232 comments

[ 5.1 ms ] story [ 256 ms ] thread
Can't wait the apology commercial.
maybe another Zuckerberg nationwide tour that he'll chronicle on Facebook if we're lucky.
This paints Facebook’s recent marketing campaign in a new light. Here I was thinking we were dealing with a company finally that decided to get their act together and turn themselves around, when in reality it was actually just Facebook trying to whitewash their reputation ahead of all the horrible abuses they knew were about to be exposed.
Until the top execs are removed, don't believe there's a sincere desire to change at Facebook
Nothing will change Facebook's behavior except heavy regulation or the threat of a breakup.
And no one should be surprised by this either.

Violating privacy is their business model. As long as it is legal it would be stupid for them to change it.

As a former French banker (now standup comedian) once said: "Hoping to regulate companies by asking nicely is like going to the prostitutes with a flower bouquet"

Honestly the only way might be American regulation specifically targeting Facebook. And the next player might be just as insidious. It would be extremely hard to avoid this result without a dramatic shift in public opinion and frankly culture.
What is this describing? First-party apps with Facebook integration and/or OS features connecting to Facebook? The leakage of Facebook information onto MS/Apple/Blackberry servers would be concerning, but having Microsoft software connect to Facebook on a user's device sounds harmless (to the extent we trust MS/Apple/Blackberry software to not leak information so accessed). Right now I'm giving Apple similar access to every single communication I make through my computer, to my bank accounts and health records, to all the work I do for my employer.

This distinction wasn't made clear in the story (or I can't read) and it's an important one. Privacy is complicated enough already.

Yes, I didn't quite understand that. Apple had this to say:

> An Apple spokesman said the company relied on private access to Facebook data for features that enabled users to post photos to the social network without opening the Facebook app, among other things.

So is this like what connecting your Facebook account in Settings does? Allow you share pictures through the share sheet in Photos or whatever? What does Apple get to see, and what stays on the device?

>is this like what connecting your Facebook account in Settings does?

It depends on the platform.

On iOS you could post various types of information to Facebook, and you could sync Facebook contact and calendar data to the local device.

https://www.cnet.com/how-to/understanding-facebook-integrati...

Aside from letting you share information and sync Facebook contacts and calendars, Windows Phone 7, for instance, pulled in a lot more data to populate it's People hub.

>For all intents and purposes the People hub is the Facebook app for Windows Phone 7. If you’ve supplied your Facebook login, the default “what’s new” tab will serve as your news feed.

https://www.anandtech.com/show/3982/windows-phone-7-review/7

Apple told the Times that it wasn't involved with this since September of last year. I wonder if this is why it's no longer possible to update your Facebook status from the Notifications panel.
Apple is basically outsourcing user data mining to Facebook so that they can take the high groud.

Didn't Tim Cook just two months back bragged about how Apple doesn't do certain things? He was right. He asked Facebook to do that for him.

Apple dropped social media integration from their upcoming operating systems.
(comment deleted)
>What is this describing?

The "build new private APIs for device makers through 2014, spreading user data through tens of millions of mobile devices... and other systems outside Facebook’s direct control" makes it sound like they were making deals with the manufacturers where the device would auth and fetch data through the manufacturer's infrastructure when accessing Facebook? The Blackberry Hub app is used as an example in the infographic.

I believe it's describing "First-party apps with Facebook integration and/or OS features connecting to Facebook". It was OS-level integration to provide you with convenient access to Facebook data and features. The best example in the article was from Apple, who used it to allow users to post photos to Facebook directly from the standard Photos app. It wasn't so that the device makers could rifle through your data and influence elections or sell you things.

There's nothing to see here, but it sure makes for a provocative headline that will get lots of clicks and make the NYT lots of money from personalized ads. You have to love the irony.

Why would it be "harmless" if you weren't even aware it was happening, let alone give you consent?
For one, Facebook obviously had access to contacts and photos, without any way for user to disallow it.
> Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing, The New York Times found.

There's a dangling "their" in there which is causing trouble. What I think this means:

- Alice adds their email or phone number to their Facebook account. Alice sets this to "private".

- Bob is friends with Alice

- Bob's phone has access to Alice's phone/email, even though this wouldn't be normally visible to him.

(The Windows Phone social media integration in the contact maanger was absolutely excellent at presenting everything about your friends on every platform in one convenient place)

I don't think that's right. They clarify this somewhat further into the article. "Facebook’s view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties." I'm pretty sure this is a reference to the setting which disabled sharing information with Facebook apps used by friends. If I'm understanding correctly, it's more like this:

- Alice adds their email or phone number to their Facebook account. Alice sets this to be visible to friends, but not to third-party apps they use.

- Bob is friends with Alice.

- Bob's phone has access to Alice's phone/email, even though this wouldn't normally be available to third-party Facebook apps like games.

Edit: Facebook's response at https://newsroom.fb.com/news/2018/06/why-we-disagree-with-th... also clarifies this. "Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends."

This might explain why I got random people's profile pictures assigned to my phone's "$MY_CITY Taxi" address book entry... people who have I have 0 shared friends with, who happened to add the local taxi service's phone number as their phone number as a joke or whatever.
The distinction wasn't made clear because we're talking about some 60 different agreements with various companies, with each company acting differently.

