Facebook has a fully automated testing pipeline, supposedly with few human gatekeepers but not testers, and use Facebook employees as the only real testers. That gives me no confidence at all.
One bug and suddenly all the confidence is lost ? Imagine how many successful deployments happen all the time. Human testers are shitty too, bugs are missed all the time.
That is, if it truly was unintentional. In the past year, most of the "data leaks" from Facebook where entirely intentional. They might market them as accidental, but you don't accidentally write an API to expose data intentionally.
Facebook would change peoples settings on purpose during updates back in 2009. Its the reason I quit the site.
"A Facebook spokesperson said the notification is the start of new proactive and transparent way for the company to handle issues going forward"
Facebook deserves everything they have coming. IMO, They also need to rethink their PR strategy. I would of given them a second chance and tried the site but every excuse is insulting. Wow
Facebook would change peoples settings on purpose during updates back in 2009.
Man, has it been that long? W/o reading the article first, I expected the first comment to be "needs [2010] in the title", because I, too, dropped FB the day I found out that all pictures were now public (and, IIRC, "by design"). I subsequently figured it was an old story about that.
It happened several times, which makes you wonder. They have all this great engineering talent and a really fantastic test infrastructure, yet somehow never managed to write a unit test that checks if a simple boolean value doesn't toggle during an update. It's quite a mystery.
"Facebook changed every post by those users during the affected time period to private, including posts that people may have meant to share publicly. The company told CNN it took five days to make those changes."
The headline and the article seem to be contradictory. Anyone know if the article is wrong or the headline is wrong? It looks like it just might be that paragraph that got it backwards since there is a direct quote later that talks about posts being automatically suggested as public.
While "move fast and break things" sounds great and works well in a lot of cases, this is the huge problem with it. There are real consequences. And with GDPR and other privacy laws, this is will start equating to real money lost. I expect that motto to be retired much the same way Google got rid of "Don't be evil".
Well, infra is only one part of the system. ¯\_(ツ)_/¯ I feel like Facebook doesn't crash much nowadays so their infra is definitely stable, but their product code could use more work.
Who knew that startup advice when you are a 3 person shop does not apply to big corps handling a big chunk of the world's population. That's why its ludicrous to make fun of established companies for moving slow, they might be slow but try to minimize all the risk and get the same gains.
> "Due to a technical error, we recommend you review the audience of your recent posts. Learn more."
What does that even mean? What possible action can a user do to "undo" any damage? You can't really make the people who saw your posts "unsee" it.
Also, AFAIK, Facebook doesn't show the user stats of what public posts were accessed by 3rd parties like advertisers, random drive by Facebook user, so how is this statement in any way useful to the user?
“Audience setting” is internal speak for what you would call the visibility of a post. “review the audience” is unambiguous internal speak for: change the visibility setting.
I’m fairly certain that particular bug when through an emergency process and that the handful of copy-writers didn’t get to review. They are rather ruthless to pick those. I don’t remember what the grammar rule was to talk about visibility of the post, but I remember it was very specific precisely because of the distinction: who can and who has seen your posts.
I think the GP poster understood that much; what they were objecting to was the idea that there’s any point in changing who can see a post, after it’s already been sitting around for hours/days under the wrong ACL and has already ended up being shown in everyone’s timelines et al.
You're being downvoted because you tried to make a pedantic point about the particular algorithmic implementation of Facebook's per-post privacy while failing to address the thrust of the post you were replying to (after also failing to address the thrust of the GGGP post due to a different misunderstanding.)
This is especially galling (to everyone, apparently) when the particular algorithmic implementation is irrelevant to the thrust of the post you replied to, and so the "context" you're attempting to provide is not only unnecessary to provide, but is actually distracting from the point. It's reminiscent of a politician attempting to perform an act of rhetorical judo to avoid actually answering a question.
Let me restate, because obviously those people who downvoted you actually want an answer to this question: why would Facebook attempt to portray changing the privacy settings on a post hours/days after it goes out with the wrong privacy settings, as a sensible plan of action to suggest for fixing the problem they created? Everyone's already seen what you posted. Changing the privacy setting isn't a time-machine that'll make them un-see it.
Why didn't Facebook instead suggest, say, making a post reaching out to anyone who your not-so-private-after-all posts may have inadvertently hurt? That's something that actually has a chance of ameliorating the problem.
I’m sorry if I came off as pedantic. I believe that the actual principle behind how Facebook represents privacy is relevant to how they could have implemented a solution (because it's not at the level you would expect it to be, unlike the default privacy selector) but I get that this is not what you care about.
I sincerely believe that attracting readers’ attention to the problem without letting the authors’ correct it first would make the problem worst. I expect current Facebook employees to think the same.
Another key aspect to answer your question: the list of people who saw a post (or paid significant attention to) is also probably not an information that Facebook can easily access: there are aggregates streamed for ads, but gathering that information for non-sponsored posts would be genuinely hard, if not impossible in some aspects.
