> "Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple," Apple says. "Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
[1] I previously posted this development as a story, but it got flagged as a dupe. It seems like this is the more truthful angle. since Apple seems to be the real agent that caused this shutdown.
I find it hard to believe that Apple didn't know. I would expect any device with a in-house app installed to be reporting metadata about said app back to Apple. Comparing the number of installs of a particuler app + the distribution of IP addresses/locations where this app was installed vs that of a normal in-house Facebook app would likely show a discrepency.
Reasons for the contrary (Apple could not have known) my premise is incorrect, the metadata is insufficient, Facebook or in-house apps in general are much more widely use than presumed and often deployed from a public facing servers resulting in a location distribution too similar to the actual US population distribution, etc.
Facebook has offices all over the world and employees testing with devices on home networks all over the world (not to mention developers giving builds to family and friends, potentially).
I would hardly expect Apple to be scrutinizing the install patterns of an enterprise app. Those resources would be better spent improving the App Store review process and TestFlight.
I've been reading a lot of comments about this, and something that always comes up is the question "why shouldn't people be able to sell their data?"
I have two objections to that. First, they're almost certainly not making that deal from an informed position. Security and privacy are very complicated matters, and most people won't even realize to ask questions about data retention, aggregation, sharing, differential privacy, etc. Instead, they'll substitute in an easier more salient question (https://en.wikipedia.org/wiki/Attribute_substitution), like "Is $20 a month something I want?"
The second issue is that MITMing all network traffic on a phone will necessary scoop up the user's credentials, as well as private messages and metadata from that user's friends and family. It's naive to think about privacy as something an individual can accomplish. When you sell data from your networked social device (i.e., your phone), you're also selling out all your friends and family. Given all that really hot data, what incentives are there for the data collector to act responsibly and protect that data? The reality is pretty much none.
"First, they're almost certainly not making that deal from an informed position"
After spending an hour reading similar comments to yours, I have to ask this question.
How informed should the user be? What qualifies as an informed user? This is getting into some dangerous territory because it because implies so some sort of contract literacy.
>The second issue is that MITMing all network traffic on a phone will necessary scoop up the user's credentials, as well as private messages and metadata from that user's friends and family.
Do they not already do that with access to Facebook Messenger and Instagram? Why is this not screamed from the top of every hill?
This data collection is also different because they literally say it is for research.( They are protected legally, unfortunately)
>Given all that really hot data, what incentives are there for the data collector to act responsibly and protect that data?
Hmm how about getting fined?(The issue is how much should they be fined and the answer in my opinion should be similar to how the SEC prosecutes for insider trading: fine on top of whatever
you made, to strongly discourage you from doing so again or jail them.
I agree. I've seen Facebook doing shady things but I don't think this is one of them.
As a company they want to collect data for whatever reason (a research project, training data for an ML system, creating a new product, refining an existing one or assessing the overall market). So they built software for data collection and are paying people money in exchange. How is this different from Amazon Mechanical Turk or any crowdsourcing platform which pays people for data?
I admit I haven't seen what the contract looks like but are people suggesting that the end user still does not understand that they are providing user data to be used by Facebook in exchange for money or have no power to decline such offer?
But it's much easier for the press to run click baity titles like "Facebook spies on teens! Again!!" and many folks on HN quickly jump on the bandwagon.
That said, the part of this backlash I sympathize with is if someone hates benefiting FB and have any of their data in their hands but then has a friend who uses this service and uploads all their collected chat conversations to FB.
What is "dangerous territory" about "contract literacy" when the typical Terms & Conditions for basically any app/service/website are dozens of pages of legalese?
When one facebook user messages another both users have consented to trust facebook for good or ill. The question is actually much more interesting when you consider a federated network like email.
It is the million dollar question because like wiretap laws vary by state ( one party consent, two party consent) their is nothing for things like this related to data sharing.
If I tried something like this I’d have my developer account totally revoked and all my apps pulled; but I can’t imagine that happening to Facebook. It makes sense but it’s interesting that there’s a systemic de-risking of the way big players operate while simultaneously being in a position to do the most damage.
> Apple says. "Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
God I wish Apple had the balls of suspending the developer account and withdrawing the Facebook app from the app store. It's infuriating that most likely Facebook will again get away with a slap on the wrist. How will they make the next morally relevant decision?
They should implement permission controls so users can choose what functionality the facebook app can access.
It sucks huge amounts of power, I assume the facebook app is collecting all sorts of nefarious metadata off phones at no benefit to the user. Fine grained controls would allow users to prevent facebook from accessing their information without the user's explicit choice, which would be a huge improvement.
There should be a big "Facebook wants to read and analyze ALL of your contacts. OK or Cancel" prompt before each read, or you should have to explicitly allow "Allow Facebook to read and analyze all of your SMS messages at any time"
Is that really the case though? Lets play through this virtual divorce.
Apple's revenue was a disappointing what 60 some billion dollars last quarter based on devices that have a multitude of functions beyond facebook. Not having facebook available on the device would probably decrease their value somewhat but with facebook getting tons of bad press it could work to apple and alternative social networks long term benefit by further cementing Apple as protector of your privacy and Apple blessed social networks as better than that trash android users run on their comparatively open platform. Users already don't seem to value openness much and place higher stock in privacy and security.
Facebooks was in the same time frame around 16 billion. Facebook depends heavily on access to mobile platforms to reach users. Apple is only 10ish % of the global market but around at least 1/3 of the US market which facebook needs. As people are unlikely to chuck their $1000 phones in the trash before 1-2 years are up it seems likely that most users would keep their facebook account to keep in contact with friends/family on facebook but come to rely on other chat apps on their phone and may ultimately use those apps instead of facebook on and off their phones.
From facebooks perspective its users don't immediately drop but engagement can drop through the floor for that segment while offering substantial help to competitors that may in the long run turn facebook into myspace 2.0. Apple losing facebook would be a negative. Facebook losing apple would be an existential threat. If removed from the play store as well it would basically be dead in the water. This would probably never happen because if apple and or google threatened to do so it would basically have to give apple and or google its left arm and throw in a leg to secure its continued existence. It's bargaining position with either is terrible.
I think both should work together to force facebook to do a better job of protecting its users privacy.
As an aside I think that in the longer run it could probably consider bypassing the respective app stores entirely to work entirely as a website but don't think that would be likely to be a short term prospect.
... so they allow themselves to abuse each other? Maybe enterprises should have % penalties built into their contracts here to effect the appropriate behavior if the normal rules don’t (or can’t) apply.
Fb is only "shutting down" it's iOS Spyware due to "bad press" not due to a sudden realisation that spying on children who are incapable of understanding the long-term consequences of the privacy invasion is fundamentally wrong/evil.
Fb only stop doing things that are obviously morally reprehensible when they get caught or called out in the media. They never proactively doing the right thing. :-(
It's not even that--they are not stopping the identical Android app, only the iOS one. From the media/public standpoint, the programs are nearly identical, so this is clearly a case of either Apple ordering them to stop and/or they know they are hosed for giving Apple the finger and trying to pull the plug before Apple revokes their entire company's enterprise certificate, which would break any internal apps (the intended use of enterprise certs) that they may be using. So it's not even the bad press, just them risking angering a company they depend on to do their business.
According to articles I saw in the last few hours, their "certificates" have been pulled. So this has likely already happened.
Also, Google updated API certificate behavior to only trust built in roots by default.
https://android-developers.googleblog.com/2016/07/changes-to... might explain why "project atlas" is only available for Android devices marshmallow and earlier (they can't snoop encrypted app traffic on later versions)
Nice! Glad Apple caused them some massive chaos. I'd forgotten about that roots thing, it's actually really nice albeit a little annoying for debugging/reverse engineering.
Yeah, the API change was back in 2016, somewhat close to the timing of Facebook's deployment of Onavo. The conspiracy theorist in me says Google might have got a tip about such behavior years ahead of the public revelation. SV companies are quite incestuous.
Everyone pin your certificates. If this was standard practice none of it ever could have happened.
Apple didn’t just ban the App, they revoked Facebook’s privileges to “side load” their internal apps, so Facebook employees can’t even order lunch or a company shuttle.
Almost by definition, we're only going to notice the "right things" they've done that they don't get called out on (i.e. have attention drawn to beforehand).
I would love to be a fly-on-the-wall at some of their meetings when someone says “So we are going to do data collection on minors without parental consent now” and all the developers just say “great I’ll code that up straight away”. Like is there no dissent at all? Is there no one at all who says “guys this is not OK”?
There's some powerful dissonance going on. I once interviewed an engineer. We spent a good 15m of the hour-long interview talking about the moral implications of social networking, the potential for powerful technology to cause harm, and what a developer's imperatives were. He was completely on the "side of right" - must use powers for good, data harvesting is bad, Facebook is an immoral business etc.
He turned down our offer to take a job building a data analytics platform at Facebook. "Oh it was just too exciting tech not to work on."
Facebook officially prohibits users younger than 13, mainly because US law has a lot of special requirements for children under that age ( https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Pr... ). I’m sure the app doesn’t have any special age-based code because if someone has a Facebook account, they’ve already told Facebook they’re 13 or older.
Amazonians reading this: I'd like to know how often does it cause someone to rethink their proposal when you use the magic words "disagree and commit"? Does it ever happen?
I mean consider this scenario: A, B, C, D, E are in a meeting to discuss a new project that A has planned. D and E like the idea. B is not committed either way. C says they can't see the project being a good thing but uses the magic words "disagree and commit". How often does it cause A to go back and say ok maybe my idea was not good?
In reality it's more like 'agree and submit' to the manager/pm making the proposal. Don't want to do the work because you find it goes against morals or personal beliefs? That's fine, they'll pivot you out of the company real quick.
There is an assumption that developers "knew" how the code being implemented is going to be used. In a big company like FB, as an IC or team, the context under which code gets developed may be far removed from how it gets used. I can imagine a scenario where someone developed this code for testing FB app on devices, another engineer had similar need and morphed it into different product etc.
The solution to these problems is oversight from security, compliance, and privacy on all systems dealing with consumer information, and having privacy education for all employees on regular basis. GDPR is a step in that direction.
Turns out a lot of people are willing to be unethical for a lot of money. If you can convince people to murder people and render them down to soap you can probably convince people to build spyware. You can even pretend that such data will never be used in a prejudicial fashion say to deny people employment in the future based on some social score.
Come on guys we just want to build a better ad what could possibly go wrong!
Suspect its breaching some term of the app store or at least in a grey area. So it's a pre-emptive move to avoid the Apple has removed Faecbook app news headline.
> The Research app requires that users install a custom root certificate, giving Facebook the ability to see users’ private messages, emails, web searches, and browsing activity.
Ouch. Yes that's really bad, even if it wasn't a violation of Apple's terms of service (it was, apparently).
"We totally apologize for making this mistake, which is totally on me and we promise to clean up our act and behave better in the future and we're sorry if you feel offended"
> They probably took it down because as the original app it violated the App Store’s guidelines on data collection.
Or maybe Apple took it down because - as you said - it violated the store guidelines. Or Apple just encouraged them to do it by themselves (for a better PR). So effectively, they were forced.
It wasn’t in the App Store. It was sideloaded from a Facebook website using a profile signed by Facebook’s enterprise developer certificate. Screenshots in various news articles confirm this.
It violated the Enterprise Developer Certificate Terms, so Apple have revoked the Developer certificate.
The rules state that Enterprise apps must only be in the hands of users who are under the supervision of the company which operates the Enteprise certificate. It's likely that Apple doesn't consider the people Facebook have co-opted into this program to qualify
According to the single information there, Apple DID NOT take it down the last time already which means it was still collecting data before Facebook removed it.
There is absolutely no information about this time. Actually according to the content it is again Facebook and not Apple who removes the app.
It might as well be so. The we’re using an enterprise distribution method which only allows distribution to company employees. This is grounds for account revocation. (Not their AppStore account, their enterprise account. )
"Apple tells TechCrunch that yesterday evening it revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store."
I really hope people remember all the ways Facebook is being scummy for when Zuckerberg decides to enter politics. We don't need more people like him in government.
Would be nice if people prepare a series of questions about this for the next time Zuck is in the hot seat before Congress. Even if it doesn’t break any laws and acquired consent, this still smell so bad.
I struggle to see how software developers can willingly do work on a project that goes against all values and morales!
I have previously worked with developers in start-ups and was amazed to hear some of their backgrounds. One previously worked for a company that bundles spyware with freeware MSI products. Another worked for an airline agency, where they advertise fake a discount on tickets when the price was in fact higher than market. Needless to say, their actions outside the work environment matched their actions inside.
> I struggle to see how software developers can willingly do work on a project that goes against all values and morales!
Personally, this doesn't really go against my morals or values. They installed the app. No one forced them to. Not everyone has the same set of morals and values you do. If it's not illegal and no one is harmed. I don't care so much.
It's the "no one is harmed" part I strongly disagree with. Perhaps they signed up for something and have perfect knowledge of how Facebook will use the information they collect (doubtful) but the rest of us will be impacted, manipulated and harmed in some way by what Facebook ultimately ends up doing with the data that their guinea pigs willingly gave up.
Would you say that the current political climate has been harmful? I would. I would not only say that, but I would also say that it's come about specifically because of data collection practices which have enabled data analysis of entire populations in a way which has never been seen before.
