Hacker News new | past | comments | ask | show | jobs | submit login
Fury at Facebook as login requests “Government ID” (thedrum.com)
207 points by bgtyhn on Oct 29, 2013 | hide | past | favorite | 226 comments



One of my least favorite memes in western society is that individual people actually believe that the government has some say in defining your name or the boundaries of your family.

Everything from the idea of "legally changed his name" to "same-sex marriage" illustrates the problems of turning to city hall for approval or consent of individuals' and families' deeply personal and private matters.

I wish the US had two more constitutional amendments: our bodies are property belonging to us individually and we are free to do with them as we please (solves abortion debate, war on drugs, assisted suicide, et c) and that government has no authority to regulate private familial matters such as what terms we use to call ourselves, what terms we use to call our loved ones, or who is within or without our families and the terms we use to refer to them (solves the current state of marriage inequality for homosexual relationships and also the discrimination against families that practice nonmonogamy, as well as any other oppressive status-quo reinforcement these assholes may come up with in the future).

It takes a very special kind of oppressor to tell you what words you are allowed to use to call yourself, what things you are allowed to do to your own body, and who you are allowed to love and allow into your family.


I'm going to take issue with just one statement here because I'm short on time -

> special kind of oppressor to tell you ... who you are allowed to love and allow into your family.

They don't. You can have a polygamous marriage all you want, you can have an open marriage, you can be as gay as you want.

However, husband, wife, father, mother, son, daughter and what not also have legal ramifications, and that is where the law has domain. It has nothing to do with any morality associated with the relationships.

The gay marriage issues stem from a misunderstanding, willful or otherwise, of that. The marriage the state cares about is the contract between two adults, it doesn't give a damn about your morals or god.


> You can have a polygamous marriage all you want

No, you can't. It's illegal in most states (see how the "Big Love" family had to move due to pending prosecution in Utah).

> you can be as gay as you want.

Not if you're male - sodomy is illegal in many states (despite a Supreme Court ruling that pretty much shuts them down) in the US, and many other countries entirely [1].

> [The law] has nothing to do with any morality associated with the relationships.

Laws are derived from the morality of their times. The laws against murder, and exceptions thereof, are based on what society believes is wrong and right.

[1] http://en.wikipedia.org/wiki/Sodomy_law


> Not if you're male - sodomy is illegal in many states (despite a Supreme Court ruling that pretty much shuts them down) in the US, and many other countries entirely [1].

Even if the law is on the books in some states, it cannot be enforced due to the ruling in Lawrence v. Texas (https://en.wikipedia.org/wiki/Lawrence_v._Texas). Also, sodomy is not limited to gay men (https://en.wikipedia.org/wiki/Sodomy).

> Laws are derived from the morality of their times. The laws against murder, and exceptions thereof, are based on what society believes is wrong and right.

Certainly there are laws based on morality, but it's absurd to claim that all laws are. Laws regarding the legal status of married people also help standardize common relationships. Can you imagine having to precisely define your non-married long-term relationship every time you fill out a form at the doctor's office or bank? The legal concept of marriage exists largely to codify the shared responsibility of each spouse when it comes to contracts, financial obligations, child care, etc.


> You can have a polygamous marriage all you want

>No, you can't. It's illegal in most states (see how the "Big Love" family had to move due to pending prosecution in Utah).

Yes you can, you can not however have more than one legal wife. You can marry wife #1 (marriage certificate) and this person will be the only wife the law cares about. You can then have any religious or whatever ceremony to marry any number of other women and you can all live together any way you wish. You can do this because the state doesn't care about the religious ceremony. You can not legally marry more than one woman, the women must know they are taking part in a polyamorous relationship and they can not be coerced into it. Again, the legal definition of marriage and what you call being married do not have to match.

As a side not, it is basically impossible to find what you are referring to with 'the "Big Love" family' since it appears to be a TV show as well. So I can't say anything about it.

> Not if you're male - sodomy is illegal in many states (despite a Supreme Court ruling that pretty much shuts them down) in the US, and many other countries entirely.

This is the best example of how the law and individuals differ. Legally (in the US), sodomy is defined as any sexual contact other than vaginal intercourse. Ever had a blow job? Congratulations, you could be charged. It has noting to do with being male, lesbianism would be charged with sodomy as well.

In the US, you can be as gay as you want.


> > > You can have a polygamous marriage all you want

> > No, you can't. It's illegal in most states (see how the "Big Love" family had to move due to pending prosecution in Utah).

> Yes you can, you can not however have more than one legal wife. You can marry wife #1 (marriage certificate) and this person will be the only wife the law cares about.

Whether this is true or not depends on the details of the state law, but its certainly not true in, e.g., Utah, where the relevant statute [1] looks at cohabitation as well:

(1) A person is guilty of bigamy when, knowing he has a husband or wife or knowing the other person has a husband or wife, the person purports to marry another person or cohabits with another person.

(2) Bigamy is a felony of the third degree.

(3) It shall be a defense to bigamy that the accused reasonably believed he and the other person were legally eligible to remarry.

[1] Utah Code, tit. 76, chap. 7, sec. 101; http://le.utah.gov/code/TITLE76/htm/76_07_010100.htm


> see how the "Big Love" family had to move due to pending prosecution in Utah

Presumably -- and I am somewhat embarrassed to be able to catch this mistake -- you are referring to the actual family featured on the reality show "Sister Wives" [1], not the fictional family featured on the show "Big Love".

[1] http://en.wikipedia.org/wiki/Sister_Wives


You are quite correct. Can't edit anymore, but that is the correct title of the show I was referring to.


> Laws are derived from the morality of their times.

Yes and no. Some laws are universal wrong - like murder. However, government laws like banning drugs are based on the feelings and opinions of the people at the time.

Both of these are evident from the history of civilizations. Murder has always been wrong - drugs not so.


Many of the "legal ramifications" are legal priveleges. Your spouse can visit you in the hospital and be listed on your insurance policy. If your spouse is not legally recognized as your spouse then those benefits will be prohibited to you. Many other favorable incentives such as tax benefits rest solely on what the state thinks of your relationships, and not what you think of them.

In some jurisdictions, the state can decide that you are formally and legally married even if you have never filed for a marriage license[1].

Like it or not, what the state thinks about your relationships can impact your life enormously.

[1] http://en.wikipedia.org/wiki/Common-law_marriage


These legal ramifications should be either abolished or applied to everyone who applies those titles equally. Anything else is state-sponsored discrimination and harassment, which is our current sad state of affairs.


Your wife can mandate health care when you are otherwise incapable. You have 7 wives. Who has final say.

You get a divorce from one wife. What does she get?

These are just two things off the top of my head that throw a monkey wrench in things making the 'just abolish it' not quite as simple.

As for 'state-sponsored discrimination and harassment' just no. That is people and their attitudes, legality has nothing to do with it. Blacks weren't seen as equals and without harassment just because slavery became illegal and they could vote. Homosexuality is legal, but again, individuals don't harass based on legal status.

You are conflating legal issues with personal views of morality, they are not the same thing and have very little to do with each other.


Your wife can mandate health care when you are otherwise incapable. You have 7 wives. Who has final say.

I do. In the contract.

You get a divorce from one wife. What does she get?

Whatever the contract says.

Any other questions?


What contract? Are we going to have a standard contract specifying what you want to happen in every conceivable situation? Just imagine a some medical issues that could come up: kidney failure, liver failure, vegetative state, amputation, DNR, transplants, organ donation, etc.

Any number of unimaginable situations could come up, which wouldn't be covered by a contract, and which a human being has to make a decision that directly affects your life.

How do you handle loans? If I have 30k in debt, and I marry into a polygamous marriage, do the other spouses carry my debt? What if I die, then who owes the money? Not all tricky legal issues can be covered with a "well let's just make a contract."


Grep the US Code for "spouse", write a contract that covers those things?

> How do you handle loans? If I have 30k in debt, and I marry into a polygamous marriage, do the other spouses carry my debt?

I don't even know how this works with two people. I was under the impression that finances are separate unless you deliberately merge them, and that doing so is orthogonal to marriage.


What contract?

Exactly. That's the problem I have with marriage. So much for the rule against perpetuities, among other things.

Not all tricky legal issues can be covered with a "well let's just make a contract."

Sure they can. If one Fortune 500 company merges with another, the resulting contracts are thick enough to fill multiple heavy leather-bound volumes the size of major metropolitan telephone books. The lawyers are paid to think of everything that could go wrong.

So it's not debatable that an adequate legal framework for simple domestic partnerships can exist, it's just that for some reason, people don't bother.


> That's the problem I have with marriage. So much for the rule against perpetuities, among other things.

Since a marriage is always complete within the lifetime of a person living at the time it is formed, it has no problem with the rule against perpetuities.


Really? So I can sign a contract to work for you for the rest of my life, and no judge will blink at it?

To the best of my knowledge, only the institution of marriage and the Church of Scientology offer a deal like that.


> Really? So I can sign a contract to work for you for the rest of my life, and no judge will blink at it?

