Hacker News new | past | comments | ask | show | jobs | submit login
Apple leaves Facebook offices in disarray after revoking app permissions (theguardian.com)
315 points by andyjohnson0 on Jan 31, 2019 | hide | past | web | favorite | 250 comments

FB is a company with a completely rotten top-down culture. Nothing is going to change until a huge set of executive leadership swap, or they are forced to by mean of legislation.

After apologizing thousands of times, they internally justify each of those breaches by rejecting the fault to "users" or other external factors (source: several friends working at Facebook, and reading public tweets of Facebook leaders).

The culture there is inherently anti-privacy and whoever fundamentally disagree is about to leave or has already left.

Not just that, the top-down structure is shaped after a cult of personality.

Talking to my friends who work at Apple, FB, Google, Amazon and others, facebookers are the only ones who seem to be willing to defend their leader on a personal level, as if they had a dear friend being attacked.

My other friends couldn't care less if someone criticizes or attacks Bezos, Tim Cook, Sundar and so on.

The only other company I can think that behaves in the same way is Tesla with Musk (well, an Apple with Jobs in the old days), but the key difference is that most Muskians don't seem to work for Tesla, and the folks I know at Tesla aren't actually obsessed with Musk.

In the case of FB, it is the opposite.

Have to agree. I've observed that there seems to be some hero worship in Facebook that employees use as justification for continuing to work there or being inspired to work only in Facebook (not anywhere else). The same process is also used to brush off every wrong that Mark Zuckerberg himself brushes off and/or apologizes (insincerely) for the millionth time.

It almost seems like a reinforcing self-selection mechanism is in place for such hero worship.

Maybe I am way off base, not knowing enough about these companies individual cultures, but

What I see from Apple, FB, and Google is too much optimism and belief in good. They arent cynical enough. "We are doing this gray area thing in a good way, and what we are doing WONT be used for bad." Its either sheer willpower of the leadership to force this culture OR its cognitive dissonance, OR its a lie and manipulative means to an end. In some way, I do believe Mark delusionally believes his "bringing the world closer together" so much so that it causes him to not think critically enough about how many people benefit from conflict and divide.

Apple takes a cynical approach to privacy, but an optimistic approach to the value of walled gardens.

Facebook takes a cynical approach to security and uptime, but an optimistic approach to evil social use. They default to "most people are good, and the few bad ones can be silenced. We can do this through AI and some eyeballs." Facebook, like many other companies is also WAY TOO OPTIMISTIC about people reading popups. People forget acknowledging something by the next day. People want to play a quiz, they are conditioned to click next next ok until they get to the quiz. Facebook vastly overestimates the majority of the populations care in knowing: is this safe to click, what are the consequences of clicking, do I know what I am doing, do i know how this works, do i care. You can honestly tell me that 99% of the world population understands what installing an SSL cert on their device actually does?

I think defending Mark amounts to people BELIEVING that the work they do WILL BE used for more good than bad. And people who distrust Facebook's competence care more about how tools can be used for bad than good. And so if you believe that youre building something that COULD be used for bad in the wrong hands (or you believe a competitor could build a more evil version first if you dont,) but believe you are the right hands to execute it in a positive way, you obviously are going to defend the leadership that vocalizes and spreads that belief among the workforce.

Apple would do good to give up a little on vendor lockin. Their turning point was iTunes being available on Windows. Microsoft, Google, and Facebook have all come to terms with making their best products run on all platforms. Homekit could be a good start. If spouses are split Apple/Anrdoid, they should both be able to manage a smarthome equally. Apple should be releasing killer apps that function fully on other platforms, but have some added benefit when run on their more integrated os.

Facebook would do good to stop believing that speech is good by default, and focus on amplifying "good" speech, instead of spending monumental effort to downrank "bad" speech. Facebook needs to let go of its cognitive dissonance, where it believes sharing twerk or fall viral videos equates people sharing their personal social experiences with close friends. Facebook may need to give up on its belief that one platform can function all as reddit/youtube and craigslist/vacationbabyphotos.

(As for google, they are way too optimistic that their org structure will support building and launching a product, and then iterating it. No one with any semblance of historical context trusts them anymore after reader/allo etc.)

A hair off topic, but is Muskrat ever used as a denotative?

I haven't heard that before, but ... I like it! I hope that 'muskrat' makes its way into the lexicon.

Same here! The two terms I've heard describing the cultists so far are Muskians and Zuckerboys (and we should also include Zurckergals and Zuckerfolks).

This is mostly a millenials thing. I don't know why young people are fixated with the Zuckerbers and Bezos of the world. Did I miss something the past 15 years?. I'm in my 40s

Having idols is a young people thing. Young folks just didn't used to attach to business leaders as much as they do now. When I was a kid, typical idols were music stars, actors, sports stars. The Internet created a new category of success for young people, and therefore created a new category of idols for young people.

Geez, we are lucky the Koch brothers build their empire before the social media was a thing, otherwise they will be also considered "influencers and trend setters"

Result of a lack of community, friends and local family support system. Work has become Church, the CEO head of the flock, your role becoming your identity, bowing at the alter of RSUs and total comp.

And new HQ buildings are the cathedrals of our time.

That sounds like sampling bias rather than a real generational trait. Corporate culture like this isn't universal but it goes back to before many millennials were even born. It's become stronger in cases where it's part of the justification for extremely high compensation but it's an inevitable failure mode for human social systems.

This is probably everyone and their dog have an irrational belief that Zuck is a comic book villain when in reality he's just a regular old capitalist.

Nah, good old capitalists are rarely trying to create a religion after them, going around the country and taking pictures feeding baby cows.

Zuckerberg is indeed a good old capitalist, but one who doesn't want to be seen as a capitalist, but as a messianic savior.

That's why you create a for-profit company and call it an "Initiative" focused on "advancing human potential and promote equality".

Yep, look no further than Sheryl Sandberg still doubling down on defending this practice: https://www.cnbc.com/2019/01/30/facebooks-sheryl-sandberg-de...

Like you said, rotten from the top-down.

They think they can keep using an apology tour to dismiss all past misdeeds ("we have work to do"). It looks silly at this point and completely incompetent.

As evidenced by Stamos' departure and decision not to replace him.

> source: several friends working at Facebook, and reading public tweets of Facebook leaders

The people I know at Facebook have been resorting to whataboutism (everyone is doing it, look at the Google app doing the same thing, for sure Apple is also hiring market research firms who do the same thing, why aren't you concerned about AT&T/Verizon, etc etc)

Whataboutism seems to be the go-to fallacy used by Facebook leaders.

See for example the ex CSO deviating the discussion to Apple privacy concerns in China: https://twitter.com/alexstamos/status/1090918043969114112

To be fair, whataboutism is rampant here too, on Reddit, and basically any forum with company fans. Any time a “Company A does something unethical” article comes up, people will always come out of the woodwork to defend with “Well Companies B and C do it too!”

I understand how FB was not using Apple's enterprise development program in good faith. Apple clearly has a right to do what they did.

I don't understand why FB is in hot water with the public for what they did. Users were informed that data collection was taking place and they were compensated for it. Now, was it wise on the users' part to join this program? Perhaps not, but last time I checked this is still a free country and people can sell their property for as much or as little as they want.

On NPR this morning I heard the argument that a lot of the detail of what is collected and how it is used is buried in the T&C. So what? Have we lost sight of personal responsibility? How naive are people? If you are getting something for free from a large corporation you're not getting it out the kindness of their heart. They are making money somehow. That is how the world works.

