Hacker News new | past | comments | ask | show | jobs | submit login
Facebook Emails Could Show Zuckerberg Knew of Questionable Privacy Practices (wsj.com)
244 points by Dajsvaro on June 12, 2019 | hide | past | favorite | 146 comments

Don't be fooled. Zuckerberg is the head of the organization and has both created and internalized the economic logic of his organization, but the problem is systemic. If you put in someone else, they'll have a different style and might do a few things slightly different, but the economic logic is the same. Spying on the population is profitable, so such operations must be expanded to the maximum possible extent.

We can't simply undertake anti-trust litigation against these companies. We must go further and outlaw this business model.

> We must go further and outlaw this business model

Laws work best when they outlaw the harm, not the method. Strengthening privacy rights and pursuing antitrust action around that [1] will deter similar business models in the future. If Zuckerberg willfully violated the FTC consent decree, there are ways to make him pay that discincentivise similar behavior in future.

[1] https://www.nytimes.com/2019/05/28/opinion/privacy-antitrust...

FB is still only one head of the hydra. Amazon, LinkedIn, Google all profit off of the collection and use of personal data. A massive chunk of Silicon Valley's cash hoards depend on advertising. And when that much money is on the line, regulators tend to take on a 'light touch'.

Crime can look a lot like a hydra. Still, I don't think giving up the fight is a better solution.

>We must go further and outlaw this business model.

We need to make social-discovery and network services a function of the OS and not a 3rd-party service over which the user has no agency.

In my opinion we are in this dilemma because OS vendors fell asleep at the wheel, and such things as a well-working, inbuilt common system service are instead a behind-the-walled-garden/-data-center service that has been usurped from the user.

So, same as it ever was: the corporate control over social networking (and lets just call it that, because that's what these systems are) is only 'a thing' because our systems - our computers - and the OS they run, out of the box - have been usurped for the purpose.

So, lets just continue with seeing iron-grip over single points of the network (i.e. Facebook, et al.) as the damage it is, indeed, and route around it.

i.e. we don't need legal harassment - just better system services which allow discovery and sharing with our peers without discarding near-full agency to a sinister, shady, corporate third-party.

It seems rather hard to find a legal way to outlaw the business model.

I wonder whether there's a way to make spying so unprofitable that the business model simply isn't attractive anymore?

Legislation that would force businesses to pay for collecting user data (maybe a tax on user data) might be a start, but I don't see how something like that could be implemented successfully.

FB is planetary scale psychoactive technology. Just make it a public health issue.

Democracies are accountable only to issues that affect turnout in swing districts. Businesses are accountable to everything that might send transactions to competitors.

It’s quite difficult to stop using Facebook, but it’s effectively impossible to get an electoral outcome changed over a niche technical issue, or even a general one like the trains not working.

Agreed. Let's make gerrymandering illegal.

It never ceases to amaze me how people who are opposed to government surveillance by accountable liberal constitutional democracies are OK with surveillance by unaccountable private interests who lie all the time and do harm in order to make money.

The government has the ability to make me disappear. Facebook does not.

"Facebook Is Looking for Employees With National Security Clearances" "October 16, 2017, 4:00 AM EDT Updated on October 16, 2017, 12:23 PM EDT"


Facebook does have the opposite ability though - they could make one appear to be whoever they want. If they were inclined to use their data and technology maliciously, against an individual, I think it's likely they could ruin that life pretty quickly.

But character assassination with all the data on you that FB has is trivial.

Be shadow banned by Fb & Google and your online presence is dead. You can scream and scream all you want but no one will hear you online.

A liberal constitutional democracy does not have any more ability to make you disappear than Facebook does.

And repressive governments already use Facebook to disappear their people:

>The Facebook posts were not from everyday internet users. Instead, they were from Myanmar military personnel who turned the social network into a tool for ethnic cleansing, according to former military officials, researchers and civilian officials in the country.


So, the notion that it's somehow "safer" for Facebook to engage in omnipresent surveillance doesn't prove true.

> A liberal constitutional democracy does not have any more ability to make you disappear than Facebook does.

oh for sure bud

"The disappeared: Chicago police detain Americans at abuse-laden 'black site'"


The US isn't a liberal constitutional democracy. It's an oligarchy with different laws for the rich and poor.

> A liberal constitutional democracy does not have any more ability to make you disappear than Facebook does.

Yes, no true Scotsman would do such a thing.

Government has a exclusive monopoly on taxation and physical force.

Facebook is just some website.

There's not even a comparison.

Government is elected.

Facebook is controlled by a single person who even the board cannot force out.

There's not even a comparison.

Facebook was elected by the market.

There have been other candidates to make bids: Google+, WeChat, etc.

"Internal exchanges uncovered in response to FTC probe could cast doubt on founder’s commitment to user privacy, people familiar with the matter say"

Who thinks Zuckerberg has (or ever had) _any_ commitment to user privacy?

Probably people who listen to FB claim that they do.

You’re preaching to the choir on HN. The victims are the “dumb fucks” using his product. (His words, not mine)

Pretty disingenuous. People can change. AND we dont have a timeline. Facebook kept pushing more and more info public, in an attempt to make facebook more useful. ( http://mattmckeon.com/facebook-privacy/ ) Then they saw they went too far and quietly scaled it back. Four years later they got burned by mistakes they already knew they made and had already started taking action on.

There's multiple issues at foot: when he knew, how he reacted, and why he didn't disclose. He could have absolutely found out, ordered changes, and tried to keep it quiet, and later learned what a mistake it was to keep quiet.

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb fucks [1]

[1] https://en.wikiquote.org/wiki/Mark_Zuckerberg

I see absolutely no indication that Mr. Zuckerberg changed his attitude since then.

Im aware of the quote. I just think theres more cognitive dissonance than evil. He tells him self that facebook is xyz, and starts to believe it. I do think the force of public opinion has forced him to reconsider some beliefs about everyone being open about everything.

It may be a bit of both.

Sort of like CEO's making north of 20M a year and being completely oblivious to the fact that this is so far away from the norm and in his opinion it's perfectly OK to make thousand times the money of the (outsourced) janitor.

Nevertheless I feel that Facebook, including its top level managers, is one of the most untrustworthy companies around. If you think about it, their businessmodel absolutely requires it. I leave it to the reader if this is judged as evil (I obviously do).

For the record: I don't use any of their properties since 2013 and it galls me that I'm still tracked and spied on to the hilt and back.

edit: slight clarify

untrustworthy in an ethical sense, BUT from a technical competence sense I trust them not to leak my data _in a hack_ quite a bit more than about 99% of companies.

Facebook is a one-man show. Zuckerberg owning 60% of the company and no one can say anything to him. Moreover, one man has the entire monopoly over our entire online social life. Other networks have come and failed. Anti Trust regulators should seriously open Facebook's file and break it.

> one man has the entire monopoly over our entire online social life

You chose that. I don't need Facebook/Insta/What's App to have an "online social life." Literally nobody is forced to participate in that nonsense. Use Snap, iMessage, Twitter, Pinterest, Reddit, Slack, IRC, 500px, Vimeo, Signal, email, SMS, phone calls -- there are plenty of options.

FB, Insta, What's App aren't the entirety of the social media universe. You can't be "mad" at Facebook and then continue to use it. That's a bit hypocritical. If this situation is really that important, then stop using those services! It seems like the same thought patterns seen in abusive relationships: he beats me, but I can't live without him. That's bullshit. Leave those platforms. You see it as a "monopoly" because you allow it to be.

I used to use Snapchat previously, but all my friends (school, college, etc) started posting on IG stories rather than on Snapchat. My snapchat became a ghost town, and I shifted as well.

Still active on Reddit, but its more of community than a tool for personal relations. Android user so no iMessage. Slack & IRC not good to connect with school friends.

What I mean to say is the country I am in Facebook has a complete monopoly in our social life. And I am sure even in the US people cannot leave FB ecosystem.

Mark owns less than 30% of Facebook.

Voting shares are real ownership.

No, they're voting shares... He owns the majority of voting shares, but they aren't worth the majority of the value of company, and therefore he doesn't "own the majority of the company".

I think the shares people buy without voting rights are not ownership, they are a weird financial instrument that should flat out be illegal. If you honestly think he doesn't own the company, despite having full uncontestable control of all it's resources, I believe you're one of the many to have been duped, friend.

If you count by shares, yes. But his stock gets more votes, so he owns 60% of the votes.

Just to be a pedantic asshole, but I’m pretty sure he only owns 53% of voting shares.

The article I found said 60%, but that could easily be wrong or just out of date.

Honestly I don’t see the problem, Facebook’s privacy stance has been well known for years. I don’t use their product much because of this, but friends and family couldn’t care less. Their response is that they don’t care if someone reads their messages or tailors ads to them and no matter how hard I try it won’t change their minds. If you don’t like their privacy stance just don’t use the product, it’s not like there aren’t alternatives.

The media outrage feels the same as if they came out and said that it turns out Coca Cola knew its products could lead to obesity. Of course they did, and no reasonable person thought it didn’t. You can’t police every problematic product, at some point the end user has to take responsibility.

> I don’t see the problem

Facebook entered into a consent decree with the FTC [1]. (Facebook had to do this because it violated promises made to consumers.) Facebook then violated that consent decree. These e-mails may show Mark Zuckerberg--the Chairman, CEO and majority vote holder--complicit in those violations.

One can dig deeper into the privacy and antitrust issues [2], cultural issues and other matters. But at its core, this relates to their flagrantly violating a binding agreement with a federal regulator.

The individual criminal-law analogy would be violating one's parole agreement.

[1] https://www.ftc.gov/news-events/press-releases/2011/11/faceb...

[2] https://www.nytimes.com/2019/05/28/opinion/privacy-antitrust...

> no reasonable person thought it didn’t

What's a reasonable person? Plenty of "reasonable" people drink Coke every day because the system indoctrinates otherwise rational people into believing that sugar isn't a poison comparable to alcohol. One of my friends, who is an attorney, still thinks that snack foods devoid of fat but loaded with sugar are somehow healthier. Speculating how a rational person would respond ideally isn't very useful in this situation because most people, including those who are well educated, are influenced heavily by their environment and, more specifically, peers and authority.

When you have Zuckerberg and journalists touting the end of privacy as being a good thing(there are plenty of articles and quotes from 10 years ago reflecting this sentiment), as well as surveillance gradually integrating into people's lives through convenience, you bet that most people are going to shrug their shoulders at privacy. Does the fact that people comply with invasion of privacy mean that the issue doesn't matter? Maybe it does if you don't think that the behavior of the masses can be manufactured.

I do agree with you that the current media outrage against social media, Silicon Valley, etc., is essentially the same kind of consent-manufacturing as when they were telling us that privacy is gone and that we should accept Facebook as the lesser evil because it "makes us more connected". I happen to agree with the current manufactured outrage, but I don't agree with the intent behind it. (which I suspect has to do with the old-guard media finally realizing that it's dying and it doesn't like the fact that social media has taken their audience and, hence, their money)

Otherwise reasonable people can be convinced to do unreasonable things by companies with an agenda, that’s not the question. Facebook has done a great job convincing people to irrationally give the company all their data.

The question is do you combat that with education or with regulation? Personally I think the government’s track record with this kind of regulation is terrible, with the possible exception of cigarettes. In the US marijuana is still a schedule one drug right up there with opioids, which makes zero sense when you look at the risk profile of each drug.

Public education is extremely difficult, for example the Just Say No campaign fell mostly flat, but that doesn’t mean it’s impossible. Cigarette usage is down these days due to both increased regulations and increased public awareness of the risks.

>Does the fact that people comply with invasion of privacy mean that the issue doesn't matter? Maybe it does if you don't think that the behavior of the masses can be manufactured.

By that same token, convincing people to be either pro-privacy or ambivalent to privacy is manufactured behavior, isn't it? If people vote against their interest, then who are we to force them one way or the other? Its hard to say without sounding harsh, but at some point, you have to draw the line on personal responsibility, and stop coddling people. Also, privacy is a relatively modern concept. When cities and towns were small, everyone got into everyone's business. Certainly, you can favor one position over the other because of your belief that it would lead to a better society.

There are lots of things here that reasonable people can discuss and agree or disagree on.

What the hell is your problem with alcohol?

Way to pick out the least important sentence in that well-crafted response and attack it for no reason.

Alcohol can indeed be classified as a poison. When someone gets their stomach pumped after drinking too much, they're being treated for alcohol poisoning.

I'm not sure what your point is with that graph. Is it that 24 million Americans drink excessive amounts of alcohol and it's not a problem because they're still alive? Please forgive me if I misunderstand.

This is getting off-topic, but just because the human body is well capable of expelling consumed alcohol doesn't mean that it won't suffer from other problems in the future like fatty liver disease(which is also caused by chronic sugar consumption, btw).

Ah, just that the alcohol industry is supported by alcoholics, so it's understandable to not like alcohol as a whole.

I haven't used Facebook in nearly 8 years, however to say there are alternatives is specious. For example, I have recently learned I missed my first high school reunion because it was only posted on Facebook. Unfortunately, there isn't another service out there that I could subscribe to that would ensure I receive such communication.

Alternatives don’t have to be services, you can directly contact people who do use the service or who live with the people you want to know about.

And your opting out of the network makes it a little less valuable, since now no one has access to updates about yourself. If you can convince a few more people to lower their exposure or to move to something like friendica then the network becomes even less valuable and helps to lower Facebook’s power.

I would much rather fight the problem this way than trust legislators to come up with a fair way to regulate it. Same with sugar, I would rather invest in educational campaigns to convince people how bad sugars and sodas are for their body than have the government ban all sugar or decide how much can be in a product. The lobbies will usually end up writing the final laws anyway, and who knows what their incentives are.

Pretty absurd that your alumni communication is through facebook and only facebook, and they don't maintain actual contact info. Email is still the standard for my hs and uni alumni spam and I reckon it always will be, since it's pretty impossible to find people on facebook with common names unless you have mutual friends.

Think about it this way: Why would you want to go to an event where the organizers were too lazy to even invite you? I’d say you lucked out and whatever else you were doing at the time was likely more valuable.

I’ve been off of Facebook for a decade and still have a robust, satisfying social life. My real friends know how to contact me and I never feel left out of the actual important stuff going on. I think of Facebook’s existence as a blessing: it allows me to easily filter out all those low-effort “events” run by people who don’t really care if I come.

I have never used FB for many reasons, and it drives me nuts when close friends assume everyone does then you miss invites.

you mean like.. email?

>it was only posted on Facebook

Not sure how email solves that problem.

Email will notify you of events that are only publicized on Facebook? :thinking_face:

I mean, to be fair, even Facebook won't necessarily tell you about an event unless the event creator pays them money to promote it. It's actually not a great platform for small-scale publicity, and _only_ publicizing an event on Facebook is clearly a mistake for a number of reasons. But despite its many virtues, email doesn't actually address GP's case at all.

A contact list would, like what likely existed for every previous reunion in GPs high school since before 2010. My schools periodically reach out to update your contact info for their alumni roster. I bet GP never gave the school their contact info after graduation rather than this being a facebook only situation (unless it was just organized by a handful of alums and not tied with the school itself).

There isn't a passive tool that would solve this other than getting people's email or mailing address, and that's absolutely fine since if you wanted to go to these reunions and be invested in these events, you can send an email to the school and get yourself on this contact list.

That relies on a number of speculations, most importantly that GP was incorrect about the event having only been published on Facebook. I've seen enough small organizations work that way that I wouldn't be so hasty to second-guess GP's description.

Email wouldn't allow you to effortlessly aggregate the email addresses of everyone, and then to communicate the message out. There's a really large overhead there that doesn't really exist with Facebook.

Agreed; it's frustrating and scary how difficult it is to get people to care about online privacy. If data harvesting/target advertising continues unchecked, we'll be living in an Orwellian surveillance state by 2030. That's not the scary part, though. The scary part is that the writing is on the wall and no one can be bothered to care (excluding HN users and the like - ya'll are awesome).

Also agree re:Coca Cola. However I also believe that we shouldn't blindly accept a status quo of "companies are inherently evil and value financial growth over the wellbeing/health/privacy of their customers". There are a few shining examples of business being conducted with true respect for customers. These ethical entities are few and far between, but they are worth their weight in gold and we should be mindful to vote for them with our wallets.

Getting aunt Sue to care about data harvesting and stopping the likes of Google/Amazon from taking over the world are both uphill battles. But something has to change, soon.

Not using Facebook isn't a meaningful way to opt-out. The better analogy is not soft drinks, but asbestos or CFCs. All that private information amassed, just waiting to fall into the wrong hands.

I don't think not using their products is a solution. Even if you don't use facebook, your friends and colleagues have your name and phone number on their phone, and your friends upload photos with your face in them. You may also share the wifi with family members so facebook knows where you are indirectly.

As we are all parts of the society that we can't escape from, regulation matters a lot to everybody who may or may not use facebook products.

obesity is one of primary public health concerns, with costs associated going into the tens if not hundreds of billions, affecting billions of people. Societies all over the globe try hard to tackle it, and you would have to make a very good case why you should not, or cannot police products that cause harm like this, we do it all the time.

If Facebook is the new Coke I'm not sure you're making the point you're intending to make. This just sounds like the stereotypical libertarian tech excuse about not taking responsibility for what is clearly becoming a pressing social concern.

Yes they are both big problems, the point is that not every problem can be solved through regulation. Sedentary lifestyles are a big problem but that doesn’t mean we should pass a law forcing people to move a set amount every day. At some point people have to be given the freedom to be allowed to hurt themselves and society’s role should be to help them make the decision not to. Ideally this is done through education, not force.

I don't think anybody is advocating to force end users to do anything, but we can certainly regulate businesses who profit of harmful products.

Sugar taxes, smaller cupsizes, transparent information about the dangers of consumption, and so on are all fairly modest ways to set the right incentives.

And when it comes to companies behaving in irresponsible ways, for example if it turns out they ran disinformation campaigns, or hid important information about breaches from the public, then I think from time to time it's fair to bring out the hammer and hit them with substantial fines.

It can absolutely not be the case that Facebook violates user privacy, is aware of it up to the very top, and the next day the stock price soars by billions of dollars because evidently the market doesn't take our ability to correct this behaviour seriously.

The problem is that their indifference to how their data is used is starting to affect all of us. As evidenced by the Cambridge Analytica scandal, it’s not just advertisers tailoring ads to you. You now have shady organizations trying alter elections and pushing propaganda into users.

If this leads to voters developing bizarre views of the world that influence who they vote for, then their carelessness becomes our problem.

Not all, but part of the outrage is political. A lot of (D) folks are looking for someone to blame for the current political climate. I'll stick my neck out a bit and wager that a lot of news outlets running privacy stories wouldn't think twice about selling their customers data for ad revenue.

> A lot of (D) folks are looking for someone to blame for the current political climate.

Correct. When the Obama campaign used data just as aggressively as Cambridge, people cheered how "technologically advanced" that campaign was. People have a selective memory, but Facebook data harvesting and exploitation was a critical strategy used by Obama to win his elections. I guess 2008 and 2012 are too far back for most people to remember.

There are lots of situations where you have no choice but use Facebook. Some schools, for example, communicate through Facebook groups. Your church might do the same thing. You may have relatives abroad you can only talk to through Facebook or WhatsApp, because that's all they know how to use. Your landlord or employer might demand to see your Facebook profile as a condition of getting a lease or a job.

The stance of "just opt out of stuff you don't like" bakes in a lot of assumptions about your position in the world, and trivializes real criticisms of Facebook by people who do not have the same choices you enjoy.

I call BS. Every situation you mentioned exists because people passively accept the situation. Simply demanding a method to communicate other than Facebook can remedy the situation.

I'd love to see a list of companies that require a Facebook account. Not ask for Facebook account, require Facebook account.

"You may have relatives abroad you can only talk to through Facebook or WhatsApp" They can't pick up the phone?

Side note: I've never had a Facebook account.

So... you're opining on a service you've never used? I guess you're on the right site for that.

Who else do you expect to have the best view on the utility of not using a Facebook account other than someone who doesn't use it?

I don't have one. I don't miss it, and am increasingly glad. But I do have the "spouse firewall"; my wife uses it and I get most of the news I need through that, and even by local standards I'm not really a social butterfly, so between the two things, my experience may not be 100% relevant. So there's my science-style "why this data point may not be relevant" disclosure.

But it certainly isn't a "requirement for modern life" or anything. The times I faintly regret maybe not having a Facebook account are separated by many months, it's not like every day I go to do something and alas, my life is degraded because I don't have a Facebook account. It's a rare event, such that I could pretty much recite to you every one from the past 5 years. (All of them are family news, either get-togethers I wouldn't have heard about, or some family news that I ultimately would have heard anyhow and didn't have any action items on either way.)

(There's enough people without a given social account that I'm still yet to encounter the site that only has Facebook authentication. I hear they exist, but they haven't naturally crossed my path yet.)

Ad hominem fallacy: attacks the characteristics or authority of the writer without addressing the substance of the argument.

source: https://medium.com/@fagnerbrack/personal-experience-doesnt-m...

Only a fool would think that was an example of the ad hominem fallacy.

Landlord/employer thing you will have to pull an example as that seems unheard of and an invasion of privacy. Obviously don't have a beer bong in your profile picture, but they aren't going to grab your wrist and make you log in during the interview. Landlord has no business knowing anything about your life beyond whether or not you can pay rent.

All those other situations existed before facebook too, and people still got to reunions, went to church, and talked to their relatives living half a world away. Chances are, these people are signing into facebook with an email address or telephone number, so it's not like facebook is literally all they know unless grandson set up grandpas account (but I bet grandpa still has a landline, forwards nigerian prince emails, and writes letters just fine).

Aside from the ethnography you lay out, do you think FB/Zuck should enjoy zero liability for all privacy issues that transpire now or in the future?

>it turns out Coca Cola knew its products could lead to obesity. Of course they did, and no reasonable person thought it didn’t.


Facebook has 70% of the social media global market share.

Coca-Cola has just 40% of the non-alcoholic beverages global market share.

And as others have pointed out, "don't use Facebook" doesn't solve the problem of all the data they already have on you and will never destroy.

With that logic, should we get mad that Google can read our emails?

The article is misrepresentative. This was way back in an era where fb had slightly more open apis.

Of course some people were going to exploit that and break fbs own policies.

Cambridge did that and broke fbs rules.

Once it became more obvious that 3rd parties would break the rules fb adjusted their policy and closed the loophole.

The open nature of the policy was known to everyone on the planet including the ftc at the time. If those policies were problematic why wouldnt someone at the ftc say something?

Those whose job it is to regulate just sit there and watch for a decade before doing anything?

As someone mentioned above this is a systematic issue and a problem with the business model.

This is not some sneaky thing fb did on the side or behind closed doors. The apis were there for the public and everyone to see the whole time. Though there wwtr a few voiced concerns there certainly was not outrage.

I have several problems with fb but this specific issue is being misrepresented.

Antitrust discovery will be juicy. It’s going to make the Microsoft witch-hunt look tame in comparison.

Part of me is glad that the public and governments are finally catching up to what FB has been doing for years now, but I'm worried that we don't have a better platform/solution that fills in the void without the risk of these privacy violations happening again.

Some of the decentralized networks are interesting and seem like a good way forward, but they're still far away from being adopted by non-technical users and masses at large.

This seems like it's not only a technical and UI/UX problem, but one of marketing as well. The advertising-based revenue model has certainly become hostile towards user privacy, and we should rethink that too.

Whatever comes after FB, I hope it addresses all of these issues, for the sake of all of us.

> I'm worried that we don't have a better platform/solution that fills in the void without the risk of these privacy violations happening again.

Can we just keep the void?

If there's on thing these companies do well it's limit discovery and keep it confidential.

Not when it’s the entire world against them. Public opinion is overwhelming now but it will only get worse with time. I personally don’t think it’s all on Zuckerberg but the politics will make it so.

Honestly is anyone surprised by this? He controls everything and how will he not know their own policies?! Facebook needs a serious lesson from the regulators.

Not surprised, but I am afraid regulators will implement rules that would harm small businesses and startups much more than they would hurt FB. On the other hand, the market seems to be pretty much finished anyway. Unless someone comes up with a real decentralized solution that is able to compete with them.

Thats a valid concern. But lets hope that they take input from the tech community when and if they do it

As an EU citizen I am quite skeptical regarding that one. But I have high hopes that US regulators won't make the same mistakes.

There's a big difference between what everyone believes and what everyone actually knows. Getting confirmation could matter.

Even if he didn't: He's the boss so he's responsible.

No, the standard for important journalism isn't surprise though.

I see a lot of these articles about Facebook and privacy lately, but I'm still wondering what, precisely, Facebook is doing that people object to and what kinds of changes would satisfy those who are upset.

Near as I can tell, this is about data in Facebook's databases finding its way to other organizations without the users' knowledge or consent. But the way this happens is pretty benign:

1. User installs Facebook app, and that app phones home with info about user's friends (who did not consent to this). This is what happened in the Cambridge Analytica scandal. People started asking why apps are allowed to see info about the user's friends (who did not install the app). But to a programmer, the answer is obvious: it's the "app inherits owner's permissions" model that's been part of the Unix tradition for decades. Anyway, Facebook has since changed this behavior.

2. User adds some bots as friends (maybe because their profile photo is of a cute girl), and the bots phone home with public info about user's friends. This is an entirely predictable consequence of the "friends of friends" permission model. Facebook users can set "friends only" permissions to prevent this, but most don't bother.

Is it one of these two vectors that's getting people upset, or something else that I'm missing? Keep in mind that advertisers never get to see people's private info. They just make an ad and say something like "show this to people aged 18-25 who are into video games."

My objections are thus:

1) Facebook uses any info I put into their platform to create a centralized, indexed, searchable, public database of people. This is dangerous for a lot of reasons, but notably in the vagaries of Facebook’s privacy settings (which seem to get reset every so often).

2) Facebook allows advertisers to target using a huge number of selection criteria. This allows advertisers to target some very specific — and vulnerable — groups in a way that is creepy at best. See also how the GOP was easily able to target specific racial cohorts in tight districts to spread FUD — the same tactics also work outside of politics when trying to sell things.

3) Machine learning outside of Facebook’s control makes it trivial to connect social media accounts to other activity the user may perform on the Internet — and thus connect that semi-anonymous online content to their real world relationships (e.g. the database of porn actresses linked to their Facebook profiles)

This collection of user data is Facebook’s entire business. The whole corporate bureaucracy is set up to protect this database and its data collection activities. You can’t have Facebook without it. So in a word, a lot of people object to Facebook’s entire business model — it’s just most people weren’t aware what that model asked them to give up until recently.

>But the way this happens is pretty benign:

That would definitely be how FB describes it...

But the reality is FB had previously been investigated by the FTC for privacy violations and practices, in order to avoid enforcement action, the entered into a settlement agreement with the FTC agreeing not to engage in certain practices, develop new privacy standards and practice and allow 3rd parties to audit their privacy practices regularly...

FB violates that settlment agreement, including but not limited to, scraping email contacts from its users which allowed them to not only get that initial data they were not entitled to but more importantly to them to obtain secondary email address they could link to single users and even emails of non-users to create shadow profiles and buildout their social network through other email contacts. For example I’m not a FB user, you are, they inviolation logged into your email and scaled your contacts, identifying me, and then they build my shadow profile and build my profile from every other user who had me in their contacts.

Probably not benign.

What about the shadow profiles? Collecting data on people who have never even signed up and have not given them any data whatsoever?

That's what I strongly object to.

The difference in the amount of data that FB has on people who have an account and those who never had an account (like me) is minuscule...

I'll note that FB changed the behavior for number 1 over five years ago - and they only had that policy in the first place since the tech community at the time was slamming them for being a walled garden.

Most people complaining about FB's privacy practices are just on a bandwagon - I've never seen actual evidence of harm from FB's practices re: privacy.

Here are the top two things I consider utterly invasive.

1) shadow profiles. Facebook has profiles for everyone, regardless if they have a profile on the social network or not. You many have never visited Facebook and still they collect info on you based on a variety of identifiable information they can find online.

2) forbid ad targeting by e-mail or phone number. This allows everyone who knows my e-mail or my mobile phone number to specifically target me with tailor made ads. The ramifications of this could be really scary.

Didn't know about these shadow profiles, that's pretty interesting. Does anybody have an informative link handy to read more about this?

The existence of shadow profiles are pure speculation born out of the idea that just because FB can it will keep every bit of data.

When in reality FB just like any other well company has only stores what it needs as long as it needs to provide the services they do.

On that note I might add that most data (if it wasn’t to begin with) becomes meaningless after a few days

> "The existence of shadow profiles are pure speculation"

Zuckerberg admitted to congress that Facebook collects data on people who are not signed up for facebook (but implausibly denied being familiar with the term 'shadow profile'.)

So how come when you first join FB it starts suggesting people to befriend who you already know? The only way to do that is by collecting information in the background for every living being. They aggregate everything and then they make correlations. By the time you decide to join they have a pretty good idea about people you might know. I can't see any other way for something like that to work.

All your friends uploaded their phone books. When you signed up, facebook searched for your number.

The nuance with a shadow profile basically comes down to when facebook compiles the relationship of your data into a single entry. People think if they do it ahead of time, its weird.

People also seem to ignore that facebook BUYS a lot of data, just like many other marketing data conglomerate.

You've already hit the nail on the head.

Facebook is providing a friendly user interface to do normal people stuff. To the users who aren't technically sophisticated or haven't thought deeply about any of this, sucking up their contacts and shipping them off to wherever is just not something they would have imagined, let alone agreed to.

And yet they did, at least technically, when they clicked some button saying they had read 40-pages of legalese.

All organizations, no matter if they are public or private, need checks and balances at the top.

I predict that legislation will become the de facto check on FB and there will be many negative unintended consequences for the rest of the tech industry, harming companies who are ethical stewards of privacy.

Can you name an organization that you think is an ethical steward of privacy?

A great point in the form of a question. I should have phrased my comment differently.

The emergence of DuckDuckGo and the excitement for Apple's upcoming anonymous sign-in feature proves there is a massive gap in the market for privacy-focused products.

I'm afraid there will be regulation that will harm the ability for new companies, with a focus on privacy, to emerge due to the increased compliance costs.

Not one, but a handful, in no particular order.



Posteo.de (and similar email providers)

Signal app (though the app quality is very poor)




Mozilla might be as good as it gets?

That being said, even the other tech giants aren't nearly as bad as Facebook. It just seems to be cultural there at this point.

You need the help of an hacker? Contact spylink80@keemail.me he helped me out I was able to check my husband device without him knowing he is good and reliable.

You need the help of an hacker? Contact spylink80@keemaip.me he helped me out I was able to check my husband device without him knowing he is good and reliable.

Heh! This article is just below an article on spying (“The thing”). Sure made my evening :-)

Given the paywall, I didn't get the pleasure of reading the full article. Based on the title and opening paragraphs however, I don't think this is really news. Especially in light of the recent statement by Facebook counsel Orin Snyder: "There is no invasion of privacy at all, because there is no privacy" [1]

In fact, there has been legal statements on the privacy of Facebook floating around for awhile. One judge, in 2013, explicitly said there is no reasonable expectation of privacy.[2]

Zuckerburg has also previously made statements regarding his disdain for privacy, such as: "'They "trust me." Dumb f--ks'" [3]

In the wake of the mobile phone number sharing with your friends list by default, Mark had this to say: "We realize that people will probably criticize us for this for a long time, but we just believe that this is the right thing to do." [4]

I could go on ad nauseum, and I'm sure none of these quotes are new to anyone. So, I just don't get why it is news that Zuckerberg was aware of questionable practices.

Of course he was aware of them. He championed them.

[1]https://www.cnet.com/news/facebook-reportedly-thinks-theres-... [2]https://www.law.com/thelegalintelligencer/almID/120253289935... [3,4]https://www.cnbc.com/2018/03/21/facebook-ceo-mark-zuckerberg...

This seems to be the one guy on the planet who surpasses Trump in his ability to get into the news every 2 days. No tweeting required even. How are his staff not just jumping out of windows? I mean it's been one article after the other for 3 years now. Almost impressed by the endurance.

To some extent Facebook acts the way it does because it knows media attention has no teeth. Zuck knows he can just bide his time and scandals will slide off him like morning dew off a leaf.

>How are his staff not just jumping out of windows?

Because everybody has a price, and Facebook knows how to find 'em cheap.

Not sure if anyone has noticed but the submitter has given HN readers who prefer Javascript-enabled browsing a workaround for the WSJ paywall.

Add ?mod=rsswn to the end of the URL.

How can an article behind a paywall collect so many votes that quickly? Now I'm wondering if any of the upvoters have actually read the article.

He also openly ignores requests to testify in front of UK & Canadian parliamentary committees...

Think about that for a minute. Someone who controls 3b people. Runs psychological experiments using AI. Bans accounts of people who violate corporate-created policies that weren't debated or voted on by the public. Violates FCC settlements. And then refuses to be held accountable - or answer questions- from first world, democratic governments.

Please don't post in the flamewar style to HN, regardless of how strongly you feel about someone or their company.

We detached this subthread from https://news.ycombinator.com/item?id=20166045 and marked it off-topic.

> Someone who controls 3b people

This bullshit hyperbole helps nobody

If there was a single newspaper that was read by 3b people I think many would be rightly concerned that it has too much power/influence. Why is this any different?

That's setting aside the fact that Facebook does not even try to firewall content moderation from advertising the way a traditional newspaper would.


They decide what news & ads get shown.

FB played a significant role in Brexit and US Presidential elections, enforcing filter bubbles, and running ads in violation of campaign finance laws (i.e. Russia).

Extrapolating that to “Zuck controls 3b people” is bullshit hyperbole

Facebook has also performed studies where they controlled the items that show on individuals news feed and recorded how it changed their emotions. Controlling 3b people is exactly how I would describe it.

So stop using Facebook. (I'm not defending Facebook's practices, but nothing is stopping you, your friends, or family from just not using Facebook/Insta/What's App anymore.) Is a banned account really something that should be subject to a public vote? That's ridiculous; that implies that Facebook is some kind of human right. It isn't. Stop using it if you don't like it.

You make it seem like is isn't a bit of a collective problem though. Sure, you can not use Facebook and you'll miss all the information about your friends and their events. (Did you see the comment in this thread from someone who missed their high school reunion because it was only listed on Facebook?) You either "choose" to give up all of that or submit to every one of Facebook's practices. For some people that might be easy but for others it means they will miss many social interactions with the people they love who still use the site.

You can say, sure thats why you should use Facebook. But I could imagine a slightly less evil Facebook that still provided that value to me. Perhaps there will be a concerted effort to fund a competitor (see Lyft vs Uber) or some regulations with teeth but Facebook is in a pretty solid monopoly position for now. They dictate the terms and you either agree or you lose out.

I haven't had an account, ever. And don't use it.

Doesn't stop FB from creating a shadow account though, buying up my credit history, and tons of other data from 3rd party sources.

Stop taking away personal responsibility from the thousands of facebook employees, each of whom chooses to be evil every single day.

None of these people are being forced to work there. They choose to. They are just as responsible.

Please don't post in the flamewar style to HN. The signal/noise ratio is way too low.

We detached this subthread from https://news.ycombinator.com/item?id=20166045 and marked it off-topic.

Edit: it looks like you've been posting a bunch of these fiery denunciations to HN. I appreciate your strong feelings on the subject, but please don't use this site in that spirit. It's not what it's for, and it destroys the intellectual curiosity that it is for.

In that case don’t spare the users of FB either. They could carry their content elsewhere but they chose to feed the monster even more.

Or - accept the fact that people consider a fair deal what seems to be exploitation to you. If you don’t believe that people are able to make a reasonable, conscious choice then the end of democracy has come (for you).

> They could carry their content elsewhere but they chose to feed the monster even more.

They did (Instagram, WhatsApp), but then Facebook bought those companies too.

There is no alternative to facebook within orders of magnitude of network effects.

FB employees could use their experience and knowledge to work elsewhere.


Please don't do this here.

do what? why did you delete my comment?

Please don't Godwin up HN threads.

I didn't delete your comment; when enough users flag a comment and the flags aren't outweighed by upvotes, the software killed it.

But will we spare the guards when the walls fall?

We shouldn't.

Good luck finding those emails. If it’s for a few years in the past it’s probably auto-deleted due to corporate retention policies designed to defend against discovery. When I came back to google I had all my old calendar but none of my emails because retention is 2yrs.

Literally the first four words of the article say the emails have already been found.

This was also a pain in the ass when going for promotion because I wanted to show evidence of how I resolved conflicts and managed a partnership that crossed time zones. The most contentious decisions happened in the beginning of the project 2.5yrs earlier and were wiped. Now I understand why Googlers prefer to use Docs and let the comments go there. It’s a much worse experience for having a serialized discussion but it preserves evidence for promo.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact