[FeepingCreature]

It's a moral hazard¹, or possibly an externality; the people writing the algorithms that violate people's privacy are not themselves the victims.

Normally in a market system you want to keep the chain between cause and damage short enough to be comprehensible for the people causing it; otherwise, there's no good way to make them avoid it.

¹ https://en.wikipedia.org/wiki/Moral_hazard

[throwanem]

Aren't they? How common do you imagine it to be, among Facebook employees, not to have a Facebook account?

[pdkl95]

Of course they have FB accounts. That isn't the point. The authors of these algorithms introduce - often without conscious intent - their own biases. They bring their own background, morals, etc when they design an algorithm.

This is a general problem with creating an algorithm to supplement or replace anything previously done by humans. Even if the algorithm is given accurate and unbiased data (which is rare), the choice itself to use an algorithm in the first place and the design of the algorithm also contain bias.

Sometimes this bias is intentional such as "redlining" where housing loans were denied to blacks using various proxies for race. I suspect that in most cases the bias is accidental, which is why it is very important to check the results carefully for any unintended bias. In situations like Facebook, simply asking their users first (opt-in) if they would like to participate in "local friend discovery" would be a great start.

[throwanem]

You're not wrong. Does it seem likely, though?

I mean, at this point you're asking Facebook to do something which is directly inimical to its interests, in that people opting out of "local friend discovery" truncates its social graph, or at least reduces the weights it can put on some edges, and thus makes its information less valuable for targeted advertising.

It would be nice to imagine that the people who make such decisions would make that one out of the goodness of their hearts. I do not think this likely. In the absence of a strong financial incentive to do otherwise, I would expect to see things go on pretty much as they have been, i.e., getting gradually worse over time. Threatening Facebook employees with physical harm seems like a severely counterproductive strategy toward applying such an incentive, but I'm not sure what to suggest in its place, because I've tended more in the direction of finding ways to convince people the problem actually exists - itself a regrettable necessity.

[pdkl95]

> people opting out ... makes its information less valuable for targeted advertising

I have very little sympathy for a business model based on surveillance and manipulation. Figuring out how to generate revenue is Facebook's problem. Lots of unethical behavior would be valuable in various business models. Facebook can police themselves or they eventually invite (probably less desirable) legislation crafted by pissed off people.

> Threatening Facebook employees with physical harm

For the record, I am in almost all circumstances I am a pacifist. I would never advocate for physical harm. That said, I have nothing against revealing the private information of the people who insist on doing the same as a business model.

> directly inimical to its interests

> I'm not sure what to suggest in its place

That's easy; you change arrange it so they want to do the necessary due diligence of making sure new any new algorithm is both necessary and safe. We accomplish this with liability. Data needs to be toxic. If you collect data and store it for long periods of time or aggregate it with other types of data, then you are responsible for problems that arise from your databases. In the case of this doctor, if any problems happen to her patients from Facebook's disclosures, then Facebook is the liable party.

They can decide the level of safety required. Either transit the data for the users blindly and enjoy immunity like a common carrier, or inspect the data and pay for the problems that derive from that inspection.

> finding ways to convince people the problem actually exists

That's always a good idea, but in the meantime it is not the responsibility of the user to understand information theory before critiquing Facebook's claims. Blaming the victim is never the right answer.

[throwanem]

> I have very little sympathy for a business model based on surveillance and manipulation.

I have none whatsoever. But Facebook, as it is today, is a thing that is. I don't see that imagining the current state of affairs to be other than it is helps anything. I'm also not hugely in favor of looking to government for a solution to this problem, because the United States government, for all its many and various qualities, has an extremely poor track record on legislation related to technology, and I do not see any reason to imagine their response to Facebook would buck the trend. At best, it'll be ineffective in its stated aim. At worst, it will be that and also inimical to a lot of other businesses which don't actually belong in its crosshairs to begin with.

> I have nothing against revealing the private information of the people who insist on doing the same as a business model

This implies an inaccurate conception of Facebook's business model, which has really nothing to do with revealing private information in the way you describe. I don't think Facebook lies when it says that such disclosures are accidental. I don't think that honesty is any excuse here, but you seem to be imputing evil where there's no reason to believe any exists; the problem is not that Facebook schemes at inflicting misery, but that its financial drive to monopolize an ever larger swath of human interaction increasingly creates misery as a side effect. We can acknowledge this, and work to put an end to it, without erroneously painting anyone as a monster.

