55 comments

[ 2.6 ms ] story [ 114 ms ] thread
Well! This is an interesting wrinkle in the Reddit drama.
Bad day for reddit.
Making a Reddit will be added to the dictionaries after this.
I wonder how many of the app devs were writing to their senators?
Well, this will die quickly. It would be nice to see people rally around something like this for mobile phone APIs though.
This bill may not address mobile phone APIs directly, it does contribute to the broader conversation about API accessibility and enabling users to have more control and influence in the digital world.
It sorta poisons the discussion, though. Mobile phone and desktop APIs are marginal-cost to call if you own the hardware it runs on. Social media APIs have an inherent cost associated with maintaining the endpoints and returning values quickly. For sites like Twitter and Reddit, that price is non-negligible enough that it has to be recouped somehow.

Overall it just feels like more pearls before swine. I don't mind it starting the discussion, but it feels like a poor way of framing it, to the point that it dooms everything to fail on the basis that "it costs too much".

Application: The bill does not apply to social media companies with less than $100 million in gross revenue or to services with limited user interactions like direct messages, commercial transactions, or reviews.

That was going to be my first question. Nice to see it would not affect my silly little forum and chat servers.

It looks like Discord meets the criteria would be subjected to this however.

Well, Your Honor, Facebook the social media site is actually owned by Facebook Limited, an Irish company owned by a British trust with shareholders consisting of Meta Limited (Hong Kong) and Meta Limited (Seychelles). Believe it or not, Facebook actually loses money! The distantly related company of Meta Inc (owned by Meta Limited (Ireland)), does make some money from advertising, but it pays Facebook Limited a recurring subscription of $99 million per annum for a royalty-free, exclusive license to its newsfeed API.

So we're sorry, Your Honor, but New York courts have no jurisdiction here, and even if they did, the plaintiffs are wrong to assert that "Facebook" makes more than $100 million in annual revenue.

Discord has one of the better APIs out there for social media, and is definitely free of charge.
(comment deleted)
The NY Senate should instead introduce a bill to create a public platform for topical discussion!
Since government institutions can't censor speech, that would be an interesting thing to moderate.
You can always moderate by attaching tags to posts, and allow viewers to choose which tags they don't want to see.

You can even have per-moderator tags. E.g. mod123:spam. And then let user filter by tag wildcard or something similar: *:spam.

What about third-party services that offer moderation? And then the adventurous could browse the raw stream!
I definitely feel like - at some point - governments have to start actively helping speech. Rather than regulate the market, having official registries for people to file their speech in certain ly seems like one path. Ideally where we can file our own moderation opinions which can be used as moderation overlays folks can use to filter things down with.
I wonder if interstate commerce applies here.
Doubt it'll see the light of day, but it may widen the debate further which would be a win
Any mirror?

Edit:

The Bill https://legislation.nysenate.gov/pdf/bills/2023/S6686

gpt-4 summary:

The bill, numbered 6686, was introduced by Sen. Hoylman-Sigal and is related to social media open application programming.

The bill proposes amendments to the general business law, specifically introducing a new article 42 titled "Social Media Open Application Programming Interface Access". The article includes sections defining terms, requirements for open API access with social media for third-party development tools, API access reports, violations and remedies, and application of the law.

Key points from the bill include:

Social media platforms are required to implement and maintain a standards-based API that permits third-party applications to retrieve data at no cost, for the benefit of the user or the user's authorized representative.

The bill outlines the type of data that must be provided to users or their authorized representatives through the API. This includes personal data controlled by the social media platform, platform-produced or recommended data available to the user, and data that is generally available to all account holders about the user's friends or followers. Social media platforms must conduct routine testing, ongoing monitoring, and make all necessary updates to ensure the API functions properly.

The bill also outlines circumstances under which a social media platform may deny or discontinue a user or authorized representative's application's access to the API.

Social media companies are required to submit semiannual API access reports to the attorney general. These reports should include information on API utilization and access decisions.

Isn't Facebook API access what led directly to Cambridge Analytica?
Unlimited API access maybe
This is a dumb overreaction. Before Reddit there was forums. Before forums there was mailing lists. Before mailing lists there was usenet. Before usenet there was dial up bbs. I missed a few.

Hopefully even if this passes it’ll just die in the courts. Instead lets let the free market sort the best thing out instead of pretending that Reddit is doing something impossibly valuable.

Yea, because those is what they should be focused on /s
I don't think this is reasonable or even in users interest if they stop and think about it.

I don't want social media platforms to be required by law to turn over all of the data that they have collected on me to anyone who asks.

EDIT:

So in section 2.A.3, anything that could be publicly visible to third parties is now accessible to those thirds parties via API. Anything you privately shared with third parties is now accessible to them via API. Your public comments, likes, friends ect. Alternatively, your private messages can be exported via API if the recipient gives permission.

>2. A SOCIAL MEDIA PLATFORM MUST PROVIDE THE FOLLOWING INFORMATION TO ITS CURRENT USERS OR THEIR AUTHORIZED REPRESENTATIVES THROUGH THE API CONSISTENT WITH SUBDIVISION ONE OF THIS SECTION: (A) THE USER'S PERSONAL DATA THAT THE SOCIAL MEDIA PLATFORM CONTROLS, INCLUDING, WITHOUT LIMITATION: ... (III) THIRD-PARTY DATA WHICH IS EITHER (A) GENERALLY AVAILABLE TO ALL ACCOUNT HOLDERS, OR (B) MADE AVAILABLE TO THE USER BY THE ACTION OF THAT THIRD PARTY, AND WHICH IS COLLECTED BY THE SOCIAL MEDIA COMPANY TO MAKE CONTENT DECISIONS THAT DIRECTLY OR INDIRECTLY IMPACT A USER

It is hard to believe I am reading section 3.A correct, but this would also require the social media company to update their database at the request of the API user. pretty wild.

>3. A SOCIAL MEDIA PLATFORM MUST PROVIDE ACCESS THROUGH THE API NECES- SARY TO ALLOW THIRD-PARTY APPLICATIONS ON BEHALF OF ANY CURRENT USER TO WRITE, UPDATE OR TAKE ACTION ON: (A) THE USER'S PERSONAL DATA THAT THE SOCIAL MEDIA PLATFORM CONTROLS, INCLUDING, WITHOUT LIMITATION: (I) DATA THAT IS GENERALLY AVAILABLE TO ALL ACCOUNT HOLDERS, INCLUDING USER'S NAME, USERNAME OR HANDLE, PROFILE PHOTO, BIO, AND LOCATION; (II) USER DATA AND DATA GENERATED BY A USER AND COLLECTED BY THE SOCIAL MEDIA PLATFORM THAT FORMS THE BASIS FOR SOCIAL RECOMMENDATIONS, INCLUDING USER FOLLOWS AND FOLLOWER DATA, AS WELL AS THE TOPICS USERS MAY FOLLOW;

So in theory, anyone could make an API request to reddit and it would have to turn over all public information on the site, at no cost.

What do you mean? An API doesn’t automatically grant full access to your private data. It just provides an alternative way to access the data you have already chosen to make public.
It doesn’t, but it makes it easier to mandate an API for ‘special government access’ when there’s already an API mandate in place
That’s called a court order, and already happens all the time.
This API grants full access to read and write your own personal data, or export anyone else's public data.

I care less about the use case where I request my own private data.

I care more about the use case where someone else can request any public data I shared, or someone else can export any private data I shared with them only.

I know this is a very outdated, downright Luddite idea nowadays but perhaps you shouldn't publish something if you don't want it to be public?
The issue isn't with it being public, there she was with it being compiled and available to anyone who requests it. It is an access issue and question.

For example, I understand that I can be recorded by people's home cameras everywhere I go. I wouldn't support Amazon and Google being legally obligated to turn over that information to anyone who requests it.

I also don't think that any company that hosts public information should be required to turn over its entire database of public information in the digestible format at no cost to anyone who asks

Literally every single thing you post on Reddit gets cached nearly instantly.

Stop expecting API limits to save you there. We’re beyond that. And honestly it’s better if we stop expecting privacy on public forums.

You understand what the word public means. Right?
I do. Public information doesn't mean compiled and available upon request.

I understand that every conversation I have outside my home is public, but that doesn't mean I have to support every one of those conversations being recorded and delivered to anyone who requests it

The digital world isn’t “down the street”. It’s disingenuous to conflate the two.
This API only grants access to data that the user connecting to it can already access by logging in via the website. You are misreading it.
Isn't that exactly what I said?
Going back and rereading your top-level post, it seems like maybe it is? It's possible that the degree of outrage you demonstrated led me to misread that post as saying you thought it would allow anyone access to private information.

It's quite clear to me from the wording you pasted there that the rules would only mandate that a logged-in user be able to access through the API all data that they could access by logging into the website. You know, exactly what would be necessary to build a third-party app.

In general, I'm struggling to see how that reading of the proposed rules could actually lead to any kind of privacy concerns.

