Hacker News new | past | comments | ask | show | jobs | submit login
A Privacy-Focused Vision for Social Networking (facebook.com)
133 points by minimaxir 16 days ago | hide | past | web | favorite | 68 comments

They might want to finish up the "Clear History" feature he announced last May [0] first...

> "If you watch the presentation, we really had nothing to show anyone," said one person, who was close to F8. "Mark just wanted to score some points." [1]

[0] https://www.recode.net/2018/12/17/18140062/facebook-clear-hi...

[1] https://www.buzzfeednews.com/article/ryanmac/facebook-privac...

This isn't just a humanitarian gesture by Zuckerberg; this is a move to address an existential threat to Facebook. The writing has been on the wall for years: teens don't use Facebook. Instead of letting go of the social feed and the unified social platform vision, Facebook has just piled more crap onto the platform by buying competitors or just building out their features. The result is the overloaded, overfeatured Facebook with no actual social interaction we know today.

Teens know that they could easily become the next victim of the national outrage and humiliation machine. They never wanted to share their fun with grandma and their future employers. They don't want to be their own PR agent and cultivate an online persona. They want to experiment, express themselves freely with no repercussions, do stupid shit and face no consequences; in other words, have the same childhood everyone had before the internet came around. The content you see on Snapchat and Instagram reflects that: is not designed for permanency, it's not meant for adults, it's not meant for Facebook. What Mark is saying here is that he recognizes that reality, and hopefully will begin to tear down the old Facebook infrastructure.

Social media is the business of cool, and Facebook today is currently more GE than startup. If Zuckerberg is going to deliver this vision, he is going to need to let go of a lot of things that Facebook built over the years and maybe even start from the ground up.

Yeah, right. The US Congress is currently considering a Federal privacy law which will severely impact Facebook's business model.[1] Facebook is pushing for a Federal privacy law which will preempt California's new law, which turns on in 2020.

[1] https://www.economist.com/united-states/2019/02/28/congress-...

I just don't believe that he actually means any of this. Facebook's actions over the years do not indicate that Mark Zuckerberg cares about the privacy of his users.

Even if he does care, you can't trust him to be honest or to think their behavior all the way through. The theme in Facebook's behavior is that they put profits over privacy, but also that they don't understand what privacy really means when they do try to respect it.

I'd go so far as to say that there is no point in even bothering to read the article because of this.

I see downvotes, but I have to agree.

I skim-read this, partly because it’s ludicrously long, but mostly because my feeling about Facebook at this point — more than a feeling, my entire mental map of the company — tells me that this is just a big pile of horse shit.

Put another way: this memo could have said pretty much anything, but as long as it purports to be about Facebook doing “a privacy thing”, I’m just going to ignore it.

Why would I believe them?

Facebook's business model is 100% incompatible with really preserving user privacy.

Well, what does a CEO do, really? He's saying the right things, in public, which matters more than what he thinks in private.

It means at least some Facebook employees will be empowered to take action on it, because the top boss said so. We'll see what they end up building.

Let's say Facebook actually pulls this off. They deliver a privacy-focused social media platform. It's used by billions of people, daily.

How do they make money off it? If everything is encrypted, they cannot have targeted ads. They can't read the data to push ads for different demographics.

Personally, I think a (more) private social network is a great idea. But I don't see how Facebook's financial incentives align with whatever this is.

There's a good chance this is where the interoperability comes into play. They might not be able to track direct communications but people will still interact with public content on places such as Instagram. As soon as accounts are linked they'll be able to advertise in places such as WhatsApp based on likes in Instagram.

They can still target ads, just not on the content of the messages. A lot of people put their birthdays and genders and like lots of brands on Facebook.

That is a really good question - whats more likely, they fully pivot and really don't gobble up all this user data and keep conversations private and take a hit on mainline revenue, or they SAY they're going to do this stuff, release something that looks slightly more private but don't do any of it?

The market right now isn't shook at all, no change after hours. If it had anything remotely to do with the magnitude of what they're suggesting the stock would be down quite a lot.

Do you think this privacy-oriented platform will be free?

I think it'll be: free Facebook is old Facebook (we will own your data) .. profit-Facebook is new Facebook (pay us to keep your secrets) ...

This isn't going anywhere :

People that don't "care" -in the sense HN does- about privacy will stay in the free tier. Why should they pay now?

People that do care have either stopped using the platform or will be not be trusting FB enough to bother.

The obvious way is financial services.

My favourite bit: "As we build our infrastructure around the world, we've chosen not to build data centers in countries that have a track record of violating human rights like privacy or freedom of expression."

Facebook is literally built on violating user privacy.

So not in America. Or Britain. Or Germany.

Where are those data centers? Switzerland?

Switzerland’s neutrality is entirely self serving, and they seem to have no problems with taking stolen assets from monsters if it makes them money.

Switzerland: “We don’t violate human rights, but we’re the bankers for those that do.”

> First, Apple doesn't allow apps to interoperate with SMS on their devices, so we'd only be able to do this on Android.

Mark, I don't want you to read my SMS. Thanks.

The man needs to hire a copy editor. My girlfriend would have that down to 70% of its current length on the first pass.

This was my thought too, it sounds like something written for Wikipedia Simple English.

Given Facebook's massively global user base, it's not unlikely that it was edited to have a similar style as Wikipedia Simple English.

> Over the next year and beyond, there are a lot more details and tradeoffs to work through related to each of these principles. A lot of this work is in the early stages, and we are committed to consulting with experts, advocates, industry partners, and governments -- including law enforcement and regulators -- around the world to get these decisions right.

Translation: we want to head off regulation by giving empty assurances to lawmakers that we're working on the problem, but we plan to slow walk this so we can continue business-as-usual for the foreseeable future.

A lengthy article with no mention of meta-data. And this is where the key is, Facebook has realised that they don't need to track you around the internet. People give Facebook the data it needs by contacting businesses on WhatsApp. Someone who has contacted a bike shop is of course interested in bikes.

Smart strategy for keeping the majority of their user base happy. Think it will work and they will continue to grow. (Regardless of how the HNews bubble feels about it)

I feel like we've come a long way in educating the general public about the importance of data privacy but reading some of the comments on this Facebook post made me realize there's still quite a lot of work to be done.

He's right. It's possible the facebook brand may have to step into the background to do it, but this decision for tech companies is being forced by governments now.

It makes sense to take an independent stance, as arguably in most markets today, governments need the consent of facebook users more than facebook needs the consent of governments.

I have always been a facebook skeptic, but this post comes at a very crucial time for encryption policy and the role of globalized tech companies. When Barak Obama said in a speech some years ago something to the effect of how we can't have people walking around with swiss bank accounts in their pockets, as far as many countries without sophisticated interception programs are concerned, they have had to live with the equivalent for the last 10 years.

To me, Zuckerberg's post signals that large tech companies are looking at their 5-10 year horizons and placing small bets that they are going to outlast their opposition on encryption. Brexit is going to cost both the UK and Europe their negotiating leverage, and surveillance in the US won't get a popular mandate.

There are obviously immediate product and competitive needs, but I think his post was driven by macro factors like these.

The only way forward for privacy would be the complete deconstruction of the facebook machine. There is nothing that can be done to salvage this beast. Don't be the last person to delete your account. We can turn facebook into myspace. All it takes is for you to let go of your excuses of why you still use their awful products.

This is all well and good but where's the apology? Where's the I was wrong? Like it or not, Zuckerberg has a personal brand that screams I'll screw you over if it'll get me to my goals. Nobody is going to trust him, or Facebook, until he rehabilitates himself, and this doesn't cut it.

Comments (on the letter) like these are why FB still exists:

> Data protection is a huge concern for us all, and appreciate Facebook are working to making this platform the best it can be, with our safety in mind.

> Thanks Mark & the FB team.

I mean, seriously? That is some strong Kool-Aide that person has drunk.

I applaud this vision, but Facebook is not the one to do it. They have gone too much in the other direction over the years.

I believe the main problem is the lack of GOOD SOFTWARE alternatives to facebook and google. How would you collaborate on a document without google docs? Or share videos without YouTube or Facebook? We have all the hardware we need but not the software. And I mean this in a big way: we don’t even have consumer software for local area networks anymore!

Watch this and let me know what you think:


The word "encrypt" appears 24 times.

But the following weasel words let Facebook shout "end-to-end encryption" from the rooftops while quietly undermining it with back doors.

> There are still many open questions here and we'll consult with safety experts, law enforcement and governments on the best ways to implement safety measures [in end-to-end encryption].

There is no way Facebook will make their services truly secure, end-to-end. They just want to clean their badly stained reputation by pretending to do so.

They are notably trying to redefine the term "end-to-end" which was meant to say contents are not possible to see for anyone but the parties communicating. Law enforcements suggestion to fix end-to-end encryption for their purposes is to break/remove/circumvent the encryption, do key escrow, etc, at which point it is NOT end-to-end.

>"I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever. This is the future I hope we will help bring about. "

Yes that will be the future and it won't be on FB. You are helping bring it about alright but mostly as a reaction to your awful policies and practices.

>"I understand that many people don't think Facebook can or would even want to build this kind of privacy-focused platform -- because frankly we don't currently have a strong reputation for building privacy protective services, and we've historically focused on tools for more open sharing."

That's only partially why people think that Mark. Let's not leave out your outright lies and omissions in front of Congress last year along with your other public denials. You don't have a good or credible reputation period.

>"I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it."

And FB, advertisers and whomever else who ponies up some cash are assumed to always be included in that group as well. And this is exactly why nobody buys a word of your bullshit.

If facebook wants us to believe that it is committed to privacy in the ways that it is suggesting here, than the solutions being proposed here (basically another E2EE messenger) are not sufficient.

Facebook can promise to put itself out of business, spending its cash reserves on development of an ecosystem of interoperable, open source, fully decentralized solutions to replace all of what it does with no central authority and no possibility of censorship or surveillance.

It can find ways for this new decentralized network to be accessible in China, unlike its current platform.

Instead of saying "we'll consult with safety experts, law enforcement and governments on the best ways to implement safety measures," it can expressly refrain from working in any capacity with governments who seek to inhibit speech or expression on the internet.

It can disclose all of the algorithms and decisions that produce the news feed and allow people to opt in or out of them, ensuring that their news feed is not a means of manipulation.

I mean, I can go on and on course. None of this takes any serious genius, just a decision to prioritize freedom and justice in society over money.

Here is how you actually do it. Social Networking would just be sharing of keys. We need open web standards for it:


I wonder, who is supposed to be the recipient of that message. People, who care about privacy, will never believe it.

>"People, who care about privacy, will never believe it."

It's hard to imagine that anyone who's even remotely familiar with him will believe it either. It's the lead story on nytimes.com now and tenor of the comments is no different than that of HN regarding his nonsense blog post.

Lawmakers. This is Facebook's attempt at "nothing to see here!" They're laying the groundwork to argue there's no need for regulation because they're proactively making privacy-oriented changes to their platform.

The near-term catalyst is the pending settlement (or litigation) w/ FTC. Regulators are the intended audience.

> We plan to start by making it possible for you to send messages to your contacts using any of our services,

Didn't Facebook Messanger use XMPP back when the service was new? It sounds like they're going to a closed version.

The entire idea of a privacy-focussed social network seems oxymoronic. I agree there are practical improvements to be made to social networking to address the unintended or unpredicted consequences of data sharing (including regulation). But calling the social network itself 'privacy focussed' sets the wrong impression. Better inform users about what is happening to their data, but don't sell your product as private when it isn't.

Sounds great; setting a reminder to check in on Facebook in a few years.

Not too happy that my data from my deleted account might actually be gone by the time Facebook becomes privacy aware.

Seriously, I saw the movie, it took a few college kids a few months; now a rewrite for privacy will take years?

They’re buying time, and I am pretty sure people are already willing to buy privacy. Why can’t they sell that?willing

The DNA of Facebook does not support marks vision of close communities and private communication. Kodak made one of the first digital cameras, but it was, at is core, an analog company. Facebook, at its core, is a company that vacuums data to sell back to advertisers. Targeted ads in a private chat will never feel private, no matter how loud they scream that it is.

I missed the section on:

Advertising Profiles

People expect that if they don't have a Facebook account we aren't mining their friends' address books to build profiles of them that can't be erased because they aren't our customers. We are sorry that we did that and after deleting them earlier this morning we will no longer operate that way...

(not a quote, just what I'd like to have seen)

They'd never agree to delete their shadow profiles though. The thing about facebook is that they have over a billion users and information probably about another billion non-users.

Until they believe in the root of privacy, they'll never be privacy-focused.

Translation: "We're finally getting a bit worried about all this talk about social media regulation. Still, we're going to do our best to implement the smallest possible privacy changes to minimize the impact on our revenues, while still looking like "we're doing something" about the privacy scandals."

Heh, no. This is yet more empty promises. They'll not do anything in this letter.

I wonder if the aim of this statement is to make it harder for a privacy focused social network to raise money.

Sure... whatever... I'm going to be in the Late Majority or Laggards on this train.

He should have submitted this to the Onion. Seems like a real missed opportunity.

Coming from Facebook? Yeah right. I'd say I would believe it when I see it, but given their shadiness I still wouldn't believe it.

Could some kind soul with enough genuine interest slog through this monster and post a few-sentence summary?

I read the entire thing and it's honestly not worth summarizing. There's nothing of substance, just a lot of empty platitudes. He describes a lot of generic privacy protections (limiting metadata collection, reducing data permanence, secure data storage) but says nothing as to how or when Facebook will ever implement them.

It basically boils down to a promise that Facebook will "think about privacy" at some unspecified future date.

> But we've repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.

Do people really want bots in their private messages? Didn't Instagram and Facebook steal the stories feature from Snapchat?

What people really want is React. How about making a React library for making facebook apps? Like AWS Amplify, but for Facebook.

Let the fox guard the henhouse

With a title like that I expected a link to an Onion article.

You're getting downvoted, but I for one thought that was spot on :)

When I saw the headline, at first I thought it was an old article that you can read in a different light and have a laugh.

Writing it now is just obnoxious. A lot of text with no meaningful content, mentioning a bunch of problems without offering solutions and without taking any responsibility.

Don't talk about "people prefer", "people expect", "working towards" and "we as a society" - you created this. With all of its problems, and all of the ethical and legal violations. You did things this way because it was extremely profitable and you are still doing it.

How does anyone take him seriously at this point?

This is similar to McDonalds wanting to help fight obesity by adding a salad to the menu.

Mark Zuckerberg has exactly zero credibility at this point.

cityzen 16 days ago [flagged]

It's like Freaky Friday but it's Wacky Wednesday. Waiting for Trump to announce that he's opening the Whitehouse to immigrants until they get on their feet.

Sorry Mark, no one believes you dummy.


I'm sure I said plenty of dumb things when I was a teenager. There has to be a statute of limitations on these things.

Are you now the CEO of a publicly traded company, making statements about privacy directly to the people you insulted previously, without even addressing the horrible insults you stated previously?

> There has to be a statute of limitations on these things.

On what things? How? Directly insulting someone, and then just ignoring that you did it - while asking for their trust, which you previously said someone was a "dumb fuck" for giving - isn't something people are going to forget out of politeness for some "statute of limitations".

And lol, I just asked for an apology, not for him to be in prison or something. It's for his benefit - I'm offering some advice: if he wants trust, the place he has to start is by apologizing and asking for forgiveness first. Nothing else will mean anything.

If Mark wants more money, and he wants trust to get there, he should apologize clearly and explain why he has changed. He should also demonstrate that Facebook is willing to - and will carry out - changing incentives to align to privacy.

Step 1: Apologize

Step 2: Offer a real change.

Neither is happening.

>making statements about privacy directly to the people you insulted previously

I'm sure those kids from Harvard have gotten over it by now.

And yet we question if MZ ever actually grew up -- he was thrown into a world he did not understand with millions and billions of dollars. I don't believed he has changed, and I don't believe facebookers who are programmed to elicit this response to this talking point. Its so much more than a throw away comment, it speaks to his entire strategy for privacy and respect for users/society, both then, and now.


That's a James O'Keefe production, so I'll quote the first paragraph of his wikipedia bio in full:

> James Edward O'Keefe III (born June 28, 1984) is an American conservative political activist.[2][3] He produces secretly recorded undercover audio and video encounters with figures and workers in academic, governmental, and social service organizations, purporting to show abusive or allegedly illegal behavior by employees and/or representatives of those organizations.[4] He has been criticized for selectively editing videos to misrepresent the context of conversations and the subjects' responses, creating the false impression that people said or did things they did not.[5][6][7][8]


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact