91 comments

[ 3.3 ms ] story [ 170 ms ] thread
> “Facebook’s integrations with Huawei, Lenovo, OPPO and TCL were controlled from the get-go — and we approved the Facebook experiences these companies built.”

They're going to be sorry for admitting to that when we discover that Huawei or Lenovo had been harvesting that data for other purposes.

What other purposes and how is it FB's problem?
They might be sorry for admitting this, but they have no choice -- once the clear question gets asked FB cannot hide the answer. It can lie, but it would be worse, as the lie will come out quickly and they would be in much hotter water: not only for doing something bad, but also for lying about it (effectively admitting they saw it as a bad practice). Pretending that what they did is not bad is their best option.

And of course Huawei and Lenovo will use data for other purposes -- they operate under different jurisdictions than FB. They also likely cannot keep ignore data requests for "national interests" even if they wanted to. And national interests include economic interests for sure.

How annoying Reuters included ads that redirect on mobile to pages informing me about viruses on my iPhone and an incredible huge lottery win. Too bad, it’s impossible to read the article on my phone.

edit: mobile

That's why ad blockers are absolutely necessary. Not to scam companies out of their revenue, but because you cannot trust them in running clean ads. Fake virus alerts even are the lesser evil, delivering browser exploits or draining the battery by running crypto-miners are much worse. You read about such incidents every couple weeks...
On desktop, I use uBlock and Privacy Badger, but on my iPhone there doesn’t seem to be an option.
(comment deleted)
There are a few Add block options on iPhone what are they missing?
I am just not aware of them, I guess. Never looked into them to be honest.
iOS has Adblock that comes with a DNS proxy using local VPN. Earlier it used to use the VPN to divert traffic to their app, but Apple banned that practice.
Firefox on mobile can also use uBlock on android, I wonder if the iOS version can do it as well.
One can use Firefox Focus in place of AdGuard on iOS and it will perform the content filtering. :)
You can download a content blocker app like AdGuard which integrates directly into Safari through an official API.
I use 1Blocker through Safari and it works well. There are many others, some that may be cheaper or free
The basic version of 1Blocker is free, and works well for blocking ads. You just need a new-enough iOS.
I think this could be your network operator. Happens quite often to me on 3g in Germany, never when using wifi.
I am in the US at the moment and actually on WiFi, so I guess that’s not the issue.

But interesting that this happens to you. Never had that in Germany.

Can that happen on an https page?
On Firefox for both Android and desktop, you can switch on tracking protection which removes 99% of ads including the Reuters one. This doesn't require you to install any plugins.

I don't have access to an iPhone, but is this option available on Firefox for iPhone?

> “Every piece of content that you share on Facebook, you own and you have complete control over who sees it and how you share it, and you can remove it at any time,”

This sentence has been bothering me because it feels like his lawyers wrote it. It's specifically worded to not include issues like this one.

Ref: https://www.houstonchronicle.com/techburger/article/Zuckerbe...

Except for the data they seem so eager to give to others.
How is it specifically worded to not include the issue? I just see that sentence as an outright lie. I thought it was notable for its lack of "weasel words" and disingenuousness that are the hallmarks of Mark Zuckerberg's speech.

From the NYTimes article:

>"But the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online." [1]

Birthday, work and education history are all things that user's "share" on FB no?

https://www.nytimes.com/interactive/2018/06/03/technology/fa...

Could Zuckerberg argue that this is not what he meant with 'piece of content that you share'? I imagine not, but just wondering.
"It depends on what your definition of 'is' is." — Bill Clinton

This is weasel language, used to avoid saying anything you can be held to having said, when that becomes inconvenient.

Well, yes. I was mostly wondering how this works from a legal perspective.
But those are probably allowed to be publicly available by those users. Which is what Zuckerberg is saying in this statement. What he _isn't_ including in his statement is content created by FB about a person (used for marketing, etc.).
It specifically mentions information YOU post. Facebook collects metadata about you and your activities. That metadata is whats more dangerous... and conveniently unmentioned.
Ah OK I missed the nuance - religious affiliation, birthday, education history etc. are just a form of account metadata in this bit of subterfuge. Jeez, of course. Thanks for the clarification.
"you have control over ... how you share it". You do not have control over how Facebook shares it.
> [...] and you have complete control over who sees it and [...]

If you have complete control over who sees it, that should mean that no one else has any control over it...

>> [...] and you have complete control over who sees it and [...]

> If you have complete control over who sees it, that should mean that no one else has any control over it...

Actually that quote is false: the Facebook algorithm has almost complete control over who actually sees your content.

I'm just trying to say what it means since there appear to be some confusion...
It isn't if by "sees" they mean "has UI access", as opposed to API access (which isn't "seeing").

I'm not concerned who "sees" my data - I want to know who can access it. If all it takes is a friend with a shady device, it's not comforting at all.

Did FB every clarify if sharing permissions would mitigate that API access? because otherwise the only solution is to a) defriend everyone and b) quit FB.

So, a question to developers reading this: would you be happy to work alongside a person who participated in the development of this system?
Depends entirely on how they feel and act about it. If they were pushing to make my company the next big surveillance org then yeah. Otherwise I probably wouldn't even think twice about it.
If they felt bad about it but carried on with it anyway, is that any better?
(comment deleted)
(comment deleted)
Trick question. Typically, when assigned tasks at work, one doesn't have the forbearance or clairvoyance to asses the moral implications of the task.

The fairer question to ask is if the strategy team pitching such work/product understood the moral implication of the work.

This is Facebook we are talking about. One does not need to be clairvoyant.
A fairly large cross-section of big corporations will say things that are shockingly evil to even moderately critical minds. You work there to put food on the table, not to make the world a better place.
Happy at work is the thing of inspirational propaganda, upper management and elite techies who can afford to be choosy. The rest of us have mortgages and families and health care premiums.

Not a Facebook employee, but I've wrestled with these questions after years in investment banking and a bit of adtech.

Almost anything that pays well isn't going to the end goal of feeding orphans, or improving society in any way.

I agree. Telling users they own their data and therefor have complete control over it is, at best, a misunderstanding of what we humans have control over and at worst insinuating that own=control to make the user think they are right.
(comment deleted)
Hacking is made easy with Alex. Charges are afordable, time is very fast and the job is always on point. Should you want to hack a Whatsapp account, Instagram, Snapchat, Facebook, Skype, Twitter, Viber and so on, you want to edit your school grades, you want to clear a criminal record, just contact my hacker through (icehackerzz@gmail.com) or via Whatsapp +1347-443-9188 and get our job done asap.
This will be the downfall of Facebook, every country wants them to give them data while at the same time wanting to protect their citizen from data being given to other countries. and countries wanting data about their citizens probably contravenes human rights.
It's classic.

Only one thing can destroy big company / country etc - inside job.

In my point of view this is beginning of FB's end.

1 minute and -1 points already - truth hurts
I pretty much disagree. how exactly would that work? more regulation? so people just click though more yep, it's creepy but I don't care buttons.

charge them as a monopoly? when you have google and apple?

People won't share their data / thoughts etc.

No users / data = no ads. No ads, no cash. No cash means no FB.

Btw Fb's losing users in big already.

I just dont use FB anymore.

I get FB messages, but I dont check my feed.

Occasionally I get event invites, but I check that every few weeks or month.

I dont want to act like I'm 'cutting edge', but was on gamefaqs when it was cool, FB in 2009, reddit in 2010. I dont use facebook anymore, we moved to snapchat and niche fourms.

You said you don’t want to act like you’re cutting edge which is probably good, but the years you listed for Facebook and Reddit aren’t that early for those platforms.
I was on reddit back when people were liberal on the website.
> charge them as a monopoly? when you have google and apple?

Yes. Shocking as it may seem, being a monopoly isn't a problem per se. It's using monopoly power to do naughty things. That plus antitrust law is aching for extension into aggregator-like systems. (It also helps that Facebook neatly partitions into Facebook, Instagram and WhatsApp mandarin orange slices.)

I wish there was a social network built around the signal app. Maybe whoever builds the next FB will give it some thought.
What’s the business model? Given network effects I don’t see how you have a non-ad supported social network but could be lack of creativity.
Can someone explain to me a mechanism for having JSON data describing a user and all their information downloaded and then displayed on the screen of either an Android or iOS phone without the app or OS involved then having the ability to send that data to a server later on?

The sentence “only available on the device” makes no sense to me as an engineer. What?

Did Facebook code review every app and OS they gave this access to? Even then, would they be able to garauntee that an update couldn’t be made to the app or some library it relied on to prevent it from harvesting the data?

If that data was encrypted, how did it get displayed on a screen without being unencrypted first and this made vulnerable to scraping?

I was an iOS and Android applications developer and I can’t think of any way to do it (at least on iOS) short of (a) keeping it completely encrypted the entire time (b) only allowing an application signed by Facebook and belonging to Facebook and controlled by Facebook completely (in iOS, at least) to get this data since iOS apps are well sandboxed from one another or (c) relying vaguely on a legal agreement that the other party not be naughty with the data contractually which means jack shit to the Chinese.

On Android - Jesus, forget about it.

Exactly. All the issues these reporters are up in arms about would still be a problem if Facebook gave these companies access to their regular API instead of a specialized one.

In the end, a user is responsible for whom they give their username and password to. That includes typing it into an app. I hope we can redirect the publicity around this issue to scrutinizing the security of software, operating systems, and hardware. And promoting open source!

I understood that facebook shares a persons data if a friend of theirs has given permission to an app. Thus a person can be vigilant about their own account, and still have their data compromised.
>a user is responsible for whom they give their username and password to.

In 2009, when I signed up for facebook, I was signing up for facebook.

Not sharing with political groups and enterprises.

No one reads ToS and at that point, it should be nullified. Everyone loses their FB accounts because YOU didnt read the ToS. Facebook loses their business because they lied about people reading and accepting their ToS.

Its important to be reasonable, FB definitely went full corruption and blaming the billions of customers is laughable.

You're blaming facebook because people don't read ToS?

And then you try to tell people to be reasonable? That's like the pot calling the kettle black, isn't it?

In many countries, like Germany, surprising provisions in consumer terms of service are unenforceable for exactly this reason (and other reasons).

In my opinion, it's American over-adherence to legal formalism to the benefit of powerful companies and the detriment of consumers that is unreasonable, not the German approach. And I say this as an American myself.

USA has very similar laws and legal tradition about what makes a contract valid.
The German (civil law) and US (common law) legal traditions are pretty disparate, including their approaches to contract law - but in this case the difference is due to consumer protection rules in Germany and Europe, not anything longstanding about either tradition.
I know very little about US law and even less about German law, but I think GP was referring to contracts of adhesion, which are less enforceable in the US too, afaik; even if the laws are far stronger in Germany and have different historical origins, maybe there's at least some spiritual similarity between the protections?
While it's true that contracts of adhesion are less enforceable in the US than other contracts, they're still very enforceable.

In particular, if there's some evidence that a consumer clicked a check box saying "I accept the terms of service" on a web form before submitting it, where a link to the full terms of service was offered and the check box was not checked by default, US courts will uphold far less friendly terms than German courts will.

Hey do you read the ToS?

Before you get too excited about legal jargon, no one reads the ToS. There was some study saying it would take years of your life to read it, let alone try to understand it.

ToS that are unreadable should be thrown out in court.

Everyone, including facebook knows that these are not read.

I pretty much agree with your points, but I don't see the relationship to this topic. It seems possible that you have misunderstood what these news stories are about (or equally possible that I have). This story is about Facebook giving "privileged API access" to certain companies. That means that when users give their login credentials to those companies, they can access certain data about the users in certain ways. However, as I said above, if the user gives those companies login credentials, the user is already putting a frighteningly large amount of trust in that third party. There needs to be much more awareness of this.
(comment deleted)
I am not familiar with the terms of these kinds of data sharing agreements, but I know most US confidentiality agreements include a term that enables companies to share confidential data with governments if required by law. Most agreements if not all also contain a clause that companies take reasonable best efforts to try to resist or narrow such requests. I believe I've heard that tech companies can successfully do this on occassion

So even confidential company info can be taken by the government. In the US I think there are practical limits on this and companies have some ability and willingness to resist. From my limited experience the latter is not always the case in china, and I'd imagine the former is less true as well

let's try to replace one word: "Facebook confirms data sharing with Jewish companies". You see what kind of ideology this is spreading? Being Chinese is bad?
anti-chinese sentiment is very common on hackernews. Goes into pure racism a lot of the time.
Hang on though. Lets not conflate China the country, with Chinese the inhabitants. I can be highly suspicious of China and Russia the countries without feeling any animosity towards the people who are from there.
I'm sure it has nothing to do with the Chinese government's authoritarian censorship policies or great firewall.
I’d call it anti-China sentiment, which isn’t racism at all. There’s plenty to dislike about the Chinese government and Chinese nationalism.
A closer analogy is "Facebook confirms data sharing with Israeli companies", which seems slightly less inflammatory.
I still think people would be unhappy about this, but Isreali Companies aren't as big of threats to national security, or at least that is what I've been led to beliee.
In contexts like this Chinese is often short for Chinese communist. But if that was elaborated then you would accuse people of McCarthyism and being overly hysterical about communism.
Do you mean "often short for China the country"? Because otherwise it does sound pretty weird for you to say "Chinese communist".
> Do you mean "often short for China the country"?

No. You will see people aren't bothered by Taiwan or other far eastern countries, perhaps there's a reason.

> pretty weird

Maybe English is a weird language. I'm esl so I shouldn't be teaching you.. The reason people don't spell it out is because it is shorter, seems more polite and are afraid of looking like this[0].

[0] https://www.youtube.com/watch?v=MoATWN68IZA

A number of Chinese companies, including some that Facebook shared data with, are listed as threats to U.S. national security.

When a Jewish company makes the list, get back to us. For now, you're just diverting attention from the issue.

This is literally the dumbest statement I've ever read on this website
I'm kinda thinking of Chipotle's pr nightmare over food safety. This is similar. Facebook isn't going to die but people will be far less enamored by it going forward.

Usage metrics have already been ticking down.

This is horrible, how do I know a random chinese business won't sell it for a good markup to a russian agency or Egypt who've used it to prosecute non religious people and gays. This whole interoperability push is getting ignorant and lethal
You don't.

The simple consequence of globalization and economic integration is that what everyone does affects everyone else, and the networks of flow in information, energy, and physical commodities are so dense that it becomes very difficult to attribute cause and effect (and therefore moral responsibility) to any one actor.

If it wasn't Facebook, it would've been someone else. That's not to absolve Facebook of its behavior, just noting that there are strong incentives in place that encourage interoperability and therefore efficiency that resulted in its actions, and these incentives affect every organization worldwide.

The only way to prevent this is to build barriers to control the flow and pay the very high price of loss in efficiency. China is way ahead of things in that sense.

Facebook liar liar liar. Thats what you all google, twitter and facebook are.
So in other words, Zuckerberg lied.