You claim, too, not to advocate physical harm, and to be in general a pacifist. Those are nice claims to make. I hope you don't find yourself in the position of having to defend them after a release of Facebook employees' personal information results in someone being SWATted, or driven to suicide, or otherwise assaulted, battered, murdered, or likewise mistreated, as a direct result of an action with which you say you see nothing wrong. You might protest at that time that your rhetoric is unrelated, and your responsibility nonexistent. After all, I'm sure you yourself would never actually dox anyone, even if you do say it's fine to do so. Such protestations are not likely to find many sympathetic interlocutors.

> We accomplish this with liability. Data needs to be toxic.

This is an excellent point! It deserves to be found in better company than you have given it here.

> Blaming the victim is never the right answer.

I invite you, quite seriously, to review my HN comments on the subject of Facebook - they are quite plentiful, you'll have no trouble finding them - and identify any case in which I may accurately be said to have blamed the victim. My entire perspective on this matter is what it is because I am a victim! How do you suggest anyone go about making any kind of beneficial change more likely, if no one recognizes the need for it? How do you suggest such recognition come into existence, if not by finding ways to explain to people that there is a problem? Would you rather just sit back and wait until there's enough of a critical mass, of people who've been chewed up and spat out by the gears of Facebook's advertising data generation machine, for a groundswell of public opinion to arise organically? That seems a bit cruel to me.

[pdkl95]

We probably agree on quite a bit. I'm not trying to accuse you of victim blaming - or anything else - so if I have implied otherwise I apologize; that was not my intention. It wouldn't be my first miscommunication.

My reference to victim blaming was targeted at the the ideas in the thread - and often stated by Facebook and others in the surveillance industry - that people should know not to use Facebook when they have not had an opportunity to learn about how modern technology works. Education is a great idea, but that takes time. (I've been spending 20+ years trying to educate people about the internet, encryption, and privacy in the modern age)

> to be in general a pacifist. Those are nice claims to make.

I have the scars and hospital bill to prove it. Fortunately I was lucky and the (tool assisted) beating didn't do a lot of permanent damage.

> an action with which you say you see nothing wrong.

I never said I saw nothing wrong with it, only that Facebook should to accept what they do to others.

I do understand Facebook's business model. I also understand some of the VP-level people involved, because I taught some of them how to program. These are people that are perfect examples of being born into "privilege", who need some real experience in how the rest of the world actually lives. I don't wish them harm, but I won't shed a tear if they get harsh dose of reality.

(I've probably not worded this optimally; I'm trying to restrain my language because these people piss me off)

> I don't think Facebook lies when it says that such disclosures are accidental.

I'm sure they're telling the truth. I'm suggesting that they are being negligent in their use of automation. If they had any experience in the problems that most people face in the real world, they should have know that problems like at this doctor's office would have happened.

[thr0waway1239]

"Aren't they?"

No they are not. For example, it is now common knowledge that Mark Z bought off all nearby houses in every direction to get more privacy. [1] Do you and I have similar access to resources?

Suppose your identity is stolen and you find yourself penniless because someone hacked into Facebook which also affected your friend who works at Facebook. Who is more likely to be in great financial distress the next day? Who is more likely to know the full impact of the situation?

Also, if someone in Facebook were to be negatively affected in some way, they probably have friends inside who can help them out. Do you and I have a direct line to a similar friend? In fact, we are likely to be the very last people to know of any such exploitation.

Besides, the closer you are to the algorithm, the more likely that you know how to circumvent it, even exploiting some simple bugs that others are not aware of.

And how about opting out? As a technologist, how hard do you think it would be for an insider to add himself/herself to the opt-out database, and also make sure that there were no hiccups in the process? Contrast that to something as simple as opting out of junk mail - have you been 100% successful?

I just made four observations about how you and I do not possess the same advantages as an insider at Facebook. What are the odds that, something can slip through four different test cases you set up and still turn into a bug in production? Minimal, don't you think?

You make really good points about not countering immoral action with more immoral action. But your notion that FB employees could somehow become unwitting victims of their own technology sounds seriously far-fetched to me.

[1] http://www.businessinsider.in/Mark-Zuckerberg-Just-Spent-Mor...

[throwanem]

I don't know that Mark Zuckerberg's access to resources typifies that of Facebook employees in general, but I see what you're saying, and you make good points here which I'll have to consider at leisure.

[firethief]

Air pollution is an externality even when caused by people who breathe.