As stated in the article: Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. .. which meets your definition of concerning.

It will likely be some time before we learn the extent of all of these agreements and how the data was used.

Here we go again... it feel like there's no way to break out of this cycle where companies routinely go unpunished for bad behavior. Facebook, Equifax, Wells Fargo...
China just executes the CEO. Mindless ambition. Mindless consequences.
I hope you're not trying to say that's a better solution.
It probably is, given the type of characters proped up by the attention economy.

China hasn't produced a Trump yet. Meanwhile the US has laid the foundation with the attention economy (that props up people with the largest view/retweet/like count) to produce an entire crop of Trump type "leaders" in every sphere of life from the corporate world, to the army, to academia, to the media etc etc. The ground has been prepared and the seeds have been planted.

Look around. What is going to prevent their rise? Regulators? Zuckerberg?

So China has redefined CEO to mean: "Chief Executable Officer" :)
That is pretty good :) I can't find it right now, but some very similar phrase was used after the Deep Water Horizon explosion and oil spill, which caused the BP CEO to get fired, to describe the role of the leader in such situations.
The problem is that "bad behavior" is a concept in flux. Facebook never hid what their business model was: sell your personal data to third parties. Only a few privacy activists were concerned. Others reactions went from "meh" to "it's actually smart!" (Remember when Obama's campaign was praised for its innovative approach profiling voters?).

It took Cambridge Analytica for people to realize that they did not want this.

I have been paranoid about Facebook since day one, but there is something I won't do: blame them for coming up with a business model that is legal and did not seem to concern users ethically either.

The hearings of Zuckberg have been shameful. As much as I love seeing him on the grill, I have more contempt for the lawmakers in front of him, who actually enabled Facebook to become such a monster by either facilitating or simply not understanding what it was doing.

Facebook is a problem, but the ones responsible for this situation are not to be found within the company.

>I have more contempt for the lawmakers in front of him, who actually enabled Facebook to become such a monster by either facilitating or simply not understanding what it was doing.

Does your contempt extend to the billions of non-technical minded users who also did not understand what FB was doing?

Not really. The notion that the non-technical should understand EULAS dozens of pages long is a total fiction (that is legally binding in the US but not so much in saner countries).

On thousands of issues that can put several things I hold dear at risk, I just trust elected officials to do the right call. It is THEIR job to understand these issues and take the correct stance. I mean, this is literally what they are paid for.

I still wish that privacy had been a bigger concern to the population at large, but thanks to recent scandals, and to EU laws, this starts being the case.

>It is THEIR job to understand these issues and take the correct stance. I mean, this is literally what they are paid for.

Perhaps they are paid more by their donors to pass laws written by corporate lawyers

> The problem is that "bad behavior" is a concept in flux. Facebook never hid what their business model was: sell your personal data to third parties.

So not to interrupt the outrage mob here ... but facebook did not sell data to these companies. And actually I'm not aware of any case where people are outraged where facebook sold peoples data, including the Kogan case.

> Remember when Obama's campaign was praised for its innovative approach profiling voters?

Didn't Obama's campaign obtain users' consent before reading data?

Obama's campaign obtained users' consent before reading their friends' data. They did not, however, obtain the consent of those friends in any way, and at least for the 2012 campaign it was those friends who they were trying to convince to vote for Obama.
Hopefully some GDPR stick will help fix this
GDPR, the tool to prevent the disruption of Facebook from ever being economically viable! Yay. Let’s celebrate.
The assumption there being that Facebook continues to be economically viable...
Facebook disruption will be Facebook "spontaneously" ceasing operations, without replacement.

I bet on a quick shutdown, possibly with extradition shenanigans, offshore funds and other drama, after a criminal investigation or a whistleblower shines a light on potential liabilities.

Stop spreading bullshit FUD.
If disruption of Facebook is economically viable because the new whatever-book is doing the same things to user privacy, then that's not useful anyway. It's not that important who is the largest provider, as long as the incentives are the way they are now, the largest provider will be doing harmful things. We need to establish appropriate incentives and boundaries (of which GDPR isn't perfect but certainly in the right direction) so that no matter if it's Facebook or someone else, their behavior is one that we can live with.
> "In interviews, Facebook officials defended the data sharing as consistent with its privacy policies..."

Facebook's EULA pretty much gives them carte blanche to do whatever they want with the data you've provided them. Of course, who actually reads EULAs or cares about privacy anymore?

Well, if you want to have your social network app preinstalled on a lot of phones, I guess there's either paying for it or offering up your users.

iPhone doesn't have it preinstalled, no, but if memory serves, there were integrations built in. At least for a while.

Why would they need this data though, really? Once you've bought the device, they could get at the interesting data outright if so inclined?

Why this is shocking, or even news?

When you create and use a Facebook account (or when a shadow profile is created for you), Facebook has (and has always had) the right to share anything and everything you publish on their platform with anyone they have a legal responsibility to (e.g., law enforcement) or commercial agreement with (e.g., advertisers).

All Facebook content is essentially public and should be treated as such.

We (society) made the rules, and we can change them. We have the power to make laws dictating how Facebook can use the data, regardless of what the contract says, regardless of their current "obligations", and regardless of how "public" this data might be. We made new laws about medical data -- we can make news laws about social data.

That's what these stories are about -- things we can think about when drafting this new legislation, or interpreting old legislation.

Our system of laws is not set in stone, we can update it, and we will--for better or worse.

Why does the law need to change for this? Facebook should disclose what they do with your data, and that is about it. At that point, it is really up to you to decide if you want to play ball...
I completely agree. I don't think there's any need for legislation. I think people should just realize the simple adage, "if a product is free, you're the product" or whatever.

Our society needs to wise up.

So Facebook gets to make the rules? The law changes whenever we feel like it should, that's how democracy works.

You say why should the laws change and why shouldn't we individually decide whether or not to play ball?

For one thing, Facebook creates profiles of people who don't have accounts, but for another, and more importantly:

Why should companies not be able to dump toxins in rivers? It's up to us whether we want to buy from that company and contribute to pollution -- or we could start up an EPA... which we did. Same deal with Facebook, sort of. Society can make whatever rules it wants, the only natural law is chaos, and of it we make order.

Yes you should fight to change the law if you don't like it and likewise I do not think the law need to be changed nor the more regulation is needed so I will fight it too. In this case the harm (if any) that fb make is not substantial enough for me to care.
Dunno why this is getting downvotes--you are absolutely right. You echo my thoughts after reading this. Folks, why is this a surprise at all? Don't post stuff on Facebook you don't want public.
>The company continued to build new private APIs for device makers through 2014, spreading user data through tens of millions of mobile devices, game consoles, televisions and other systems outside Facebook’s direct control.

So Facebook says "we don't sell data," but they are giving manufacturers access to data in exchange for being integrated/pre-installed on the device. How is that not "selling" data? Just because they aren't receiving cash?

IT's been obvious they do exactly that since the Zuckerberg hearings. But all of the politicians asking him questions seem to have missed that subtlety and kept asking about "selling data".

Facebook hardly sells any data. It just shares it for free with a ton of partners (and without freely-given user consent).

Every instance of third parties accessing user data has been with user consent.
They're not giving manufacturers access to data in exchange for being integrated/pre-installed on the device; they're giving those manufacturers' apps access to data because they need that access in order to be able to present that data to the users who are accessing Facebook through those apps. It's not a quid pro quo, it's something that's fundamentally necessary for the apps in question to actually allow users to interact with Facebook through them.
That might have been true in certain cases, but the article makes it clear there were other situations:

>Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. A Facebook official said that regardless of where the data was kept, it was governed by strict agreements between the companies.

Furthermore, why would they be putting an end to all these "partnerships" if they were "fundamentally necessary for the app"? Manufacturers can turn to the normal api that any other app dev uses.

If you read the NYT article, there's one pretty obvious reason why they can get away with ending the partnerships now: almost everyone has smartphones that can just run the official Facebook app. It probably also helps to understand that on a few of the older platforms, almost everything went through the manufacturer's servers, including email and sometimes even web browsing.

While I guess technically they could've use the normal API and only got the same information as Farmville or any random quiz could, this would have the result that - depending on what phones your friends used - you wouldn't be able to share information with all your friends without also sharing it with Farmville, Cambridge Analytica, and all the other shady Facebook platform apps that weren't held to the same privacy standards. That doesn't seem like a win to me, particularly since getting someone to click "yes" on a permissions dialog is a lot easier than creating a widely-used hardware platform and convincing them to use it.

(Of course, given just how many intrusive permissions it demands, getting everyone on the official Facebook app arguably isn't a great leap forward for privacy either.)

I would love to see someone with an old BlackBerry write up whether this uses a unique endpoint (different from public api) especially to see if it would be possible to 'spoof' a BB device to get the data.
(comment deleted)
they haven't changed. they will not change. why should they change. this is their normal. they are rotten to the core.
I for one do not expect Facebook to change much unless there's a big shakeup from the top, including removing Mark Zuckerberg, Sheryl Sandberg and others. What they have shown repeatedly is contempt for their users in the guise of apologies and remediations that go nowhere. Since such a shakeup is unlikely to happen, the other thing that could happen is a breaking up of the company, which I'm guessing (this is not a prediction) will happen in a couple of years. To start with, Instagram and WhatsApp would have to get unwound from this mess by becoming individual and unrelated services.

I don't have a lot of hope on social media platforms respecting user privacy and avoid massive data collection and/or sharing. Privacy in today's world is for the privileged people, in various ways.

Facebook will not be the same without the masterminds (Mark Zuckerberg, Sheryl Sandberg and others). Practically, the business there is all about finding monetary value of the user data.

Whether very few of us like that or not, we keep going back to using Facebook anyway, how (long) can we avoid the platform where our family and friends (and billions of other mindless users) are?

I don't believe there is much synergies between FB and Instead anyway, and even less so with WhatsApp which seemed to be have been bought out strictly to stop it from growing into its own social network.

But I don't see the US ever breaking up FB in the coming decade, as the agenda is clearly not to fight monopolies and trusts.

Any breakup, if it were to happen, would be likely to be triggered mainly by the EU, IMO. For all the complexities that EU regulations sometimes bring in, I see the EU as the only hope in such cases.
When has the EU ever break up a world class monopoly ?
When has the EU ever produced a world class monopoly?
Maybe this time is when? I don't know. But I personally don't have hopes on any other government or governments to take such an action.
Change means less revenue, IMO. Their business model is to keep squeezing every bit of data and seize every opportunity for the next quarter. So, that type of change will happen only if forced.

