> “Facebook’s integrations with Huawei, Lenovo, OPPO and TCL were controlled from the get-go — and we approved the Facebook experiences these companies built.”
They're going to be sorry for admitting to that when we discover that Huawei or Lenovo had been harvesting that data for other purposes.
They might be sorry for admitting this, but they have no choice -- once the clear question gets asked FB cannot hide the answer. It can lie, but it would be worse, as the lie will come out quickly and they would be in much hotter water: not only for doing something bad, but also for lying about it (effectively admitting they saw it as a bad practice). Pretending that what they did is not bad is their best option.
And of course Huawei and Lenovo will use data for other purposes -- they operate under different jurisdictions than FB. They also likely cannot keep ignore data requests for "national interests" even if they wanted to. And national interests include economic interests for sure.
How annoying Reuters included ads that redirect on mobile to pages informing me about viruses on my iPhone and an incredible huge lottery win. Too bad, it’s impossible to read the article on my phone.
That's why ad blockers are absolutely necessary. Not to scam companies out of their revenue, but because you cannot trust them in running clean ads. Fake virus alerts even are the lesser evil, delivering browser exploits or draining the battery by running crypto-miners are much worse. You read about such incidents every couple weeks...
iOS has Adblock that comes with a DNS proxy using local VPN. Earlier it used to use the VPN to divert traffic to their app, but Apple banned that practice.
On Firefox for both Android and desktop, you can switch on tracking protection which removes 99% of ads including the Reuters one. This doesn't require you to install any plugins.
I don't have access to an iPhone, but is this option available on Firefox for iPhone?
> “Every piece of content that you share on Facebook, you own and you have complete control over who sees it and how you share it, and you can remove it at any time,”
This sentence has been bothering me because it feels like his lawyers wrote it. It's specifically worded to not include issues like this one.
How is it specifically worded to not include the issue? I just see that sentence as an outright lie. I thought it was notable for its lack of "weasel words" and disingenuousness that are the hallmarks of Mark Zuckerberg's speech.
From the NYTimes article:
>"But the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online." [1]
Birthday, work and education history are all things that user's "share" on FB no?
But those are probably allowed to be publicly available by those users. Which is what Zuckerberg is saying in this statement. What he _isn't_ including in his statement is content created by FB about a person (used for marketing, etc.).
It specifically mentions information YOU post. Facebook collects metadata about you and your activities. That metadata is whats more dangerous... and conveniently unmentioned.
Ah OK I missed the nuance - religious affiliation, birthday, education history etc. are just a form of account metadata in this bit of subterfuge. Jeez, of course. Thanks for the clarification.
It isn't if by "sees" they mean "has UI access", as opposed to API access (which isn't "seeing").
I'm not concerned who "sees" my data - I want to know who can access it. If all it takes is a friend with a shady device, it's not comforting at all.
Did FB every clarify if sharing permissions would mitigate that API access? because otherwise the only solution is to a) defriend everyone and b) quit FB.
Depends entirely on how they feel and act about it. If they were pushing to make my company the next big surveillance org then yeah. Otherwise I probably wouldn't even think twice about it.
A fairly large cross-section of big corporations will say things that are shockingly evil to even moderately critical minds. You work there to put food on the table, not to make the world a better place.
Happy at work is the thing of inspirational propaganda, upper management and elite techies who can afford to be choosy. The rest of us have mortgages and families and health care premiums.
Not a Facebook employee, but I've wrestled with these questions after years in investment banking and a bit of adtech.
Almost anything that pays well isn't going to the end goal of feeding orphans, or improving society in any way.
I agree. Telling users they own their data and therefor have complete control over it is, at best, a misunderstanding of what we humans have control over and at worst insinuating that own=control to make the user think they are right.
Hacking is made easy with Alex. Charges are afordable, time is very fast and the job is always on point. Should you want to hack a Whatsapp account, Instagram, Snapchat, Facebook, Skype, Twitter, Viber and so on, you want to edit your school grades, you want to clear a criminal record, just contact my hacker through (icehackerzz@gmail.com) or via Whatsapp +1347-443-9188 and get our job done asap.
This will be the downfall of Facebook, every country wants them to give them data while at the same time wanting to protect their citizen from data being given to other countries. and countries wanting data about their citizens probably contravenes human rights.
Occasionally I get event invites, but I check that every few weeks or month.
I dont want to act like I'm 'cutting edge', but was on gamefaqs when it was cool, FB in 2009, reddit in 2010. I dont use facebook anymore, we moved to snapchat and niche fourms.
You said you don’t want to act like you’re cutting edge which is probably good, but the years you listed for Facebook and Reddit aren’t that early for those platforms.
> charge them as a monopoly? when you have google and apple?
Yes. Shocking as it may seem, being a monopoly isn't a problem per se. It's using monopoly power to do naughty things. That plus antitrust law is aching for extension into aggregator-like systems. (It also helps that Facebook neatly partitions into Facebook, Instagram and WhatsApp mandarin orange slices.)
Can someone explain to me a mechanism for having JSON data describing a user and all their information downloaded and then displayed on the screen of either an Android or iOS phone without the app or OS involved then having the ability to send that data to a server later on?
The sentence “only available on the device” makes no sense to me as an engineer. What?
Did Facebook code review every app and OS they gave this access to? Even then, would they be able to garauntee that an update couldn’t be made to the app or some library it relied on to prevent it from harvesting the data?
If that data was encrypted, how did it get displayed on a screen without being unencrypted first and this made vulnerable to scraping?
I was an iOS and Android applications developer and I can’t think of any way to do it (at least on iOS) short of (a) keeping it completely encrypted the entire time (b) only allowing an application signed by Facebook and belonging to Facebook and controlled by Facebook completely (in iOS, at least) to get this data since iOS apps are well sandboxed from one another or (c) relying vaguely on a legal agreement that the other party not be naughty with the data contractually which means jack shit to the Chinese.
Exactly. All the issues these reporters are up in arms about would still be a problem if Facebook gave these companies access to their regular API instead of a specialized one.
In the end, a user is responsible for whom they give their username and password to. That includes typing it into an app. I hope we can redirect the publicity around this issue to scrutinizing the security of software, operating systems, and hardware. And promoting open source!
I understood that facebook shares a persons data if a friend of theirs has given permission to an app. Thus a person can be vigilant about their own account, and still have their data compromised.
>a user is responsible for whom they give their username and password to.
In 2009, when I signed up for facebook, I was signing up for facebook.
Not sharing with political groups and enterprises.
No one reads ToS and at that point, it should be nullified. Everyone loses their FB accounts because YOU didnt read the ToS. Facebook loses their business because they lied about people reading and accepting their ToS.
Its important to be reasonable, FB definitely went full corruption and blaming the billions of customers is laughable.
In many countries, like Germany, surprising provisions in consumer terms of service are unenforceable for exactly this reason (and other reasons).
In my opinion, it's American over-adherence to legal formalism to the benefit of powerful companies and the detriment of consumers that is unreasonable, not the German approach. And I say this as an American myself.
The German (civil law) and US (common law) legal traditions are pretty disparate, including their approaches to contract law - but in this case the difference is due to consumer protection rules in Germany and Europe, not anything longstanding about either tradition.
I know very little about US law and even less about German law, but I think GP was referring to contracts of adhesion, which are less enforceable in the US too, afaik; even if the laws are far stronger in Germany and have different historical origins, maybe there's at least some spiritual similarity between the protections?
While it's true that contracts of adhesion are less enforceable in the US than other contracts, they're still very enforceable.
In particular, if there's some evidence that a consumer clicked a check box saying "I accept the terms of service" on a web form before submitting it, where a link to the full terms of service was offered and the check box was not checked by default, US courts will uphold far less friendly terms than German courts will.
Before you get too excited about legal jargon, no one reads the ToS. There was some study saying it would take years of your life to read it, let alone try to understand it.
ToS that are unreadable should be thrown out in court.
Everyone, including facebook knows that these are not read.
I pretty much agree with your points, but I don't see the relationship to this topic. It seems possible that you have misunderstood what these news stories are about (or equally possible that I have). This story is about Facebook giving "privileged API access" to certain companies. That means that when users give their login credentials to those companies, they can access certain data about the users in certain ways. However, as I said above, if the user gives those companies login credentials, the user is already putting a frighteningly large amount of trust in that third party. There needs to be much more awareness of this.