Even though Facebook prides itself on allowing people to speak freely, and has encouraged more open communication by default in the past, there is a clear sense that letting posts have more visibility than they should can be individually very damaging. That’s why they restricted everything until authors could review it. It’s less “a sensible plan” than the only thing they can do now.
What I wonder (and the source is not clear) is whether Facebook didn’t correct the privacy settings of posts if the author edited them -- those were presumably not affected by the default setting. It’s a minor point as few people take care of that, but it could illustrate whether they were trying to fix it as fast as possible or had a more deliberate understanding of what can be done.
Posts are often viewed hours or days after they were posted. I can’t remember ratios, but it is far from negligible, especially if they are either public or have some activity to them. Public posts on profile where most posts are only visible to friends can be seen long after their were posted, by non-friends visiting your profile.
To answer your question: I do not think that this edit is a sufficient course of action. It’s very obvious to me that such an error revealed an issue in the code release process: that should have been caught earlier and given proper review. I suspect, from having seen another major bugs being addressed, that the most senior engineers have actually already defined test to detect and prevent similar issues. Facebook does not communicate very transparently about its post-mortem, but they are probably the best in the business.
This aspect of the company (the lack of blame of the individual, often junior developper who committed the code and the instant claim of responsibilities of senior developers responsible for code quality checks) is actually one of the least talked about but most important aspect of the company culture. You very rapidly get a sense of what “Move fast, break things“ actually means: it’s about trying, tracking and never letting a failure unused as a learning opportunity –– far more than it’s about not respecting SLAs. The idea is that you often learn about unexpected dimensions of issues by making mistakes, so you might as well learn before someone else figures it out. It sounds counter-intuitive, but has proven to be an effective way to be several steps before people who try to do harm.
I personally detail that post-mortem every time that I’m asked what the company is like: people expect perks & world-domination plot: the eagerness to find a scalable technical and cultural solution is actually far more important and welcoming. I failed to see this was what you were curious about, and I apologise for that.
I suspect that the oversight is along the lines of: security and privacy are paramount and actually embedded one abstraction level below what most coders see (hence: not ACL) but the default selector has been overlooked, because its related to post editing —— under the idea that post authors are conscious of picking the right one every time: that’s obviously unrealistic, and I sus...
>> Even though Facebook prides itself on allowing people to speak freely, and has encouraged more open communication by default in the past
Seeing most Facebook content required a login and most Facebook groups are private and required an application or an invite, and still does, facebook today plays very little role if any concerning free information flow, which is ideally indexed by search engines and accessible openly by following a link.
why would Facebook attempt to portray changing the privacy settings on a post hours/days after it goes out with the wrong privacy settings, as a sensible plan of action to suggest for fixing the problem they created?
Because they are a huge company with a great deal more experience handling PR gaffs than most people posting on HN. Whatever their shortcomings in other areas, this advice actually is pretty much gold standard.
First, it prevents more eyes on it. This mitigates the damage. A lot of traffic occurs well after the first few hours.
Second, it allows people to forget. People don't have perfect memories. Some people have quite poor memories. Removing it from public view denies them the ability to return to a written record and get all hot under the collar all over again, reread it until they have essentially memorized it, etc.
Third, posting some kind of apology or something to total strangers who don't know you tends to go super badly. It gets interpreted as an admission of guilt which just fuels the fire. Most people aren't that great at giving public apologies. Public faux apologies just put out the fire with gasoline.
Fourth, if you take the advice and do what FB told you to do, you have the defensible position that FB screwed up, go be mad at them, not me. You don't get that shield if you then add more public commentary on the issue. In fact, you are just making an ass of yourself and looking like you are taking advantage of the breach to piss on strangers who don't agree with your point of view.
(edit: also, why on earth would you apologize when it is, in fact, Facebook's error?)
I wish social stuff was as straightforward as you seem to think it is. It's not. And PR is absolutely one of the few things large companies typically know more about in spades than the average person. Their advice may not be what you want to hear, but it is the least worst thing to do in a situation like this.
> also, why on earth would you apologize when it is, in fact, Facebook's error?
Because you're not apologizing that they saw your post; you're apologizing for the content of your posts.
Like, imagine that you're a [race A] guy with [race B] friends, who is also secretly super-racist against [race B], making [race B]-disparaging posts that are only visible to your [race A] friends.
One of those posts ends up visible to your [race B] friends.
Is the sensible suggestion "hide it and hope they didn't see it/hope they forget"?
Or is the sensible suggestion "hide it or delete it; and then—now that the fact that you're a racist is out in the open—start doing damage control, e.g. by profusely apologizing for your comments and trying to skew things in such a way that it makes it seem that this was a one-off thing rather than your usual secret behaviour"?
(Or, for another obvious one: what if a private post to your secret lover is made public to your spouse?)
IMHO these are the kinds of problems that are important to suggest a response for—the ones where Facebook could make a suggestion of a response that would create the most net utility, since a lack of any intervention in these cases has the potential to create the most net disutility.
Compared to these cases, the ones where someone's parents saw their pictures of them partying or what-have-you are effectively irrelevant, and shouldn't be brought into Facebook's moral calculus re: appropriate responses.
I don't see any reason why Facebook should be held responsible for advising racists on how to successfully save face and do damage control while not in any way changing their attitude. I also see no reason why Facebook should be giving advice to people being unfaithful and using their platform to facilitate it.
To be perfectly clear, I had an illicit affair in my youth and I am often quite sympathetic to the person cheating. I'm a woman, so I sometimes get women dumping on me about their cheating husband. They inevitably expect me to automatically side with them and agree that everything wrong in the marriage is his fault and to generally hate on men by default. Those conversations don't go like those women expect.
But I can't imagine using Facebook for such covert activities and if you have such a scenario on your hands, there are going to be very serious consequences for being outed. That goes well beyond PR gaff and is far outside the scope of what Facebook should be expected to try to manage on your behalf.
There are very serious matters that I think Facebook should take more responsibility for, such as their role in fueling longstanding feuds in some countries. They should take measures to stop being a means to pour gasoline on those fires.
But your specific concerns are not anything I feel Facebook needs to take responsibility for.
I will add that even in the scenarios you posit, the gold standard is to hide the post and hope they didn't see it. If they did, PR measures will not help you.
> I probably should stop trying to provide context.
I think the downvotes are far more simple than other respondents have suggested: the context you have provided here is not correct.
Facebooks post visibility management supports lists of people that are used to control access to the information. The usual defaults are "everyone" or "all friends" but you can setup others such as "friends except those wankers".
It isn't a more complex ACL arrangement (as seen for instance in NTFS file permissions) but there are lists that are used to control who gets access.
> The abstraction is quite different.
Unless of course I'm the one being incorrect... Care to state which pattern/abstraction that are using and why it is best not to be described as ACLs?
They used to be ACLs in principle, but those were mainly replaced by simpler graph-based settings: Friends only, Public, being the two big ones. Personally, I used lists a lot (by language, interest, etc.: I had up to 50 actively used lists) and the idea of acquaintances (friends who you don’t let follow you, which is a very convenient abstraction also being phased out).
The simplification had many justification (and some detractors, including me) but the key idea is that who has access to which posts is now more dependent on the graph structure than lists that too few people were maintaining. Typically, if you set a list and made friends who would fit in a list, you only add them later and there were some inconsistency around whether they should see your old posts.
Most of the changes that I’ve noticed happened after I left, but the main motivation is: users don’t understand edge cases of ACLs (or NTFS) and they really hate being surprised. Either way, actually: acquaintances hate realising they couldn’t see their “friend’s” posts; new friends hate seeing their old posts becoming visible.
The abstraction of a Group has clearly emerged as a much better way to give posts context: groups have moderators, rules, shared expectations. Those two are graph-based, rather than ACL, but the inconsistencies that you can imagine around changing membership make more sense to users.
Where it’s really different is that it’s enforced at the language level: Facebook uses Hack, a custom version of PhP where all those concepts are abstracted into the language, to be absolutely sure that junior developers can’t mess up and give access to a un-authorised resources involuntarily, or be attacked because they didn’t know about a unusual type of injection. That’s why ACLs, although still technically available through some old interfaces, are being phased out: they don’t scale well in that context, in addition to their unexpected behaviour.
I’d love someone to explain that better than I can, but I suspect it’s one of those tech that doesn’t make sense outside of the project, and that is possibly more secure if less people understand it well.
At this point it's damage limitation. Changing the settings at this point doesn't do much, but it is the only thing you _can_ do - it at least stops anyone else seeing it, and stops anyone who has seen it referring to it again in the future (if it was something embarrassing).
It doesn't undo the damage already done, you are correct. It merely lets you control how many more people see it. That way, when you apply for a job 6 months from now the folks won't see the stuff you wanted to share with a limited number of people on your friends list.
Of note here, which has always been true, but worth remembering: Facebook can change the visibility of your posts however it likes, whenever it likes. The only thing stopping them is their own ethics. (And possibly a big fine in Europe, but that will be cold comfort to anyone whose personal info is exposed thus.)
Not that it _did_, but it certainly could, and will do so if it thinks it has good enough reason.
No: Facebook can change the algo that picks the default setting of the visibility of your future posts.
Software changes are rather easy at Facebook (although that particular tool would surely have a ton of people monitoring it, including quantitative social scientists who don’t monitor a lot of pages). Changing the graph (stored information) is pretty much impossible without a lot of checks. That distinction is key to understand control at Facebook.
Facebook changed the visibility of the already-posted posts that had the bad default, without regard to user intent. All they did was decide to do it.
Sure they have internal controls so a rogue engineer can't do it. But if Facebook, as a company, decides it wants to mess with your settings, it can, and it does.
To reverse the visibility to private, you mean? I can’t start to imagine how they would do that, but “it took five days” points at a very kludgey hack.
