Hacker News new | past | comments | ask | show | jobs | submit login
Get Facebook WiFi for your business (facebook.com)
298 points by BigBalli on Jan 7, 2014 | hide | past | web | favorite | 286 comments

Real conversation happened to me in an ice cream shop with a home-brewed facebook captive portal in Cambridge, MA.

me: Excuse me, is there a way to log into the wifi if you don't have a facebook account?

clerk: No, we've had a lots people doing illegal stuff on our wifi, so we need to verify their identity.

me: I understand, however I don't have a facebook account. Would you like to verify my identity with a photo id?

clerk: No, you'll need to get a facebook account.

me: I have serious concerns about my privacy. I will not make one just for the sake of getting online here.

clerk: Just make one with a fake name!

me: …

I'm sure your point utterly convinced the clerk being paid minimum wage at your ice cream shop of the errors of his employer.

Would you have accepted it if the clerk explained to you that requiring a Facebook account is the most hassle-free way that ice cream shop has found, considering a) their technical expertise, b) the amount of time and money they need to invest and c) their average customer?

Well, said ice cream shop had a fully open wifi before going through the hassle of creating the captive portal by themselves two years ago.

The thing that really irks me is the assumption that nowadays everyone has facebook. Isn't it surprising that in a country that finds national IDs liberticide the problem of identifying people is being outsourced to a corporate monopoly?

> The thing that really irks me is the assumption that nowadays everyone has facebook

With over a billion users, you'll have that. My POV is... look, you get to be as contrarian as you want. Feel free to never jump on the FB band wagon. But understand you're in the minority. Facebook is that big, and is that established in our culture. So, feel free, choose your own path, but then stop whining about the hassle of being in the minority. Nobody cares about your privacy concerns.

My POV is... look, you get to be as contrarian as you want. Feel free to never jump on the Dictatorship band wagon. But understand you're in the minority. The Dictator is that big, and is that established in our culture. So, feel free, choose your own path, but then stop whining about the hassle of being in the minority. Nobody cares about your freedom concerns.

Like a drug, nobody knows yet the long term effects of Facebook. So when someone acts super paranoid about the effects of something yet unproven, other people come out of the woodwork and try to give the guy some perspective.

It's kind of the same negative attitudes we see towards GMO's, drones or RF radiation.

I mean people could easily flip their perspective and, instead, see these tools as very powerful and, if used correctly, could have massive positive impact on humanity. They can then educate themselves about these tools and figure out how to be the very ones to incur that massive positive impact on humanity using these tools.

Your point is? That we should not argue ("whine") because we might be wrong?

Also, how come you only list other negative attitudes to things that are either still controversial or scientifically validated as probably harmless? How about asbestos, PCB, lots of CO2 in the atmosphere, the Stasi?

Also, are you arguing that we only ever should take action when the end results are in, never because of predictions, because those might be wrong? Or are you saying that all degrees of uncertainty are the same unless zero, and essentially equivalent to total uncertainty?

Seriously, I don't get what you are actually trying to tell me.

Im saying its just a social network. Its not going to give you csncer or arrest you in the night or cause massive floods.

And the negative predictions related to privacy about Facdbook are largely conspiracy theories. We should take action when something seems plausible and in line with the most accurate, unbiased information out there.

I know you're making a general statement about uncertainty but I hadnt mentionsd it. The only uncertainty in my mind about Facebook is how it will shape our culture's perspective on privacy in the future. Some are paranoid, others seem to be sharing more and more of their personal lives with Facebook. I dont know how that will change.

So, it can have a massive impact, but it's "just a social network"? How do you know the massive impact is going to be positive, and otherwise it's "just a social network"?

North Korea is also a social network, BTW, and it doesn't give you cancer either, nor does it cause massive floods. Yeah, somewhat unfair way of framing it, isn't it? But then so is bringing up (somewhat) unpreventable illnesses and natural disasters, don't you think? And it's not like social structures weren't responsible for some of the worst things that happened in human history, dwarfing by far any flood.

Would you mind sharing some of the conspiracy theories? Most of the arguments I know are based around the abuse potential of large data collections and surveillance systems and the tendency of some people to abuse power (both of which have plenty of historical examples - after all, that's part of why democracy and the rule of law and separation of powers and all that was invented), but I can't seem to remember any conspiracy theories.

I agree fully that we should take action when something seems plausible and in line with the most accurate, unbiased information out there - I might want to add though that the level of confidence required should be weighted by the expected damage if something goes wrong, the larger the expected damage, the more cautious we should be (and analogously for the expected benefits, of course).

Also, in addition to some paranoid people, there are people who are concerned because of well-informed and well thought out arguments. I for one am very concerned indeed. That does not mean in any way that I can't appreciate some of the benefits (it seems to make electronic communication for the common user very easy, it seems, for example), but I also see large risks, and I think there are alternatives from the technical perspective that should be able to provide much the same benefits without the risks, which is why I think that society should probably try to get rid of Facebook, at least the way it currently functions.

I don't get that you want free wifi without being prepared to jump through a small hoop. Delivering that service is not free, so requiring you to do a little work for it, or pay (e.g. to verizon who'll happily provide data connectivity), is not unreasonable.

I love how you first complain about dictatorial regimes, then proceed to declare that "society should probably try to get rid of Facebook, at least the way it currently functions".

What was the problem with dictatorships again ? Oh right, stupid edicts from above based on interpretations of individuals. You want to deny a billion people's freedom to play on facebook just because of your ethical/moral concerns. Please note that over a two billion people feel the same way about killing you/me because of premarital sex, why would we respect your moral concerns and not theirs ?

To use your kind of hyperbole : how are you different from the Taliban/dictatorships ?

Erm, it might not have been obvious, but let me point out that I actually didn't threaten to kill anyone if you don't abandon facebook immediately.

I mean, seriously, you can't see the difference between advocating a certain view using supporting arguments and threatening people who don't do as you demand?

People calling for society to get rid of nuclear weapons are essentially the same thing as people who would want to kill anyone who has premarital sex because they both put forward a world view that others don't happen to agree with?

I'll answer the first part of your post once you have explained how to understand the second part.

> effects of something yet unproven

What ? Its pretty well known that Facebook is pretty lackadaisical with your personal information from leaks to giving it away to their "partners".


this was just one of their "partners" but as long as you were logged in with Facebook their "partner" would automatically have access to your information. If you notice its opt-out.


Theres the facebook beacon debacle.


Well that's a strawman argument if I've ever seen one

As you don't seem to know what a strawman argument is, let me explain:

A strawman argument is when you misrepresent the position of your opponent in order to have something that is easier to argue against so as to avoid addressing your opponent's arguments. Arguing against a strawman is fallacious because of the misrepresentation: Your arguments only invalidate the strawman position, not the position of your opponent, but you present it as if those were the same.

What you are seeing above is called an analogy: You present an argument that is similar in structure to what your opponent is using, but which explicitly uses different details, in order to make a problem with the argument's structure stand out more clearly.

The important difference is whether there is misrepresentation - just reframing an argument does not make a strawman, as long as you don't attribute the reframed version to your opponent.

edit: To whoever voted this down: Mind to explain why you think explaining to people how to avoid fallaciously accusing others of fallacious reasoning or dishonest arguments is not a good idea?

It is a stawman argument, precisely because it's not a good analogy; instead it's basically an example of Godwin's Law.

The reason why your 'analogy' isn't really such is that setting up a facebook account with just your name, which is all you'd have to do, is nowhere close in severity to willingly following a dictator. It's not analogous.

I see an opportunity to explain godwin's law!

But first: As I said, the point of an analogy is to make the problem with the structure of an argument stand out more clearly, not to otherwise equate scenarios. The structure of the argument we are dealing with here is "you are in the minority, therefore you should not complain and your concerns are not relevant", the fallaciousness of which becomes a lot more obvious when you replace facebook with a dictator, but the structure being defective does not depend on replacing facebook with a dictator. It's also not an argument about whether or not having to create a facebook account is bad, mind you, it's simply showing that that argument doesn't hold water.

As for godwin's law: It is a common fallacy to believe that any comparison of anything with an authoritarian leader is a fallacy and that the name of that fallacy is "godwin's law". Godwin's law though actually is just a meta-observation that discussions tend to not go very far after a certain historical figure or his ideology has been mentioned, and such comparisons can be perfectly valid arguments, though one is well-advised to be careful with those because the topic tends to have a lot of historical baggage that can make constructing a valid argument difficult.

And on the general theme of "this analogy is fallacious because those things are so different": The LHC is similar to a cathode ray tube in that elementary particles get accelerated in a vacuum using electromagnetic fields. This is not an invalid comparison just because the LHC is so much bigger than the average CRT and is so totally different in almost all details. It's only a fallacy when you conclude that therefore a CRT consumes megawatts of power.

Setting up a facebook account with your name, then logging in to various wifi spots around the country is exactly what concerns our OP.

> Isn't it surprising that in a country that finds national IDs liberticide the problem of identifying people is being outsourced to a corporate monopoly?

This was the core of the problem during all the Snowden leaks last year; A fraction of the population recognized how serious it was, but for the vast majority it just didn't compute. This terrifies me and I fear that we may have to see an entire generation before society learns to recognize risks to digital privacy.

But what if the vast majority of the population is right?

What if there are no detrimental long term effects to our society when our digital privacy is compromised? What if the majority of the population ignoring the risks and simply being productive in the areas they work best is the best thing for society?

I'm not arguing this point of view, but I think risks are often be exaggerated by the security conscious.

> But what if the vast majority of the population is right?

Honestly what would be the odds of that?

The track record of the vast majority of the population isn't exactly stellar. We tend to be concerned about whatever some smaller minority tells us to be.

(Note that I say "we". We are not immune: Just look at the amount of strictly incompatible opposing viewpoints on HN. At least half of those must be wrong for each viewpoint, making the aggregate of even this collection of relatively smart people, dumber than a sack of bricks. Okay, maybe two sacks of bricks)

So what then? My point is, it's much better to base your assumptions and viewpoints on the particular merits and flaws of an idea, than on whether or not the majority of the population agrees with it.

It's just not relevant. Not at all. The only relevance might be how to steer the majority public opinion, if you want to affect change. A very wise man once said: THINK FOR YOURSELF, SCHMUCK!

My personal view is that the "security conscious" (which includes myself, to some extent, I guess) is in possession of a lot more facts than the majority of the public. Also their track record is pretty good. Especially since the Snowden revelations, nearly all of the things that used to dismissed to tinfoil territory turned out to be exactly right. Even RMS' "wacky paranoia" turned out to be not so crazy after all.

Heh, even the "tinfoil hat" itself turned out to be useful, in a sense: wrapping your phone in tinfoil prevents you being tracked (and it's easier than removing the batteries). At least this works perfectly for GSM signals (just try calling a phone wrapped in tinfoil), haven't tried with Wifi or Bluetooth.

> My personal view is that the "security conscious" (which includes myself, to some extent, I guess) is in possession of a lot more facts than the majority of the public. Also their track record is pretty good. Especially since the Snowden revelations, nearly all of the things that used to dismissed to tinfoil territory turned out to be exactly right. Even RMS' "wacky paranoia" turned out to be not so crazy after all.

Right, but I'm coming from a pragmatic stance when I put forward the position of the majority of people being "right".

That is, maybe everything the security conscious predict comes to pass. And maybe it has no practical effect on the quality of our lives. That's what I'm suggesting.

Maybe I still go to work, live in the same house, have the same family, and do all the same things I would have otherwise done. Only if I'm security conscious, I feel slightly more worried about it all.

Again, I'm not arguing this personally. Just entertaining the thought.

> That is, maybe everything the security conscious predict comes to pass. And maybe it has no practical effect on the quality of our lives.

I see your point.

Except, I--and the "security conscious" with me--believe that it merely has no practical effect on the quality of our current lives, until it does, and when it does, it's going to pretty horrible and also kinda too late.

That is, when your current surveillance police state suddenly turns into a much worse bad-wrong oppressive surveillance police state that has the habit of, say, arresting innocent people one or two degrees separated from "activists", keeping them in jail for a week or two, only letting them out on the condition they'll inform on whoever they suspect. This can happen in a flash. It's done so many times before in history, all over the world.

There was a Reddit post that very clearly described personal experience of such a change happening in an (unnamed) ME country: http://www.reddit.com/r/changemyview/comments/1fv4r6/i_belie...

So if the security conscious' predictions are also right about this, then it probably pays to heed their warnings.

What you seem to be saying is, maybe the security conscious were right about all those predictions, maybe they are right about new future predictions, EXCEPT the part where they predict the terrible consequences this ultimately will have on the quality of our lives.

Personally, I find that gamble a bit dangerous.

I think one has to distinguish between no privacy and privacy controlled by some central entity, though. If essentially everyone knows everything about everyone, that might work (though I have some doubts how one could get there from here, especially as it would need some fundamental changes in our economic system), but having the control concentrated in one place seems to me to be very risky indeed, as that is a huge pile of power in the hands of a few.

Is it power? What does it allow one to do?

If the average person in the population simply does not care if their private details are exposed, transferred, or looked at, then does the person who holds those details hold power over anyone?

Again, I generally think having some privacy is a good thing, and personally do not use my Facebook or other social accounts outside of a professional context. But sometimes I wonder whether most people care at all, and whether that is actually detrimental to society.

Security advocates can often sounds like doomsday prophets, suggesting that the downfall of society begins with private companies amassing personal information.

Yes, it is power, tons of it, in a wide variety of forms.

That someone doesn't care has little effect on how others can use the information - the only power that that removes is the power to embarrass. Any party that you depend on economically can still use the information to their advantage (and your disadvantage). And mind you that that might not only be for irrational reasons - any statistically significant correlation is a perfectly rational reason for some company to refuse you as a customer or to increase prices for you, for example. In securities markets, there even is a name for using private information about planned transactions to gain an advantage, it's called front running, and it's illegal, because it is considered to be essentially stealing the customer's money.

But also, much of the power is not power over individuals, but power over society as a whole, in that such direct access to inter-human communication allows you to find patterns in social dynamics and thus allows you to predict future actions, and what it would need to change the outcome. In essence, that is what marketing is all about - but of course, its applicability is not limited to selling you washing powder, but it can also be used to "sell" political ideas. And in the case of Facebook, they can directly manipulate what people get to see, of course.

And then, there is the intersection between the two, in that there are some people who themselves have more power than others, possibly over you - and if someone gains some power over them directly, that means they might transitively also be gaining power over you.

It would be good to hear about some more concrete examples of this sort of power use (or abuse). Selling political ideas already happens (FOX news), and they don't even need to know your personal details.

I do not like my personal information being collected, I find it tacky and generally only submit details when it's absolutely necessary. But I'm struggling to see the extreme short and long term consequences of a society which submits their private data in this manner.

Your suggestions about charging more for certain customers already happens, on airline ticket websites. But it's not a dire consequence, it's a tacky, classless act by greedy shortsighted people.

Sometimes I feel like the people collecting personal details really don't have any power at all. That personal details are overvalued and simply attract funding for these companies.

Concrete examples are difficult in the same way that concrete examples for the abuses of "non-democratic societies" are difficult. I mean, it's not necessarily difficult to find some, but it's difficult to see the big picture from most examples.

Yes, FOX news already happens, but I would argue it's not a good thing, and making it more effective thus probably is even worse?

And yes, I guess much of the risk in a way are "tacky, classless acts by greedy shortsighted people", but that does not mean that they don't have any real consequences. Corruption is similar - and the effects in some economies are quite devastating, even though the individual bribes might not be that expensive. Big effects can arise from small individual inconveniencees.

But I also think that much of the risk lies in the future, with improved analysis algorithms. I think a reasonable model to assume is one of computers that can think and learn similarly to a human, just with much higher input bandwidth for simple facts and a bit limited free reasoning ability. That assumption may go a bit to far, but I think it's still a much better model than thinking of it as an improved spreadsheet. Look, for example, at google translate - that is in essence a computer learning the translation between languages from humans, without actually being taught anything explicitly. It's no big magic, and yet the results are quite good overall.

And private companies aren't the only ones playing that game, of course, the NSA has a similar power dynamic, and the borders aren't all that clear anyhow, of course, as any data piles that private companies hold tend to also attract intelligence agencies and the like.

But let me try and show some concrete examples of where personal information is or could be used in order to gain power:

In the political arena, I think that gerrymandering is a good example: Parties use known correlations between personal information they know and voting behaviour in order to increase their chances of winning the election (instead of making the election as representative as possible, which would make a functioning democracy).

Or a company could primarily fire people who have predispositions for certain illnesses that could reduce their efficiency later on or they could right from the beginning only hire those who are not affected. If the pool of workers is large enough, that reduces costs. And as a company needs to be competitive, it actually might not even be able to avoid it once competitors start such a practice.

Similarly for insurance companies: From the perspective of the insurance company, their financial goal in a competitive market is to get rid of any customers that will cost them more money than they pay, so whatever data they are able to get their hands on, they probably will try to use for predictions, and as above they will be forced to do so once some competitor does it. From the perspective of society as a whole, though, insurance is particularly important for those expensive cases, as that stabilizes the social structure, while an insurance industry that only insures people who don't need an insuracnce is essentially worthless for society.

Or suppose a totalitarian leader gets elected. No easier way to make sure that noone challenges your power than to rank the social graph of your country by number of edges and putting in jail anyone who is too well-connected. One important historical case of this type was after Nazi Germany had invaded the Netherlands, where they had all the census information on Hollerith punch cards, including a person's religion. That information was collected without any bad intentions in mind, and yet it ultimately was used for easily finding the jews to kill them.

Or remember the case of Daniel Ellsberg? Nixon's people broke into his psychiatrist's office in order to try and steal his file, so they could use information from it to discredit him.

Also, how about the use of cellphone location data for drone strikes against people who have had no chance to defend themselves in a court, what the US government calls "targeted kilings"?

Well, I guess that's enough for now ... ;-)

Thank you for the more detailed examples.

I agree that your examples present a worse case than I had initially thought. Although I wonder if there are positive benefits for society that balance those out (I can't think of any in particular).

So if there is a net overall negative effect for society, how big is the effect? Is it on the scale of a nuclear war, or more along the lines of the anti-vaccination movement (causes real problems, but not the end of the world).

Well, on the one hand, there are positive effects of the technological development such as easy communication for people, which in turn might help strengthen social structure, which I would think, though, do not technically depend on such a centralized structure, but could instead be implemented as federated or peer to peer systems with much the same benefits but without the centralization, using cryptography where possible to protect information from eavesdroppers.

