My own strong interjection: Facebook’s competitive advantage is its disregard for ethics. Somehow, Zuckerberg has been able to convince a lot of smart people to do unethical things and build unethical technology, while the competitors have a harder time doing the same. This disregard for ethics has allowed Facebook to “grow at all costs.” Meanwhile, the more conscientious programmers and entrepreneurs (or at least those held more accountable) are busy wrangling with the real challenges and intricacies of civilization. (I personally prefer it that way - I like my work being tied to the well-being of society.)
And I once met a Facebook employee who actually was a staunch EFF supporter…
But overall, I dunno… you're probably right.
"move fast and break things" > Why the hurry?
The alternative to that way of doing things was to allow the existence of public and private entities like Facebook and their subrepticious intrusiveness, allowing mass surveillance, but also allowing to avoid other gruesome measures.
And that could explain why nobody can pull-out a facebook takedown.
"the cost of freedom is high..." JFK
This appears to be a quality that occurs in some business owners.
I know more than a single entrepreneur with similar disregard for things like data retention and PII. Their reluctance to address these issues when advised, I assume, would persist until they get burned.
Taking a step back, at the root it appears simply that some people are better at focusing than others. These entrepreneurs would work on improving metrics they see relevant and their effort will be more efficient thanks to zoning everything else out.
Seeing evil intent here would be counterproductive, similar to reprimanding someone on the spectrum for not saying hello: it might just not occur to a person. The key difference here is that these decisions negatively impact countless third parties, and those third parties lack the expertise to recognize the issue.
While there’s a lot that can be said against FDA, there seems to be a parallel here. I want to reserve my judgement about regulation in this area, but it seems like there’s a case for it, similar to how we’d like to keep food manufacturers in check.
 A movie called Dallas Buyers Club comes to mind.
similar to reprimanding someone on the spectrum for not saying hello
The parallel between narrow focus and mental disorder was meant to illustrate how attributing these outcomes to malice (which I sometimes see) is ineffective. If those actors play by the rules and are immune to ethics-based arguments, then maybe the rules are due to be updated.
I'd say this claim needs a lot of supporting evidence before we should take it seriously. At the moment it's just a rhetorical device, and would almost certainly be used to mitigate blame aimed at corporate bad actors. So I'd say without some type of serious evidence of this unwitting laser focus, evidence of people genuinely "not seeing the harm" despite huge op-eds in major newspapers, outrage from tech communities, harrowing stories of data privacy issues, etc. etc., we really should not put any weight on this "non-malicious focus" interpretation.
In other words, these are smart people. They knew full well what they were doing. Lobbying, PR, and attempting regulatory capture after the fact to launder their reputation and absolve blame are absolutely baked in as part of the strategy, until conclusively proven otherwise.
That means all the privacy protections from the "website" are there, you're just not looking at it through a browser, it's an interface provided by the device manufacturer.
What is there to be angry about?
There's a great phrase for this: "move fast and break things". When you believe it is ok to break small rules and norms, it becomes easier to break larger norms and ethics and rules. This philosophy took SV by storm, but at its core it's always been about disregarding things like laws and ethics, and now we are seeing the world that created.
I'm all for criticizing things that have gone wrong, but you're using an overly-broad brush.
- "Should we share this data?"
- "I don't know, we'll figure that out in version 2"
> Move fast and break things. Unless you are breaking stuff, you are not moving fast enough.
In the technical space, things may be legacy code or APIs. In the business space, things may be ethics and laws, and this incidentally is exactly the model we see in companies like Facebook and Uber and AirBnB.
I'd recognised this similarity some time back.
Irrationalism also depends on the cult of action for action’s sake. Action being beautiful in itself, it must be taken before, or without, any previous reflection. Thinking is a form of emasculation. Therefore culture is suspect insofar as it is identified with critical attitudes.... No syncretistic faith can withstand analytical criticism. The critical spirit makes distinctions, and to distinguish is a sign of modernism. In modern culture the scientific community praises disagreement as a way to improve knowledge. ...disagreement is treason.
No, not really.
If you notice people working - say, construction - in a particular way, and they're trading safety for speed, and if you weren't concerned with worker-safety, you might consider that tradeoff their business. If you also found that it led them to build buildings that overlapped other people's properties, you might note that the tradeoffs they choose might also lead to that problem.