I've said it before: FB should not have been allowed to buy them in the first place.

At least try to understand what is going on before regurgitating all your confirmation biases against Facebook. These device APIs were a necessity before iOS and Android came along. How do you think you got FB experience on Blackberry before they had an app store?

Pretty sad piece by NYTimes who are just trying to get views and probably have an agenda against FB (given how much FB is ravaging their business model).

This is FB's response: https://newsroom.fb.com/news/2018/06/why-we-disagree-with-th...

The device APIs are not just "before iOS and Android came along". And they have remained and alive for a lot longer than they were supposed to be. That much is clear both from the NYTimes report (though it did lack clarity and could've been much better) and from Facebook's own response. Where is the statement that billions of devices (including older ones) out there don't have this access any longer?
OR, the people who made Facebook interesting will go elsewhere. I've received a few invites to email lists, and one to a private blog, to replace the authors' Facebook posts.
Shooooooooocking. This getting pathetic. Personally I am using Facebook less and less and attempting to block it as much as possible.
I think it's pathetic when people complain about something and continue to use it. That's why companies are allowed to get away with so much bs.
(comment deleted)
"Facebook Gave..."

Well, that's like problem number 15. Number one is to look at what you're giving to facebook.

Number 2 is to look at how much control you have over the intimacy of your own life and those around you, using or not.

Number 3 might be to look at how many phones/devices you can root, rip and reset (I mean, c'mon, the personal data sink on a phone is enormous and most have little to no say about what can be on it and when much less port and comms control).

Number 4 is maybe that any middlin' IQ ass with a badge or a note with some letterhead can scoop your kit. (See Number 1.)

Number 5 - Who makes the rules? (Don't think too hard on it, please.)

Et cetera.

Facebook is easy. Fasebook is sleezy. Facebook is free. So? I think I'll trust my peers well before I trust any piece of must-have with a logo that gives you only tactile controls, at best. The masses do not choose wisely. (See Number 5.)

If you do the sharing then you need to do the caring. Button it up and bring it down. Believe it or not your likes are your own and if you don't like what they're doing now then shut it down. I know it's easier said than done for some but the keys to the kingdom are in corporate hands now. Good luck.

Response from FB: "Why We Disagree with the NYT" https://newsroom.fb.com/news/2018/06/why-we-disagree-with-th...
Agree with FB on this one. The privacy issue with 3rd party developers was that friend data was sent to the 3rd party developer databases. Here, the data just stays on the device.

The way the article is titled can make it look like the device makers actually got to make their own database of Facebook users.

Edit: I read it again, the article does say "Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers," but they don't follow up on that at all, they go back to messing with a BlackBerry. That's the big question.

Once an app has particular data, there is nothing FB can do to prevent it from uploading that data wherever. It would be difficult for Google or Apple to prevent that, and they control the platform. With enough apps, it is a certainty that this happened.
Have you heard of the power of legally enforceable contracts? Lots of things aren't technically impossible but are forbidden by the law or by a contract. It's one of the ways modern societies function, check it out!
Have you heard of the power of contracts that have never actually been to court. It turns out many of them aren't legally enforceable. It's one of the ways modern society is dysfunctional. Check it out: http://www.ycombinator.com/legal/
How many firms have FB sued for breach of this hypothetical contract? Other than "Cambridge Analytica", can you think of one they might sue?
"We are not aware of any abuse by these companies." - seems to be carefully worded. They do not make claims that there are no abuses, nor do they elaborate what checks/audits they have in place to detect abuse.
Yeah - try reading between the lines since FB's response is not in line with your confirmation bias against them.
I was trying to read the article critically, but am open to alternate parsings / viewpoints on the article. Would love to hear your thoughts on the subject matter of the article.
> They do not make claims that there are no abuses

How can any honest people make such claim? It is the same as proving the non-existence of abuses.

I think point of above is more that it's in their interests to make sure they never do any checks, so no doubt they never do any.

They could probably catch 99% of abuses by just specifying it in the contract with the 3rd party, but they have't done that.

How do you know that they didn't already catch 99% of the abuses, but it's just that 99% is still zero?
The NYT article is definitely overblown. It’s popular to hate on Facebook about privacy, and yeah, they’ve made mistakes in the past, but that’s largely because they’re just engineers trying their best to do the right thing. IMO they need more non-engineer types to inform them what “the right thing” actually is, when it doesn’t align with the typical attitude of “Oh, there’s a technical solution to this problem!”

> the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online.

User ID and birthday are both public information, and people typically share work and education history as public (or at least “networks” thereof, for finding friends). AFAIK online status is the only thing that’s usually friends-only, but perfectly reasonable to share with a device messaging app.

Also from the article:

Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data.

Are those public?

Also, is it the data belonging to the user of the device and the Facebook account the device is logged into?

"Facebook integration on device OS allows viewing user's own profile after logging in to account" doesn't seem that shocking.

I generally agree with you that this piece is a bit sensationalistic but...

> [...] they’re just engineers trying their best to do the right thing.

What makes you say that? Beyond potential abuses of data by third parties (or whatever), I would expect that most FB employees are trying their best to get paid. Whether or not all or any single one of them cares about “the right thing” is mostly unknown to outsiders. I have always assumed, based on FB’s overall business model, that there is a general disregard for any particular interpretation of “the right thing” at least when it comes to the privacy of the platform’s users.

I worked there in the past. Everyone I met was earnestly trying to do good work and afraid of getting fired or sued for doing something that would impact privacy and thereby FB’s bottom line. Facebook is strongly incentivised to protect user data because that is their primary market advantage—having ad targeting data that other ad networks don’t. Leaks and breaches of trust are bad for business and bad for the RSUs that employees and acquirees are given.
There is a huge distance between "Doing the right thing" and "doing one's best to avoid getting sued". There are lots of things that are legal but frowned upon in a decent society.

And no, Facebook is not "just engineers <...>". There are lots of other positions who make high-level decisions, e.g. decide how the company is going to make money.

What I apprehended from the article is that those API's still exist, and even still work in full.

Meaning that today it is still possible to generate an access_token using a client_id extracted from an old blackberry device with a valid facebook account and extract much more data (using the private device API's) than what that user should be allowed to see.

Do I understand that correctly? Because that seems like an enormous security breach.

Disagreement lies in there, fb says devices access as much as fb app access, NYT claims otherwise but probably wrong
Most notable pieces I took from the article: 1) Facebook does not see third parties (such as BlackBerry) as “third parties.” 2) Facebook told Congress that it disabled third party access to user data, but in actuality did not.

My own strong interjection: Facebook’s competitive advantage is its disregard for ethics. Somehow, Zuckerberg has been able to convince a lot of smart people to do unethical things and build unethical technology, while the competitors have a harder time doing the same. This disregard for ethics has allowed Facebook to “grow at all costs.” Meanwhile, the more conscientious programmers and entrepreneurs (or at least those held more accountable) are busy wrangling with the real challenges and intricacies of civilization. (I personally prefer it that way - I like my work being tied to the well-being of society.)

(comment deleted)
> This disregard for ethics has allowed Facebook to “grow at all costs."

There's a great phrase for this: "move fast and break things". When you believe it is ok to break small rules and norms, it becomes easier to break larger norms and ethics and rules. This philosophy took SV by storm, but at its core it's always been about disregarding things like laws and ethics, and now we are seeing the world that created.

You might think that that's a great phrase for it, but many other people don't interpret "move fast and break things" to mean what you think it means.

I'm all for criticizing things that have gone wrong, but you're using an overly-broad brush.

I wish I could agree with you're more nuanced viewpoint, but seeing a whole industry making insane amounts of money based on abusive and deceptive business models suggests that there truely is a broader issue. Whether the underlying attitude is best describe by "move fast, break things" is debatable but we can't easily dismiss the idea.
I think the point is that that quip usually refers to technical breakage, i.e. "it's better to ship more often and potentially break something that you then fix equally quickly, than spending thrice as much time analysing the problem to ensure there's no breakage in the first place". In other words, an entirely different meaning that what the grandparent meant when they said it was a great phrase for it.
The point that the poster was making was that while the phrase normally refers to its technical development philosophy, it seems that it also seems to reflect Facebook's attitude to other issues, such as regulation and privacy.
and uber and theranos. and probably others. airbnb had a lot of people that broke their leases and deed restrictions and local zoning laws.
The point is that, while it applies to technical issues, it equally applies to ethical ones.

- "Should we share this data?"

- "I don't know, we'll figure that out in version 2"

That's an excellent reason to attack abusive and deceptive business models. Have at it.
The original quote is:

> Move fast and break things. Unless you are breaking stuff, you are not moving fast enough.

In the technical space, things may be legacy code or APIs. In the business space, things may be ethics and laws, and this incidentally is exactly the model we see in companies like Facebook and Uber and AirBnB.

> but you're using an overly-broad brush

No, not really.

If you notice people working - say, construction - in a particular way, and they're trading safety for speed, and if you weren't concerned with worker-safety, you might consider that tradeoff their business. If you also found that it led them to build buildings that overlapped other people's properties, you might note that the tradeoffs they choose might also lead to that problem.

Especially if you notice that other construction firms are making the same sorts of tradeoffs and also having the same problems.

I'm not saying that firms who "move fast and break things" are inevitably also unethical, shitty companies. Everyone sacrifices QA depth for release at some point. But there's nothing wrong with pointing out many high-profile companies who trumpet their pride of it are, in fact, unethical, shitty companies.

The wrong thing about combining not-very-related things is that you're wasting your ire and offending ethical people at the same time. Great for starting an argument, not so great for convincing people.

BTW, your construction example is terrible. Unsafe construction worksites are illegal, and continuous integration and deployment of software is not.

But they do appear to be related. You see the same things in the same companies, and the commonalities are consistent with treating consequences of the quest for growth at all costs as acceptable. When you have people racing a (real or perceived) time window, they don't stop pushing when humans are involved rather than software.

> your construction example is terrible

Takes all kinds. Including people who intentionally read things obtusely.

I thought it was insightful. Fundamentally, “move fast and break things” means you’re not going to be afraid to do something just because you haven’t thought through all the repercussions yet. Personally I find it easy to see how to, as an engineer...ignore hunches that there might be a security hole or a privacy hole in the interest of pushing things forward. “Move fast and break things” implies that you’ll get something working out the door and you’ll come back and fix it later. When you always move to the next thing, you never really come back and fix all the things you broke.
I think at first people thought it meant something less toxic, like "things" meaning "software" or "industry norms".

But then the likes of Uber came along and showed that it meant "laws".

The phase fundamentally captures an essense of what Umberto Eco and Rober Paxton observed of early 20th century political movements emerging in Italy and Germany.

I'd recognised this similarity some time back.

http://w3.salemstate.edu/~cmauriello/pdfEuropean/Paxton_Five...

Irrationalism also depends on the cult of action for action’s sake. Action being beautiful in itself, it must be taken before, or without, any previous reflection. Thinking is a form of emasculation. Therefore culture is suspect insofar as it is identified with critical attitudes.... No syncretistic faith can withstand analytical criticism. The critical spirit makes distinctions, and to distinguish is a sign of modernism. In modern culture the scientific community praises disagreement as a way to improve knowledge. ...disagreement is treason.

http://www.nybooks.com/articles/1995/06/22/ur-fascism/

Move fast and break things means don't be afraid to try things that might fail, but it doesn't mean ethics don't matter. There has long been a concern about what facebook does with people's privacy, now there's no doubt they went way too far.
> Move fast and break things means don't be afraid to try things that might fail, but it doesn't mean ethics don't matter.

Sure it does. Move fast and break things means don't be afraid to try new things, but the line isn't "ethical concerns" but rather "legality". There's a whole gray area between what is ethically acceptable and what is legally acceptable, and FB profits in that gray area that other companies are afraid to try because of their corporate values or personal misgivings.

I think Uber's strategy was to go illegal in a big way, presenting a city with a fait accompli of a large number of unlicensed Uber cabs on the street. And then Uber would resist any regulatory efforts through lobbying and in court.
Huh. I always interpreted "move fast and break things" to be referring to the speed of development cycle, as in, SV startups prefer to we deploy new code without really testing everything as thoroughly as an enterprise company might, because time to market is most important and people are forgiving if we break their experience for a short time. I don't think anyone would really fault anyone for that interpretation.

However, if that becomes "do whatever we want to anyone without regards for laws or ethics or customs including directly lying to regulators" as it appears Facebook did then I agree it becomes a problem.

The break-things part is related to the startup meme of disruption too. And as some critic I read once said, many startups disrupt business status quo in the same way that I disrupt the idea of pet-ownership if I steal your dog.
And they got the FTC to not really interfere with their practices, even after they were found out.

Good luck on net neutrality with the FTC...

Net neutrality isn't FTC's domain. FTC is the Federal TRADE Commission, which handles stuff like mergers of giant companies, the Do Not Call registry, and identity theft; the FCC, the Federal COMMUNICATIONS Commission, handles things like net neutrality, amateur radio licensing, and selling bands of spectrum.
I think everyone here knows the definition of communications. The parent poster is referring to the position of the current FCC chairman, who is pushing responsibility over to the FTC. It is clear to me, the the parent poster is skeptical of this.

The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) announced an agreement on Monday to coordinate their efforts to police the internet once the latter agency has repealed its net neutrality rules.

http://thehill.com/policy/technology/364336-fcc-ftc-announce...

(comment deleted)
(comment deleted)
> Facebook’s competitive advantage is its disregard for ethics.

This appears to be a quality that occurs in some business owners.

I know more than a single entrepreneur with similar disregard for things like data retention and PII. Their reluctance to address these issues when advised, I assume, would persist until they get burned.

Taking a step back, at the root it appears simply that some people are better at focusing than others. These entrepreneurs would work on improving metrics they see relevant and their effort will be more efficient thanks to zoning everything else out.

Seeing evil intent here would be counterproductive, similar to reprimanding someone on the spectrum for not saying hello: it might just not occur to a person. The key difference here is that these decisions negatively impact countless third parties, and those third parties lack the expertise to recognize the issue.

While there’s a lot that can be said against FDA[1], there seems to be a parallel here. I want to reserve my judgement about regulation in this area, but it seems like there’s a case for it, similar to how we’d like to keep food manufacturers in check.

[1] A movie called Dallas Buyers Club comes to mind.

  similar to reprimanding someone on the spectrum for not saying hello
Why hold anyone in the upper class accountable for their actions when we can just claim they all suffer from mental disorders and make excuses for them?
I might’ve been unclear, I do think we could push for more enforced accountability in these cases.

The parallel between narrow focus and mental disorder was meant to illustrate how attributing these outcomes to malice (which I sometimes see) is ineffective. If those actors play by the rules and are immune to ethics-based arguments, then maybe the rules are due to be updated.

The comparison relies on an assumption that these corporate bad actors unwittingly "don't see the harm" that arises as a side effect of their laser focus on (non-maliciously) optimizing something else-- similar to how someone with a different behavioral orientation might unwittingly not register the effect of ignoring a common social convention.

I'd say this claim needs a lot of supporting evidence before we should take it seriously. At the moment it's just a rhetorical device, and would almost certainly be used to mitigate blame aimed at corporate bad actors. So I'd say without some type of serious evidence of this unwitting laser focus, evidence of people genuinely "not seeing the harm" despite huge op-eds in major newspapers, outrage from tech communities, harrowing stories of data privacy issues, etc. etc., we really should not put any weight on this "non-malicious focus" interpretation.