I am not familiar with the terms of these kinds of data sharing agreements, but I know most US confidentiality agreements include a term that enables companies to share confidential data with governments if required by law. Most agreements if not all also contain a clause that companies take reasonable best efforts to try to resist or narrow such requests. I believe I've heard that tech companies can successfully do this on occassion
So even confidential company info can be taken by the government. In the US I think there are practical limits on this and companies have some ability and willingness to resist. From my limited experience the latter is not always the case in china, and I'd imagine the former is less true as well
let's try to replace one word: "Facebook confirms data sharing with Jewish companies". You see what kind of ideology this is spreading? Being Chinese is bad?
Hang on though. Lets not conflate China the country, with Chinese the inhabitants. I can be highly suspicious of China and Russia the countries without feeling any animosity towards the people who are from there.
I still think people would be unhappy about this, but Isreali Companies aren't as big of threats to national security, or at least that is what I've been led to beliee.
In contexts like this Chinese is often short for Chinese communist. But if that was elaborated then you would accuse people of McCarthyism and being overly hysterical about communism.
> Do you mean "often short for China the country"?
No. You will see people aren't bothered by Taiwan or other far eastern countries, perhaps there's a reason.
> pretty weird
Maybe English is a weird language. I'm esl so I shouldn't be teaching you.. The reason people don't spell it out is because it is shorter, seems more polite and are afraid of looking like this[0].
I'm kinda thinking of Chipotle's pr nightmare over food safety. This is similar. Facebook isn't going to die but people will be far less enamored by it going forward.
This is horrible, how do I know a random chinese business won't sell it for a good markup to a russian agency or Egypt who've used it to prosecute non religious people and gays. This whole interoperability push is getting ignorant and lethal
The simple consequence of globalization and economic integration is that what everyone does affects everyone else, and the networks of flow in information, energy, and physical commodities are so dense that it becomes very difficult to attribute cause and effect (and therefore moral responsibility) to any one actor.
If it wasn't Facebook, it would've been someone else. That's not to absolve Facebook of its behavior, just noting that there are strong incentives in place that encourage interoperability and therefore efficiency that resulted in its actions, and these incentives affect every organization worldwide.
The only way to prevent this is to build barriers to control the flow and pay the very high price of loss in efficiency. China is way ahead of things in that sense.
91 comments
[ 3.3 ms ] story [ 170 ms ] threadThey're going to be sorry for admitting to that when we discover that Huawei or Lenovo had been harvesting that data for other purposes.
And of course Huawei and Lenovo will use data for other purposes -- they operate under different jurisdictions than FB. They also likely cannot keep ignore data requests for "national interests" even if they wanted to. And national interests include economic interests for sure.
edit: mobile
https://webcache.googleusercontent.com/search?q=cache:kP2I78...
But interesting that this happens to you. Never had that in Germany.
I don't have access to an iPhone, but is this option available on Firefox for iPhone?
This sentence has been bothering me because it feels like his lawyers wrote it. It's specifically worded to not include issues like this one.
Ref: https://www.houstonchronicle.com/techburger/article/Zuckerbe...
From the NYTimes article:
>"But the BlackBerry app had access to all of the reporter’s Facebook friends and, for most of them, returned information such as user ID, birthday, work and education history and whether they were currently online." [1]
Birthday, work and education history are all things that user's "share" on FB no?
https://www.nytimes.com/interactive/2018/06/03/technology/fa...
This is weasel language, used to avoid saying anything you can be held to having said, when that becomes inconvenient.
If you have complete control over who sees it, that should mean that no one else has any control over it...
> If you have complete control over who sees it, that should mean that no one else has any control over it...
Actually that quote is false: the Facebook algorithm has almost complete control over who actually sees your content.
I'm not concerned who "sees" my data - I want to know who can access it. If all it takes is a friend with a shady device, it's not comforting at all.
Did FB every clarify if sharing permissions would mitigate that API access? because otherwise the only solution is to a) defriend everyone and b) quit FB.
The fairer question to ask is if the strategy team pitching such work/product understood the moral implication of the work.
Not a Facebook employee, but I've wrestled with these questions after years in investment banking and a bit of adtech.
Almost anything that pays well isn't going to the end goal of feeding orphans, or improving society in any way.
Only one thing can destroy big company / country etc - inside job.
In my point of view this is beginning of FB's end.
charge them as a monopoly? when you have google and apple?
No users / data = no ads. No ads, no cash. No cash means no FB.
Btw Fb's losing users in big already.
I get FB messages, but I dont check my feed.
Occasionally I get event invites, but I check that every few weeks or month.
I dont want to act like I'm 'cutting edge', but was on gamefaqs when it was cool, FB in 2009, reddit in 2010. I dont use facebook anymore, we moved to snapchat and niche fourms.
Yes. Shocking as it may seem, being a monopoly isn't a problem per se. It's using monopoly power to do naughty things. That plus antitrust law is aching for extension into aggregator-like systems. (It also helps that Facebook neatly partitions into Facebook, Instagram and WhatsApp mandarin orange slices.)
The sentence “only available on the device” makes no sense to me as an engineer. What?
Did Facebook code review every app and OS they gave this access to? Even then, would they be able to garauntee that an update couldn’t be made to the app or some library it relied on to prevent it from harvesting the data?
If that data was encrypted, how did it get displayed on a screen without being unencrypted first and this made vulnerable to scraping?
I was an iOS and Android applications developer and I can’t think of any way to do it (at least on iOS) short of (a) keeping it completely encrypted the entire time (b) only allowing an application signed by Facebook and belonging to Facebook and controlled by Facebook completely (in iOS, at least) to get this data since iOS apps are well sandboxed from one another or (c) relying vaguely on a legal agreement that the other party not be naughty with the data contractually which means jack shit to the Chinese.
On Android - Jesus, forget about it.
In the end, a user is responsible for whom they give their username and password to. That includes typing it into an app. I hope we can redirect the publicity around this issue to scrutinizing the security of software, operating systems, and hardware. And promoting open source!
In 2009, when I signed up for facebook, I was signing up for facebook.
Not sharing with political groups and enterprises.
No one reads ToS and at that point, it should be nullified. Everyone loses their FB accounts because YOU didnt read the ToS. Facebook loses their business because they lied about people reading and accepting their ToS.
Its important to be reasonable, FB definitely went full corruption and blaming the billions of customers is laughable.
And then you try to tell people to be reasonable? That's like the pot calling the kettle black, isn't it?
In my opinion, it's American over-adherence to legal formalism to the benefit of powerful companies and the detriment of consumers that is unreasonable, not the German approach. And I say this as an American myself.
In particular, if there's some evidence that a consumer clicked a check box saying "I accept the terms of service" on a web form before submitting it, where a link to the full terms of service was offered and the check box was not checked by default, US courts will uphold far less friendly terms than German courts will.
Before you get too excited about legal jargon, no one reads the ToS. There was some study saying it would take years of your life to read it, let alone try to understand it.
ToS that are unreadable should be thrown out in court.
Everyone, including facebook knows that these are not read.
So even confidential company info can be taken by the government. In the US I think there are practical limits on this and companies have some ability and willingness to resist. From my limited experience the latter is not always the case in china, and I'd imagine the former is less true as well
No. You will see people aren't bothered by Taiwan or other far eastern countries, perhaps there's a reason.
> pretty weird
Maybe English is a weird language. I'm esl so I shouldn't be teaching you.. The reason people don't spell it out is because it is shorter, seems more polite and are afraid of looking like this[0].
[0] https://www.youtube.com/watch?v=MoATWN68IZA
When a Jewish company makes the list, get back to us. For now, you're just diverting attention from the issue.
Usage metrics have already been ticking down.
The simple consequence of globalization and economic integration is that what everyone does affects everyone else, and the networks of flow in information, energy, and physical commodities are so dense that it becomes very difficult to attribute cause and effect (and therefore moral responsibility) to any one actor.
If it wasn't Facebook, it would've been someone else. That's not to absolve Facebook of its behavior, just noting that there are strong incentives in place that encourage interoperability and therefore efficiency that resulted in its actions, and these incentives affect every organization worldwide.
The only way to prevent this is to build barriers to control the flow and pay the very high price of loss in efficiency. China is way ahead of things in that sense.