[barell]

I was also working on Facebook apps from 2011 to 2013 using Facebook APIs.

At this time whenever we have released any app, useres could login to it using OAuth which means they were presented with a list of privileges our app needs from them (eg. Friends list, photos, posts etc). Once user has authorised the app we could fetch all of this data.

This was how Facebook worked at this time, you can’t say it is a leak of data because we explicitly ask user for permission. You basically say, I want to use your app, here is my profile if you need it. I don’t really understand why people are so mad about their data privacy. If you publish your photos, list of friends, what you like, where you live and work, who are you merry to, then it shouldn’t be a surprise this data can be viewed by not only your neighbour but also a dodgy automated scripts. Once the data is fetched then you can only imagine what people can do with it. It’s not really Facebook fault. It’s people who thinks when they publish things on the Internet, it’s safe and can be only viewed by other people.

Maybe Facebook only role should be to make people more aware of all of this, but is it in their interest? I don’t think so.

[mercer]

> I don’t really understand why people are so mad about their data privacy. If you publish your photos, list of friends, what you like, where you live and work, who are you merry to, then it shouldn’t be a surprise this data can be viewed by not only your neighbour but also a dodgy automated scripts.

I don't understand why I keep reading comments like this. One of the main issues is that your data could be leaked to an app developer even if just ONE of your friends installed said app. So even if you diligently made sure only your friends, or even particular friends, could see your stuff, it'd still be accessible to the app developer.

That is absolutely not something even a privacy conscious person would've expected, and absolutely enough to get mad about.

[barell]

As I said I was developing Facebook apps back in 2011 and at this time as far as I remember, your friends list was publicly available to any logged in user. API was only making this easier for apps to fetch the data about you. There was an explicit permission about accessing friends list and their data through the API so yes, any of your friend at that time could just give away your profile to a third party.

I stopped using Facebook back in 2011 (only used it to manage and test my apps) as I was really concerned how easy is to collect personal data.

But I guess for me, as a developer, it is easy to imagine how things works and when to get suspicious online.

On the other hand it makes me really happy, Facebook privacy issues like this one with CA, got much attention and finally more people, hopefully, will understand how things works.

[mercer]

It's not a matter of understanding. It's matter of, among other things, not allowing a friend to give away your data without your permission. I really don't understand how you cannot see that this is not a matter of 'understanding how things work' and instead a matter we can and should be pretty mad about...

[kalkut]

By being friend with someone on Facebook you already make your data available to this friend. Your friend can show this data to anyone curious about you by showing his screen or by talking about what he saw on your profile.

An app on Facebook is only an automated way to ask your friend to share data he/she has access to. You cannot both share data with your friend and expect him/her to not be able to share it with 3rd parties.

If you don't want your friends to be able to share your data you don't become friends with them on a social network and/or you don't share data with them.

You don't tell to your acquaintances things you don't trust them to keep secret. And you can't expect them to keep secret things you share with every acquaintance

[scoggs]

What happens when it's your Mother or Father?

[dapreja]

I tell my relatives repeatedly to not take pictures of me if they're going to share them on those platforms. This whole thing is a problem with people's complatiency with technology and especially the coorporations taking advantage of it.

[obeattie]

Whether this is intuitive for you as a developer isn’t the point. The point is that Facebook gave your friends permission to expose your data, without making this very clear at all to you. It seems hard to argue that this was in users’ best interests.

[Tepix]

The crux is this: Granting your friends access to your data does not mean your friends' apps should also have access to this data. Your permission should be required by apps, not your friends'.

[braindongle]

Thank you. Hacker News works because adults make their points succinctly and without personal attacks. The exchange above this is the kind of "you don't understand" "no, you don't understand" time-wasting that killed Slashdot.

[truj]

Hacker News is a big game of Chinese whispers were each step is a popularity contest over 24 hours. You would be hard-pressed to build a more efficient system for misinformation if you tried. While rational discussions should of course be encouraged, it isn't in itself rational to get ones information from Hacker News. The more damaging thing is of course that once your mind gets trained to whatever opinions are popular here, you will have a hard time seeing other arguments. The "you don't understand" "no, you don't understand" is arguably the point of Hacker News.

For the record Tepix point is supported by essentially anything published by any authority on the subject from the beginning of facebook. As others, further down on the page, have pointed out even the FTC complained about this in 2011:

'''Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need. [...] Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.'''

https://www.ftc.gov/news-events/press-releases/2011/11/faceb...

[savanaly]

They have access to your stuff, and they signed away access to the stuff that they have access to when they gave such and such app permissions. It's like if you loan your house key to a friend and they make copies of it and give it to all their friends. It's hardly the lock-maker's fault or the lock's.

[felipelemos]

Do you really think that the average user understand that the permission list instead of saying "I need to access your friend's list so I can work" it actually says "I need to download all your data and if you do not agree I will refuse to install/work"? And do you think this is reasonable?

[52-6F-62]

I think this is really a main point and not discussed enough.

I absolutely do not think the average user has an idea about the implications of that.

I have to say Google has been mildly better in that way with their Oauth system but it really struck me one day when signing up for a passive service with my Google account — they for some reason requested unlimited access to read, write/send, and delete my emails from my account. Needless to say I backed away. I work in the field and know what this really means. I still get tripped up.

The average person doesn’t 1) give it the time to consider what it means, they just want it to work 2) even if they read the request they don’t understand what it’s actually saying they are doing(data harvesting) and 3) they have little idea of the scope of implications. “Oh it’s just a stupid farming game” but don’t realize the massive trade and profiling going on behind all of it.

The Facebook fiasco is the first time in recent memory where people have been reminded that their data is being taken and not only that — it’s being traded, bought, sold, compiled, refined and worse.

I watched an old 60 Minutes episode yesterday on Amazon circa 1999. Bezos was showing the reporter the recommendation engine. The reporter was clearly shook when it recommended a short list of books he’d actually bought recently outside of Amazon based on a couple of purchases on the platform. In 1999. They collected about a GB a day then.

I guess people got used to the idea of generally benign profiling, and the questioning stopped after a while.

[mtgx]

Because the permissions often don't work as the users expect them to work. See this earlier thread for what I mean:

https://news.ycombinator.com/item?id=16670291