The privacy setting on a given FB post is most likely a list of which "friend groups" within your account can see the post, and modifying that value in the database would change how the post appears. Whatever you choose is just a different parameter that gets stored on that post and can trivially be modified on FB's side in the future. FB could make every post you've ever made show up as public, and update your profile to be completely public as well. It's completely technically possible, though not too likely to happen.
Regarding the other point - the fact it took them 5 days to revert the privacy status on weeks' worth of posts of some ~14million users just points to them being thorough and _not_ doing it in a hacky manner. A hackish solution could have been done in an hour or two, most likely.
I think you were trying to distinguish 'Facebook' (the company / management at / powerful rogue agents in / whatever) and 'SWEs at Facebook', without actually calling them different things. Those are very different things, and your parent was rightly referring to the former.
The difference being, this needs malicious intent whereas accidentally configuring visibility defaults wrong or accidentally running `update foo set visibility='all'` are just a single small mistake.
Google 'could' open up all their gmail account's inboxes to an unrestricted public read-only rest api and shut down their normal email interface. They 'could' do this tomorrow. So everyone could see everyone else's email inbox.
Yahoo could do that and include even all the emails their users 'deleted'.
At one time, back in the 'olden days, everyone operated on the net as if this was a very real possibility.
I work for one of the large ecommerce tech companies - we have some great devs and run a pretty efficient cdci pipeline, stuff ships fast. There are multiple layers of unit testing, automated testing, manual testing and peer review in place to prevent this sort of thing.
Despite that, I can totally see how it wouldn't take much for a changeset in one area of the site that affected the default option in a drop-down in another to creep under the radar.
Well, my point being, we have an incredible degree of trust that these companies will operate in a continuous way, that their values will be unchanging. I too work at a large ecommerce tech company, and I can't see it suddenly changing. if you look at Yahoo, who knows in 10 years wether Verizon doesn't sell it off and the eventual owners decide that an ad-enabled 'look at everyone's emails' site wouldn't be worth the cost of buying Yahoo Mail's data.
Apple gets a lot of things wrong, but one thing it gets right is (mostly) designing things so that they couldn't get your data, even if they wanted to.
Wasn't that more social engineering and password guessing though? Nothing they can do there apart from more security layers in the password/login but people will still not use string passes and be suspectible to social engineering.
After that they did exactly that, they included multi-factor authentication when it was previously unavailable. The MFA available in 2018 is dramatically better than it was in 2014, when I believe all that occurred.
Companies that don't protect unsophisticated users from simple mistakes or inaccurate mental models will get a reputation for being insecure and lose sales. This is regardless of whether the user "should have known better."
True, but I won’t put all the blame on Apple here. A good, random 30-char password would be impossible to crack even with thousands of attempts per second.
Reddit does not allow mods or admins to modify comments from the website UI, but that didn't stop the admin from modifying comments by editing the database directly.
You are anonymous here, and your post contains no personal information, and none of your real life friends and acquaintances will see any information you intended to keep private.
With facebook, you are not anonymous, many of your posts would contain private information, and many of them could be pushed to people you didn't want to share with.
I don't know what threat models you find compelling. But the damage HN could do to someone with the info they have from an account holder is an order or two of magnitude less than the damage facebook could do.
It all boils down to: you're storing data in someone else's database. At this point, technically, they could do whatever they want with it. All that stops them from doing so is their ethics, the law, and the desire to keep their business.
That's also the only thing that stops tens of thousands of people from walking into my house, murdering me and leaving with my possessions. It is working so far.
What kind of social network could exist where no one besides the author can modify the content or privacy settings of their posts? I'm guessing every user would have to self-host their own content?
I wouldn't count on EU here. Public, state-owned EU broadcasters still naively and indefensibly maintain Facebook presences as the only way to get in touch. I mean, these are supposed to be press professionals, yet they still don't seem to understand the name of the game.
I highly doubt it. The new feature they were testing was probably rolled out to a % of their user-base (as any sane company rolling out new features does.)
Facebook has tools that lets them target experiments to specific subsets of their users. Chances are this experiment targeted 14M users in a very specific geography (generally English speaking users probably in the US/CA/NZ/AU).
Most likely, this sounds like a UI bug where users in the experiment had their default "audience" for their posts set to Public, instead of the value that it is usually set to.
The UI probably showed that it was being posted to the public, but obviously, if you weren't looking at that you'd probably expect it to have been the same as your previous default.
The notification is so misleading: "X, we recently discovered a technical error between May 18 and 27 that automatically suggested a public audiance when you were creating posts"
My problem is the "suggested a public audience", makes it sound so minor, and really your fault for going along with the "suggestion".
Maybe someone from FB can chime in and prove whether this is true but wouldn't FB take a copy of ANY data that is made public for any portion of time? So it may have been public for a day but ultimately that data is now stored and available for 3rd parties to leverage.
This is exactly what something like Archive.org would do.