Then, well, yeah, arguably there are areas where lots and lots of centralized data collection in principle might be useful for solving real problems. For example, I would imagine that epidemiological studies would be much easier if researchers had access to all medical records of all people, and possibly that could be useful for fighting certain diseases. But then again, we do have some rules in place that allow collection of such data for the really bad stuff, and statistical analysis of anonymized data, so maybe we aren't really losing all that much.

I think the overall effect is more at the catastrophic end, though I would say it's more of a cold war than a nuclear war, at least in the short term: Surveillance does not directly kill you usually, but it can blow up with horrible consequences.

BTW, your anti-vaccination example might be chosen badly: If the anti-vaccination movement were to gain traction with a majority of people, that could indeed be pretty close to the end of the world, at least the world as we know it. It's only a relatively minor problem (on a societal scale) because relatively few people are taken in by it.

This is not about accepting that everyone has facebook, it is about accepting a very easy way for them to solve a problem they are having, which is people doing illegal stuff through their wifi.

It's pretty much the definition of fascism (corporations assuming Regalian tasks) and the main motivation behind my PhD — so yes, it’s freaky. But it shouldn’t be surprising, not as a first step.

Decades after widespread e-mail and web use, very little progress has been made to improve identity and relation representation with a usable design outside of Facebook and its competitors (currently: LinkedIn, twitter; and the less public: Instagram, WhatsApp, SnapChat, Lime) all self-centric platforms. Open social media initiatives have been legions, from blog-based solutions (mainly on top of WordPress) to some revitalisation of OpenSocialNetwork spearheaded by Facebook employees. However, standard-based platform hit the contradictions raised by social presentation (what is a friend, a follower, should a non-physical person have identity? what should be public?) even harder than a single platform does. At least a corporate monopoly headed by people who don’t mind being called prejudiced can leap over a semester long nasty debate on gender classification, and focus on scalability and fixing bugs.

My ever-disappointed hope is that after a handful of social network generations, current decision-makers know how to recognise a coming tide. To preserve their market share, they hopefully will support a working standard. In that regard, having Facebook and Instagram under the same super-management might help agree on some commonalities. I believe it will be in their interest to suggest a usable OpenSocial-4.0 that will first let one connect their accounts within one corporate group. In Facebook/Instagram case, that means articulate multiple identity facets, pseudonyms, challenge the need for civil criteria such as age and gender. Moving further out, it might mean discuss information-sharing for ad-targeting to avoid commercial conflict with competitors. Possibly it might finally let you connect your own server, and your multiple identities to your less savvy friends WordPress blog or twitter feed.

From there on, one can hope proving their integrity to their ice-cream clerk without having to bow to too Orwellian institutions. An alternative is to ask a Facebook competitor more agreeable to your concerns (reddit? Moot’s Canvas?) to offer a similar service: though luck if what matters is law enforcement.

That war of leaky abstractions against our own laziness to express our social ties has been raging since the 80’s.

As icky as post-libertarian can seem, their focus on usability helps set up great services far before any more respectful entity can. Rather than code along and be overtaken, we might benefit from learning how to shift those to more open practice later in their development.

"It's pretty much the definition of fascism (corporations assuming Regalian tasks)"

No, it's not. Fascism has an actual meaning and it's not simply "bad people doing things I think are terrible".

"Fascism views political violence, war, and imperialism as a means to achieve national rejuvenation and asserts that stronger nations have the right to expand their territory by displacing weaker nations."[1]

All fascists are hyper-authoritarian, yes, but not all hyper-authoritarians are fascists.

[1] http://en.wikipedia.org/wiki/Fascism

> It's pretty much the definition of fascism...

I looked it up, and you're right!




1. requiring people to have a Facebook account to access a free public wi-fi hotspot so they can keep up on Reddit while they eat their fudge brownie ice cream.

2. an authoritarian and nationalistic right-wing system of government and social organization.

I think the point of the story is to illustrate that a Facebook account is not a useful way to validate a customer's identity.

I think the point is it's useful enough for many situations.

No, it's really not. Its very simple to create a fake FB account, all you need is an email. Relying on FB login is a really stupid way to try to verify identity - why not just use emails if they want some minimum bar for registration? FB is no more useful, ubiquitous, or reliable.

I see the attraction for FB in this though; they're desperately trying to come up with ways to avoid becoming the next geocities or myspace - if lots of websites or services use their login or comments system, they will manage to stay at least minimally relevant for a bit longer.

I'm not really sure what's in it for the businesses or consumers though, unless they trust FB...[1]

[1] http://www.businessinsider.com/well-these-new-zuckerberg-ims...

But it really is good enough for the business offering WiFi.

If Facebook validation causes 90% of their visitors to simply hit the "sign in" button on their default Facebook account, they have probably reduced a significant amount of bad behaviour on their network.

The fact is the vast majority of people are already connected to Facebook under their real names on their mobile device at all times. Taking advantage of that (minimum security through "ease of use") is a good idea.

The person who goes to the store and uses a fake Facebook account to use their free WiFi maliciously is almost non-existent. People will just take the path of least resistance to get what they want now.

Stop thinking of their security in terms of how to circumvent it — that's easy — think of security in terms of which path most users will flow along. Then look at the tradeoffs of increased security to handle the remaining users, you generally find it's not worth bothering with them.

The few people who do want to use the wifi maliciously will find creating a fake Facebook account a very minor obstacle to overcome. Therefore, I don't see what benefits it provides to the business.

How about data provided to the business on who their customers are? This seems especially genius in that it doesn't even require the extra step of "checking-in", but can provide the business with the same data.

I agree that could be useful. It's different then the claimed purpose of identity verification for prevention of malicious use, though.

This is one of the things that really saddens me about the world we live in - we can't have nice things, because everything is being optimized for the average use case, and average people just don't care much about anything, especially quality.

> average people just don't care much about anything, especially quality.

That's incredibly arrogant, and more than a little naive. The problem is that you're only looking at the small part of the problem which you understand better than the average person. Think about it instead from the perspective of the ice cream shop owner: they're not making any money from your using the network.

You might look at the a Facebook captive portal and think it's a poor choice but your solution isn't optimized for the business needs: cheap, reliable, doesn't require much staff time to support or special skills.

This particular problem is really a tech industry market failure, as there's never been a serious attempt to build a federated authentication system because the general trend has been trying to force a closed system on the world with the goal of levying a tax later. The most successful attempt was OpenID which was fundamentally mis-designed – inexplicably using URLs instead of email addresses – and quickly derailed by the gratuitous complexity crowd. There's a chance we might see things change with Persona but … I'm going to go out on a limb and guess that this won't happen quickly and, even if it does, it's going to be hard to find many developers willing to turn down a Facebook-scale salary to work on a turn-key level captive portal system priced at what an ice-cream shop can afford to pay.

I upvoted you because your point is reasonable and rational, but let me explain what I meant by my comment.

I do not believe that the ice cream shop owner is doing anything wrong - he's optimizing his business to be maximally cost-effective to him. My complaint is about the current "reality", the system overall. We keep focusing on the average user, or on the most common denominator, cutting corners and making everything as cheaply as possible. This is not wrong. I understand the reasons why things are like that, but it doesn't change the fact that it makes me sad.

When you look at movies (or video games), you don't see typos, or subpar, broken, dumb tech. Because the worlds are animated by designers, everything is perfect and beautiful. Real life is not made by graphic designers, but I still wish there was a little more beauty in it. A bit less typos, a bit more caring about quality, long-term consequences and general look&feel. They say that perfect is the enemy of good. We live in a world of good enough. I just wish, on an emotional level, things were a bit closer to the "perfect" side.

(disclaimer: I grew up on Star Trek: TNG and later)

(disclaimer2: this comment is written after a few beers, so please forgive the lousy style)

They certainly are making money if I come and eat ice cream knowing they have free WiFi that I can use, and leave (without buying ice cream) if the WiFi doesn't work for me.

If enough people care about the problem and don't buy ice cream as a result, they will likely change their policy.

I don't think this will ever happen, most will buy ice cream and just leave or sign in with their Facebook profile, which is a win-win for the ice cream shop.

Likely this will just cause enterprising people to look for holes in the registration process, like tunneling traffic over port 53 (old), or any number of other methods, especially when you are talking about a unified login system that forces you to do something with FB.

> They certainly are making money if I come and eat ice cream knowing they have free WiFi that I can use, and leave (without buying ice cream) if the WiFi doesn't work for me.

The key thing is recognizing that the WiFi is closer to advertising rather than the product – the same situation might arise if they don't have enough chairs, the bathroom is out of order, etc. Just as you don't build out 2,000 seats just in case everyone wants to camp out, you don't want to invest more in the WiFi than the incremental percentage of sales lost.

Oh man, you mean we have to rely on 4G LTE connections instead of using the free wifi provided for us? My email may be marginally slower- I don't think I'll ever be able to enjoy ice cream again :-(

It's not even for the average, because too many people are far too stupid for that and things suddenly have to be 'for everyone'. Someone with a 100 IQ and a modicum of common sense can deal with such things as an options menu, despite what google/apple/increasingly MS think.

> Someone with a 100 IQ and a modicum of common sense can deal with such things as an options menu

It depends on previous context. Myself and another career programmer couldn't figure out how to print a wikimedia image on my uncle's Surface RT. (We tried several different apps and looked for context menus in each one to provide a print option.) As far as we could tell, it couldn't be done without dropping to the desktop. My computer-illiterate uncle showed us that you can just pick print from the devices menu in the charms. (Apparently, the Charms is a hybrid system menu and app context menu.)

