32 comments

[ 2.6 ms ] story [ 19.7 ms ] thread
Haha, is this treason yet?
I my opinion, it’s very close. Providing data to a foreign intelligence service certainly meets the definition. Arguing that Huawei is not part of Chinese intelligence is like saying Air America was an airline for package tourists.
That's definitely false. You think when France or UK asks google for access to a terrorists' gmail account its treason?
To meet the definition of treason they would have to share it with an entity we are in open conflict with. It would be tough/impossible to prove that China meets the criteria. With all of the colluding with foreign governments going on lately there should probably be some law against providing information to a foreign intelligence agency. Maybe that falls in the category of "undeclared foreign agent".
I stand corrected. Thus, under that same standard, the claim that Donald Trump committed treason is also bogus since we aren’t in open conflict with Russia.
True, but I don't think anyone is making a legal case against Trump and his campaign for treason. The case being made is for obstruction of justice and conspiracy to "obstruct the lawful functions of the United States government through fraud and deceit".

Fortunately no one is above the law and Trump can't pardon himself for shooting Comey or commiting fraud and obstruction.

We'll see what evidence Mueller has at the end of his investigation. The whole thing -- all the Russians and campaign members indicted may have nothing to do with Trump. But considering how much the Trump campaign has already lied about Russian contacts and how loudly Trump is squealing like a cowardly pig, I expect the result of the investigation will not be favorable for him.

Is Google then guilty of treason for exposing user's data to the makers of QQ Browser?
That's nonsense. Should they block access to facebook from the web browsers on those phones as well?
> Facebook officials said that the data shared with Huawei stayed on its phone, not the company’s servers.

Can they prove this, though?

No. But could they prove it with the standard FB app either? I mean, you are typing your user name and password on that phone, if you assume the manufacturer is outright malicious, then official API access doesn't really matter one way or the other. An API used to create a third party client is generally a good thing and doesn't actually change this (unless I am missing something here).

You could, however, with some trouble, check which data is going where on your own device, as long as that API isn't meant for direct connection between FB servers and those of a third party.

Not only could you check which data is going where on your own device, the journalists behind this reporting did in fact do this with a Blackberry for their previous story: https://twitter.com/laforgia_/status/1003619319736143872

They sniffed the network access of the Blackberry as they logged into Facebook via the built-in support, saw it pulling down a bunch of information direct from Facebook to the local device and nothing else, and wrote it up as though it were somehow scandalous and a breach of privacy that Facebook didn't see this as giving a third party access to that information. They didn't let the fact that they knew the third party wasn't receiving that data get in the way of fearmongering then, and I doubt they would here either.

There are Huawei facilities outside of Suzhou that are inside military restricted areas. Basically if you use Huawei, assume the MSS has access to anything touching their hardware. That may not be 100% true all the time, but it’s definitely true at least much of the time.

We can cue up the obligatory whataboutisn with the NSA as well, however, NSA isn’t stealing data from American companies and providing it to competitors, while China absolutely engages in industrial espionage against US and European companies.

https://www.thecipherbrief.com/chinese-industrial-spies-cast...

Considering that real, verified information about people and their social network is so valuable, it seems so weird that FB gave it all away so easily. If you have 50,000 users in America and can get the entire list of friends and friends of friends, and the personal / political information about them, you basically have the entire country.

Now wait until someone gets this information and dumps it in a torrent. Will be abused for decades.

I wonder if this is because FB is trying really hard to get into China. IIRC Zuckerberg offered Xi to name his first born child.

https://mashable.com/2017/09/18/zuckerberg-chinese-president...

My cringe muscles are getting such a workout these days.

The truth is that info is not all that valuable to Facebook -- they make all their money off of eyeballs. The personal user data they have (status updates, photos, comments) aren't very useful to advertisers. Their most profitable ads are when companies leverage their own proprietary data on the facebook network by connecting their user base to facebook's via cookies and showing you those shoes you were shopping for directly in your facebook feed (without ever caring about your likes!).
Give it a rest already NYT.

1. they are mischaracterizing the nature of that "access".

2. they could've reported this tidbit in yesterday's story, clearly they are trying to squeeze every last drop from that pebble.

Give it a rest already Facebook.
1. And you wouldn't? Clearly you never ran any for-profit business whatsoever.

2. Nobody forces you to read.

Man, there's a massive war about to go down between the press and tech and other tech companies.

Apple is starting to reign in the attention-grabbing machine that is Facebook and it's properties. Now the press, particularly, the NYT is pushing story after story of FB's nearly total lack of policy around consumer data protections. I'm sure they'll have their sights set on Apple/Google very soon.

Facebook fires back by shutting down the trending widget which I'm sure is a huge source of traffic for the NYT.

Elon nearly shuts down an earnings call because the questions are too pointed; he acquires the Onion. Thiel shuts down Gawker.

Bezos takes WaPo to protect Amazon.

Samsung and Apple have been at it forever.

It's only going to get uglier.

> Bezos takes WaPo to protect Amazon

What?

Non sequitur. You claimed "Bezos [acquired the] WaPo to protect Amazon." The article you link to [1] comments on his light pre-transaction diligence. Warren Buffett, too, is known for high light DD and simple acquisition paperwork. For a well-known brand purchased to have "a political watchdog for the public's good," the diligence makes sense without resorting to harebrained conspiracy.

[1] http://www.businessinsider.com/amazon-ceo-jeff-bezos-bought-...

Business insider is complete garbage and should never be referenced.
This is so overblown. Its not a far leap by NYT standards here to say that Facebook also "gave data access" to every screen manufacturer that ever displayed a Facebook page.

The bottom line is when people have data on FB and they have hundreds (in some cases thousands) of friends who all have the privilege to view their data, then the data is really not all that private to begin with.

Non-developer here. Can someone check my understanding of this situation for me please.

Facebook or any other website has information that ideally only I should have access to. I don't visit Facebook hq with my id in hand to get it, I use a computing device to talk to their computing device. they don't really know if it's me using that device, just that it knows information only I should have (password). The device is also my choice, they just provide general instructions for talking to theirs, or rather just comply with standards. Meaning html or whatever the total information sent from browsers and back again is called. Some browsers being difficult, they even have some code in there for them specifically. Mostly css for ie and mobile safari.

Because me visiting the Facebook building every time I want to see something or like something is ridiculous and something no one thinks happens, when these browsers request information as me they're then referred to as me, or my agent. So if data goes from Facebook to a macbook with chrome on it that knows my password, it's for all intents and purposes a two party relatiinship. No one sees that chrome, osx, my ISP, my router, my whatever; and goes "Facebook is giving data access to third parties!"

Enter mobile devices, or more accurately old mobile devices. Complying with those standards I mentioned above /html /building a quality full functionality browser is hard given their tech. They still want you to be able to use facebook, facebook still wants you using it, and you want to use it. So the device manufacturer and Facebook come up with a communication method they can use. Basically the same information sent and received as if you were using a browser and facebooks standard html, facebooks still just assuming you're on the other end because the device knows your password, but the syntax of their messages is different. Basically a more extreme version of having some funky css in there to make old IE work.

Terminology aside, am I on the right track? If so, what exactly is newsworthy about this? Is there a practical difference from a data security viewpoint between Facebook -> my Huawei phone -> me, and Facebook -> my Huawei phone -> chrome -> me?

If my user agent - the hardware /software I choose to use to talk to facebook - is hostile to me, I'm fucked either way aren't I?

You're exactly right, and there is no practical difference from a data security viewpoint. Except web access is probably worse in practice: many of the older mobile devices funnelled all web browsing through manufacturer-provided or third party servers, this is still an option in Chrome on Android, and desktop browsers are plagued by malicious extensions.

The New York Times is arguing that allowing users to access Facebook with third-party apps running on hardware the users own is the same as giving those third parties access to the data, that the setting which blocked third parties like Zynga and Cambridge Analytica from accessing this data should block those apps too, and that not doing so is a betrayal of user privacy. There's a Twitter thread by one of the journalists behind this that's even more clear about this: https://twitter.com/laforgia_/status/1003619629355413504

Like, I'm not exaggerating here, the journalist who's writing this series of articles really does think that if Facebook respected user privacy they should've made the setting which blocks every random quiz and game your friends use from scraping your data also force your friends to install the Facebook app to interact with you. (I don't think he's grasped that web browsers are third-party software though.)

Thanks! Pretty concerning that a lot of hn commenters seem to be with the nytimes on this.

I'm the filthy saas salesman that should be tainting this place with their ignorance. Everyone else is meant to be more informed on these things so I can get a more educated perspective!

As a software developer who is familiar with Facebook's APIs I have not been happy at all with the recent NYT coverage. It's mostly been the kind of coverage I'd expect from the National Enquirer.