Hacker News new | past | comments | ask | show | jobs | submit login
Facebook reportedly argues there's no 'expectation of privacy' on social media (cnet.com)
269 points by kerng 4 months ago | hide | past | web | favorite | 109 comments

Going from a model where social media is a new instance of the public square I guess I would agree there is no expectation of privacy in the public square, but where the public square metaphor breaks down is that this square is actually owned by a corporation that is taking pictures and wiretapping all the individual conversations taking place in their square and selling the contents thereof to other corporations.

So as always metaphors are a lousy way to reason, and quickly break down because once you are arguing that X is like Y you will end up hitting the limit of X being unlike Y anytime you try to deal with something complicated in regards to X.

Hence regulation of a medium where everything lasts forever and can be looked up instantaneously from almost anywhere, and copied and repeated all over the world by anyone wanting to do so, should not follow the model of regulation for a medium where everything is ephemeral and while theoretically open to anyone in practice not so open because availability of space is a limiting factor on proximity and proximity is needed to take part.

Also, given that metaphor, if I'm whispering to a friend in a public square, I do have an expectation of privacy in the sense that there should not be boom mics placed everywhere to pick up the smallest of conversations.

Or talking to a friend on your mobile phone. Your phone company is not allowed to wire tap the conversation.

Or when you send your friend a letter, the post office isn't expected to open the envelope to read your communication.

Not even isn't expected. Isn't legally allowed.

Unless you're the NSA / CSIS / Etc.

Yeah, this is the most apt comparison, and is barely even a metaphor. Shocking that it's not applied to FB.

I believe these protections are related to voice specifically, from what I recall. The law on record has to do specifically with voice data and excludes textual forms of data.

If you were voice chatting over Facebook they would probably have to make you aware if they were listening/processing the data for words. By make you aware, it probably means bury it in the ToS on page 784 in a generic and ambiguous way and that is sufficient for court should someone litigate.

Now when you start looking at voice assistants like Alexa, GA, etc. the waters could get muddier.

Your phone company can actually record your conversations so long as they ensure all parties to the conversation are aware they are doing so.

Only if the parties agree and continued use of the service argument isn’t fair.

You can use Whatsapp to whisper to your friend. It's end-to-end encrypted.

Encrypted by whom? Who has the keys? WhatsApp is not good for anything private.

Are you implying that Facebook can snoop on the contents of whatsapp messages? That'd be a pretty significant scandal. No matter how disillusioned you are with Facebook, directly and overtly lying to customers about encryption would be next level. Definitely beyond their current tactics of circumspect honesty, e.g. TFA.

Until proven otherwise, I think it is absolutely fair to say WhatsApp messages are, indeed, encrypted end-to-end with no possibility for FB to read the contents.

So, to answer your question: encrypted by users, and the users have the keys. FB doesn't. WhatsApp is definitely good for most things private. Moreso than e.g. Facebook wall or messenger itself, as per TFA.

Sneaky fine print is one thing. Plain lying is another.

> That'd be a pretty significant scandal

Facebook's history is a long string of pretty significant scandals that are forgotten a year later because they're not about X, which would be something much more serious and deserving of great reprieve...

> No matter how disillusioned you are with Facebook, directly and overtly lying to customers about encryption would be next level

This feels like an ethical line drawn on your own, and a technical distinction (which we, as technically-inclined people, are wont to make) that means little in the practical legal and sociopolitical frameworks of what constitutes a breach of contract and cause for punishment.

> Sneaky fine print is one thing. Plain lying is another.

Have you read the entirety of FB's fine print regarding its services, including WhatsApp? I haven't.

> WhatsApp end-to-end encryption ensures only you and the person you're communicating with can read what's sent, and nobody in between, not even WhatsApp.


Instead of us going back and forth about this, perhaps a lawyer can weigh in: is there any way Facebook would survive a lawsuit if this were patently false? Meaning, they delibrerately put in a backdoor to the encryption and are reading messages, knowingly, as intimated in this thread.

And would this be "another day in the life", or would it be a transgression of new levels for Facebook?

It is my conviction that companies try and do what they can to stay within the confines of a hypothetical lawsuit. That's what legal departments are for, essentially. If this were a lie, I would be very, very interested in knowing how they got that document past legal. But perhaps a real lawyer can elucidate matters?