I didn't have any context for how Win8 works. He did. Then again, I don't know how long it took him to figure it out and whether we would have figured it out eventually.

Despite my bad experience, I'd rather see radical changes in UI instead of sticking with what "works". It only works because we're used to it. Win8 might not be a step in the right direction, but it's might lead to improvements.

Well, a surface is explicitly designed for the lowest common denominator. Context-sensitive menu options that change what they do have always been a bad thing as they completely block development of muscle memory for actions; they would only ever logically be useful for people who are not fully able to remember multiple locations and associate them with different actions.

"Make a completely foolproof product and only a fool will use it".

> Context-sensitive menu options that change what they do

The whole point of a context-sensitive menu is that it changes depending on your context. I think they're usually for advanced users -- often the right click menu just duplicates commands from the global menu but it's a faster access method. The Win8 case requires it for all users.

Of course if the context is the same, then the menu should be the same. (Maybe that was your point?)

Where is this, Toscanini? I don't think the guy running the register and dipping the ice cream has the ability to override whatever settings the tech guy put into the router for the owner in the first place but can't you just walk down the street to the free Starbucks?

These are their terms, why does everyone have to argue with others about free services provided?

I'm not gonna give bad publicity to them by confirming or denying the identity of the ice cream shop.

While I'm sure I could have gone to Starbucks or used a mobile connection I was back to Cambridge after a year and I didn't have an American sim card. I'm sure this thing is no big inconvenience as a former regular customer I felt this was a downgrade from the service they used to offer and I decided to voice my dissatisfaction.

On the other hand I think that facebook being used as a replacement for identity verification both in meat-space and on the web is somewhat worrying, because facebook is neither an open standard like email or something like a passport (and I know I'm gonna get some libertarian angry) which is government issued.

In short I'm ok with a government monopoly (especially when it's a natural monopoly) or with multiple corporate interoperable choices, but a corporate monopolies are dangerous.

Why do you think that it is wrong to argue for something that you think would make the world a better place?

Suppose I offered free drinking water that had radon in it, would it be wrong for you to argue for getting rid of the radon because it's free, and my terms are that there is radon in it?

If those are your terms, it's up to the customer to decide whether they would accept those terms in exchange for the water. I don't see the problem

My question was not whether the customer can decide to take my water or not, the question was whether it would be wrong to argue for getting rid of the radon, or maybe to ask for radon-free water because you are concerned about your health.

No, of course it's not wrong. You can argue until you are blue in the face. Go right ahead...

Thank you for agreeing with my argument then!

Reminds me of a situation I once encountered in the Mumbai airport.

I open up my computer and see there's free wifi - I try to log on, it wants me to verify my identity by sending me a text message... of course, I don't have an Indian sim card, as I'm just traveling there for a short period of time (I would think many people inside an airport would be in this situation). Fortunately, they have an alternate verification process, which is to get a code from one of 3 information desks... all located outside the secure area. And of course, I'm not allowed back out there because I've already gone through security - like many travelers, I'm sure, I didn't try to sit down with my laptop and log onto the wifi until after I had gotten to the gate. There was, ultimately, nothing to be done - I found other ways to entertain myself during the 2 hour wait. :-/

Why not make a fake Facebook account? I imagine it could be useful in a number of other similar situations.

(This is a serious question - I imagine there are real reasons why not, I just can't think of any myself apart from inconvenience/general principle).

Because it's more satisfying to be a jerk towards someone who can do nothing about the situation, under the guise of principle.

How was that exchange with the clerk 'being a jerk'?

Asking the clerk to verify the photo ID in place of a Facebook account was a bit strange.

You'd probably have an inkling that their authentication is based on Facebook, so the photo ID thing is highly unlikely to work. (It seemed to be said more to counter the clerk's statement of not being able to validate users than a proposal of a real solution).

The clerk actually provided a real, practical solution (fake account) that the author does not seem to think very highly of.

Apparently nowadays it's being a jerk to ask people questions you should have guessed they have no way to answer productively.

Erm, yes, it really kind of is.

I've had one for years, and he has real friends and everything. I use it for testing my own apps and signing up for other peoples apps I don't trust. But it's been a great help when there are services I want to use that require FB. Ya, against the rules, but I'm not the only one, and my fake users friends are real people who chat about politics and have liked some of the things my fake profile has liked.

The way you describe it - it stops being fake at a certain usage point - it then becomes a persona.

Because if you admit that it's a possibility, then the Facebook login security measure accomplishes nothing at all.

Can you even create fake Facebook accounts these days? I have a real one that I never verified years ago, and Facebook would always ask for verification, but allow the account to still be used. However, I tried to create a fake one, and within hours, Facebook locked the account, and claimed it needed to be verified with a phone number to continue. I tried it a few times, from different IPs, and they required a phone number within a day for each account.

You could buy a throw away cell phone for verification, which is what some people do after I did a little research, but it's more effort than I'm willing to spend.

These were not obvious fake accounts, I create a realistic fake name, location, and a couple of interests. At the time, it seemed all new accounts would require a phone number shortly after registration. I imagine it's still the same.

In conclusion, I just don't use Facebook. If I'm not willing to bend over and give up my privacy, they don't want my business. So, I don't use them, and don't implement anything Facebook related across my sites.

Google this: buy Facebook pva

That is possible to do now. I'm however convinced that there will be a day when creating such an account will be more difficult (phone number needed etc). That day will most likely come after the Facebook WiFi router is widely implemented.

Fake names are contrary to Facebook's policy. Your account may get disabled.


It's a FAKE NAME. If it's disabled, just make a new one. Hell, you could make a new account every time you log on with a random bang-on-the-keyboard password, what's the difference?

Then just create another one when it gets disabled.

What do you imagine, the clerk has access to the a wifi panel where he can just enter in your details, match it to your mac address, and you can bypass the facebook login? That this guy has been trained on a complex system, which has very little use, makes them no direct extra money, would be more expensive and a pain in the ass?

So you acting like a jerk just makes you look stupid, and then you write about it online as if you somehow made a point?

So, asking for alternatives to what you consider ethically questionable makes you a jerk then? And opression is not to be questioned if getting rid of it and its externalities would cost something?

Ha, come on, is this oppression? And the problem we all have is that this guy is taking it out on the clerk, who has no responsibility in deciding this, has no control, and present a reasonable solution despite not having too.

The guy who went there for ice cream is more to blame than the clerk in this issue.

First, yes, it is. It's enforcing a social norm without any actual need (by society at large, I do understand the motivation of the icecream shop). Note that I am not saying who is responsible for it, oppression can be institutionalized and without any bad intentions by anyone in particular, that does not make it any less oppressive to those who are affected.

Second, how did you get the impression he was "taking it out on the clerk"? He simply was asking for an alternative method to access the WiFi and expressing his concerns about his privacy. Are you also to blame for taking it out on the clerk if you ask, for example, whether you might open some window because you think it's too hot or too cold or whatever?

That sounds truly awful. How did you manage to enjoy your ice cream without wifi?

The clerk must not be familiar with Facebook's "Real Name" policy. I think that asking a store clerk is probably never going to get you anywhere though. They are the least likely people to be involved with technical decisions. That's something that would be better taken up with the business owner.

What's sad is that the business owner would probably be willing to sacrifice your business for the perceived benefit that he/she is getting from Facebook's WiFi.

The irony is rather that the excuse they provide is that they want to verify people's identity to prevent abuse, but then openly recommend using a fake identity to log on.

The shop management request a FB identifier as this reduces abuse of their wifi. If that didn't work they probably wouldn't use it - it's basically a way to require work of those who want to log on anonymously, probably enough work that it's easier to just go elsewhere.

The shop staff suggested using a faked ID - but they didn't suggest that this should still be the persons only ID for Facebook. That was their solution as an individual.

They're not even particularly contrary as practical solutions go - the first policy is presented to the public, it works to reduce wifi abuse. The second "policy" is not presented and works to try and avoid confrontations.

The person in charge wanted to verify people's identities. The store clerk just wants to deal with the customer, his recommendation does not necessarily reflect the opinions of his employer.

But the thing is authenticating through Facebook probably does verify the vast majority of their customers' identities.

Even if they put big signs out the front of their shop saying : "You can make a fake account and use our WiFi if you care about your privacy." Most people would not go through the trouble of making a fake account and just login with their real account.

The fact that the clerk was in conversation with this guy probably put him in the "non troublemaker" category in the clerk's mind anyway. And thus the whole identity verification thing was irrelevant, he was just suggesting a practical solution to the customer's problem.

I have a Facebook account that I barely ever use, and I would not use it to access free WiFi.

That said, I can only side with the ice cream shop salesperson in your anecdote. Just make a Facebook account with a fake name, use it when you want to.

You seem more angry about the requirement of a Facebook account than not being able to use the free WiFi. But the fact is: if your goal is to use their free WiFi, you can do so without giving up your privacy (fake account).

I bet they wouldn't even let you pay with Bitcoin!

Yes, "Just make one with a fake name!". It's pathetic it's come to this, but I have found people don't really care about privacy. I think we need another Mcarthy Era in order for the masses to really take notice? Sure we complain, but too many of us just go along with the status quo. I gave up, and just use a pseudonym.

You have privacy concerns about making a fake Facebook account but you want to get onto an open wifi?

Modern day hypochondriacs, the lot of you...

Internally the "..." was a facepalm right?

