Hacker News new | comments | show | ask | jobs | submit login

>> people shouldn't buy phones from the manufacturers they don't trust.

You're literally hosting your life on it. You should indeed not do this.




True, but let's say you bought a DSLR camera, wouldn't it irritate you if the manufacturer was secretly uploading your pictures elsewhere for others to use against you? To most, such practises would seem beyond intrusive. I sort of feel that this is what's happened here, albeit, in a subtler manner.


> secretly uploading your pictures

What if instead of it being a secret, it was a big button with “upload photo to Facebook” on it?

If Facebook outsourced the implementation of that button for each different type of camera to the respective camera manufacturers, rather than implementing it themselves, would that change it from a non-problem to a problem?


Is there any evidence that has happened? That sounds like it goes directly against the APIs terms of service. If device manufacturers are doing that, they could equally upload your passwords from the browser.


>. If device manufacturers are doing that, they could equally upload your passwords from the browser.

And then fb should tell you about unusual accesses to your account unless the phone vendor is also your Telco and extremely careful.

In OSes you can theoretically attack any app, but it is a pain to even debug them with different versions, changes to their custom storage formats, etc.. Unless they build an ABI, document which parts are stable and give it to you.


FB can tell you about it but there is no law mandating anti-hijack security features. Nevermind that the spyware can be inserted in the client itself or in the official gateway supplied by Huawei, necessary "for technical reasons", making it completely invisible.

Once the manufacturer goes outside the licensed API and uses your credentials to do more than Facebook allows, it commits an actual crime against you in most jurisdictions.


I'm sure people will be investigating and finding a few examples of on phone API violations then transferred.

My bet: no criminal cases. Facebook charging less than 50k for violation of an API contract on data that isn't theirs, if numbers are disclosed. No standing for users except in a class action that get $5 or less on a new phone or $2 or less as a check.


> And then fb should tell you about unusual accesses to your account unless the phone vendor is also your Telco and extremely careful.

With the API, presumably there's an auth token that is only stored on your device. Facebook should also be able to detect unusual access with an auth token. Really, the auth token makes it easier to detect funny business than a username/password.


What if your friend does this and gets your data, even though you got the safe phone. Do we now have to be aware and affected by the technology choices of all of our friends? The problem here is that you are affected by not just your decision but the decisions of anyone who has access to your data on Facebook.


There aren't a whole lot of (i.e. _any_) good actors because the market does not incentivize them. You can't rely on capitalism to resolve the Prisoner's Dilemma here. This is why Right to Repair legislation has become necessary, for example.


> There aren't a whole lot of (i.e. _any_) good actors because the market does not incentivize them

Apple is a pretty good actor in this regard though, and they're clearly betting a lot on markets to realize the attractiveness of that.

> This is why Right to Repair legislation has become necessary, for example.

I'm not sure I see how a "bad" actor (maybe like Apple) in terms of the Right to Repair is relevant in the context of trusting device manufacturers. If anything I think Apple's (somewhat self-serving albeit not completely detached from reality) argument would be, and has been e.g. https://news.ycombinator.com/item?id=11047359, that their control of device repairs and servicing decreases the risk of malicious software or hardware components being installed.


Apple is not a "Pretty good actor". Better than some, yes, but good? No.


Honestly, Apple's privacy move over the years is genius. Its going to be a long time, maybe never, before I buy something besides an iPhone. I don't even like Phones(in general) that much and Apples aggressive cable policies drive me insane but this is getting really scary.


That was an unusually balanced perspective in a debate that usually tends to lack much nuance here.

FWIW I'm partially in the same boat: I like Apple the company and I'm happy for everyone that likes and uses their products but I'm kind of incompatible myself.


just because something is true doesn't make it a good defense of facebook.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: