134 comments

[ 3.0 ms ] story [ 196 ms ] thread
> In the EU all bank accounts are now required to have an API. This has massively reduced the power of incumbent banks, allowing for rapid innovation in the banking and payments sector. The same would and could happen if platform such as Facebook and Twitter were required to have an API.

I agree with the author's assertion of a problem, but this is really confusing. Both Facebook and Twitter DO have APIs. Granted the APIs are proprietary and subject to significant restrictions on acceptable use and functionality. However, providing even a full-featured API doesn't change the effect of the platforms owning a person's user account and persona, or their ability to suck people in to waste countless hours watching their ad targeting feed algorithms.

Only true decentralization of social graph hosting will really address the core issue of centralized power.

Forcing Facebook and Twitter to have truly open APIs would be amazing. We'd have everything from custom clients, custom News Feed algorithms and much more.. Heck, they can even require ads to be served, the point is we'd be in a far better situation than we are now.
Forcing Facebook to have truly open API means forcing them to allow Cambridge Analytica to vacuum up everyone's data.
Open API doesn't mean all data available to everyone all the time. You'd still have ACLs and privacy options. It would just mean that the data and interactions you as a user already have in Facebook's proprietary walled garden, would be API callable from 3rd parties.

Today you cannot see my FB page if we're not friends, an open API wouldn't allow you to access my data either. If we were friends, you could use your custom FB client to look at my page though, which would be very user friendly.

> It would just mean that the data and interactions you as a user already have in Facebook's proprietary walled garden, would be API callable from 3rd parties.

This was precisely the level of access which caused the Cambridge Analytica scandal.

In what way? They were not using user level permissions.
> Facebook also allowed developers to collect some information on the friend networks of people who used Facebook Login.

So no, Cambridge Analytics did not have API access to everything that that that the users who used Facebook login had access to. This was a specific set of permissions granted to apps with which users used their Facebook identities as login identities.

That's right, so I'm not sure how we're drawing different conclusions from it. Cambridge Analytica got an API that was only moderately open, with much less than the full access you'd need to implement something like a Facebook client, and that amount of access still wasn't okay.
Again, this access was granted when you used your facebook identity to log into a 3rd party site, not using an API to provide an alternative client to the user. Those are very different use cases and have very different expectations of privacy and levels of concern.

Your browser has direct access to TONS of private data, if you install certain browser extensions they have access to all that data as well. A custom facebook client would be fundamentally similar and would clearly be considered a piece of software that requires trust to use. The level of trust you should have in the software provider who provides such clients is MUCH higher than a 3rd party site where you simply used facebook as a login provider.

You would see ads for people to install the "Cambridge Facebook Client -- Earn $2/month just by using Facebook!" While they silently slurp up the same information on not just that person, but their friends.
Why would this be any different from browsers and browser extensions?
It's not different. The current state of the browser extension ecosystem can cause and has caused massive data privacy violations; browser vendors are locking down previously open APIs to try and remediate that, breaking some functionality that developers want. Context:

https://securitywithsam.com/2019/07/dataspii-leak-via-browse...

https://www.zdnet.com/article/apple-neutered-ad-blockers-in-...

I'm not saying that browser extensions don't present risks of data privacy violations, they clearly do and you should only use extensions from companies that you are willing to trust with this level of access.

What I am saying is that these risks ALREADY exist with browser extensions and facebook and providing an API to allow alternative clients for accessing facebook would be an analogous type risk and security expectations. (Although I would argue that an API could be lower risk if you can grant the API key for your client a specific set of permissions.)

My point is: A site where you use facebook SSO carries a very different type of risk and set of privacy expectations than a client that you use to login to facebook.

Even if you do “trust” the company now, there have been plenty of instances where trusted extensions were sold to less than trustworthy companies after the extension had millions of installs.
But if I access data through the API how does Cambridge Analytica influence me?
False, the level of access which caused that scandal and others was the fact that the early versions of the Facebook API granted access to second degree nodes in the network once you approved an app. Cambridge did not manage to get hundreds of millions of people to take their survey, they got access to the hundreds of millions of friends of those who did.
> If we were friends, you could use your custom FB client to look at my page though, which would be very user friendly.

Yes, this is what used to exist, and this is what Cambridge Analytica exploited. The level of access I'm talking about, and what people in this thread are advocating for, is allowing a third party app to see all info an authenticated user is authorized to see (including their friend's info).

A FB api that doesn't provide information about my friends can't replace the feed.
In practice it would for anything which the API can touch given "dancing monkey > security" levels of security awareness in practice.
> You'd still have ACLs and privacy options.

People saw an ACL grant screen before Cambridge Analytica took their data. Too many of these screens and people just click "OK."

Maybe they actually are OK with it? I know I am. On most services your friend list is public, I don't see that as sensitive information and if I did, I wouldn't use social networks since info I share with people is already available to anyone they chose to share it with.
Right, and that's all you need for Cambridge Analytica to happen. They didn't have a backdoor to see everyone's data all the time; they just used the open-ish APIs that existed back before 2015, allowing them to grab all the data all your friends shared with you if you gave their custom app permission.
Presumably such an API would be restricted to only accessing data generated by the person who approved the API. For example, it would prevent any kind of "news feed" functionality until your connected network also granted access. (This is distinct from what happened with CA)
(comment deleted)
Cambridge Analytica didn't need all data available to everyone. They had access to an API exactly as you'd describe: with ACLs and privacy options.
They didn't have all the data Facebook has though, just the data people explicitly granted them via the ACLs. That includes data they had access to view, but that's ok as it's the nature of social networking and communication. Once you send someone information, they can do with it as they please including share it with 3rd parties (unless you have some sort of contract saying that's forbidden).
The problem is that Facebook defaults to everything being open. So even though we may not be able to see your page to get your friends list, unless all of your friends toggle on the same privacy settings anyone could reconstruct your friends list by finding all people that have you as a friend.

Defaults matter.

I truly wonder what would happen if FB were forced to make all security and privacy settings default to tightest possible, and therefore users would have to see the settings and decide just how exposed they wanted to be...

Of course, FB would have to be forced into it by law, and they'd lobby hard against being the only company so burdened, so they law would only pass if it applied to every option in every software... and every company in the world would scream "But users will hate us! Our profits! oh my!"

No doubt a huge number of people would be outraged by that much workload forced on them, but I like that world.

Yeah, I use uMatrix on maximum blacklisting on every site all the time, and Blockada on my phone, ...

Is that a problem though? It's the nature of the service. Facebook was basically built to show off who you are connected to.
>It would just mean that the data and interactions you as a user already have in Facebook's proprietary walled garden, would be API callable from 3rd parties.

I'm not sure you're entirely clear on how the Cambridge Analytica hack worked?

Thus you end up with 3rd party clients gaining access to data of others who never granted them explicit access (aka Cambridge Analytica) through friend connections.
Right but that's not "everyone's data", it's just data available to people who granted that app permission. You can't for instance get a FB firehose of everyone's posts.

That's the nature of social data (and it's already this way for email -- Google knows what you email @gmail.com addresses even if you don't have one).

I personally see nothing wrong with this. I didn't think Cambridge Analytica was a big deal either, just something the media blew out of proportion. If you communicate with people, what you send them will be available to whoever they share it with.

There is something qualitatively different about showing a private email to a friend or partner, and it being available to an unknown third party business because someone got dark-patterned into agreeing.
There's no way to prevent this though. You already don't know what your connection's email clients are doing with the emails you send them. That's a much bigger info leak than anything that's going to happen on FB but no one seems concerned about it.
what’s stopping those third parties from using the access that you gave it to gather data of your friends? Can I block access from your third party client?
Nothing, but that's how it works today. I could show anyone my feed and they could see my friends activity. Same with my web browser, plugins, anything happening to be running in my OS that can capture screenshots, people looking over my shoulder... I'd argue that those are even greater risks as people I know are most likely more sensitive to the information I publish than 3rd party businesses that are scraping data in aggregate for ad targeting purposes.

There will always be the analog hole and many a user experience have been degraded in the quixotic attempt to close it.

Unless your friends looking at your computer are going to write down your whole social graph manually, I doubt that’s the the same threat.

Also, most people use one of three browsers. I don’t trust Google but I doubt they are surreptitiously using everyone’s FB login to crawl their social graph.

(comment deleted)
I don't see how this is true any more than it is for a bank API.

I just want API access to the content --I wrote-- that they are monetizing (even if it's just a lure to get my friends on their platform), and if my friends grant me access to something they have written or shared, the API should allow that.

I agree that there are likely ways this can be used to do all kinds of terrible thing. But so could bank APIs.

And that was the full set of things that Cambridge Analytica got API access to; the data of people who authorized the app, and any data their friends shared with them. (In fact, they actually got a bit less than that; for instance, Facebook had already locked down the API to prevent apps from seeing email addresses.)

If you’re taking the position that Cambridge Analytica wasn’t actually that bad, and it’s worth the trade for a better developer experience, I think that’s an intensely unpopular but defensible claim.

> If you’re taking the position that Cambridge Analytica wasn’t actually that bad, and it’s worth the trade for a better developer experience, I think that’s an intensely unpopular but defensible claim.

I'll take that position. The media made a huge deal out of Cambridge Analytica but it didn't impact FB usage at all, so I don't think it's as intensely unpopular as you suggest. On most social media services, your friend list is public. I think people who feel that's somehow sensitive information shouldn't be on social media in the first place because there's nothing stopping any one of their friends from sharing all of your info with whoever they want.

No, in the same way that an open bank API doesn't mean allowing thieves to vacuum up everyone's money. Open API != open data.
In this context it does mean open data. Facebook already provides APIs for looking at your own stuff; to develop a custom client or such, it’s other people’s data that you’d need an API for.
We're more likely to see new networks with open APIs than trying to convince a leopard to change its spots.
(comment deleted)
Just to be clear, you don't really mean forcing FB to have an API that would let anyone access any piece of data on FB do you?

I mean, you're advocating for an open API to let people access maybe some public photos and such, but nothing private and no personally identifiable connection information right?

Just as a matter of full disclosure, I believe anything sensitive should require explicit consent of the user for each bit of data you download from their profile. I don't believe in radically open data APIs on FB because there is a bit of an argument to be made that it's not FBs data, it's that user's data. If she doesn't want to give the world access to her messages to her lover there should certainly be no API level method that overrides her intentions there.

I don't see how this would encourage competition?
It doesn't. He's glossing over the problem of antitrust needs. An open API would still leave FB in a near-monopolistic control of social data. The FAANG companies can easily buy up and squash potential competitors because for the last few decades government has taken a very narrow view of antitrust with little enforcement effort.
He doesn't say why it's a trap to think about facebook in terms of publisher versus carrier.

Someone made an insightful comment here the other day saying that they (the tech companies) chose to play publisher and opened themselves up to whole lot of legal battles and complaints, when they should have stayed with the carrier option.

Carrier option likely means Facebook cannot use algorithms to recommend and rank posts that would drive engagement.

Algorithms are a great factor as to why a Facebook got users hooked into its service and drives up ad revenue.

I’d like to know why so many people treat the publisher vs. carrier issue as some natural law of speech, when it’s actually a fairly recent concept. To me it seems like a false dichotomy. Arguing from first principles, why should there be a binary choice between those two options?
I’d like to know why so many people treat the publisher vs. carrier issue as some natural law of speech

How do you mean, exactly? I feel that I understand your point but am trying not to make any assumptions.

> why should there be a binary choice between those two options?

Because the distinction is binary. You either censor what information people consume beyond what the law requires you to or you don't. publisher vs. carrier is the legal distinction between the two.

Citation badly needed. Please indicate the law that says "as soon as you moderate, you become responsible for all the other content on your platform."

Because I don't think there is one. And I think that's an extremely strained interpretation of Section 230.

The argument is not legal, but semantic. Unless the post you are replying to is edited, you are asking for citation for a quote that was not made by the person you are replying to.
Their post specifically stated a legal argument:

>> publisher vs. carrier is the legal distinction between the two

So I'm curious about the law that provides that.

My quotation marks are to summarize the position being made - I use >> for direct quotes.

Your summary seems rather inaccurate.

The person you are responding to is merely pointing out that there is a binary distinction between those that exert editorial control over their content and those that don't and that "publisher" and "common carrier" are the legal terms that cover those two binary categories (which may not be strictly accurate.)

There is nothing about responsibility, so you are putting words in their mouth.

The legal protections for "common carriers" were established via Case Law in Smith v. California and extended to online platforms in Cubby, Inc. v. CompuServe Inc. this was then limited to not cover online "publishers" who exert editorial control in Stratton Oakmont Inc. v. Prodigy Services Co.

Section 230 was intended to limit this last Case Law decision and extend the protections given to online "common carriers" to online "publishers".

Because of liability. A newspaper or TV station can be sued for false content, not the printing company or the station engineers.
I can sue a TV station for telling lies on the air? Really? How much am I likely to win from this, because if it's true, I'm ready to start a legal crusade today.

Oh, right... I won't get a penny. Free speech also means the freedom to tell bald-faced lies, without consequence.

Actually that's not true in a lot of the world. If you or your society are harmed by the lies, you can seek damages.
We need carriers, because we need people to be able to dedicate themselves to plumbing without having to worry about the terabytes crossing across them. If they did, the Internet would grind to a halt from all the necessary processing and blocking and examination.

We want publishers to carry some responsibility, for various obvious reasons.

It seems to me that once someone is being held a little bit responsible, they're going to be forced to act as being fully responsible and need the power to block a bit of content, which will then come with the full corresponding responsibility for blocking that piece of content. What do you see as a middle ground? (This is an honest question, not an argument.)

The middle ground to me is something like "people should be free to interact, but if they're going to say something I think is racist they need to do it elsewhere." (Substitute "racist" with whatever you wish in this scenario).

At that point, the publisher vs. carrier crowd goes "well, that racist thing wasn't illegal, so now you have to be responsible for everything someone says." But I don't really care about what most of people say; I just don't want them to be racist.

This isn't a standard we apply to most businesses. If I run a bar, I can generally remove a patron for saying something without the conduct I choose to allow coming under scrutiny.

I agree re: carriers, for the reasons you stated. But to me that's a status mostly reserved for plumbing-type infrastructure, not a choice services have to make when they're deciding what type of content to host.

> But I don't really care about what most of people say; I just don't want them to be racist.

I hope you're ready to be accused of being a sexist and anti-Semite by many people's definitions. Not to mention that I hope you know that watermelon, dancing, math, and balloons are racist (according to someone with 1000 Tumblr followers, probably), and so have no place on your platform. The point being that determining what is and isn't racist can be a pretty hard problem.

Coming up with an objective and broadly agreeable rubric would indeed be difficult. But this is my hypothetical service, so the only definition of racism that really matters is my own. People are free to disagree and criticize, of course — but ultimately it’s my way or the highway, so to speak.

I’ll also note that this doesn’t really answer my question. What is the reason for the platform vs. publisher dichotomy? If I choose not to host content I don’t want to, why does it follow that I should be liable for any content I host?

> People are free to disagree and criticize, of course — but ultimately it’s my way or the highway

No, it is not your way or the highway, though. Because you, as the platform, are also subject to the opinions of the public, now.

And if you are subject to the opinions of the public, then you might start to decide to censor more and more things, not because you actually think that they are bad, but instead because some vocal minority is clammering for it to be banned.

I don't want you to be subject to that public opinion. Instead, I want to give platforms an excuse to say "sorry! We can't ban anything at all, because we are required to act neutrally!".

That way nobody can complain and try and pressure the network into expanding their definition of bad things more and more.

Every company is subject to the opinions of the public. I avoid Google products because they don't respect my privacy; I know people who don't use Apple products because they're too controlling. That is called "doing business".

And trying to be neutral doesn't even insulate you from those opinions! When I realized my previous webhost's position was to allow e.g. Nazi content as long as it was legal, I switched hosts. What do you think that webhost would do if enough people followed suit?

> Every company is subject to the opinions of the public

When was the last time that the phone company was protested because it refused to censor certain people?

The answer is that this basically never happens.

> What do you think that webhost would do if enough people followed suit?

Well, if it was illegal for webhosts to refuse service to groups, then I don't think that these webhosts would be protested, or whatever, for not censoring certain groups.

> trying to be neutral doesn't even insulate you from those opinions

Which is why I want to give networks an excuse, where they can say "Sorry everyone! It is completely out of our hands! We can't censor them even if we wanted to."

> I switched hosts

And if every host is hosting controversial content, then you won't be able to find any that isn't being neutral.

Have you changed your phone provider, because Nazis are using AT&T to make phone calls? I doubt it.

Like I said, I think "carriers" are important for plumbing-type infrastructure services. This includes phone companies and ISPs. It strains credulity to say that Facebook or a webhost falls under that same umbrella.

You're assuming that networks are looking for an excuse, but plenty of network operators don't want to serve certain types of content. Making that illegal just means network operators are the ones being censored, rather than their users — except the penalty for disobedience is no longer simply finding another network, but fines and jail time. That does not strike me as an improvement.

This also still doesn't answer my original question: if I as a business owner/network operator don't want to serve certain types of content, why does it then follow that I should be liable for everything I do serve?

One important difference is that YouTube carries content to be consumed by the public, while phone companies are more like the postal service: they send things from point A to point B, blindly (except for snooping from intelligence agencies), between private parties. These companies have many common carrier aspects, but they also have many aspects of regular private enterprises.

I agree that perhaps some degree of regulation could be warranted to adddess their unique sort-of-carrier status, but saying that they should be forbidden by the state from disallowing anything that's legal is a slippery slope in the same way biased censorship is. For example, they may not want any risk of people seeing extreme gore videos, since that could cause people to use their service less, even though such videos are typically not illegal to distribute or view. But with total free reign over a behemoth communication monopoly, politically biased content curation and removal is also a huge problem. I think there needs to be a middle ground approach.

what if you think it's racist but someone else thinks it's fine? Who gets to decide?
Whoever has the greatest number of followers gets to be the arbiter of truth.
Currently that's FB/Twitter (aggregating populations using).

When the arbiter of truth is a profit-oriented, authoritarian regime (ie, any corporation) that's not beholden to anyone - bad things happen.

Just look at Apple's AppStore for an example (at least politics isn't influenced by Apps).

The issue is a bar isn't an embedded monopoly, but Facebook is. Want a social network? Facebook's the only real game in town. Videos? You have to use YouTube. Photos? Instagram (Facebook). Microblogging? Twitter. There's Diaspora, and Vimeo, and Mastodon, but these are basically non-factors statistically, and they serve different, less common niches.

Not to say a company needs to permit all content, no matter how racist or bad, just because it's a monopoly and a sort-of-carrier. But things definitely get trickier. If you're banned from YouTube, you basically can't upload videos anymore, period, at least if you want anyone to look at them. These companies don't fit the classical mode of a carrier, like a telephone provider, because they carry content to be consumed openly by the public. I think Discord is probably the closest thing to a more traditional carrier, though it's still not totally comparable.

There's no good solution here other than debating a reasonable middle ground. These companies probably do need to be more open with what they allow compared to a small business, but they should still also have leeway to make their own decisions.

That's a pretty wishy-washy answer, but I think it's the only alternative to avoid the extremes of either full public utility regulation with government-enforced free speech, or super nitpicky and biased content curation. They can't be treated like either a standard business or a public service. They're in between.

Let me preface this by saying I am sympathetic to breaking up monopoly-esque companies that amass too much power. That said, I think this sentence is the crux of your comment:

> If you're banned from YouTube, you basically can't upload videos anymore, period, at least if you want anyone to look at them.

There's a pithy statement that applies here: "freedom of speech is not freedom of reach". Because there are plenty of other ways to upload videos — Vimeo and PeerTube and your own server — but none have YouTube's killer feature, which is distribution to a built-in audience.

Let's back up a few decades and say you want to promote Nazism, which is legal. Your options are pretty limited! No major newspaper will publish your article, no major radio station will let you speak and no major TV channel will give you a show. You can distribute your own newsletter, get on public access TV, transmit on unused radio frequencies, or maybe even find a small company that will allow you. But for the most part, you can't distribute to large audiences, and no one has a problem with this.

Enter the Internet. Now anyone can publish things consumable by anyone in the world… but all of a sudden that's not enough, and it's imperative that it's just as easy for Nazis to reach a huge audience as anyone else? What is so fundamentally different about YouTube vs. TV networks that we need to revisit this?

Granted, Nazism is an extreme example; it's more likely that people are concerned about e.g. alleged censorship of conservative views. But it's difficult for me to really care about this, because these are still mainstream views! Even if you don't think you're welcome on Twitter, you can go to Gab or Voat. You can read about it on Breitbart and The Daily Caller. You can get it delivered in the Wall Street Journal. You can watch it on Fox News. For speech that is being "censored", it sure is easy to find.

I'll finish by reiterating my support for breaking up giant companies that effectively control a large part of discourse. Concentrated power is never a good thing. But I think it's a gross violation of free speech to force networks to distribute content they don't want to — especially when there are always options for people to get their speech out.

I think there should only be some tiny degree of forcing. A provider like Facebook and YouTube have immense power to influence elections, for example. This is super exaggerated, but if, say, every pro-Republican video is removed or hidden behind an adult/extreme/offensive warning, while most pro-Democrat videos are left untouched, think about what effect that may have on current generations, and generations in 10 and 20 years from now, who grow up on YouTube content essentially. It'll probably influence your thinking.

I definitely don't want them to be classified as public utilities or even broken up. I think very minimal regulation similar to the "equal-time rule" should be used instead, applied only to certain narrow forms of content. I think Steve Huffman of reddit did it right: he's clearly no fan of Trump or his supporters, but he refused all the calls to delete Trump's subreddit. Half the site calls him a Nazi and the other half calls him a libcuck, but I think he made the right move.

I think YouTube should absolutely have a right to remove videos promoting white nationalism or advocating bigotry and such. I just think they shouldn't have absolute free reign to remove anything, due to the fact that they're now kind of more like TV in general, rather than a single TV network.

Not really new.

Scribes, news reporters, telegrams and telephones all throughout history have enjoyed immunity from the content they didnt generate.

Ever hear "Don't kill the messenger?"

Is it a recent concept? The "concept" seems as old as time. If you say it it's your responsibility. If I say it it's mine. Your editing of my speech is your speech therefore if you edit it becomes your responsibility.

A simple example just for clarity. I say "I hate my sister when she doesn't clean up but I love my sister more than anything". If you edit that to "I hate my sister" you've changed the meaning. That edit is your speech and hence your responsibility.

Social networks aren't "editing" anyone's speech, though. They're simply limiting its reach, or not hosting it in the first place.
They are selecting which content to show. That's no different then editing. It's easy to post 2 posts where missing the context of one other the other changes the entire meaning. So by not displaying one or the other they've edited the meaning and are therefore arguably responsible for the new meaning
Author makes many dubious and unsubstantiated claims:

* Claims to know what the heart of the matter is, and that it is power

* Claims those recommending antitrust are "mostly stuck in the industrial age"

* Claims publisher vs carrier dichotomy is a "trap" without explanation

Nonetheless, when he started talking about an API I got pretty excited.

I don't get the API thing? Who is going to say what functions and data are exposed? Why do these services have to pay to host these extra services? Just because we say so? What businesses does it apply to? Does my business have to have open databases?
It’s only going to stop when being on Facebook is seen as shameful.
I agree and I think this is going to happen at some point.
I stared in shock as the red mist speckled my glasses. After a few moments I managed to stammer a response.

"My god, that worker just fell in! Why haven't you stopped the machine? Why isn't anyone doing anything?"

The foreman who was leading my tour made a plaintive gesture and stared into space for a moment.

"It's complex, you see. The machine is certainly dangerous. That's the third worker this hour."

"The third?!"

"Every 10 minutes, like clockwork. But on the other hand, the machine is quite valuable. You must understand. Our competition all has machines just like it, and if we stopped ours, well, it wouldn't make much of a difference, would it? They're building more every day and we simply must keep up. That's the business."

"But those are people- human lives!"

The foreman looked tired. He'd given this speech many times.

"Our workers sign all the necessary releases. They're fully informed. Our legal team will assure you there's a great deal of paperwork involved, and we cross every T and dot every I. Totally above-board. I didn't build the damn machine, I just keep it running, and this is how it's done in the industry. Now, if you'll all follow me- just step over that mess for now, the cleanup crew are already on their way- I'll show you the way to our recruiting department. Turnover is a bit high here, but we've been working on some great new internship programs with elementary schools..."

Did you write that? It's reminiscent of Kafka's In the Penal Colony.
If you did write that, it's absolutely brilliant, and I hope to read more from you!
(comment deleted)
I thought the same thing! First I really thought it was by Kafka. Kafka would have enjoyed writing about modern corporations!
Nothing has changed. Der Prozess is just as relevant today as it was back then.

In fact, I find many great classics to be timeless.

I was thinking Roald Dahl.
How does this relate to the linked article?
I don't think the parent comment misunderstand that it's an allegory, but is asking how the allegory applies. Facebook doesn't claim they want to step back from moderation "because that's how the industry works and they have to stay competitive" (as in the allegory). They're claiming that the costs of extending private control over political speech to _society_ are too high. (This obviously isn't entirely altruistic: knowing how deeply stupid most people are and how commonly public opinion is outraged by failure to meet two mutually-exclusive ends simultaneously, I wouldn't want to open that can of worms either)
Apologists for Facebook's operational decisions, and Facebook's operational professionals themselves, are represented by the foreman.
Great writing. Assuming it is an original.

Some might call this a slippery slope argument, but over the years I have slowly started appreciating it as a fictional extreme of the idea the other person is trying to defend.

It is easy to justify small movements in any direction, but trying to unveil the eventual destination casts arguments in different and much required light.

I don't see what opening Facebook's API would buy us. You'd get different interpretations of the feed, but you'd still be siloed into whatever feed it was you accessed. Cambridge Analytica used FB's data to manipulate the feed and thus the users, but no feed algorithm is going to prevent that. Just the opposite: people would find it even easier to choose a feed algorithm that siloed them further. You could jump to a different one -- but would you?

I don't think it would return nearly as much power to users as he imagines. FB won't make quite the same mistakes as they have in the past, but an enormous amount of information is still public knowledge -- putting your social life in public is the whole point of a social network. People enjoy putting themselves out there and voluntarily, voraciously consume what others put there too. No tech tweak is going to change that, or limit the consequences.

Based on the history of facebook and its news feed, I believe that the news feed or activity feed in general, unless it is a dumb pipe, should be considered human psychological experimentation. Under this premise, I would submit that not facebook, but instead its curated feeds, should be made illegal.

But then again, the same logic could be applied to advertising/marketing... well, at least some of it, perhaps most.

This is the best case for users I can think of if social media were forced to allow APIs:

Different products/companies exist to fulfill each of these roles:

- host the firehose of tweets/posts/snaps/grams. Likely the husks of Facebook/Twitter/SnapChat/Instagram.

- filter/sort firehose for user given their preferences time/popularity/relevance etc.

- GUI to display posts to user by Web/Mobile/VR/SMS/Postcard etc. Aggregate social media readers do (did) this.

- GUI to (re)post/comment on/react to/edit/delete user content to the firehose. These already exist: HootSuite/Buffer

- firehose analysis for marketing, etc.

- firehose-level moderation/flagging/censorship/tagging

The problem is there is far more user value in vertically integrating some or all of these functions than there is in keeping them decentralized. Most users will prefer one product that filter/sorts AND displays posts to two products where one filter/sorts and the other displays.

The problem with open API access is preventing Cambridge Analytica like abuse.
Except Cambridge Analytica occurred in a closed-access scenario. It's a problem either way.
CA scraped Facebook APIs. It's only "closed" in the sense that you needed an account and token to access the open API.
> CA scraped Facebook APIs

what does it mean to scrape an API. I usually hear that word for html website scraping.

Normal API use is to read information about the people directly interacting with a post or an app, for the purpose of facilitating that interaction.

Cambridge Analytica used posts to get API access to all users (and friends-of-friends) who interacted with those posts, in order to incrementally build a copy of the complete social graph. The process is similar to scraping.

This is still an ACL issue - that Facebook allowed CA to pull data they weren’t authorized for doesn’t mean making API access is a bad idea.

It increases the attack surface but publicly to everyone.

If I share some information with a friend of a friend, should that information be viewable by an app that the friend of a friend activated? For Cambridge Analytica, the answer was "yes", so Cambridge Analytica was able to scrape a bunch of stuff.

If we make the answer "no", then it won't be possible to build alternate UIs, because the Facebook UI will be able to show my friend of a friend my information, but an alternate UI won't be able to do so.

Exactly my point. Facebook's APIs were not designed for CA's style of scraping, but they took advantage of it anyway. You can try limiting access to data but infiltrators will find a way to abuse it anyway.
And that's also my point - you don't accidentally leave an API open. It was purposefully built this way. What CA did with Facebooks API was by design.
This will balkanize the user-base, as we see with Mastodon.

You're either going to have every node do redundant work with moderation, or they'll adopt a common blacklist, thus re-centralizing.

Operators that fail to self-moderate will be blacklisted by operators that don't, because when 1% of the content broadcast by a node is, say, CP, nobody in their right mind will think twice before blocking it outright.

Reading the article and the parent comment I'm pretty sure that's the intent. By 'balkanizing' the users, the power is reduced and the network as a cohesive unit of control is dismantled.
Just because the control is decentralized, doesn't mean that it won't be any less insidious. Please look at Mastodon, for an example.
the question is why the end-user would want balkanization, other than for the abstract reason to limit power, which almost never works (or everyone would be installing firefox right now).

People seem to be allergic to balkanization. They want the convenience of typing a search result, a movie title, or a name into the platform instead of having to jump over ten. Even Mastodon with its hybrid model is unable to attract a significant amount of users from Facebook or Twitter.

Open APIs probably won't result in significant competition, and even if they do the privacy concerns exist for small companies as much as for larger ones, see Cambridge Analytica which with open APIs would basically roam around freely.

> or they'll adopt a common blacklist, thus re-centralizing

You say this like it's a bad thing. A centralized list that's communally owned is a lot more like democracy than a private list that's got "AI/magic" sorting that's intended to raise profits at the expense of society.

In fact, government could get involved in legislating not the list, but common sense baselines on how such lists should be administered - setting the groundrules so to speak (mainly to prevent fraud/abuse).

You end up with the same debate. Should fake news be on the blacklist, or just porn, or just things that are actually illegal? I want all three and an ad blocker as well.
You misunderstand me. Multiple blacklists providers allow people to have visibility and force common sense consensus amongst lists.

Eg: adblocking rulesets.

Any government involvement should simple state that blacklist options stay open to consumers (allow interoperability) and force transparency.

(comment deleted)
> The second trap is misunderstanding network effects.

Network effects, also known as efficiencies of scale, exist in every industry. This was as true of the railroads and the telephone companies as it is of tech companies. That's the whole reason corporations tend to become monopolies in the first place.

An API in and of itself is not going to prevent censorship if Facebook still controls the backend.
TBH, as a Chinese expat, all these utilitarian arguments give me Deja Vu of how the Chinese government defended GFW.
Can you elaborate on this? I don't know about how they defended the Great Firewall (had to look up that acronym) And I was thinking about the utilitarian argument for the world... that argument sides with China on the surface.

From Webster, "Utiliatarianism" is the aim of action should be the largest possible balance of pleasure over pain or the greatest happiness of the greatest number.

China is the largest country by population in the world. A very quick argument would be 'We have the most people, so anything that's good for our people is good for the world." That thinking justifies ghettos - the minority would upset the majority, and the most pleasure for the majority is what utilitarianism is.

That has me worried - it's a simple argument that is wrong on deeper inspection. What do you think as a Chinese expat? What was CCP's argument for the Great Firewall?

Population reference: https://www.worldatlas.com/articles/countries-by-percentage-...

Is there anything specific you are worried about? With arguments context matters a lot and hearing similar arguments in two different places isn't really surprising.
I think we are seeing the divergence of humanity into Morlocks and Eloi.

Most people can't begin to understand the kind of power that FB/Google has accrued due to the enormous and detailed information they are hoovering up. The vast majority of people are digital serfs.

I don't know what, if anything, to do about it. I do not think requiring Skynet to have an API will be very helpful though.

The best way to get an open social API may be a "Ship of Theseus" approach, where users run a scraper that copies their FB data to a new service, and keeps their FB data synced with the new service. As more people join the new service, eventually all FB logins will be by the scrapers, and at that point FB can be dropped.
Isn't this explicitly against the Facebook terms of service?
Probably. But it's still the user's data.

Also compare this to a tool like YouTube-dl which is against YouTube's ToS, but is still used by many people.

Ma Bell was still ridiculously powerful, but as long as it’s competing with something, we go on.

I recommend just don’t use Facebook at all.

Teach children what the fuck vanity means, and that you don’t need 1 million followers to have real friends.