29 comments

[ 2.7 ms ] story [ 77.4 ms ] thread
I hope this is the start of the end of all facebook legacy. We deserve on 20XX more than a full laggy PHP system as social network.
If your main issue with Facebook is that it is laggy and built with PHP, then let me tell you that no one cares.
The language they code in is PHP, but it is rebuilt as highly optimized C. Not justifying this, just adding for clarification.
Technically it's not PHP either, but Hack, which is like PHP with types. Nitpick; it's not PHP like TypeScript is not Javascript, but kinda is.
Why serious breaches of trust such as this don't immediately receive outside, completely foreign, third party (all of it!) investigation is beyond me. None of this should be news - it should be implied. For the same reasons PDs shouldn't "investigate" their own abuses.
Please mark this as having auto-play video - I just disrupted a quiet room at work and I never watch the videos anyway.
In my humble opinion, this should be the task of the browser, not the task of every site that links somewhere.

Moreover, I always mute the speakers of my computer, for exactly that reason. When I do want sound, I usually connect my headset or an external speaker. The computer's speakers remain muted. In the rare cases where I do want to use the computer's speakers, I unmute them, and mute them when I'm finished. This is so seldom that it's not a big deal.

Back to browsers, I wonder why those implemented auto-play for videos in the first place. More specifically: I wonder why they auto-play audio, as I don't see that issue with animated GIFs. Moving ads are annoying, but not remotely as bad as an unexpected sound.

The upcoming Firefox versions are very promising in that regard:

"Block video auto-play: Firefox will provide users with a way to block video auto-play that doesn't break websites." https://wiki.mozilla.org/Firefox/Roadmap

"Implement new autoplay policy" https://bugzilla.mozilla.org/show_bug.cgi?id=1382574

chrome://flags also has an autoplay setting that requires user interaction before playing media
I was reading about this recently here: https://www.chromium.org/audio-video/autoplay

Even the strongest setting "Document user activation is required" isn't good enough. It means one click in the page will cause the video to start playing, which is annoying and highly game-able. I don't want a click somewhere on the page to cause a video elsewhere on the page to start playing. Every content site is going to do something to require you to click, like not showing the whole article and having "Click to expand".

I've been using AutoplayStopper and it works wonderfully: https://chrome.google.com/webstore/detail/autoplaystopper/ej...

Once you start using it it's shocking how many (attempted) autoplay videos there are that you never noticed.

It is really a pity that there are so many browser extensions who get this right, but the browsers themselves don't.

That's why it is so refreshing to see at least one of them (Firefox) actually trying to get it right.

The technical term for a browser is "User Agent". That naming may be historic and old-fashioned, but it was named that way for a reason. It's time to restore the original meaning, to make the browser an agent who actually acts on behalf of and in the interests of the user, not the website creator.

I just don't have speakers plugged into my work machine. When I rarely need to listen to something at the office I'll just plug in headphones.
We dislike those as much as anybody but the [video] tag on HN tends to mean "only a video", rather than "text plus auto-playing video".
Not picking sides here in the FB debate, but how can you trust anything that Jim Cramer says? The guy failed spectacularly during the financial crisis. He flips a coin, chooses a view, and goes with it...
Even a broken clock is right twice a day. And I would even go much further by saying that not one Facebook employee should be trusted to handle the fallout.
Why?

It is not like they ever had a different business model than making money out of userdata.

It is just the first time this is becoming a real story because somebody made it a bit too obvious.

Well, given that trust is relative, this scandal seems to involve a whole lot of people implicitly saying you should trust them more than Facebook.

And that's the thing. I don't trust Facebook but I would trust less any plan to externally regulate Facebook.

The government already forces Facebook and Google to divulge information to them. No one should trust any public Internet forum with their personal information but there's a lot of "impersonal information" that's still safe to share. The best way to deal the recent revelations is to stop giving up any information online, not to Facebook or to anyone. Posting text to Facebook or whoever is secondary. (browse and post anonymously but keep a "vanilla" social media profile for border and other other fun).

This all comes down to Facebook selling a kind of "privacy" that's been inherently rendered meaningless by the Internet age - privacy where "people know" get your data but somehow this information won't leak beyond this porous group.

So, is it the consensus of HN that this incident is more or less important than Equifax incident, and why?
I don't think that is the consensus at all. Many were/are pulling for the corporate death penalty for Equifax on here.
This incident by itself is less important than the Equifax leak but the precedent set by it, knowledge that all your FB posts/likes/comments are floating out there independent of FB, is hitting the public consciousness harder, we already knew credit rating agencies had tons of information on our financial decisions, most people didn't think FB was just letting people take their info willy-nilly.
i really hope that this is considered significantly less important than the Equifax incident.

I couldn't care less what the hell Facebook does with the data I have given them. I gave it to them willingly.

Much less, for sure.

1. Equifax had a security breach. Facebook just had an instance of a 3rd party misusing data they were known to provide to external developers. Aka, Equifax lost data that should never left their servers, vs Facebook found out some data, amongst the ton that leaves their servers on a usual basis, was misused. Don't get me wrong, that's bad, but not "we got hacked and lost a ton of info that should very much be ket secret" bad.

2. Facebook involved 50 million users. Equifax involved 143 million [1].

3. Equifax leaked credit card numbers for 209k people, and dispute documents with personal identifying information of 182k people [1]. It's unclear exactly what info about users was harvested from facebook, but there's no API access to credit card numbers for example.

4. Repercussions; CA claims huge influence elections because that's what they sell, of course they'll market it like that. There's some debate about their effectiveness [2], and it's worth adding they're not the only or the first ones doing it (Obama used micro-targeting with Facebook data too). The way CA got their data is just more sketchy, and of course, involvement with Bannon makes it all the worse.

One can't pinpoint what exactly happened with the Equifax data, but it's clear it could be sold and used for identity theft and other fraud, since it includes SSNs, addresses, and in some cases credit card and license numbers [3].

It's bad that Facebook wasn't quicker to address the issue, inform users or take actions to find other leaky 3rd party apps, but Equifax was IMO definitely much much worse.

[1]: https://www.consumerreports.org/privacy/what-consumers-need-...

[2]: https://www.theverge.com/2018/3/20/17138854/cambridge-analyt...

[3]: https://www.forbes.com/sites/winniesun/2017/10/02/what-you-s...

"Cramer previously said it may be time for the social network to hire an 'internal special prosecutor' to get to the bottom of its data scandal."

I think it may be time to hire a new CEO.

Is this coming anybody as a suprise ? Really people??
Can we stop calling this a data leak? This was business as usual. What Cambridge Analytica did is SOP for almost every organization that's large enough to do their own ad targeting. I know personally of several information brokers that are actively buying and selling these kind of data sets on exponentially larger scales, not to mention hundreds of middlemen in the advertising industry that each have their own databases. I'd be willing to bet at least half the users of HN work at companies with splunk databases that could be used to infer a lot of the same data CA used. I made a Facebook app in college that was used by under a thousand people and I remember being able to scrape email addresses from friends of friends. Am I crazy or does everyone just have their heads in the sand?

Framing this as a "Facebook data leak" makes it seem like the problem was people we don't like got a hold of our precious data, not that our entire industry is funded by the mass harvesting and reselling of personal information.

Yeah, I thought about this, but not calling it a data leak normalizes the activity. ~200k people installed an app that gave up ~50 million users' data. Those users may have consented to handing over their data in the ToS they agreed to, but it still feels icky. I'm perfectly fine calling it a data leak if it means more press coverage about bad data practices at modern Internet companies.
(comment deleted)
Says the guy who told people the economy was great just before the biggest crash in history. I don't listen to this guy and never trade on his advice.
‘Experts’ are right until they are wrong.