A simple example of a privacy concern would be if you have a private Facebook account. Any of your friends behind your privacy wall can allow an API to export your data for public publishing or sale by a third party app.

I post about an abortion on my private Facebook profile and a friend uses Facebook 2.0 app, Facebook 2.0 can publish that data for anyone to see on the world wide web, or sell it to advertisers, or anti-abortion groups.

And Meta/"Facebook 1.0" can do the same with all your data that they have right now. That's an issue of what the terms of service allow and, potentially, of developer malfeasance. In fact, do you know if there's anything in the bill that would set rules or guidelines for use of the API? Because I think it would be pretty reasonable to require that third parties using the API adhere to certain restrictions, and "don't sell the data you get that way without the user's express, clearly-informed, consent" would be a pretty important one.

Furthermore, I think we need regulations limiting what social media services themselves can do with data like that as well. And it may be that it would be more ideal if we didn't open up social media services to third-party clients with mandatory APIs until we do have that.

But given the choice between the status quo, and only one of those improvements? I know which one I'd choose.

Meta/Facebook 1.0 can do that now, but at least I agreed to their terms of service and current privacy settings.

I agreed meta can use my data. I did not agree that every company can do what they want with it.

This bill has no restrictions on the usage of data exported from the API.

There's a pretty basic feeling I have that if as a user you can browse & get data from a site, you should be the ability to get that same data in more direct useful & unencumbered form.

The thing is, anyone doing shady things probably already has complex ways of scraping & extracting data they want anyways. The only people this walled gardening hurts are good everyday users, are citizens.

Worrying about "oh no what if we could easily get public data" feels like a way too conservative reaction that's not in touch with where we are already.

That...doesn't say what you are claiming it says.

Clause 2 requires the API to allow access to a user's data by that user or someone they authorize. Sure, there's a reasonable concern about coerced authorization by third parties, but that's a separate problem, and not worse than what we have now.

Clause 3 isn't quite as explicitly narrow, but it still specifies being able to access the listed data on behalf of a current user.

Neither of these are saying "anyone can access all the data." They're saying "anyone can access their own data".

> this would also require the social media company to update their database at the request of the API user.

And this is pretty obviously required in order for the API to allow third party apps that are more than read-only. "Updating their database" is necessary to make posts, react to posts, or change your profile information.

I think between the two sections, the API can access any information that the user could. This means all public information, their own private information, and the private information of others that has been shared with them.

I think the two of us agree on what the law says, I just happened to think it's ridiculous. It would require every large social media company to actively support competitors that are cloning their website, require them to manage the database for those competitors, and do it at no cost.

I coul make a Facebook 2.0 app that shows users everything that they could see in Facebook, but strips out the Facebook ads and puts in my own. Facebook would be required to manage the data of my users at no cost. My app could even submit advertising posts on behalf of my users to Facebook, which it would have to write

> It would require every large social media company to actively support competitors that are cloning their website, require them to manage the database for those competitors, and do it at no cost.

Well...yes. That seems like the point, to me. Having data siloed by massive megacorporations who abuse that data to generate ludicrous levels of quarterly profit does not benefit us as a society.

I do not believe that any particular business model deserves a guarantee that it be allowed to continue in perpetuity.

What this would do is force social media services to compete on features and user-friendliness, rather than just network effects, dopamine farming, and lock-in. It would lower the barriers to entry for competitors in the social media market, and lower the barriers to exit for social media users who want to move from one network to another.

Yes, that seems like the point to me too. I just happen to think it is unreasonable and rediculous.

I agree that business dont have any garuentee to continue, or even without restriction. I dont think that compelled action is appropriate.

I think there would be a better legal and moral basis for banning social media outright, than requing them to provide API service to competitiors.

What is the precise definition of a social media platform?
This is a genius idea. I completely support it.
Honestly, this could, if designed and implemented correctly, be exactly what we need to break the stranglehold the current social media giants have on the industry.

Having public APIs for every major social media platform means that, at least in theory, a single third-party app could give you access to Facebook, Twitter, Instagram, and Reddit (plus more!). It could even give you access to your social media contacts aggregated across all those platforms.

This would mean that if one of your friends wanted to move from platform A to platform B, as long as you had at least some account with both of them, you wouldn't have to change much about how you communicate with them.

It could also mean that social media services would have the ability to tap into each other's APIs—thus making it possible to simply import your entire contact list and history (or as much of it as the destination service supported) from one service to another.

If we could get an effort like this to fully succeed, it could very well bring us to something much closer to the decentralized social media future that some people were talking about several years ago.