We can't simply undertake anti-trust litigation against these companies. We must go further and outlaw this business model.
Laws work best when they outlaw the harm, not the method. Strengthening privacy rights and pursuing antitrust action around that  will deter similar business models in the future. If Zuckerberg willfully violated the FTC consent decree, there are ways to make him pay that discincentivise similar behavior in future.
We need to make social-discovery and network services a function of the OS and not a 3rd-party service over which the user has no agency.
In my opinion we are in this dilemma because OS vendors fell asleep at the wheel, and such things as a well-working, inbuilt common system service are instead a behind-the-walled-garden/-data-center service that has been usurped from the user.
So, same as it ever was: the corporate control over social networking (and lets just call it that, because that's what these systems are) is only 'a thing' because our systems - our computers - and the OS they run, out of the box - have been usurped for the purpose.
So, lets just continue with seeing iron-grip over single points of the network (i.e. Facebook, et al.) as the damage it is, indeed, and route around it.
i.e. we don't need legal harassment - just better system services which allow discovery and sharing with our peers without discarding near-full agency to a sinister, shady, corporate third-party.
I wonder whether there's a way to make spying so unprofitable that the business model simply isn't attractive anymore?
Legislation that would force businesses to pay for collecting user data (maybe a tax on user data) might be a start, but I don't see how something like that could be implemented successfully.
It’s quite difficult to stop using Facebook, but it’s effectively impossible to get an electoral outcome changed over a niche technical issue, or even a general one like the trains not working.
And repressive governments already use Facebook to disappear their people:
>The Facebook posts were not from everyday internet users. Instead, they were from Myanmar military personnel who turned the social network into a tool for ethnic cleansing, according to former military officials, researchers and civilian officials in the country.
So, the notion that it's somehow "safer" for Facebook to engage in omnipresent surveillance doesn't prove true.
oh for sure bud
"The disappeared: Chicago police detain Americans at abuse-laden 'black site'"
Yes, no true Scotsman would do such a thing.
Facebook is just some website.
There's not even a comparison.
Facebook is controlled by a single person who even the board cannot force out.
There have been other candidates to make bids: Google+, WeChat, etc.
Who thinks Zuckerberg has (or ever had) _any_ commitment to user privacy?
There's multiple issues at foot: when he knew, how he reacted, and why he didn't disclose. He could have absolutely found out, ordered changes, and tried to keep it quiet, and later learned what a mistake it was to keep quiet.
Zuck: Just ask
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks 
I see absolutely no indication that Mr. Zuckerberg changed his attitude since then.
Sort of like CEO's making north of 20M a year and being completely oblivious to the fact that this is so far away from the norm and in his opinion it's perfectly OK to make thousand times the money of the (outsourced) janitor.
Nevertheless I feel that Facebook, including its top level managers, is one of the most untrustworthy companies around. If you think about it, their businessmodel absolutely requires it. I leave it to the reader if this is judged as evil (I obviously do).
For the record: I don't use any of their properties since 2013 and it galls me that I'm still tracked and spied on to the hilt and back.
edit: slight clarify
You chose that. I don't need Facebook/Insta/What's App to have an "online social life." Literally nobody is forced to participate in that nonsense. Use Snap, iMessage, Twitter, Pinterest, Reddit, Slack, IRC, 500px, Vimeo, Signal, email, SMS, phone calls -- there are plenty of options.
FB, Insta, What's App aren't the entirety of the social media universe. You can't be "mad" at Facebook and then continue to use it. That's a bit hypocritical. If this situation is really that important, then stop using those services! It seems like the same thought patterns seen in abusive relationships: he beats me, but I can't live without him. That's bullshit. Leave those platforms. You see it as a "monopoly" because you allow it to be.
Still active on Reddit, but its more of community than a tool for personal relations. Android user so no iMessage. Slack & IRC not good to connect with school friends.
What I mean to say is the country I am in Facebook has a complete monopoly in our social life. And I am sure even in the US people cannot leave FB ecosystem.
The media outrage feels the same as if they came out and said that it turns out Coca Cola knew its products could lead to obesity. Of course they did, and no reasonable person thought it didn’t. You can’t police every problematic product, at some point the end user has to take responsibility.
Facebook entered into a consent decree with the FTC . (Facebook had to do this because it violated promises made to consumers.) Facebook then violated that consent decree. These e-mails may show Mark Zuckerberg--the Chairman, CEO and majority vote holder--complicit in those violations.
One can dig deeper into the privacy and antitrust issues , cultural issues and other matters. But at its core, this relates to their flagrantly violating a binding agreement with a federal regulator.
The individual criminal-law analogy would be violating one's parole agreement.
What's a reasonable person? Plenty of "reasonable" people drink Coke every day because the system indoctrinates otherwise rational people into believing that sugar isn't a poison comparable to alcohol. One of my friends, who is an attorney, still thinks that snack foods devoid of fat but loaded with sugar are somehow healthier. Speculating how a rational person would respond ideally isn't very useful in this situation because most people, including those who are well educated, are influenced heavily by their environment and, more specifically, peers and authority.
When you have Zuckerberg and journalists touting the end of privacy as being a good thing(there are plenty of articles and quotes from 10 years ago reflecting this sentiment), as well as surveillance gradually integrating into people's lives through convenience, you bet that most people are going to shrug their shoulders at privacy. Does the fact that people comply with invasion of privacy mean that the issue doesn't matter? Maybe it does if you don't think that the behavior of the masses can be manufactured.
I do agree with you that the current media outrage against social media, Silicon Valley, etc., is essentially the same kind of consent-manufacturing as when they were telling us that privacy is gone and that we should accept Facebook as the lesser evil because it "makes us more connected". I happen to agree with the current manufactured outrage, but I don't agree with the intent behind it. (which I suspect has to do with the old-guard media finally realizing that it's dying and it doesn't like the fact that social media has taken their audience and, hence, their money)
The question is do you combat that with education or with regulation? Personally I think the government’s track record with this kind of regulation is terrible, with the possible exception of cigarettes. In the US marijuana is still a schedule one drug right up there with opioids, which makes zero sense when you look at the risk profile of each drug.
Public education is extremely difficult, for example the Just Say No campaign fell mostly flat, but that doesn’t mean it’s impossible. Cigarette usage is down these days due to both increased regulations and increased public awareness of the risks.
By that same token, convincing people to be either pro-privacy or ambivalent to privacy is manufactured behavior, isn't it? If people vote against their interest, then who are we to force them one way or the other? Its hard to say without sounding harsh, but at some point, you have to draw the line on personal responsibility, and stop coddling people. Also, privacy is a relatively modern concept. When cities and towns were small, everyone got into everyone's business. Certainly, you can favor one position over the other because of your belief that it would lead to a better society.
There are lots of things here that reasonable people can discuss and agree or disagree on.
Alcohol can indeed be classified as a poison. When someone gets their stomach pumped after drinking too much, they're being treated for alcohol poisoning.
This is getting off-topic, but just because the human body is well capable of expelling consumed alcohol doesn't mean that it won't suffer from other problems in the future like fatty liver disease(which is also caused by chronic sugar consumption, btw).
And your opting out of the network makes it a little less valuable, since now no one has access to updates about yourself. If you can convince a few more people to lower their exposure or to move to something like friendica then the network becomes even less valuable and helps to lower Facebook’s power.
I would much rather fight the problem this way than trust legislators to come up with a fair way to regulate it. Same with sugar, I would rather invest in educational campaigns to convince people how bad sugars and sodas are for their body than have the government ban all sugar or decide how much can be in a product. The lobbies will usually end up writing the final laws anyway, and who knows what their incentives are.
I’ve been off of Facebook for a decade and still have a robust, satisfying social life. My real friends know how to contact me and I never feel left out of the actual important stuff going on. I think of Facebook’s existence as a blessing: it allows me to easily filter out all those low-effort “events” run by people who don’t really care if I come.
Not sure how email solves that problem.
I mean, to be fair, even Facebook won't necessarily tell you about an event unless the event creator pays them money to promote it. It's actually not a great platform for small-scale publicity, and _only_ publicizing an event on Facebook is clearly a mistake for a number of reasons. But despite its many virtues, email doesn't actually address GP's case at all.
There isn't a passive tool that would solve this other than getting people's email or mailing address, and that's absolutely fine since if you wanted to go to these reunions and be invested in these events, you can send an email to the school and get yourself on this contact list.
Also agree re:Coca Cola. However I also believe that we shouldn't blindly accept a status quo of "companies are inherently evil and value financial growth over the wellbeing/health/privacy of their customers". There are a few shining examples of business being conducted with true respect for customers. These ethical entities are few and far between, but they are worth their weight in gold and we should be mindful to vote for them with our wallets.
Getting aunt Sue to care about data harvesting and stopping the likes of Google/Amazon from taking over the world are both uphill battles. But something has to change, soon.
As we are all parts of the society that we can't escape from, regulation matters a lot to everybody who may or may not use facebook products.
If Facebook is the new Coke I'm not sure you're making the point you're intending to make. This just sounds like the stereotypical libertarian tech excuse about not taking responsibility for what is clearly becoming a pressing social concern.
Sugar taxes, smaller cupsizes, transparent information about the dangers of consumption, and so on are all fairly modest ways to set the right incentives.
And when it comes to companies behaving in irresponsible ways, for example if it turns out they ran disinformation campaigns, or hid important information about breaches from the public, then I think from time to time it's fair to bring out the hammer and hit them with substantial fines.
It can absolutely not be the case that Facebook violates user privacy, is aware of it up to the very top, and the next day the stock price soars by billions of dollars because evidently the market doesn't take our ability to correct this behaviour seriously.
If this leads to voters developing bizarre views of the world that influence who they vote for, then their carelessness becomes our problem.
Correct. When the Obama campaign used data just as aggressively as Cambridge, people cheered how "technologically advanced" that campaign was. People have a selective memory, but Facebook data harvesting and exploitation was a critical strategy used by Obama to win his elections. I guess 2008 and 2012 are too far back for most people to remember.
The stance of "just opt out of stuff you don't like" bakes in a lot of assumptions about your position in the world, and trivializes real criticisms of Facebook by people who do not have the same choices you enjoy.
I'd love to see a list of companies that require a Facebook account. Not ask for Facebook account, require Facebook account.
"You may have relatives abroad you can only talk to through Facebook or WhatsApp" They can't pick up the phone?
Side note: I've never had a Facebook account.
I don't have one. I don't miss it, and am increasingly glad. But I do have the "spouse firewall"; my wife uses it and I get most of the news I need through that, and even by local standards I'm not really a social butterfly, so between the two things, my experience may not be 100% relevant. So there's my science-style "why this data point may not be relevant" disclosure.
But it certainly isn't a "requirement for modern life" or anything. The times I faintly regret maybe not having a Facebook account are separated by many months, it's not like every day I go to do something and alas, my life is degraded because I don't have a Facebook account. It's a rare event, such that I could pretty much recite to you every one from the past 5 years. (All of them are family news, either get-togethers I wouldn't have heard about, or some family news that I ultimately would have heard anyhow and didn't have any action items on either way.)
(There's enough people without a given social account that I'm still yet to encounter the site that only has Facebook authentication. I hear they exist, but they haven't naturally crossed my path yet.)
All those other situations existed before facebook too, and people still got to reunions, went to church, and talked to their relatives living half a world away. Chances are, these people are signing into facebook with an email address or telephone number, so it's not like facebook is literally all they know unless grandson set up grandpas account (but I bet grandpa still has a landline, forwards nigerian prince emails, and writes letters just fine).
>it turns out Coca Cola knew its products could lead to obesity. Of course they did, and no reasonable person thought it didn’t.
Coca-Cola has just 40% of the non-alcoholic beverages global market share.
And as others have pointed out, "don't use Facebook" doesn't solve the problem of all the data they already have on you and will never destroy.
Of course some people were going to exploit that and break fbs own policies.
Cambridge did that and broke fbs rules.
Once it became more obvious that 3rd parties would break the rules fb adjusted their policy and closed the loophole.
The open nature of the policy was known to everyone on the planet including the ftc at the time. If those policies were problematic why wouldnt someone at the ftc say something?
Those whose job it is to regulate just sit there and watch for a decade before doing anything?
As someone mentioned above this is a systematic issue and a problem with the business model.
This is not some sneaky thing fb did on the side or behind closed doors. The apis were there for the public and everyone to see the whole time. Though there wwtr a few voiced concerns there certainly was not outrage.
I have several problems with fb but this specific issue is being misrepresented.
Some of the decentralized networks are interesting and seem like a good way forward, but they're still far away from being adopted by non-technical users and masses at large.
This seems like it's not only a technical and UI/UX problem, but one of marketing as well. The advertising-based revenue model has certainly become hostile towards user privacy, and we should rethink that too.
Whatever comes after FB, I hope it addresses all of these issues, for the sake of all of us.
Can we just keep the void?
Near as I can tell, this is about data in Facebook's databases finding its way to other organizations without the users' knowledge or consent. But the way this happens is pretty benign:
1. User installs Facebook app, and that app phones home with info about user's friends (who did not consent to this). This is what happened in the Cambridge Analytica scandal. People started asking why apps are allowed to see info about the user's friends (who did not install the app). But to a programmer, the answer is obvious: it's the "app inherits owner's permissions" model that's been part of the Unix tradition for decades. Anyway, Facebook has since changed this behavior.
2. User adds some bots as friends (maybe because their profile photo is of a cute girl), and the bots phone home with public info about user's friends. This is an entirely predictable consequence of the "friends of friends" permission model. Facebook users can set "friends only" permissions to prevent this, but most don't bother.
Is it one of these two vectors that's getting people upset, or something else that I'm missing? Keep in mind that advertisers never get to see people's private info. They just make an ad and say something like "show this to people aged 18-25 who are into video games."
1) Facebook uses any info I put into their platform to create a centralized, indexed, searchable, public database of people. This is dangerous for a lot of reasons, but notably in the vagaries of Facebook’s privacy settings (which seem to get reset every so often).
2) Facebook allows advertisers to target using a huge number of selection criteria. This allows advertisers to target some very specific — and vulnerable — groups in a way that is creepy at best. See also how the GOP was easily able to target specific racial cohorts in tight districts to spread FUD — the same tactics also work outside of politics when trying to sell things.
3) Machine learning outside of Facebook’s control makes it trivial to connect social media accounts to other activity the user may perform on the Internet — and thus connect that semi-anonymous online content to their real world relationships (e.g. the database of porn actresses linked to their Facebook profiles)
This collection of user data is Facebook’s entire business. The whole corporate bureaucracy is set up to protect this database and its data collection activities. You can’t have Facebook without it. So in a word, a lot of people object to Facebook’s entire business model — it’s just most people weren’t aware what that model asked them to give up until recently.
That would definitely be how FB describes it...
But the reality is FB had previously been investigated by the FTC for privacy violations and practices, in order to avoid enforcement action, the entered into a settlement agreement with the FTC agreeing not to engage in certain practices, develop new privacy standards and practice and allow 3rd parties to audit their privacy practices regularly...
FB violates that settlment agreement, including but not limited to, scraping email contacts from its users which allowed them to not only get that initial data they were not entitled to but more importantly to them to obtain secondary email address they could link to single users and even emails of non-users to create shadow profiles and buildout their social network through other email contacts. For example I’m not a FB user, you are, they inviolation logged into your email and scaled your contacts, identifying me, and then they build my shadow profile and build my profile from every other user who had me in their contacts.
Probably not benign.
The difference in the amount of data that FB has on people who have an account and those who never had an account (like me) is minuscule...
Most people complaining about FB's privacy practices are just on a bandwagon - I've never seen actual evidence of harm from FB's practices re: privacy.
1) shadow profiles. Facebook has profiles for everyone, regardless if they have a profile on the social network or not. You many have never visited Facebook and still they collect info on you based on a variety of identifiable information they can find online.
2) forbid ad targeting by e-mail or phone number. This allows everyone who knows my e-mail or my mobile phone number to specifically target me with tailor made ads. The ramifications of this could be really scary.
When in reality FB just like any other well company has only stores what it needs as long as it needs to provide the services they do.
On that note I might add that most data (if it wasn’t to begin with) becomes meaningless after a few days
Zuckerberg admitted to congress that Facebook collects data on people who are not signed up for facebook (but implausibly denied being familiar with the term 'shadow profile'.)
The nuance with a shadow profile basically comes down to when facebook compiles the relationship of your data into a single entry. People think if they do it ahead of time, its weird.
People also seem to ignore that facebook BUYS a lot of data, just like many other marketing data conglomerate.
Facebook is providing a friendly user interface to do normal people stuff. To the users who aren't technically sophisticated or haven't thought deeply about any of this, sucking up their contacts and shipping them off to wherever is just not something they would have imagined, let alone agreed to.
And yet they did, at least technically, when they clicked some button saying they had read 40-pages of legalese.
I predict that legislation will become the de facto check on FB and there will be many negative unintended consequences for the rest of the tech industry, harming companies who are ethical stewards of privacy.
The emergence of DuckDuckGo and the excitement for Apple's upcoming anonymous sign-in feature proves there is a massive gap in the market for privacy-focused products.
I'm afraid there will be regulation that will harm the ability for new companies, with a focus on privacy, to emerge due to the increased compliance costs.
Posteo.de (and similar email providers)
Signal app (though the app quality is very poor)
That being said, even the other tech giants aren't nearly as bad as Facebook. It just seems to be cultural there at this point.
In fact, there has been legal statements on the privacy of Facebook floating around for awhile. One judge, in 2013, explicitly said there is no reasonable expectation of privacy.
Zuckerburg has also previously made statements regarding his disdain for privacy, such as: "'They "trust me." Dumb f--ks'" 
In the wake of the mobile phone number sharing with your friends list by default, Mark had this to say: "We realize that people will probably criticize us for this for a long time, but we just believe that this is the right thing to do." 
I could go on ad nauseum, and I'm sure none of these quotes are new to anyone. So, I just don't get why it is news that Zuckerberg was aware of questionable practices.
Of course he was aware of them. He championed them.
Because everybody has a price, and Facebook knows how to find 'em cheap.
Add ?mod=rsswn to the end of the URL.
Think about that for a minute. Someone who controls 3b people. Runs psychological experiments using AI. Bans accounts of people who violate corporate-created policies that weren't debated or voted on by the public. Violates FCC settlements. And then refuses to be held accountable - or answer questions- from first world, democratic governments.
We detached this subthread from https://news.ycombinator.com/item?id=20166045 and marked it off-topic.
This bullshit hyperbole helps nobody
That's setting aside the fact that Facebook does not even try to firewall content moderation from advertising the way a traditional newspaper would.
They decide what news & ads get shown.
FB played a significant role in Brexit and US Presidential elections, enforcing filter bubbles, and running ads in violation of campaign finance laws (i.e. Russia).
You can say, sure thats why you should use Facebook. But I could imagine a slightly less evil Facebook that still provided that value to me. Perhaps there will be a concerted effort to fund a competitor (see Lyft vs Uber) or some regulations with teeth but Facebook is in a pretty solid monopoly position for now. They dictate the terms and you either agree or you lose out.
Doesn't stop FB from creating a shadow account though, buying up my credit history, and tons of other data from 3rd party sources.
None of these people are being forced to work there. They choose to. They are just as responsible.
Edit: it looks like you've been posting a bunch of these fiery denunciations to HN. I appreciate your strong feelings on the subject, but please don't use this site in that spirit. It's not what it's for, and it destroys the intellectual curiosity that it is for.
Or - accept the fact that people consider a fair deal what seems to be exploitation to you. If you don’t believe that people are able to make a reasonable, conscious choice then the end of democracy has come (for you).
They did (Instagram, WhatsApp), but then Facebook bought those companies too.
FB employees could use their experience and knowledge to work elsewhere.
I didn't delete your comment; when enough users flag a comment and the flags aren't outweighed by upvotes, the software killed it.