A judge might blink at it, but not because of the Rule Against Perpetuities, which, generally, requires that a valid interest must vest within 21 years after the death of some person alive at the time the interest was formed.

A contract in which all obligations are complete at the end of any life in existence at the time the contract is formed may be invalid for any of a variety of reasons, but the Rule Against Perpetuities isn't one of them.

> To the best of my knowledge, only the institution of marriage and the Church of Scientology offer a deal like that.

Contracts granting life interests in real estate, which are also valid under the rule against perpetuities and were quite common when the rule first came into existence also involve commitments of similar duration. Commitments that last the length of a particular life (of a long fixed period of time, like 99 years) are not at all uncommon in contracts.


> Your wife can mandate health care when you are otherwise incapable. You have 7 wives. Who has final say.

Establishing a rule for priority in this situation is fairly straightforward. The most obvious rule is to support a pre-need declaration of priority if one exists, and otherwise default to an oldest-marriage priority.

> You get a divorce from one wife. What does she get?

This is essentially an identical issue to dissolution of a partnership with more than two partners, and as such is pretty well already solved by the legal system.


> "Blacks weren't seen as equals and without harassment just because slavery became illegal and they could vote. Homosexuality is legal, but again, individuals don't harass based on legal status."

When blacks became legal equals it went a long way towards their being considered cultural equals throughout society. The underlying motives for harassment may not be due to someone's legal status, but the legally endowing someone with less rights because of their race/sex/orientation/etc gives a lot of ammo to people who want to harass them.

> "Your wife can mandate health care when you are otherwise incapable. You have 7 wives. Who has final say."

Unless otherwise specified, the first wife could have final say. Or the last. Any consistent system would work here. Important decisions about your health and property should really be decided and specified in advance by the individual.

> "You get a divorce from one wife. What does she get?"

<value of assets subject to forfeiture due to divorce>/<number of wives pre-divorce> seems reasonable. These are not hard problems. Courts exist to settle exactly these issues.

The parent comment expressed a moral principle that it is wrong for any government to usurp your authority to form relationships according to your own desires or to legally recognize or withhold legal recognition (where necessary) from relationships in which it has no business. You are looking at implementation details and saying that because a change of this magnitude causes some practical problems (which would not be surprising) the moral premise is flawed.


I'd like to point out that your amendments do not solve the problems you mention, as they fail to include how your choices affect others. A variant of the two-body problem, if you will.

Let's pick drugs. Half of the drugs regulations deal with keeping you from killing yourself, which your approach would simplify (although sounds like a variant of "let's solve stupidity by removing warning labels and let the problem sort itself"). The other half, however, is how this change would affect society as a whole, and drug addicts are a burden on society (see: homelessness, hospital costs, correlation with violent crimes, impaired drivers hurting others, etc).

Of course, we know you would never become a dangerous addict lying in the streets arguing with yourself, but you can be damn right that I almost certainly would. And that's why, as I see it, Society (represented by the Government) jumps in and says "no drugs for either of you".

The other points follow a similar line of thinking.


"Some people are irresponsible" does not justify the universal deployment of terrible and profound oppression such as you describe.

Indeed, we have attempted it. Remember prohibition? We still have myriad addicts, have wasted unconscionable amounts of money, and senselessly ruined staggering amounts of lives attempting to pretend that society has claims to or on the physical body of an individual.

If the "burden on society" argument was in any way real, cigarettes and alcohol would be outlawed. It's simply a red herring.


I'm not sure about the US, but in Germany at least heavy taxation of cigarettes and alcohol is justified by "burden on society". There are more than two options (not do anything vs. outlaw).


> (see: homelessness, hospital costs, correlation with violent crimes, impaired drivers hurting others, etc)

Those are consecuences of being outlawed, not of consuming substances. Blame the prohibition and not the substances. The proof of this is simple: just compare. Compare people drinking coffee today and in 19th century Russia (where it was prohibited). Compare people drinking alcohol today and in early 20th century USA. Compare people using opiates today and in the roman empire...


Wouldn't solve the abortion debate. I used to say the same thing until someone explained to me that they are fighting for the same rights of the unborn children.

I'm not saying that position is right or wrong; I'm just saying that said position exists.


A person holding to this position will have no problem with a woman wanting to cut off a finger or remove a toe, but as soon as you consider the unborn to be a person that has a body, every right given to someone with a body would be extended to the body in the womb.

Not trying to start any debate (I promise), but I would say it does solve the issue with abortion, because there is a human body in the womb, and would therefore have rights protecting it from being killed.


It does not, because the whole point of the abortion debate is that many people don't think that there is a human body with rights in the womb. The only thing that would 'solve' the abortion debate is clarifying the legal status of unborn fetuses as rights-bearing humans; clarifying the rights of humans without specifying who counts as human is pointless for this purpose.


I didn't want to start or get into a debate, but I'll bite for a second :)

I have a really hard time understanding how some can claim that a body in one location is human, but that body in another location is non-human. How should it be classified? Is it even homo sapien or a different species (or no species)? Is a baby half delivered half human?

The argument is really whether or not women have the right to kill that human body, or whether or not that human body in her womb has any rights on its own to live.

edit: spelling


That's why we use the term "fetus". It's not a baby, and it's also not not human. It's in an intermediate category, which is the whole reason there is a debate at all.

IMO, both positions—the fetus is "my body" and I can do what I want with it—and—the fetus is a full human being, a person, like everyone else—are disingenuous. It's okay that a fetus be neither, and that we have special rules governing that situation. A fetus doesn't have to fit into pre-existing categories.


We are all humans in some intermediate category, and to say a human of some category (like a fetus) has no claim to its right to life is pulled out thin air.

This is all word play. If you look up the etymology of the word, fetus at one time even referred to the newborn. The only thing distinguishing a fetus from a human these days is a fancy, made-up definition.

Last though, if we change the definition of fetus to mean "full human being in the womb," would it then make it morally right? It's interesting that the morality of this issue hangs on what Merriam-Webster has to say.


The only thing distinguishing a fetus from a human these days is a fancy, made-up definition.

Actually, it is a physiological difference from other stages of development of the human organism: a fetus doesn't breath. It's also not a physically-independent organism, it's attached to another (adult, female) human. Those two characteristics alone are enough to distinguish a fetus from every other category of human (newborn to adult). Fetuses are also a specific age, specifically, the 9th week after fertilization extending until the time the fetus is born—whenever that is.

As I said, there's nothing wrong with placing a fetus into it's own category of what constitutes a human, just like we do already with newborns, infants, toddlers, children, pre-teens, teens, young adults, adults, middle-aged, and the elderly.

We also have different sets of laws for all of these categories. (For example, the elderly get free health care, teens can't have sex with young adults, adults, and older, and people under 21 can't drink alcohol outside the home, etc.)

There's no contradiction with deciding that a fetus is its own category, and still saying "you can't kill a fetus". But trying to win the argument by saying a fetus is a "full human being in the womb", and that's why you can't kill it, as you suggest, isn't going to fly: you can't win an argument simply by redefining the words that you use, by eliminating distinctions that do, in reality, exist, so that your own preferred morality becomes the only choice.

Actually, you seem to be endorsing "word play" by trying to deny that such a thing as a "fetus" even exists, even though literally every single person reading this comment knows what a fetus is, and knows that it's not a newborn, adult, elderly, or any other category of human you seem to want to combine it with.

That fact that everyone can distinguish a fetus from every other form of human is prima facie proof that "fetus" as a category of humanity is valid. What laws should apply to a fetus are secondary, and must be established independently, not by trying to merge it with some other category so that your preferred set of pre-existing laws apply.

-----

As an aside, efforts on the pro-life side to make human-ness the defining, end-all be-all attribute that gives an organism a "right to life" are misguided as well. We recognize numerous situations where humans do not have a "right to life". Here's a few:

- The human has committed first degree murder, and been sentenced to death in a jurisdiction that does capital punishment. That human no longer has a "right to life".

- A human is attacking another human, and is killed in self-defense. That human also does not have a "right to life".

- You're at war. Any human acting in a military fashion on the other side, who has not already surrendered, does not have a "right to life". You can (and are supposed to) kill them on sight.

(And there are more.)

So, merely being "human" does not grant an organism a right to life. It's always a contingent right, and obviously "up to the humans who create and enforce the laws", not on some universal law or morality or whatever. We take away the "right to life" of other humans whenever it seems right or necessary to do so.

Given all that, a fetus is clearly a human organism in a bit of a pickle: it can't breath, it's physically attached to the mother, for much of it's time as a fetus it's not even viable outside the womb, etc. There are clearly two humans involved whenever we are talking about a fetus, which if you'll notice in the examples earlier where a right to life does not exist, is a feature of all of them.

IMO, pro-lifers would get farther if they treated human fetuses as the separate category they actually are, and built up a case why we should curb some or all of the rights of the other human involved, in favor of the fetus. I believe such an argument can be made from first principles, not by appeal to a non-existent "right to life" that supposedly all human organisms have (even though they don't, as show above).


