Hacker News new | past | comments | ask | show | jobs | submit login
Facebook lawyers explain to a judge that privacy on Facebook is nonexistent (theintercept.com)
216 points by oska 33 days ago | hide | past | web | favorite | 89 comments

Users grasp the idea that posting on social media is a public thing. It's like getting on stage and shouting to everyone in the room... It's not private.

But, Facebook is invading privacy in subtle ways that users aren't so good at grasping. Like the fact that Facebook remembers every website they visit. And how long you linger on a post in your timeline. And collects your location data even when you're not trying to broadcast it. And analyzes all of your private messages. And trains neural networks to recognize you so they can correlate you with other pictures throughout the internet (and who knows, maybe they're sharing those models with random governments or other companies).

That stuff is the real privacy violation, not the public posts. And that stuff is intentionally obscured from the users and vaguely articulated in their privacy policy.

It's also fairly difficult when they intentionally make it hard for the distinction of public/non public to be understood. "People you may know" is a privacy violation. "A friend commented on such and such post" is a priacy violation.

The latter is not a deprivacy of privacy, as it is already visible to you.

But you shouldn't be able to just find things like that so easily. Sure if I go on a post I could find it but the fact Facebook notifies me of this in the first place is incredibly disrespectful.

Not true, since the entire point of a social network like this is to browse a playground of publicly-visible conversations involving your friends, and the people conversing are quite aware they're doing so in public. What would be "disrespectful" is if Facebook told you what your friends were saying in private messages between each other.

You know that button on FB called "share"? If I wanted someone to see something I'd press that or manually copy it into my status update. I don't want FB making the decisions for me and they've received feedback for it on their forums and refuse to fix it

We will just have to agree to disagree here, I suppose.

The way I see it, it's Facebook's platform, and it's up to them to build features as they see fit. The news feed works how the news feed works. There's nothing to "fix," and there's nothing rude about it. It's just an optional feature on a website on the Internet, and of course you don't have to use it if you don't like it.

When FB essentially becomes the internet, they need to be receptive to the needs of their users. It's not informed consent to have features like that.

He is calling privacy the things that are hidden by obscurity. Meaning that if you have a sign on your door advertising sneakers for example, that is private to only those people who visit your door. Sure it may be out in the open, but you didnt open it to all people.

Totally, but a door is not a social network. A door is a fixed location.

A social network is more like a magical bulletin board that tries to make itself as visible to as many people as possible. Perhaps you don't like that the bulletin board does that, but it's not rude. You're 100% free to not make posts there. I recommend it, in fact.

Yea but what if your profile is private? Wouldn’t you think that there still would be a level of privacy expectations that should be retained because only people you explicitly choose to share information with can see it? Why do corporations/advertisement get to bypass these constraints?

I may or may not agree… I'm not sure exactly what situation you're referring to.

In the original article linked above, the situation was that users expected their social information to remain private to the ~100 friends they shared it with, and sued Facebook because it ended up in the hands of Cambridge Analytica. Facebook's attorney's counterpoint is that when you share information with friends, you give up any expectation of privacy as it pertains to these friends. And in this particular case, it was the friends who shared that information with some Facebook app by Kogan(sp?), who then shared it with Cambrige Analytica.

I find the argument pretty convincing, actually. If you tell your friend a secret, and they tell someone else, even if it's a corporation, then that's that. If you share your Spotify playlist with a friend, and in turn they give up all their friends' playlists data (including yours) to some app, then imo that's kind of on you for sharing.

The situation I disagree with is if you tell your friend a secret, and then the communication platform that you used to share that secret (your phone company, the hotel you're staying in, Gmail, Facebook, whatever) decides to share it with third parties.

> people conversing are quite aware This is not true

I doubt many people who use facebook don’t understand that they can see in the Newsfeed posts that weren’t addressed directly to them by their friends. That is the entire point of the Newsfeed.

It was a big change when Facebook introduced the newsfeed back in 2006 or 2007 and I do remember people calling it the ‘stalker feed’ and there being a big facebook group with a million members asking for it to be removed. But people got over it, liked it, and instead of moving to myspace or one of the many alternative social networks stuck with facebook and facebook just got bigger and bigger thanks to users loving it.

I don't know about "liked it". "Did not stop using FB due to need to scroll through unrelated posts" would be a better description of what happened.

We are just fortunate enough to be able to fix this problem for ourselves using a browser extension. Others just complain.

I don't know. At the time the Newsfeed was introduced (September 2006), Facebook was not the juggernaut it was today. There were other countries with social networks that had much stronger network effects locally (e.g. Orkut).

Facebook only opened membership to non-college or high school students in Sept 2006 in fact - so if we had wanted to jump ship because of the 'stalker feed', there were still plenty of other options (e.g. MySpace) and the chance for a disruptor to launch if the other options weren't suitable. In practice, users chose to join Facebook and grow it to what we know it as now.

What are you trying to achieve by allowing someone to see a fact, but not actively surfacing that information?

Within the scope of X likes Y, X said Z, Facebook has a very consistent and strong privacy model [1]. However, they have long considered anything that isn't a hard privacy violation of their rules to be fair game. Technically (and this is FB's engineering mindset showing through) not surfacing information is security through obscurity.

It seems like they are backing away from that model, by deprecating features like Graph Search. I personally think that this is worse because it makes it much harder for people to understand what is visible to others. It muddies the rule of "if you don't want people to know something, don't put it on Facebook".

[1] There are some messier areas, like People You May Know, or when platform apps are allowed to access (and store) all they data that a person who uses that app could see.

Think of it like an echo. If your friend shouts at someone in the real world when others are around, you wouldn't be able to hear it from a mile away, but eventually you will hear about the fact they did so, either through gossip or some other means. Facebook cuts that extraneous fluff out and just tells you what they said. It is far from a violation of privacy, as you would be able to find that information easily if you went out looking for it in the first place.

Especially in the world of health, there is a clear distinction about what is private, public, and confidential/secret. This case very clearly public.

I block every tracker and don’t have Facebook installed and yet they show me ads that are uncanny. Rode my bike and hurt my back. Pretty sure I searched for remedies - likely on DDG. And bought a massage ball on Amazon. Instagram is filled with ads to address my back pain.

Did you buy any back pain stuff at the pharmacy? Maybe it's tied to a store loyalty card or credit card.

This. The shadow demographic profiles that Experian, Facebook, and others have on people are a lot more robust than just online cookies.

I haven't injured my back, but I still see heavy advertising for that plexus wheel plus thing.

When I explain to people that there are companies that scrape and sell databases of non-public Facebook profiles and data they often audibly gasp or at the minimum get very uncomfortable.

I can guarantee you that most higher level executive positions at fortune 2000 companies have had their private Facebook profiles reviewed during the hiring process.

This is not about tracking. This is actually more similar to your phone company selling your conversations and internet activity.

There is definitely not a common perception that Facebook activity is public.

I believe the breakdown is where private vs public vs "only my friends"

If you were chatting with your friends at dinner in your home, there's no reason you'd assume that was public. Most people mistake Facebook for that when it's closer to chatting with your friends in a crowded subway car.

In the real world, we'd see the difference, understand the difference, and likely decide certain topics out of bounds.

Facebook's entire business is getting people to open up to advertise to them better so it's their best interest to make us think it's the dinner scenario.

You're absolutely right and I think the metaphor "standing on a stage speaking to people" is very misleading at best and malicious at worst.

I think it's a little patronizing to suggest that users don't understand how Facebook tracks them. Sure, the average person probably doesn't think about the specific method of tracking. They don't know that Facebook tracks how long you watch a video, or spend staring at that photo of your ex. But they have a general sense that Facebook is monitoring their usage patterns to determine what they like and target advertising. That isn't a secret, and isn't obscured.

Regardless of what the terms and conditions say, i think it's a fair to assume that the vast majority of people using Facebook have implicitly consented to have their Facebook usage tracked.

Facebook tracking you through the rest of the web is a different story...

I've heard this argument for years but they keep on sliding back those privacy policies more and more. And every time a story comes out about how those policy changes were actually utilized to track people in a new way people get upset.

You're giving the average user too much credit. As a software developer lurking on Hacker News, sure, you understand how pervasive tracking and data collection are. But have you spoken to your parents or older relatives? My mom had no idea that kind of stuff was even possible. Most of those people still think that the core invasion of privacy us tech nerds are always going on about is the public content (the likes/follows/posts). I'm not patronizing, they genuinely don't understand the scale of modern online tracking.

i've had a lot of conversations with a lot of people from various backgrounds about how they understand facebook tracking (it inevitably follows when i tell them i'm not on facebook) and i can't think of an instance where people had a poorer understanding of facebook's tracking than i gave them credit for. That's not to say people like it, but they accept it as an inevitable consequence of using the service. And of course, for all the tech crowd's fear about the "invasion of privacy" that comes from the passive behaviour monitoring facebook does, the reality is that likes, follows, and posts are the strongest signals for their ad targeting anyways.

a non-trivial number of people think that facebook is continually listening to their every conversation through the mic on their phone, and keep the app installed anyways.

The most common story i have heard from non-tech people about how they experience tracking is that Facebook (et al) must be listening to their (spoken) conversations. Say they talk about visiting a relative in another city, and they immediately start getting hotel and flight recommendations on their phone.

It always freaks them out when i run through all the ways this might have occurred, without voice recognition. Yes, they did a search, but on their work computer, yes they mentioned it in a pm, yes they put the dates into their calendar, yes they went to get a wrote from a travel agent. But these things are not connected are they?

Edit: They all understand the scale, they see the cause and effect, they just don't understand the how.

Eh, have you heard about that app in Spain that was listening for soccer games at bars to see if they were illegally broadcasting said game?

The problem here is FB 'might've do that directly, but is 100% happening they are getting metrics from other apps that directly listen to users or do what we would consider outright privacy violations. There is too much money and too little risk not to at this point.

> You're giving the average user too much credit.

It's not compelling to acknowledge that they understand and then turn around and say they need their hand held because they aren't responsible enough. This isn't a public safety issue.

Privacy isnt a public safety issue?

What does privacy mean in that context? Casting the term more widely doesn't crystallize the issues. If what I put or do on a 3rd party platform is subject to some concept of "privacy", then so is what pickles I buy at the store. Neither of these are public safety issues, unless you're ready to say that the govt needs to monitor and protect what people say and do on the internet. The same people you think you want to protect, have to write the laws and they are just as clueless with the benefit of various industry corruption behind them. Regulation is not a panacea here.

Reading through that article, the FB lawyer’s argument is pretty reasonable:

> I go into a classroom and invite a hundred friends. This courtroom. I invite a hundred friends, I rent out the courtroom, and I have a party. And I disclose — And I disclose something private about myself to a hundred people, friends and colleagues. Those friends then rent out a 100,000-person arena, and they rebroadcast those to 100,000 people. I have no cause of action because by going to a hundred people and saying my private truths, I have negated any reasonable expectation of privacy, because the case law is clear.

Was there more context the article left out about the specific level of privacy the party expected?

Isn't this more like the venue owner bugged the room and then shared your private truths? It's not your "friends" sharing your info with corporations, it's the venue. Big difference.

(Granted, buried somewhere in your contract for renting the "venue" you've probably agreed to such a thing but that doesn't make this analogy a good one)

The issue I think is not that “friends” disseminated the information but that companies get hold of it, which is the point the judge is also hitting.

If I hypothetically sleep with hundred people and they all show pics of me naked to their friends, I will still not expect penis enlargement companies mailing me their new catalog.

I don't see how it's reasonable for Facebook to enable an app that advertises itself to users as a simple "academic survey" to harvest the private data of not only those users but all of their friends as well. Is it so unreasonable for users to expect that their data would not be harvested by a survey app installed by an online "buddy" who they may have never even met in person?

Also I think the analogy the lawyers brought up is misleading. Instead of renting out an arena, it's more like just one of those friends accepted a 1000-page terms of service a couple decades ago for a random forum, and instead of "rebroadcasting" what's "disclosed" at one party, it's more like the forum is now publishing their per-minute GPS location for the past year.

I agree. Doesn’t FB also agree, and hasn’t it already disabled that kind of API access? At least when I tried to get access to friends-of-friends info for an app I was working on a couple of years ago, there was no way to request it.

This isn't reasonable at all, because the end result will be a withdrawal into privatized spaces because absolutely nobody thinks it is reasonable that their communal activity is automatically broadcasted to the entire world.

And we can already see this happening, with younger people moving to more and more personal spaces (like say Fortnite chats) instead of using facebook.

The goal of facebook, or anybody else who aims to be a digital public space, must be to give users granular control and transparent expectations about who they broadcast to, because if that isn't the case communities will not exist and the only thing that's left is highly curated, generic blogspam.

And even more importantly, the system must be designed in a way to stay at human-scale and to reign in the virality that destroys privacy expectations.

It is kind of reasonable, but when you post on Facebook, you can choose between public post and post that only "Friends" can see. When I post to "Friends", I expect only people that I am "Friends" with on Facebook to see it.

So they need to STOP using the term "Friends" and start using the term "Friends and Corporations" instead.

It's pretty reasonable in the same way that the right to bear arms is pretty reasonable considering older technology (muskets), but perhaps worth reconsidering with M16s (much less nuclear missiles).

Or the right to free speech is pretty reasonable with older technology (printing presses), but perhaps worth reconsidering with broadcast stations (much less the Internet!)

Yeah, no. Shall Not Be Infringed. You don't get your cake, and to eat it too.

Facebook needs to get itself in order. In fact, the tech community as a whole needs to realize that just because they can tap into some data source, doesn't mean they should.

When I go to a store in "public" like Walmart, and buy a bottle of whiskey, an onion, and a deodorant, in front of hundreds of strangers, sharing willfully my payment details with Walmart and Visa, when I get home I still do not expect all my Facebook friends to know what I bought, to have pictures of me buying the items and to have a copy of my receipt. And some of them even have Walmart as a friend. Some even Visa!

Yet all is public information and happened in a location with no expectation of privacy.

The difference is that you have a degree of control over what people see. There is a degree of privacy and can back out at almost any point and can mask what you are doing quite easily.

It’s not socially acceptable to go and rummage through someone else trolley and confirm what’s in there.

But it is socially acceptable that after installing an app or signing up for a service it gets to scrub all the data from the phone; contacts, photos, messages, relationships, locations, businesses, apps installed, calls, usage, all of it, then correlate it, classify it, generate profiles, predict behaviors and sell that information?

Not at all. I’m saying that normal interactions have a degree of privacy to them, even when out ‘in public’. I do think that there are expectations of privacy in most interactions, yet somehow social media and advertising have completely broken this standard.

Facebook is awful in numerous ways but this article is misleading. FBs argument is entirely correct. The problem is of course that this is not the issue with Facebook.

Facebook is like a stalker. Even if he only uses public information, like following you in the street and sitting down next to you in a cafe to listen in on your conversations, it’s still creepy, and it is not expected, even if you have the audacity to walk about and talk to people in cafes.

And the best thing you can do is ignore him and never talk to him.

I think the "beat thing you can do" when someone's stalking you is often "go to the police"

i like this analogy, it seems to address the deeper issue.

Cambridge Analytica was never a "breach" - Facebook worked exactly as designed.

This is just demonstrating the government/LEO's own definition of Third Party Doctrine which says once you give information to someone else, you have no reasonable expectation of privacy. This is why law enforcement claims not to need a warrant to get your bank records, call history, or internet traffic.

Like it or not, disagree or not, it's clearly established until States or Congress roll it back. SCOTUS stepped in last year to block cell-location history but that's one piece of the problem.

Ref: https://en.wikipedia.org/wiki/Third-party_doctrine

People migrated from blogs to Facebook so they could selectively disclose their private information, only to the people they wanted. For a time, it wasn't even clear how FB could make money operating this noble public service. Remember that?

The legal argument in the article is just a good old fashioned gaslighting of FB's users, at least the original group. Next they'll claim email isn't private....

Just a corporate entity passing the blame on their massive user base. They need to impose some restrictions or get regulated.

Only regulation needed is to prevent FB from buying off their competitors.

FB would have to innovate internally or turn into MySpace without without Instagram, WhatsApp and others https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitio...

The latter. Without a doubt.

Why does the lawyer keep bringing up "a hundred people"? Is there some kind of official policy where FB respects your privacy if you share with 99 or fewer people? Or is it some calculated legal argument to emphasize that anything shared publicly on FB is going to be seen by plenty of people?

The worst thing you can do to Facebook is to stop using it. Sure they keep a profile on you even if you don’t have an account but their power is derived from people using their platform.

You have more power than that. If you want to hurt Facebook, spread the ideas that Facebook is unhealthy, uncool, and/or a detriment to society. In addition to stopping your personal use, influence your friends to deter them from using it too.

Don't be "that guy". It doesn't work any it only makes you less fun to be around. Nobody wants to get lectured about how they're doing something bad or stupid. People are well aware of the problems with Facebook. Maybe they'll change, maybe they won't. If they do, please don't assume it was because of you.

>It doesn't work any it only makes you less fun to be around.

It does work and I am crap at being social anyway, so I don't mind taking the hit. Someone has to be 'that guy', as you put it. Might as well be me.

So, hear me good people. Get the hell off facebook, it is a terrible place full of demons, woe and all that is tawdry, misplaced and wrong, and since we are on HN, go build alternatives to facebook while you are at it.

Alternately, do be that guy. I love hearing about stuff I would be concerned about if only I were aware and I love personal testimonials from people I know and respect about things I had only read about previously. I often change because of specific things that people said, and like to tell them, because it takes bravery to hold an opinion, put it out there, and to be convincing in defending it.

I guess my ego is strong enough not to feel contempt towards people who know things that I don't, because I've never met anyone who didn't. If I already know, I'll tell you.

Okay, here's something you clearly don't know: You're not actually that person, this is the self-image that you have constructed for yourself. It's an idealization of a rational human being that you admire, but that doesn't actually exist.

On another note, let's say you were this exceptional kind of human: Your advice would still be bad. Most people are not like you. Most people will react negatively, perhaps without you noticing. It wouldn't be very smart to go out into the world and assume that everyone works works the way you do, or that at least they should.

So your argument is that debate and reasoning are futile, and the only way people can change their minds is stumbling upon conclusions?

I'd say we have conclusive evidence that people can change their minds by hearing new idea or evidence from other people.

> So your argument is that debate and reasoning are futile, and the only way people can change their minds is stumbling upon conclusions?

No, I'm saying "being that guy" doesn't work. You know "that guy". You've met him. He didn't convince you. Unless, you already agreed with him, that is. Then you probably didn't notice him as "that guy".

It does work. Not on you I suppose, but plenty of people have stopped using facebook because other people persuaded them to stop.

In fact, I wager telling people about facebook being crap works a lot more than telling people to stop complaining about facebook.

Even better: Show your displeasure to companies advertising on or doing business with Facebook. Start boycotts.

This will hit them in their wallet to a much greater extent than any individual quitting Facebook can.

Just do it with soft power, tell business people how nobody gets any value from advertising there and what a con it is. The marketing people will listen and will buy ads elsewhere or put their money into other activities. A boycott isn't going to get the same bang per buck or be listened to.

Actually, boycotts of advertisers have been very effective in the past, but I've never heard of anyone being successful at simply talking companies out of advertising.

"advertising there" - as in Facebook. It is easy to persuade clients - as in companies - to put their money into other channels to get a return. Try it!

How is “leave the platform if you don’t like it” not the solution here?

Facebook’s creepy stalking of its users is well known, and it’s practically their only method of funding themselves. The calls to regulate Facebook just sound like entitled users attempting to use the hammer of government to reshape the site into what they want.

Can anyone here make a case as to why regulation is preferable compared to letting the free market force Facebook to change or die? I’m legitimately struggling to find any legitimate reason to do so.

Moxie Marlinespike (Openwhisper Systems, Signal) makes a good argument for why that doesn't work https://m.youtube.com/watch?v=DoeNbZlxfUM. Recommend watching the whole talk.

Making an argument doesn't change the fact that I am informed, made a decision, stopped using it and have suffered NO HARM. I made a tradeoff that I thought was valuable. Anyone demonstrably can, but are usually less interested in making a philosophical judgement than enjoying the dopamine reward from communal outrage.

Because the network effect means leaving the platform is about as realistic as "abandon all your friends and go live as a hermit in the woods".

FB notion of privacy is wrong. Privacy is not about what i publicly share.

My right to privacy is about all the info they secretly collect, keep and sell to make a profit. My right to privacy implies that they do not keep a shadow profile on me and my relatives who are not on Facebook. My right to privacy implies that they dont read through me phone messages at will. My right to privacy gives me the freedom to avoid being spoon fed by the highest bidders such as Trump, farage et al

FB knows this and they consciously divert the attention towards what we publicly share. Evil.

> My right to privacy is about all the info they secretly collect,

I'm not sure where you get this from, because I've never heard any legal doctrine to cover it.

> My right to privacy implies that they do not keep a shadow profile on me

Every user has a data model, which you can call whatever you like. This is not unique to FB.

> My right to privacy implies that they dont read through me phone messages at will

I'm not sure how you imagine spam scanners don't read your email. Perhaps you need to rethink your concept of "your right to privacy" or whatever.

> My right to privacy gives me the freedom to avoid being spoon fed by the highest bidders such as Trump, farage et al

Dumping some weird political spin where you don't want to hear things you don't like, is unsurprising. This is not a Right in the US. Some other places in the world (Canada, Germany, etc), are trending this way. It's an interesting development that "words can cause harm" is a central tenet of some political movements.

Facebook can't read through your phone messages unless you give them permission to read through your phone messages.

If everybody I send messages to have decided to install the facebook app on their phones, then the decision is taken out of my hands. Facebook will receive and store messages that I wrote, even though Facebook and I do not have a consensual relationship.

Any time you communicate with someone you surrender to them the right to control what happens to that communication. This is a property of human communication that predates Facebook by millenia. If you tell secrets to someone you can’t stop them from spreading the secrets to other people. The onus is on you to vet the people you share confidential information with.

what the.... dude. lol. secrets you tell others in confidence get out if they divulge that information themselves and if that happens you may lose trust in that person.

they have no idea facebook is eavesdropping intently. it is so drastically different.

If neither facebook nor the other person is disclosing to me that facebook is listening, then in two-party consent states that certainly seems to be against the spirit of the law, if not the letter.

Even then, the responsibility wouldn't be on Facebook, but on the other person. Facebook can't contact you to inform you of anything before you send the message.

That's not the same as reading through your phone messages.

You have to assume that any message you send out is read by any number of parties. Any e-mail you send to a Gmail account, for instance, will be processed by Google for (among other things) advertising purposes. If you don't like that, you need to employ additional measures, such as PGP.

You can whitter, you can pontificate, you can reason.

We are all dumb fucks.

The argument is "if you share it with friends you've abandoned the right to privacy cuz they can share it with others".

OK if that's how were going to play it then fb isn't responsible if a friend, of their own volition, shares it. However if fb says "you shared it now WE can share it" is a whole other game.

Regulate Facebook. They lied and said they weren't intentionally playing with people's dopamine to grow themselves. They're lying now (in a roundabout way). They're always going to lie. Why will they always lie? Because there's no accountability.

Regulate them. Force their hand. That's the only way we can stop creeping further into dystopia. They won't do it on their own and at this point no one should be comfortable with their practices.

Hip hip. We need a People’s movement against FB, or a people’s movement for data regulation.

>The argument is "if you share it with friends you've abandoned the right to privacy cuz they can share it with others".

If those are the rules then it seems copyright is out the window. Looking forward to Clash of the Titans 3: Facebook vs. Disney

Never gonna happen, but it would be amazing.

Copyright law is not rooted in the right to privacy.

This quote:

"Again and again, Snyder blames the targets of surveillance capitalism for their own surveillance"

This is an awful way of looking at the world, because it denies that people have personal responsibility. Everybody knows what Facebook does. It is in plain sight. It's in their terms of services. It's all over the media.

A lot of people don't use Facebook because of what Facebook does. Using Facebook is a fool's bargain, just like smoking or gambling.

If people can't be blamed for their own conscious decisions, we might as well throw out the whole legal system. All contracts are void, because nobody has legal capacity.

This is all pretext for more legislation, for the nanny state to come in and save us all from our dumb and irresponsible selves, to create more positions for bureaucrats to extract even more rent out of the remaining members of society. Don't buy this.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact