Obviously. We can't actually punish bad actors, because it would set a president that the pursuit of profit at the expense of individual freedom is actually dangerous. Much better to give out ritualistic slaps on the wrist to run on headlines and reinstill trust in our endlessly crumbling system.
Be on the lookout at Meta's campaign contributions in the next few years, I'm sure none of the regulatory bodies of US communications will be on it :)
As a user - how does one even attempt to get their portion of the payout?
Instead of the settlement paying off lawyers and the remaining scraps being distributed as 1 cent to each consumer - the settlements should go to fund some sort of oversight board - sort of like the SEC/CFTC but for social media. That oversight board can then sprout and grow and then look for future funding by taxing social media companies.
Or fund some sort of healthy social media consumption education organization - kind of like what we already did/do with the cigarette settlements/taxes.
The main perpetrator in this case - Alexandr Kogan (now Spectre) - is now a tech entrepreneur leading a company with an investment from a US-based accelerator 43 North. That's how we punish them.
I just got my equifax payout. A whopping $5.21 USD.
It looks like they were charged $700MM? I think those in charge should really actually throw the book at these corporations for a change... Not very likely though.
Accountability is these companies not existing. We live in a "you'll fucking buy it anyways" economy now. All a fake variation on a problem that was solved 100 years ago. The people at the top are scraping as much from us as possible to fund their fear Mansions in New Zealand. It is a small club at the top and they all share a sandbox. You're not allowed in. It's over. The cancer has metastasized and the rich have won.
It isn’t over. There are means to still fight and win. Nothing is over here until all of us stop breathing. The first victory is realizing that for our own internal struggle.
I look forward to the day when our shared suffering is a distant memory, and I know that day will come.
I might be remembering the details wrong, but wasn't the main issue that users half-knowingly allowed spying on their friends without any consent required from those friends? Open API isn't the reason this abuse happened IMO - Facebook failed to prevent massive data collection on users who did not give any consent.
I am not buying this. It's borderline victim-blaming. An informed consent must be required. Giving access to an app is not the same as sharing your password with them and explicitly allowing them to do anything they want. Saying that, even if you do share your password, the app should not be able to collect data on your friends without their consent.
There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation. The purpose, the scale, the incentives are different. We need to stop assuming that the rules should be the same for an individual and a business just because they use the same loophole.
While I don't know what the prompt exactly said, I bet it was specific enough. The fact that people just click Accept without reading it shouldn't make it less binding, that would be infantilising users.
>There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation.
I agree. And that company is not Meta. So I don't understand why Meta is paying. In any case all I said was that this is one of the reasons APIs are closed and everything is a silo.
> While I don't know what the prompt exactly said, I bet it was specific enough.
An informed consent from users who's information is going to be collected. In this case it was the friends of the person signing up. Again, that's the only reason Cambridge Analytica was successful. They didn't have that many users, they collected a ton of data on the users' friends.
> I agree. And that company is not Meta.
Meta had an obligation to protect its users' data. It failed at that.
>An informed consent from users who's information is going to be collected.
That consent was granted the day they accepted/sent the friend request. Once the friendship was established, the other user had access to the profile information. They can do with that information as they please, which includes giving it to a 3rd party. If it's illegal to do so, the parties at fault are the user who accepted the API access request and perhaps the 3rd party, but definitely not the medium.
>Meta had an obligation to protect their user's data. It failed at that.
If I go to your profile and take a screenshot, has Meta failed at protecting your data? What if a friend gives me their password or remote desktop access to their computer and I look at your profile? Should we fine Facebook?
> That consent was granted the day they accepted/sent the friend request. [...] They can do with that information as they please, which includes giving it to a 3rd party.
Hm - no. If I accept a friend request I allow that user to read my profile but I do not authorize any 3rd parties to access it. If you show me any mention of 3rd party access in a friend request - I might change my view.
> What if a friend gives me their password or remote desktop access to their computer and I look at your profile?
You don't seem to make any distinction between a first/second party (me and my friend) and a 3rd party (CA accessing data through an API). In fact there is a difference that's very clearly defined in contract law, user agreements, etc.
The concept of “personal data” with one sovereign owner applies in very limited scenarios like a private Google Doc or unshared Dropbox folder. The vast majority of internet applications in fact represent some kind of sharing or communication. Such applications necessarily either help you to restrict how your counterparties interact with shared data, limiting their freedom, or don’t, violating your privacy. As such it’s hard to see either side of this tradeoff as especially blameworthy.
A sidenote that might be irrelevant, but fully private data never got shared. Only the friend data that is visible to the person who gave the API permissions.
Here is a simple example: you posted 3 photos on your FB profile. One was fully public, another one was friends-only, and the last one was only available to you and your relatives (which i am not one of). If i used such a cambridge analytica app and gave permission to my friend info, it would be able to get the first two photos, but not the last one (because I have no access to it myself).
The Facebook API used by the app was never open. Additionally, "Facebook required app developers to sign agreements promising to abide by privacy restrictions attached to user data they received through Facebook APIs"¹. The problem is that Facebook never did an adequate job of auditing or enforcing that.
Also, even if you somehow believe that users knowingly consented to share the amount of data that they did, they definitely did not consent to data traitor Aleksandr Kogan selling their personal knowledge graphs to Cambridge Analytica.
Not the OP, but “open” is vague, and might plausibly be meant as “public”. HN guidelines say you should respond to the strongest possible interpretation of a comment, not nit-pick:
>” Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.”
That said, OP’s response seems a bit harsh, as what you said wasn’t “false”, it just wasn’t their intended meaning.
33 comments
[ 4.0 ms ] story [ 77.9 ms ] threadBe on the lookout at Meta's campaign contributions in the next few years, I'm sure none of the regulatory bodies of US communications will be on it :)
Instead of the settlement paying off lawyers and the remaining scraps being distributed as 1 cent to each consumer - the settlements should go to fund some sort of oversight board - sort of like the SEC/CFTC but for social media. That oversight board can then sprout and grow and then look for future funding by taxing social media companies.
Or fund some sort of healthy social media consumption education organization - kind of like what we already did/do with the cigarette settlements/taxes.
Since this seems like a big deal that FB is fined 725M
It looks like they were charged $700MM? I think those in charge should really actually throw the book at these corporations for a change... Not very likely though.
A far cry from the $125 promised, but it's kind of like having a little piece of history, a tiny sign there's some accountability occasionally.
In the case of Equifax, you are basically forced to use them (as the choice isn't yours to make).
I look forward to the day when our shared suffering is a distant memory, and I know that day will come.
In case you wonder why nobody bothers to have open APIs for anything anymore. (cf. Twitter 10 years ago and today)
This is as if my friends sued Facebook because I gave you my password and you used it to snoop on them.
There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation. The purpose, the scale, the incentives are different. We need to stop assuming that the rules should be the same for an individual and a business just because they use the same loophole.
While I don't know what the prompt exactly said, I bet it was specific enough. The fact that people just click Accept without reading it shouldn't make it less binding, that would be infantilising users.
>There is a huge difference between you stalking someone else's friends and a company collecting billions of data points to use for political manipulation.
I agree. And that company is not Meta. So I don't understand why Meta is paying. In any case all I said was that this is one of the reasons APIs are closed and everything is a silo.
An informed consent from users who's information is going to be collected. In this case it was the friends of the person signing up. Again, that's the only reason Cambridge Analytica was successful. They didn't have that many users, they collected a ton of data on the users' friends.
> I agree. And that company is not Meta.
Meta had an obligation to protect its users' data. It failed at that.
That consent was granted the day they accepted/sent the friend request. Once the friendship was established, the other user had access to the profile information. They can do with that information as they please, which includes giving it to a 3rd party. If it's illegal to do so, the parties at fault are the user who accepted the API access request and perhaps the 3rd party, but definitely not the medium.
>Meta had an obligation to protect their user's data. It failed at that.
If I go to your profile and take a screenshot, has Meta failed at protecting your data? What if a friend gives me their password or remote desktop access to their computer and I look at your profile? Should we fine Facebook?
Hm - no. If I accept a friend request I allow that user to read my profile but I do not authorize any 3rd parties to access it. If you show me any mention of 3rd party access in a friend request - I might change my view.
> What if a friend gives me their password or remote desktop access to their computer and I look at your profile?
You don't seem to make any distinction between a first/second party (me and my friend) and a 3rd party (CA accessing data through an API). In fact there is a difference that's very clearly defined in contract law, user agreements, etc.
Here is a simple example: you posted 3 photos on your FB profile. One was fully public, another one was friends-only, and the last one was only available to you and your relatives (which i am not one of). If i used such a cambridge analytica app and gave permission to my friend info, it would be able to get the first two photos, but not the last one (because I have no access to it myself).
Also, even if you somehow believe that users knowingly consented to share the amount of data that they did, they definitely did not consent to data traitor Aleksandr Kogan selling their personal knowledge graphs to Cambridge Analytica.
¹ https://arstechnica.com/tech-policy/2018/03/facebooks-cambri...
>” Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.”
That said, OP’s response seems a bit harsh, as what you said wasn’t “false”, it just wasn’t their intended meaning.
[1] - https://www.netflix.com/title/80117542