While analysis of populations is not inherently bad by itself, the outcome certainly has been, particularly because the abilities and effects are so new that there's little or no law governing people towards positive effects for society as a whole. Without those laws, the effects become geared toward benefiting people at the top either directly (company CEOs) or indirectly (capabilities sold to those who can afford them).
> Would you say that the current political climate has been harmful? I would. I would not only say that, but I would also say that it's come about specifically because of data collection practices which have enabled data analysis of entire populations in a way which has never been seen before.
Seriously, look at the state of peoples finances. That's the cause. Look at the amount of money the rich have compared to those who voted for Trump, Brexit, etc. Look at the quality of life. This has been coming for a long, long time. Blaming on Facebook and Twitter is not very insightful of the state of affairs in the world today.
Isn't Cambridge Analytica enough proof that harm has been done by Facebook's data collection and allowing others to access it? That's the very tip of the iceberg.
For me, everything is about, that it could be harmful. And that's true it could be. Lots of things could be harmful. But right now, it's not really provable by anyone that it is. What we need is proper laws to control what companies can do. And in some areas of the world we're getting them. They're not great but like all tbings they will improve.
But it seems very much like there is an attitude like working for Facebook or Google is amoral. That I don't believe. Especially when there are companies sell software to track phones secretly to countries like Iran. That's on the border of amoral.
It was used to figure out which parties were most susceptible to being manipulated with misinformation and outright lies so that they would vote for people whom would ultimately harm their own interests. For example figuring out which groups of liberals could be pushed towards a third party candidate with propaganda so that that a conservative candidate could win the election and disadvantage the same folks. This is straightforward harm even if the election was still technically democratic it was swayed by manipulation partially funded by our enemies and those who aligned themselves with Americas enemies to get a president elected by the minority to harm the interests of the majority in order to enrich a much smaller minority.
And prove the "harm" in its data collection practices. Since you've been very specific in data collection, I will expect your response to be about data collection.
I'm not the original poster but the harm would logically follow from USE of that data now and in the future not the process of collection much like the harm from a long fall doesn't come from the journey but rather the sudden stop at the end.
I struggle to realize why we expect Software engineers to be bellwethers of morality and ethics. They are flesh and blood, and like any other profession, if there's money in something, there will be someone to do it
Engineers do (like civil, mechanical, electrical) but most software engineers come from a CS background, where there isn’t as much focus on professional ethics.
For one, as professionals and engineers, SEs should absolutely be attuned to and deeply reflective of ethics. That said, we can and should expect everyone to consider ethics in their daily lives and work.
Someone likely will do nearly every unethical thing, but that doesn't mean it is right for anyone to do it.
Correct. There is nothing intrinsically noble about technologists. No Hippocratic oath, no unifying moral code. They’re susceptible to the same pitfalls of professional disregard as anyone. Understanding that will help you temper any unearned trust in software and technology companies.
We should expect everybody to care about the morality and ethics of their actions. That's a pretty low fucking bar IMO. In software, this is one way that manifests.
Other professions are self regulating, if you do unethical things your peers (the AMA or legal boards) will strip you of your license to practice and then you can’t find a job.
It would be too much to expect engineers to somehow be angels without the threat of punishment when even doctors need these systems.
But on the other hand, imagine if you heard about this agile thing but you can’t legally apply it because waterfall is mandated and if you apply agile you might be stripped of your license to practice software engineering.
I am not condoning the unethical practices, but every profession has people who are below the bar you talk about. The reasons why they do it are as varied as the peoples of the world.
There was a YC funded company a few years ago that had a similar startup bundling shitware, and pg himself was on here defending them and claiming that users are “choosing” to install the software willingly. It’s astonishing how much one’s decision making framework is tied to their financial incentives. People find a way to rationalize anything if they’re getting paid, and they don’t even realize that they’re doing it.
One of the interesting ideas out there is the evolutionary development of morality, basically it exists to serve our survival, and historically has changed in the right ways to compliment the technology of the time (and the tribes which fail to update their morals die out). So that might just be a feature, not a bug.
Software developers are human beings. This analogy may seem inadequate, but don't you also struggle to see how certain human beings are willing to physically hurt or kill other human beings? This also goes against all values and morales, yet people do it. It's just that your set of values is not the same as other people's. Our world has always been a dark, cruel place, and yet for some reason a lot of western people seem to have forgotten this very apparent fact.
A case like this can be sold to developers in odd ways. Devs typically think that people who download things have way more insite than they do and can assess what putting the certificate on the device means. The team that started the project likely feels that this helps them build a better experience for their users.
Facebook in general seems to have good intentions and terrible awareness of what is crossing a line. They really wanted their platform to be the center of everyone’s lives and now appear completely unprepared for the consequences of pushing that agenda so hard.
Both comments express this sentiment. I’m pretty judgey myself, but I’ve known these people for ten, twenty years. They are good people but even good people have blind spots.
We love labels don't we? No one is purely good or purely bad. Or purely left or purely right, etc.
Like most things, these things are points along a spectrum, not absolutes. Even that is probably too simplistic - points in n dimensional space I guess :)
To any HN readers who work at Facebook: your company is morally decrepit and you are complicit. If you go to LinkedIn and indicate that you're looking, you'll have 20 leads in your inbox by lunch. You don't have to work there.
From Google, MS, Instacart, Uber et al? The reality is that every major tech company does scummy stuff. There are vanishly few tech companies that don't.
One day you're working for a plucky start up. The next you're working for a big name that's stealing tip money.
There's a reason that these companies do what they do. Fraud, breaking the law, and dark patterns are way easier ways to make money than doing so do ethically and legally. Companies either die a hero or live long enough to become a villain.
I'm exaggerating a bit, but realistically the list of ethical tech companies is a lot shorter than the list of unethical ones.
This really isn't true. The vast majority of tech companies are ethical, at least a far sight more so than Facebook. They don't make headlines so you have a bais.
There are lots of ethical companies which are in the middle, too. But that's okay, your moral lackings are definitely excused by your lazy approach to job hunting.
Maybe it's just me but I don't think Facebook is particularly bad. They acquire user data and sell it to anyone who wants it. They should better limit the data they collect and who they sell it to. But compared with stealing tip money or literally killing someone? It's just not nearly as bad.
Stealing is bad, but limited in scope. A number of people lost some money.
The data collection gives power to those who hold the data. Having all data on someone gives absolute power. It can be both looking at intimate data to directly manipulate or dominate a person, or apply data science to an incredible detailed corpus of data, and in the future learn things about individuals and groups that we can't even fathom.
>What about their dubious involvement in recent elections does that bother
It mostly bothers because it seems like a great deal of the recent hate towards FB is because people blame them for Trump. If Clinton wins I don't think people care.
That said, yes I think FB should do a better job of "know your customer" when selling ads. Obviously they shouldn't sell ads to Russian intelligence. But it doesn't bother me all that much. For one, I don't think it had that big of an impact. For two, it's a dangerous path to go down when you start questioning if your political opponents have the right justifications for their votes.
>You’ve presumably not read about Myanmar or fbs involvement in organising genocide?
Which part of that involved a FB employee going out and literally killing someone?
Disappointed to not see Apple putting their foot down more forcefully on this. It's possible they spoke to them, but there should be repercussions beyond just "shut down this one app".
F500 install certificates like this on their employee owned devices.
If FB hires these people, is there a difference?
Do you think a random admin assistant knows more than a techy teenager about the dangers of data privacy? Or is she just trying to scrape by for another week of rent?
This sounds like alarm from the rich and well to do about an ‘immoral’ way for the poor to make money.
It seems like we can't even go a week without Facebook getting caught doing something scummy. It makes you wonder what else they are doing. I assume the worst.
What Facebook, politicians, and many others fail to understand is that there's a difference between legal and morally right.
Facebook makes it exceedingly easy for people to hate them, while technically doing nothing wrong. Well sometimes they break the law, but then Zuckerberg just says he's sorry and we all move on.
It's getting tiresome to watch our industry behave recklessly in the pursuit of ad revenue and the push to collect more and more data about the unsuspecting public.
I enjoy my work in IT, but companies like Facebook, and increasingly Google and Apple, then entire IoT business and a ton of startups are increasingly pushing me towards being less connected, less interested in new technology. It seems like a huge chunk of industry is misguided. I'm sick and tired of it.
I am slowly turning into a Luddite. Whenever new devices come out I immediately wonder how they are used to spy on people as main purpose and helping people is secondary.
The ad-supported business model really has corrupted tech to the core.
To be fair, the said app clearly told people what exact data would be collected and how it will be used. If people does want and chose to sell their data, is that still morally corrupt for the company collecting the data?
In my experience large majority of non-tech people do not care much about their data being collected and would be happily accept monetary reward for things like their location history, usage stats etc. Assume that data collector is using this information to show you relevant ad. I wonder why would it be so much bad to see relevant ad then irrelevant ad? It's not that you are going to stop seeing ads anytime soon.
So the question is: If data producer is happy to sell the information and data collector is using it to enhance the user experience (i.e. no evil intent), would you still consider this bad or immoral?
I guess the first question is, if I do something illegal, but either avoid being captured or manage to otherwise avoid prosecution by using money or influence, have I done something wrong, legally speaking?
Because there is an argument to be made that making money off of children's consent to contracts is legally wrong, but because of the widespread nature of doing such by those who have enough political power to impact how laws are enforced, the laws are not enforced to protect children. That we aren't correctly enforcing laws that protect taking advantage of a child by using consent that can't legally exist does not make the action legally right, or if it does, then we are effectively invoking the notion of "it isn't illegal if you don't get caught".
What you fail to understand is that the average layman doesn't care about data collection and ad tech. If it pisses you off that people don't care about the same things you do, welcome to politics.
What I care about are companies that simply have no moral compass. If no one at Google or Facebook think that they're pushing a little too hard to get ever more data about their users, then something is terribly wrong at those companies.
Google is particularly fascinating, their employees protest when their parent company want to be a supplier to the US military, but apparently they have no moral objection to building detailed profiles on users (and non-users) in order to sell them more junk that they don't need and can't afford.
The whole data collection thing is so abstract that the same people who don't want their employer to kill people with drone can't see the immorality of invading people privacy. If that's the case, then how can we expect the layman to understand or care?
Funny you are accusing those employees of nefarious political motivations when you are pushing your politics up and down the thread (and others) in your sub-day-old anonymous account.
I get banned every day, else my account would be like 10 years old, haha.
I am not accusing them of "nefarious" political motivations, I respect their right to push their own politics. I wish they were more transparent, though.
> the average layman doesn't care about data collection and ad tech
True. But Facebook has managed—by demonstrating a repeated recklessness, unwillingness to reform and immortality that seems fundamental to its culture—to energise a vocal minority in a way no other tech company has. This vocal minority, moreover, is wealthy, politically connected and bipartisan.
This is already resulting in costs and reduced strategic flexibility for Facebook’s senior leadership. I expect it to turn into an existential threat for the company, as it’s currently organised, in the coming years.
There is a difference between not informed, and doesn't care.
How many people would be comfortable if you laid out the full spectrum of what is possible with the data that is collected, and how said data is distributed and sold?
Its frankly a massively dishonest claim that people "don't care so its all fine".
Users realise that the ads they see are targeted to them, and infer that those ads are chosen depending on their activity. Do you think people would stop using Facebook if you told them about this? Or maybe you're wishing for the government to step in?
Could an admin explain why the original news item, previously the highest voted of the first page, was pushed to the third page suddenly? Just wondering if it was algorithmic or manually changed.
Do you mean this post: https://news.ycombinator.com/item?id=19031055? The standard here is to have one submission about a particular news story at a time on the front page. That one, now 15 hours old, is near the top of the second page, while this one is on the front page.
Right, but relative to the number of upvotes the submission does not have that many comments. And it fell just on the start of the workday (right?), see http://hnrankings.info/19031055/.
I am aware that's not a wanted discussion topic normally, but if behaviour related to an article about dirty behaviour smells dirty it feels a bit relevant.
To avoid controversial topics and flame wars (and likely to prevent heavy load on the servers since large threads cause significant strain on HN it seems)
I wouldn't be surprised if people have been flagging it. Back when FB was getting slammed for the Definers controversy among other ongoing controversies, multiple commenters were bemoaning HN's purported collective hate against FB. That said, makes sense for that thread to move down while this current discussion stays near the top, as this discussion contains the newest developments/fallout.
(in contrast, the similarly highly-upvoted Facetime bug thread [0] seemed to stay up longer, but no official fix had been made in the ~18 hours since it was first discussed)
Enterprise developer certificate, which is a different program than the standard Apple Developer program used to release apps on TestFlight and the App Store.
> Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.
"Your honor, I swear! He clicked on the button saying he was over 18!!! How was my porn site supposed to know he was lying?"
If Facebook wanted to do something useful, it could devote some of that $400 billion empire into identity verification and ways to prevent deceptive practices online. Something that goes beyond the Stone Age practices like SSN and Captchas that we rely on today.
Remember when putting a picture of yourself on the internet or even using your real name was controversial? The old generation warned not to do it, ever! But teens did it widely and profusely.
Now the new controversy is data. Don't ever sell your data! Don't give up your data! But teens are doing it widely and profusely.
At some point you just have to accept that new people will be born and will have new ideas and just won't give a fuck. As a business you can either sit on the sidelines and watch or capitalize on it.
Facebook will lead the way to allow for smaller players to get away with doing this as well.
>Facebook will lead the way to allow for smaller players to get away with doing this as well.
That's not how any of this works. It's hard to 'move fast and break things' when a company like Facebook has used all the loopholes and gotten caught.
Small players will never be able to replicate Facebook or their scummy tactics because at this point Facebook wants regulations. Regulations will ensure Facebook can and will continue to operate (can pay any fine) while the competition is hamstrung. If your competition is hamstrung it makes it easier to buy em up or wipe em out.
Just to come full circle Facebook purchased onvo so they could spy on users and figure out which apps they were using and how often. Facebook then used this data to buy up companies.
This is literally what every generation seems to say about the behavior and habits of the next generation. I think it's pretty clear "break down" just means changes you don't like.
You haven't gotten to the point of proving that the "teens" would be correct to disregard their privacy, or that the "old generation" would be wrong to care about it.
I don't believe the behavior you're describing actually falls along generational lines, though, rather than technical competence or awareness. It isn't only "teens" who use social media, nor is it only "old people" who are concerned about privacy. In fact, younger generations are leaving Facebook and social media because of privacy concerns and the negative effect it has on their lives.
Your arguments here are stereotypical ageism and lack enough nuance to be convincing.
Meanwhile... Google, Microsoft and Apple* _receive_ money from their users to harvest the same personal data that Facebook is willing to pay their users for and nobody bats an eyelid.
* Apple is probably the least guilty here, however as long as their OS remains closed, we don't actually know how much personal data they are harvesting.
It appears that you edited your comment above to make my "Wireshark won't decrypt encrypted traffic" comment look stupid. Nice try, so let me clarify...
Facebook's market research app isn't "redirecting ALL INTERNET TRAFFIC through their servers" either. If you read the article it states that the app monitors phone and web activity and sends it back to Facebook. This is not really any different from sending home telemetry data. Google, Microsoft and Apple all send home encrypted data, most of which is not verifiable using Wireshark.
I'm no fan of Facebook, far from it in fact, but at least this is an opt-in service and users are being compensated for sacrificing personal data. The same can't be said for the other three companies.
What a bullsh*t. People got some money for giving up some privacy. Nobody was forced to do this. And now everybody is freaking about a fairly reasonable trade.
What's next? People will start harassing students/researchers that do paid studies?
Certainly nobody was forced to do it, but it is more than likely that nobody understood what they were being asked to do. Not only that, children were being targeted by this scheme. Lastly, the implementation on iOS circumvented rules relating to an app distribution which shows Facebook’s proclivity for flouting the rules.
Pushing the app distribution thing aside, being aboveboard in every other respect is still insufficient justification for ethically questionable processes.
Facebook has a history of unscrupulous untrustworthiness which should not be overlooked when examining the implications of the scheme, particularly the requirement to install a root certificate. To ignore the context of the polemic, to pretend Facebook is just another company rather than one of the largest collectors of personal, private information on the planet, multiple times caught invading peoples' privacy through less than honourable means, is foolhardy at best and dangerous at worst.
Well, I am not a big fan of telling people what to do or what not to do. Do you want to sell your private info to some corps? Feel free to do so.
Will it blow up in your face? Perhaps. I could not care less. It's your problem. You didn't know what you were being asked for? Again - it's your problem.
People agreed to do that on their own, they got paid for that, and, most likely, they don't care if FB knows what kind of porn do they browse.
All the stuff about ethics and "honourable means" is irrelevant in this argument. Is war ethical? Is spying honourable? Depends on whom you ask.
>requirement to install a root certificate
Requirement? You can just tell them to f*ck off.
In any case, I could not care less about this, but what annoys me is the people that pretend to be super-nannies that gonna save the world by telling what the others should do. Through history, this has never worked.
> Do you want to sell your private data to corporations? Feel free to do so
That isn't the point. The point is that Facebook preyed on technical illiteracy and a general and widespread lack of understanding of the implications of participating in the program. Effectively, the majority of participants were tricked. The age range for participants also included people who were not of age, and therefore not legally responsible for their actions. Facebook must accept that responsibility.
The point is that Facebook flouted Apple's guidelines for the distribution of apps outside the App Store, showing a blatant disregard for the protections put in place to protect consumers from bad actors. Facebook has positioned itself as a bad actor through their actions, not only in the questionable collection of data the implications of which the users will likely be unaware, but also in how such a program was distributed: in direct violation of the protections offered by the App Store.
The point is not about the choices made by the end users, but rather the unscrupulousness of a big company that knows better — but has done this before, far too many times.
Finally, the very nature of online interactions in the modern era means that people aren't just signing away their own privacy but also, to a lesser extent, the privacy of those with whom they interact. Facebook is perfectly aware of this potentiality, but users are not and, on the whole, will never be because it isn't their job to understand the technical dimensions of online communication. A big company like Facebook, however, does know and should have behaved accordingly.
> [...] is irrelevant in this argument. Is war ethical? Is spying honourable?
What do these two examples have to do with the actual circumstance? "Market research" is not war, and it certainly should never be construed as synonymous with spying. Do not construct a strawman against which to argue, it demeans your argument.
> Requirement? You can just tell them to fck off.
You could, but then you would not be adequately participating in the research. You would not be using the VPN as described. You would not earn the $20. There would be no discussion.
Of course, you're failing to account for the fact that none of the participants will have had the privacy and security implications of the root certificate explained to them in a way that made sense to them. They'll have simply followed instructions to get their money.
I do not think that people should ever be blamed for being deceived as to the severity of their actions in situations such as this; a big company like Facebook does not escape scrutiny here. Clearly you believe differently, although the downvotes will tell you how well-received such a laissez-faire attitude to other peoples' private lives and preying on their technical ignorance is seen, so I shan't bother to comment any further.
> what annoys me is the people that pretend to be super-nannies that gonna save the world by telling what the others should do
Thankfully, that's not the situation at all*, and I fear you're simply projecting some negative feelings on to this article in order to justify having an unjustifiable gripe.
Here's what's happening:
- Facebook previously had a VPN service that it advertised as being for market research purposes. It was removed from the App Store.
- Facebook then started using Apple's alternative app distribution method intended only for use in enterprise situations, not for the general public.
- They were found out.
- Facebook voluntarily ended the program for iOS users.
- Apple revoked Facebook's certificate as punishment for flouting the rules.
Who is tell whom to do what, here? Facebook did many things wrong, were found out, and were punished appropriately. The technical details of their actions were analysed and found to be vastly overstepping their bounds, yet in step with their continual and repetitive breaches of personal privacy.
There's nothing more to it than that, so put the strawman back on the farm where it belongs.
One of the more important issues here is that after the whole Onavo thing already got them into hot water, Facebook completely flaunted Apple's clear rules re: enterprise certificates, and snuck in AGAIN through the back door.
I'm very interested to see what Apple's response is going to be. I'd not be shocked (in fact I'd be delighted) to see them penalize FB in some way, perhaps suspend their App Store account or something.
I think you might underestimate how seriously universities take research ethics, these days. Ever since the late 1970s or so. I doubt Facebook’s actions would have gotten past a typical university ethics board, which would be required before the study could proceed.
And now everybody is freaking about a fairly reasonable trade
OK let’s imagine that you have a close friend or family member with some confidential issue - maybe an illness, maybe debt, maybe they are in the closet. Occasionally they message you, on old -fashioned SMS or email mentioning something about it.
How many dollars is a reasonable trade to tell a data collection agency everything you know so they can add it to their file on your friend/relative?
Probably a lot more than $20/month. But it certainly has a price. What FB is doing is definitely scummy, but if individuals are disclosed of the risks and exactly what the app does, I think they should be able to make this trade if they want to.
I probably wouldn't, unless it was in excess of maybe >$1000/month. And even then I'd probably just get a new phone. But people should have the right to sign contracts, even if they seem exploitative, as long as they are aware of what they are agreeing too.
The main problem it seems here is that a lot of the people were underage.
Actually, in some states, to record conversations, two-party consent is necessary. 11 states, including California, require two-party consent. It’s a fair assumption that an app that is vacuuming up everything someone does on a phone is potentially gathering data that would fall under two-party consent laws. Also eavesdropping is also a potential crime under common law. It’s a murky legal area in this case, but one that certainly has some merit.
Well, I pity the fools that assume that their communications are private when they are using SMS, FB Messenger, or Hangouts. If you want your info to stay private, do not send it to untrustworthy parties via untrustworthy means.
Even if you stick with apps like Telegram or Wire (my choice), you have to have in mind that your phone might have a keylogger on (looking at Xiomi and Huawei).
If you want your info to stay private, do not send it to untrustworthy parties via untrustworthy means
Well there’s the rub isn’t it. I don’t think most people would consciously decide to rat out their friends secrets for $20 - or indeed for any price. But somehow, it’s happening.