So, a history of bugs that increase permissiveness. Were there ever any bugs that set things more restrictively? Or are these "bugs" a reflection of their priorities, i.e. willful neglect.
They had plenty of annoying popups saying "Oh you're posting publicly; did you know you can restrict the audience? Maybe you want to post to your friends only?". Over the years, I believe they were also tightening up the default visibility settings for new accounts.
This is not the first time, obviously. I remember vividly how they sometime 2008 or 2009 made all pictures in the Profile Pictures folder public - that's when I realized they can't be trusted at all with protecting information.
Facebook's faux pas seem to be coming thick and fast, yet it makes no dent in their apparent popularity. What sort of a beast is this that it can't be slayed by scandal after scandal?! I mean, much of the media hate it, and they jump on any chance to berate it. I personally hate it, as do a lot of other "geeky people" I know. Yet still everyone wants to use it, all the time.
It's like no one actually cares about privacy. Or what Facebook provides in exchange for privacy is somehow worth it? To me, the value proposition of Facebook simply doesn't add up... I guess much of the world strongly disagrees.
Were they ever? I read corporate horror stories as far back as corporations exist, and until the last ~100 years, the world was a totally fucked up mess anyway.
I've asked people that question and it seems the trade off is that feeling of connection. The validation that comes from sharing moments and the happy feelings it brings you when you can brag about something. In exchange for this, people are relatively lax about their privacy. I'm sure there's also a bunch of people that want to get famous so they will absorb all the followers, likes, shares and comments they can get.
I once overheard two girls talking about guys they liked at school and I shit you not, they were rating them based on how many Instagram followers they had...
A big problem seems to also be that mainstream audience can't really tell these scandals apart, they often don't understand the details or just don't have a complete picture of any single scandal, so that if another scandal gets reported within a few weeks, they'll think it's still the same issue and only rate this first scandal as somewhat worse, rather than there being a second scandal, making the whole thing roughly twice as bad. And as a result, mainstream media also just doesn't report about it as much.
A particularly strong example of this is Meltdown and Spectre. The news around those came on public TV where I live.
Now we've discovered more and worse vulnerabilities and even for me as someone who frequently reads tech news, I pretty much had to go out of my way to get information about them.
This is not the first time this has happened, and it won't be the last. Facebook is too big and way off the path for anyone's good, IMO.
As someone who uses Facebook in a limited manner for a specific topic, I set my audience to public a long time ago. If it's something I can't say in public (on Facebook), I don't trust or allow that information to be on Facebook. Period. There are other platforms for exchanging information that Facebook just cannot be trusted to handle correctly.
As the saying goes, "Fool me once, shame on you. Fool me twice, shame on me."
I stopped using the newsfeed and the time line a little no time ago. I post in some groups, where the reality is that I don't know most of the people there and what they might or might not do with my content.
For me, if there's one thing Facebook has succeeded at, it's a good amount of self-censorship.
Facebook did some research on self censorship in 2013 (I’m sure there are others but I just happened to remember the paper).
> “Our results indicate that 71% of users exhibited some level of last-minute self-censorship in the time period, and provide specific evidence supporting the theory that a user’s “perceived audience” lies at the heart of the issue: posts are censored more frequently than comments, with status updates and posts directed at groups censored most frequently of all sharing use cases investigated.”
But remember that they can only do that kind of research because they upload, eternally store and data-mine the original text that users delete before ever hitting send. Many people find that unexpected, unethical or outright creepy.
This is terrifying for people who shared things thinking that they were private (especially those suffering harassment). However, as we know, nothing you share on Facebook is private. Your posts are public regardless of what you set them to.
So set your default to public. If you feel as you need to change it for something, don't post at all.
Exactly - I did this a few years ago, and never even blink when I read this stuff. About the only thing I change the privacy setting on is if I'm traveling or similar and want to check in or post pics on the road.
I remember a very long time ago, I inadvertently changed a photo album I never deleted from private to public and it contained photos of an ex. I got a call from my then-current girlfriend with a boatload of questions. I started realizing shortly after how damaging this new (at the time) social media stuff could be. In my case, it was something relatively small, but I can't imagine what kind of stuff other people might have that could expose them on so many fronts. For this and other reasons, I slowly weaned myself off social media and never really looked back. I just use various accounts for logins and a few check-ins here and there.
I didn't have a Facebook account for the longest time, but having moved countries it sadly became necessary. These days I rarely post directly, only update friends and family on their posted statuses.
My distaste is slowly growing into action, there isn't a Facebook competitor right now (tweets, toots, or OpenSocial updates are Twitter, not Facebook). One of these days I will compete with them for no price more than staying connected.
119 comments
[ 1.8 ms ] story [ 214 ms ] threadIf only this was Facebook's first bug.
"A Facebook spokesperson said the notification is the start of new proactive and transparent way for the company to handle issues going forward"
Facebook deserves everything they have coming. IMO, They also need to rethink their PR strategy. I would of given them a second chance and tried the site but every excuse is insulting. Wow
Man, has it been that long? W/o reading the article first, I expected the first comment to be "needs [2010] in the title", because I, too, dropped FB the day I found out that all pictures were now public (and, IIRC, "by design"). I subsequently figured it was an old story about that.
But it happened again recently, huh?
The headline and the article seem to be contradictory. Anyone know if the article is wrong or the headline is wrong? It looks like it just might be that paragraph that got it backwards since there is a direct quote later that talks about posts being automatically suggested as public.
1. Facebook defaulted a bunch of posts to public, when they should have been something else.
2. Users posted a bunch of things with this unexpected default
3. As one part of fixing the bug, Facebook changed all posts made with the unexpected default to private. They were attempting to undo the damage.
Some of the posts they made private probably were intended to be public, so they made things worse for certain users.
[0]: https://www.cnet.com/news/zuckerberg-move-fast-and-break-thi...
https://abc.xyz/investor/other/google-code-of-conduct.html
What does that even mean? What possible action can a user do to "undo" any damage? You can't really make the people who saw your posts "unsee" it.
Also, AFAIK, Facebook doesn't show the user stats of what public posts were accessed by 3rd parties like advertisers, random drive by Facebook user, so how is this statement in any way useful to the user?
I’m fairly certain that particular bug when through an emergency process and that the handful of copy-writers didn’t get to review. They are rather ruthless to pick those. I don’t remember what the grammar rule was to talk about visibility of the post, but I remember it was very specific precisely because of the distinction: who can and who has seen your posts.
But after being hammered by downvotes, I realise I probably should stop trying to provide context.
This is especially galling (to everyone, apparently) when the particular algorithmic implementation is irrelevant to the thrust of the post you replied to, and so the "context" you're attempting to provide is not only unnecessary to provide, but is actually distracting from the point. It's reminiscent of a politician attempting to perform an act of rhetorical judo to avoid actually answering a question.
Let me restate, because obviously those people who downvoted you actually want an answer to this question: why would Facebook attempt to portray changing the privacy settings on a post hours/days after it goes out with the wrong privacy settings, as a sensible plan of action to suggest for fixing the problem they created? Everyone's already seen what you posted. Changing the privacy setting isn't a time-machine that'll make them un-see it.
Why didn't Facebook instead suggest, say, making a post reaching out to anyone who your not-so-private-after-all posts may have inadvertently hurt? That's something that actually has a chance of ameliorating the problem.
I’m sorry if I came off as pedantic. I believe that the actual principle behind how Facebook represents privacy is relevant to how they could have implemented a solution (because it's not at the level you would expect it to be, unlike the default privacy selector) but I get that this is not what you care about.
I sincerely believe that attracting readers’ attention to the problem without letting the authors’ correct it first would make the problem worst. I expect current Facebook employees to think the same.
Another key aspect to answer your question: the list of people who saw a post (or paid significant attention to) is also probably not an information that Facebook can easily access: there are aggregates streamed for ads, but gathering that information for non-sponsored posts would be genuinely hard, if not impossible in some aspects.
Even though Facebook prides itself on allowing people to speak freely, and has encouraged more open communication by default in the past, there is a clear sense that letting posts have more visibility than they should can be individually very damaging. That’s why they restricted everything until authors could review it. It’s less “a sensible plan” than the only thing they can do now.
What I wonder (and the source is not clear) is whether Facebook didn’t correct the privacy settings of posts if the author edited them -- those were presumably not affected by the default setting. It’s a minor point as few people take care of that, but it could illustrate whether they were trying to fix it as fast as possible or had a more deliberate understanding of what can be done.
Posts are often viewed hours or days after they were posted. I can’t remember ratios, but it is far from negligible, especially if they are either public or have some activity to them. Public posts on profile where most posts are only visible to friends can be seen long after their were posted, by non-friends visiting your profile.
To answer your question: I do not think that this edit is a sufficient course of action. It’s very obvious to me that such an error revealed an issue in the code release process: that should have been caught earlier and given proper review. I suspect, from having seen another major bugs being addressed, that the most senior engineers have actually already defined test to detect and prevent similar issues. Facebook does not communicate very transparently about its post-mortem, but they are probably the best in the business.
This aspect of the company (the lack of blame of the individual, often junior developper who committed the code and the instant claim of responsibilities of senior developers responsible for code quality checks) is actually one of the least talked about but most important aspect of the company culture. You very rapidly get a sense of what “Move fast, break things“ actually means: it’s about trying, tracking and never letting a failure unused as a learning opportunity –– far more than it’s about not respecting SLAs. The idea is that you often learn about unexpected dimensions of issues by making mistakes, so you might as well learn before someone else figures it out. It sounds counter-intuitive, but has proven to be an effective way to be several steps before people who try to do harm.
I personally detail that post-mortem every time that I’m asked what the company is like: people expect perks & world-domination plot: the eagerness to find a scalable technical and cultural solution is actually far more important and welcoming. I failed to see this was what you were curious about, and I apologise for that.