This has been available for several months now. To answer a few questions I've seen, it uses a typical captive portal approach, so an unencrypted WiFi hotspot. Upon connection, you are redirected to an encrypted site with embedded Facebook account verification, at which point you can go wherever the Internet service lets you. The router typically has content filtering and also tracks Internet usage (bandwidth, visited sites, etc) as well as limits on visit length etc.

It is a useful option for merchants, as customers expect WiFi for free. Further, they expect it to be fast and that doesn't expose them to security risks. In other words, this gets expensive and difficult to manage. There are great solutions out there already, but they cost money - so the business case is based on marketing data. Email authentication would work, but it is difficult to gain much insight about customers, also you would need to give people access to their email server to setup their authentication. SMS doesn't work for people who don't have cell phones, or if there is poor coverage - also marketing data would be very difficult to gain. So, Social Media authentication (Facebook) turns out to be a really great option.

Obviously you have the choice not to use the service, but this isn't going away. Industry codes of conduct need to be set and I don't think they have. Privacy laws need to be understood and enforced. Retailer and coffee shop activities with this data haven't caused me much concern, but Facebook is another story.

If your business depends on WiFi (e.g. Coffee Shop), this could potentially hurt business. Only ~50-70% of US Internet users use Facebook and that is dropping.

As a business owner I'd be concerned about alienation. Facebook is far from universal and many avoid it (especially the younger crowd).

Do you have a citation for that US usage statistic?

According to this often-quoted study, 71% of online adults used FB in September. http://pewinternet.org/Commentary/2012/March/Pew-Internet-So...

What's interesting is that this study is an extrapolation (n=5112), but it suffers from selection bias in the sense that the people who would avoid using social networks would also like just hang up on the survey caller (I hung up on 4 this past month).

Add that to all the fluff-piece/marketroid sounding "survey results" like this:

"Read more about Facebook activity and Facebook “power users” in our report, Why most Facebook users get more than they give"

...pretty much make me wonder what questions they asked, and how much the prodded the recipients of the call to ask if they used social networking.

Surveys should state how many calls they placed successfully in order to achieve the (n) of respondents. That's information that's being thrown out.

A hybrid approach would be nice for your example: check in on Facebook to get online yourself, or go ask the barista for the WiFi password

More likely: there will be no hybrid approach and you'll see a piece of paper tacked to the bulletin board: "House throwaway Facebook account login for those without an account."

Seriously? There IS a hybrid approach (read above comments). Ridiculous.

I've been in a coffee shop that does this. You can either set the password yourself or log in via facebook. Don't remember the exact workflow, but it's possible.

You can see the setting to enable this from the provider's point of view from the last screenshot on this post on Meraki's site: https://meraki.cisco.com/blog/2013/05/youll-like-this-cisco-...

The main thing here that I didn't realize is that it seems there is ALWAYS an option to skip checking in, either by clicking "Skip checkin" or by getting the code from the cashier.

Looks like there's a way to skip the checkin with a code that you get from the business.

Does the system let you create a new facebook account or only login with an existing one?

If I were to see this system in place, I'd just create a new fake facebook account. So long as the system doesn't have some draconian 'log in with an account older than 1 month with 10 friends' type thing, I don't think I'd mind, and I'm solidly in the 'facebook is evil' crowd.

Doesn't draconian normally mean excessive? It wouldn't be draconian considering you're proposing to engage in the exact abuse such a measure would be meant to fix.

Are you really claiming that creating a fake facebook account is "abuse"?

In the sense that it violates a social contract? That is, WIFI access in exchange for repping this spot to your friends in however minor a fashion? In the sense of behavior that you as a service provider wish to prevent? Yeah, in all those senses, it is "abuse."

To me, "abuse" is a term with pretty strong connotations, and in some cases legal ramifications (e.g. "Computer Fraud and Abuse Act"). We're living in an environment where "exceeding authorized access" (whatever that means) carries the potential for decades-long prison sentences.

If I think about how we use that word in other contexts: "spousal abuse", "drug abuse", "sexual abuse", I find it quite a stretch to apply the same term to giving a bogus email address to a marketing firm.

I am sorry that you do not like how the term is used, but it is a fairly common way to phrase it among internet companies.

I think you overlooked that they violated the social contract first by requiring you to submit to surveillance, so all I am doing is to protect me from their abuse.

The "social contract" now includes wifi?

No, the social contract includes not snooping in other people's private lives, and not co-opting unsuspecting third parties for doing so.

So they have to give you free WiFi with no strings, stipulations, or benefit to them?

You're free to not get on the WiFi if you don't want to, and frankly if you're hopping on any public WiFi, you've more or less lost any practical claim to privacy in the first place.

That might be your opinion, but I think you are wrong. And not only that, but where I live you would even be legally wrong. If you open your access point for public use here and you then go and look at other people's traffic, that is illegal and you can go to jail for it.

And no, they don't have to give me free WiFi - they just have to not snoop on me. Just try to transfer your argument to a scenario that doesn't involve WiFi or facebook, but rather, say, tap water and as a prerequisite you have to confess belief in Allah. Illegal? Certainly not. Totally inappropriate? I would say so.

You see, this is not a legal argument, it's about ethics, about what makes a society worthwhile to live in, not about what the minimal standards are that we enforce using state power.

They are legally and morally permitted to make snooping on your Internet traffic part of what you have to agree to in order to use their WiFi.

The ability for a person to set the terms in which others interact with his private property is what makes this society worthwhile to live in. People can't force their way into your stuff without you setting conditions for that use.

And you're correct that looking at other people's traffic is illegal. It's illegal where I come from too.

So is speeding.

There is no such thing as "ethically permitted". Ethics is not about being allowed or not being allowed to do things, but about how to do things in such a way that it's a nice way to live together. You see, the general principle that you have control over what you own is one that in general makes a nice way to live together. That does not mean, though, that any conditions you technically might be able to set also make for a nice way to live together. If you have tons of bread, say, and your neighbour is starving, you sure can set as a condition that he has to cut of his left arm before you give him bread, and he obviously is free to refuse your offer. But I hope you would not consider treating your neighbour that way to be the ethically right thing to do that would make for a generally nice way to live in society.

Oh, and by the way, there even are legal restrictions on the kinds of conditions you can set, at least where I live. If you reserve the right to cut off your neighbour's left arm after he has accepted your bread, for example, you would not be able to enforce that contract. And you wouldn't get your bread back either.

As I think that the ability to communicate privately is similary important as protection from bodily harm, I would think it would be appropriate to have similar norms as far as snooping on communication is concerned - and even where they are not legal norms, they would still make good ethical norms.

So, no, noone should be able to force you to provide access to your WiFi, but still, if you do provide access, you should go to jail if you do listen in, with contract clauses allowing you to do so being unenforcable.

"Ethically permitted" means "can do while being moral". It's a synonym for "moral".

And yes, people should be able to force you to provide your information in order to access their private property.

I disagree. Well, strictly speaking, asking for identifying information might be OK, but storing it or communicating it to other parties is not, at least not without some justification why that is needed.

Control over your personally identifiable information is similarly important in the modern world as is control over your property, and where the two come into conflict, appropriate solutions have to be found.

Agreed regarding the property analogy, but you regularly give up your property for the use of a service.

It is not immoral to request someone's property as a form of payment for use of a private service.

'Draconian' does not mean 'excessive'. It means stringent, severe, brutally strict.

https://www.google.com/search?q=draconian Has the word "excessive" in the definition. I think it's at a minimum connoted in most applications of the word. Anyway, it doesn't matter how it's defined, I was only trying to understand whether the OP meant "excessive" or just "something I don't like."

I choose the word draconian because I thought it was the best word to describe the idea I was trying to convey. If I had to rephrase, I suppose that all of 'strict', 'harsh' and 'excessive' would be fair words to use in describing it.

As to your original comment, it can be both draconian and effective. The requirement could be that in addition to your facebook account, you also must upload a photo of yourself, holding government-issued ID, standing in front of the store, etc etc. That would make it even harder to use the wifi anonymously (abuse their system), but would clearly be a draconian measure.

I would just do the check-in and set privacy to "Only Me" - like I do every time an app share-walls me.

" … it uses a typical captive portal approach, so an unencrypted WiFi hotspot. Upon connection, you are redirected to an encrypted site with embedded Facebook account verification, at which point you can go wherever the Internet service lets you. "

I'm not eagerly awaiting the WiFi Pineapple plugin that impersonates this to phish for Facebook login credentials.

This is a pretty good idea. It solves the coordination problem of not wanting to just provide free wifi forever to anyone by requiring a token "payment". It solves the identification problem which (unfortunately) is a requirement in many jurisdictions. And it helps non-technical business owners provide decent wifi.

What sort of problem is this exactly solving? People seem to get at Wifi no problem at all. Just wander into any Starbucks around 4PM, especially in New York or any major metro and you'll see hordes of people accessing wifi. Is it crowded? Sure? But this doesn't solve that problem. This just eliminates some login steps and provides value to the provider of the wifi.

Do you feel that trading in your privacy to simplify the login problem (and allow you to avoid actually paying the people whose space you are occupying when you use their power and wifi and restroom and hvac) is worth it? It isn't for me, and so I ask, what problem is it solving?

Here in the UK most 'free' hotspot providers like BT or The Cloud already require you to register and give up your personal information to get access. When I've been travelling abroad I've encountered hotspots that require a (local) mobile phone number to get access. Today I accessed a wifi network that wouldn't let me get access unless I agreed to receive marketing material. I see this as an easier way to get access, if you must you could always set up a fake Facebook profile for this.

Also I haven't seen the terms, but I'm wondering if Facebook give out direct personal information. Assuming they don't, would you rather be seen as John Smith of 14 Main Street, DOB 1990-08-23 or 18 - 24 male who likes football?

Interesting. I've never seen that in the Nordic countries or the US. Typically either the wifi is just open entirely, or there's a WPA password written on a little card by the cash register. Helsinki even has open wifi across the whole downtown, and in Denmark all the Baresso locations have open wifi (no login or password). Does the UK have laws requiring the hotspot providers to collect that information, or are they doing it of their own accord for marketing or abuse-reduction reasons?

People in the UK seem strangely at peace with surveillance.

I'm sure that many people will think that tradeoff is worth it - I doubt many people will think about it at all.

Not everyone is a Hacker News reader.

Exactly this. I mean, consider that anyone who wanted to could be monitoring the Wi-Fi they provide to you already. Starbucks could be crawling huge amounts of browsing data daily.

> And it helps non-technical business owners provide decent wifi.

And a more direct, measurable reason to providing wifi. I'm sure if they don't already, they will provide metrics on checkins and impressions from them. Will help FB get future ad spend from them once they are seeing results. Very clever.

> It solves the coordination problem of not wanting to just provide free wifi forever to anyone by requiring a token "payment".

Actually, it doesn't really address that at all. It doesn't discriminate against non-customers (or people in the business next door, or people in their car outside) as long as they have Facebook accounts to check in with. The upshot is that the check-in even from a non-customer is probably worth it to the owner.

> And it helps non-technical business owners provide decent wifi.

Not sure about that, either. I think it's still incumbent on the business owner to acquire and set up one of the supported "smart" routers. Facebook's only help here probably comes in the form of some documentation.

There's nothing decent about WiFi that links your customers to the creepiest personal info vacuum on earth.

Meh. Just filter what you put on Facebook, or don't use it. I'm not in favor of this, and I do find it creepy, but nobody holds a gun to your head and makes you log in and post status updates recapping your day. It's a trade off - the pleasure/whatever you get from FB vs the creepiness/unpleasantness from them having your information. If the balance tips, re-evaluate using the service.

Post, don't post, doesn't matter. Your friends who do post will give enough information about you that not having an account wont matter.

Nothing stops someone from tagging you in a photo. Nothing will stop people from posting "Hanging with XXX @ YYY". Putting 2 and 2 together: they now know who you are, types of places you visit, and what you look like. And you never made an account. After this your choices are:

- get radical with friends about what they post about you

- give in and use facebook

- stop hanging out with your friends

The "don't use it" argument falls apart when you realize that Facebook builds shadow profiles for people who don't use Facebook.


That stuff is creepy, but I always find claims of such-and-such a company stealing "my data" a little weird when that data turns out to be very public information about me such as my name, phone number and what I look like.

Filtering what you put on facebook will not protect you and not using it will not prevent facebook from profiling you but will prevent you from accessing "free" internet from this places.

No it's not. It's the same as answering your business phone by saying "go fuck yourself" and hanging up 1 out of 10 times.

Besides it doesn't solve the identification problem at all, as in lent credentials, fake accounts, hacked accounts and things of this ilk. It turns facebook acounts in commodities to be traded to access the internet.

An the worst part is that it's an attack on the very foundations of the Internet.

Forget about logging in for wifi. This is a direct competitor to Nomi.

Facebook will now know whenever your MAC Address walks by a storefront with one of these routers, regardless if you have an account. For those who have installed the app (the majority of the country) FB will be able to match the MAC ID to your account.

In addition to simply foot traffic walking by the store, the router will track information on when you are actually in the store, how long you stayed there, and how frequently you visit.

Eventually those with FB on their phone will have ads pushed to them when they pass one of these routers. I imagine it wouldn't just be for stores with the routers but those within the immediate vicinity.

Of course none of the data collected will be shared with the storeowners until they are sold the ads by facebook.

Fuck me, you've got an excellent point there sir/madam.

First I thought that FB would provide the hardware and internet connection to the business in exchange for so much information about their customers...

But after reading their FAQ, I realize that no, FB does not provide anything. The deal is like "give me your customer info and your internet connection, I'll give you... maybe a few more likes on your page".

Eventually for consumers like me who don't use FB, it's going to be a loss of service. Some businesses who had open Wifi will now require FB check-in to provide access. Sad.

> Some businesses who had open Wifi will now require FB check-in to provide access.

Check-in isn't required to get access. My local coffee shop switched over to a Facebook WiFi point over the weekend (Phillz, who have a branch in Menlo Park so I assume must be piloting it). All that really changed for me as an end user was the old splash page got replaced with a Facebook page asking me if I'd like to check-in (along with a button to skip check in, which I used).

It's not required but let's be honest - it'll be what happens.

Pretty sure the average person would rather "check in" via Facebook than using the current "click this checkbox and continue".

People trust and like Facebook. They don't trust or like GogoBoingo Wireless.

Actually I'd trust Boingo more than Facebook as a platform.

They've been around since 2001, Facebook since 2004.

That finally explains what that preinstalled crapware on my previous Asus laptop was. Never came across any hotspot with Boinggoboing though.

I see them in airports...

I think if you go to the grocery store and ask people you'll find out otherwise.

So you don't even need to log in to Facebook?

Even if that's the case, I'm afraid this will be tempting for the business to require check-in. Let's see if Phillz changes their settings!

A lot of business do pay for more likes on their pages. These likes are much more valuable as they are actual people that walked into/near the store. It also manages their free wifi by having an expiring token https://www.facebook.com/help/287034034776458

Absolutely disgusting. These type of things just give me the willies. Everyday I see that Mr. Stallman was right, it's incredible!

Why is this "absolutely disgusting"? It's good for Facebook, it's good for local businesses, and it completely optional for consumers. I don't see any problem here.

Let's see:

My desktop machine is harvesting all sorts of information on me and Google can probably identify me with ease.

My mobile phone KNOWS what my contacts are from services I haven't even installed yet (WTF!).

Facebook tried to sneak in even more permissions on my Android device a couple of weeks ago (deleted it since).

It seems every time I lose more and more and more anonymity, and guess what: The 14 year old me from the past didn't care, but the older I get the more I want services to leave me the fuck alone!

None of those points have anything to do with this specific Facebook wifi product.

It is not optional for users who do not have Facebook.

It's not an option for people who don't want to agree to facebook's TOS, you mean..

I guess those users have the choice of signing up for Facebook, or not using the Free WiFi?

before, we could use the free wifi without a facebook account

No, before many shops would not even offer free wifi. This will enable more shops to have it.

We advise a lot of small businesses and are seriously considering recommending the adoption of this if it helps them get likes to their fb page. Capturing fb likes from existing and happiest customers is a challenge for every small business.

Define: "optional"

Optional as in "you can't use WiFi if you're not on Facebook"? As in, with each coffee I buy here I contribute to paying your WiFi bill (both hardware and connectivity) but I cannot use it, thus having to pay a premium to get a better 3g subscription so that I can work without WiFi?

As a rule of thumb, what's good for facebook is bad for everybody else. A transnational corporation whose business is surveillance and data gathering planting devices in local businesses replacing wifi internet access by "you don't get to use the internet if you don't submit to our corporate surveillance" is not good news. Telling a portion of your customers to go fuck themselves is not good for businesses and this is what such facebook routers are doing. Replace facebook by NSA here and say again you don't see a problem here.

Just like all other "optional" features Facebook has provided in the past, they will inevitably figure out a way to hide the fact that using these hotspots checks you in, and probably spams your "friends" with a record of whatever you ate.

> they will inevitably figure out a way to hide the fact that using these hotspots checks you in

Using the hotspots doesn't check you in; checking in allows you to use the hotspot. Seriously, read the page before spewing FUD.

Also if you look at the page, you can see you can change who you share the check-in with. It's just like Facebook app integrations: you can switch the share settings to "only me" if you want a private check-in if you're worried about spamming others.

Wait I thought he was joking. Facebook actually suggests that you share your current location with everyone?

Maybe you're new to Facebook..

> Customers simply check in to your location on Facebook to connect to free Wi-Fi

wow. not only do they get you to sign up for an account, they also get more insight into your movements/migrations by forcing you to use a feature that (for now) you can disable.

nobody says you have to use the service but we'll see how many more sell out for it.

edit: read more

How do I edit the Wi-Fi code my customers use to skip check-in?

To edit your Wi-Fi code:

Go to your Page and click Edit Page at the top of your admin panel.

Select Edit Settings from the dropdown menu.

Click on the More... tab and select Facebook Wi-Fi.

Select Require Wi-Fi code and edit your Wi-Fi code in the box.

You can also choose not to require a code by selecting Skip check-in link.

Click Save Settings.

If you don't like it, don't buy a Facebook WiFi router.

For our business use case, this is perfect.

... or don't go to a business that has purchased a Facebook WiFi router.

Imagine hotels using this for their "free in room internet". I would seek lodging elsewhere.

There's no business case where telling a portion of customers or would be customers to go fuck themselves and kicking them out.

Having a facebook only "free" internet is doing just that.

There are privacy concerns but overall I think it is a splendid idea, both for Facebook and for the businesses that choose to join.

Your run of the mill free wifi is neither secure nor private to begin with and I don't see Facebook Wifi encroaching on privacy any more than currently available free wifi.

This is a good point. Honestly the most annoying thing will be the polluting of fb feeds with checkins (something it is possible to ignore from others I believe, but not prevent from posting yourself if you check in on fb... which is the whole idea of course)

That is a fair point, and it will be interesting to see how Facebook will deal with "feed pollution".

It already has this problem, and its solution was to default sort to "Top Stories" instead of "Latest Stories." A lot of accusations that it was a money-grubbing play for pay-for-performance, but I don't think they had much choice. They had to fix the problem of a few noisy people, pages or apps dominating users' feeds. https://news.ycombinator.com/item?id=5320207

Do you honestly believe facebook won't look for and find ways to encroach on privacy more than currently available free wifi does? Their entire mission is to encroach on privacy, and now they've got you connecting to their wifi hotspots at the gynecologist's office.

now they've got you connecting to their wifi hotspots at the gynecologist's office

Nobody is forcing you to check in at your gynecologist's office, which is something you can already do, if you're into that kind of oversharing

Actually, it might very well happen that these Wifi networks all have the same SSID, which would likely make most devices automatically connect to them.

Even if they don't, they only ever need one connection to link your device's MAC to your username, and then detect it without ever connecting.

Yeah, I thought of that the moment I posted.

Assuming you are a Facebook user they would know your location anyway, Facebook Wifi or non-Facebook wifi.

Then again, considering your username I guess you aren't a fan of Facebook at all.

>Assuming you are a Facebook user they would know your location anyway, Facebook Wifi or non-Facebook wifi

How do you figure?

Whenever I open the FB app on my Android, the GPS notification flashes for a moment. This information I'm sure is tracked, but is not shared.

If this becomes widespread, the phishing potential will be huge. Everybody is used to clicking through SSL warnings, or not having SSL at all when registering with hotspots. Rogue APs redux here we come.

Any moderately busy location is already abuzz with dodgy-looking access points. It appears you have to join using an app, presumably that app will check certs against a whitelist.

Coming soon: captive portals that pretend to be Facebook WiFi and ask for your Facebook username and password.

Hell no. Business owners, please don't use this for wifi in your stores! I refuse to use Facebook to leave a trail of where I am physically just to use the wifi.

If you bother to read the page, you will see that owners still can set an "access token" (password) they can give users to log in.

I'd consider advertising Facebook on a wifi hotspot as soon as they offer to pay for it by assuming liability for customers using that hotspot to share a bunch of film and TV show torrents. As long as courts keep pretending that an IP address is the same as a person, it doesn't make sense for small businesses with small pockets to offer free wifi.

Pretty much every coffee shop and at least half of the restaurants I walk into offer wifi, so I think the problem is smaller than you claim.

But those cases have mostly been open unauthenticated wifi, no?

If I'm understanding this, this provides the courts a traceable way to go after an authenticated person (or at least, a facebook account) rather than just an IP address. I think the courts that have pretended that "IP=person" have done so because they don't have anything better.

It's pretty easy to limit the bitrate by client. In addition with Facebook wifi, people might be less inclined to bad behavior as they use their facebook account (granted, they could create a bogus one, but still, that makes them traceable).

Most cafés and restaurants offer free WiFi so not sure what you're on about.

This is evil on so many levels

God save us from the evils of complentary free WiFi

yes. the race to user information gathering is getting more and more crazy... and it's unfortunately not ready to end !

Dat circle jerk.

Jesus Christ, have we all learned nothing?

It's a swarm of lemmings being led by blind moles.

Fucking awful.

They lost me at "Check in to Facebook". Anything that requires me to use Facebook is a non-starter.

Other than Wifi, does the user get anything out of this deal?

Is another free hotspot worth giving up your data?

It would to me if they made wifi ubiquitous and drop dead easy to use.

That said, I don't think wifi is in the plans of the future. Eventually some other constant data connection will take its place.

I am not really sure why so many people here are alarmed at the privacy implications. Google or Apple and your ISP / Telecom already know where you are at all times unless you are one of the very few people that don't carry a cell phone. Your ISP already knows every site that you look at from your home computer - how exactly is this different? Why is Facebook inherently any more or less trustworthy than any of these other companies? They are just happen to also know where you are when you optionally check in?

Well that's an interesting one, dangling free wifi in exchange for joining/staying on Facebook. Personally, I'd just create a throwaway Facebook account to use for these.

There is a "skip check in" link if you don't want to check in. Though it's unclear to me if you still need a Facebook account logged in.

"Skip Check In" will become the 2014 equivalent of 1999's "Skip Intro".

(I think I accidentally downvoted you, sorry. :< )

Do you also have a regular Facebook account?

Because it sounds like this could be tied to your mobile device, which means it uses the account you've conveniently provided in your OS profile, which would make this difficult...

I do, but I wouldn't want to pollute it with silly carrot-and-stick-derived check-ins. I'd probably just de-link my FB account on my phone and use the dummy account, then re-link later, depending on how hard up I was for internet access and the expected wait time.

Most people will just click "accept" without reading anything and status feeds will be flooded with check-ins.

That's an interesting point. I do not have a Facebook account, but I would consider making a fake one with fake name in order to use this.

I probably wouldn't bother at all if it meant I had to remain logged in or connected to Facebook on my device all the time though.

So, since FB "owns" the user, I wonder if that means this service is compliant with CALEA [https://en.wikipedia.org/wiki/CALEA] or whatever the most current version is. It was a mess to deal with back in the early 2000's while operating WiFi networks.

If FB is not compliant, maybe the government will make an example out of FB when they are unable to comply with wiretap requests. IIRC, the fines could be upwards of $20k/day of non-compliance after receiving a warrant for a specific user's data.

Facebook WiFi doesn't take over HTTPS traffic, so I can continue to browse HN comments without Facebook signin. Actually following links doesn't work as well on average (even with HTTPS Everywhere).

My friend owns a small tutoring business. They give out free wifi to all of their students. I think having this as an option would be a great way for them to build awareness of their local business.

This could be genius if Facebook puts the right momentum behind it.

I'm confused what the end user experience is. Do you need a special app that somehow goes into your iPhone settings and adds a network? How would it work on laptops?

I actually came across this in the wild last weekend (Phillz Coffee in Noe, SF, if anyone is interested).

On a laptop it's no different to any other landing page on a public WiFi network, except you see a Facebook branded page asking you to check-in to connect (or to skip check-in, which I did, and it connected me straight away). Putting privacy concerns aside, it was easy to use and pretty painless.

It probably works like many public WiFis do today: A normal "unprotected" WiFi that redirects all requests to a kind of "login" page until the user has accepted some terms etc.

This is really cool. Wifi being unavailable "in the wild" is something that continues to be an annoyance; if this actually starts being adopted by businesses, I think it could have a massive impact on who patronizes which establishments.

Ironically, I also view this as potentially helping Google with Chromebook sales... the more prevalent WiFi becomes, the more useful a Chromebook becomes.

I wonder if they're doing anything with MAC address correlation to track devices that do not join their net.

http://www.zoottle.com/ does this, but gives you more control and is not limited to facebook login of course. It also gives you detailed stats (I didn't see any mention of getting visitor stats by FB wifi).

The fact that their plans appear include a certain number of Facebook likes seems very sketchy. However, I'll give them the benefit of the doubt and just assume that this number is the number of users who are given the option to like your page.

Then use checkins as loyalty card?

And after that Facebook implements a feature so that supermarkets and other businesses don't need to give out cards anymore to track what you buy?

That sounds pretty brilliant. Then they have everything you like (or visit when there is a FB Like button) (probably also implies political views), probably your school background and places you worked and lived, places you've traveled to (FB WiFi!) or came by and your phone automatically connected with its known MAC address (more FB WiFi!), comments you posted, loads of private conversations with friends and family, and of course your entire social graph. And, if you cared to fill it out, your DoB, books you read, movies you've seen, photos of you and your friends (probably during various activities), and events you go/went to.

Lovely. Guys, the NSA can quit! All the FBI has to do is submit a data request and they're golden. Lots of laughs while they sift through your conversations, searching for what they are actually looking for.

On a more serious note, even if Facebook is not evil at all, and let's say for the moment that they aren't, that is a scary amount of information in one place. It would be a shame if anyone hacked it. Or legally obtained it. Or someone simply made a mistake and gave it out to someone impersonating law enforcement.

That seems like something that can already happen or is already happening. I saw a sign for 10% off your order if you're the FourSquare mayor a few years ago.

It's tacky, but most loyalty card things feel that way to me.

Does "Facebook WiFi" allow users to access any web content or just Facebook? The product page only describes how users and businesses can use a variety of Facebook features. For many people, Facebook access alone would be good enough.

This is so cool. It lets Facebook amass a massive amount of data about customer whereabouts and whatabouts. The incentive for merchants is quite compelling. However, Facebook needs to do a damn good job to convince the customers to use it.

Really? I don't think they do at all. I know for certain that if my wife were at Starbucks and had the option of "sign onto wifi using Facebook" that she would happily do it.

I don't know about that. Looks at Google DNS. The convenience of circumventing regional restrictions on things like The Pirate Bay often are enough for people to convert.

I think it's going to go down rather well, assuming the shop owners have the savvy to implement it.

You connect to the wifi, it sends you to a login page with a Facebook button. You click it and you get access. Not too much friction for the customer.

Philz Coffee (at least the one at Golden Gate and Larkin) has this. Before you can access any non-HTTPS pages you get a Facebook page with a big "Check-In" button and a very small "Skip" button.

Another way for facebook to datamine people's personal details. Wonderful.

my 2 cents : people will create fake accounts and will use wifi for p2p

Psst, don't tip them off

Isn't there a direct relationship between bandwidth speeds and mobile tethering usage? Is it safe to assume that this (free wifi) will become obsolete within the next 5 years?

Wow. Given that the default FB setting is "HTTPS off", you might as well just pass around a note with your FB login + password to everybody else in the business.

Facebook has been https by default since July 2013. https://www.facebook.com/notes/facebook-engineering/secure-b...

My reaction is "Brilliant, daring!" and "Why did it have to be Facebook? I'm trying to get away from Facebook."

Time to create a fake Facebook identity.

Sounds like trouble for zoottle.com but I guess their product is a little different (connected to other networks as well, etc.)

Free wifi would actually help Google more..

So facebook has launched the next step in their attack on the internet, it's sad that they are succeeding where microsoft failed two decades ago with their attempt to replace the internet with their proprietary microsoft network.

Well, good thing I have a few accounts handy.

Yet more "Pay Toilet" WiFi.

Up next: Facebook public toilets. "Like = dump"

And so Facebook encroaches upon the physical world to anchor itself -- storefront businesses will come to rely on Facebook to sell personalized ads. I wouldn't be surprised if Facebook gets to access data about who purchases what and when.

If you don't think Google will be doing the same thing with LTE-enabled cars, think again. Their partnership with automakers is no small challenge, and the data gathering opportunity is massive.

Google can know that most Honda Civic drivers in Chicago (for example) park next to McDonald's, and that their phones traveled inside the restaurant -- Facebook will know only that people checked into the restaurant. It stands to reason that Honda could use this information and market the Civic as "the best" car for eating at McDonald's. Maybe Honda Civic drivers get a special McDonald's discount?

Facebook pretty much beat Foursquare to the punch on this one, but (most interestingly) Foursquare relies on OpenStreetMaps -- what does Facebook use? Is it proprietary? What is "Places Nearby"?

I wouldn't be surprised if Facebook gets to access to data about who purchases what and when

The upside would be that you at least wouldn't keep seeing ads for things that you just purchased, as Facebook would know that you already have them.

Kind of a crappy silver lining, I know.

I wouldn't bet on it. Amazon knows exactly what I just bought and still shows me 100 different variations on it "recommended" for me.

Right?! God dammit Amazon, I just bought a crock pot! You know that! Why do you still serve me ads about crock pots!? The whole point of the surveillance state is to make use of all that info you have on me - frankly, it's insulting. I demand a better big brother!

It drives me nuts when I log in to Amazon and it keeps showing me all these parts for building a new PC.

Damnit Amazon I just built one! How many processors do you think a single gaming PC can fit?!

I've often wondered why they do this. I see more variations of items I just purchased rather than accompanying/related items.

it works for a lot of cases, e.g. buy a book and get other books recommended, not so well for rarer purchases like laptops or phones.

I still get recommendations for the same book I just bought, but in different editions/formats. Seems like it could be improved some more.

But be careful of the 'Perfect Partner / frequently bought with...' recommendations, which Amazon themselves disavow as being in any way compatible:

If two items listed as Perfect Partner / Frequently Bought Together are not compatible, Amazon.co.uk are unable to accept the return of either item for this reason.

That's because it is just doing item-based collaborative filtering, right? It works beautifully other times. I bought chopsticks once and it showed me not more chopsticks, but other accessories for sushi, etc.

I wouldn't be so sure, I am positive Amazon still bombards me with Kindle Ads despite owning a couple already :)

Sounds like the ads are super effective then.

It has always struck me as odd that Amazon shows me ads for things I had searched for and didn't buy as though I didn't already know about those products. Seems they should perhaps show me what other people bought that searched for similar or the same products as myself.

There was some talk of this on HN a while back, where the marketing theory presented was that there is a noticeable increase in sales if the customer walks away from a sale but is then later reminded of the product they almost bought.

From my experience with retargeting it drives amazing lift in conversions. A lot of platforms allow you to do this dynamic ad placing where you show the recently added item in a cart, but not purchased.

Also, let's not forget that Amazon is obsessed with testing, I am sure they have troves of it to back up everything they are doing.

I walk away from purchases plenty of times not because I don't want to buy the thing I searched for, but because something more pressing comes up.

Reminding me about the thing I was about to buy is very likely to get me to buy it in those cases.

And so Facebook encroaches upon the physical world to anchor itself

Not sure if you intended to sound so pessimistic but surely that's only a good thing? From a business perspective, this is an incredibly clever service. From a users perspective, this is an incredibly useful service.

Everyone seems to forget that Facebook users are not the consumer, they are the product being sold. If, by using this service, Facebook delivers me alarmingly specific adverts, then so be it. I've yet to be hurt by looking at an advert.

Oh, most definitely is it a good thing. Their initial foray into consumer products -- the HTC First -- was an absolute disaster. Strategically speaking I would not at all be surprised that this quells the fears surrounding Facebook's future, especially if it gains traction.

We're witnessing the end of anonymous free wifi, and nobody is better equipped for identifying users than Facebook.

Agreed, it's good for business. Increase your Facebook likes by having Facebook WiFi available to your customers, and therefore, get more traffic through the door as Facebook recommends your business to their friends.

Also, you should be able to get some kind of analytic data back from Facebook. They should be able to show you that 75% of your WiFi users are female, 18-35, or that your customers change based on time, or day of the week. Therefore, if you know younger people drink more cappuccinos, and they come in more often at noon, you can put that drink front and center. Sure, you could do this without Facebook, but it's logging who's in your store for you, so no extra work on your part.

This is even better for Facebook. Oh look, John likes to login to this coffee place, maybe we can recommend coffee ads to him. Or, more importantly, why don't we allow competing coffee shops to bid on customers using their main competitor? Think about that. There's a Starbucks across the street from your cafe. If you can advertise directly to people that use that Starbucks, that's a dream, and you'd pay a premium.

Or hey, Steve (male, 35, employed, based on his Facebook profile) was just hanging out in this Honda dealership. Ford, interested in advertising your latest offers to him?

So yes, this is great for business. I don't think it's that great for consumers. You might get more WiFi hotspots, which is a plus, but you're giving up your privacy to use them. Also, if you prefer not to use Facebook, you might lose access to WiFi at your favorite locations.

Unfortunately looking isn't all that's going on. The advertiser can collect data about web browsing habits which I like to keep private. And some ads can actually hurt you: http://www.cnn.com/2014/01/05/tech/yahoo-malware-attack/

Getting served data from someone you didn't choose to send you data is never a good thing.

> From a users perspective, this is an incredibly useful service.

No, no it is not. I am a wifi user, and this is not useful to me in the slightest.

Some people legitimately can be though. I take that statement as an axiom.

What, google is now the standard of privacy? Its OK because Google do it or something similar.

Yeah, beginning to want off this planet.

Just on LTE-enabled cars? Think bigger! They're running a full fiber optic service; they have every packet coming into and out of your house.

I, for one, welcome our gigabit overlords if only for the fact that they have Comcast, Cox, Time Warner, etc shaking in their boots.

I wouldn't be surprised if Facebook gets to access to data about who purchases what and when

I would sell all my transaction history for $5/month. Why should I care if their ads are getting better when I never pay attention to ads?

I never pay attention to ads

Just about everyone thinks this. But you're wrong. It's pretty much impossible not to be affected by advertising. Sure, you don't click on the links, but the product placement and brand awareness is not something that you can turn off!

Ok... so now I'm affected by ads that are actually relevant to my life... not sure how this is a bad thing.

Unless Flash / ads disabled ... ?

You're not just selling your own transaction history, though--you are selling the other half of it as well.

If I'm a private business or individual, I would prefer my customers not broadcast their affiliation--because some third-party source of data could be used to drive solicitation, or target advertising, or just in general be a nuisance.

Remember, when you give up transaction history, you aren't just ratting on yourself--you're ratting on whomever you've done business with.

you don't understand how ads work, do you ? educate yourself about neuromarketing and read this 1920's book by Freud's nephew Edward Bernays.

Also you don't understand how profiling works, do you ? A visible effect is ads, but it's not the only one and there are invisible effects. See NSA, crackers and http://online.wsj.com/public/page/what-they-know-digital-pri...

> And so Facebook encroaches upon the physical world to anchor itself

Reminded me of this limited edition like counter, called Fliike.


Is this a bad typo, or do I just not understand something:

> 2. Connect your _Fliike_ to the “Smiirl” Wi-Fi network and open your browser on any page. Set up your Wi-Fi network and password.

(emphasis added). They should s/Fliike/device/ or s/Fliike/laptop/ for this to make any sense.

> what does Facebook use? Is it proprietary?

On maps on Facebook, the small text says "(C) Microsoft (C) Nokia".

Doesn't Facebook use bing for translation and maps?

AFAIR it does use Bing for translation, I'm pretety sure that I saw the "translation provided by Bing" note after translating a Facebook comment the other day.

Given the Microsoft investment in Facebook, this seems likely

I received a document in a message from a friend and it opened in Microsoft Office's cloud. They seem to have a lot of Microsoft integration.

They use bing.

"Honda could use this information and market the Civic as "the best" car for eating at McDonald's."

There might be a horror scenario in there somewhere, but this isn't it :-)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact