Spotify is actually using Facebook for login, though, so they don't necessarily use App Ads. The original commenter only said that it's the reason most (but not all) apps use the SDK.
Facebook Login can be implemented with plain oAuth without sending any data to Facebook until the user actually uses the FB Login feature.
Regardless of which SDK features they use the SDK calls out to Facebook with the device's fingerprint and a persistent UUID every time the app is launched or brought back into foreground.
Would 100% suggest going the basic OAuth route with FB, and not relying on their SDKs whenever possible. Been bit by Friday-afternoon-PST deployments that wreak havoc until work starts Monday too many times :/
It's not exactly what you want, but just yesterday I made AccountsJS work with Facebook OAuth.[1]
I was glad today when watching this newsline, to have avoided the facebook SDK.
I think OAuth is usually better because every major provider has some version of it and so you basically can implement them all the same or at least in a really similar fashion.
Ah. I'm thankful for the opportunity, err... requirement to trade my privacy for others to have one fewer password to deal with. And of course for Facebook to have more personal data to munch on.
I'm not really sure what the problem is here. You are perfectly free to not use Spotify, or any other app that chooses to utilize Facebook login or other components of the Facebook SDK. Spotify made their choice to use the SDK for whatever gains they get out of it, and as a customer you can choose to not use their service or app if you disagree with that.
There's even comments in this HN thread that point you on how to do it on Android if you're so inclined.
This is really just a variant of the "and yet you participate in society, hmmm" argument.
At some point users are allowed to complain about shady behaviour done by huge corporations with resources they use to try to thrust their way into everyones lives.
And at some point, companies are allowed to make their own decisions about how they want to instrument and monetize their products. This general complaint about not liking a component of someone else's software doesn't resonate with me at all. Not that you're wrong, but we just have different values.
I sometimes will load a website that uses React when really it's just a static content site. It just gets tiring, and doesn't add to the conversation, when every discussion about an article that could be HTML devolves into that. I get that other people feel that way, and in many ways I share their values... But it becomes its own sideshow and hijacks the otherwise interesting conversations, without adding anything new.
<< I get that other people feel that way, and in many ways I share their values... But it becomes its own sideshow and hijacks the otherwise interesting conversations, without adding anything new. >>
With sincere respect, I don't understand this argument, in general, whenever it comes up. Whenever I find a discussion unhelpful or tedious, I move on or mute it. Often, I've been in an interesting online discussion, and someone pipes up with the wish for everyone to stop talking about this topic because it's not interesting, when they have the tools available to not follow the discussion.
>> And at some point, companies are allowed to make their own decisions about how they want to instrument and monetize their products.
No, they are only allowed to monetize according to laws and regulations. There is nothing magic about software making it right to disregard laws or not having respect for customers. It feels like some think software should be where to world was at the start of the industrial revolution, where companies could do what they wanted and there was no laws stopping them from dumping acid in the river.
Obviously companies can choose how they want monetize, that doesn't mean you are obligated to defend then when what they're doing is scummy it immoral.
Why deflect criticism.by saying "well you don't have to use their app now do you?"
When a person does something immoral rarely do people defend them by saying "well you don't have to engage with them now do you?
Why not debate the morality or legitimacy of the act in question rather than deflect try to deflect the criticisms?
Spotify made their choice to use the SDK for whatever gains they get out of it, and as a customer you can choose to not use their service or app if you disagree with that.
Wrong. At least for EU citizens.
If Spotify are collecting data in this way (and not only using the SDK for Facebook Login), they are in violation of the GDPR. There must be clear unambiguous consent to collect the data in the form of an affirmative action of the user and it must be possible to use the app without giving consent, because the Facebook data collection is not essential for the app to operate.
If they do share data with Facebook, Spotify should be scared, since they are definitely large enough to be on the radar of the EU or national bodies.
Moreover, outside the EU it would be dumb for Spotify to say "just don't install the app if you don't agree". The 10 Euro per month that premium users pay is worth more than some Facebook tracking.
> If Spotify are collecting data in this way (and not only using the SDK for Facebook Login), they are in violation of the GDPR.
It's kinda worse. They "only" open the gate wide and any of your data they can see is there for Facebook to take. It can feast on any data it can grab with the same permissions the main app has. Like a fucking virus from MS-DOS times infecting binaries, but this time developers are doing it quite voluntarily.
There should be more visibility on where a user's data is going. User's should be informed, similar to malware sites, they should be informed "this website is sending your data to the following companies" etc.
For the average user out there, the fact is, most people only care about privacy when there's a breach/outage/scandal of some kind. Otherwise, the average person is not going to have "zomg fb is spyware" on their mind.
If apps start charging money, there would be a significant drop in the # of average user installs. Then the app would only make money off of privacy focused users, which is comparatively small.
>For the average user out there, the fact is, most people only care about privacy when there's a breach/outage/scandal of some kind. Otherwise, the average person is not going to have "zomg fb is spyware" on their mind.
Because they don't know.
Like every industry, there are practices involved to which the layman is oblivious. It is important to remind ourselves that the reason the majority of users aren't vocalizing their concerns with these unsavory practices isn't because they don't care but because they don't know.
The 'not knowing' part happens when the outrage is then transferred to any app which does integrate the FB SDK (like zoom). We as developers have sortof taken for granted that the FB/Google/etc SDKs can do no evil. Maybe that attitude should change, because public opinion certainly has.
>The 'not knowing' part happens when the outrage is then transferred to any app which does integrate the FB SDK (like zoom).
Sorry, I'm lost here. Can you elaborate?
>We as developers have sortof taken for granted that the FB/Google/etc SDKs can do no evil. Maybe that attitude should change, because public opinion certainly has.
Previously, you mentioned
>If apps start charging money, there would be a significant drop in the # of average user installs. Then the app would only make money off of privacy focused users, which is comparatively small.
I don't have any reason to believe sales would lessen if a formerly "free" application began charging. The difference, however, I have no idea. You mention "significant" which is, of course, relative.
It isn't difficult to see the incentive at work in this scenario:
a) I could charge a nominal fee for use of my software, foregoing the unsavory practices discussed in this thread, and make X amount of money.
b) I could sell my user out and potentially make more than X amount of money. How much more? I don't know, but more.
That makes sense if you're talking about ads in the app, but that wasn't the discussion. The discussion is about the marketing folks running ads on Facebook for the app and wanting to know how effective those ads were.
If the software developer would charge a reasonable price directly to the user, they wouldn't have to use intrusive and unreliable libraries like Facebook SDK.