In other words, these are smart people. They knew full well what they were doing. Lobbying, PR, and attempting regulatory capture after the fact to launder their reputation and absolve blame are absolutely baked in as part of the strategy, until conclusively proven otherwise.

You're describing a huge lack of regard for the victims in this situation, and an exceptional amount of forgiveness for the assailants. Unfortunately, this is the attitude that lets ethical gray-lines exist, and the attitude that should be beaten if you want to avoid stricter regulations.
Talking about ethics, this is going to sound below the belt. If Facebook were to enter into a contract with the defense department like Google did (and terminated a renewal just a few days ago), I doubt if any Facebook employees would even think of creating a petition to management or of quitting their jobs over that. Somehow I feel the people that Facebook attracts as employees may be the ones who don't care much for others overall. That or they're so dedicated to work that they're completely oblivious about all the news in the last several years.
To give benefit-of-the-doubt, I think they believe their own propaganda. Facebook folks actually believed that (e.g. among many) pushing people to reveal all aspects of their life equally to everyone was in society's best interest.

And I once met a Facebook employee who actually was a staunch EFF supporter…

But overall, I dunno… you're probably right.

It takes a certain degree of naivety to believe that. It also lacks a certain degree of critical thinking to not ask the question "but what if some people choose not to share?" or the even easier question "can any of this be abused?"
Could have been just the best possible shot to avoid a neo-totalitarian society, and the current abuse could be actually a minor consequence (and completely manageable for nation states > take a look at EU GDPR).

"move fast and break things" > Why the hurry?

That moral opinions equals the one of Peter Thiel about the good in mass surveillance: based on his opinion that after 9/11, powerful western entities were on the side of really harsh intrusive countermeasures (and the restriction of current liberties quite probably), that could probably, fundamentally change the western societies as they existed at that moment.

The alternative to that way of doing things was to allow the existence of public and private entities like Facebook and their subrepticious intrusiveness, allowing mass surveillance, but also allowing to avoid other gruesome measures.

And that could explain why nobody can pull-out a facebook takedown.

"the cost of freedom is high..." JFK

I hope it's clear in my comment that I'm neither apologizing for Facebook nor sympathizing with Thiel and his crap etc. I think assuming-good-faith and looking for charitable explanations is a good practice, even if I actually don't believe people actually deserve the charity.
> Having known so many people involved with Facebook for so long, I have come up with a phrase to describe the cultural phenomenon I’ve witnessed among them – ladder kicking. Basically, people who get a leg up from others, and then do everything in their power to ensure nobody else manages to get there. No, it’s not “human nature” or “how it works.” Silicon Valley and the tech industry at large weren’t built by these sorts of people, and we need to be more active in preventing this mind-virus from spreading.

https://news.ycombinator.com/item?id=14780186

> Facebook’s competitive advantage is its disregard for ethics. Somehow, Zuckerberg has been able to convince a lot of smart people to do unethical things and build unethical technology, while the competitors have a harder time doing the same.

While I absolutely agree that it's a serious problem, Facebook does not stand out in the business world in this regard. Many in the business world celebrate, rationalize, and embrace this point of view: Making money is all that matters. On HN, until recently I often read the argument that businesses' only responsibility is to make as much money as possible for shareholders and that they have no responsibilities to employees or community. The current U.S. administration openly embraces this view as policy; Rex Tillerson (former oil company CEO) openly stated that US policy was that human rights took a back seat to making money.

For generations, corporations have made money on the labor and the suffering of others, to the point of undermining governments and supporting oppression and murder. Off the top of my head: There was the East India Company in the 19th century, the banana companies in the early 20th century, the businesses that helped the Nazis, the ones who helped and cashed in on right-wing dictators throughout the Cold War, the financial companies who committed massive fraud causing a global recession in 2008, and all the IT companies helping oppressive states like China with their surveillance technology and means of oppression, not to mention Hollywood and other businesses who censor criticism of China.

The question is, why do we normalize and accept this behavior? What is wrong with the morality of business leaders?

(And to be clear, I'm not demonizing all business. Business provides the resources that make advanced nations prosperous, safe, healthy, and connected.)

They're not third parties because these API's are protected by user login credentials as near as I can tell. That means you provide your login information, and your device can access your Facebook data, as you expect a client of Facebook to be able to do.

That means all the privacy protections from the "website" are there, you're just not looking at it through a browser, it's an interface provided by the device manufacturer.

What is there to be angry about?

(comment deleted)
While I agree I know a few ex Facebook employees and they all, genuinely, believe thst FB cares about user privacy. I suspect they've convinced good people to go bad with some strange coolade and all those free lunches.
Facebook's competitive advantage is that they gained critical momentum as the platform we all started using post myspace, etc.

There are plenty of companies that are willing to do 'unethical' things.

"The company continued to build new private APIs for device makers through 2014"

"Michael LaForgia, a New York Times reporter, used the Hub app on a BlackBerry Z10 to log into Facebook." -- this is a phone announced in 2013.

I understand the concern with Facebook, but this article is presenting information from 4 years ago as if it's news.

It's news if people didn't know. Plus FB itself says that 60 companies used these APIs, and only 22 of those have ended as of today.
Now read this and do make sure you type the takeaways like you did for the NYTimes article above: https://newsroom.fb.com/news/2018/06/why-we-disagree-with-th...
Doesn't actually deny any of the accusations, except maybe for the "access to friends' data not being shared" (for which the NYT should be criticized for being too vague - it's not clear how and why they "believed" it wasn't shared).

I like the part "all these partnerships were built on a common interest" - tautologies always sound good.

As for the only actual defense (the data agreements), it was already in the NYT story.

And, Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.

Parsing: friends’ information, like photos,

I have a friend named Tammy. Tammy has photos.

was only accessible on devices

Someone/thing can access these photos

when people made a decision to share their information with those friends

I decided to share information with Tammy. I now have access to her photos. I open some silly fb app. That app now has access to my friend Tammy's photos. According to this, Tammy may not even know that those photos have been compromised. She may have a son who is gay, but not out yet, and Tammy (being the understanding parent) is sharing with people she trusts. Now, unbeknownst to her, everything is out in the wild.

This is the problem.

We are not aware of any abuse by these companies.

Were you looking? Did you care? Do you now?

So basically, your argument is that it's a dangerous attack on users' privacy for Facebook to allow users to view it through any app but their own, no matter how strict their contracts with the app developers, even if those developers are big companies like Microsoft with a lot to lose if they get caught doing something malicious? That it's an attack on gay rights for the Facebook walled garden to not be maximally strict and absolute in its grip on what software people can use to interact with their friends on it?

Because that's what we're talking about here: apps that allow users to access their Facebook accounts and interact with their friends through them. Not shady Zynga games or information-mining quizzes, but alternatives to the official Facebook app that are only allowed to "provide versions of the Facebook experience" and are created by major device manufacturers.

I'm curious how Facebook's continued willingness to allow web access to people's private information fits into all this too. After all, the user's web browser has access to all this dangerous personal information about their friends, it can certainly do all kinds of malicious things with it, and Facebook doesn't even have any kind of contractual relationship with the browser developers preventing this. Given how many shady browser extensions are out there this is certainly being abused right now. Should Facebook take down their web version too in the name of protecting gay children?

So basically your argument is that corporations should be trusted to self-police, because they know that bad things would happen if they get caught misbehaving? Like, Microsoft would be destroyed if they were found to be sending users' information to their servers and the average user didn't realize it?
Quite the opposite.

The moment facebook provides a way for a person to use a device to view information, they've simultaneously produced something the device's OS could use to exfiltrate that information. There's nothing facebook can practically* implement to allow Windows Phone users to use Facebook while preventing Microsoft from exfiltrating data.

Drop the API, and they can scrape webpages; it doesn't remove any fundamental barrier to information. If Facebook wanted/needed to limit access to this information from untrusted device manufacturers, a website is out of the question, and you couldn't just release a windows/android/linux app — you'd need to go per-manufacturer.

This leaves pretty much everyone worse off. [though it'd be pretty great for Apple.]

Users need to trust the manufacturer of the devices they use. There's room for regulation/enforcement to ensure that they can.

But holding services responsible for vetting the platforms that can access their data makes open platforms like the web untenable, and doesn't fix anything.

* Impractically, facebook could send and show encrypted data which can be decrypted by the user via pen & paper.

Stop using Facebook already ... it's a liar and deceiving social network.
Alternatively worded: Facebook let RIM build Facebook for Blackberry.
At which point can facebook start suing around for [slander/damages]? It's not like they did all this in secrecy , they were quite open about their platform with developers (which has helped developers warm up to a company that basically sells gossip). They never will of course, because they 'd be retroactively judged with today's standards. E.g. I find their unfair advantaging of the Obama campaigns a lot more troubling than this.
You can't sue for libel over accurately reported news? The bar for successful libel actions is extremely high in the US, as well.
(comment deleted)
Facebook's old policy: Move fast and break things.

Facebook's new policy: Move fast and deny everything.

I'm only half-joking as I was surprised to see a Facebook rebuttal so quickly after an article like this. It seems a new strategy is in place, to not let these article fester. The problem is their response is devoid of actual content, or even actual rebuttals to the main points of the NYT article. Mainly that FB does not consider these vendors as "third-parties", and that friends data is accessed even when sharing is explicitly disabled.

> I'm only half-joking as I was surprised to see a Facebook rebuttal so quickly after an article like this

>Market Cap: 561.740B https://www.bloomberg.com/quote/FB:US

Not surprised at all. Their business model depends on it on people uploading all of their personal information, thoughts, and feelings into the machine for analytical processing. If that trust/relationship dies, facebook dies with it.

I think the problem isn't so much a question of users trust in Facebook but rather users apathy with regards to their own privacy.

I think most people are aware enough that they are the product - I just think they don't really care all that much.

I'm only half-joking as I was surprised to see a Facebook rebuttal so quickly after an article like this.

Reputable journalists always seek comments when they write in depth about a person or company. There’s always at least some forewarning.

> I was surprised to see a Facebook rebuttal so quickly after an article like this.

Article contains Facebook's response, so they most likely read it before it was published. As far as I can tell, they probably didn't like the way reported interpreted things so they prepared at least part of the response before, so they can react when it will be published.