Just wanted to say a big thanks for a very time-intensive reply, one of which will probably only be seen by me. I wish we were sitting somewhere and could chat it over, but alas we're in the comment wastelands. I'd be more than willing to email back and forth about it if you're interested.

I did want to make one clarification while trying not to be "that guy" who's always trying to get the last word. In my comment, I wasn't trying to redefine what a fetus is, but rather trying point out that the fetus is in fact a human, and humans are endued certain rights that are naturally theirs (which are apart from government laws), one of which I believe is the right to life (especially innocent humans). If this right does not exist apart from governments, but rather exists because of governments, then we really don't have a common ground on which to argue.

I was also saying that the word fetus at one point could be referred to newborns, so the definition (like with many words) has changed down through the years. Words are words, and they are only helpful for us to get to the essence of something. My question I'm trying to get to is, when we talk of a fetus, to what are we referring?

I will concede any last words to you, sir, if you wish. Thank you again! And sorry for all the parenthesis.


> The only thing that would 'solve' the abortion debate is clarifying the legal status of unborn fetuses as rights-bearing humans

That is the debate. Your statement is tautological.


> and would therefore have rights protecting it from being killed.

So what about the rights of the mother to suicide? Don't those rights conflict?


Though I'm not arguing for what the original commenter was arguing for, I don't think it would be a conflict in their line of thinking. I think the OP would argue for the right to suicide, but not for the right to commit suicide by head on collision with another car. It's the same idea.

Plus, we would want to be very careful with pregnant women wanting to commit suicide, because their body is going through so much stuff at the time. Those desires could very well be contrary to what the woman is really living for. A pregnant woman with suicidal desires (in OP's argument) should be seen as someone who needs assistance to live, not assistance to die.

Again, just stepping inside that thinking and not necessarily arguing for/against OP's argument.


You are welcome to live in the wilderness and call yourself whatever you want. If you want to live in a society you have to abide by rules to facilitate living together.

Never has a legal name been an only name. Chinese names ,nicknames, Jewish names all exist.


The same argument applies equally to authoritarian regimes. Maybe sneak doesn't want to live in a society that enforces these rules, but simply has no other alternatives. Telling someone who criticizes their society to either take it or leave it is immature, and if such an attitude is widely adopted by the society as a whole it will simply cease to improve.


When you live in a society of hundreds of millions of people, all with their own view of how society should be run, you have to accept a certain amount of "take it or leave it," otherwise it will quickly devolve into paralysis or anarchy.


If I have a contract with John Doe, I need to be aware of any name changes of him. How do you identify someone who changes names constantly?


> I need to be aware of any name changes of him

You don't.

You have a contract with the person currently calling themselves John Doe. When they call themselves Jo Doe and then Jack Bob and then etc it's still the same person.

Currently in England you're allowed to call youself what you want, so long as you don't have the intention to deceive. In practice, 'deed poll' or marriage certificate are handy if you want people such as banks or doctors or airlines to actually use your new name.


With each passing day, I look less and less like a lunatic for avoiding facebook (and its ilk) like the plague.

You should try it.


I love how the HN type of people come into Facebook threads like this claiming that using the site is bad and that they are above everyone for never using it.

It's not that simple for people that aren't in the same circles as HN readers. Younger generations utilize it as their primary means of keeping in touch with people. That's fine if you get along well without it. But take a step back and look at all the teenagers who grew up with never not having Facebook to keep in touch with their friends/setup events/etc. You remember how difficult the social aspect of your younger days were in school.

Facebook/Twitter/Instagram alleviate some of that for the younger generation. I've seen that in many youth that I've worked with over the years.


I understand your point, but it IS that simple. My social network completely uses facebook, I do not. They invite me to things in person and respect my choice, and if they didn't, they would not be my social network.

It seems you are talking about boils down to peer pressure ... how many after school specials about how not to give in do we need?


Which risk is easier to judge and would seem smaller for 90% of teens: "I miss some (or even most) of my peer's social events" or "Facebook may give certain government agencies my information". Resisting peer pressure is a risk assessment and without some impressive "here's what smoking does to your body"-pictures it's a hard sell.


This argument basically boils down to "everyone else is doing it". That's nuts. This is no reason to keep doing something against your own self-interest. Replace the word Facebook with texting while driving and reread your comment.


"Texting while driving" has a simple, safe, more-or-less equivalent substitute: texting while not driving. Facebook, insofar as it is a widely-adopted and community-preferred communications tool, does not: network effects and all that.


Actually it does. The more or less equivalent substitute to "communicating on the internet with Facebook" is "communicating on the internet without Facebook".

Facebook is a subset of Internet communication just as driving is a subset of texting scenarios.


So you're asking people to beseech their friends to adopt regular usage of some alternative to Facebook (email, Jabber, Google, etc.) solely so that they can stay in contact. That's equivalent to asking someone "could you please go to my blog regularly to see if I have anything to say to you?".


I am not asking anyone to do anything. I am just saying that it is possible to communicate outside of Facebook. The choice of tools and exercise of free will that make it a realistic possibility for each individual is up to them.

The idea here is not simply about using an existing alternative network. The idea is that creating an alternative network is always a possibility, and that free will exists.

The "network effect", while a real observable phenomenon, is still a flawed rationalization for the existence of a network, and undermines that thing which actually propagates the network - the free will of the individual.


The difference is that you can reach the exact same people paying the exact same amount of attention to the exact same channels by choosing texting-at-rest over while-driving.


It might alleviate a few problems, but a. There are better solutions, and b. there are much, much worse problems caused by Facebook.


I agree with both, there are cases that support that. But in general it is a very valuable tool for kids trying to fit in during their pre/early teen years.

Now teaching kids how to properly use technology and social media is another aspect that many non-tech savy parents could use some coaching I think.


Do younger people really use Facebook though? The only person I actually know who still uses it is my Grandma, who just plays scrabble on it.


I have been thinking about it, but around here Facebook is so common it would be weird not to have it.

My friends never send SMS any more, they use Facebook messenger. Nobody asks you for your phone number, they ask to add you on Facebook. Nobody invites anyone to anything without creating a Facebook event.

If I suddenly leave Facebook I am certain I'll also lose out on a lot of social life.

What do you use for instant messages? Do you just use email a lot more?

I really wish some kind of distributed social network could take off the way Facebook has. I do not want anyone to keep my data as much as the next guy, but if you want to be a social person in 2013 (at least here), you kind of need to have a Facebook account.

A guy I met at the start of the semester is a german exchange student. He had to create a Facebook account when he got here because pretty much everything happens on Facebook. Some things do not even have their own website, just a Facebook page.


> Nobody invites anyone to anything without creating a Facebook event.

> If I suddenly leave Facebook I am certain I'll also lose out on a lot of social life.

This. You can't expect people to set up and populate their own mailing lists to notify everybody they want to invite to their birthday party or share news of their engagement.

I hate it too, but the reality is that being off facebook means losing touch with people that you don't have to lose touch with. Very, very few people will make an effort above and beyond the default choice these days (facebook events) to notify/invite you to stuff that involves more than a half-dozen people.


Before Facebook, there was this thing called "the Grapevine", a decentralized communication network of people who were so intensely interested in everyone else's doings that you couldn't stop them from keeping you up to date about it. I have not, despite my best efforts, been able to unsubscribe from it.


and that "Grapevine" usually resulted in news of your engagement turning into a story about how you helped Maverick engage MIG's over the Bering Strait just in time to save Iceman.

...am I the only one who remembers "The Telephone Game" from pre-school?


Sounds like the friends you are talking about really don't care about you that much. I wouldn't consider them friends.


Oh please, let him decide that.


One could always maintain a very skeletal Facebook account. No "liked" movies, TV shows, etc., one photo, no bio other than whatever is necessary.

You wouldn't be contributing much to FB's market research efforts, but that's OK; you'll still be able to connect with schoolmates and cousins and get invited to parties.


That might very well work, but part of the problem would be the content others generate about you. Pictures and video of you, mentions of where you have been and so on.


I hear ya. And you know, I've come across a few morons who insinuated to me that I am anti-social and have Aspergers' because of my resistance to using Facebook.

I think this is the genesis of it all: http://www.dailymail.co.uk/news/article-2184658/Is-joining-F...


All privacy questions aside, I quit Facebook simply because every time I used it, the "after taste" was that I'd wasted my time and made myself stupider in the process.

The good news is "real life" still works perfectly fine for social interactions and a positive side effect is another source of distractions eliminated - I'm a fan of http://focusmanifesto.com/


> All privacy questions aside... ...I'd wasted my time and made myself stupider in the process.

You perhaps need to find smarter friends then.


Really? All my friends who use facebook at first thought it was a useful tool, and then slowly the bloat beyond the first few friends you actually give a shit about occurs. Your feed started becoming invite spam and people who you dont even really know commenting on their breakfast or their kids or their cat doing a dumb thing.

All I can think of when I see this on other people's screens (though most of the app invite spam has been taken care of): "Great minds discuss ideas; average minds discuss events; small minds discuss people." Eleanor Roosevelt


Never ever registering or browsing facebook was the obvious thing to do, at least it is for people who have been around and online for a while. It's the total opposite of the web and the internet, not pseudymous, centralized, using shady tactics to grow, spamming at times and so on. I don't care everybody, their grandma and their dog have an account, until it is decentralized p2P, encrypted and my data stays my own and in my own vicinity, I won't be part of so called "social network" services/websites. I have email already.


Where did you find this encrypted decentralized p2p email service?

Edit: I guess there is a obvious solution, you and all your friends hosts personal mail-servers, correct?


Don't be shitty, you know the idea is that you CAN set one up and use the same features, or you can freely switch providers. Try that with Facebook. It's like using AOL or something.


I tried it for over five years. Many people use facebook messaging as their primary form of text communication these days.

Texting is expensive and regional, and nobody uses email, wants to remember email addresses or IM handles, or deal with spam. WhatsApp totally fucked themselves by not running on tablets.

For lots of people, the most effective way to reach them quickly is facebook messaging. That's fact, not opinion, and how intrusive or shitty facebook is totally irrelevant to that point.

Not having a facebook account means that you are sabotaging your own communications effectiveness.


"Texting is expensive and regional, and nobody uses email, wants to remember email addresses or IM handles, or deal with spam. WhatsApp totally fucked themselves by not running on tablets. For lots of people, the most effective way to reach them quickly is facebook messaging. That's fact, not opinion, and how intrusive or shitty facebook is totally irrelevant to that point. Not having a facebook account means that you are sabotaging your own communications effectiveness."

The people who'd do this are exactly those people I don't feel any need to communicate with. Is it work-related? E-mail and sometimes phone are given. Is it not work-related, but urgent? I still have a phone. Is that costly? Perhaps, but if you have six urgent things to communicate every day, perhaps you have a much worse problem than having to pay a lot of money. Is it anything else? Well, what could it be? I have no idea.

Frankly, this whole "you have to live a hectic social life, everyone's doing it!" movement puzzles me.


> The people who'd do this are exactly those people I don't feel any need to communicate with.

Okay, so you're a snob. Doesn't change the fact that you're shooting yourself in the foot.

There's nothing about wanting to be able to effectively communicate with people who use facebook messaging as their primary form of textual comms that dictates or necessitates a hectic social life.


Okay, so you're a snob.

No, I'm just an introvert. I have a few people to who I feel deeply connected to, and our exchanges are rare yet substantial. But these don't require IM or anything like that. I don't know anything about "shooting myself in the foot". I just don't have the impulses that some other people do (frankly, for me as a schizoid, people are very puzzling entities).

Also, "effectively communicate" is such wonderfully non-specific expression that I don't know what that even means.


Nobody uses email

This is an absurd statement - over 1 billion people use email, far more than actively use FB messages.

Many people use facebook messaging as their primary form of text communication these days.

Many people don't. I've never had an account and never had a problem in my professional or social life as a result. It's just never come up. If your friends all use Facebook, tell them it's a bad idea (for many, many reasons, including the one pointed out here) and to contact you with email/phone/text/twitter whatever other method they prefer. If they can't be bothered, they are not your friends.


I'll make a slight addendum: Most people have an email address if they frolic online, however I rarely meet people who prefer to conduct communications over it. Of course, they need one for FB or Twitter either way, but...

Either they go to FB or DM over Twitter or some other "social thing", but they view email as far more cumbersome. This is especially true with family these days as the first question I get is, "are you on Facebook". It's an inescapable part of society nowadays in that they view the site as something-other-than-internet and more user-friendly, more quick and more "connected", if that's the operative word, than email.

Sending/receiving text is over FB chat is still viewed as preferable to the not so straightforward method of email. Even the venerable IRC is viewed as less acceptable; "wait, don't I need a client or something for that? Won't I get viruses and stuff?" Never mind the fact that they still need a mobile client to chat over FB or Twitter, but they view it as "it came with the phone".

Bottom line: FB and Twitter have taken over communication where email once ruled for the vast majority of people I interact with. They can't be bothered with email, but they still are my friends and family.


I've never used Twitter or Facebook, and I have zero problem communicating with friends and family, nor have I noticed any difference in my communication with anyone regardless of wherever they spend their free time on the internet.

If someone can't be bothered to send you an e-mail or call, you might want to reconsider how close those people are to you.


> If someone can't be bothered to send you an e-mail or call, you might want to reconsider how close those people are to you.

Indeed, it would be very neat if the world worked that way. Unfortunately, I have, and they are, and they don't use email.

I was on facebook for ~2 years, was off for five, and have been back on for about a month. The frequency and quality of communication with almost everyone I care about and don't see often (I moved continents from where I grew up) has increased dramatically.


> I was on facebook for ~2 years, was off for five, and have been back on for about a month. The frequency and quality of communication with almost everyone I care about and don't see often (I moved continents from where I grew up) has increased dramatically.

I'm in a similar boat, almost.

A few years ago I finally succumbed to getting on FB. But after a few months I got spooked again, because of this seemingly never-ending barrage of FB-related privacy scandals at the time (and due to my interests I got a lot of such news). So I deleted the whole thing--wait no I merely shut down the account, they'd never let me delete the whole thing hahahaha :)

But currently I'm really on the fence of going back again. Because so many people around me use it as their primary mode of communication. Privacy-wise not much has changed, and "thanks" to the NSA scandals, I now know it's a lost cause whether I'm on FB or not. Use has gone way up. My meditation group plans all their things on FB and I have to use email or text to get in the loop :) They don't mind, fortunately, but it is cumbersome.

I dunno why I'm telling you this, but your last line, tell me more :) I need some convincing I guess, before I bite the bullet and go there. How many accounts should I need, you think? :)


  >If someone can't be bothered to send you an e-mail or call, you might want 
  to reconsider how close those people are to you.
My relationship with my family is completely orthogonal to their choice of platform.


My daughter has an email address.

If I send anything to it I need to tell her (in person, text, twitter, facebook messenger, skype - pretty much anything but email) to check it.

She has switched off notifications on her phone because all she gets are marketing messages, spam and stuff from old people (ie me and her mum).


Either they go to FB or DM over Twitter or some other "social thing", but they view email as far more cumbersome.

E-mail clients need to be reinvented. There's no real reason for e-mail operation to be cumbersome. I mean, we have such a wonderful, decentralized, asynchronous messaging protocol based on pure text; why do most (if not virtually all) client applications suck so badly?


No argument here. It's really a shame and, if you think about it, email is the least evolved method of electronic communication for the masses in every day use (with the exception of possibly IRC).

BBM would have been the ideal email replacement (it's also still extremely popular in Asia), but too bad it's proprietary and centralized.


Two reasons people prefer FB messaging to e-mail:

- Spam is basically non-existent in FB messaging.

- Mobile e-mail clients are hard to set up and use (for average folk).


> If they can't be bothered, they are not your friends.

This is demonstrably false, and suggests that you don't like people very much.


This is demonstrably false

And yet you have neglected to demonstrate it. No misanthropy here thanks, you should adjust your assumptions. Perhaps we just disagree on the meaning of the word friend - I'd take it to mean someone who you know outside of FB and via other means of communication, someone who is willing to put in the minimal effort of emailing/texting/calling to contact you individually? Someone who doesn't I would consider an acquaintance at best.

If you make a decision to remain on FB and find it valuable, that's totally fine, but don't try to extend your judgement of its utility and experience of communication to everyone.


It's not binary. That someone might still be a good friend, and be willing to communicate by different means for one on one conversations. But it's easy to forget when you're setting up an event and inviting a large group, that one of your friends won't see it and you'll have to contact them individually.


> Not having a facebook account means that you are sabotaging your own communications effectiveness

Maybe if your social group consists of teenage girls, but who uses Facebook for serious communication these days? What I see from my newsfeed is a mixture of a photo repository, a phone book, and a "I'm passing through town are you available" bit. I don't recall having ever been hindered seriously by having a deactivated account.

EDIT: I should also note that this wasn't true 4-6 years ago, but I was also still in school.


Whatsapp runs on tablets without a SIM card. After sms verification fails, whatsapp calls your number and provides a verification code. There is sometimes an issue with play store not allowing you to install whatsapp, but that is easily fixed by downloading the apk fron the official website.


The fact that it isn't in the Play store is the problem, not the fact that it's not on my individual tablet.

Sideloading never "easily fix[es]" anything that needs to happen on hundreds of millions of mobile devices owned largely by nontechnical users.

Network effect, remember?


That is true. I think whatsapp is trying to avoid confusing SIM-less users , but in the bargain is missing out on potential users, who might want to use whatsapp on their tablet rather than their cellphone.


Oddly enough, this happened for me on day one when I considered joining. They asked to provide my email password so they could build up a list of contacts. Oddly enough I was one of the few who thought this is "not done" because it lowers the bar for online security, i.e. it would be considered normal after a while if websites started asking this. It didn't pan out, but as a result I never got a FB account.


People think those who don't use Facebook are lunatics? Why?


Yes definitely. People who doesn't use facebook by choice are thought of being crazy. I use facebook, for me its a great to keep in touch with my friends and family members who are all over the world. I have a friend who doesn't want to jump in to the facebook bandwagon and our mutual friends thinks he is crazy for not using facebook. The side effect is he almost never gets invited if there is a get together and have no idea whats going with most of our mutual friends. He does have a close group of friends he keeps in touch with (like me, on phone or whatsapp).

I hate facebook's privacy implications, I sympathize with his views. But facebook, the platform, is actually useful to me so I continue to use until a better alternative comes out.


Have a look at Diaspora


We've been contaminated by greed as a community. We think about building the product that will make us millionnaires when we should be working hard to design consumer tools and protocols that avoid lock-in and promote freedom. We're mislead by people from other spheres that will be the grand winners and leave us with a f-up world and playground. We either build for them or are assimilated by the lure of dollars. Where has the spirit gone ? This isn't what I learnt hacker to mean.


Wow, this is one of the first things I've read on HN to give me pause in a long, long time. Thank you for writing it.


trying to make your non tech friends and family use diaspora is quite problematic. Its a chicken egg problem: social networks need people. people wont join if peoole is not already there


don't waste your time with this, it's an overhyped attempt at being facebook which is not what it should.

have a look at the freedom box instead: https://www.freedomboxfoundation.org/


I'm a big supporter of freedombox - but today you can use a diaspora server operated by someone else, basically no pain. But freedombox is a long ways from a similar no-pain experience.


I have failed to find any list of "known attacks" against diaspora. But I would like to point out a fundamental flaw: What is to stop anyone from setting up a malicious server in diaspora?

Even if I don't trust facebook, I still trust them more than a random individual running a server.

Hopefully there are some solution for this? Perhaps server operators don't actually see any unencrypted data?


The solution is to run your own server. If you want ultimate control, you have to do it yourself, which is painful - and one of the reasons I like freedombox which has, as a goal, to minimize the pain. They just aren't there yet.

The benefit of using a diaspora server operated by someone you trust is the decentralization. Facebook gets EVERYTHING about EVERYBODY, diaspora server operators only get everything about the users on their particular server.


I think they are just splitting up trust to less trust-able entities. Sure, the impact of a malicious entity would be less severe, but the chance of any being malicious is rather big. Cause let's face it, my mom is not going to run her own server, and I believe she has the right to control her data as well as all of us do.

I believe the only way to properly implement a social network is not to trust anyone but your friends. I'm thinking something like a freenet-like apporach, everybody in the network holds a little bit of encypted data, but only the ones you have accepted as friends will be able to see your data unencrypted.


For younger generations who grew up with this kind of tech, it's just not conceivable. For them, Facebook is a synonym for having contact with their friends.

In a discussion we once had in class, I mentioned that an option that hadn't been listed besides Facebook, Google+, Diaspora, etc was "none of the above". I got bewildered stares of disbelief in return.


Maybe. This is rapidly becoming less true. I had to give a talk at a school the other day ("tech is cool, join the tech industry!") and the bulk of the students didn't have Facebook accounts -- because their parents are on it.

Maybe that'll change when they reach a University age, but it was striking how few of them used it.


Instagram is taking over amongst young people.


Instagram is even taking over among people in the post-adolescent set. The engagement I see seems to be more vigorous, especially if you're dialed-in and you're making good/interesting photos.


Or snapchat.


Now that's a really good point. No self-respecting kid will use the same _one-to-many_ platform to communicate with friends and parents. Maybe they'll add some convenient 'Circles' feature, but the association with 'those old people' will remain.


Actually Facebook is most likely going to erode from the younger generation/s upwards. They don't need Facebook at all, their social network is new and can be formed on other services.

Over the coming decade, Facebook will become an older person's social network (35+). They'll completely lose the youth demographic.

The least cool thing is to be where everybody else is, your parents and teachers included. This effect is already hitting Facebook.


Because it's supposedly antisocial behaviour as you don't follow the herd and it has been noted that high profile serial killers and mass murderers don't have facebook.

To me it's either people who can't be bothered or people who actually care, are knowledgeable enough and value their time and privacy.


In some demographics it's seen as at least sort of quaint/eccentric disconnection, like not having a mobile phone.


This attitude will die soon enough; the very young are starting to see Facebook as a niche website for grandparents.


I feel like a lot of people don't realize just how omnipresent facebook is in places like college campuses. I personally know about four people who aren't on facebook. There's a whole sphere of social interaction that you can't be a part of if you're not on facebook.


depending on the demographic, sure.


Why exactly would it be lunatic not to use Facebook?

I "deleted" my account about 18 month ago to no ill effect, whatsoever (except having more time for more worthy ventures)

I really don't mean to take the piss on you, but I'm constantly surprised in how people perceive Facebook and other social networks as an absolutely essential utility. Like phone service, electricity, water, or even financial services.

I vehemently don't feel this to be the case.


Google will do the same thing soon. It wants one google account per person, and using real ID is the best way to do that.


Yeah, they have become very persistent in wanting you to link your google and youtube accounts, for instance. For the first time ever, I'm seriously considering ditching gmail.


Didn't they already ask for ID back during the whole "real name" debacle?


I have been contemplating dumping Facebook more and more as the year goes on. I've used it probably every day for six plus years. I've gradually come to the conclusion that I can live without it and can easily keep up with all of my friends and family.

There's so much trash, hostility and political arguing on Facebook these days, at least on my network. Some days it reminds me of a dramatically bigger version of MySpace.


Sounds more like television than myspace. I'm not saying you're wrong about myspace, just TV fits your definition even better. I suspect there is a high correlation between people who don't watch TV and people who don't do facebook/twitter. I am occasionally exposed to TV and I've noticed over the past couple years a ridiculous level of attempts at twitter integration on primetime major network TV.


Amen to that. I've been off facebook and orkut since early 2008 and have not regretted it for one moment. I get some mild flak from friends once in a while but they all know how to contact me if they want to.


Can you name a single, actual negative consequence that someone has experienced from Facebook, aside from people who lost jobs due to their own foolishness in making information public?

So, Facebook asks for an ID to verify your identity because your account as behaving suspiciously. What's the downside of this? Are government agents going to burst into your home and arrest you?


1. Facebook asks for your ID.

2. You give Facebook your ID.

3. Facebook gets hacked.

4. Someone uses your identity to commit a crime.

5. Government agents burst into your home and arrest you.

Or they get credit cards in your name and run your credit score into the ground, which would likely take years to clear up (if ever).

Next up: Facebook isn't sure you're really the gender, height, and weight you say you are. Please provide full body nude photos for verification.


@algorias, I once considered people like you to be weird not to communicate on FB... but for a while now I have really started to mistrust FB. The revelations by Snowden most certainly played a big role, but now that they are asking for freaking IDs I draw the line there. It is now time to really think about me leaving this crap... I think my boss might like that too as I'm sure to do more work now, haha


Two comments on this:

We started http://www.nymrights.org to combat issues like this. One of our long term goals is to get companies to adopt policies preventing data demands like this unless sufficient protections (read, laws) are in place. (if you're a company debating adopting such a policy, I'd love to chat!)

Second, if you're European, check out the European Court of Human Rights, which offers protection against privacy intrusions like this. It's worth noting that some countries get more specific: Germany has the Telemedia Act, which specifically protects against problems like this.


How would you formulate such a law? What does Germany's Telemedia Act actually say?

I can refuse to let you into my house if you won't show me your passport. If you don't have a passport, then I can just refuse to let you in no matter what. How does that change if I'm running a business? Or a web-site?

Surely it would be better to focus on supply rather than demand. If government ID is mandatory for everyone (e.g. Germany, Belgium), then it makes it easy for businesses to demand to see it. If government ID is entirely optional (e.g. UK) then insisting on seeing it will exclude too many potential customers.

If FB asks me for government-issued photo ID, then they will effectively be kicking me out - I'm not going to go through the rigmarole of applying for a passport just to get a FB log on.


How would you formulate such a law? What does Germany's Telemedia Act actually say?

I can refuse to let you into my house if you won't show me your passport. If you don't have a passport, then I can just refuse to let you in no matter what. How does that change if I'm running a business? Or a web-site?

Well they basically say "It's illegal to ask for and store personal information like that". "Fine", you say, "I'll just deny you access unless you do this and that". "Fine", they say, "We'll see you in court".

It's like anti-discrimination law. Sure you're free to run a business, but there are legal limits to what you can do.


That's been the question of a lot of debate, which is why we're focusing on policy right now (hopefully eventually law).

The Telemedia Act specifically allows use of non-government-issued ID online. This has been the subject of a big lawsuit with Facebook: http://fusion.net/modern_life/story/german-state-fine-facebo...

Regarding the second set of questions, that's the big question right now. IANAL, but the "my house" is a domicile related context. While Facebook is not a domicile, they are a company, and a company can set their own policies. The challenge is that the people using Facebook aren't really employees, and they are using it like a public forum, which it isn't. There are a lot of social issues revolving around this. There's also the 3rd party doctrine to take into account (which incidentally is how NSA is justifying a lot of their monitoring).

In terms of government ID being mandatory, you have two issues: one, that while many countries do have a national ID, the US does not. Second, if you require an ID for a website, then you run into all kinds of issues: data retention, access privilege, fraud problems, etc. South Korea had a related law which they abandoned in 2012 after several years, and China just adopted one.

So the general answer is "it's complicated, it's a discussion much longer than a hnn thread offers, and nobody really knows yet." Hope that helped :)


> I can refuse to let you into my house if you won't show me your passport. If you don't have a passport, then I can just refuse to let you in no matter what. How does that change if I'm running a business? Or a web-site?

Well, you would presumably be keeping some kind of record of my ID. Perhaps you write down my name, date of birth, and passport number. As a business, in the UK you would have to (amongst other obligations):

* Not keep the data any longer than is necessary * Update any inaccuracies in the data upon request * Tell me what data you are keeping upon request

It's not about asking for data, it's about what you do after I give it to you. (NB to those wanting to know more about this, these particular obligations are due to the Data Protection Act)


I'm not sure the DPA needs to come into it. If a nightclub bouncer checks your ID, then he's free to forget all about it once he lets you inside. If all FB do is set an "ID checked" flag (and discard data collected as part of the checking process) then I think they'd be in a similar position - I'm not sure whether you could successfully argue that an "ID checked" flag could count as additional personal data.

(Then again, I'm sure FB hold on to data like thieving magpies, so the idea that they would delete your passport number/image/whatever once they have it is, I agree, laughable.)


I agree 100%, a simple "ID checked" flag would be OK. Where I think the DPA fits into it is that without the DPA, a lot more people would store those details just because. With the DPA in place I'm a lot more comfortable sharing information like that, knowing that either they just store a flag, or if they store more than that I am protected.


Not necessarily. What happens if someone challenges Facebook on their flags? If you're a bouncer, you can hunt down the person who looks underage and re-check their ID. It's much harder to do that with something like Facebook.


Second, if you're European, check out the European Court of Human Rights

I would suggest looking at the Data Protection law, rather than ECHR, since that takes many years. Everyone not in the USA and Canada with a Facebook account is covered by Irish Data Protection Law. Contact the Irish Data Protection Commissioner (or check their website) to see what your rights are http://dataprotection.ie/


How does Facebook intend to validate these government IDs?

I'm pretty sure they can't. They want you to send a scan of some photo-id - that means that all the anti-tamper / anti-forgery tech that might be on the actual ID will be non-existent.

If you are lying about who you are, it will take about 10 minutes in photoshop to come up with something that will pass their test.

Are there any countries that even provide validation services that facebook could use? As I recall, South Korea used to require residents to provide their national ID numbers to access most (all?) in-country websites. That ended up producing a ton of identity theft so they repealed that law.


Turkish Government has an API. You post all the info on the ID to it, and it returns true or false. You have to be a legal entity in Turkey to access it. (Edit: Correction, everyone can access it, and it doesn't require all the info anymore, just ID number, name and birthday. https://tckimlik.nvi.gov.tr/Service/KPSPublic.asmx?op=TCKiml...)

I'm guessing there are other countries that provides this?


As a developer, that's awesome. As a citizen.. I would guess not so much.


In Turkey everything is accessible with API's. Legal records, insurance, education, work, bank records, things you own (houses, land, probably cars), your address (both work and home), your e-mail, phone number, every other phone number you own, you can even do a quick query on if a car has ever been in an accident or if someone has priors.

Not everything is open to everyone though. My company had access to some of this, it was nice. (Edit: nice as in, it made our life easier.)


Greece has several such open API endpoints for validating information, including VAT/company number, the equivalent of social security number, whether your personal tax returns have been processed, whether you were admitted to a state university, and so on.

For most of these services, all you need to access results is a subset of the relevant information. There is no requirement to register or authenticate, but they do seem to have crude forms of rate limiting in place.


just ID number, name and birthday.

Probably the hardest thing to get is someone's ID number, but it doesn't sound like that is a secret. If you do have those three things, you can look them up in this system and then photoshop a fake-id that will pass anything facebook can verify via that system too.


The same argument could be made for house hold locks.

An experienced lock smith could open an average house hold lock in probably minutes. (not to forget most people are neither skilled lock smiths nor photoshop editors)

That doesn't mean a locked home isn't secure. Most people would never think about breaching such a social contract and breaking in locks.

If one wants to break in or if one wants to lie, one can always do. Most people would never do; for the rest, it is a different problem really.


Quick startup opportunity, generate "photo ids" for people to use on Facebook. $0.99 per.


Choose the jurisdiction carefully to avoid shutdowns, I presume this service will help us more than once.


Except that someone with the ability to "hack" a Facebook account will also likely be able to come up with a convincing ID.


You may be committing a crime of fraud to give them a doctored ID. Something you can be prosecuted for.

Doesn't mean you can't do it and maybe get away with it, but now if you are caught, the state can press charges and put you in jail. Which is quite probably good enough for facebook, they wouldn't neccesarily get any additional value from actually validating you with the government somehow.


> If you are lying about who you are, it will take about 10 minutes in photoshop to come up with something that will pass their test.

I wonder if there even is a test. Do they have a file of samples of all possible government-accepted types of ID across the world ?

It'd take me 1 minute in MS Paint because that's what ID cards look like in Belgium. Honest.


In Finland, you can validate your identity with your banking authentication. It's a service all the banks provide.


I am going to get a lot of downvotes for this but I am still curious to hear what solutions the HN community could come up with for the problem Facebook is facing:

Some of the accounts have been hacked.

You locked the accounts as a security measure.

Now you need to validate that some person is the actual owner of the account.

How would you solve this problem? (Sending a code via text message to the owners mobile device wont work in every case since old accounts didn't have to validate via phone number on registration)


You cannot. You can only use the facts that the original account creator provided (mail address? postal address?) and nothing else.

You never had a government id to begin with. Maybe my government id doesn't match my account name (I know.. I violated the rules in that case.. Oh I am sooo bad). Maybe there are people with similar/the same name.

How would you make sure that 'government id' presenting person A is really the person that created any specific account?

If you cannot recover the account with the means you were provided during registration/normal usage, bad luck. Government ids won't help here. Ignoring the problems of 'faking' those (how can you judge that these documents are valid if you just get a crappy picture/a xerox or whatever, in lots of languages?) to do more harm than good.


I agree with you, in some cases the account would be absolutely unrecoverable and I am sure this happened to some users.

Still, in some cases it could be a quick solution to unlock an account. (account name matches id, no telephone number available, email validation unsafe for some reason)


I'll take a stab at this.

Before I get in to it, we need to correct a misconception on your part: using a government ID doesn't work in every case. It turns out hackers know how to forge government ID images, and some of FB's users don't have government IDs (for instance, before I turned 16 all I had was a private school id).

With that out of the way, I think they should do what you suggested: sms verification. Email verification also works. As does postal mail. As does credit card charge. As does ACH charge. As does paypal charge. As does "send in a photo of you with a shoe on your head". As does having a user's friends vouch for them (they call their friends and ask). As do a lot of things.

Facebook should look closely at whatever attacker they are trying to lock out, and make several methods of ownership verification available. Maybe require two?

Requiring IDs just isn't a particularly good way to do it, and has bad PR effects these days.


I do not think that every mechanism you proposed is viable, but generally I think you nailed it with this:

> Facebook should look closely at whatever attacker they are trying to lock out, and make several methods of ownership verification available. Maybe require two?

We might already see that, at least I have been prompted to validate once via email and once via text message before.

And then there are those questions Facebook asked me about some of my friends (do you know this person, is he/she real) which are obviously related to account verification in some way.

I also agree that it isn't smart to ask for IDs after all those NSA revelations.


> As does having a user's friends vouch for them (they call their friends and ask).

This is probably the most "Facebook" of the options. They already do something similar for some account lockout situations ("identify 5 photos of your friends to gain access").


This will be made difficult by people in your friends list using photos of cartoon characters, possessions, family members, significant others etc. as their profile photos.

If they go further and use photos that people are tagged in, then it also has problems of people being tagged in photos they are not present in to get their attention.

For example, in my friends list only around 70% of people have photos of themselves as their profile picture. Boy/Girlfriends and babies are the next most common picture.

Even if you recognise the specific picture, it might not be helpful. For example, two of my friends are dating, and use the same picture with both of them in it for their Facebook profile pictures.


"identify 5 photos of your friends to gain access"

Really? I don't use FB so I can't verify, but that sounds like an epic security hole for prankers, stalkers, ex's, and abusive spouses.


I can confirm that this happened to a friend when accesin facebook from another country.

Also I remember reading an article (from HN) where some guy hacked a facebook account (if I recall correctly) and that was one of the steps (he and the hacked one where friends and coworkers so they had lots of friends in commmon)


Hmm, well hopefully just one of many steps and not "that's all it takes".

I'm no FB fan, but if they are using friends pictures as a CAPTCHA to verify the authenticator is a human not a automated computer, I grudgingly tip my hat in respect toward them. That would be much more elegant than the usual lame CAPTCHA.

This strikes me as it may become more of a problem as kids abandon FB and older people use it. The kid I sat next to in middle school lunchroom back when Reagan was president, and I clicked "yes" on his friend request out of guilt, well, I have no idea what the heck he looks like now. Ex-girlfriends? Well, I remember really well how she looked when she was 19, but that was a long time ago, and...


That shoe-on-head verification could've been an awesome PR win too. (Assuming it was presented as one option among many. Best would be to offer the choice of several of the options you suggested, as well as the government ID option.)


It's not a bank account, or the controls of an ICBM.. What's the worst that will happen if you lose your FB account? You might blink a few times, snap out of the feedback look, and move on.

Of course FB wouldn't want that, but what they're doing doesn't seem to help user retention either.


Facebook already has a good mechanism for validating account owners which involves showing users random unlabeled photos of their friends and asking them to guess who's who.

I guess an excuse like "you got hacked" helps you get much more important information from your users.

No one is talking about how all of the sudden, a lot of accounts supposedly got "hacked".


How on earth could this "solution" to trick its users possibly scale to more than 1 billion active accounts?

Don't get me wrong, I absolutely believe that Facebook would like to link government IDs to each and every account if they could, but trying something like this would be the end of Facebook.

They can't be that stupid.


Some options:

* A video call with a Facebook agent who verifies you.

* Uploading a picture of yourself holding a card that says 'Facebook', their city and the current date or similar. The city is something that FB can verify with IP address and account profile.

Yes, these aren't 'web scale' methods but I surely hope that they aren't just using OCR to validate Government IDs.


I believe the picture solution could be entirely automated.

The text on the card could be read by OCR technology and Facebook already is capably of matching your face to your account.

Edit: After thinking some more about it I came to the conclusion that it would be too easy to fake such an image. Anyone with internet access and MS Paint could probably create a fake within 3 minutes.

Also - I'm not sure that it would be a good user experience.


First, I don't believe these accounts have been hacked. The most common hack is the owner left a computer with his account logged in. Eithet that or the owner tried to log from a different location than those facebook associated with the account.

Have a look at how websites which don't require real name and identities do it and there you have your answer. (Or just look at how facebook does it other than requiring ID).


I recently went abroad and due to a couple of issues I had to reinstall the OS on my phone (I did this during the flight). Since my Facebook app was not authorized on this phone I had to go through "extended verification" because Facebook had identified I was not logging in from my usual location. Verification involved looking at 10 or so photo's and verifying friends which they had identified. There was also the option of FB emailing a verification (I seem to recall).

The point is, they already have the means of verifying accounts without requiring mail in of government ID. If this was for a "business page" then uploading company documents etc to verify ownership, particularly in cases of dispute, makes sense but for personal accounts there really is no benefit (except to Facebook for some bizarre reason)


FB has great face recognition software and multiple tagged photos of pretty much everyone who has an FB account. Show 20 photos (or 42 or however many you need to get the chances of a lucky guess small enough) and let me - click on me. Give me 2 chances and if I'm wrong both times give a link for a quick video chat with a FB rep for ID purposes.


They already have an "identify 5 photos of my friends" system for some account lockout situations. But that may not be sufficient if the hacker has already had access to the account for a while (they'll have had time to scrape the user's friends list).


Facebook's problems are their own. Why should HN community bother with their problems?

- What's wrong with secret questions?


> Facebook's problems are their own.

Of course.

> Why should HN community bother with their problems?

No one has to, I just like to learn something by solving problems, even when those problems are not mine.

> - What's wrong with secret questions?

Probably nothing, I just know that I have always entered garbage into secret question fields, because I knew that I'd never be able to remember the correct answer to the secret question once I needed it.


"No one has to, I just like to learn something by solving problems, even when those problems are not mine."

I liked your answer, but its not a "facebook problem" its a problem for anyone on the internet who has users log into accounts. Probably a large fraction of HN is directly or tangentially involved with that problem.


Regarding secret questions: they are basically a second set of weak passwords that tend to be impossible for a user to remember, but easier for an attacker to find out. They are often based on public information (e.g. mother's maiden name), information that is semi public (lots of people know where I went to school), or just not difficult to guess.


Delete the accounts, obviously.

I'm not saying lock them out for all eternity or whatever, just set up new accounts.

Its not that big of a deal, and seems fairly obvious?


@DominikR, actually your question should not be downvoted at all as it looks like you genuinely want to know how you could solve this security problem.

First off, it is important to know that all IT systems have a scale from "weak" to "strong" in security terms. There is no 100% hacker IT proof system. Generally the more secure a system is the more of a hassle it is to use. Seeing as FB has just been accused by Snowden of handing over mass data it has on various users to the NSA, it would be very foolish for them to ask for this sort of very private data especially at this time (when a lot of people don't trust FB)

As for your question, here are some of the security workarounds FB could do instead of asking for a freaking ID (which by the way can easily be forged)

- Don't lock the account, rather suspend it for just a few days telling the user that he should reset his password

- Get a friend (that has been a friend on Facebook for ages, not just a few days) to authenticate the real user (for this to happen it is assumed he must actually contact his friend without using FB as his account is blocked.)

- A simple unique "reset your account password" URL sent to your e-mail address.

- OTP sent to your phone

Those are just some ideas I thought of in a few minutes. I'm sure there are a whole host more.


What amazes me even more is that almost all of those people are screaming an shouting and are entering the ID the next day and forget about it.


Thats the problem. I wish people would care more about their data. Lots of us who build stuff are more aware of how stuff works and the repercussions of putting data up just once.


that's the beauty of it, once they've started providing data and build contacts using the service, you can require more identifying data and they will provide it not to lose what they already invested. Even threatening to lock them out of their data will work.

It's a common escalation in scams and emotional abuse.


This is most valid, data should be centralized, not distributed and not in the hands of facebook. Imagine that there would exist a website that contains all your personal data with 1 password, websites request access to a part of that data and if this website also actively checks that it is valid data that the site is requesting to function, I would pay for that.


So I got locked out about 10h ago and as I saw lots of people like me on twitter then I just went to bed without verifying anything. Wake up, account unlocked without questions.

I suspect this was related to the earlier news where Obama's facebook was hacked [1]. Some junior dev at FB forgot a WHERE clause at a sql query or did something equally dumb to mitigate this.

[1] http://uk.reuters.com/article/2013/10/28/uk-usa-obama-twitte...


That's not what happened at all. The link shortener that Obama used was hacked and previously shortened links where redirected. That article says nothing about his Facebook being hacked.


an ID-verified person - 1st level, 100%. Everything s/he tagged, communicated with, etc... - 2nd level, 95%, everybody "touched" by 2nd level - 90%,... Just a few hundred thousands optimally selected, and the graph is well verified while maintaining an impression of the ID-checks being rare exceptional events.


A response to 'The Zuckerberg Files' (http://zuckerbergfiles.org/)?

I find it hard to justify a use for this type of info online? You can get money-related businesses because of the need to comply legally but why facebook?

Off topic: Does anyone think Google's floating barge is a way to evade compliance when it comes to data monitoring? Theoretically they could go further offshore


>Does anyone think Google's floating barge is a way to evade compliance when it comes to data monitoring? Theoretically they could go further offshore

the compliance is mainly enforced through the company execs being onshore, not the data/servers. The barges will be waiving 2 Irish flags with 1 Dutch flag in-between at the same time.


This is the page about verifying your account:

https://www.facebook.com/help/385569904840341

Facebook accepts any government-issued ID that contains name and date of birth. Examples include:

Birth certificate, Driver’s license, Passport, Marriage certificate, Official name change paperwork, Personal or vehicle insurance card, Non-driver's government ID (ex. disability, SNAP or national ID card), Green card, residence permit or immigration papers, Social Security card, Voter ID card

If you don't have a government-issued ID, Facebook will also accept two of the following items that combined must show name and date of birth. Examples include:

Bank statement, Bus card, Check, Credit card, Employment verification, Library card, Mail, Magazine subscription stub, Medical record, Membership ID (ex. pension card, union membership, working or professional ID), Paycheck stub, Permit, School card, School record, Utility bill, Yearbook photo (actual scan or photograph of the page in your yearbook), Please cover up any personal information we don't need to verify your identity (ex: credit card number, social security number).


What do you think would happen if we just submitted fake data.

Back before facebook went gigantic people used social networks with avatar like display pics & put up loads of fake data.


You'd no doubt be committing all sorts of criminal offences in both the US and whatever (Western) country you send them from. It makes for a much better reason for getting the authorities involved in a hacked account than just the initial hack.

It's also much less likely that someone will do it due to the hassle and lack of automation. Though no doubt some hot startup idea is about to be born...


Committing a crime by doing what? Providing a utility bill that isn't legit/shows your name instead of mine? Providing a fake 'yearbook'? A 'bus card' to hijack an account?

Obviously hijacking an account is illegal, but the means to do it probably aren't: A good number of these 'proves' aren't special, aren't protected documents as far as I can tell. There's nothing illegal about 'forging' a yearbook page.

I'd say these measures are providing nothing but decent ways to hijack an account and have zero legitimate uses as means to identify myself to a random web application.


How is photoshopping a bank statement/utility bill for the sole purpose of activating a Facebook account a "criminal offense"?

The same question somewhat applies to government-issued IDs depending on state/country, since many laws regarding falsified IDs only apply to purchasing tobacco/alcohol.


In the UK it would be forgery - a forged instrument is "any document", and for it to be forgery they have to use it to "induce someone to accept it as genuine, and by reason of so accepting it to do or not to do some act to his own or any other person’s prejudice"

I seriously doubt that the US is going have to have less strict laws regarding forged documents. Just because you think it isn't illegal doesn't mean it actually is.


This is a smart move by Facebook; they already sit on the worlds largest data trove (user profiles with likes, family member info, network info, tagged pictures, etc. etc.), and now they add the last part of the user verification step...


I wouldn't disagree that its not smart, It increases the value of the data they have.

On the downside it does incur a social cost to do this.

Facebook's brand is more and more thought of negatively and associated more with a bad reputation with how they use their data. At its core the usage is optional and they're testing the waters further and further offshore.

There could come a time user's just don't want to use it anymore or more readily move to an alternative that pops up some day.

The social experience comes from viewing our friends picture's and knowing what they're up to, this is at the core of why we like facebook. Getting our government ID's doesn't help enhance this experience and the social cost of it is way more than the benefits in my opinion.


How is this smart? (Not disagreeing, just requesting more info.)


They can validate their social network graph with ease and therefore ensure they are selling perfectly valid data.

It's really disgusting to see people willfully submitting to this.


Under the guise of user protection "we've locked your account to protect it from suspicious activity, prove you are the owner" they actually confirm the identity they're not sure about and force those who use false names, pseudonyms or multiple accounts to switch to real names or risk being locked out of their contacts and data.

Reducing false accounts and such increases valuation of the data they sit on. When you buy a database of people on the black market it either comes in cheap truckloads of unverified data or expensive chest of verified detailed accounts.


It would make a good data sample for comparing user ID photos with actual tagged photos.


Facebook is still that popular? I deactivated years ago and never cared to go back. I will activate every once in a while, check the feed, and leave. I have over 1000 friends, but the feed has slowed down to an extreme and it's mostly mommy/kid pictures now. A lot of people in my social circles agree too. It's pretty irrelevant as far as our social lives go. Instagram + Twitter is still pretty active. Hmm..wonder if it's bigger in other states/countries.


I encountered this, perhaps ironically, while attempting to deactivate my long unused Facebook account.

I was able to log in using my credentials (which I store in a keepass database), but since the account had been inactive for so long (I guess?) this was insufficient. After successfully providing my username and passphrase, I was prompted with a security question, the answer to which I did not recall (I had created the account many years ago).

The only remedy, according to Facebook support, was to provide a scan of a government ID (via email, of course). Nevermind that I knew the password. Nevermind that I had access to the email address associated with the account.

I told them I was unwilling to provide this, and they told me I was out of luck. I decided that leaving a phantom, inactive FB account in the wild was better than providing these people with what they wanted, and got on with my life.

After several weeks, I for some reason decided to try again - and at that time all I needed was my passphrase. Why? Who knows. Maybe it was my lucky day.

I don't really know what the takeaway should be, but my personal lesson is that I should probably also store secret questions and answers in a password database, since apparently some services deem them to be required even when I have the passphrase.


Not as bad as Paypal with their requirement that you provide proof of SSN to unfreeze your funds that were frozen for no apparent legitimate reason.


In fairness, PayPal, being a money transmitter, has to deal with regulations more complicated and onerous than anyone who hasn't worked in that business can ever know or understand, so there isn't any basis for holding them to blame for such things.

Facebook has no such excuse.


:)) I don't upload images/scans of important documents on the internet what makes Facebook think they're special.

I use my card online (because i have to) and I'm constantly checking my accounts for shady transactions but there's no way in hell I share my id on the internet.

Every bit-coin website that asked for this lost my business and if Facebook does the same will happen to them.


I doubt they think they're special. I doubt they think you're special either.


Isn't there a problem of copyright associated with Government ID?

In the UK, things like your passport are copyright to The Crown and there's official guidance[1] on how to go about getting permission to make copies of them.

I'd imagine other countries are the same. So Facebook is asking it's users to infringe government copyright.

[1] https://www.gov.uk/government/uploads/system/uploads/attachm...


Something similar happened to me. I had several company accounts with a page on each. I tried to login one day and Facebook requested ID. It seemed to happen to me when I tried to login via incognito mode in Chrome (so that I didn't have to logout of my main account first).

I still haven't entered the ID but I manage one of the pages for a business (I also manage their website, twitter etc.) and I'm either going to have to enter the ID or give up the job.

I can't see any reason Facebook require this. It seems like real scummy practice.


That actually happened to me at the beginning of the year. If I remember right I was in a foreign country (UK) (or just back from it) and Facebook asked me to log in and to scan my government ID (French one actually). However it was optional and there was a small link at the bottom of the page offering to skip that step (which i did without an hesitation).

Is there a difference here? I mean, can they still skip the step? The article does not say much. Anyway the design was made such that it was hard to know you could skip the step.


Wow. So, basically, Facebook says: "You're locked out. If you want to stay a Facebook user, you must provide your government issued ID, or else - get lost."

This is a glimpse of the future, if we let it slide. The Internet giants can amend their ToS as they see fit and you will have to comply or get out. And for many people getting out is not an option when all of their immediate circle is already on it. So they endure humiliation in order to stay in, as well.

There must be legal restrictions on this type of behavior.


Simple, do rely only on Facebook, be ready to ditch it at any moment.


I'm from Europe. If they will do it to me I will be forced to stop using Facebook. And I will laugh if they will make it happen in uk as people here don't have such ID's


The UK issues both passports and photographic driving licences. Most people will have at least one of those.


Yes, but there is no requirement to have one. UK law doesn't even require a person to have a name.


There is no legal requirement in the US to have a picture ID card, either. Unless you want to drive. Or, in an increasing number of states, vote. Or get on a plane without a ton of hassle. Or... well, you get the idea.

It is possible for something to be "not legally required" but still have a very high degree of adoption due to the inconvenience caused by not having it.


Doesn't really make sense to why FB would want people's Gov IDs to then allow them to simply upload pictures, gossip, or comment of other people comments. Does this behavior remind anyone of 1984 and the whole idea about controlling people's behavior/thinking by pretending or actually monitoring their activities/life? What is two-step verification, passcode generators or answer your secret questions, if not for this?


They should get you to pick 2-3 friends from the subset of your closest contacts that they trust[1] to receive a multi-part[2] password so that you can prove you're you by your contact with your friends.

[1] i.e. Facebook believe they are real people who could verify your identity.

[2] It could be a form of n of m authentication so you wouldn't need to get all of them.


I wonder how many people respond to such unreasonable request by uploading something... indecent and shocking, to say the least.


Lets all just remember that we make our own choices.

1. If you want to use Facebook, then you must follow the rules they set forth.

2. If you dont like #1. Just dont use it.

As consumers we all make choices that we need to make to benefit ourselves. If I dont like a grocery store, I dont shop there. If I get treated rude someplace. I find a new place that treats me better.


Meh. The government already knows I use Facebook. Facebook can extrapolate anything about me using the information it already has, including, I imagine, my driver's license number and social security number.

I really don't care at this point. I'm too deeply connected now to retract any of it.


Facebook keeps pushing the bounds of what's acceptable in terms of personal privacy. They have given no indications that they will ever stop pushing the privacy boundaries. This behavior seems to be a major component of their operational/business model.


Wow, the way that they display the Twitter quotes in the article is hideous! The icons are huge and distracting, and on top of that they don't seem to understand the basic idea that all close quotes need to match up with an open quote.

'Open Quote Icon'

message

'Close Quote Icon'

-username

'Another Close Quote Icon'


I think you all are overreacting to this story.

You don't have to provide a government ID to login back into Facebook. Alternatively, I was able to give them my bank passwords, private emails and a list of deep dark childhood secrets.


I read that title as "Furry" at Facebook. I guess I need to put on a second pot of coffee.


Business idea: Generate "Government ID" that is good enough to pass Facebook verification.


Atlast they did it..we can expect same from all other sites soon..


I like how how those people think they know better than to provide their personal information to Facebook on a login dialog that is supposed to help them get onto Facebook in the first place. The irony is just so thick I don't even...


What is a Government ID?


Good point. In my country the government didn't even issue ID cards until 2009 or so, and government-issued IDs are still very very uncommon. Here you typically get your ID from your bank.


Migrate to a Open Source social network instead then.


Why stop there? They could ask for the SSN as well.


Boycott Facebook.


Is it April 1st?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: