> In the EU all bank accounts are now required to have an API. This has massively reduced the power of incumbent banks, allowing for rapid innovation in the banking and payments sector. The same would and could happen if platform such as Facebook and Twitter were required to have an API.
I agree with the author's assertion of a problem, but this is really confusing. Both Facebook and Twitter DO have APIs. Granted the APIs are proprietary and subject to significant restrictions on acceptable use and functionality. However, providing even a full-featured API doesn't change the effect of the platforms owning a person's user account and persona, or their ability to suck people in to waste countless hours watching their ad targeting feed algorithms.
Only true decentralization of social graph hosting will really address the core issue of centralized power.
Forcing Facebook and Twitter to have truly open APIs would be amazing. We'd have everything from custom clients, custom News Feed algorithms and much more.. Heck, they can even require ads to be served, the point is we'd be in a far better situation than we are now.
Open API doesn't mean all data available to everyone all the time. You'd still have ACLs and privacy options. It would just mean that the data and interactions you as a user already have in Facebook's proprietary walled garden, would be API callable from 3rd parties.
Today you cannot see my FB page if we're not friends, an open API wouldn't allow you to access my data either. If we were friends, you could use your custom FB client to look at my page though, which would be very user friendly.
> It would just mean that the data and interactions you as a user already have in Facebook's proprietary walled garden, would be API callable from 3rd parties.
This was precisely the level of access which caused the Cambridge Analytica scandal.
> Facebook also allowed developers to collect some information on the friend networks of people who used Facebook Login.
So no, Cambridge Analytics did not have API access to everything that that that the users who used Facebook login had access to. This was a specific set of permissions granted to apps with which users used their Facebook identities as login identities.
That's right, so I'm not sure how we're drawing different conclusions from it. Cambridge Analytica got an API that was only moderately open, with much less than the full access you'd need to implement something like a Facebook client, and that amount of access still wasn't okay.
Again, this access was granted when you used your facebook identity to log into a 3rd party site, not using an API to provide an alternative client to the user. Those are very different use cases and have very different expectations of privacy and levels of concern.
Your browser has direct access to TONS of private data, if you install certain browser extensions they have access to all that data as well. A custom facebook client would be fundamentally similar and would clearly be considered a piece of software that requires trust to use. The level of trust you should have in the software provider who provides such clients is MUCH higher than a 3rd party site where you simply used facebook as a login provider.
You would see ads for people to install the "Cambridge Facebook Client -- Earn $2/month just by using Facebook!" While they silently slurp up the same information on not just that person, but their friends.
It's not different. The current state of the browser extension ecosystem can cause and has caused massive data privacy violations; browser vendors are locking down previously open APIs to try and remediate that, breaking some functionality that developers want. Context:
I'm not saying that browser extensions don't present risks of data privacy violations, they clearly do and you should only use extensions from companies that you are willing to trust with this level of access.
What I am saying is that these risks ALREADY exist with browser extensions and facebook and providing an API to allow alternative clients for accessing facebook would be an analogous type risk and security expectations. (Although I would argue that an API could be lower risk if you can grant the API key for your client a specific set of permissions.)
My point is: A site where you use facebook SSO carries a very different type of risk and set of privacy expectations than a client that you use to login to facebook.
Even if you do “trust” the company now, there have been plenty of instances where trusted extensions were sold to less than trustworthy companies after the extension had millions of installs.
False, the level of access which caused that scandal and others was the fact that the early versions of the Facebook API granted access to second degree nodes in the network once you approved an app. Cambridge did not manage to get hundreds of millions of people to take their survey, they got access to the hundreds of millions of friends of those who did.
> If we were friends, you could use your custom FB client to look at my page though, which would be very user friendly.
Yes, this is what used to exist, and this is what Cambridge Analytica exploited. The level of access I'm talking about, and what people in this thread are advocating for, is allowing a third party app to see all info an authenticated user is authorized to see (including their friend's info).
Maybe they actually are OK with it? I know I am. On most services your friend list is public, I don't see that as sensitive information and if I did, I wouldn't use social networks since info I share with people is already available to anyone they chose to share it with.
Right, and that's all you need for Cambridge Analytica to happen. They didn't have a backdoor to see everyone's data all the time; they just used the open-ish APIs that existed back before 2015, allowing them to grab all the data all your friends shared with you if you gave their custom app permission.
Presumably such an API would be restricted to only accessing data generated by the person who approved the API. For example, it would prevent any kind of "news feed" functionality until your connected network also granted access. (This is distinct from what happened with CA)
They didn't have all the data Facebook has though, just the data people explicitly granted them via the ACLs. That includes data they had access to view, but that's ok as it's the nature of social networking and communication. Once you send someone information, they can do with it as they please including share it with 3rd parties (unless you have some sort of contract saying that's forbidden).
The problem is that Facebook defaults to everything being open. So even though we may not be able to see your page to get your friends list, unless all of your friends toggle on the same privacy settings anyone could reconstruct your friends list by finding all people that have you as a friend.
I truly wonder what would happen if FB were forced to make all security and privacy settings default to tightest possible, and therefore users would have to see the settings and decide just how exposed they wanted to be...
Of course, FB would have to be forced into it by law, and they'd lobby hard against being the only company so burdened, so they law would only pass if it applied to every option in every software... and every company in the world would scream "But users will hate us! Our profits! oh my!"
No doubt a huge number of people would be outraged by that much workload forced on them, but I like that world.
Yeah, I use uMatrix on maximum blacklisting on every site all the time, and Blockada on my phone, ...
>It would just mean that the data and interactions you as a user already have in Facebook's proprietary walled garden, would be API callable from 3rd parties.
I'm not sure you're entirely clear on how the Cambridge Analytica hack worked?
Thus you end up with 3rd party clients gaining access to data of others who never granted them explicit access (aka Cambridge Analytica) through friend connections.
Right but that's not "everyone's data", it's just data available to people who granted that app permission. You can't for instance get a FB firehose of everyone's posts.
That's the nature of social data (and it's already this way for email -- Google knows what you email @gmail.com addresses even if you don't have one).
I personally see nothing wrong with this. I didn't think Cambridge Analytica was a big deal either, just something the media blew out of proportion. If you communicate with people, what you send them will be available to whoever they share it with.
There is something qualitatively different about showing a private email to a friend or partner, and it being available to an unknown third party business because someone got dark-patterned into agreeing.
There's no way to prevent this though. You already don't know what your connection's email clients are doing with the emails you send them. That's a much bigger info leak than anything that's going to happen on FB but no one seems concerned about it.
what’s stopping those third parties from using the access that you gave it to gather data of your friends? Can I block access from your third party client?
Nothing, but that's how it works today. I could show anyone my feed and they could see my friends activity. Same with my web browser, plugins, anything happening to be running in my OS that can capture screenshots, people looking over my shoulder... I'd argue that those are even greater risks as people I know are most likely more sensitive to the information I publish than 3rd party businesses that are scraping data in aggregate for ad targeting purposes.
There will always be the analog hole and many a user experience have been degraded in the quixotic attempt to close it.
Unless your friends looking at your computer are going to write down your whole social graph manually, I doubt that’s the the same threat.
Also, most people use one of three browsers. I don’t trust Google but I doubt they are surreptitiously using everyone’s FB login to crawl their social graph.
I don't see how this is true any more than it is for a bank API.
I just want API access to the content --I wrote-- that they are monetizing (even if it's just a lure to get my friends on their platform), and if my friends grant me access to something they have written or shared, the API should allow that.
I agree that there are likely ways this can be used to do all kinds of terrible thing. But so could bank APIs.
And that was the full set of things that Cambridge Analytica got API access to; the data of people who authorized the app, and any data their friends shared with them. (In fact, they actually got a bit less than that; for instance, Facebook had already locked down the API to prevent apps from seeing email addresses.)
If you’re taking the position that Cambridge Analytica wasn’t actually that bad, and it’s worth the trade for a better developer experience, I think that’s an intensely unpopular but defensible claim.
> If you’re taking the position that Cambridge Analytica wasn’t actually that bad, and it’s worth the trade for a better developer experience, I think that’s an intensely unpopular but defensible claim.
I'll take that position. The media made a huge deal out of Cambridge Analytica but it didn't impact FB usage at all, so I don't think it's as intensely unpopular as you suggest. On most social media services, your friend list is public. I think people who feel that's somehow sensitive information shouldn't be on social media in the first place because there's nothing stopping any one of their friends from sharing all of your info with whoever they want.
In this context it does mean open data. Facebook already provides APIs for looking at your own stuff; to develop a custom client or such, it’s other people’s data that you’d need an API for.
Just to be clear, you don't really mean forcing FB to have an API that would let anyone access any piece of data on FB do you?
I mean, you're advocating for an open API to let people access maybe some public photos and such, but nothing private and no personally identifiable connection information right?
Just as a matter of full disclosure, I believe anything sensitive should require explicit consent of the user for each bit of data you download from their profile. I don't believe in radically open data APIs on FB because there is a bit of an argument to be made that it's not FBs data, it's that user's data. If she doesn't want to give the world access to her messages to her lover there should certainly be no API level method that overrides her intentions there.
It doesn't. He's glossing over the problem of antitrust needs. An open API would still leave FB in a near-monopolistic control of social data. The FAANG companies can easily buy up and squash potential competitors because for the last few decades government has taken a very narrow view of antitrust with little enforcement effort.
He doesn't say why it's a trap to think about facebook in terms of publisher versus carrier.
Someone made an insightful comment here the other day saying that they (the tech companies) chose to play publisher and opened themselves up to whole lot of legal battles and complaints, when they should have stayed with the carrier option.
I’d like to know why so many people treat the publisher vs. carrier issue as some natural law of speech, when it’s actually a fairly recent concept. To me it seems like a false dichotomy. Arguing from first principles, why should there be a binary choice between those two options?
> why should there be a binary choice between those two options?
Because the distinction is binary. You either censor what information people consume beyond what the law requires you to or you don't. publisher vs. carrier is the legal distinction between the two.
The argument is not legal, but semantic. Unless the post you are replying to is edited, you are asking for citation for a quote that was not made by the person you are replying to.
The person you are responding to is merely pointing out that there is a binary distinction between those that exert editorial control over their content and those that don't and that "publisher" and "common carrier" are the legal terms that cover those two binary categories (which may not be strictly accurate.)
There is nothing about responsibility, so you are putting words in their mouth.
The legal protections for "common carriers" were established via Case Law in Smith v. California and extended to online platforms in Cubby, Inc. v. CompuServe Inc. this was then limited to not cover online "publishers" who exert editorial control in Stratton Oakmont Inc. v. Prodigy Services Co.
Section 230 was intended to limit this last Case Law decision and extend the protections given to online "common carriers" to online "publishers".
I can sue a TV station for telling lies on the air? Really? How much am I likely to win from this, because if it's true, I'm ready to start a legal crusade today.
Oh, right... I won't get a penny. Free speech also means the freedom to tell bald-faced lies, without consequence.
We need carriers, because we need people to be able to dedicate themselves to plumbing without having to worry about the terabytes crossing across them. If they did, the Internet would grind to a halt from all the necessary processing and blocking and examination.
We want publishers to carry some responsibility, for various obvious reasons.
It seems to me that once someone is being held a little bit responsible, they're going to be forced to act as being fully responsible and need the power to block a bit of content, which will then come with the full corresponding responsibility for blocking that piece of content. What do you see as a middle ground? (This is an honest question, not an argument.)
The middle ground to me is something like "people should be free to interact, but if they're going to say something I think is racist they need to do it elsewhere." (Substitute "racist" with whatever you wish in this scenario).
At that point, the publisher vs. carrier crowd goes "well, that racist thing wasn't illegal, so now you have to be responsible for everything someone says." But I don't really care about what most of people say; I just don't want them to be racist.
This isn't a standard we apply to most businesses. If I run a bar, I can generally remove a patron for saying something without the conduct I choose to allow coming under scrutiny.
I agree re: carriers, for the reasons you stated. But to me that's a status mostly reserved for plumbing-type infrastructure, not a choice services have to make when they're deciding what type of content to host.
> But I don't really care about what most of people say; I just don't want them to be racist.
I hope you're ready to be accused of being a sexist and anti-Semite by many people's definitions. Not to mention that I hope you know that watermelon, dancing, math, and balloons are racist (according to someone with 1000 Tumblr followers, probably), and so have no place on your platform. The point being that determining what is and isn't racist can be a pretty hard problem.
Coming up with an objective and broadly agreeable rubric would indeed be difficult. But this is my hypothetical service, so the only definition of racism that really matters is my own. People are free to disagree and criticize, of course — but ultimately it’s my way or the highway, so to speak.
I’ll also note that this doesn’t really answer my question. What is the reason for the platform vs. publisher dichotomy? If I choose not to host content I don’t want to, why does it follow that I should be liable for any content I host?
> People are free to disagree and criticize, of course — but ultimately it’s my way or the highway
No, it is not your way or the highway, though. Because you, as the platform, are also subject to the opinions of the public, now.
And if you are subject to the opinions of the public, then you might start to decide to censor more and more things, not because you actually think that they are bad, but instead because some vocal minority is clammering for it to be banned.
I don't want you to be subject to that public opinion. Instead, I want to give platforms an excuse to say "sorry! We can't ban anything at all, because we are required to act neutrally!".
That way nobody can complain and try and pressure the network into expanding their definition of bad things more and more.
Every company is subject to the opinions of the public. I avoid Google products because they don't respect my privacy; I know people who don't use Apple products because they're too controlling. That is called "doing business".
And trying to be neutral doesn't even insulate you from those opinions! When I realized my previous webhost's position was to allow e.g. Nazi content as long as it was legal, I switched hosts. What do you think that webhost would do if enough people followed suit?
> Every company is subject to the opinions of the public
When was the last time that the phone company was protested because it refused to censor certain people?
The answer is that this basically never happens.
> What do you think that webhost would do if enough people followed suit?
Well, if it was illegal for webhosts to refuse service to groups, then I don't think that these webhosts would be protested, or whatever, for not censoring certain groups.
> trying to be neutral doesn't even insulate you from those opinions
Which is why I want to give networks an excuse, where they can say "Sorry everyone! It is completely out of our hands! We can't censor them even if we wanted to."
> I switched hosts
And if every host is hosting controversial content, then you won't be able to find any that isn't being neutral.
Have you changed your phone provider, because Nazis are using AT&T to make phone calls? I doubt it.
Like I said, I think "carriers" are important for plumbing-type infrastructure services. This includes phone companies and ISPs. It strains credulity to say that Facebook or a webhost falls under that same umbrella.
You're assuming that networks are looking for an excuse, but plenty of network operators don't want to serve certain types of content. Making that illegal just means network operators are the ones being censored, rather than their users — except the penalty for disobedience is no longer simply finding another network, but fines and jail time. That does not strike me as an improvement.
This also still doesn't answer my original question: if I as a business owner/network operator don't want to serve certain types of content, why does it then follow that I should be liable for everything I do serve?
One important difference is that YouTube carries content to be consumed by the public, while phone companies are more like the postal service: they send things from point A to point B, blindly (except for snooping from intelligence agencies), between private parties. These companies have many common carrier aspects, but they also have many aspects of regular private enterprises.
I agree that perhaps some degree of regulation could be warranted to adddess their unique sort-of-carrier status, but saying that they should be forbidden by the state from disallowing anything that's legal is a slippery slope in the same way biased censorship is. For example, they may not want any risk of people seeing extreme gore videos, since that could cause people to use their service less, even though such videos are typically not illegal to distribute or view. But with total free reign over a behemoth communication monopoly, politically biased content curation and removal is also a huge problem. I think there needs to be a middle ground approach.
The issue is a bar isn't an embedded monopoly, but Facebook is. Want a social network? Facebook's the only real game in town. Videos? You have to use YouTube. Photos? Instagram (Facebook). Microblogging? Twitter. There's Diaspora, and Vimeo, and Mastodon, but these are basically non-factors statistically, and they serve different, less common niches.
Not to say a company needs to permit all content, no matter how racist or bad, just because it's a monopoly and a sort-of-carrier. But things definitely get trickier. If you're banned from YouTube, you basically can't upload videos anymore, period, at least if you want anyone to look at them. These companies don't fit the classical mode of a carrier, like a telephone provider, because they carry content to be consumed openly by the public. I think Discord is probably the closest thing to a more traditional carrier, though it's still not totally comparable.
There's no good solution here other than debating a reasonable middle ground. These companies probably do need to be more open with what they allow compared to a small business, but they should still also have leeway to make their own decisions.
That's a pretty wishy-washy answer, but I think it's the only alternative to avoid the extremes of either full public utility regulation with government-enforced free speech, or super nitpicky and biased content curation. They can't be treated like either a standard business or a public service. They're in between.
Let me preface this by saying I am sympathetic to breaking up monopoly-esque companies that amass too much power. That said, I think this sentence is the crux of your comment:
> If you're banned from YouTube, you basically can't upload videos anymore, period, at least if you want anyone to look at them.
There's a pithy statement that applies here: "freedom of speech is not freedom of reach". Because there are plenty of other ways to upload videos — Vimeo and PeerTube and your own server — but none have YouTube's killer feature, which is distribution to a built-in audience.
Let's back up a few decades and say you want to promote Nazism, which is legal. Your options are pretty limited! No major newspaper will publish your article, no major radio station will let you speak and no major TV channel will give you a show. You can distribute your own newsletter, get on public access TV, transmit on unused radio frequencies, or maybe even find a small company that will allow you. But for the most part, you can't distribute to large audiences, and no one has a problem with this.
Enter the Internet. Now anyone can publish things consumable by anyone in the world… but all of a sudden that's not enough, and it's imperative that it's just as easy for Nazis to reach a huge audience as anyone else? What is so fundamentally different about YouTube vs. TV networks that we need to revisit this?
Granted, Nazism is an extreme example; it's more likely that people are concerned about e.g. alleged censorship of conservative views. But it's difficult for me to really care about this, because these are still mainstream views! Even if you don't think you're welcome on Twitter, you can go to Gab or Voat. You can read about it on Breitbart and The Daily Caller. You can get it delivered in the Wall Street Journal. You can watch it on Fox News. For speech that is being "censored", it sure is easy to find.
I'll finish by reiterating my support for breaking up giant companies that effectively control a large part of discourse. Concentrated power is never a good thing. But I think it's a gross violation of free speech to force networks to distribute content they don't want to — especially when there are always options for people to get their speech out.
I think there should only be some tiny degree of forcing. A provider like Facebook and YouTube have immense power to influence elections, for example. This is super exaggerated, but if, say, every pro-Republican video is removed or hidden behind an adult/extreme/offensive warning, while most pro-Democrat videos are left untouched, think about what effect that may have on current generations, and generations in 10 and 20 years from now, who grow up on YouTube content essentially. It'll probably influence your thinking.
I definitely don't want them to be classified as public utilities or even broken up. I think very minimal regulation similar to the "equal-time rule" should be used instead, applied only to certain narrow forms of content. I think Steve Huffman of reddit did it right: he's clearly no fan of Trump or his supporters, but he refused all the calls to delete Trump's subreddit. Half the site calls him a Nazi and the other half calls him a libcuck, but I think he made the right move.
I think YouTube should absolutely have a right to remove videos promoting white nationalism or advocating bigotry and such. I just think they shouldn't have absolute free reign to remove anything, due to the fact that they're now kind of more like TV in general, rather than a single TV network.
Is it a recent concept? The "concept" seems as old as time. If you say it it's your responsibility. If I say it it's mine. Your editing of my speech is your speech therefore if you edit it becomes your responsibility.
A simple example just for clarity. I say "I hate my sister when she doesn't clean up but I love my sister more than anything". If you edit that to "I hate my sister" you've changed the meaning. That edit is your speech and hence your responsibility.
They are selecting which content to show. That's no different then editing. It's easy to post 2 posts where missing the context of one other the other changes the entire meaning. So by not displaying one or the other they've edited the meaning and are therefore arguably responsible for the new meaning
I don't get the API thing? Who is going to say what functions and data are exposed? Why do these services have to pay to host these extra services? Just because we say so? What businesses does it apply to? Does my business have to have open databases?
I stared in shock as the red mist speckled my glasses. After a few moments I managed to stammer a response.
"My god, that worker just fell in! Why haven't you stopped the machine? Why isn't anyone doing anything?"
The foreman who was leading my tour made a plaintive gesture and stared into space for a moment.
"It's complex, you see. The machine is certainly dangerous. That's the third worker this hour."
"The third?!"
"Every 10 minutes, like clockwork. But on the other hand, the machine is quite valuable. You must understand. Our competition all has machines just like it, and if we stopped ours, well, it wouldn't make much of a difference, would it? They're building more every day and we simply must keep up. That's the business."
"But those are people- human lives!"
The foreman looked tired. He'd given this speech many times.
"Our workers sign all the necessary releases. They're fully informed. Our legal team will assure you there's a great deal of paperwork involved, and we cross every T and dot every I. Totally above-board. I didn't build the damn machine, I just keep it running, and this is how it's done in the industry. Now, if you'll all follow me- just step over that mess for now, the cleanup crew are already on their way- I'll show you the way to our recruiting department. Turnover is a bit high here, but we've been working on some great new internship programs with elementary schools..."
I don't think the parent comment misunderstand that it's an allegory, but is asking how the allegory applies. Facebook doesn't claim they want to step back from moderation "because that's how the industry works and they have to stay competitive" (as in the allegory). They're claiming that the costs of extending private control over political speech to _society_ are too high. (This obviously isn't entirely altruistic: knowing how deeply stupid most people are and how commonly public opinion is outraged by failure to meet two mutually-exclusive ends simultaneously, I wouldn't want to open that can of worms either)
Some might call this a slippery slope argument, but over the years I have slowly started appreciating it as a fictional extreme of the idea the other person is trying to defend.
It is easy to justify small movements in any direction, but trying to unveil the eventual destination casts arguments in different and much required light.
I don't see what opening Facebook's API would buy us. You'd get different interpretations of the feed, but you'd still be siloed into whatever feed it was you accessed. Cambridge Analytica used FB's data to manipulate the feed and thus the users, but no feed algorithm is going to prevent that. Just the opposite: people would find it even easier to choose a feed algorithm that siloed them further. You could jump to a different one -- but would you?
I don't think it would return nearly as much power to users as he imagines. FB won't make quite the same mistakes as they have in the past, but an enormous amount of information is still public knowledge -- putting your social life in public is the whole point of a social network. People enjoy putting themselves out there and voluntarily, voraciously consume what others put there too. No tech tweak is going to change that, or limit the consequences.
Based on the history of facebook and its news feed, I believe that the news feed or activity feed in general, unless it is a dumb pipe, should be considered human psychological experimentation. Under this premise, I would submit that not facebook, but instead its curated feeds, should be made illegal.
But then again, the same logic could be applied to advertising/marketing... well, at least some of it, perhaps most.
The problem is there is far more user value in vertically integrating some or all of these functions than there is in keeping them decentralized. Most users will prefer one product that filter/sorts AND displays posts to two products where one filter/sorts and the other displays.
Normal API use is to read information about the people directly interacting with a post or an app, for the purpose of facilitating that interaction.
Cambridge Analytica used posts to get API access to all users (and friends-of-friends) who interacted with those posts, in order to incrementally build a copy of the complete social graph. The process is similar to scraping.
If I share some information with a friend of a friend, should that information be viewable by an app that the friend of a friend activated? For Cambridge Analytica, the answer was "yes", so Cambridge Analytica was able to scrape a bunch of stuff.
If we make the answer "no", then it won't be possible to build alternate UIs, because the Facebook UI will be able to show my friend of a friend my information, but an alternate UI won't be able to do so.
Exactly my point. Facebook's APIs were not designed for CA's style of scraping, but they took advantage of it anyway. You can try limiting access to data but infiltrators will find a way to abuse it anyway.
This will balkanize the user-base, as we see with Mastodon.
You're either going to have every node do redundant work with moderation, or they'll adopt a common blacklist, thus re-centralizing.
Operators that fail to self-moderate will be blacklisted by operators that don't, because when 1% of the content broadcast by a node is, say, CP, nobody in their right mind will think twice before blocking it outright.
Reading the article and the parent comment I'm pretty sure that's the intent. By 'balkanizing' the users, the power is reduced and the network as a cohesive unit of control is dismantled.
the question is why the end-user would want balkanization, other than for the abstract reason to limit power, which almost never works (or everyone would be installing firefox right now).
People seem to be allergic to balkanization. They want the convenience of typing a search result, a movie title, or a name into the platform instead of having to jump over ten. Even Mastodon with its hybrid model is unable to attract a significant amount of users from Facebook or Twitter.
Open APIs probably won't result in significant competition, and even if they do the privacy concerns exist for small companies as much as for larger ones, see Cambridge Analytica which with open APIs would basically roam around freely.
> or they'll adopt a common blacklist, thus re-centralizing
You say this like it's a bad thing. A centralized list that's communally owned is a lot more like democracy than a private list that's got "AI/magic" sorting that's intended to raise profits at the expense of society.
In fact, government could get involved in legislating not the list, but common sense baselines on how such lists should be administered - setting the groundrules so to speak (mainly to prevent fraud/abuse).
You end up with the same debate. Should fake news be on the blacklist, or just porn, or just things that are actually illegal? I want all three and an ad blocker as well.
> The second trap is misunderstanding network effects.
Network effects, also known as efficiencies of scale, exist in every industry. This was as true of the railroads and the telephone companies as it is of tech companies. That's the whole reason corporations tend to become monopolies in the first place.
Can you elaborate on this? I don't know about how they defended the Great Firewall (had to look up that acronym) And I was thinking about the utilitarian argument for the world... that argument sides with China on the surface.
From Webster, "Utiliatarianism" is the aim of action should be the largest possible balance of pleasure over pain or the greatest happiness of the greatest number.
China is the largest country by population in the world.
A very quick argument would be 'We have the most people, so anything that's good for our people is good for the world."
That thinking justifies ghettos - the minority would upset the majority, and the most pleasure for the majority is what utilitarianism is.
That has me worried - it's a simple argument that is wrong on deeper inspection. What do you think as a Chinese expat? What was CCP's argument for the Great Firewall?
Is there anything specific you are worried about? With arguments context matters a lot and hearing similar arguments in two different places isn't really surprising.
I think we are seeing the divergence of humanity into Morlocks and Eloi.
Most people can't begin to understand the kind of power that FB/Google has accrued due to the enormous and detailed information they are hoovering up. The vast majority of people are digital serfs.
I don't know what, if anything, to do about it. I do not think requiring Skynet to have an API will be very helpful though.
The best way to get an open social API may be a "Ship of Theseus" approach, where users run a scraper that copies their FB data to a new service, and keeps their FB data synced with the new service. As more people join the new service, eventually all FB logins will be by the scrapers, and at that point FB can be dropped.
134 comments
[ 3.0 ms ] story [ 196 ms ] threadI agree with the author's assertion of a problem, but this is really confusing. Both Facebook and Twitter DO have APIs. Granted the APIs are proprietary and subject to significant restrictions on acceptable use and functionality. However, providing even a full-featured API doesn't change the effect of the platforms owning a person's user account and persona, or their ability to suck people in to waste countless hours watching their ad targeting feed algorithms.
Only true decentralization of social graph hosting will really address the core issue of centralized power.
Today you cannot see my FB page if we're not friends, an open API wouldn't allow you to access my data either. If we were friends, you could use your custom FB client to look at my page though, which would be very user friendly.
This was precisely the level of access which caused the Cambridge Analytica scandal.
https://www.vox.com/2018/3/17/17134072/facebook-cambridge-an...
So no, Cambridge Analytics did not have API access to everything that that that the users who used Facebook login had access to. This was a specific set of permissions granted to apps with which users used their Facebook identities as login identities.
Your browser has direct access to TONS of private data, if you install certain browser extensions they have access to all that data as well. A custom facebook client would be fundamentally similar and would clearly be considered a piece of software that requires trust to use. The level of trust you should have in the software provider who provides such clients is MUCH higher than a 3rd party site where you simply used facebook as a login provider.
https://securitywithsam.com/2019/07/dataspii-leak-via-browse...
https://www.zdnet.com/article/apple-neutered-ad-blockers-in-...
What I am saying is that these risks ALREADY exist with browser extensions and facebook and providing an API to allow alternative clients for accessing facebook would be an analogous type risk and security expectations. (Although I would argue that an API could be lower risk if you can grant the API key for your client a specific set of permissions.)
My point is: A site where you use facebook SSO carries a very different type of risk and set of privacy expectations than a client that you use to login to facebook.
Yes, this is what used to exist, and this is what Cambridge Analytica exploited. The level of access I'm talking about, and what people in this thread are advocating for, is allowing a third party app to see all info an authenticated user is authorized to see (including their friend's info).
People saw an ACL grant screen before Cambridge Analytica took their data. Too many of these screens and people just click "OK."
Defaults matter.
Of course, FB would have to be forced into it by law, and they'd lobby hard against being the only company so burdened, so they law would only pass if it applied to every option in every software... and every company in the world would scream "But users will hate us! Our profits! oh my!"
No doubt a huge number of people would be outraged by that much workload forced on them, but I like that world.
Yeah, I use uMatrix on maximum blacklisting on every site all the time, and Blockada on my phone, ...
I'm not sure you're entirely clear on how the Cambridge Analytica hack worked?
That's the nature of social data (and it's already this way for email -- Google knows what you email @gmail.com addresses even if you don't have one).
I personally see nothing wrong with this. I didn't think Cambridge Analytica was a big deal either, just something the media blew out of proportion. If you communicate with people, what you send them will be available to whoever they share it with.
There will always be the analog hole and many a user experience have been degraded in the quixotic attempt to close it.
Also, most people use one of three browsers. I don’t trust Google but I doubt they are surreptitiously using everyone’s FB login to crawl their social graph.
I just want API access to the content --I wrote-- that they are monetizing (even if it's just a lure to get my friends on their platform), and if my friends grant me access to something they have written or shared, the API should allow that.
I agree that there are likely ways this can be used to do all kinds of terrible thing. But so could bank APIs.
If you’re taking the position that Cambridge Analytica wasn’t actually that bad, and it’s worth the trade for a better developer experience, I think that’s an intensely unpopular but defensible claim.
I'll take that position. The media made a huge deal out of Cambridge Analytica but it didn't impact FB usage at all, so I don't think it's as intensely unpopular as you suggest. On most social media services, your friend list is public. I think people who feel that's somehow sensitive information shouldn't be on social media in the first place because there's nothing stopping any one of their friends from sharing all of your info with whoever they want.
I mean, you're advocating for an open API to let people access maybe some public photos and such, but nothing private and no personally identifiable connection information right?
Just as a matter of full disclosure, I believe anything sensitive should require explicit consent of the user for each bit of data you download from their profile. I don't believe in radically open data APIs on FB because there is a bit of an argument to be made that it's not FBs data, it's that user's data. If she doesn't want to give the world access to her messages to her lover there should certainly be no API level method that overrides her intentions there.
Someone made an insightful comment here the other day saying that they (the tech companies) chose to play publisher and opened themselves up to whole lot of legal battles and complaints, when they should have stayed with the carrier option.
Algorithms are a great factor as to why a Facebook got users hooked into its service and drives up ad revenue.
How do you mean, exactly? I feel that I understand your point but am trying not to make any assumptions.
Because the distinction is binary. You either censor what information people consume beyond what the law requires you to or you don't. publisher vs. carrier is the legal distinction between the two.
Because I don't think there is one. And I think that's an extremely strained interpretation of Section 230.
>> publisher vs. carrier is the legal distinction between the two
So I'm curious about the law that provides that.
My quotation marks are to summarize the position being made - I use >> for direct quotes.
The person you are responding to is merely pointing out that there is a binary distinction between those that exert editorial control over their content and those that don't and that "publisher" and "common carrier" are the legal terms that cover those two binary categories (which may not be strictly accurate.)
There is nothing about responsibility, so you are putting words in their mouth.
Section 230 was intended to limit this last Case Law decision and extend the protections given to online "common carriers" to online "publishers".
https://en.wikipedia.org/wiki/Section_230_of_the_Communicati...
Oh, right... I won't get a penny. Free speech also means the freedom to tell bald-faced lies, without consequence.
We want publishers to carry some responsibility, for various obvious reasons.
It seems to me that once someone is being held a little bit responsible, they're going to be forced to act as being fully responsible and need the power to block a bit of content, which will then come with the full corresponding responsibility for blocking that piece of content. What do you see as a middle ground? (This is an honest question, not an argument.)
At that point, the publisher vs. carrier crowd goes "well, that racist thing wasn't illegal, so now you have to be responsible for everything someone says." But I don't really care about what most of people say; I just don't want them to be racist.
This isn't a standard we apply to most businesses. If I run a bar, I can generally remove a patron for saying something without the conduct I choose to allow coming under scrutiny.
I agree re: carriers, for the reasons you stated. But to me that's a status mostly reserved for plumbing-type infrastructure, not a choice services have to make when they're deciding what type of content to host.
I hope you're ready to be accused of being a sexist and anti-Semite by many people's definitions. Not to mention that I hope you know that watermelon, dancing, math, and balloons are racist (according to someone with 1000 Tumblr followers, probably), and so have no place on your platform. The point being that determining what is and isn't racist can be a pretty hard problem.
I’ll also note that this doesn’t really answer my question. What is the reason for the platform vs. publisher dichotomy? If I choose not to host content I don’t want to, why does it follow that I should be liable for any content I host?
No, it is not your way or the highway, though. Because you, as the platform, are also subject to the opinions of the public, now.
And if you are subject to the opinions of the public, then you might start to decide to censor more and more things, not because you actually think that they are bad, but instead because some vocal minority is clammering for it to be banned.
I don't want you to be subject to that public opinion. Instead, I want to give platforms an excuse to say "sorry! We can't ban anything at all, because we are required to act neutrally!".
That way nobody can complain and try and pressure the network into expanding their definition of bad things more and more.
And trying to be neutral doesn't even insulate you from those opinions! When I realized my previous webhost's position was to allow e.g. Nazi content as long as it was legal, I switched hosts. What do you think that webhost would do if enough people followed suit?
When was the last time that the phone company was protested because it refused to censor certain people?
The answer is that this basically never happens.
> What do you think that webhost would do if enough people followed suit?
Well, if it was illegal for webhosts to refuse service to groups, then I don't think that these webhosts would be protested, or whatever, for not censoring certain groups.
> trying to be neutral doesn't even insulate you from those opinions
Which is why I want to give networks an excuse, where they can say "Sorry everyone! It is completely out of our hands! We can't censor them even if we wanted to."
> I switched hosts
And if every host is hosting controversial content, then you won't be able to find any that isn't being neutral.
Have you changed your phone provider, because Nazis are using AT&T to make phone calls? I doubt it.
You're assuming that networks are looking for an excuse, but plenty of network operators don't want to serve certain types of content. Making that illegal just means network operators are the ones being censored, rather than their users — except the penalty for disobedience is no longer simply finding another network, but fines and jail time. That does not strike me as an improvement.
This also still doesn't answer my original question: if I as a business owner/network operator don't want to serve certain types of content, why does it then follow that I should be liable for everything I do serve?
I agree that perhaps some degree of regulation could be warranted to adddess their unique sort-of-carrier status, but saying that they should be forbidden by the state from disallowing anything that's legal is a slippery slope in the same way biased censorship is. For example, they may not want any risk of people seeing extreme gore videos, since that could cause people to use their service less, even though such videos are typically not illegal to distribute or view. But with total free reign over a behemoth communication monopoly, politically biased content curation and removal is also a huge problem. I think there needs to be a middle ground approach.
When the arbiter of truth is a profit-oriented, authoritarian regime (ie, any corporation) that's not beholden to anyone - bad things happen.
Just look at Apple's AppStore for an example (at least politics isn't influenced by Apps).
Maybe. https://www.theverge.com/2019/10/18/20921300/rebulicans-demo...
Not to say a company needs to permit all content, no matter how racist or bad, just because it's a monopoly and a sort-of-carrier. But things definitely get trickier. If you're banned from YouTube, you basically can't upload videos anymore, period, at least if you want anyone to look at them. These companies don't fit the classical mode of a carrier, like a telephone provider, because they carry content to be consumed openly by the public. I think Discord is probably the closest thing to a more traditional carrier, though it's still not totally comparable.
There's no good solution here other than debating a reasonable middle ground. These companies probably do need to be more open with what they allow compared to a small business, but they should still also have leeway to make their own decisions.
That's a pretty wishy-washy answer, but I think it's the only alternative to avoid the extremes of either full public utility regulation with government-enforced free speech, or super nitpicky and biased content curation. They can't be treated like either a standard business or a public service. They're in between.
> If you're banned from YouTube, you basically can't upload videos anymore, period, at least if you want anyone to look at them.
There's a pithy statement that applies here: "freedom of speech is not freedom of reach". Because there are plenty of other ways to upload videos — Vimeo and PeerTube and your own server — but none have YouTube's killer feature, which is distribution to a built-in audience.
Let's back up a few decades and say you want to promote Nazism, which is legal. Your options are pretty limited! No major newspaper will publish your article, no major radio station will let you speak and no major TV channel will give you a show. You can distribute your own newsletter, get on public access TV, transmit on unused radio frequencies, or maybe even find a small company that will allow you. But for the most part, you can't distribute to large audiences, and no one has a problem with this.
Enter the Internet. Now anyone can publish things consumable by anyone in the world… but all of a sudden that's not enough, and it's imperative that it's just as easy for Nazis to reach a huge audience as anyone else? What is so fundamentally different about YouTube vs. TV networks that we need to revisit this?
Granted, Nazism is an extreme example; it's more likely that people are concerned about e.g. alleged censorship of conservative views. But it's difficult for me to really care about this, because these are still mainstream views! Even if you don't think you're welcome on Twitter, you can go to Gab or Voat. You can read about it on Breitbart and The Daily Caller. You can get it delivered in the Wall Street Journal. You can watch it on Fox News. For speech that is being "censored", it sure is easy to find.
I'll finish by reiterating my support for breaking up giant companies that effectively control a large part of discourse. Concentrated power is never a good thing. But I think it's a gross violation of free speech to force networks to distribute content they don't want to — especially when there are always options for people to get their speech out.
I definitely don't want them to be classified as public utilities or even broken up. I think very minimal regulation similar to the "equal-time rule" should be used instead, applied only to certain narrow forms of content. I think Steve Huffman of reddit did it right: he's clearly no fan of Trump or his supporters, but he refused all the calls to delete Trump's subreddit. Half the site calls him a Nazi and the other half calls him a libcuck, but I think he made the right move.
I think YouTube should absolutely have a right to remove videos promoting white nationalism or advocating bigotry and such. I just think they shouldn't have absolute free reign to remove anything, due to the fact that they're now kind of more like TV in general, rather than a single TV network.
Scribes, news reporters, telegrams and telephones all throughout history have enjoyed immunity from the content they didnt generate.
Ever hear "Don't kill the messenger?"
A simple example just for clarity. I say "I hate my sister when she doesn't clean up but I love my sister more than anything". If you edit that to "I hate my sister" you've changed the meaning. That edit is your speech and hence your responsibility.
In particular the Naval Ravikant interview: https://www.youtube.com/watch?v=3qHkcs3kG44&t=3661
* Claims to know what the heart of the matter is, and that it is power
* Claims those recommending antitrust are "mostly stuck in the industrial age"
* Claims publisher vs carrier dichotomy is a "trap" without explanation
Nonetheless, when he started talking about an API I got pretty excited.
"My god, that worker just fell in! Why haven't you stopped the machine? Why isn't anyone doing anything?"
The foreman who was leading my tour made a plaintive gesture and stared into space for a moment.
"It's complex, you see. The machine is certainly dangerous. That's the third worker this hour."
"The third?!"
"Every 10 minutes, like clockwork. But on the other hand, the machine is quite valuable. You must understand. Our competition all has machines just like it, and if we stopped ours, well, it wouldn't make much of a difference, would it? They're building more every day and we simply must keep up. That's the business."
"But those are people- human lives!"
The foreman looked tired. He'd given this speech many times.
"Our workers sign all the necessary releases. They're fully informed. Our legal team will assure you there's a great deal of paperwork involved, and we cross every T and dot every I. Totally above-board. I didn't build the damn machine, I just keep it running, and this is how it's done in the industry. Now, if you'll all follow me- just step over that mess for now, the cleanup crew are already on their way- I'll show you the way to our recruiting department. Turnover is a bit high here, but we've been working on some great new internship programs with elementary schools..."
In fact, I find many great classics to be timeless.
Some might call this a slippery slope argument, but over the years I have slowly started appreciating it as a fictional extreme of the idea the other person is trying to defend.
It is easy to justify small movements in any direction, but trying to unveil the eventual destination casts arguments in different and much required light.
I don't think it would return nearly as much power to users as he imagines. FB won't make quite the same mistakes as they have in the past, but an enormous amount of information is still public knowledge -- putting your social life in public is the whole point of a social network. People enjoy putting themselves out there and voluntarily, voraciously consume what others put there too. No tech tweak is going to change that, or limit the consequences.
But then again, the same logic could be applied to advertising/marketing... well, at least some of it, perhaps most.
Different products/companies exist to fulfill each of these roles:
- host the firehose of tweets/posts/snaps/grams. Likely the husks of Facebook/Twitter/SnapChat/Instagram.
- filter/sort firehose for user given their preferences time/popularity/relevance etc.
- GUI to display posts to user by Web/Mobile/VR/SMS/Postcard etc. Aggregate social media readers do (did) this.
- GUI to (re)post/comment on/react to/edit/delete user content to the firehose. These already exist: HootSuite/Buffer
- firehose analysis for marketing, etc.
- firehose-level moderation/flagging/censorship/tagging
The problem is there is far more user value in vertically integrating some or all of these functions than there is in keeping them decentralized. Most users will prefer one product that filter/sorts AND displays posts to two products where one filter/sorts and the other displays.
what does it mean to scrape an API. I usually hear that word for html website scraping.
Cambridge Analytica used posts to get API access to all users (and friends-of-friends) who interacted with those posts, in order to incrementally build a copy of the complete social graph. The process is similar to scraping.
It increases the attack surface but publicly to everyone.
If we make the answer "no", then it won't be possible to build alternate UIs, because the Facebook UI will be able to show my friend of a friend my information, but an alternate UI won't be able to do so.
You're either going to have every node do redundant work with moderation, or they'll adopt a common blacklist, thus re-centralizing.
Operators that fail to self-moderate will be blacklisted by operators that don't, because when 1% of the content broadcast by a node is, say, CP, nobody in their right mind will think twice before blocking it outright.
People seem to be allergic to balkanization. They want the convenience of typing a search result, a movie title, or a name into the platform instead of having to jump over ten. Even Mastodon with its hybrid model is unable to attract a significant amount of users from Facebook or Twitter.
Open APIs probably won't result in significant competition, and even if they do the privacy concerns exist for small companies as much as for larger ones, see Cambridge Analytica which with open APIs would basically roam around freely.
You say this like it's a bad thing. A centralized list that's communally owned is a lot more like democracy than a private list that's got "AI/magic" sorting that's intended to raise profits at the expense of society.
In fact, government could get involved in legislating not the list, but common sense baselines on how such lists should be administered - setting the groundrules so to speak (mainly to prevent fraud/abuse).
Eg: adblocking rulesets.
Any government involvement should simple state that blacklist options stay open to consumers (allow interoperability) and force transparency.
Network effects, also known as efficiencies of scale, exist in every industry. This was as true of the railroads and the telephone companies as it is of tech companies. That's the whole reason corporations tend to become monopolies in the first place.
From Webster, "Utiliatarianism" is the aim of action should be the largest possible balance of pleasure over pain or the greatest happiness of the greatest number.
China is the largest country by population in the world. A very quick argument would be 'We have the most people, so anything that's good for our people is good for the world." That thinking justifies ghettos - the minority would upset the majority, and the most pleasure for the majority is what utilitarianism is.
That has me worried - it's a simple argument that is wrong on deeper inspection. What do you think as a Chinese expat? What was CCP's argument for the Great Firewall?
Population reference: https://www.worldatlas.com/articles/countries-by-percentage-...
Most people can't begin to understand the kind of power that FB/Google has accrued due to the enormous and detailed information they are hoovering up. The vast majority of people are digital serfs.
I don't know what, if anything, to do about it. I do not think requiring Skynet to have an API will be very helpful though.
Also compare this to a tool like YouTube-dl which is against YouTube's ToS, but is still used by many people.
I recommend just don’t use Facebook at all.
Teach children what the fuck vanity means, and that you don’t need 1 million followers to have real friends.