I suspect that the oversight is along the lines of: security and privacy are paramount and actually embedded one abstraction level below what most coders see (hence: not ACL) but the default selector has been overlooked, because its related to post editing —— under the idea that post authors are conscious of picking the right one every time: that’s obviously unrealistic, and I sus...
Seeing most Facebook content required a login and most Facebook groups are private and required an application or an invite, and still does, facebook today plays very little role if any concerning free information flow, which is ideally indexed by search engines and accessible openly by following a link.
Because they are a huge company with a great deal more experience handling PR gaffs than most people posting on HN. Whatever their shortcomings in other areas, this advice actually is pretty much gold standard.
First, it prevents more eyes on it. This mitigates the damage. A lot of traffic occurs well after the first few hours.
Second, it allows people to forget. People don't have perfect memories. Some people have quite poor memories. Removing it from public view denies them the ability to return to a written record and get all hot under the collar all over again, reread it until they have essentially memorized it, etc.
Third, posting some kind of apology or something to total strangers who don't know you tends to go super badly. It gets interpreted as an admission of guilt which just fuels the fire. Most people aren't that great at giving public apologies. Public faux apologies just put out the fire with gasoline.
Fourth, if you take the advice and do what FB told you to do, you have the defensible position that FB screwed up, go be mad at them, not me. You don't get that shield if you then add more public commentary on the issue. In fact, you are just making an ass of yourself and looking like you are taking advantage of the breach to piss on strangers who don't agree with your point of view.
(edit: also, why on earth would you apologize when it is, in fact, Facebook's error?)
I wish social stuff was as straightforward as you seem to think it is. It's not. And PR is absolutely one of the few things large companies typically know more about in spades than the average person. Their advice may not be what you want to hear, but it is the least worst thing to do in a situation like this.
Because you're not apologizing that they saw your post; you're apologizing for the content of your posts.
Like, imagine that you're a [race A] guy with [race B] friends, who is also secretly super-racist against [race B], making [race B]-disparaging posts that are only visible to your [race A] friends.
One of those posts ends up visible to your [race B] friends.
Is the sensible suggestion "hide it and hope they didn't see it/hope they forget"?
Or is the sensible suggestion "hide it or delete it; and then—now that the fact that you're a racist is out in the open—start doing damage control, e.g. by profusely apologizing for your comments and trying to skew things in such a way that it makes it seem that this was a one-off thing rather than your usual secret behaviour"?
(Or, for another obvious one: what if a private post to your secret lover is made public to your spouse?)
IMHO these are the kinds of problems that are important to suggest a response for—the ones where Facebook could make a suggestion of a response that would create the most net utility, since a lack of any intervention in these cases has the potential to create the most net disutility.
Compared to these cases, the ones where someone's parents saw their pictures of them partying or what-have-you are effectively irrelevant, and shouldn't be brought into Facebook's moral calculus re: appropriate responses.
To be perfectly clear, I had an illicit affair in my youth and I am often quite sympathetic to the person cheating. I'm a woman, so I sometimes get women dumping on me about their cheating husband. They inevitably expect me to automatically side with them and agree that everything wrong in the marriage is his fault and to generally hate on men by default. Those conversations don't go like those women expect.
But I can't imagine using Facebook for such covert activities and if you have such a scenario on your hands, there are going to be very serious consequences for being outed. That goes well beyond PR gaff and is far outside the scope of what Facebook should be expected to try to manage on your behalf.
There are very serious matters that I think Facebook should take more responsibility for, such as their role in fueling longstanding feuds in some countries. They should take measures to stop being a means to pour gasoline on those fires.
But your specific concerns are not anything I feel Facebook needs to take responsibility for.
I will add that even in the scenarios you posit, the gold standard is to hide the post and hope they didn't see it. If they did, PR measures will not help you.
> I probably should stop trying to provide context.
I think the downvotes are far more simple than other respondents have suggested: the context you have provided here is not correct.
Facebooks post visibility management supports lists of people that are used to control access to the information. The usual defaults are "everyone" or "all friends" but you can setup others such as "friends except those wankers".
It isn't a more complex ACL arrangement (as seen for instance in NTFS file permissions) but there are lists that are used to control who gets access.
> The abstraction is quite different.
Unless of course I'm the one being incorrect... Care to state which pattern/abstraction that are using and why it is best not to be described as ACLs?
The simplification had many justification (and some detractors, including me) but the key idea is that who has access to which posts is now more dependent on the graph structure than lists that too few people were maintaining. Typically, if you set a list and made friends who would fit in a list, you only add them later and there were some inconsistency around whether they should see your old posts.
Most of the changes that I’ve noticed happened after I left, but the main motivation is: users don’t understand edge cases of ACLs (or NTFS) and they really hate being surprised. Either way, actually: acquaintances hate realising they couldn’t see their “friend’s” posts; new friends hate seeing their old posts becoming visible.
The abstraction of a Group has clearly emerged as a much better way to give posts context: groups have moderators, rules, shared expectations. Those two are graph-based, rather than ACL, but the inconsistencies that you can imagine around changing membership make more sense to users.
Where it’s really different is that it’s enforced at the language level: Facebook uses Hack, a custom version of PhP where all those concepts are abstracted into the language, to be absolutely sure that junior developers can’t mess up and give access to a un-authorised resources involuntarily, or be attacked because they didn’t know about a unusual type of injection. That’s why ACLs, although still technically available through some old interfaces, are being phased out: they don’t scale well in that context, in addition to their unexpected behaviour.
I’d love someone to explain that better than I can, but I suspect it’s one of those tech that doesn’t make sense outside of the project, and that is possibly more secure if less people understand it well.
Not that it _did_, but it certainly could, and will do so if it thinks it has good enough reason.
Software changes are rather easy at Facebook (although that particular tool would surely have a ton of people monitoring it, including quantitative social scientists who don’t monitor a lot of pages). Changing the graph (stored information) is pretty much impossible without a lot of checks. That distinction is key to understand control at Facebook.
Sure they have internal controls so a rogue engineer can't do it. But if Facebook, as a company, decides it wants to mess with your settings, it can, and it does.
This event is an existence proof of that.
And also making private anything you legitimately wanted made public, because they couldn't tell the difference.
Regarding the other point - the fact it took them 5 days to revert the privacy status on weeks' worth of posts of some ~14million users just points to them being thorough and _not_ doing it in a hacky manner. A hackish solution could have been done in an hour or two, most likely.
584,203,510,091,521 records updated
Whatever user groups they create are only ever going to be an artificial construct - it's all just lists of stuff
Yahoo could do that and include even all the emails their users 'deleted'.
At one time, back in the 'olden days, everyone operated on the net as if this was a very real possibility.
I work for one of the large ecommerce tech companies - we have some great devs and run a pretty efficient cdci pipeline, stuff ships fast. There are multiple layers of unit testing, automated testing, manual testing and peer review in place to prevent this sort of thing.
Despite that, I can totally see how it wouldn't take much for a changeset in one area of the site that affected the default option in a drop-down in another to creep under the radar.
Companies that don't protect unsophisticated users from simple mistakes or inaccurate mental models will get a reputation for being insecure and lose sales. This is regardless of whether the user "should have known better."
With facebook, you are not anonymous, many of your posts would contain private information, and many of them could be pushed to people you didn't want to share with.
I don't know what threat models you find compelling. But the damage HN could do to someone with the info they have from an account holder is an order or two of magnitude less than the damage facebook could do.
You made me curious. For what exactly could Facebook be fined, and how much would that fine be?
Facebook has tools that lets them target experiments to specific subsets of their users. Chances are this experiment targeted 14M users in a very specific geography (generally English speaking users probably in the US/CA/NZ/AU).
Most likely, this sounds like a UI bug where users in the experiment had their default "audience" for their posts set to Public, instead of the value that it is usually set to.
The UI probably showed that it was being posted to the public, but obviously, if you weren't looking at that you'd probably expect it to have been the same as your previous default.
My problem is the "suggested a public audience", makes it sound so minor, and really your fault for going along with the "suggestion".
This is exactly what something like Archive.org would do.
It's like no one actually cares about privacy. Or what Facebook provides in exchange for privacy is somehow worth it? To me, the value proposition of Facebook simply doesn't add up... I guess much of the world strongly disagrees.
there are no repercussions anymore. uber, telcos, <cough>white house</cough>, facebook, airlines (beaten anybody up recently?), fifa, equifax.
and it sucks.
I once overheard two girls talking about guys they liked at school and I shit you not, they were rating them based on how many Instagram followers they had...
A particularly strong example of this is Meltdown and Spectre. The news around those came on public TV where I live. Now we've discovered more and worse vulnerabilities and even for me as someone who frequently reads tech news, I pretty much had to go out of my way to get information about them.
As someone who uses Facebook in a limited manner for a specific topic, I set my audience to public a long time ago. If it's something I can't say in public (on Facebook), I don't trust or allow that information to be on Facebook. Period. There are other platforms for exchanging information that Facebook just cannot be trusted to handle correctly.
As the saying goes, "Fool me once, shame on you. Fool me twice, shame on me."
For me, if there's one thing Facebook has succeeded at, it's a good amount of self-censorship.
> “Our results indicate that 71% of users exhibited some level of last-minute self-censorship in the time period, and provide specific evidence supporting the theory that a user’s “perceived audience” lies at the heart of the issue: posts are censored more frequently than comments, with status updates and posts directed at groups censored most frequently of all sharing use cases investigated.”
- Source - https://research.fb.com/publications/self-censorship-on-face...
So set your default to public. If you feel as you need to change it for something, don't post at all.
My distaste is slowly growing into action, there isn't a Facebook competitor right now (tweets, toots, or OpenSocial updates are Twitter, not Facebook). One of these days I will compete with them for no price more than staying connected.
You know the score, pal! If you're not facebook, you're little people.