The creator of whatsapp cared a lot about privacy. So even after selling the company to facebook he warranted that facebook could not read the messages. That was because fb promised him that they had spent a fortune on the company but they didn't wanted to change anything(yeah, if you can believe that I have a tower in the center of Paris to sell you).

Of course, this made Facebook people extremely angry, and they had lots of arguing about it. In the end the man left (losing a lot of money in the process)and of course they can read your messages now.

They had specifically been working on that for something like a year or so. A team inside facebook was created just for that.

Messages are not encrypted by users, they are encrypted by a closed source application that facebook controls 100%. They just modify the software and force an update. It is not magic.

If you can write the source code you can do anything you want.

> The creator of whatsapp cared a lot about privacy. So even after selling the company to facebook he warranted that facebook could not read the messages.

While that's true on one hand, it's also misleading on the other. When whatsapp was acquired in 2014, it wasn't e2e encrypted. Only by 2016 that it was utilizing full e2e encryption.

So while founders did care about privacy, for first 8 years of product life e2e encryption wasn't a thing. It's much easier to add very complex feature like e2e encryption once you have infinite amount of money, coming from facebook.

>In the end the man left (losing a lot of money in the process)

Not earning extra 100s millions of dollars, after you earned many billions, is not something easy to get a sympathy for. Amount of money they left on the table is mostly a rounding error for their bank account.

> The creator of whatsapp cared a lot about privacy.

They didn't even have TLS in the early versions...


When you don't hold the encryption key, you can only assume that something is not encrypted. Assuming the opposite is against good opsec.

I am not sure if understand how encryption works in the context of messaging applications. Unless the two parties communicating generate a set of keys for that particular session there is a high chance that a 3rd party who is operating the service can read their messages.

This is the theory. Now, in practice you can see exactly the same.


WhatsApp messages (even group chats) are by default end-to-end encrypted with keys generated on your device that WhatsApp does not control.

this is what they say, and it's probably true, but you can't actually know without disassembling and analyzing the executable after every update.

it's hard for me to think of something I would want to say that's too sensitive to send over sms but not too sensitive to send over an encrypted chat maintained by Facebook.

At a certain level, if you don't trust someone, you can't do anything.

Let's say you have the source code. You have the source code audited. You have reproducible builds, so you know that the source code is what was used to generate that set of binaries.

How do you know that the platform vendor isn't substituting some other code at runtime? How do you know that the hardware doesn't have a back door? How do you know that the compiler isn't inserting malicious code into the app?

At the end of the day, the only way to prove that something is doing the right thing is to watch what it does. Everything else is an educated guess.

People have built third-party WhatsApp clients, even as Facebook has tried to combat them. What Whatsapp does has been observed to the point where people are able to interact with the server at various points in time. There have been vulnerabilities reported in WhatsApp; no software is perfect, and WhatsApp has made the choice to collect more metadata than, for instance, Signal.

But up until now, nobody has found any evidence that WhatsApp is not end-to-end encrypted as it claims to be. And there are ways for people to find that out, and a lot of incentives for people to do so. Nothing is perfect, and at some point you have to decide to trust someone. I understand that trusting Facebook is fraught. But there are people with good reputations who do good work, like Moxie and tptacek, who do have expertise and can recommend WhatsApp (with an important list of caveats). Whatsapp is not perfect, but most of the options out there are much, much worse.

"end-to-end encrypted"

user1 -- server -- user2

Does this mean user1 to user2 or user1 to server and user2 to server. Both of them are end to end when you define end as client(user1, user2) or server. Again, it was proven several times that real user to user encryption is very rare, I am only aware of SILC doing that. I do not know enough about WhatsApp to believe it is user to user and I do not trust Facebook with anything. You can prove me wrong though.

If the server can decrypt the messages, then it is not end-to-end encryption. That's what the term means.

As always, it depends on who your enemy is. For the ultra vast majority of people, and in the continuity of the "public place" metaphor, it's more than enough.

And get ads in your conversation like real life. This private dialog is brought you by Squarespace.

...just not by you.

It is not a metaphor, it is an analogy.

The “expectation of privacy” isn’t about what you would expect regular people to do. It’s about what you would expect malicious actors like spies (or just private detectives hired to tail you) to do. You wouldn’t expect to be safe from a detective with a boom mic in the public square—therefore, the square is not a place where you should be having private conversations (even whispered) if you have anything to hide.

> The “expectation of privacy” isn’t about what you would expect regular people to do. It’s about what you would expect malicious actors like spies (or just private detectives hired to tail you) to do.

This is almost the opposite of how “expectation of privacy” is defined in the legal sense and used in court. Where did you get your idea from? Are you thinking of that term in a security context rather than legal?

For one, you’re defining the term with respect to the spies and not the public, and for two the idea is not whether someone could spy on you given the chance, the whole idea is that when you do something in private, you can reasonably expect it to stay private and that expectation should potentially be protected by law.

“Expectation of privacy must be reasonable, in the sense that society in general would recognize it as such”


I wouldn't expect to be safe from that detective in my own house, in a sealed room! But I certainly have an expectation of privacy there.

You should expect to be safe from that detective in your own house, because we’ve drawn a very clear distinction—that detective is breaking the law by snooping on what you do in your own private residence. If the police wanted to discover what you were doing in your own home, they’d have to get a warrant in order to not be breaking the law by doing that (“warrant” literally being defined as “a writ making something that’s normally illegal to do, temporarily not, for you, in this situation.”)

Whereas, neither the private detective, nor the police, would be breaking the law by snooping on you in the public square. So either/both would feel empowered to do so, because society does not think such an action is worthy of punishment.

That's pretty circular logic. There are feedback loops between expectations and law, but that doesn't mean the status quo is always correct. The nature of how much surveillance one person can perform has increased by many orders of magnitude. It's worth rethinking how we limit public surveillance.

A better metaphor I've found is a telegram. You dictate your message and someone else inputs the message and someone on the other end transcribes the message and delivers it to the recipient. Is there an expectation that only you and the recipient will know what the message is? No. There are at least two other individuals involved there.

I've honest never understood how the expectation of privacy arose from using Facebook. You are literally sending your information to Facebook.

If anyone is at fault here, it's browser makers who enable sending your data to Facebook. Facebook isn't reaching into your computer "stealing" your data. It's recording what is being sent. Obviously talking about the web site here.

I would argue that's exactly what the expectation of privacy is. Malicious actors on the other hand are the reality of privacy.

but on the other hand mob guys when they wanted to discuss something private would often walk and talk, because walking down the street having a private conversation is better than doing it in your office that the FBI has tapped.

At times, a public square is the best place to have a private/secret talk.

Except their point is that the public square is not. "Most convenient" is not the same as best wrt private conversations.

as always metaphors are a lousy way to reason

We'll put. Unfortunately in this case, iur legal and often social reasoning works exactly this way.

I think you've put your finger on the metaphor at the heart of this problem: the public square. I've had this thought several times when hearing/reading Jack Dorsey's response to all sorts of issues. We can't have a private owner and rulemaker for our public squares, without losing some of that metaphor's more meaningful implications.

I think there are two big issues at play. One is that public square issue. If that is appropriate to think of FB that way, I think the implication is exactly opposite of what FB execs want: you can't exclusively exploit it for private gain. A (metaphorical) public square is a political (literal) forum. The types of problems that come with a private public forum are exactly those demonstrated by the Cambridge Analytica scandal. The public forum gets auctioned off secretly to political bidders.

The second issue is another (possibly) metaphor broken by a shift in the underlying reality. "Expectation of privacy" means something totally different online. There's no expectation of privacy when you get in your car and drive to the store. But, if a new technology happens to give a company the ability to log your car's whereabouts at all times.

Going from a model where social media is a new instance of the public square I guess I would agree there is no expectation of privacy in the public square, but where the public square metaphor breaks down is that this square is actually owned by a corporation that is taking pictures and wiretapping all the individual conversations taking place in their square and selling the contents thereof to other corporations.

Not just that. Also selling the ability to remote control boom mics and remote control telephoto cameras, so they can send you an advertisement based on what you were looking at.

Isn't the best analogy for the public square the entire internet, not just Facebook?

If you stand in the section of the public square next to Facebook and they listen in, then it's no different than standing by any other website. It's true FB is popular and present in a large portion of the square, but they're not entirely unavoidable in the public square.

It's also true that others can talk about you and share your information in the public square and Facebook will pick it up, but now we're dealing with control over your own information in the public square, which is a different topic altogether.

If somebody follows you even in public space all the time then in most countries it is considered stalking and penalized.

As it should be with on-line tracking too. This intuition, that on-line tracking is akin to meatspace stalking, is behind some of the arguments against that tracking.

Except tracking pixels aren't following you, they already exist on the properties you choose to visit. It's more analogous to mass surveillance of the public square with security cameras.

Most stalking laws apply to a single person who is targeting an individual, in the effort to harass, incite fear, or some other malevolent intent.

But standing in a public square doesn't tell anybody your name or anything else personal about you except for how you look because people usually don't walk around in public with name-tags, thus even in a public square, you will be reasonably anonymous.

At least that's the German interpretation, afaik in the US, it's interpreted a bit differently where everything "in the public" has no reasonable expectation of being "private"?

yes, and unless you're living in a country that has plastered every centimeter with cameras (which is of course objectionable on the same grounds), observations in the public square are ephemeral, nobody's logging your behaviour. It really is a horrible and intentionally misleading analogy.

Metaphors are an excellent way to reason about complex fenomena as they provide a simplified model. Naturally the entity that chooses the metahor dictates the tone, the direction and the likley outcome of the discussion as is the case here.

Here is another one: social media is like a livley party where people can mingle in large and not do large rooms with different degrees of interaction with the totality of the guests. One can see that this is not a metaphor that FB would choose to discuss.

This is a great metaphor. Social Media should be more like a public square - maybe we need to get cities or countries to create a public online space, rather than corporations with monetary focus.

If they want Facebook to be a public square, then they have to take the bad with the good - they should respect free speech, as defined by the constitution of the country they are incorporated in. They should lose the ability to censor anybody, or to kick anybody out of the square (sans illegal activities), or prevent entry to anybody who wants to come in.

> this square is actually owned by a corporation that is taking pictures and wiretapping all the individual conversations taking place in their square and selling the contents thereof to other corporations.

You mean like a mall? There's no expectation of privacy at the mall.

and while it might work for Twitter (with the exception of private messages) I'd also argue that the metaphor falls apart for Facebook since you can have private profiles and groups where there's an expectation of privacy.

Facebooks posting sections explicitly provide segregation and message direction - "Only Friends"

They directly create an expectation of privacy with their controls. The argument that they are making is outrageous.

The methaphor is good. It clearly shows why wiretaping the public on the square is unreasonable.

> So as always metaphors are a lousy way to reason

It is not a metaphor. It is an analogy. It was used as comparison to the living room.

Knowing that, it is hard to follow your point.

Analogies are an equally lousy way to reason, one should study the thing itself and its unique characteristics to determine how to deal with it, not some proxy by analogy.

An analogy is never a way to reason, it's a way to explain and teach. It's been used forever and nobody thinks it's lousy unless they want to complain about something :)

For anyone looking for the actual PDF page, my best guess is it's referring to page 25 of docket number 261.

Here's the quote I found; it seems to be referring to a particular tort. You may also want to look at the full text to see the citations I omitted in the [...] for brevity:

Intrusion upon seclusion. This tort requires intentional intrusion “upon the solitude or seclusion of another or his private affairs or concerns … if the intrusion would be highly offensive to a reasonable person.” [...] Plaintiffs have not alleged any intrusion into their private affairs; rather, the information at issue is all data they already shared with a broad circle of friends and even strangers (friends of friends). [...] Nor could the disclosure of information such as page likes, which are designed to be communicated to other people, be “highly offensive to a reasonable person.” Disclosure of far more private information, such as private medical records and the identity of undercover police, has been found insufficient. The “highly offensive standard … is reserved for truly exceptional cases of intrusion,” [...] and this is not such as case.

I always find this BS legal idea of "expectation of privacy" backwards.

The important thing is not whether there's some pre-existing "expectation of privacy" in a domain (e.g. public square, or social media).

The important thing is whether (1) society wants (or deems beneficial) privacy in that domain and (2) privacy is achievable in that domain.

If (1) and (2) hold, there should be no talk of "expectation" and other such BS.

[1] and this can be settled with e.g. a referendum or a number of other ways.

I probably wouldn’t be so cavalier about writing off and calling BS the legacy of legal definitions that are successfully protecting citizens. It has taken a long time and a lot of smart people to get to where we are with expectation of privacy, and while it might not be perfect, it has been battle tested in court, so it’s presumptuous to assume your untested opinions are clearly better.

The problem I see with your suggestion is then society must pro-actively make some sort of decision for each and every domain in advance, which isn’t possible. The goal of expectation of privacy is as a test to determine when privacy would be or has been violated on a case by case basis. In that sense it’s already somewhat doing what you’re talking about; it is a way to determine whether society deems privacy beneficial in a given domain.

Whether privacy is achievable does not make a good criteria at all, because it’s always possible to compromise privacy. The entire point of the “expectation of privacy” test is to determine whether someone who did violate another’s privacy should be allowed to, it’s a pre-cursor to determining right to privacy.

>The problem I see with your suggestion is then society must pro-actively make some sort of decision for each and every domain in advance, which isn’t possible.

First, why not? It's very much possible, we have all kinds of systems in place, even electronic voting.

Second, privacy is a serious matter, of which there aren't tons, so it's not like "each and every domain" is equally important.

Third, it's not like a decision for all domains has to be taken simultaneously and right now. We could vote for one domain per year, and we'd have covered 10 most important domains in a decade...

>The goal of expectation of privacy is as a test to determine when privacy would be or has been violated on a case by case basis.

It's also used to mean "you wouldn't expect it in X domain, so you don't get to have it there".

And, as lots of domains where privacy is important are new, what's "expected" can go either way, like FB trying to argue that "people don't expect privacy in social media".

If we instead change it to whether people want privacy in social media, that's more clear cut, regardless to whatever someone can argue we "expect" or "not".

In fact, even if we keep it to "expect" (as the deciding factor), why shouldn't we vote on whether we do expect it or not? Why expect should be speculation?

Ask us (the people) to vote directly whether we expect it or not, don't decide for us, with some BS medieval-style theological syllogisms...

I suspect your strong negative reaction to expectation of privacy is because you’re mixing up expectation of privacy with right to privacy, which are two different legal concepts. I think what you’re proposing is right to privacy laws rather than expectation of privacy. Laws establishing right to privacy already exist as a declaration of what domains society deems privacy necessary in. Expectation of privacy is there as a legal test to help make determinations in cases where the right to privacy hasn’t been already established.

We can and do already vote on it, and laws establishing the right to privacy online already exist and more are in the process of being established, since historically speaking online domains have only just barely been invented.


For example, you already have no right to privacy from being photographed while outside in public in the US. You already do have an established right to privacy in your bedroom. Neither of those cases is subject to expectation of privacy tests, because the right to privacy has already been determined.

Personally it seems quite useful for expectation of privacy to always exist as a way to help sort out domains that have not yet been covered by law, and it would be silly to think that we understand all the future permutations and implications of online privacy mixed with big data well enough to cover it legally today.

Facebook’s defense here is using “expectation of privacy” in a subversive and sneaky way. The problem is Facebook has both kinds of data, public and private. It’s wrong to suggest that people don’t have an expectation of privacy for their hidden profile data just because they’re using social media. It’s probably right to suggest that anything I post publicly can’t be considered private, even if people want that. But that’s complicated when you data-mine all public data at once and draw potentially private implications using AI. It looks like their defense is about to be tested in court, so hopefully the court will see through Facebook’s defense. One of the outcomes of Facebook using “expectation of privacy” as their defense is that whatever happens here in court starts to become the law by precedent.

This should not hold.

Facebook has been running huge ads all over media and streets with "your privacy choices" and "we protect your privacy" to salvage some of their reputation.

If they do this, and then at the same time claim there is no privacy on their platform, any judge who does not throw this out would be really dumb.


This was my first thought. The ability to specifically control your post privacy and profile profile seems to imply there /is/ and expectation of privacy? IANAL but that just doesn’t make sense to me.

Tech people and young people are quitting Facebook or have done so. These are the trendsetter groups. We have likely seen peak of social media

Just another point of view: I'm Gen Z the trend I'm seeing among my friends is not en masse quitting of Facebook, but less regular usage of some of its functions - sharing articles, uploading photos, posting status updates, commenting on random posts, and so on. A quick scroll through my current feed only shows 1 or 2 posts made directly by friends, and they're all big life updates: graduations, engagements, etc. It's certainly not like the old days where people would share an album of a vacation or post about a small quirk of their day.

But even though people use many parts of Facebook less often, it's really hard to quit Facebook entirely because a lot of social activity revolves around it. In my circle, people tend to plan events using Facebook and often use Messenger to communicate. In university, people would ask questions in various FB groups. So while no one's really happy with Facebook, it still provides several conveniences that we don't want to live without.

Also, Instagram is still very popular - much of the activity that used to be on Facebook seems to have moved there.

Tech people and young people in general? Or just people you know? I've been seeing variations of this comment on Hacker News for over 10 years now, and yet the imminent demise of Facebook as a result of users who probably never actively used it anyway leaving has yet to be realized.

That’s fair point. I can only speak for people I know. Facebook has become less for sharing with friends but more about messenger and events

Really? When I'm in public I see everyone mindlessly swiping through photos on Instagram. Social media never died, it just moved.

but is Instagram really social? The most people I know just consume and leave a like. Even Instagram stories are one way communication in most cases.

there's not the level of interaction (and exposing one own opinion) that you'd see below a Facebook or Twitter post

I've also quit FB recently - and most other social networks I've left before or at least abandoned. It's really funny, I thought I would miss it more but I don't. Just an extra tab that I can scroll through like HN or a news aggregator. There are so many buttons but most I didn't click, also I stopped posting virtually anything 1-2 years ago. The thing is also: the things that I'm deeply interested in get hardly any likes anyways.

Apart from that, when meeting people and continuing to meet them, I usually use the good old phone to communicate with them. The people I interact the most with on Facebook are at the same time mostly those I meet the least in the real world.

Shaving off an additional layer of complexity...

I hope you are right.

I also fear what FB and Zuck are capable of if they realise they're on a dead-end business model, and what abuses of personal data we might see as they attempt to cash out before everything dries up...

They are quitting Facebook, not social media. It's not like people ditching iOS don't use any smartphone at all, they'll just switch to android.

As others have said and you point out, people are just moving from Facebook to other social media platforms, and then there is LinkedIn which is as bad as any other.

Moving to Instagram.

Contrast to Facebook's recent "privacy initiative". A certain level of untruth is unfortunately expected from company PR, but Facebook is really taking it to the next level.

I have to admit this sounds awful but true. I'm not going to be hypocrite and claim to have read the Facebook terms of use but I have never really expected those to be in my favor in terms of privacy.

Society and regulators should treat the social media industry like we do with tobacco and firearms.

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb fucks.

You know everyone always calls this the "dumb fucks" quote, but I think it ought to be the "just ask" quote. That's the truly objectionable part, the part that exposes the black heart of Facebook even today - you have no expectation of privacy, and your data is handed over to third parties for a pittance (or even, in this case, to impress Zuck's friends).

> "There is no invasion of privacy at all, because there is no privacy,"

... and therefore one should seriously consider not using Facebook.

Wow, just... wow. What happened to their thing of building a "privacy based" Facebook? Either their PR sucks worse than I thought or that whole balloon deflated rather quickly.

Did they suddenly forget the court cases oh say oh crypto? Those held that yes we do have a US right to non public free speech.

Given the outrage about data theft and sales, I believe the consumer has an expectation of privacy on Facebook.

Is this really a surprise to anyone? I mean beyond that they admit it?

So have they officially given up on Facebook at Work?

No. But companies should.

That's not at all unreasonable on social media

Do you really think putting the word 'social' in italics is sufficient to argue that Facebook can hand my private data over to third parties without my knowledge?

If you've read the article, the context here is the cambridge analytica scandal, not someone posting on their public timeline.

Yeah. Because frankly I dont get what information you put on Facebook should be considered private, and that would include what cambridge analytica did. I think that knowing it's a social media platform is more than sufficient to have zero expectation that anything at all put there is private.

I would agree with facebook in this point.

Data you put on social media is basically public. It may not be easily discoverable by the public at large, but that lack of discoverability is not a perpetual guarantee at all.

But most participants on social media don't understand that. Maybe it's because they overestimate the confidentiality of social circles. Even offline that's not much of a protection.

>>> But most participants on social media don't understand that.

So you actually are conceding the point. You agree that "most participants" actually do have an expectation of privacy.

A common expectation may well be unreasonable.

In my opinion it is unreasonable to expect friends not to share private information about you. And I see a lot of evidence, both in my life and from observation of other people, that people consistently underestimate the probability of friends breaking that trust.

an unreasonable expectation

>Data you put on social media is basically public. It may not be easily discoverable by the public at large, but that lack of discoverability is not a perpetual guarantee at all.

That's an individuals own risk, and not the same as whether Facebook should treat them as private, and don't sell them, expose them, etc.

Sure, I should be cautious of what I say in social media, because e.g. the other side could leak it, the servers could be hacked and the contents exposed, etc.

The same holds for my snail mail or what I type in my laptop. But I still expect those to be kept private (and even more importantly, want them to be kept so, and want the law to enforce that).

Just because there's no "perpetual guarantee" doesn't mean there shouldn't be company closing fines for selling your data, or showing negligence in making them private (e.g. unencrypted passwords come to mind) etc.

I don't think fines about selling data can be enforced without explicit contracts about keeping data confidential. Such contracts don't exist for information Facebook gathers from your data, even if a lot of that data is indeed non-public.

In the case of privacy-endangering malpractice like unencrypted passwords, that is already happening through GDPR for example. It is also, however, affected by the contract the individual has with the company.

I don't think that social media interactions, especially on facebook, fall under that umbrella, in general. Private chats, maybe. But even there you know that friends may share the texts or get hacked, and the facebook system monitors such communication for certain things like child pornography, possibly resulting in Human operators reading your communication.

Much of what facebook does, and what we actually want it to do for us, is not possible with a reasonable expectation of privacy. If I put a photo on facebook, I know that the whole world has access.

I don't agree. You set a list of people you want to share it with. Obviously those people have the ability to forward but I would expect (or would like to expect) that only those on the recipient list would be able to access it directly.

That's not a reasonable expectation in my opinion, but a fairly common one.

For example I never understood how people would want to send intimate pictures to someone else (even in the case of on-paper or video phones) and expect them not to share it.

Well said, Facebook.

People are uploading thing to the internet for the sole purpose of having as many people as possible see it. That’s the entire goal of the exercise.

It’s baffling that those same people would then turn around and behave as though they are surprised that people can see those things.

Yes just like if a lady wears a sexy dress that makes it okay to cat call her on the street. She’s not wearing the sexy dress for you ...

I upload photos to S3 as a backup, only I have ever seen them (I think).

Is it ok for Amazon to sell or use them? How about using them to blackmail me ? Would that be ok?

No. Just the things I said in my comment.

So if instead of uploading that photo to S3 and marking it private, you uploaded it to Facebook and clicked the "Show This Photo To Everybody In The World" button, it would be OK for Facebook to show it to everybody in the world. It would be impossible to blackmail you with it, given that there is nobody left without the ability to see it, at your request.

I personally have lots of photos up on Facebook that anybody in the world can look at if they choose. I also have lots of photos that nobody but me and my family can look at unless I show them personally. I accomplished this by not uploading photos from that second group to Facebook.

But if Facebook (as they do) offer you a service that allowed you to share the photos with a selected set of individuals would you not have the reasonable expectation that Facebook would not share them further?

What I'm parsing out of your comments is that no matter what Facebook says we should expect it to act without regards to privacy?

So to paraphrase what you're saying, in both your comments:

"But if [something other than what I said], then [something different would happen]."

Yes. I agree with your conclusions about the things I didn't say. But I guess I'll have to ask that you stop posting them as though they were responses to (or related in some way to) things I did say.

Given that people are fired on a pretty regular basis for social media posts, I'd tend to agree.

People have been fired for being gay, does that mean there is no reasonable expectation of privacy in the bedroom?

There is privacy in the bedroom because we expect there to be.

On social media, we share (and over share), and yet we are shocked at our privacy being exposed. We should not expect it.

If we talk quietly to each other in the privacy in our homes, sharing that information is a breaking of social trust.

If we talk on the bus around others, we should't be too surprised if someone hears us.

If we share what we say to all, we should absolutely not be shocked. Especially when we are explicitly sharing on purpose.

Am I missing something? When I was on FB I only shared with maybe 50 friends/family. My expectation was that it ended precisely there.

Facebook knows everything - and they use that. That lack of social trust is about them not playing fair. You did everything right, and you trusted your friends. It's Facebook that broke your social trust.

Yeah, you are/were missing a lot, then.

See: Utah.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact