Hacker News new | past | comments | ask | show | jobs | submit login
‘People You May Know’ helped Facebook grow exponentially (marker.medium.com)
212 points by one-possibility 42 days ago | hide | past | web | favorite | 147 comments



In the early days, Facebook logged into user's email accounts and stole contact information without users' knowledge or authorization. This was possible because people used the same password for their email and Facebook, a practice common especially back in those days. This is one of their sources for PYMK.

In fact Facebook has used this technique very recently too:

A security researcher noticed the tech giant was prompting some users to type in their email passwords when they opened an account to verify their identity. And after they were caught... Social networking giant Facebook said on Wednesday evening it may have “unintentionally uploaded” the email contacts of up to 1.5 million users on its site, without their permission or knowledge, when they signed up for new accounts since May 2016.

Read more about this: https://www.nbcnews.com/tech/tech-news/facebook-says-it-unin...


"Unintentionally uploaded"

Because you just happened to accidentally interact with the API in just the right way and downloaded the information to just the right database and deployed a service to production which just happens to access that data...

I don't understand how that statement right there isn't literally incriminating evidence. They admitted to uploading the data explicitly, and "unintentional" is a straight up lie based on how software works.


That takes a lot of code and effort moreso necessary for it to ever be accidental. We really need a system where courts can have a jury of relevant people from the relevant industry. Imagine if the jury for Oracle v Google were made up of software developers every single time how much more effective and meaningful that would be...


Most VC backed apps like Notion, AirTable, Dropbox and a bunch of others do this when using Google Auth to log in. It seems very common tactic (prolly coming from Marketing & Growth). Google makes it very easy to share your contact list.

When logging in the permissions are (will see your email and contact list). AirTable makes it very very hard to login with GAuth without giving permissions to your contact list.

I feel Google should just disable that permission, it’s abused.


> I feel Google should just disable that permission, it’s abused.

I should have total control over what parts are given to a third party from my email. Much like Android / iOS permission prompts.


Courts don't know how stuff like this works and congressmen are paid not to know. It's unlikely anybody will have the money, confidence, and time to bring up a case against Facebook, and they'd have a hard time going up against "expert witnesses" whose testimony amounts to "accidents happen."

Until fed-up former tech workers get into politics and apply their knowledge to the law, it's basically the word of the normal people vs billions of dollars.


> "unintentional" is a straight up lie based on how software works

This is a very dangerous statement to make.

Large systems are not like hackathon projects where you might understand and hold the entire scope and flow in your mind.

Software absolutely can and does lead to unintended outcomes, else there would be no bugs.


You’re saying an entire system was added to integrate with user email accounts, download all their contacts, and upload them to a database at Facebook, accidentally?


The article provides some relevant details:

> Facebook said it used to have a step in the account verification process where some users had the option to confirm their email address and voluntarily import their email contacts onto the site. The feature was meant to help them find their friends more effectively and improve ads, according to the company.

> That process was redesigned in May 2016. While the language, which explained the step, was removed, the feature itself was not, Facebook said. Hence, email contacts were still being uploaded to the site without users being aware of that fact.

The claim isn’t that the feature was created by accident. It’s that they failed to disable the feature in the backend when they removed parts of the UI. I can definitely see how this could happen by accident due to poor communication between managers and engineers across different teams. You could also choose to believe that it was an intentional error.


Maybe the business should be set up so there’s less chance of such devastating breaches of privacy happening.


Please respond to the actual contents of my post, and not a strawman version of it.

I’m saying what I said, nothing more.

> Software absolutely can and does lead to unintended outcomes, else there would be no bugs.

Edit: also see this: https://news.ycombinator.com/item?id=22429620

TFA explains how the system was added, it’s absurd and intellectually dishonest to interpret my post as saying what you wrote.


Have you noticed how no feature that brings monetary value to the users is ever accidentally added? I never accidentally received money from these companies, extra storage quota, personalized email address, premium account, etc. And certainly never something that you get to keep once they realize the mistake. The fact that they have such weak controls when it comes to protecting you but such strong controls when it comes to protecting themselves can only be a calculated decision. And the number of precedents of such "mistakes" that are always to their advantage is the proof.

It's a mistake only the first time. Knowing they get away with it every time and reap the reward is just an incentive to do it again and again. And people finding excuses and justifying this as being acceptable is one reason they get away with it. They rely on advocates for ignorance and defeatism to make such incidents feel like a banality, "oh well, what can you do", "it could happen to anyone", etc.

How many situations would you consider excusable where bad things happen to you because someone "accidentally" removed the step where you were informed what's happening and could say no?


> I never accidentally ... extra storage quota

Raises hand as an example of someone who essentially got a free server upgrade from 500G to 2T storage recently, due to people following a fixed procedure in a slightly unusual circumstance without thinking.

"Positive" accidents do happen. People just don't tend to shout about them publicly as much as they do about those with negative consequences or that affect many at the same time.

> someone "accidentally" removed the step where you were informed what's happening and could say no

In this case I can easily see this accident happen. A junior was told to remove those parts of the UI. That person has little of no knowledge of the back-end and does not have time to dig or think further because they have other work tickets assigned to them to get on with, just did the job and moved on.

Facebook may be deliberately shitty a lot of the time, that doesn't mean they aren't sometimes accidentally stupidly shitty too.

> would you consider excusable where bad things happen to you because someone "accidentally"

Of course this doesn't excuse it, just explains it. There was a fault in the management and/or work review processes. Someone should have had the opportunity to put two and two together and failed to do so. And there should be some fallout. To use a rather extreme analogy: accidentally killing someone through gross ineptitude is still a punishable crime (manslaughter), I would agree that accidentally breaching data collection rules through gross ineptitude should be too (though I doubt the coders/testers dealing with the "UI cleanup" ticket could be said to be responsible).


We're talking about different things. You're considering just the coding accident of an employee removing this and forgetting that. I'm talking about the intentional decision of not validating this in a better, more robust fashion, at least when it comes to issues that have a huge impact on security or privacy. This was a calculated decision. Whether it was done by not putting in place or by removing all the obstacles that could have prevented this makes no difference. After the first privacy "accident" they should have had in place all the processes required to make sure such an issue doesn't happen, then go unnoticed for so long.

If 5 years from now VW has another "rogue engineer" everybody will wonder how is it possible that it slip through the cracks again. Facebook let things like this slip through the cracks again and again.

> Of course this doesn't excuse it, just explains it.

It excuses it the second it's made too look like a random accident but somehow keeps happening again and again the same way, always to their advantage.

P.S. I'm sure no company accidentally gave such upgrades to 1.5 million users and let them get away with this. And they also didn't accidentally do this again and again. You highlighted perfectly the difference between an accident and an "accident".


> I'm talking about the intentional decision of not validating this in a better, more robust fashion, ...

In my experience, deciding not to do something is unlikely to be intentional. Instead, the something that’s not done simply never presented itself as an idea.

Do you have any evidence that this particular lapse was premeditated, or did you come to this conclusion based solely on your prior opinion of their actions?


> In my experience, deciding not to do something is unlikely to be intentional.

That's some weird experience. A decision is by definition intentional. It's literally "a conclusion or judgment reached after consideration". The moment a person with power of decision is made aware of an issue both action and inaction become conscious, deliberate decisions.

> did you come to this conclusion based solely on your prior opinion of their actions?

That's quite the assumption given the above and the fact that I was pretty clear that it's based on their continued stream of "mistakes" that tend to be massively in the company's favor. Almost feels like you made it in bad faith.

How many mistakes would you say it takes to make one start beefing up their internal processes so millions of people don't accidentally suffer repeatedly? How many before you start to at least consider that it can't be constantly attributed to bad luck? Would you feel different if a company kept overcharging you by mistake and never returned the money or fixed the issue? But now it's "just" and endless stream of your private data. Uncommon sense...


I was imprecise and overly snarky in my original reply, and for that I sincerely apologize. I’d still like an answer to the half of my question that you ignored, so let me try again in a more neutral tone:

In my experience, most instances of someone (or a company) not doing something are not examples of conscious, intentional decisions but rather an unconscious process of the proposed thing not coming to mind. As a concrete example, I haven’t made a painting of anything since grade school. The vast majority of days, I didn’t consider and discard the idea of painting; the idea simply never presented itself.

While Facebook’s history must absolutely be taken into account when trying to discern their motivations, I consider it fundamentally unjust to judge any given incident solely based on behavior in other incidents— otherwise, you leave no path to redemption for the alleged transgressor.

As such, I would like to know if you have any evidence specific to this incident that indicates it was intentional rather than an accident, as claimed.


> the idea simply never presented itself

But then you base your reasoning for the "unintentional mishap" on the assumption that Facebook leadership (engineering or management) simply never had the idea to do anything about these issues even after they happen repeatedly? How many times can you claim ignorance and an endless string of "we'll do better"s? [0] [1] [2] [.....]

They do it because they get away with it. They get away with it because people are encouraged to think that they're mistakes and "everyone makes mistakes". But every one of these mistakes costs you, and benefits them. There's no accountability and that's exactly what you are pushing for now.

> I consider it fundamentally unjust to judge any given incident solely based on behavior in other incidents

Not solely, there's also the matter that they benefit from every one of them. Zuck founded his business on collecting data without user approval. With your reasoning you can make the concept of precedent irrelevant. You just turn them into completely separate incidents with no prior knowledge and then use wishful thinking to assume they were all mishaps.

You can shoot someone once by mistake. But what if you do it 15 times? And even true mistakes cost. Yet these "mistakes" never cost Facebook anything. They just employ an army of posters to insist it was a mistake and downplay the whole thing.

There's no amount of wishful thinking and downplaying that can compensate for common sense and prior experience. There's no reasonable way in which, in good faith, you can assume all these are mishaps. There's a long string of incidents that benefit them that serve as evidence.

P.S. You name one incident in the history of the world that you think is indefensible and I will use your reasoning to completely dismiss your accusation ;). Really, if you stand by your reasoning that shouldn't be hard.

[0] https://www.reuters.com/article/us-facebook-privacy-apologie...

[1] https://www.wired.com/story/why-zuckerberg-15-year-apology-t...

[2] https://time.com/5505441/mark-zuckerberg-mentor-facebook-dow...


> You name one incident in the history of the world that you think is indefensible and I will use your reasoning to completely dismiss your accusation

This is, in fact, why I prefer seeking more context and understanding to making accusations.


Sorry, so they built a system designed to vacuum up even more personal information and accidentally turned off the screen where they tricked people into giving the information up, leading to it being collected by default?


Yes, but in this case it is a highly desirable outcome for Facebook. They didn't just get lucky.


Do you really think Facebook profited from this? I'd bet they took a million dollar PR hit if anything.


Yes, absolutely. It provides a whole new set of connections to improve their view on the IRL social network. It's hard to quantify exactly how much it benefits Facebook but it's not hyperbole to say it contributes positively to everything that makes Facebook money.


Did you read the article?


>Large systems are not like hackathon projects where you might understand and hold the entire scope and flow in your mind.

I've seen this argument repeatedly now in a defense of Facebook, recently in a twitter thread where a facebook employee in a discussion about hate speech moderation responded along similar lines of "we are simply too large and don't know what's going on in every corner of the system"

I find it funny that this is used as a sort of excuse or defense. We can draw another conclusion. Like Goethe's Sorcerer's Apprentice Facebook has lost control over its own machinations and is simply too large.


Some junior facebook dev: "Oh look, here's this ancient library for email logins, I can use this to create a way for people to confirm identity"

Oh, the library was for 10 years out of fashion, People You May Know? Well craaap.


I don't understand how people comment without reading the source. It clearly explains what happened - they had a feature in production that was disclosed to the user, and an update inadvertently removed the disclosure without removing the entire feature like they were trying to.


We desperately need a Edward Snowden of Facebook to show up with treasure trove of docs at the steps of The Guardian. Surely, it is relatively safer than going up against the NSA? A $500B enterprise that's toying with the very social fabric that they claim to help build is beyond hypocritical and borderline cancerous.


>Surely, it is relatively safer than going up against the NSA?

I mean, call me paranoid but I've always assumed that it's the same thing...


Wasn't it was worse than that? I think they used to ask for your email and password explicitly for the contacts. Twitter used to do the same as well as some others. Here is a blog post from 2008 about Yelp doing it, but I can't find anything for Twitter (though I definitely remember it being the case back in the day, a comment on this blog post also mentions it) https://blog.codinghorror.com/please-give-us-your-email-pass...


A little off topic but what happened to that other recent security "incident" last year? I forget at this point what even happened, I just remembered they just let it blow over and I haven't heard anything since.


I didn't specifically know about this... But it's easy to believe, and it's a terrible thing.

Even worse, it hasn't been punished by law enforcement.


This quote from Zuckerberg is something else:

> “We don’t view your experience with the product as a single-player game,” he says. Yes, in the short run, some users might benefit more than others from PYMK friending. But, he contends, all users will benefit if everyone they know winds up on Facebook. We should think of PYMK as kind of a “community tax policy,” he says. Or a redistribution of wealth. “If you’re ramped up and having a good life, then you’re going to pay a little bit more in order to make sure that everyone else in the community can get ramped up. I actually think that that approach to building a community is part of why [we have] succeeded and is modeled in a lot of aspects of our society.”

This attitude of "we know what's good for you" is apparent in more and more modern tech products. I find it pretty gross, especially when applied personal data. It's also a convenient after-the-fact moral justification for decisions that improve the bottom line of the company at the expense of its users.


> This attitude of "we know what's good for you" is apparent in more and more modern tech products. I find it pretty gross...

It's even grosser than that. The attitude here is really "we did what was good for us, but we think you're dumb enough to be convinced we did it because it was good for you."


I think at least some engineers genuinely believe they're doing what's best for the users and that it just so happens to also be either the best for their personal bottom line or the easiest route to go with their product.


As Richard Feynman said: "The first principle is that you must not fool yourself – and you are the easiest person to fool."

(To write something slightly more original than the "will not understand if livelihood depends on it" quote)


If you pay people enough they can easily be brainwashed into believing what they are doing is right.


Also, company cultures get trimmed towards it. "Googlers" are one example. I don't think employees call themselves Facebookers, since that sounds like client for prostitution, but they probably have something else.


It's possible some really drink the kool-aid, but most are just compensated too well to care. The only companies that will try to compete with Facebook on pay are financial institutions like Citadel.


In my experience engineers don't care a whit about users except as a means of revenue, or more specifically as gasoline for the company engine.


I know this might be off topic but a billionaire making a comparison to wealth redistribution almost reads like a parody to me.


The same billionaire who spends tens of millions of dollars bulldozing houses around his in order to increase his privacy,† then tells the commoners that wanting privacy isn't normal.††

https://www.sfgate.com/tech/article/Zuckerberg-to-raze-4-hou...

†† https://www.huffpost.com/entry/facebooks-zuckerberg-the_n_41...


Physical privacy vs virtual privacy are two very different things, so it's disingenuous to pretend they are exactly the same.


He tapes over his camera on his laptop because he doesn't trust it. I do too and don't think this is odd behavior. https://www.theguardian.com/technology/2016/jun/22/mark-zuck...


While I understand the rank hypocrisy here, tech billionaires have a slightly different risk calculation than your average Joe. For example, Jeff Bezos's iPhone was hacked by a nation state using zero day exploits of video playback, delivered via a person message from its head of state. People like Bezos and Zuckerberg are on the wrong end of James Mickens's "Mossad or not-Mossad" threat model and should be taking different precautions than the average person.


The people's whose weddings got bombed by drones, or who get thrown in jail for having the same skin color and being in the same city block as an alleged perpetrator, may see it differently from you.


There is indeed a lot wrong in this world.

What you describe is an additional problem. A normal person targeted by a blackmailer over their sexual history would be a closer model, although even then it would still not be close to the level of a state sponsored attack on you personally — that can include combining the drones with accurate information rather than whatever led to them hitting weddings, or it could be as mild as Van Eck phreaking to find what you’re looking/who you’re talking to at no matter how well you encrypt the connection.


Apparently being Zuck means you need to have an insane level of protection. But regular people also have things to lose when their privacy is thrown out the toilet. Thanks to z.


Yes, I absolutely agree. Worse, most people don’t grok what computers can do, so they are unaware of how much they have lost until this bites them.

Oh for the innocent bygone days of around 15 years ago.


That is physical privacy.. it's so someone can't SEE YOU. Not track your online activity.


Lack of privacy in online activities can be even more damaging today.


I don't understand your point, that they're "different?" Well no shit.


There is no difference.


The impact that virtual privacy can have on lives is quickly approaching the impact that physical privacy can have. Further, part of the attack surface on physical privacy is virtual privacy, anyways.


Nobody said they were exactly identical. If you're going to argue, please argue with what people actually say.


It's not a matter of being exactly the same thing or not. The double standard is glaring.


That's bad, but the worst part to me is the total confluence of both the legitimacy and wellbeing he makes with his own product.

'Using Facebook Is A Kind Of Wealth' is what he says basically.

'The whole world benefits so much when they use my product'

This is Trumpian level of delusion.

'It's important that every American gets a chance to stay at home of my resorts. They're so nice! So I'm going to offer a government-backed tax rebate so that everyone can come and stay. Studies have shown people who stay at resorts are in better health, more relaxed. These tax rebates are Good For America'.


I’m not sure id hi as far as qualifying PYMK as an invasion of privacy, but there are common situations where you DO NOT want to connect with others or others you know/knew connect with you.

Exes, Stalkers, People who can’t let go, Friends who are bad influences, etc...


Suppose A has contacts B and C. If A chooses to share contacts with Facebook, and Facebook suggests B and C to A, I can see why you'd say that's not an invasion of privacy. If Facebook suggests A to C, that's arguably an invasion of privacy. If Facebook suggests B and C to each other, that's unarguably an invasion of privacy.


> If Facebook suggests B and C to each other, that's unarguably an invasion of privacy.

How so?

Alice tells me she knows Bob and Charlie. I mention Charlie to Bob - completely normal human thing to do. Maybe I think they're in the same circle but I've forgotten exactly why or how I found that out - completely normal human memory behaviour. Where's the invasion of privacy?


>Where's the invasion of privacy?

In both cases.

Yours is understandable and forgivable. Charlie's privacy may have been violated, but it was a simple mistake.

But suppose you say to Alice, "Tell me all the people you know. I'll tell you which ones I know too." If you then write down that list and systematically start telling them about each other and that they have Alice as a mutual friend, then you're a privacy-invading jerk, and Alice was wrong to trust you.


Yet you can't mention all the Charile's to Bobs on the planet like FB.


> “If you’re ramped up and having a good life, then you’re going to pay a little bit more in order to make sure that everyone else in the community can get ramped up

> This attitude of "we know what's good for you" is apparent in more and more modern tech products.

The attitude that this also demonstrates is "our loyal customers are locked in, so it's time to screw them over to try to make more money".


I know I know...but it worked. "Everyone" is on FB and they are worth a gazillion dollars.


It goes farther than that - the comment parent author doesn't even realize they are exhibiting the same behavior:

"This attitude of "we know what's good for you" is apparent in more and more modern tech products"

Billions of people used PYMK and are generally happy with it and Facebook in general. Who are you to tell them it's a bad thing?

If FB is so bad why don't more people leave? Lots of people on HN leave FB and I respect that choice - and lots don't and enjoy using FB with it's pros and cons. What's wrong with that?


> Billions of people used PYMK and are generally happy with it and Facebook in general.

You might be right, but that isn't necessarily so. I'm on Facebook, I hate many of it's features, the product design decisions and I think they are hostile and predatory. Wherever a knob was made available I changed it from the default to the more private setting. But I'm still on Facebook because I have no other option for effective communication with my globally distributed family and with the local tech community.

In short, I hate PYMK and many many other things, and generally I'm not happy at all with Facebook, but you counted me along the "Billions of people" because I'm (almost) daily active on the platform.

I believe you have no idea what portion of the users is happy with the platform, what portion is unaware of the privacy implication and what portion is unhappy about the platform's privacy but, as accurately put by the Zuck himself, pay the necessary tax.


> But I'm still on Facebook because I have no other option for effective communication with my globally distributed family and with the local tech community.

But this speaks directly to the crux of this issue mentioned in the article that you take issue with.

Growth team tactics got people on the site and kept them engaged, and having a large and mostly comprehensive network makes it valuable to users. So when you find it valuable that your family and community is there, well that’s the point.


Nope, I found my family directly and the community is in the groups. I believe I never used the People You May know box myself. I may have been added as a friend by someone using the feature, but probably not anyone that I actually care about being connected to.


Underneath it’s “what’s good for facebook” but on the surface they have to paint it as “what is good for you.”

Or they could just say nothing.

Which is better?


> A sex worker found Facebook recommending her clients, who did not know her true identity. A sperm donor got a suggestion for the biological child he never met. A psychiatrist learned that Facebook was recommending that some of her patients friend each other on the service.

It is amazing how little pieces of information that are likely innocuous by themselves can be combined to develop a pretty thorough understanding of relationships.


The first and last must just be geolocation based, right? Like, these two people are in a room together every X day for Y hours... they probably know each other.

The sperm donor guy, though... facial recognition? No idea.


There's gotta be more to that sperm donor story. "Oh that must be my biological kid from that sperm bank trip 20 years ago" is not the natural train of thought when you see someone who maybe vaguely looks like you as a suggestion on Facebook. And whatever the other context was - maybe one of them searching for the other - probably gave Facebook what it needed to make the connection.


Data bought from 23AndMe ?


> The sperm donor guy

How did the Sperm Donor know it was his child?

Find that and that's how Facebook knows.

To look at a friend suggestion and know it's your child means you have been in contact with someone past the donation stage.

Nothing about how Facebook offers suggestions are secret to my knowledge.

All that's happening is people are not aware how easy it is to find information from networks


More likely adress book / phone contacts import.


The geo thing is really happening.


I also have the theory that they are using WiFi names / AP MAC addresses as well. If you happen to be connected to the same private WiFi network, you probably know each other.


Facebook has a patent for using dust and scratches on photos to track which camera they came from. But they claime(d) not to be using WiFi or Geolocation for the PYMK feature - https://gizmodo.com/facebook-knows-how-to-track-you-using-th...


Based on the track record of other Facebook claims of the "we don't do X" type, this is basically proof that they do and/or did do both of these things. Maybe "accidentially" and "unintentionally" ;-)


Which is one big reason why the only sensible way to use Facebook on mobile is to delete the app and use only a browser, while keeping your location sensors turned off.


There is a nice app called Frost that is basically a wrapper around the web interface with convenience features, and is free (i.e., available on F-Droid).


As one of the factors probably, but they don't recommend random people who are nearby. There has to be some actual connection (friend-of-friend, address book, in the same group etc.)


> but they don't recommend random people who are nearby

I think that's probably true. You need to spend sufficient time near someone--like within a few feet or so.

I had an interesting experience where Facebook recommended me as a friend to someone I sat next to on an airplane, with whom I had a conversation with. My phone was in airplane mode. Not sure how that happened, TBH!


They probably looked you up afterwards on Facebook or another site using Facebook analytics.


It could be based on connecting to the same in-flight WiFi.


And you might be able to correlate seating with WiFi strength? :)


so a stalker will get recommended to a 'stalkee' ?


I mean, part of the use case there is that the 'stalkee' will at least be notified that the person s/he has seen four or five times is definitely stalking them. So that's good, I guess.

This post is obviously sarcasm.


Happened to me a few times, some people I randomly met in a bar where recommended to me the next day, super creepy.


Could not be because they checked you out by name on facebook?


Possible, although I've only given them my first name. And this is not just on one occasions, it has happened multiple times. My best guess has always been that Facebook uses some geo targeting to see who was at the same location at the same time.


There’s no need to speculate - the article we are commenting on informs us that happened through email contact sharing.


In the recent events, like https://news.ycombinator.com/item?id=22178917 we have learned that there is a lot of data moving around, including various third-parties.


I see those as BIG pieces of information! The number of people that I "might know" because we've exchanged email with the same person is horrifying in this context. There's a dystopic story to be written (which often means it already has been) about law enforcement using this second-order conntection as Reasonable Suspicion, a "why did we find your business card in this bad guy's wallet?" connection.


This is not a dystopian fantasy; it's exactly how intelligence agencies map out terrorist groups' and foreign militaries' structures online. Israel is supposedly particularly good at this kind of analysis, but I'm sure other countries are doing it.


You have to wonder what kinds of non-employee access are a part of the Facebook web application. That is, perhaps Israel's edge is that they have an (made-up) Investigator version of FB when they log in.

I figure everything down the left aside on FB corresponds to a permissions bit for each entry, so maybe some classes of user get some really fun items over there.


And all the "males of fighting age"


We can get heuristics with lower false positives these days.


But we don't know if these are false positives. The connection between all those examples doesn't have to be the suggested link. E.g. the patients could be suggested because they have a common friend.


Yeah, the psychiatrist seems the easiest to explain since when choosing a medical professional people may ask their friends who they recommend.


> Yeah, the psychiatrist seems the easiest to explain since when choosing a medical professional people may ask their friends who they recommend.

IIRC, connections like those were often explainable by addressbook data. Please assumed Facebook didn't have access to that when it actually did (I'm pretty careful about this kind of stuff and found mine had been slurped at some point, for instance). It's not inconceivable that a psychiatrist and patient may have exchanged emails or phone numbers.


Since the system is both aggressive and intentionally opaque, it doesn't much matter to me whether the positives are false or true. If Facebook would like people not to feel threatened by it, then they could either not do it or make it much clearer what's going on.


I mean, they're creepingly good sometimes. I once met a lady in the streets, we exchanged numbers and sent a few messages but never saw each other again. Facebook recommended her to me. I used whatsapp to text her, so I assume Facebook crossed some data and suggested her to me.


Relatedly, Venmo has given me the identify of people I've contacted before by phone.


They kept sending me "do you know [person I probably don't know]" as notifications on my phone! This was the last straw that made me delete the app and my account entirely a few years ago.

One of the big annoyances in life is being notified or bugged about something I don't need to be notified about. This keeps getting worse with modern tech all the time which has slowly led me to stop using anything I don't have full control over.


The one that got me to delete the app was when I went out one night on a first date with a woman, and then both the woman and I immediately started showing up in each other's "do you know" prompts.

There is probably an explanation for this that doesn't boil down to "FB watched our GPS and noticed our phones sat next to each other at the same location for several hours," but it still felt sufficiently creepy to make me uninterested in sticking around to figure it out.


> There is probably an explanation for this that doesn't boil down to "FB watched our GPS and noticed our phones sat next to each other at the same location for several hours," but it still felt sufficiently creepy to make me uninterested in sticking around to figure it out.

That's exactly what happened[1].

> "Location information by itself doesn’t indicate that two people might be friends," said the Facebook spokesperson. "That’s why location is only one of the factors we use to suggest people you may know.”

1. https://splinternews.com/facebook-is-using-your-phones-locat...


If one person searched for the other by name (you know, just to see if they're on FB and what stuff is publicly shared), then they may appear in PYMK.


Yea this I believe to be true as well. A few people I’ve matched with on tinder repeatedly showed up on PYMK soon after. Leading up to a date would only make sense that they would search by name on Facebook. More likely that than the information between the services


Tinder, like most apps, constantly call graph.facebook.com to report everything you're doing


If only that applied to everyone. Most people will get ten crappy notifications with one good one and go "Oh, well, not too bad." I think I used the 'People You May Know' feature a bit when I first joined but, as time went on, it really just became "This one guy who once worked at the same place as you and maybe knows someone you know". These algorithms are very smart and that's their problem - they overestimate the number of connections an average person makes.


I can tell you my kids' school is now driving a program to improve what I like to call "digital skepticism" (defense against dark arts?) - these are elementary school kids

I think Facebook's tactics were a landgrab before the global populace starts to build an antibody to pervasive advertising/spam/surveillance.

Clearly this needs to be bolstered by legislation/regulation.


A normal human can sustain relation with 40 relatives, 150 friends and 1000 acquittances. FB algos are (deliberately) tuned for twice those numbers.


I understand your point but honestly humans are varied. Some can handle more some less. People self regulate.


A good % of those were clearly people you are not friend with who had simply looked @ your profile. The fb algorithm chooses the ones that rarely log, to receive those as notifications. So you get addicted. Example: ‘that woman/man has probably looked @ my profile, I need to open the app and see whe she/he is’ I quitted too, what a wise choice!


In case anyone hasn't seen the John Oliver episode on it [1] , it is worth your 5 minutes

1. https://youtu.be/kxatzHnl7Q8?t=16


>This was the last straw that made me delete the app and my account entirely a few years ago.

Why not just disable notifications, or just uninstall the app without deleting your account? Facebook can still be of use to you without you being of use to it.

I've long used Facebook only for messaging and managing events because it's an effective and ubiquitous platform for both of these things.


> Why not just disable notifications

Many apps provide useful notifications but some genius somewhere realized they can get more eyeballs if they abuse the notification system. So you have to take the bad with the good or throw them both out.

What’s worse is some apps provide “fine grain control” which is supposed to allow you to decide what types of notifications you get. Some other genius had the idea to be very loose with what belongs in what category.

And yet another genius had the idea to spam email if phone notifications are disabled.

And they’ll let you disable that too... but yet another genius had the idea to “accidentally” forget all these settings.

So... I don’t know. Disable them, sure. It’s the advice that keeps on giving, I guess.


Why not just disable notifications

Possibly because some combination of his device/platform/Facebook didn't honor his request after a while. At one time it wasn't unheard of for an app to self-update and reset notifications and other settings.

or just uninstall the app without deleting your account

Revenge, probably. And/or to punish FB microscopically, but in the only way we can.

I've long used Facebook only for messaging and managing events because it's an effective and ubiquitous platform for both of these things.

Good for you. Not everyone lives the same life that you do.


> It’s almost certain that Facebook watches your email and sees whom you are contacting. Probably your calendar as well, to see whom you’re meeting with.

What? This is a pretty explosive accusation with very little direct support beyond "they've done things that this is similar to". How would they be able to do this for, say, Gmail and GCal users? I could see it being technically possible, but Google seems pretty likely to both frown on this and be capable of prevention.


> But monthly was a better indicator, because someone consistently on the service for a full month was likely there to stay.

That is not what a monthly active user is, even at Facebook. A MAU logs in once per month, a DAU logs in once per day.


Yeah exactly, and I think it was DAU/MAU that Facebook started obsessing over, not just MAU.

Is there a difference between an "active user" and just a "user"?


A “user” is an account. Active means logged in at least once in X periods.


It's not a mystery; Facebook was getting people to upload their contacts and mining those for People You May Know. Some ex might still have the divorced spouse in contacts, particularly if they share a kid. Two clients of the same psychiatrist will both have their shrink's number in contacts.


Imagine being talented and having your big heroes journey be within the context of something that is a net negative for the world.


Yes, Facebook got into our e-mail accounts. Yes, Twitter did too. They--plus Instagram and WhatsApp (all part of FB)--sell our data, corrode our personal lives, society as a whole, and democracy. Unfortunately, complaining about it won't be effective, as it's been proven to fail miserably for years. The only thing that's going to stop this is coming up with FOSS, fully distributed, not for profit alternatives that can do a good job at connecting people and serving humanity.


I'm pretty sure Facebook used to suggest people who searched for your name as a "Person You May Know".


Facebook absolutely did this. A couple years ago I had a junior dev under me that management would not allow me to fire. And it’s so much worse than just the person searching. His feed recommended my close connections to him just because I watched his page.

He spent 75% of most days working for personal clients outside our company. The remainder of his days were spent pimping his projects on Facebook to build his personal brand. He was not a rock star programmer. His work was beyond subpar and he needed extra time, not less. We weren’t connected but I stalked his profile for time stamps and evidence. He lived at least 1.5 hours outside my locations except for the office.

One day he overheard me and another coworker discussing Facebook oddities and he interrupted, “Facebook keeps recommending (insert my wife’s name) as a connection.” He did not know my wife’s name and they had never been in proximity of one another.


Interesting story but why mention that you were not happy with his work? It just seems orthogonal to the story (that FB suggested your wife, implying the social graph was built via your workplace to your wife and that he may have searched for you and you for your wife).

Not to dismiss your story, I am just interested about the reasoning.


No problem. I was just trying to give a little context for why I was stalking the guy. In trying to avoid looking like a creeper I see how it just came off as petty. Neither was my intent. I appreciate the check.


Ah, thanks that makes sense.


I deleted my original Facebook account almost 5 years ago, and this is slightly off topic but I recently made a brand new facebook account just to use marketplace, I gave the bare minimum of information you could give and even used a brand new email address, as soon as I entered my phone number to verify my account I got the creepiest friend recommendations, they must have been pulling them from whatsapp because they were insanely accurate, and that was just with my phone number, with a brand new account and a brand new email.


Ah, the wonderful feature the spies on my location to suggest me friends that are in my phone book, but aren't connected on Facebook in any way whenever I get to actually hang out with them.


LinkedIn does the same thing. The first week of my new job I even started getting the spouses of my new-coworkers in my LinkedIn "people you may know" feed.


Perhaps we should rename social media to viral media.


Almost everything grows “exponentially” when it grows (companies, population, virus infections etc). When exponent is 0.000000001 it is also “exponential” grows. And decline is also usually “exponential”. It is basic math and common sense. The author actually meant “fast”, and the word “exponential” is a marker of poor quality title.


Exponential means your input is the exponent, eg y=2^x or y=e^x.


Facebook also uses whatsapp contacts to show pymk. I added someone on whatsapp whom I never met, but was dealing for business in different continent and was shown in facebook very next day. I was not surprised, but decided to stop using facebook soon.


The most fun feature and also one of the biggest reasons I quit Facebook is that the people you unfollowed would get you in their PYMK list to punish me for silently unfollowing them.


It's also freakishly location sensitive lately. Like people sitting <5 meters of me rather than the previous...in same part of building level


For everyone ITT complaining about FP/IG/WA... If you are still using them, why? Why can't you just walk away?


Facebook ... the coronavirus of the internet.


You got a product when your users interact with other users while you sleep.


[flagged]


Infected People You May Know, got you infected.


Paywalled so I'll just barf my opinion about my feelings on that feature. I get recommended the most random people who are friends-of-friends I've never met. There have been so many bad suggestions that I assume they're all wrong.

I guess everyone else had the complete opposite experience based on the article title


I think they just err on the side of false positives. You can always ignore the friend suggestion if it's someone you don't know. If they fail to suggest someone you do know, that's a missed opportunity.

Some of this is inevitable. For example, their algorithm was eager to suggest one particular person to me, and it did so multiple times even though I did not know the guy. It was someone who had worked at the same company as I did, in the same department, but quit the company slightly before I was hired. So he and I had easily 10 Facebook friends in common. Facebook had good reasons to suspect that I knew the guy. Even though I didn't, I might have, and they have no way of knowing for sure, so they might as well just ask.


It is, or was, much more relevant about a decade ago when Facebook was still the de facto online gathering place for young people. In college, for me, the People You May Know feed was uncanny in how it suggested people that I had met in class or at a party.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: