People who believe in the idea in this kind of platform having an API should have long ago spoken up in Facebooks defense. This is exactly what I was afraid would happen, and I expect worse to come from this "platform review". Given the kind of media coverage here, Facebook seems to have more to lose than to gain from letting random Hacker News kids build on their platform. And if so, they won't in the future.
They didn't get it wrong because they know who butters their bread: customers. Developers are rightly prioritized last.
Fun to give this Paul Graham essay a read again [1].
Being a walled garden is independent of privacy. The calendar app on macOS Calendar app allows me to share my calendars in an open format (ICAL) and interoperates with other calendar apps through that specification. It respects my privacy by not sharing anything I don't ask it to without being "walled".
Signal is open and secure; iMessage could be a non-proprietary format and remain just as private.
> all the press coverage of some app developer crying about App Store rejections or onerous rules.
As far as I'm aware a lot of these weren't for privacy matters [1] and are sometimes a little much [2] (this one is specially absurd: [3]).
[1]: https://techcrunch.com/2017/12/08/apples-widened-ban-on-temp...
[2]: https://www.theverge.com/2018/2/8/16992830/apple-emoji-crack...
[3]: https://medium.com/@alariccole/apple-literally-stole-my-thun...
PS:
> all the "open always wins" from the FOSS types
I don't think that means what you think it means. FOSS and privacy are tangential matters.
Apple doesn't have a social network. They also don't rely on advertising and 3rd party data brokering.
It's easy for Apple to be the 'good guys' here when they have physical products as their profit generators.
FOSS would have worked better in the Facebook case too as people and developers would know/discover a) where their data is and b) what risks it faces
Facebook has open-sourced a few internal projects, but none of them had much to do with our personal data.
In fact, it's difficult to blame the API when the problem was that the data was collected in the first place. Surely Zuckerberg has some political opinions of his own, if CA hadn't triggered this media storm what would have stopped him from supporting his own favorite candidate internally? In fact, what's stopping him from doing that right now? Would it even be illegal?
Can you produce any quote from any Free Software or Open Source developer or advocate that supports your statement in this context of Facebook being better than Apple because they're "open"? Because even though both companies are terrible at freedom, they're terrible in very different ways, turning any comparison into a false equivalence.
Nobody is complaining about being able to install a Facebook app that harvests your data. The issue is it could also harvest your friends' data by default.
Although honestly I think this is all manufactured outrage. The fact that this could happen was totally public in 2012 and the public weren't outraged about it then.
1 - I've yet to learn about a major open source project stealing data from its users.
2 - Open source guaranty the users have the right and access to check how it's data can be used. Apple's products do not. Actually, we discovered they were part of the PRIMS program, which means basically they gave ALL your data away already while actively lying about it (https://www.theguardian.com/world/2013/jun/06/us-tech-giants...).
3 - FOSS people like interoperability and choice, which is one of the major problems they blame Apple not to take care of. This has ZERO relationship with privacy.
So on one hand you have privacy savvy communities, giving their free time and work so that everybody can use it to built a better word an understand transparently what's going on.
On the other hand you have a multi-billion dollar black box giving away user data, using massive PR to pretend they are privacy oriented while they make money out of locked in devices.
Now I get people enjoy the Apple product experience.
I get they make a lot of things right for this experience, especially for user friendliness, and integration.
And I certainly get they made the industry progress from a technical point of view.
But do not compare their moral scale to the one from the FOSS folks. This is literally insulting them.
In other words: if you power and prestige comes from getting others to do the work for you, then whose fault is it when they misbehave? It’s your fault.
And it has zero privacy: everybody can see everybody's transactions.
That's in direct opposition to security. When you grant people you don't even know much less trust access to your system, all bets are off. There's just no way to predict what is going to happen. You've lost the fundamental protection afforded by trust.
Today, computers are expected to be able to talk to and serve hundreds of thousands of random users. What if one of them has access to a 0day? They could own the machine. The world would be a lot more secure if servers dropped all incoming packets by default and talked to trusted users only.
Bitcoin is open to everyone and that's great, but it doesn't change the fact people managed to sneak a bunch of illegal pictures into its blockchain.
As platforms, blockchain is more open than facebook and for access control it's less open. GP was referring to security being at odds with openness in the sense of access control.
Who has a financial incentive to build and maintain that system?
I think people are reading too much into this fiasco. We are better off fixing Facebook. It serves its purpose well.
He hasn't. He has pledged to donate 99% of his wealth to a private, for-profit organization that he owns.
I also pledge to donate 99% of my wealth to my bank account.
Please stop spreading PR. He put the money into a limited-liability corporation, and spread a bunch of articles about a "pledge." It's nothing more then a tax-sheltered investment vehicle.[1] This is not the same as putting it into a charitable trust. He can use the money to influence whoever he decides to give it to.
1. http://fortune.com/2015/12/02/zuckerberg-charity/
"Corporations can make for-profit investments and political donations—and unlike charitable trusts, they don’t have to report their political donations."
There's no visible effort at giving beyond the US Zuck Feelings Tour and hiring professional political hacks as his CZI staff.
It’s purpose being?
Maybe it’s the use I make of it, but it doesn’t add much to my life. It could go away and I could replace any of its function with something else, or not miss the function at all.
Cambridge Analytica/Obama campaign data fiascos aside, many are arguing more and more that Facebook is doing more damage than good to society.
Granted, this is hard to measure, but it’s a valid concern.
They will actively ignore problems that deal with public health and security, but promise to "cure all disease" through philanthropy. Please.
Actually, he put his wealth in a tax-exempt “””charity”””.
Not saying an LLC that makes investments in for-profit tutoring companies is bad, really, just not a charity in the usual sense, and not a gift to the public good.
Ironically, the “scandal” that caused this whole thing is a non-issue. Pre-2014 Facebook apps could collect a lot of information about you and your friends, along with their Facebook user IDs, and that was scary because there was a time when you could simply submit a list of user ID’s that you wanted to show a specific ad to. But since Facebook advertising cannot be targeted by user ID anymore, and this policy was in place well before the 2016 election, all of that data was essentially useless to any participant in the 2016 election other than for aggregate things like general campaign strategies. I am intimately familiar with the advertise by ID issue - I was awarded a $2k Facebook bug bounty for spotting an exploit in the Custom Audiences feature that allowed an equivalent version of targeting by ID after they disallowed it.
So while it’s possible that Obama used his special access to the entire US social graph to successfully influence his elections, it is impossible for Trump or Hillary to have done it even if they had the data because of the changes in the FB ad platform in between 2012 and 2016. This entire “scandal” was created and promoted by people that don’t understand, or actively ignored, this concept. If you ask everyone that has read the recent headlines, including reporters that wrote the stories, I’ll bet 99%+ will tell you that they believe they could be specifically targeted with ads.
It would be interesting to see if the executives at any of the media companies that have managed to sell this scandal to the public took unusually large short positions in Facebook stock before releasing the story. Since the story is effectively fraudulent (it was not possible for the election to have been influenced in the way that the stories imply), I assume that would be securities fraud.
This doesn't matter much if you can do essentially the same thing by targeting with extremely specific location and demographic data.
Why DO we have to accept that “public” means big data? Why can’t we legislate access so that aggregate collection of public personal data requires _consent_?
If you can get enough people to agree with you, then great - go for it. But that’s not the point of my comment. It’s that even if they did collect the data, it couldn’t have been used to microtarget you through Facebook ads, even though that is exactly what all of these articles have said happened here.
https://www.facebook.com/business/help/606443329504150?helpr...
Facebook actually cares about this issue. The bug bounty I was awarded arose from the fact that you could build a custom audience email list using user_nickname@facebook.com without knowing their actual email address. So you could simply write a bot that visited Facebook.com/profile.php?id=4 and see that it redirected to Facebook.com/zuck, and now knowing that “zuck” is the user nickname corresponding to user ID 4, you could then put him in your custom audience list using zuck@facebook.com. That worked for all 2 billion people on the platform, because at one point Facebook gave everyone an @facebook.com email address that mapped to their account. However, that issue has been fixed and was fixed before the election.
Both of these things were wrong, but it should have been a huge deal back in 2008 and again in 2012, when 4x the number of profiles were accessed and used, about 99.5% of which never authorized Obama to have or use their information.
Meaning that new customers can't connect with facebook anymore to access their own data using OAuth! We don't need permissions about your friends, your photos, or whatever. Just accessing their own messages and posts (which is what our customers want to see in our app and pay for).
I know they are shell-shocked after #deletefacebook stuff, but this overreaction is ridiculous.
So glad it's not our only channel of communication through. Times like this you appreciate email - crazy huh?
The spin from Zuckerberg as a result will be along the lines of "We're really glad you asked that question, and it's one that's really important to all of us. We are prioritising the safety and privacy of our users, and unfortunately that might upset some over-reaching applications."
Where does it say this? Is that in separate reporting? That would be huge.
Of course, FB could just resort to making everyone's info private. But then it would suffer a serious loss of utility, as many friendships and social connections are validated by the existence of mutual acquaintances. Most of the time this is completely innocent and desirable for all parties, which is what allowed FB to become so popular in the first place.
But maybe I'm missing something obvious.
This lines up with my experience. I did a ton of (painful) Facebook platform development from 2007-2009 or so, but I haven't followed it as closely since. My sense back then was that there was this huge build-up of activity around the FB platform; they were creating all these new APIs and ways for developers to build super social experiences and deeply integrate with the core FB experience, there were huge companies like Zynga that were entirely dependent on Facebook and also were responsible for tons of FB revenue, etc. And then it all seemed to fizzle? It doesn't seem like there's really hardly any activity any more in terms of deep integration with Facebook as a platform, other than FB login. I never see anything on my news feed any more from weird apps, or get invites to take some dumb quiz, or whatever. I mean, I'm sure that stuff is there somewhere, but not anything like it was. That could be wrong though!
Or as in many years late? In that case yes. A bit more privacy from the start would've been nice.
However, apps that request scopes like "user_friends" or "pages_messaging" [1] may error out during authentication.
[1] https://messenger.fb.com/newsroom/messenger-platform-changes...
