’s just coincidence or that is the most outspoken demographic.
Meanwhile, I haven’t seen any change in usage from those people I know who actively use Facebook/Instagram/WhatsApp.
I think that people feel that this story should adversely affect the company and it’s earnings, but there is no evidence that it actually will.
Over the last three years, the percentage of my friends who are active on these platforms has dropped dramatically, like ~80% to ~20%. I think most of the people who understood that Facebook and associated properties were toxic tailed off using those services well before the Cambridge Analytica thing.
Later, it would some out that Cambridge Analytica (and likely other bad actors) had been siphoning up PMs:
I try to imagine games like Farmville that were played by millions of people, how many information they collected.
Nowadays, Facebook has Graph API. You need to specify exactly what information about the user you want. And depending on the information, Facebook needs to review in advance.
I think they have decided to take the hit rather now (in the stock price) than in the future assuming that the hit now will be smaller now than later.
Maybe not in those very words, but the concept comes up quite frequently in Money Stuff. Recently I've seen a recurring theme around "everything is securities fraud". Which boils down to a very utilitarian and cynical core: if you are a company and do X but don't disclose to your investors that doing X may have an effect on the value of their investment, then the investors can sue you for securities fraud and try to claw back whatever future profits they feel they had been entitled to.
That is, of course, precisely why they spoke up. Their lawyers and accountants determined that would be the least costly approach.
As an aside, why do we continue to tolerate this kind of behavior from corporations? They aren't _really_ people and they don't deserve and should not be afforded the freedom to experiment with their impact on our society and our lives that real people are privileged to enjoy. Regulations and massive punitive consequences are _good_ things to ensure corporate behavior serves the public interest. And yet this has been going on for almost a century and nothing ever happens to change it?
It's nothing but an evolution of the robber barons.