Especially if you notice that other construction firms are making the same sorts of tradeoffs and also having the same problems.
I'm not saying that firms who "move fast and break things" are inevitably also unethical, shitty companies. Everyone sacrifices QA depth for release at some point. But there's nothing wrong with pointing out many high-profile companies who trumpet their pride of it are, in fact, unethical, shitty companies.
BTW, your construction example is terrible. Unsafe construction worksites are illegal, and continuous integration and deployment of software is not.
> your construction example is terrible
Takes all kinds. Including people who intentionally read things obtusely.
But then the likes of Uber came along and showed that it meant "laws".
However, if that becomes "do whatever we want to anyone without regards for laws or ethics or customs including directly lying to regulators" as it appears Facebook did then I agree it becomes a problem.
Sure it does. Move fast and break things means don't be afraid to try new things, but the line isn't "ethical concerns" but rather "legality". There's a whole gray area between what is ethically acceptable and what is legally acceptable, and FB profits in that gray area that other companies are afraid to try because of their corporate values or personal misgivings.
Good luck on net neutrality with the FTC...
The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) announced an agreement on Monday to coordinate their efforts to police the internet once the latter agency has repealed its net neutrality rules.
While I absolutely agree that it's a serious problem, Facebook does not stand out in the business world in this regard. Many in the business world celebrate, rationalize, and embrace this point of view: Making money is all that matters. On HN, until recently I often read the argument that businesses' only responsibility is to make as much money as possible for shareholders and that they have no responsibilities to employees or community. The current U.S. administration openly embraces this view as policy; Rex Tillerson (former oil company CEO) openly stated that US policy was that human rights took a back seat to making money.
For generations, corporations have made money on the labor and the suffering of others, to the point of undermining governments and supporting oppression and murder. Off the top of my head: There was the East India Company in the 19th century, the banana companies in the early 20th century, the businesses that helped the Nazis, the ones who helped and cashed in on right-wing dictators throughout the Cold War, the financial companies who committed massive fraud causing a global recession in 2008, and all the IT companies helping oppressive states like China with their surveillance technology and means of oppression, not to mention Hollywood and other businesses who censor criticism of China.
The question is, why do we normalize and accept this behavior? What is wrong with the morality of business leaders?
(And to be clear, I'm not demonizing all business. Business provides the resources that make advanced nations prosperous, safe, healthy, and connected.)
There are plenty of companies that are willing to do 'unethical' things.
This distinction wasn't made clear in the story (or I can't read) and it's an important one. Privacy is complicated enough already.
> An Apple spokesman said the company relied on private access to Facebook data for features that enabled users to post photos to the social network without opening the Facebook app, among other things.
So is this like what connecting your Facebook account in Settings does? Allow you share pictures through the share sheet in Photos or whatever? What does Apple get to see, and what stays on the device?
It depends on the platform.
On iOS you could post various types of information to Facebook, and you could sync Facebook contact and calendar data to the local device.
Aside from letting you share information and sync Facebook contacts and calendars, Windows Phone 7, for instance, pulled in a lot more data to populate it's People hub.
>For all intents and purposes the People hub is the Facebook app for Windows Phone 7. If you’ve supplied your Facebook login, the default “what’s new” tab will serve as your news feed.
Didn't Tim Cook just two months back bragged about how Apple doesn't do certain things? He was right. He asked Facebook to do that for him.
There's nothing to see here, but it sure makes for a provocative headline that will get lots of clicks and make the NYT lots of money from personalized ads. You have to love the irony.
There's a dangling "their" in there which is causing trouble. What I think this means:
- Alice adds their email or phone number to their Facebook account. Alice sets this to "private".
- Bob is friends with Alice
- Bob's phone has access to Alice's phone/email, even though this wouldn't be normally visible to him.
(The Windows Phone social media integration in the contact maanger was absolutely excellent at presenting everything about your friends on every platform in one convenient place)
- Alice adds their email or phone number to their Facebook account. Alice sets this to be visible to friends, but not to third-party apps they use.
- Bob is friends with Alice.
- Bob's phone has access to Alice's phone/email, even though this wouldn't normally be available to third-party Facebook apps like games.
Edit: Facebook's response at https://newsroom.fb.com/news/2018/06/why-we-disagree-with-th... also clarifies this. "Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends."
The "build new private APIs for device makers through 2014, spreading user data through tens of millions of mobile devices... and other systems outside Facebook’s direct control" makes it sound like they were making deals with the manufacturers where the device would auth and fetch data through the manufacturer's infrastructure when accessing Facebook? The Blackberry Hub app is used as an example in the infographic.
As stated in the article: Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. .. which meets your definition of concerning.
It will likely be some time before we learn the extent of all of these agreements and how the data was used.
And HN's facebook derangement syndrome continues.
Embedding user agent functionality into the OS is not the same as third party access.
Talk to me when a device manufacturer is caught exfiltrating this user data off the phone and then aim your pitchforks at them.
It actually is. Your monitor, on the other hand, can be considered a part of yourself for the purposes of viewing the data.
If it somehow sends sensitive information back to its manufacturer, thought, that would be a new, different can of worms.
Facebook never has any interaction with the human user, they only interact with the user agent.
Because they're not third parties. Third parties are anyone off the street that meets some minimal requirements. It's like the distinction between third party and second party releases on video game consoles. Second party releases are extensions of the first party publisher because of the special access and extra scrutiny they get. The difference in this case is that this "special access" is apparently no different than what you get from the website through scraping HTML, just in a more convenient manner.
But that doesn't make it OK for that data to be stored on the third party's servers or be otherwise available to the third party.
Simply because the data was gathered in a way not unlike most apps, doesn't make it a non-story. In fact, the lack of informed consent and the very misleading statements to Congress make it a huge story.
User data is a commodity, and is worth far more than money. Considering how easily manipulated large portions of the Facebook community can be (e.g. Facebook mood studies, election-year propaganda, etc.), giving access like this to large tech companies - third parties - absolutely needs to be well regulated and come with the informed consent of it's user base.
Not to mention that the policies around turning this data over to other parties -- namely law enforcement -- is different between most of these companies.
The objection is not non-facebook code accessing facebook data. The objection is that, once again, powerful information is being traded and used as leverage to drive profit, with the intent of the buyer or receiver largely unclear, and the impact yet to be seen.
>The objection is that, once again, powerful information is being traded and used as leverage to drive profit
There's no evidence of any of this.
I disagree. I think Facebook, driven by ad dollars, is attempting to secure as many users as it can. Part of that is to make it as seamless and convenient as possible.
Data as currency is a given at this point. Facebook ensures longevity through ease-of-use. Service providers secure further assets, and are in a position to use it.
> I disagree. I think ...
I think you misread "no evidence" as "no one believes".
It may cure nothing. But the fact remains that Facebook acted (and continues to act) in bad faith to the user.
Maybe nothing changes, especially now that users are so deeply attached. Real-time targeted advertising has been around since the early 2000s, but explain to the average tech-illiterate user that their phone can hear when a Tide ad is on television and can serve a Clorox ad in their Instagram feed, and watch how uncomfortable they get.
How much of this could be stopped with informed consent.
If I found out that Google was using Chrome during my authenticated Facebook web sessions to scrape my Facebook data, and my friends' Facebook data, I'd be pretty upset too.
This was OS chrome integrating Facebook features. An API for Mobile OS UI to integrate Facebook features.
How else do you think the OS provides FB functionality... after you enter your credentials into the Settings screen?!
> They said its partnerships were governed by contracts that strictly limited use of the data, including any stored on partners’ servers.
> Tests by The Times showed that the partners requested and received data in the same way other third parties did.
Facebook customer data was collected and stored on servers owned by the device manufacturers. This is not analogous to a browser interacting with the Facebook web application.
There is no evidence that these APIs provided more data than a user had legitimate access to.
We trust our devices not to exfiltrate our data every second we are typing on them. Tightly integrating social features into a mobile OS is not third party access unless the device maker in exfiltrating the data for any purpose other than encrypted cloud backup.
I see you're using the new definition of literally, the one that means figuratively. In the same sentence you have said it is no different and then said it is vastly different. Your post makes no sense.
Even if you were right that the data is 100% hash-compatible, SHA-1 it and get the same data as the API (you're wrong), it being streamlined is a huge difference and makes this news, in fact.
You surely agree that an individual person walking up to others on the street and asking a question is different than a team of 10M people doing them same thing, right? But there's "literally no difference", just streamlined?
Streamlining something defines patents and makes billions. Streamlining a legal activity can make it illegal.
Your post is wrong, you are using logical fallacies and you are then blaming everyone else with harsh language, while it is is you who seems to have, in your own words, some kind of "facebook derangement syndrome". Wow, those are rude words. Flagged.
You ignored my entire post, and instead chose to post an off-topic question, further distracting and hurting the conversation. That is also against the rules. I'm responding to you so that others are more aware of the damage you are causing.
We are not "deranged" people for our thoughts on Facebook. Stop it.
This comment is incoherent, at
best, and it says a lot about how far the HN community has sunk that it is the top comment. "------ derangement" syndrome is a common phrase used on lots of political blogs that also specialize in nonsensical arguments and don't seem to care that entities in power lie through their teeth.
The way the article is titled can make it look like the device makers actually got to make their own database of Facebook users.
Edit: I read it again, the article does say "Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers," but they don't follow up on that at all, they go back to messing with a BlackBerry. That's the big question.
> the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online.
User ID and birthday are both public information, and people typically share work and education history as public (or at least “networks” thereof, for finding friends). AFAIK online status is the only thing that’s usually friends-only, but perfectly reasonable to share with a device messaging app.
> [...] they’re just engineers trying their best to do the right thing.
What makes you say that? Beyond potential abuses of data by third parties (or whatever), I would expect that most FB employees are trying their best to get paid. Whether or not all or any single one of them cares about “the right thing” is mostly unknown to outsiders. I have always assumed, based on FB’s overall business model, that there is a general disregard for any particular interpretation of “the right thing” at least when it comes to the privacy of the platform’s users.
And no, Facebook is not "just engineers <...>". There are lots of other positions who make high-level decisions, e.g. decide how the company is going to make money.
Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data.
Are those public?
"Facebook integration on device OS allows viewing user's own profile after logging in to account" doesn't seem that shocking.
How can any honest people make such claim? It is the same as proving the non-existence of abuses.
They could probably catch 99% of abuses by just specifying it in the contract with the 3rd party, but they have't done that.
Meaning that today it is still possible to generate an access_token using a client_id extracted from an old blackberry device with a valid facebook account and extract much more data (using the private device API's) than what that user should be allowed to see.
Do I understand that correctly? Because that seems like an enormous security breach.
So Facebook says "we don't sell data," but they are giving manufacturers access to data in exchange for being integrated/pre-installed on the device. How is that not "selling" data? Just because they aren't receiving cash?
>Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. A Facebook official said that regardless of where the data was kept, it was governed by strict agreements between the companies.
Furthermore, why would they be putting an end to all these "partnerships" if they were "fundamentally necessary for the app"? Manufacturers can turn to the normal api that any other app dev uses.
While I guess technically they could've use the normal API and only got the same information as Farmville or any random quiz could, this would have the result that - depending on what phones your friends used - you wouldn't be able to share information with all your friends without also sharing it with Farmville, Cambridge Analytica, and all the other shady Facebook platform apps that weren't held to the same privacy standards. That doesn't seem like a win to me, particularly since getting someone to click "yes" on a permissions dialog is a lot easier than creating a widely-used hardware platform and convincing them to use it.
(Of course, given just how many intrusive permissions it demands, getting everyone on the official Facebook app arguably isn't a great leap forward for privacy either.)
Facebook hardly sells any data. It just shares it for free with a ton of partners (and without freely-given user consent).
Editorial: It's startling to me how outfits as reputable as NYT can time and again parrot a narative (e.g., FB is better than sliced bread), and then after the fact report on something that was right under their nose all along.
Given the book review (link) above, it's as if they don't read their own publication. If I have to connect the dots myself then I'm going to stop reading - which I essentially did, many years ago.
That said, SV has become the ultimate cult / religion. All those followers and zero heretics (i.e., whistleblowers). The irony that so many of the faithful champion the likes of Snowden et al is as funny as it is frightening.
The narrative is more about the MSM's alleged ignorance about FB's biz model, biz practices, etc. All those "journalist" and not a single question.
The point is, this is old news. It borders on fake news. Real news boils down to two things. It's new. And it's relevant.
Again, if the NYT - as a MSM outlet - is the best we got then we deserve better.
That is almost completely a problem of the format of news articles, and that journalists have to write for a lowest common denominator. Take as an example from the NYT article:
> Details of Facebook’s partnerships have emerged amid a reckoning in Silicon Valley over the volume of personal information collected on the internet and monetized by the tech industry.
That, plus the next paragraph, is basically the entire context the NYT can give about a discussion about privacy that ranges from the inception of the Internet, spawned numerous NGOs like the EFF, etc. To present an sort of accurate picture, they would need a five volume work, so they have to rely on their readers already knowing something about internet privacy, and this is only meant as a reminder.
The same problem seems to be with the entire article, the NYT seems to define "third party" as any party that is not Facebook, while Facebook defines "third party" as app developer. If I understand the NYT article, and Facebook's press release , the entire kerfuffle seems to be about an legacy api that can only be accessed by device makers, and it is entirely unclear if device makers have to exfiltrate the data from the individual devices, or if they have access to FB's databases. 
The problem in the context of writing articles is, that one needs a quite technical article of the same length as this one to explain the lowest common denominator news reader what the difference between those two scenarios is. (Remember the average reader does not know what an api is, does not know what local or remote means in the context of handheld devices, does not know the difference between an OS and an app, and in general is not a programmer.)
The quality of news gets even worse, because market pressures push newspapers like the NYT to conform to a certain set of newsworthy topics and to a specific framing of these topics. They have to adhere to a certain set of newsworthy topics, because people who talk with their co-workers about news don't really appreciate it, if their newspaper did not write anything about the topic. And they are pushed to a specific telling of these topics, because some of their readers are checking different newspapers and if they have incompatible framing of the news, then those readers will at some point conclude that the majority of newspapers is right.
(h/t to whoever posted it in the comments)
 Note, in the first case FB did constrain the ability of the device makers to access data on the phone, by getting them to sign TOS of the api. In the second case, FB is just lying about a breach of privacy for any reasonable definition of "third party."
That's not a very good constraint.
I agree that such a TOS is not a strong constrain, it is not technical and it is easily cirumvented, by just not using that specific api and instead getting the same data from the OS.
This is what third party means
Now if blackberry or apple had carte blanche access to data via an API that was authenticated just based on the company credentials, that would be different.
Facebook's new policy: Move fast and deny everything.
I'm only half-joking as I was surprised to see a Facebook rebuttal so quickly after an article like this. It seems a new strategy is in place, to not let these article fester. The problem is their response is devoid of actual content, or even actual rebuttals to the main points of the NYT article. Mainly that FB does not consider these vendors as "third-parties", and that friends data is accessed even when sharing is explicitly disabled.
Reputable journalists always seek comments when they write in depth about a person or company. There’s always at least some forewarning.
>Market Cap: 561.740B
Not surprised at all. Their business model depends on it on people uploading all of their personal information, thoughts, and feelings into the machine for analytical processing. If that trust/relationship dies, facebook dies with it.
I think most people are aware enough that they are the product - I just think they don't really care all that much.
Article contains Facebook's response, so they most likely read it before it was published. As far as I can tell, they probably didn't like the way reported interpreted things so they prepared at least part of the response before, so they can react when it will be published.
It took Cambridge Analytica for people to realize that they did not want this.
I have been paranoid about Facebook since day one, but there is something I won't do: blame them for coming up with a business model that is legal and did not seem to concern users ethically either.
The hearings of Zuckberg have been shameful. As much as I love seeing him on the grill, I have more contempt for the lawmakers in front of him, who actually enabled Facebook to become such a monster by either facilitating or simply not understanding what it was doing.
Facebook is a problem, but the ones responsible for this situation are not to be found within the company.
So not to interrupt the outrage mob here ... but facebook did not sell data to these companies. And actually I'm not aware of any case where people are outraged where facebook sold peoples data, including the Kogan case.
Didn't Obama's campaign obtain users' consent before reading data?
Does your contempt extend to the billions of non-technical minded users who also did not understand what FB was doing?
On thousands of issues that can put several things I hold dear at risk, I just trust elected officials to do the right call. It is THEIR job to understand these issues and take the correct stance. I mean, this is literally what they are paid for.
I still wish that privacy had been a bigger concern to the population at large, but thanks to recent scandals, and to EU laws, this starts being the case.
Perhaps they are paid more by their donors to pass laws written by corporate lawyers
I bet on a quick shutdown, possibly with extradition shenanigans, offshore funds and other drama, after a criminal investigation or a whistleblower shines a light on potential liabilities.
China hasn't produced a Trump yet. Meanwhile the US has laid the foundation with the attention economy (that props up people with the largest view/retweet/like count) to produce an entire crop of Trump type "leaders" in every sphere of life from the corporate world, to the army, to academia, to the media etc etc. The ground has been prepared and the seeds have been planted.
Look around. What is going to prevent their rise? Regulators? Zuckerberg?
Once they have achieved their scale and network effects, they can just promise changes and do an apology tour in response to any regulatory or public backlash after it happens.
Except they aren't apologizing for this. And they shouldn't, it's a non-issue. The next article is going to be about how facebook shares user's data with third parties (chrome/firefox/opera/nefarious browser #3/etc) without any sort of agreement about how those third parties use the data.
Violating privacy is their business model. As long as it is legal it would be stupid for them to change it.
As a former French banker (now standup comedian) once said: "Hoping to regulate companies by asking nicely is like going to the prostitutes with a flower bouquet"
> “An Apple spokesman said the company relied on private access to Facebook data for features that enabled users to post photos to the social network without opening the Facebook app, among other things. Apple said its phones no longer had such access to Facebook as of last September.
> Usher Lieberman, a BlackBerry spokesman, said in a statement that the company used Facebook data only to give its own customers access to their Facebook networks and messages. Mr. Lieberman said that the company “did not collect or mine the Facebook data of our customers,” adding that “BlackBerry has always been in the business of protecting, not monetizing, customer data.”
> Microsoft entered a partnership with Facebook in 2008 that allowed Microsoft-powered devices to do things like add contacts and friends and receive notifications, according to a spokesman. He added that the data was stored locally on the phone and was not synced to Microsoft’s servers.”
The story recounts how the BlackBerry Facebook view could... not surprisingly in any way... render your Facebook friends’ information which you are supposed to be able to access.
But the NYT apparently thinks this is nefarious in some way.
> “The Hub also requested — and received — data that Facebook’s policy appears to prohibit. Since 2015, Facebook has said that apps can request only the names of friends using the same app. But the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online.
> The BlackBerry device was also able to retrieve identifying information for nearly 295,000 Facebook users. Most of them were second-degree Facebook friends of the reporter, or friends of friends.”
...How the hell else do you suppose the UI was rendering your Facebook Feed?! Maybe they thought BlackBerry used magic unicorns to render the Facebook UI components on their Hub view.
If only there was a term to describe when media sites write a non-story to stir up fake controversy by smearing a popular target...
No, we won't. They are liars and cheaters, the lot of them, and we aren't going to trust them any more. They said in court "we didn't do that" so then you post it here that everything is okay, but I don't trust it. Not one bit. None of us do, or should, trust what those companies say.
Mark Zuckerberg is a liar. The whole concept of, "We're doing the right thing with your data, just trust us" is ridiculous. He already called you and I and every single one of us a literal "dumb fuck" for trusting Facebook with the data. Mark Zuckerberg would be banned from HN for vile language if he were here. Clearly, we are not meant to trust him or any of them at their word. They lie and they know it.
NO, zaroth, I do not believe a single part of any of the quotes you wrote. I don't believe them. We also know that Zuckerberg was intentionally misleading or lying in recent EU appearances.
> How else was the UI rendering your Facebook Feed?!
This kind of incredulous, "we must have Facebook on our phones, what else were we supposed to do?!" is silly. Facebook and these partners clearly overstepped their bounds.
> But the NYT apparently thinks this is nefarious in some way.
What? You then quoted the NYT listing a series of facts. Nowhere does the NYT say anything like nefarious or anything like that. You are making things up.
> ... fake controversy ...
Did you just call this whole thing fake? Like, the controversy itself? It's not fake..... This HN thread's existence proves the controversy is real. This stuff is not fake.
But that’s not the story that the NYT has published here.
I’m incredulous that programmers and hackers would feign surprise that a UI rendering a Facebook feed would necessarily use an API which returned a data structure with... your fucking Facebook feed.
If device manufactures or OS developers (Apple, Microsoft, Samsung, Amazon, Google, etc.) are exfiltrating personal data off of your device — and BTW my Facebook feed would be the least of my concerns in that case — prove it, and the point your pitchforks at them.
It doesn’t help the discussion to conflate user agents with third party applications.
But user agents do sometimes push our private data to their own servers — like Chrome’s Omnibar — and if and where that is happening, and how that data is used, absolutely should be disclosed by the device manufacturer.
I had not read Facebook’s response but it seems to me to perfectly describe what actually occurred with these APIs and highlights what NYT got wrong with this story.
Well, of course it is. Ridiculous to think smartphones aren't spying on their users in this day and age.
> But that’s not the story that the NYT has published here.
Uh, yes it is.
> I’m incredulous that programmers and hackers would feign surprise that a UI rendering a Facebook feed would necessarily use an API which returned a data structure with... your fucking Facebook feed.
I'm incredulous at this sentence. Good lord what anger you have for people just being people. I don't see anyone here "feigning" surprise! I haven't seen that at all about this topic. No need to swear, either. We can talk like reasonable people.
> If device manufactures or OS developers (Apple, Microsoft, Samsung, Amazon, Google, etc.) are exfiltrating personal data off of your device — and BTW my Facebook feed would be the least of my concerns in that case — prove it, and the point your pitchforks at them.
I don't have a pitchfork out and I have absolutely no idea what you're ranting about. This swearing, pitchfork holding comment makes no sense to me. Didn't they take the data anyway? Sounds like you should have your pitchfork out and pointed at Apple, et. al.
This is a privacy concern and that's real. It's not fake, it's real. Nobody is "feigning" concern, this is a real concern, we are not fake people writing fake opinions.
Look at how the NYT portrays the Blackberry Hub view as having access to the FB data required to render your feed, in order to render your FB feed... and equating it to a third party app having the same level of access.
For starters, a user agent requires that you enter your FB username and password in order to function.
If they rendered a Facebook feed through a browser the exact same data would have passed over the network, and the device would have had the same level of access to that data.
It is sloppy reporting and a disservice to the non-technical community to equate an embedded user agent with a third party app.
You seem to think the NYT wrote an article discussing the finer details of whether we can trust our personal devices to keep all the private data that flows through them. What I read seemed more like a sloppy hit-job on Facebook because it’s a popular punching bag of late.
Well, that's like problem number 15. Number one is to look at what you're giving to facebook.
Number 2 is to look at how much control you have over the intimacy of your own life and those around you, using or not.
Number 3 might be to look at how many phones/devices you can root, rip and reset (I mean, c'mon, the personal data sink on a phone is enormous and most have little to no say about what can be on it and when much less port and comms control).
Number 4 is maybe that any middlin' IQ ass with a badge or a note with some letterhead can scoop your kit. (See Number 1.)
Number 5 - Who makes the rules? (Don't think too hard on it, please.)
Facebook is easy. Fasebook is sleezy. Facebook is free. So? I think I'll trust my peers well before I trust any piece of must-have with a logo that gives you only tactile controls, at best. The masses do not choose wisely. (See Number 5.)
If you do the sharing then you need to do the caring. Button it up and bring it down. Believe it or not your likes are your own and if you don't like what they're doing now then shut it down. I know it's easier said than done for some but the keys to the kingdom are in corporate hands now. Good luck.
iPhone doesn't have it preinstalled, no, but if memory serves, there were integrations built in. At least for a while.
Why would they need this data though, really? Once you've bought the device, they could get at the interesting data outright if so inclined?
The NY Times piece even goes so far as to illustrate this in diagrams.
The graph was a phone book replacement... "white pages" for the Internet.
It was only when public discourse on FB pivoted to religion and politics; both very private and personal topics; that sentiment pivoted towards privacy... and removing themselves from discoverability on the graph.
"Michael LaForgia, a New York Times reporter, used the Hub app on a BlackBerry Z10 to log into Facebook." -- this is a phone announced in 2013.
I understand the concern with Facebook, but this article is presenting information from 4 years ago as if it's news.
Facebook's EULA pretty much gives them carte blanche to do whatever they want with the data you've provided them. Of course, who actually reads EULAs or cares about privacy anymore?
btw mozilla created a FB jail thats fully open-sourced a few months ago. use that on FF and it should alleviate some desktop tracking. access here:https://www.mozilla.org/en-US/firefox/facebookcontainer/
Let me know if marketing wants to license it.
I don't have a lot of hope on social media platforms respecting user privacy and avoid massive data collection and/or sharing. Privacy in today's world is for the privileged people, in various ways.
But I don't see the US ever breaking up FB in the coming decade, as the agenda is clearly not to fight monopolies and trusts.
I've said it before: FB should not have been allowed to buy them in the first place.
Pretty sad piece by NYTimes who are just trying to get views and probably have an agenda against FB (given how much FB is ravaging their business model).
This is FB's response: https://newsroom.fb.com/news/2018/06/why-we-disagree-with-th...
Whether very few of us like that or not, we keep going back to using Facebook anyway, how (long) can we avoid the platform where our family and friends (and billions of other mindless users) are?
When you create and use a Facebook account (or when a shadow profile is created for you), Facebook has (and has always had) the right to share anything and everything you publish on their platform with anyone they have a legal responsibility to (e.g., law enforcement) or commercial agreement with (e.g., advertisers).
All Facebook content is essentially public and should be treated as such.
That's what these stories are about -- things we can think about when drafting this new legislation, or interpreting old legislation.
Our system of laws is not set in stone, we can update it, and we will--for better or worse.
You say why should the laws change and why shouldn't we individually decide whether or not to play ball?
For one thing, Facebook creates profiles of people who don't have accounts, but for another, and more importantly:
Why should companies not be able to dump toxins in rivers? It's up to us whether we want to buy from that company and contribute to pollution -- or we could start up an EPA... which we did. Same deal with Facebook, sort of. Society can make whatever rules it wants, the only natural law is chaos, and of it we make order.
Our society needs to wise up.
I like the part "all these partnerships were built on a common interest" - tautologies always sound good.
As for the only actual defense (the data agreements), it was already in the NYT story.
friends’ information, like photos,
I have a friend named Tammy. Tammy has photos.
was only accessible on devices
Someone/thing can access these photos
when people made a decision to share their information with those friends
I decided to share information with Tammy. I now have access to her photos. I open some silly fb app. That app now has access to my friend Tammy's photos. According to this, Tammy may not even know that those photos have been compromised. She may have a son who is gay, but not out yet, and Tammy (being the understanding parent) is sharing with people she trusts. Now, unbeknownst to her, everything is out in the wild.
This is the problem.
We are not aware of any abuse by these companies.
Were you looking? Did you care? Do you now?
Because that's what we're talking about here: apps that allow users to access their Facebook accounts and interact with their friends through them. Not shady Zynga games or information-mining quizzes, but alternatives to the official Facebook app that are only allowed to "provide versions of the Facebook experience" and are created by major device manufacturers.
I'm curious how Facebook's continued willingness to allow web access to people's private information fits into all this too. After all, the user's web browser has access to all this dangerous personal information about their friends, it can certainly do all kinds of malicious things with it, and Facebook doesn't even have any kind of contractual relationship with the browser developers preventing this. Given how many shady browser extensions are out there this is certainly being abused right now. Should Facebook take down their web version too in the name of protecting gay children?
The moment facebook provides a way for a person to use a device to view information, they've simultaneously produced something the device's OS could use to exfiltrate that information. There's nothing facebook can practically* implement to allow Windows Phone users to use Facebook while preventing Microsoft from exfiltrating data.
Drop the API, and they can scrape webpages; it doesn't remove any fundamental barrier to information. If Facebook wanted/needed to limit access to this information from untrusted device manufacturers, a website is out of the question, and you couldn't just release a windows/android/linux app — you'd need to go per-manufacturer.
This leaves pretty much everyone worse off. [though it'd be pretty great for Apple.]
Users need to trust the manufacturer of the devices they use. There's room for regulation/enforcement to ensure that they can.
But holding services responsible for vetting the platforms that can access their data makes open platforms like the web untenable, and doesn't fix anything.
* Impractically, facebook could send and show encrypted data which can be decrypted by the user via pen & paper.