Panic, moral or otherwise, about this sort of stuff is going to push the tech industry into realm of regulatory capture. Well funded companies will be able to afford and absorb compliance costs where small bootstrapped startups, lifestyle businesses, and indie developers will be pushed out of the market.

I think the issues are: - they were collecting data from users who were below legal age for responsibility and/or local laws about collecting data about minors. - The general public know very little about everything. Companies have a moral duty to not only educate their users but also to not do wrong.

Personal responsibility is a flag many people wave but it's a farce. That argument can be used for anything, from seatbelts, to smoking, to privacy. It is impossible for everyone to know enough to make informed choices about EVERYTHING. There is a need for societal organisations (governments, NGOs, responsible journalism) to provide guidance to the public and legal limits in order to provide protection to the whole.

How interesting that you would choose as your examples "seatbelts", "smoking", and "privacy".

If you print in large letters on every pack of cigarettes, "SMOKING KILLS" and people still choose to smoke, should a benevolent government be allowed to prevent an individual's poor choice?

Right now, we allow the sale of cigarettes and prohibit the sale of raw milk.

Don't you see any room for personal responsibility? None?

Smoking is an interesting example because the negative effects aren't just confined to the individual. Smoking a cigarette is the atmospheric equivalent of peeing in the pool except it also causes cancer and other health issues. Maybe it's actually an important example because it's an undeniable illustration of 2nd order effects, which are less pronounced in other cases but probably still exist.

And "any room for personal responsibility"? There are plenty of domains of behavior that aren't regulated; there's a whole world of choices individuals are responsible for alone.

Various forms of regulation regarding smoking, seat belts, and yes, even raw milk are all working in areas where limited human capacity for evaluating risk meets deadly consequences. Privacy is arguably different since it's unlikely to be directly deadly, but it does meet risk evaluation limits and adds in that incentives of 3rd parties are against individual incentives, and many of those 3rd parties have incredible resources available to them in order to obscure behavior and subvert protections. A collective response is a reasonable one.

Privacy also meets your test for “second-hand” negative effects. You can be a monk, but someone snapping a picture and writing up a post can destroy your privacy as well as using the service yourself. More realistically, you can use FB for the bare minimum, but if your friends and family use it a lot, your privacy is gone again.

Some of the people using the Facebook spy app in this case were as young as 13 -- with "signed parental consent forms".

What do you think would be the proper response to a store selling cigarettes to 13-year-olds as long as they had a parent's signature? I think we'd still step in and stop them. The government can even revoke their license to sell tobacco to anyone in that case.

There's no "personal responsibility" at issue here. Our society has decided that 13-year-olds aren't old enough to give consent. I suspect there would have been less outcry, and for a different reason, had everyone involved in this issue been above the age of majority.

I'm eagerly waiting for Facebook to release T&C with terms as simple as "SMOKING KILLS". Yes, companies have to cover their asses and legalese is complex, but I'm assuming that nothing prevents them from having simplified, non-binding version of T&C available.

My first thought is that the simplified terms would be argued to be the real terms in court.

Isn't it something that more legalese in T&C could solve? Or a huge warning before simplified terms? I think I've seen few companies publish simplified terms, but I'd have to search for the examples now.

Do I need to go through 500 pages of convoluted legal bullshit to understand smoking kills me?

I'm not sure seatbelts/smoking are the best examples, because the negative consequences are quite clear and understood by most of society. I've never met a smoker that continued to smoke under the assumption it was good for them.

The consequences of privacy violations are much more nuanced; most people don't understand how data they enter onto a website will be used. And it's clear a lot of those companies want to continue to keep people in the dark about it, because it would likely freak them out.

Thought experiment: if cigarettes were invented today, do you think they would be legal?

Wow, what a condescending view point that people can't possibly think through things on their own without other people making decisions for them.

1. Parents need to monitor their child's Internet and phone activity. Why is it FB's responsibility to do that for them?

2. Smoking, seatbelts, and privacy are all personal choices that people should be able to make for themselves. You don't need to know that much to make an informed choice. It's called common sense and it is something that is disappearing and with it so are our rights.

> Wow, what a condescending view point that people can't possibly think through things on their own without other people making decisions for them.


> Smoking, seatbelts, and privacy are all personal choices that people should be able to make for themselves.

There is a legal minimum age for purchasing cigarettes. Most states have laws requiring the use of seatbelts. So why shouldn’t some power, be it governmental or corporate, push people towards protecting their privacy?

If you’re going to cherrypick counterexamples to the idea that people can think things through and make the right decision for themselves maybe try picking, ya know, counterexamples?

Monitoring internet activity is FB’s business. That’s how they make their money. That’s the product they sell to advertisers. Since this is their product they have responsibilities in this regard, no?

If I let you monitor all of my internet activity then no big deal. There are no society wide consequences from this. If a company the size of Facebook can do this then there are society wide consequences. Some of those consequences are good and some are bad. We need to mitigate the bad consequences. This is analogous to the mortgage industry problems back in 2008. If I make a bad loan to you no big deal. But if I make millions of bad loans that can wreck the entire economy then there’s a problem that society ought to mitigate against.

Actually I'm really happy that I was informed from my young age that smoking decreases my life expectancy. I never smoked in my life (except once-twice for trying it out).

I wish I knew this for air pollution as well, as I didn't care about it, and now I'm feeling the consequences every day.

Just the fact that smoking can lead to cancer is a recent development that improved the lives of so many people, it's statistically significant in the average life expectancy of the human race. But to get here it took fight from many researchers, regulators and non-profit organizations. This has nothing to do with common sense.

One more thing: have you seen the video of the child who's smoking at 2? Is he doing it because he's lacking common sense?

Facebook isn't in hotwater with the public. No one gives a shit about any of this except us nerds. https://www.cnbc.com/2019/01/30/facebook-us-revenue-growth-o...

I generally agree but a couple times in the last few weeks I have had friends and family make comments about ditching facebook, and neither is at all technically inclined. It's possible that the message is making it to regular people, and once that ship sails there is no bringing it back into the dock.

Everyone I know who is not in tech has already dropped out or only uses Instagram. (I know Facebook owns Insta) I think Mark knows how useless Facebook is to people which is why he is aggressively trying to maximize his profits and still using really dumb PR tactics. He has been milking the idiots and kids for years, whats another 3.

The issue wasn't the app exists and people were using it. It was the demographic this app was targeting.

The app was targeting 13 to 35 year olds. People under 18 has to get parental permission which was literally just selecting a box.

The $20 of free money is a big deal for a kid and they might not have the best idea of what they're giving away with agreeing to this.

It's a really scummy move and possibly illegal to target kids like this.

another perspective: FB's big mistake was paying these users too little.

if FB had paid, say, $2000 a month instead of $20, the users would have been angry at Apple for forcing such a program to stop. FB would look like a force for good.

instead, FB cheaped out.

There are so many places on the world where $2000 a month is more than most people get. Of course they didn't pay that much. I would probably consider it seriously given that currently I get about $800 and that is still considered average.

But that's a great example! If FB were paying you $2000 a month as a participant in this FB program, and then suddenly Apple made it so that FB could no longer operate this program -- would you be unhappy with FB or with Apple?

But paying such a large amount would certainly draw more attention to the program itself? It might have caused a ruckus earlier and be shut down in the very early stages by Apple. At that point it might not have affected that many people and not so many people would be angry at Apple.

I believe the amount was a way of treading a fine line between being a significant amount for the targeted audience, but not too much to attract too many people.

I still think it would've been an issue to do that for kids as well.

They should've just targeted 18+

They did not make it clear that this app could bypass SSL. I've talked to numerous people on reddit who installed the app thinking that they were safe because all their communication was encrypted, not realizing that the whole point of the app is to bypass encryption.

> Have we lost sight of personal responsibility? How naive are people?

How can you blame this on personal responsibility when you need a law degree to understand the terms and conditions? Like many here I am intelligent and educated and I have an extremely difficult time understanding the legalese the T&C are written in. The average person would have an even harder time if they bothered to read it at all. Some lawyers have spoken out that they have a hard time understanding these agreements.

I would argue that there is no way any reasonable person would think the users were properly informed. You can't be properly informed when you have little to no chance of understanding what you're agreeing to without at least one lawyer.

>Facebook paid users as young as 13 to install an app that gave the company access to everything their phone sent or received over the internet.

This is a big part of why they're in hot water.

>Perhaps not, but last time I checked this is still a free country and people can sell their property for as much or as little as they want.

Children? No.

> Children? No.

OK, this is completely off topic, but I just came across an interesting fact about children and consent.

For most medical procedures in most states, a minor needs parental consent. But suppose the parent themselves is also a minor?

In 30 states that minor parent can consent for their child, even though they would not be able to consent for the same procedure for themselves!

In the other 20 states what would happen is unclear, as this is covered neither be policy or case law.

As an EMS provider, the parent part trumps the consent part. It's a little different for us, as "emergent care" is certainly different from elective care.

> In 30 states that minor parent can consent for their child, even though they would not be able to consent for the same procedure for themselves!

That's definitely the awkward part!

If I had a nickel for every time someone appealed to "won't someone think of the children!" as an excuse to add more regulation and to squash individual rights and responsibility I might be able to afford one of Apple's iPhones.

This isn't a "won't someone think of the children" moment. Facebook targeted people who are not legally able to give consent and join in a contract, to try and get them into a contract. The same ethical and legal issues would exist if Facebook was targeting severely mentally disabled people who cant legally consent to a contract

This isn’t some “think of the children” excuse and regulation already exists here...but I suspect you know that.

I don't think most people would have truly understood how much control Facebook had over their phone with the access given. It's not as simple as "the user clicked 'I consent,' so it's ok." For better or worse, we have become conditioned to clicking "I agree" because we are bombarded with hundreds of pages of legalese to use anything these days. I don't think this absolves companies from acting ethically.


Someone from BBC showed just how much of a joke this consent form is anyway:


> Have we lost sight of personal responsibility? How naive are people? If you are getting something for free from a large corporation you're not getting it out the kindness of their heart. They are making money somehow. That is how the world works.

We can argue about this particular instance, but I think your argument is pretty flawed; it seems to imply that if I agree to a deal with a company, I can't be upset about ANYTHING slipped into the T&C. It really depends on what it is.

Yes, these people expected to trade some information for money, but it isn't naive of them to expect some reasonable limits to what they were collecting.

Although you may be technically correct, it doesn't matter.

People don't read T&C, and they don't like having companies spy on them like this. If companies won't be up front about their data collection (and burying the notice in a T&C isn't being up front) they'll just have to suffer the consequences when people find out.

Being glib, maybe Facebook and its employees (not the users) should stop being so naive. People aren't going to be happy when they fully understand what's been happening under the cover of "you agreed to the T&Cs", and it's Facebooks own fault. That's why this sort of news makes people happy in a perverse way. Facebook is a net negative to society, and it's funny watching bad things happen to the company.

I don't understand why this is all that controversial either. Is it really any different than what Nielson does with set meters to capture people's TV watching behavior?

I mean, doesn't it depend on what they are collecting? If it turns out that Nielson slipped something into their T&C that says they can turn on a listening device and listen to conversations in the house, it would be just as troublesome.

There are limits to what is reasonable in these sorts of deals, and if you are asking for something that most people would think is unreasonable, you better make it very clear when someone is signing up. You can't bury it in the T&C.

Yeah, I guess it all depends on whether or not the participants knew what they were signing up for. If Facebook said install this we will pay you to monitor your location, internet traffic, and app usage then there really shouldn't be an controversy (other than the Apple terms violation). Do we know for a fact that this info actually was buried in their T&C though?

FB has opened themselves up to a world of hurt in this endeavor. The copious privacy issues aside, the is an easy question of 'what happens when...' that I cannot fathom how their legal counsel overlooked.

For example: One of the persons that they were closely monitoring decides to harm themselves or others in a somewhat 'newsworthy' way. Think the plethora of young people with access to certain classes of firearms. A contrived set of circumstances could exist where that young person could have been stopped by the monitors at FB, yet was allowed to continue all the same, through the sheer stupidity/negligence of FB. Though this is only one scenario, there exist many others; I think anyone can come up with at least a dozen in under an hour.

Yes, the T&Cs 'cover' their asses in these events (morality be damned), but there are loopholes upon loopholes that can be quickly found when the camera crews start swarming and saying 'oh, but the kiddos!'.

Whatever legal counsel is at FB these days is too cavalier; they may be thinking that they can just throw a firm's worth of lawyers at any problem and bankrupt the opposing party. This is a very grave mistake. I suspect that any competent/moral lawyers have up and left by now, leaving only the amoral/incompetent attorneys that are just fine suckling off of FB. The evaporative effect is in full force at FB now (the Elves have left Middle Earth [0]).

[0] https://steveblank.com/2009/12/21/the-elves-leave-middle-ear...

>Have we lost sight of personal responsibility?

Implying that individual people can keep up with legalese written in an intentionally misleading way by teams of lawyers is crazy. Especially when seemingly every single company and sale is treated like that.

It is effectively impossible for an average person to understand every agreement you need to make to be part of modern society, and that is by design of the companies

> people can sell their property for as much or as little as they want

This is correct, and when you figure out a way for people to sell only their data to FB/whoever, I will be right onboard, but while companies like FB are sucking in as much data about me as they can, in ways I can't control, I will have to disagree with you strongly.

I don't buy the personal responsibility argument here - most technology companies (Apple included) have extremely dense EULAs or T&C documents that are often designed to confuse, rather than clarify. Root access might be something that most people on HN understand without explanation, but my teenage sister likely doesn't.

> If you are getting something for free from a large corporation you're not getting it out the kindness of their heart. They are making money somehow.

Facebook always lead with how they're a "community". They make their money from ads. But that never leads. Facebook isn't sold as a place where you see ads - it's a place where you "connect with friends." There's a sophisticated business that 13 year olds might not inherently understand.

> Have we lost sight of personal responsibility?

Yes. FB have.

It's related to what we already know about Facebook: They are willing to bend the rules and engage in questionable behavior.

They were happy to violate the terms of Apple's enterprise development program. Yet another display of disrespect. So how can the public trust Facebook with their data?

It’s really hard to not be brought joy by Facebook being kicked like this. But on a less emotional level, if one wants to change Facebook culture and behavior, it’s hard to see causing a lot of individual employee pain (in addition to the business as a whole) as in any way a bad thing.

Especially as this causes frustration for Facebook employees that directly stems from Facebook’s misconduct, rather than holding Facebook customers hostage.

I agree. It was individual employees who violated the agreement - if it makes Facebook employees actually think about their actions then overall it’s a good thing.

It’s gotten to the point where I start to ask myself - if you work or Facebook, are you a good person? My personal opinion is that you might be, but you are likely are not.

One wonders what actually would effect change on the part of Facebook. Clearly the market doesn't care about the ethical lapses beyond the major initial headlines.

