In fact Facebook has used this technique very recently too:
A security researcher noticed the tech giant was prompting some users to type in their email passwords when they opened an account to verify their identity. And after they were caught... Social networking giant Facebook said on Wednesday evening it may have “unintentionally uploaded” the email contacts of up to 1.5 million users on its site, without their permission or knowledge, when they signed up for new accounts since May 2016.
Read more about this: https://www.nbcnews.com/tech/tech-news/facebook-says-it-unin...
Because you just happened to accidentally interact with the API in just the right way and downloaded the information to just the right database and deployed a service to production which just happens to access that data...
I don't understand how that statement right there isn't literally incriminating evidence. They admitted to uploading the data explicitly, and "unintentional" is a straight up lie based on how software works.
When logging in the permissions are (will see your email and contact list). AirTable makes it very very hard to login with GAuth without giving permissions to your contact list.
I feel Google should just disable that permission, it’s abused.
I should have total control over what parts are given to a third party from my email. Much like Android / iOS permission prompts.
Until fed-up former tech workers get into politics and apply their knowledge to the law, it's basically the word of the normal people vs billions of dollars.
This is a very dangerous statement to make.
Large systems are not like hackathon projects where you might understand and hold the entire scope and flow in your mind.
Software absolutely can and does lead to unintended outcomes, else there would be no bugs.
> Facebook said it used to have a step in the account verification process where some users had the option to confirm their email address and voluntarily import their email contacts onto the site. The feature was meant to help them find their friends more effectively and improve ads, according to the company.
> That process was redesigned in May 2016. While the language, which explained the step, was removed, the feature itself was not, Facebook said. Hence, email contacts were still being uploaded to the site without users being aware of that fact.
The claim isn’t that the feature was created by accident. It’s that they failed to disable the feature in the backend when they removed parts of the UI. I can definitely see how this could happen by accident due to poor communication between managers and engineers across different teams. You could also choose to believe that it was an intentional error.
I’m saying what I said, nothing more.
> Software absolutely can and does lead to unintended outcomes, else there would be no bugs.
Edit: also see this: https://news.ycombinator.com/item?id=22429620
TFA explains how the system was added, it’s absurd and intellectually dishonest to interpret my post as saying what you wrote.
It's a mistake only the first time. Knowing they get away with it every time and reap the reward is just an incentive to do it again and again. And people finding excuses and justifying this as being acceptable is one reason they get away with it. They rely on advocates for ignorance and defeatism to make such incidents feel like a banality, "oh well, what can you do", "it could happen to anyone", etc.
How many situations would you consider excusable where bad things happen to you because someone "accidentally" removed the step where you were informed what's happening and could say no?
Raises hand as an example of someone who essentially got a free server upgrade from 500G to 2T storage recently, due to people following a fixed procedure in a slightly unusual circumstance without thinking.
"Positive" accidents do happen. People just don't tend to shout about them publicly as much as they do about those with negative consequences or that affect many at the same time.
> someone "accidentally" removed the step where you were informed what's happening and could say no
In this case I can easily see this accident happen. A junior was told to remove those parts of the UI. That person has little of no knowledge of the back-end and does not have time to dig or think further because they have other work tickets assigned to them to get on with, just did the job and moved on.
Facebook may be deliberately shitty a lot of the time, that doesn't mean they aren't sometimes accidentally stupidly shitty too.
> would you consider excusable where bad things happen to you because someone "accidentally"
Of course this doesn't excuse it, just explains it. There was a fault in the management and/or work review processes. Someone should have had the opportunity to put two and two together and failed to do so. And there should be some fallout. To use a rather extreme analogy: accidentally killing someone through gross ineptitude is still a punishable crime (manslaughter), I would agree that accidentally breaching data collection rules through gross ineptitude should be too (though I doubt the coders/testers dealing with the "UI cleanup" ticket could be said to be responsible).
If 5 years from now VW has another "rogue engineer" everybody will wonder how is it possible that it slip through the cracks again. Facebook let things like this slip through the cracks again and again.
> Of course this doesn't excuse it, just explains it.
It excuses it the second it's made too look like a random accident but somehow keeps happening again and again the same way, always to their advantage.
P.S. I'm sure no company accidentally gave such upgrades to 1.5 million users and let them get away with this. And they also didn't accidentally do this again and again. You highlighted perfectly the difference between an accident and an "accident".
In my experience, deciding not to do something is unlikely to be intentional. Instead, the something that’s not done simply never presented itself as an idea.
Do you have any evidence that this particular lapse was premeditated, or did you come to this conclusion based solely on your prior opinion of their actions?
That's some weird experience. A decision is by definition intentional. It's literally "a conclusion or judgment reached after consideration". The moment a person with power of decision is made aware of an issue both action and inaction become conscious, deliberate decisions.
> did you come to this conclusion based solely on your prior opinion of their actions?
That's quite the assumption given the above and the fact that I was pretty clear that it's based on their continued stream of "mistakes" that tend to be massively in the company's favor. Almost feels like you made it in bad faith.
How many mistakes would you say it takes to make one start beefing up their internal processes so millions of people don't accidentally suffer repeatedly? How many before you start to at least consider that it can't be constantly attributed to bad luck? Would you feel different if a company kept overcharging you by mistake and never returned the money or fixed the issue? But now it's "just" and endless stream of your private data. Uncommon sense...
In my experience, most instances of someone (or a company) not doing something are not examples of conscious, intentional decisions but rather an unconscious process of the proposed thing not coming to mind. As a concrete example, I haven’t made a painting of anything since grade school. The vast majority of days, I didn’t consider and discard the idea of painting; the idea simply never presented itself.
While Facebook’s history must absolutely be taken into account when trying to discern their motivations, I consider it fundamentally unjust to judge any given incident solely based on behavior in other incidents— otherwise, you leave no path to redemption for the alleged transgressor.
As such, I would like to know if you have any evidence specific to this incident that indicates it was intentional rather than an accident, as claimed.
But then you base your reasoning for the "unintentional mishap" on the assumption that Facebook leadership (engineering or management) simply never had the idea to do anything about these issues even after they happen repeatedly? How many times can you claim ignorance and an endless string of "we'll do better"s?    [.....]
They do it because they get away with it. They get away with it because people are encouraged to think that they're mistakes and "everyone makes mistakes". But every one of these mistakes costs you, and benefits them. There's no accountability and that's exactly what you are pushing for now.
> I consider it fundamentally unjust to judge any given incident solely based on behavior in other incidents
Not solely, there's also the matter that they benefit from every one of them. Zuck founded his business on collecting data without user approval. With your reasoning you can make the concept of precedent irrelevant. You just turn them into completely separate incidents with no prior knowledge and then use wishful thinking to assume they were all mishaps.
You can shoot someone once by mistake. But what if you do it 15 times? And even true mistakes cost. Yet these "mistakes" never cost Facebook anything. They just employ an army of posters to insist it was a mistake and downplay the whole thing.
There's no amount of wishful thinking and downplaying that can compensate for common sense and prior experience. There's no reasonable way in which, in good faith, you can assume all these are mishaps. There's a long string of incidents that benefit them that serve as evidence.
P.S. You name one incident in the history of the world that you think is indefensible and I will use your reasoning to completely dismiss your accusation ;). Really, if you stand by your reasoning that shouldn't be hard.
This is, in fact, why I prefer seeking more context and understanding to making accusations.
I've seen this argument repeatedly now in a defense of Facebook, recently in a twitter thread where a facebook employee in a discussion about hate speech moderation responded along similar lines of "we are simply too large and don't know what's going on in every corner of the system"
I find it funny that this is used as a sort of excuse or defense. We can draw another conclusion. Like Goethe's Sorcerer's Apprentice Facebook has lost control over its own machinations and is simply too large.
Oh, the library was for 10 years out of fashion, People You May Know? Well craaap.
I mean, call me paranoid but I've always assumed that it's the same thing...
Even worse, it hasn't been punished by law enforcement.
> “We don’t view your experience with the product as a single-player game,” he says. Yes, in the short run, some users might benefit more than others from PYMK friending. But, he contends, all users will benefit if everyone they know winds up on Facebook. We should think of PYMK as kind of a “community tax policy,” he says. Or a redistribution of wealth. “If you’re ramped up and having a good life, then you’re going to pay a little bit more in order to make sure that everyone else in the community can get ramped up. I actually think that that approach to building a community is part of why [we have] succeeded and is modeled in a lot of aspects of our society.”
This attitude of "we know what's good for you" is apparent in more and more modern tech products. I find it pretty gross, especially when applied personal data. It's also a convenient after-the-fact moral justification for decisions that improve the bottom line of the company at the expense of its users.
It's even grosser than that. The attitude here is really "we did what was good for us, but we think you're dumb enough to be convinced we did it because it was good for you."
(To write something slightly more original than the "will not understand if livelihood depends on it" quote)
What you describe is an additional problem. A normal person targeted by a blackmailer over their sexual history would be a closer model, although even then it would still not be close to the level of a state sponsored attack on you personally — that can include combining the drones with accurate information rather than whatever led to them hitting weddings, or it could be as mild as Van Eck phreaking to find what you’re looking/who you’re talking to at no matter how well you encrypt the connection.
Oh for the innocent bygone days of around 15 years ago.
'Using Facebook Is A Kind Of Wealth' is what he says basically.
'The whole world benefits so much when they use my product'
This is Trumpian level of delusion.
'It's important that every American gets a chance to stay at home of my resorts. They're so nice! So I'm going to offer a government-backed tax rebate so that everyone can come and stay. Studies have shown people who stay at resorts are in better health, more relaxed. These tax rebates are Good For America'.
Exes, Stalkers, People who can’t let go, Friends who are bad influences, etc...
Alice tells me she knows Bob and Charlie. I mention Charlie to Bob - completely normal human thing to do. Maybe I think they're in the same circle but I've forgotten exactly why or how I found that out - completely normal human memory behaviour. Where's the invasion of privacy?
In both cases.
Yours is understandable and forgivable. Charlie's privacy may have been violated, but it was a simple mistake.
But suppose you say to Alice, "Tell me all the people you know. I'll tell you which ones I know too." If you then write down that list and systematically start telling them about each other and that they have Alice as a mutual friend, then you're a privacy-invading jerk, and Alice was wrong to trust you.
> This attitude of "we know what's good for you" is apparent in more and more modern tech products.
The attitude that this also demonstrates is "our loyal customers are locked in, so it's time to screw them over to try to make more money".
"This attitude of "we know what's good for you" is apparent in more and more modern tech products"
Billions of people used PYMK and are generally happy with it and Facebook in general. Who are you to tell them it's a bad thing?
If FB is so bad why don't more people leave? Lots of people on HN leave FB and I respect that choice - and lots don't and enjoy using FB with it's pros and cons. What's wrong with that?
You might be right, but that isn't necessarily so. I'm on Facebook, I hate many of it's features, the product design decisions and I think they are hostile and predatory. Wherever a knob was made available I changed it from the default to the more private setting. But I'm still on Facebook because I have no other option for effective communication with my globally distributed family and with the local tech community.
In short, I hate PYMK and many many other things, and generally I'm not happy at all with Facebook, but you counted me along the "Billions of people" because I'm (almost) daily active on the platform.
I believe you have no idea what portion of the users is happy with the platform, what portion is unaware of the privacy implication and what portion is unhappy about the platform's privacy but, as accurately put by the Zuck himself, pay the necessary tax.
But this speaks directly to the crux of this issue mentioned in the article that you take issue with.
Growth team tactics got people on the site and kept them engaged, and having a large and mostly comprehensive network makes it valuable to users. So when you find it valuable that your family and community is there, well that’s the point.
Or they could just say nothing.
Which is better?
It is amazing how little pieces of information that are likely innocuous by themselves can be combined to develop a pretty thorough understanding of relationships.
The sperm donor guy, though... facial recognition? No idea.
How did the Sperm Donor know it was his child?
Find that and that's how Facebook knows.
To look at a friend suggestion and know it's your child means you have been in contact with someone past the donation stage.
Nothing about how Facebook offers suggestions are secret to my knowledge.
All that's happening is people are not aware how easy it is to find information from networks
I think that's probably true. You need to spend sufficient time near someone--like within a few feet or so.
I had an interesting experience where Facebook recommended me as a friend to someone I sat next to on an airplane, with whom I had a conversation with. My phone was in airplane mode. Not sure how that happened, TBH!
This post is obviously sarcasm.
I figure everything down the left aside on FB corresponds to a permissions bit for each entry, so maybe some classes of user get some really fun items over there.
IIRC, connections like those were often explainable by addressbook data. Please assumed Facebook didn't have access to that when it actually did (I'm pretty careful about this kind of stuff and found mine had been slurped at some point, for instance). It's not inconceivable that a psychiatrist and patient may have exchanged emails or phone numbers.
One of the big annoyances in life is being notified or bugged about something I don't need to be notified about. This keeps getting worse with modern tech all the time which has slowly led me to stop using anything I don't have full control over.
There is probably an explanation for this that doesn't boil down to "FB watched our GPS and noticed our phones sat next to each other at the same location for several hours," but it still felt sufficiently creepy to make me uninterested in sticking around to figure it out.
That's exactly what happened.
> "Location information by itself doesn’t indicate that two people might be friends," said the Facebook spokesperson. "That’s why location is only one of the factors we use to suggest people you may know.”
I think Facebook's tactics were a landgrab before the global populace starts to build an antibody to pervasive advertising/spam/surveillance.
Clearly this needs to be bolstered by legislation/regulation.
Why not just disable notifications, or just uninstall the app without deleting your account? Facebook can still be of use to you without you being of use to it.
I've long used Facebook only for messaging and managing events because it's an effective and ubiquitous platform for both of these things.
Many apps provide useful notifications but some genius somewhere realized they can get more eyeballs if they abuse the notification system. So you have to take the bad with the good or throw them both out.
What’s worse is some apps provide “fine grain control” which is supposed to allow you to decide what types of notifications you get. Some other genius had the idea to be very loose with what belongs in what category.
And yet another genius had the idea to spam email if phone notifications are disabled.
And they’ll let you disable that too... but yet another genius had the idea to “accidentally” forget all these settings.
So... I don’t know. Disable them, sure. It’s the advice that keeps on giving, I guess.
Possibly because some combination of his device/platform/Facebook didn't honor his request after a while. At one time it wasn't unheard of for an app to self-update and reset notifications and other settings.
or just uninstall the app without deleting your account
Revenge, probably. And/or to punish FB microscopically, but in the only way we can.
Good for you. Not everyone lives the same life that you do.
What? This is a pretty explosive accusation with very little direct support beyond "they've done things that this is similar to". How would they be able to do this for, say, Gmail and GCal users? I could see it being technically possible, but Google seems pretty likely to both frown on this and be capable of prevention.
That is not what a monthly active user is, even at Facebook. A MAU logs in once per month, a DAU logs in once per day.
Is there a difference between an "active user" and just a "user"?
He spent 75% of most days working for personal clients outside our company. The remainder of his days were spent pimping his projects on Facebook to build his personal brand. He was not a rock star programmer. His work was beyond subpar and he needed extra time, not less. We weren’t connected but I stalked his profile for time stamps and evidence. He lived at least 1.5 hours outside my locations except for the office.
One day he overheard me and another coworker discussing Facebook oddities and he interrupted, “Facebook keeps recommending (insert my wife’s name) as a connection.” He did not know my wife’s name and they had never been in proximity of one another.
Not to dismiss your story, I am just interested about the reasoning.
I guess everyone else had the complete opposite experience based on the article title
Some of this is inevitable. For example, their algorithm was eager to suggest one particular person to me, and it did so multiple times even though I did not know the guy. It was someone who had worked at the same company as I did, in the same department, but quit the company slightly before I was hired. So he and I had easily 10 Facebook friends in common. Facebook had good reasons to suspect that I knew the guy. Even though I didn't, I might have, and they have no way of knowing for sure, so they might as well just ask.