Zuckerberg hits users with the hard truth: You agreed to this
vanityfair.comI never cared about what Facebook did with the data they collected from their users because I did NOT consent. I chose to remain off their platform. I am, however, reliably informed that they nevertheless /persist/ in gathering data about me -- presumably via friends and family and the FB apps they use, along with backend pattern and facial recognition and so on.
Any claim of theirs that I "consented" to them building, using and profiting by my foibles, relationships and habits is false. Not merely disingenuous; an outright lie.
I think at this point, given that both Android and IOS make giving apps access to your contact list easy, you are in fact in these sorts of graph databases in a couple dozen organizations by now, courtesy of people you know. Facebook is not going to be the worst of them by a looooooooooooooong shot.
Pokemon Go, Skype (now Microsoft), Whatsapp, Snapchat, Line & WeChat if you live in Asia, Path, Yelp, Twitter, ... all the bigger internet companies [1]
And sadly there's the really cheesy ones like "Fantasy War Tactics" [2]. How many of your friends play that sort of crap ?
[1] https://venturebeat.com/2012/02/14/iphone-address-book/
[2] https://www.reddit.com/r/AndroidGaming/comments/42ok29/why_w...
Agreed, and in the case of call logs that may exist on me it seems very close to an illegal wiretap for the party never a part of Facebook (me).
Yes you consented, but it's not an informed consent. Facebook will do anything to keep you as uninformed as possible (unreadable legalese, dark UX patterns, opt-outs, ...)
I would argue that consenting to allow Facebook to access your contacts is not consenting to allow Facebook to log your phone calls and SMS messages.
Of course, some of the blame for that belongs with Google, for failing to accurately describe the permissions being given to apps.
Well as Adam Hills said, nobody is going to read 87000 words: https://www.youtube.com/watch?v=nxT9cQ08wPs
I don't want to be a FB apologist (I uninstalled fb/messenger because of all this), but the text of the prompt seems relatively clear:
> Continuously upload info about your contacts like phone numbers and nicknames, and your call and text history. This lets friends find each other on Facebook and helps us create a better experience for everyone.
https://fbnewsroomus.files.wordpress.com/2018/03/opt-in_scre...
Granted, those six words are tacked on the end of a sentence, and given the intrusiveness of the feature should probably have been called out in its own opt-in dialog with its own switch. But it's not like they asked for contact access and turned around and used it for something else.
That's from Facebook's response to the scandal, right?
Has that prompt always been there? A lot of people seem to be unaware that Facebook has been doing this, and I haven't seen anyone say they saw that prompt in 2015.
I searched Google for the text of that prompt, or any reference to Facebook accessing your SMS history, in 2014 to 2017, and didn't find anything.
The earlier prompt never mentioned anything about sms and call logs, just uploading contacts.
People without smartphones and without Facebook who made phone calls to other people also got their calls logged. This was done 100% without their consent.
So many excuses. The story "Of course I agreed, but its all their fault because I didn't know what I agreed to" gets old.
Everybody has known for years that Facebook uses this data against you to make money. If it didn't upset you before why would it suddenly upset you now?
There's an awful lot of people posting "we knew it was bad already, why do you care now?" Remarkably consistently across all articles relating to Facebook. Clearly you want nothing done about this and are happy with this low level of privacy. But on the other hand a lot of people have been unhappy with it for a long time; suddenly the dam has broken and the public discussion in the media is taking an interest.
This happens with many scandals. I'm reminded of LIBOR "rigging", which all the participants thought was entirely normal.
Speaking of financial services, the UK had a long run of "pensions mis-selling" scandals. https://pensionsorter.co.uk/pensions-scandals/ ; I put the personal information leaking into the same category. People were presented with options they did not fully understand the implications of and then induced into picking ones which turned out badly for them. This kind of thing is why so many people hate the financial services industry, and the data mining industry is going to end up the same way if they're not careful.
The "why now?" question has a simple answer: "because Trump".
The public basically believes that Facebook enabled to Putin to get Trump elected. So suddenly the issue of all that data we've been sharing has gone from "I've got nothing to hide" to "This got that guy I hate elected"
Whether or not that's accurate or informed is beside the point.
True - both that that's why we're talking about it now, and that it seems extremely likely this is a contributory factor to Trump getting elected. Perhaps not directly or traceably, but through the huge spread of conspiracy garbage, inflammatory clickbait, and fake news.
In the UK, the trigger issue is Brexit instead. The fake news long predates the internet - Boris Johnson built a career printing false articles about the EU in the Spectator, and the EU has long had a debunking site to deal with the UK press in general: https://blogs.ec.europa.eu/ECintheUK/euromyths-a-z-index/
> The fake news long predates the internet - Boris Johnson built a career printing false articles about the EU in the Spectator
Indeed although that's always been seen as OK because those are "our guys" manipulating public opinion vs. Putin being "the enemy" and getting Trump elected i.e. the tool (Facebook) is not under "our" / establishment control so Something Must be Done(TM)
Been seen as OK by whom?
"Seen as OK" by UK press / establishment politicians in the sense that no real outrage was generated or hearings held or laws changed. Unlike what seems to be about to happen with Facebook...
When consenting to 'upload my contacts from my phone', I think very few people will interpret that as 'upload my complete call and text history'. Is it the user's fault for assuming Facebook is doing what it says it is? Should the user assume that they are being lied to by default and embark on a research project every time they want to use a product?
If Facebook presents the user with an alternate simple-to-understand representation of their EULA, it their responsibility to be fair and honest in this alternate representation. I think it is completely fair to blame them for failing to do so.
To be completely honest, I don't think many people outside the tech bubble have realized the extent to which facebook used and collected users data.
I just don't feel like it's fair to say everybody has known for years. Maybe in your circle, but certainly not in every ones.
> Maybe in your circle
What if the audience in question is limited to people reading Hacker News? Do they have an excuse for the sudden change of heart?
Absolutely, people change their opinions all the time, they don't need an excuse, rather, a welcoming pat on the back. It's a good thing!
I thought HN had been fairly privacy-skeptical of Facebook for a while.
Often with these things it's not the same people switching from a view to its opposite, it's more that one group shuts up and the other speaks up. The collective appears to change its mind without any individual having crossed the floor.
Facebook collects and uses data about people who don't have accounts with them: by definition there is no consent. They also collect and use the same kinds of data for their registered users, even if these users never explicitly consented to it.
If it didn't upset you before why would it suddenly upset you now?
People have been upset about this since Messenger came out. You can look up articles dating back to 2014 warning people about all the permissions Messenger uses. False assertions that people weren't upset before are getting old.
And back then many of the people saying stuff like...
> If it didn't upset you before why would it suddenly upset you now?
...were probably putting down the people who were upset by saying they were being paranoid.
I think the fuel that's driving the intensity of this scandal is the evidence that the "paranoid" fears were broadly correct and the trust people placed in Facebook was misplaced.
> Of course I agreed, but its all their fault because I didn't know what I agreed to
This might sound counter-intuitive at first glance, but nevertheless can make sense, legally speaking.
Let's begin with an extreme example: Say someone holds a gun to your head, and forces you to sign an unspecified agreement. In that case, undisputibly, it is all their fault, and you don't know what you agreed to. Clearly, this would not be legally binding.
Well, there are less extreme examples which also lead to results that are not legally binding. Sometimes, these are part of consumer protection laws. In some jurisdictions, these might even be part of common contract law.
Or, to use the best example: "agreements" of this sort will almost certainly be null and void under the GDPR.
Isn't the surprise of many that this was used for political purposes in a way that significantly differs from the expected pattern (micro targeting vs generic political advertising)?
I suspect most people on HN are aware of how naive much of the public are about the implications of technology.
> Isn't the surprise of many that this was used for political purposes in a way that significantly differs from the expected pattern (micro targeting vs generic political advertising)?
Also not a surprise, it was well-known that the 2012 Obama campaign used targeted advertising and the media at the time raved about this brilliant use of an emerging technology. No one at the time saw fit to question them or Facebook. Let's all just be intellectually honest here: people only care because Trump made effective use of social media.
> Let's all just be intellectually honest here: people only care because Trump made effective use of social media.
I'm not sure that's accurate either in the context of how the Trump campaign used this data and the investigation into the Trump campaign. The issue isn't that Trump used social media, it's how they used it and who they worked with (Roger Stone and the WikiLeaks/DNC hack angle for example).
Can someone explain why this is getting downvoted? This is Hacker News not Reddit, please express your angle with text, not just a downvote.
Hacker News downvotes on emotion every second of every day. It is far worse than reddit. Do not complain about downvotes here, that is against the rules. It is not against the rules here to downvote a comment because you disagree with it, unlike reddit. That's normal here and how HN is meant to work.
> This is Hacker News not Reddit
The distinction is diminishing over time.
Dear Zuckerberg,
If we consented to this and were still genuinely surprised, its an indication that the consent was not sufficiently informed. This is your problem, not ours. Most of us Average Joes just don't understand the scope of what data collection is possible when we give you access to our phone's features - especially when you couch the access request for quite innocuous and even helpful features.
Worse, we don't really understand what can be done with this data. That you can take location data and will use it to infer where we live and work - that you could use it to categorize us according to race and religion - these kinds of possibilities just never crossed our minds when you asked for our location to share with nearby friends.
So, no, we did not agree to this - we were not well enough informed to agree with this. To paraphrase a meme: You might be legally correct, but you're an asshole.
No, it's literally your problem, if there are things happening with the data that are causing you problems.
The libertarian attitude only works if you assume everyone is equal. Children are not. And because access to knowledge and wisdom (which includes when and how to seek out knowledge, usually passed on by educated parents.) huge portions of people can be left in a semi-childlike state. Tendency to violence, under-appreciation for exponentials, etc...
The role of parental systems is to mitigate the issues of orphans who become disenfranchised. Entire races can be orphaned from traditional values of they were severed from their cultural root. (slaves) the elderly also often become orphaned and so are a big target for scams.
Excessive and imposed "family" is just a cult but that doesn't mean family values don't at a role in functioning society. There is a limit to individual ability.
If that problem leads the Average Joe to tell politicians to do something about it, is it really AJ's problem anymore?
The problem and consequences to individuals will only really lead to directed consumerism and outrage. Which is going to matter more?
FYI, Zuckerberg's _not_ referring to the EULA or TOS. He's talking about this dialog box in the app itself:
https://i.imgur.com/zGUdifB.png
Specifically, the very first sentence of the dialog box, which says:
> Continuously upload info about your contacts like phone numbers and nicknames, and your call and text history.
The article's not entirely clear on that point, so I thought I'd mention it here.
Thanks for the screenshot. That's a pretty clear and overt prompt.
...And one I would never agree to, yet my address book is in my Facebook data export. I wonder what previous iterations of that prompt looked like, especially around the time of Android 4.0, which must have been about when I installed the app. Does anyone know if there are old screenshots, or historic versions of the APK available anywhere to check?
"And sure, we were as misleading as possible about it and tried our best to trick you into clicking that Next button, but that doesn't count, right?"
This reminds me of Steve Jobs' "You're holding it wrong." Tone deaf. Platforms always share the most responsibility. This applies to any UX thing. You can argue that the users are "idiots" for not doing what you think they're supposed to do, or you can fix your UX to make it as easy to understand as possible.
Alternatively, you can design your UX with dark patterns to ensure that users do a lot of stuff that are not good for them and aren't supposed to do, but you convince them or trick them into doing anyway, because that's good for you.
I also think that by using this strategy Facebook may win the battle, but it's going to lose the war. Eventually people will go "Well, then, if it's my fault, then maybe I shouldn't be accepting all of that stuff Facebook is pushing into my face in their apps." And then Facebook will slowly but surely die as people use it less and less as "Facebook intended" them to use it.
Statements like "you agreed to this" are disingenuous at best. Probably a more truthful statement would be, "you had to know we were getting SOMETHING out of this." While yes, the terms and conditions were completely forthright about what Facebook could do with collected data, they were counting on an a very small percentage of their users actually reading (or caring) about those terms. I can agree that no one has the right to be outraged though. The only sticky part here is that if I violate Facebook's Terms and Services, they'll terminate my account. They'll most likely still use my data after the termination of our agreement though.
"Hey we would like to give you weather reports and the ability to see when people in your area are selling things
P.s we will sell this on to third parties so they can target you to influence elections."
The problem here is Facebook doesn't ever word things like this, they up sell Facebook platform features, even if they are segways into increased advertising revenue.
I think regulation should have a stance on this. It needs to be easy for users to see exactly how their data is being used, and in a timely fashion. If the company can't protect our data, they don't deserve to have it.
What do you say Mark? You agreed to this*
* - https://cdn.cnn.com/cnnnext/dam/assets/180325071038-01-faceb...
I have a Facebook account on which I have shared as little as possible. When I downloaded the data off the platform, it was completely empty which was no surprise.
But, as it turned out my friends were not so lucky. All of them had my number saved. Some had my birthday. Quite a few had tagged me at my work location etc.
So, even with efforts on my side to try and not share data, FB still has a profile on me. I find it hard to believe that there are lot of other platforms which can build such a cache of information about me, without me giving them explicit permission.
That's funny, as I'd say that;
>"Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone – it’s explained right there in the apps when you get started."
doesn't really cover the complaint from Dylan McKay regarding;
> "metadata about every text message I've ever received or sent"
and;
> "the metadata of every cellular call I've ever made, including time and duration"
This discussion was flagged marked as dead and knocked off the front page within a few minutes, is that normal? It seems strange that it’s no longer flagged or dead but still off the homepage. I find this to be the most damaging Facebook story on there so I worry about why it’s been removed when the discussion on here was interesting.
Another prisoner's dilemma stuck at backstab/backstab. No individual company can offer simple terms, because it's against their short-term interests. Simple terms only work if everyone else offers simple terms. Legal precedent and regulatory capture has evolved us to a local maxima.
Why don't they just come out with a subscription version of Facebook? $40/year for no ads, no data miners or data sharing and a customizable "news" feed (e.g. no shared posts from crazy Uncle, prioritize family, etc.)
Some percentage of users will do that. If 1% of 2 billion users choose it, then they get $800 million per year.
It seems logical if people don't like being the product, let them pay for the product, right?
I've always had the thought that the reason is likely that if you have the money to pay for $40/year then you're likely potentially worth more to advertisers, and therefore they wouldn't want to give an option/leak to exclude the most valuable eyeballs from advertisers.
$40/year for no ads, no data miners or data sharing...
As a point of reference, if you're in the US or Canada, Facebook would be losing money on this model, according to info on their investors' site [0].
0 - https://s21.q4cdn.com/399680738/files/doc_presentations/FB-Q... (search for Average Revenue per User)
Ok those numbers wouldn't work out. I picked $40/yr since it sounded reasonable.
Maybe this is an opportunity for a startup to create a paid social media platform?
If they get $40/user through ads, and thought they could get $40 out of pocket, they'd be making $80/user by doing both.
Where did the meme that paying for a product means they won't advertise or sell your data come from? Everyone is aware of cable TV's business model, right?
I feel the same and was happy to pay the $1 to WhatsApp, until that changed. I can only imagine that FB values its unfettered access to you and your data as worth more than $40 or double that!
Facebook revenue 2017: 40.7 billion. [1] Facebook 2017 user count: 2.2 billion. [2]
A simple division doesn't tell the whole story, but gets us into ballpark territory, call it $20/user/year. It's probably something power-distribution-ish, with a few whales clicking on the most profitable scams and mesothelioma ads, and a long tail of people who are below average. Much like with what network TV actually makes per eyeball-second, it's actually shockingly easy to outbid advertisers.
One of the reasons I kinda look askance at the whole advertising ecosystem is precisely that it seems like nobody is even trying anything else despite the fact it seems like it ought to be a very swift and huge boost to Facebook's real revenues and stock price if they could convince people to give them $50/year. The obvious offer to me would be some sort of all-inclusive cloud storage service for photos or something, which, I mean, they're already doing. The fact that this seems to be unthinkable is what makes me start giving a bit more credence to the idea that there truly is some sort of ulterior motive at play here. Even just "here's $34.99 for the year, facebook, remove the damned ads! and now that you don't need it, stop tracking me" would probably make them a shitton of cash, even without any other changes like giving you back more control over your feed now that you've removed their incentives to manipulate it for their own advertising gain. Where's all that notorious capitalistic greed?
And suppose we were living in an alternate universe where that was an option... how different would the news stories of the past week look? There's non-monetary reasons for this too.
(Compare with Netflix, for instance. I pay them real money. They get lots of real preference data. It would totally be "monetizable" levels of detail. But there's basically nothing they could possibly do with that data that's worth more than the ~$150/year I give them, and trying to start stuffing ads in my face runs a marginal risk that I'll just leave that is probably not worth it. Maybe when Facebook first came out, subscriptions were out of the question, but they are clearly an option now.)
[1]: https://www.statista.com/statistics/277229/facebooks-annual-...
[2]: https://www.statista.com/statistics/264810/number-of-monthly...
If you've already agreed, then that is too bad, that data is already in their hands. However, if you would like to make sure to let Facebook know that your agreement is over, feel free to go here: https://www.facebook.com/help/delete_account
I never signed up, yet I know Facebook has data about me anyway. How exactly did I "agree to this"?
To be honest what really worries me is the people who have "agreed to this" without even realizing anything remotely closer to this. I mean people with poor education to publish everyday photos and texts into Facebook.
Many people use their personal phones for work calls. They may have inadvertently breached NDAs, and in some cases laws, by not paying attention to their privacy settings.
No offense but if you have an NDA that can be broken by using your personal phone you probably shouldn't use your personal phone to make those communications.
> if you have an NDA that can be broken by using your personal phone
Almost every NDA, including those standard with employment packages, include in the definition of confidential information the time, date and duration of phone calls with customers and sensitive suppliers. Anyone in a customer-facing role would thus be required to keep those data confidential, i.e. not disclose it without proper authorization to a third party, e.g. Facebook.
Then it's probably not a great idea to use a personal phone to make those communications then. Whoever wanted the NDA should provide one.
> Whoever wanted the NDA should provide one
This might work for an employee defending against their employer. It wouldn’t work for the employer relative to their customers; or a contractor to their clients; or any other situation. In any case, my point is Facebook may have caused many people legal harm.
Mark wants to surpass $100 billion in lost stock, like a champ
Remember when people laughed off Stallman as an extremist?
He obviously doesn't watch South Park.
Anecdote: I was in Australia once and idly flipping through the hotel room's TV channels. I happened upon the Aussie Dateline, their version a popular US program on NBC that does some alright in-depth reporting on special issues.
As an aside: one thing to remember about Australia compared to the US is that the Aussie version of things is like the US version, but in a fun house mirror. Everything is called the same, and is similar, but is just different enough as to give you 'category-vertigo'. The Aussie BBQ is a BBQ, but not really anything like a US BBQ. The Aussie seafood is seafood, but not really anything like US seafood. Aussie radio is radio, but not really anything like US radio. ETC.
The Aussie version of Dateline that I stumbled upon was taking an in-depth look at a rancher in QLD and his issues with an oil/gas company. The rancher quit school at 16 (generally, a wonderful idea in commonwealth countries that the US should import) and became a boxer, then a car salesman, then a rodeo bronco rider, and then a cattle rancher with a wife and 3 young kids. Very importantly, neither he nor his wife could read. His contracts would be signed with an 'X' and a handshake. From what I could tell about QLD law, every contract must be read to a person that cannot read, and a sense of 'good faith' must exist between both parties.
Well, a US oil/gas company came to him and found the black gold under his ranch. They set up many pump-jacks and ruined his grazing land. He quickly went bankrupt as all his cattle died. So he went to court over it. The US company put their hand to their face and basically went: 'Nee-neer-Nee-Neer-Nee-neer, you signed the contract! Ha!' The contract was written in a very favorable way to the company and screwed the rancher. So much was the stress, that the wife tried to commit suicide. Watching that portion of the interview was heartbreaking. Here was a tough, sunburnt man, brought to tears over finding his wife just about to commit the act.
But QLD law was very favorable to the man. The contract was voided as it was created in bad faith and the US company was made to pay to remove the jacks and pay the rancher back for the damages. The Dateline piece was mostly following their attempts in international courts to get the company to pay up, as they had fled Australia in order to skip out on the payment.
Here's my point: What the Zuck is doing, by saying: 'Nee-neer-Nee-Neer-Nee-neer, you signed the contract! Ha!', is a very American thing to do; and it won't stand up in many other countries, or even his own. Just because a contract was clicked on and agreed to in bad faith, doesn't mean that he will be able to hide behind that shield forever. Even if you have a piece of paper that says 'I can be an asshole', and everyone has signed it, doesn't mean that you can be an asshole forever. People don't like assholes and they will get lawyers/barristers in to express that feeling.
This is actually the correct response. A better way of saying it is: Facebook is not free. You pay by surrendering data about yourself and your friends.
I never cared about Facebook using data collected from their platforms, but the whole "Collecting phone data because you agreed to the very wide permission system implemented in Android systems", is a bit sketchy.
Facebook doesn't have to anything you didn't deliberately agree to surrender. That isn't very sketchy.
No user, even if they read the TOS, believed they were opting into perpetual call and SMS logging.
It’s dark UX and the terrible Amdroid permissions system that tricked them into it.
Part of the problem is how the TOS is deliberately obscure long form text while the UI (which does not make the data sharing explicit) is nice, polished and A/B tested for maximum engagement [0].
Were the same information design effort applied to explaining the data collection and sharing, all users would at least know what is happening.
Most users should know/intuit how this pervasive data collection/sharing can have unwanted side effects, even without such nicely designed explanations, but one of the most effective rules of UX is don't make me think.
[0]: "Frictionless" in practice means "don't wait, start using this now and only think about it later".
Its not dark UX merely because you don't like it.
Dark UX suggests a control designed to trick you into making a decision you would deliberate otherwise not make. I looked at their opt-in control and it is very clear that you have to opt-in.
In other words, if you didn't want Facebook to have all your call and SMS data then why would you deliberately agree to give it to Facebook with their very obvious consent form?
> Dark UX suggests a control designed to trick you into making a decision you would deliberate otherwise not make.
Thats exactly what this is, Dark UX. No reasonable person would think that “text anyone on my phone” means “log all my calls and text messages in perpetuity” despite the deliberately obtuse (and light gray!) paragraph below.
It’s a trap.
> their very obvious consent form
I haven't used FB in a long time and I never used their mobile app, so here's a genuine request: do you have a screenshot or some example of how they gather consent for this?
The Vanity Fair article about this featured a screenshot if you scroll down a little bit: https://techcrunch.com/2018/03/25/facebook-denies-it-collect...
Thanks. It confirms my empirical experience that most users (of all backgrounds) don't read, those who read don't fully comprehend the information, and those who comprehend it are thrown off by cute illustrations or the urgency of what they want to accomplish in the moment.
Personally, I'd prefer the message to be split in two parts, like so:
------
# Text anyone in your phone
This lets friends find each other on Facebook and helps us create a better experience for everyone.
## Privacy
This will continously upload:
- Info about your contacts like phone numbers and nicknames
- Your call and text history.
------
(I don't think I'd have gotten FB to a half-trillion market cap.)
They supposedly have a ghost profile on me, given I have never had an account. I find that quite sketchy.
Facebook doesn't have to anything you didn't unconsciously agree to surrender. That isn't very sketchy.
Fixed that for you.
I dont remember agreeing to facebook keeping lots of private data about me. (I dont have facebook)