The truth is that Facebook wouldn't be able to get away with a lot this if they didn't have an incredibly talented engineering division. And even though most individuals aren't making these terrible decisions, they definitely support them through their work.

If Facebook becomes an unattractive destination due to the social cost of working there, that might bring about change.

"It was individual employees who violated the agreement"

How do you know this? Facebook invested well over a hundred million dollars into this particular app, I would have to hear some very compelling arguments to see this episode as "misconduct of individual employees".

That being said I agree with the stance on thinking before doing, it's just that I don't believe that Facebooks operational conduct is rooted in individual employees, but rather in their company culture, values and leadership.

I don't think that's the parents point, but instead that inside the "blob" Facebook individuals have made the decisions, and bear direct responsibility for what happened. "Company culture" doesn't absolve the individual.

Absolutely and I wouldn't want to imply so.

I have been saying for a long time that out industry needs an ethical code of conduct. And employees who willingly work for companies acting unethically should be shunned throughout the industry.

Imagine a world where people knew that having Facebook or SCO or Palantir on your resume meant automatic rejection by any company subscribing to the code of conduct. Unethical companies would face huge pressure from their own workforce to clean up their act.

This reminds me of the saying way back in 2016 American elections:

“If you vote for Trump, it doesn’t mean that you’re not a good person, but it does mean that someone being a bad person isn’t a deal breaker for your support”

I think that sentence could start off with “If you work for Zuck...” just as well.

Or the person is not 15 years old, and doesn't believe there are "good persons" in politics, or that the alternatives (in GOP or Dems) were better people.

Or the person goes even further, and doesn't believe the puritan tenet that "good person == good politician". There were excellent politicians that were bad in their behavior, and vice versa.

E.g. the person might care more about not encouraging a hawkish member of the establishment, that continued to beat the drum of American supremacy and threatened even more wars and tension coming on (e.g. with Iran) -- compared to merely voting someone who is e.g. sexist (as if that matters for the kind of decisions a President takes).

Being sexist doesn’t matter for the kinds of decisions a president makes? Excuse me? Supreme Court justice nominations, for instance?

In fact, the Supreme Court invalidates your entrie argument, because guess what: I want people I think are “good people” to be in charge of interpreting the constitution. I think everybody can agree with that.

>Being sexist doesn’t matter for the kinds of decisions a president makes? Excuse me? Supreme Court justice nominations, for instance?

Yeah, it doesn't matter. Worse case you get more male justices. What do you really expect will happen? Some justice will be unpointed which will undo women's voting rights or equality laws?

>In fact, the Supreme Court invalidates your entrie argument, because guess what: I want people I think are “good people” to be in charge of interpreting the constitution. I think everybody can agree with that.

Well, I don't agree with that. I would not care less if one of my "constitutional interpreters" drinks, takes cocaine, or has extra marital affairs for example. I only care that the direction they take the law is good. There have been legendary lawmakers and politicians that had all kinds of personal vices.

Then again, I'm not American, so I don't have the puritan trait. You guys managed to have a problem with the personal life of MLK too. Nobody in Europe would even think to ask such a BS question:


Given that’s exactly what has happened, yes I do think that’s what would happen. I’m sure even as a non-American you’re aware of Brett Kavanaugh and his potential effect on abortion law.

And I don’t care what they do in their personal life either. I care about how those things will effect they laws the pass: if someone drinks and does cocaine and has extramarital affairs, but doesn’t fuck over women/minorities, I’m all for them. If someone does the opposite, I’m against them.

> sexist (as if that matters for the kind of decisions a President takes).

Considering that the President has an powerful role in all federal legislation, an even more powerful role in federal regulation, and can appoint like minded people to a variety of positions (including, but not limited to, the federal judiciary) that have extensive influence and whose terms extend beyond his own, yeah, bigotry—whether based in gender, race, religion, or whatever else—in that office matters quite a bit.

Definitely agree.

I know good people working for Facebook, but it does make me think "After everything you know about Facebook, the fact you would still work there, makes me respect you a lot less"

This is true, but doesn't mean what most think it does because it doesn't address knowledge/belief about whether someone's bad. Someone could vote for Trump because they're an idiot. To an extent that's true of working for Zuck as well, except that Facebook has a much more rigorous interview process than the White House. While it's not good to be an idiot, it's not the same as being amoral and I think that's what most people read in the original statement. Consider these alternatives.

"If you vote for Trump and know he's bad..."

"...it does mean that the possibility of someone being a bad person..."

Not quite the same, eh?

Google shat themselves and unpublished something similar and apologized heh.

I wonder if Apple has done a tremendous favor to web applications because in hindsight letting Apple (or any of these companies) have a company-wide on/off switch for your own apps like that is a bad idea.


Wow, good find. Apple should absolutely be revoking Google’s certificate as well in this case.

But they use the enterprise certificate for their external “research” apps, because they are doing things on the device (using internal APIs) that an approved app is not permitted to do, and that is certainly not possible through the web browser.

Of course their internal-use apps could be WebView almost certainly.

If only life had been as simple as dropping an .apk on their phone...

I don't expect Facebook to get a whole lot of sympathy, but really, Apple's power on device owned by customers is ridiculous.

Right. I love hating on FB as much as the next person but the stronghold Apple has over the hardware is absolutely unreal. Imagine buying $10M worth of iPhones every year for your workforce and then Apple pulling your critical software because there's no alternative way to side load apps for the market research department. Which, by the way, might be a bit scummy but as far as I can see theres no indication they have broken any laws there either.

Makes you wonder who really owns the phone?

I don't agree.

FB can still side load apps all they want, they just can't do it on an enterprise scale like they currently do because they've abused their enterprise agreement.

This is not different than abusing (say) Microsofts MSSQL to host on a 10,000 core machine when you have a 2 core license.

"Who really owns the phone" is a misnomer, because you've licensed the OS. The physical hardware is of course yours but the OS remains property of Apple, your data remains the property of you. This is especially clear if you take the time to read the EULA. (Although EULA's have questionable legality in many parts of the world)

It’s a very good point that a less efficient way to side load apps onto an iPhone exists.

The enterprise cert program and associated software and infrastructure allows efficient internal side-loading under specific licensing conditions. If you break the license you don’t get to keeping using the product just because you bought the hardware that that licensed software happens to run on!

What less efficient way to side load apps exist? Flying the person to FB HQ and plugging their phone into a developers machine by USB? Yeah, right.

No, collecting UDIDs and using (multiple) standard developer accounts.

With TestFlight you don't even need to collect UDIDs or even email accounts anymore. And that's 10,000 users per app.

TestFlight requires going through a partial app review processes.

True. I'm surprised the enterprise app doesn't involve the same review.

It shouldn't involve the same review. Apps internal to a company might break some rules set by Apple, but are agreed to by the employee in question via their contract or consent. The whole point of the enterprise distribution system is to easily distribute apps inside your organization.

Facebook clearly abused the distribution system here.

> Which, by the way, might be a bit scummy but as far as I can see theres no indication they have broken any laws there either.

It broke the agreement they made with Apple to get the key and as such Apple revoked the key. It seems very cut and dry to me.

FB first broke their appstore agreement with Apple (resulting in the app getting kicked out of the appstore), then violated another agreement, which was subsequently cancelled by Apple.

My point is Apple offers no alternative.

Why should they? Facebook went out of their way to abuse the rules, but should get an exception because they buy a lot of iPhones?

You don't understand what parent comment is saying ... it complains Apple's closed environment not allowing of any apps to be installed in anyone's phone unless app is downloaded from AppStore.

> Apple's closed environment not allowing of any apps to be installed in anyone's phone unless app is downloaded from AppStore

Except the enterprise distribution which is what Facebook fucked up by breaking the rules. You have to try really hard to get that revoked, Facebook did and now they're in a tough spot. This is fine.


Maybe so, but please don't post unsubstantive comments here, and especially please don't be rude.

When someone is wrong, post correct information so we all can learn, or simply don't post.


I don't think anybody's suggesting that Facebook should be an exception - rather, it would be good if Apple allowed everybody to sideload iphone apps (other than enterprise and developer keys, which are both great for their niche but not general-purpose)

Apple should offer an alternative way to load apps onto the phones that Facebook paid for that can't be revoked.

The market has no alternative is the real story here

TINA (there is no alternative)

Some people buy iphone precisely because Apple does things like this, and they want effective privacy settings enforced on their device.

But yeah, it does still make you wonder...

Why does Facebook need to use native apps for employee shuttle and information portal? They could use a web page or PWA saved to the phone's home screen.

iOS deliberately has no notification options available for PWAs and various other shortcomings to push people into the app store. I imagine internal enterprise apps need those.

People like native apps. This isn't just Facebook; other companies in the valley do the same thing.

> Apple's power on device owned by customers is ridiculous

It's a feature I appreciate. Malware is a serious problem and one I'd rather not deal with on my phone.

I don't think anybody is forcing you to avoid the app store? Your love of curated app-stores and other people's love of side-loading aren't mutually exclusive...

If you tell the average user they need to sideload your app to access some free content, they will happily click past any number of scary warnings. I personally would appreciate being able to sideload, but there’s a reason iPhones don’t get laden with crapware in the hands of someone inexperienced with tech the way that desktop computers do. Does that mean we shouldn’t support sideloading? No idea. But there are trade offs.

It is as soon as several must-have apps (say, the ones all your friends and family use to communicate) are side-load only. If they allow other channels to install apps and make them easy enough that non-nerds can do it, network effects will quickly make it de facto necessary to run at least some apps from outside the app store.

Then, learn to check what you install? Make it require XCode or something, that may solve the problem.

iPhone users pay a premium to have a third party evaluate apps before they’re out on the App Store. If they wanted to do the evaluation themselves, they wouldn’t pay that premium.

> iPhone users pay a premium to have a third party evaluate apps before they’re out on the App Store.

And I appreciate that they provide that service and happily pay premium for it.

But I'd still like a way to load apps that they don't approve.

I would like the ability as well, but I can see the argument against it. If you provide that vector, there will be plenty of people trying to attack it. If you are staking a claim on privacy and security, you want to minimize the number of attack vectors on your devices.

Download XCode, compile the app yourself, load it onto your phone. Now you have apps on your phone that do not need Apple approval.

What if I want to install closed source apps?

I don't think this ever crosses an iPhone user's mind one bit.

And being a former iPhone dev, they really didn't vet much of anything, it was mostly what the employee was feeling that day that got your app accepted or not. This was back in 2013 or so, so things may have changed, but it really was a coin flip...

Then don't buy an iPhone?

I don't understand why people keep bringing up this point.

Yes, it's your phone but it's not your app store. One can use an iPhone without ever opening the app store.

That level of control is exactly one of the reasons why I don't buy devices from Apple. If FB think they can use iPhones and mess with Apple's licensing terms they are very delusional. Hopefully this was (another) wake up call for everybody.

That's why I don't buy iPhone. But I keep blaiming so that I can use iPhone after it is resolved.

I agree, but try using an Apple TV without an account...

> Apple's power on device owned by customers is ridiculous

It's a feature.

FB Employees do get the choice of either 2 Android phones (a Galaxy S9 or a Pixel 3, IIRC) or an iPhone so I'd wager they're just going to make a build system for their iPhone employees to sideload the apps through their internal build process or something.

You can only sideload to devices that are registered in your Apple Developer account, and there's a 100-count limit per each device class (iPhone/iPad, i.e.). This doesn't seem feasible.

Another option is TestFlight, but for devices that aren't registered (so-called "external beta") the app has to go through some App Store review.

That's true, don't know how their developer accounts work.

I guess then they'll have to beg for forgiveness or just spin the native apps into web apps. I feel sorry for their Enterprise Engineering team!

Does this mean there is ultimately no way of running your own code on your iDevices without first going through Apple?

Essentially, yes. The OS enforces that an app bundle is signed by a cert that was issued by Apple.

Without going through Apple at all, the only option is jailbreaking, to bypass the signing check. No one's figured out (publicly) how to jailbreak the last two major versions, though, as far as I know (there were some jailbreaks that worked for iOS 11 betas).

Another option still involves getting a cert from Apple, but it's free. You just need to create an Apple ID. The limitation here is that you have to re-install the app (IIRC) every seven days.

It seems the article almost wants us to feel sorry for Facebook.

Facebook are really the Oracle of the "social" tech companies. They are not even pretending to be good or follow rules. As long as cash / clicks / impressions keep coming in nothing is off the table.

Google is struggling with its positive PR image, every time they fall short they are judged by the "Don't be evil" motto and everything it entailed. Facebook doesn't have to worry about such details and it's easier for them in a way. Their shares are going up as we saw recently, CA scandal didn't do much damage, everything is great.

> “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organisation.

Watch them pivot to "these researchers are part of the Facebook family, so their network device are considered part of the internal network's edge, we did nothing wrong".

This is where regulation eventually has to come in, IMO. People like to talk about how the market will solve problems, but per today's posts about Facebook racking up thousands of dollars of credit card charges from 5 year olds and their positive earnings results, the market looks at these kind of things and says "Yep, this is great for our bottom line." Facebook isn't going to fix itself.

Yeah, corporate titans punishing each other when the government won’t do anything is a clear path to dystopia.

Uber is worse, but they aren't a FAANG member

I would characterize it as more annoying than anything else. It’s not like we couldn’t work or we had productions issues because of it.

Sounds like you might work at Facebook. If so, mild inconvenience or not, I am glad it happened. Going around the terms stated in an agreement to accomplish something forbidden by the agreement is a type of fraud. Fraud is illegal.

People are really starting to hate Facebook these days, and your guys' attitude doesn't seem to be changing much because of it. I, for one, LOVE this, because it means by the time you do recognize your sliding favor among customers, it will be too late for you to do anything about it. You will become the new Myspace, which is exactly what you deserve to be.

If you don't work for Facebook, then none of the above applies to you.

[EDIT:] the parent comment was deleted. The comment stated something to the effect of "It wasn't a big deal, it didn't affect our workflows or production applications."

I didn’t delete or edit my comment.

I completely understand now what my friends at Uber were saying about the Internet hivemind and especially the HN hivemind.

Journalists routinely manipulate their stories to tell the story they want to tell, and right now it’s “Facebook is evil.” You are entitled to your opinion but nothing I or my coworkers do is evil and we would never engage in anything unethical. In a large company there will always be bad apples but to paint an entire company as somehow being a conspiracy is frankly mind boggling.

I would love to turn the mirror on all the haters and see how their lives would be if journalists reported manipulated facts on the worst moments of their lives.

> You are entitled to your opinion but nothing I or my coworkers do is evil and we would never engage in anything unethical.

This is somewhat of a pet peeve of mine, but there are relatively few cases where there is near-universal agreement of what is or is not ethical (i.e. "ethical" is a value judgment); that's why ethics courses teach methods and structures to argue one way or the other.

Your particular case is, I am fairly sure, not one of those "universal agreement" cases. I don't know what exactly you do at Facebook, but a number of people conclude that some or large parts of Facebooks operation are unethical.

Additionally, individual conduct in a larger system is generally not pertinent to the outcome of said larger system. An usual example is people in the Manhattan project not knowing that they are working towards offensive nuclear weapons, and of course various examples related to Nazis, but that may not be the best example when you (the recipient) seem to be trapped in a world of absolute ethics.

Facebook has had countless incidents of violating user privacy and trust. This is just the latest. When a company has the same problems happening over and over across different departments it's clear there's a company-wide problem.

Even without the definitely-evil incidents that have occurred, simply greedily collecting and then hoarding that much information about people is so grossly and willfully negligent as to qualify. The very basis of everything they do is hopelessly tainted.

Yes, that makes an awful lot of other companies—not just tech-first companies—pretty damn evil, too. "Everyone's doing it" and "it's not illegal and is making us money" aren't defenses I accept for this disgusting behavior.

[EDIT] that said, piling on people for working at evil companies is probably unproductive and unfair for many of the same reasons that e.g. boycotts are wildly ineffective, plus such a large percentage of the economy's kinda-evil that the whole thing would get confusing and nasty and kinda pointless. Piling on someone for being delusional about whether their employer is evil, though... well, that's an awful lot less unfair.

> nothing I or my coworkers do is evil and we would never engage in anything unethical.

Don't you see? Everyone who turned out to be evil in the end would have said and felt the exact same way while they were actually doing their evil. People and corporations do the things they do because they feel they have the right to do those things, and that they are justified in doing those things, in virtually all cases. That is the case for people and corporations who, in hindsight, did lots of evil and unethical things as well.

In the future that may very well include Facebook. And every last Facebook employee will claim that they had no idea what was going on, and/or that they weren't a part of the "evil side" of Facebook, or whatever they have to say to themselves to maintain the illusion that they did nothing wrong.

Your actions alone are not what decide if what you are doing is immoral. If you are in the armed services and you assemble or maintain weaponry designed to kill people (as I did in the US Air Force) then that work is arguably evil and immoral. I feel that what I did was immoral, and at the time I would have laughed at anyone that said turning a torque wrench is immoral. I was doing my job. I was tightening bolts to 100 in/lb and I was putting guidance systems onto test equipment to make sure they worked. I was making sure that those devices would kill when someone set them loose. I definitely did not believe that I was doing anything wrong at the time, and I definitely believe that I was in the wrong today, depending on how those weapons are or will be used. If they are used to sate some evil maniac like our current president then I did immoral work. If they are used to keep peace, then I did not. Weapons are rarely used to keep peace, however. Grenades are not peacekeeping weapons. Scatter bombs are not peacekeeping weapons.

Facebook spying on children without consent is not a justifiable action. Facebook working around the language of their agreement with Apple in order to do something forbidden by that agreement is not a justifiable action.

> Journalists routinely manipulate their stories to tell the story they want to tell, and right now it’s “Facebook is evil.”

Could you point to something that was reported in the main-stream press about a Facebook incident that was untrue?


Speaking of systemic effects, please don't pile on this user, or any other individual who happens to be in a position that the majority hates right now. That quickly develops into an ugly dynamic that we don't want here. What you posted at https://news.ycombinator.com/item?id=19046964 is unmistakeably a step in that brutal direction.

This comment goes for everybody.

> Going around the terms stated in an agreement to accomplish something forbidden by the agreement is a type of fraud. Fraud is illegal.

It’s going to be hard for me to take this seriously on a website where the traditional way to read WSJ and NYT articles is by using services that violate the newspaper ToS. It just sounds like pseudo-sanctimony.

I agree in principle, but you are unfairly painting every person on HN as if they agree with such behavior.

You mean like painting all of Facebook bad because of a few bad apples?

Certainly I find it suspicious if both views are simultaneously upvoted. If you must, read my comment as impugning the integrity of those who actually hold both views. Considering that both the view that TOS are sacrosanct and the view that HN readers should have paywall free access to these news sources are widely popular and have few, if any, detractors, I’m quite comfortable saying what I did.

Thanks for helping to ruin the world through advertising.

Attacking another user like that will get you banned here, regardless of how strongly you feel about Facebook or how right you are or feel.

The guidelines also ask you not to snark on HN. Please review https://news.ycombinator.com/newsguidelines.html and follow the rules when posting here.

I agree, Dang, - however - A suggestion for something for YC/HN to do:

Find a way to have a serious objective talk with the greater community on the extraordinarily global reaching issues of the impact of Silicon Valley on society, community, culture as a whole.

Look at what we have to just emerge in the last 1.5 decades alone from "unicorns" in silicon valley:

* US policy seemingly being set/disrupted via twitter

* Mental health studies coming out on the negative impact of Facebook

* Election manipulation through ad-powered platforms such as Google and FB

* Massive cultural dialogue and political revolutions being fueled through twitter

* Assassinations being corroborated through Apple an watch

* Global spying and surveillance conducted through all our connected technology

Just to name a few of the globally impactful issues of our day which directly stem from the efforts of Silicon Valley in specific and the tech industry in general.

As the preeminent VC company in the minds of any young entrepreneur who wants to build the Next Big Thing, I would pose that YC actually has a social responsibility to, at a minimum, foster a conversation on these issues in a meaningful, serious and deep manner.

What are the consequences of MASSIVE success of a company?

I don't know of any way to have a serious objective talk with the greater community.

I can't imagine these topics and questions don't informally come up, but it would be healthy to figure out a way to broach them...

I don’t like Facebook either, but personal attack’s are not acceptable on this forum. Isn’t being able to talk to someone who works for Facebook better than not being able to talk to them at all? Why would this person continue to post if they know they will just be attacked?

Maybe they would think twice about continuing to burn the most productive years of their only life at this company if they knew what people thought of them.

Regardless of your opinion on Facebook, I don't think its employees should have to deal with a personal attack like that. It's one thing to try to get them to reconsider their viewpoint on their job, and quite another to flippantly call them out with a response that doesn't foster discussion.

> Apple has left Facebook’s campus in disarray after the company revoked the social network’s permission to build or run employee-only applications, according to reports. Employees were reportedly left unable to read cafeteria menus, call for inter-office transport or use versions of the social network’s own apps.

If you just ignore all the evil things Facebook did. The moral of the story is don't relies on a non-free computer and OS.

Kind of? But this is so far off from being anywhere Apple's fault, that I can only theoretically agree.

Facebook really shot themselves in the foot.

A good option for RMS, but as a practical matter impossible for normal people.

Two things: first, this seems like a reasonable response to the breach Facebook committed.

Second, it illustrates the folly behind relying on the continued good will of a 3rd party offering an essentially (or very nearly) free service. If Facebook was licensing EDCs for millions a year, this ban might not have been the first reaction Apple took.

> If Facebook was licensing EDCs for millions a year, this ban might not have been the first reaction Apple took.

Why would Facebook do this, and how?

They can't do it, that's not how Apple's EDC licensing works. I wasn't proposing they should have paid more-- My point was that customers paying for a product have more leverage than those receiving one for free, and so relying on a free product for pieces of your business operations can put you in a tenuous position.

It seems like there's something getting lost here. A lot of comments and even articles make it sound like Apple is retaliating against fb at random, which is not true. FB had an internal app agreement with apple to distribute apps to it's employees. Probably this one: https://developer.apple.com/programs/enterprise/

They violated the terms of the agreement, and therefore the have lost access. They also probably violated the terms of the app store as a whole, but who knows.

Whether or not one should have to be part of that program to install Enterprise apps is a different issue.

Wrong title, should be “FB left their offices in disarray by using their enterprise cert to spy on kids”. What utter muppets.

And... their stock is up.

Stock price is trailing indicator

Facebook has become a privacy nightmare

It's never been anything else.

This brings a smile to my face. I don't care anymore what excuses people come up for Facebook's behavior. Enough is enough and Facebook has crossed the line years ago. No remorse, no forgiveness.

fully agree. Even though I'm not fully onboard with Apple's huge power over their phones, in this specific case the enemy of my enemy is my friend.

I just hope they haven't awoken a sleeping giant. Facebook has enormous capital and engineering capacity. If they decided to have their own app store and/or phone ecosystem, their brand might position them as a viable competitor to Google or Apple. But would we be better off for it?

They already tried their own phone ecosystem. I'm not saying that they shouldn't/can't try again, but it seems like Facebook's hubris is their worst enemy.

"We have invented something no one else has thought of. A small personal computerised device. Now you're able to stay docked twenty-four seven. On the bus. You can dock. On the subway. Stay docked. You can be docked in at home, and at the same time, you're docking with some kids at the public pool. We went to the guys at Fruit Computers and we told them we wanted to make our hardware as compatible as possible... Now you can dock your Lifeinvader to an iFruit or any other device, and it'll take all the data off and reformat it into Lifeinvader-friendly information.


Oh wow, you're right. I'd forgotten. Well, that's a relief -- having already failed is a big disincentive to them doing it again.

I am.

I'd suggest getting a Pixel or other Android device if Apple's privacy stance bothers you. They will act on behalf of the consumer, regardless if you feel like "but it's my phone!".

Yes, it's your phone. But not your app store. You can use your iPhone perfectly well without ever having opened the app store.

Android is spyware, with a slightly more humane face. Not touching it with a 10 foot pole.

I am pessimistic on the issue because people prefer to pay indirectly because it feels like it's free and everybody likes free.

The business model of FB and Google deviates from Apple in a major way, with Apple you give the money and get the service. With Google and FB, you get the service and the cost is added to the stuff you buy. It's not necessarily even a price increase, maybe it's just directing the money from the billboard owners to the technologists.

I don't see how FB or Google can lose unless someone in power(like a politician or an activist businessman) makes it stop despite the popular opinion. The fight between advertisers is vicious and FB doesn't look like afraid of getting its hands dirty.

For someone somewhere "evil" Apple screwed up their entertainment on that FB app which just gives away free stuff and even pays you to use their VPN.

> with Apple you give the money and get the service

I mostly agree but to be fair with Apple you rent the service. They dictate what you are allowed to install on your phone, only after they deem it suitable.

It would cost you billions of dollar to buy the service, that's why you rent it. You can buy the hardware though.

Apple doesn't dictate what you can install on your phone, you can install whatever you want using the developer tools.

What Apple dictates is what people can distribute on their App Store.

For users for whom the developer tools aren't a realistic option, which is the vast majority of them, apple does dictate what you can install on your phone.

For the rest of us, for the low low price of $100 to join the developer program plus $1000 for a Mac, we can get the ability to install software that we can build, which more-or-less precludes sideloading as an option for commercial software.

So, for all practical purposes, yes, Apple does dictate what you can install on their phone. The question is really whether you think that that's a feature or a misfeature.

That's different from controlling what YOU as a user can install on your phone. Apple controlls what you can make people install on their phones.

These are vastly different things. You own your phone and you can do whatever you want with it. It's just that you can't use Apple's distribution channels to spread you code.

You also can't put your own code on it without a developer key, and Apple is the gatekeeper for getting a developer key.

Theoretically you could bypass everything by replacing the OS, except that you can't replace the OS without yet another key that Apple isn't sharing with anyone.

No, you don't have to hack anything, you can write your code and run it on your iPhone that's running the legit iOS without going through Apple's review process.

People who develop apps do it everyday many times because they need to run their code on devices. You don't ask apple for permission every time you press the build button.

You don't have to go through the review process for getting an app approved for the app store. But you do still have to apply for a developer key, and buy the necessary additional equipment (which can only legally be Apple hardware), and comply with the associated contractual agreement.

That does mean Apple has a nonzero amount of control over that channel, too.

You try hard to hate on Apple :) Of course, you need to buy the necessary equipment.

Do you want to make holes? Then you buy a drill.

Literally every piece of electronics in front of me right now is either an Apple device, or connected to an Apple device.

I'm not hating on them. I'm just advocating a realistic perspective on the situation. iOS is a walled garden. That some people (myself included) see that as a net positive doesn't make it not one.

So I have to pay yearly rent to write and install my own apps onto my phone? And if I do not pay that rent it stops functioning? What if I want to install an app someone else wrote onto my phone but doesn't want to put it in the App Store? I get what you are saying but I don't want my mom approving what I install onto the device I paid for.

>What if I want to install an app someone else wrote onto my phone but doesn't want to put it in the App Store?

That other person gives you the sourcecode, you compile it an install it on your device.

Oh BTW, you don't have to pay for dev account anymore if you don't intend to distribute your app.

That's not true. This whole story is about Facebook's enterprise signing cert being revoked so they can no longer distribute apps outside the app store. Please stop spreading misinformation.


There you have it. They can make the stuff opensource, put it on GitHub and let people install themeslves.

This is Apple controlling the distribution, it's not about controlling what's installed on the devices.

People can install the spyware freely.

> What Apple dictates is what people can distribute on their App Store.

That's the unfortunate status quo. But it would absolutely be possible to legislate Apple (and Google Play Services - grey area) to allow 3rd party stores/apps.

There's no gray area there, Google Play Services is just as much of a lock as the Apple App Store.

They dictate what you run on the phone if it requires using their native SDK. Aside from the Flash event almost a decade ago, they haven't tried to restrict web content

Except they restrict all browsers to use Webkit, which is rather limited.

To see the differences between iOS Safari/webkit and Chrome on Android:


I haven't had an Android phone in almost a decade using just iPhones. iOS's web browser game is actually the most frustrating part about Apple's walled garden for me.

You can compile your own browser and install it. People act as if Apple is sending the police if they install an App that doesn't meet Apple's guidelines. Limitations are about the distribution on the App Store.

> You can compile your own browser and install it.

Not really; you're basically limited to WebKit if you want acceptable performance.

Why would that be? Does Tim Cook pray at nights to slow down other peoples code on iPhone?

It's your code and it will run as fast as you make it, you can't expect Apple to make your code as good as WebKit.

> Does Tim Cook pray at nights to slow down other peoples code on iPhone?

No, but the security team tries their best to keep unsigned, dynamically generated code (such as what might come out of your browser's JIT JavaScript engine) from running.

could not agree more!

I disagree. What is “line” you referred to and who gets to define it?

No one forced you to use Facebook. Look, I don’t use FB, and I don’t particular respect Mark or Sheryl, but the daily barrage of anti tech posts crapping on FB, Apple, or Amazon are turning this place into armchairs experts and politicians all pretending to be on some moral high ground when their own employers are likely just as greed driven.

We need comprehensive regulation IMO. What that should look like, I’m not qualified to say. Regardless, it’s sad to see hacker news morph into Reddit.

I don't use Facebook either and yet they still collect data on me. Its the same issue that happened with Experian leaking data on people who never did business with Experian.

I'd be comfortable calling that a line that got crossed

I wouldn’t. That line doesn’t exist, at least in the laws of the legal system. It might cross your own moral boundary, but that’s intrinsic to you and subjective at best.

I’m not defending them as a company. I do think the rest of the media is just as horrible and would seize a similar opportunity if given the chance.

We are in dire need of regulation here.

> We are in dire need of regulation here.

In many cases internet regulation, especially the sort that would curb data misuse, is a scarier line to cross.

>>I wouldn’t. That line doesn’t exist, at least in the laws of the legal system.

Who cares? It is well known that the legal system trails technology by at least a decade. Therefore, it should be clear that we are discussing a line of an ethical nature, not a legal one.

Well said, we have to get past this "well you have a choice" nonsense. Data is too easily acquired and cross-referenced for that to be remotely true anymore.

Experian's entire business model is built around collecting data about people who have never interacted directly with Experian. In fact, our entire system of credit would break down unless there were ways for lenders to know the credit-worthiness of their borrowers. Now, very good arguments can be made that credit rating has an inherent conflict of interest if privatized. But that's another conversation. In this one, we seem to continually fail to distinguish between 'information about you' and 'private information.' There is clearly a distinction. Figuring out exactly what that distinction is almost certainly a regulatory problem.

People report their personal wealth and income to the local tax authority every year, presumably that tells you something about a person's financial credibility.

It's down to the unfortunate reality that people aren't the actual customers of Facebook or Experian, their actual customers are advertisers and lenders (principally there's a few other people but basically anyone who's asked you for permission for a credit report). Under that lens it makes perfect sense that both would have information about everyone because it makes them more valuable.

It's easier to see with Experian because people pretty much never actually use their credit report actively but rather monitor it to know what the actual users will see about them. It's a metric about you rather than a metric for you. Same basic schema applies to the advertiser profile Facebook builds. They've just built a facade to get you to give them a lot of info willingly (in the case of users).

> It's down to the unfortunate reality that people aren't the actual customers of Facebook or Experian, their actual customers are advertisers and lenders

These are kind of opposite cases, aren't they?

With Facebook, their actual customers are people who want to have a relationship with you.

With Experian, their actual customers are people who you want to have a relationship with.

Lenders also want to have a relationship with you too. They want to make all the loans they can as long as they're good loans. Either way it doesn't change the dynamic that much for the average person they're the product, or I suppose more accurately information about them is the product and the companies are the customer.

I agree. I also think that we need a lot more regulations, because the problem isn't only Facebook, there are so many companies that hold/collect/sell our information, and that's the bigger problem in my opinion, Facebook is just the biggest one so we hear about it the most.

Just because you don't use Facebook doesn't mean that some other company isn't doing the same thing with your data, you just probably haven't heard of it.

Explain shadow accounts then. Those people didn’t even sign up for Facebook!


I wonder how pervasive the abuse of the EDC for customer-facing apps actually is. If this got through FB / Google's legal teams, they might know of others who have done this without consequence.

My co-worker put it best: "This is Uber-level scumminess"

1) WTF, FB? Don't go around violating license terms.

2) Why do developers tolerate a platform that doesn't allow developers to deploy apps wherever they want?

2) probably because a lot of consumers buy iPhones? Can’t speak for Facebooks internal use though...

Title is inaccurate: _Facebook_ leaves Facebook offices in disarray after Apple revoked app permissions.

Facebook made their enterprise development certificate a single point of failure and then messed up by abusing it?

That's so dumb that it's actually funny.

Found the engineer :)

Let’s make our internal systems depend on the good will of an outside company that is marginaly a competitor.

The worse part is there has to be someone that KNEW they where in violation.

FB seems to have a culture of is okay to be scum if we get what we need since we can always just say sorry.

Yes. Are they utterly oblivious to the eventuality that a policy of "break things now, apologize later" will receive the world's cold shoulder?

> The worse part is there has to be someone that KNEW they where in violation.

Given the timeline outlined in the TechCrunch article it seems practically certain to me that they intentionally used the Apple EDP infrastructure to circumvent Apple's ban on literally the same app.

> Let’s make our internal systems depend on the good will of an outside company that is marginaly a competitor.

What's the alternative for internal-only apps?

They could develop their own phone.

Apple, the maker of the hardware, is also a stakeholder in users’ privacy. They are not obligated to assist Facebook in the undermining of users’ privacy. If their stance on privacy does not meet Facebook’s requirements, Facebook is free to develop their own phone to run their own apps.

They could have started by understanding that another company has control over their infra and maybe not be evil. That being said, a web app (like the FT uses on IOS so they do not have to cut in apple on $) that is a saved web clipping would work without having to load an application.

It would have taken time to get a second enterprise development certificate.

So they probably did it in order to move fast. . . and then they broke things.

Apple only allows/signs one cert per company. And the process to get one requires an annoying amount of paperwork about your business

Should have set up a new, disposable company to handle the research. Helps shield them from more than just Apple.

Apparently Google did exactly the same thing! Their “research” app only targeted adults though, which still violates Apple policy but is a lot less scummy.

That's not quite true - minors could be included but had to be associated with someone over 18.

Apple's policy is one certificate per company. So it being a single point of failure is unavoidable.

Could have used a different company for it (although then it possibly would have attracted attention earlier)

You mean, commit fraud? Don’t give them ideas!

Not sure how owning a market research subsidiary would make it any more fraudulent than it already is. (It's of course also not a full protection against Apple deciding the parent deserves to be punished too)

Oops, forgot that they don't play by the normal rules. Indeed, they have committed fraud a few times. Just ask those who buy advertising from them.

Getting enterprise certificate is not easy and requires manual approval from Apple for registered company. I can imagine that getting another one can be hard, if ever possible.

And in this instance apple could just have blacklisted both

FB should have seen this coming, honestly. What did they expect?

Turns out Facebook can just Facetime Apple users to get all the data they need anyway.

Also, why even offer accounts if you just shadowban everybody? It's gay. Ycombinator is gay.

There's software that filters comments based on past abuses by trolls. New accounts are subject to more of these filters.

We review the comments that get killed that way, unkill the good ones, and mark accounts legit when it's clear they're posting in good faith.

FB, forget vr, time to make your own phone.

Who in their right mind would trust that?

Presumably FB has similar versions of internal apps for Android which has no remote kill switch since side loading is allowed.

Employees could just switch to Android if they are worried about Apple killing their apps.

I’m not sure about an Android internal app, all employees are given brand new iPhone x’s.

When I worked there we all had to use the internal fb and IG apps and do all communication through them.

Switching to android would mean a huge IT change and mean replacing every employees phone.

> all employees are given brand new iPhone x’s. > [...] > replacing every employees phone

Huh? Employees are given a choice of iPhone or Android; the full infrastructure stack already exists for both, internal apps are built and deployed for both. I'm pretty sure that IT could switch the whole company to Android overnight if they had the hardware in stock...

Guess I was misktaken. I had the choice between a thinkpad and MacBook and given an iPhone, didn’t realize we could get an android or just didn’t pay attention...

Oh yeah, I'm loving this.

ouch! it’s an appropriate response.

Apple would be a great company if it didn't botch 'right to repair', overprice their products, and restrict their OS and APIs. Regardless, there's not much 'American' left in American tech products, let alone all US products. Apple and Essential are the only two cell phone manufacturers left, if that, and Essential just dropped theirs :( Somebody needs to make it cost effective to print circuit boards and encasing frameworks so we can move our tech back to the US. At least Apple is pushing back against Facebook and the NSA/gov. Everybody else is selling our privacy.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact