[nsx147]

He accepted blame for quite a bit, and apologized (as he usually does)

The part I don't understand about all of this is that, yes somewhere along the line someone made the decision that giving developers access to that data was ok...but they REMOVED access to it as soon as they realized what sharing that data meant. That's how startups are trained to behave, shoot first ask questions later.

They made a mistake and corrected on their own, what more is there to ask? I guess it's more of an issue because of the nature of their business?

[pjc50]

> they REMOVED access to it as soon as they realized what sharing that data meant.

Did that unleak the data? No. It was a mistake, but it required a cleanup which wasn't achieved and wasn't made public.

Ed Felten coined the phrase "Exxon Valdez of privacy" over a decade ago in anticipation of this: https://freedom-to-tinker.com/2006/06/12/exxon-valdez-privac...

[ngcazz]

Wow, that's an amazingly prescient post.

[pjc50]

I'd suggest that people popularize the phrase "Exxon Valdez of Privacy" but that may be old enough that people have forgotten it. Maybe substitute "Deepwater Horizon" or "Fukushima". If you want even more prescient, go back fifteen years to see him post a link to https://www.wired.com/2003/01/google-10/

"The company's growth spurt has spawned a host of daunting questions that no data-retrieval system can easily answer. Should Google play ball with repressive foreign governments? Refuse to link users to "hate" sites? Punish marketers who artificially inflate site rankings? Fight the Church of Scientology's attempts to silence critics? And what to do about the cache, Google's archive of previously indexed pages? "

Whenever a colossal disaster happens, there is nearly always someone who was telling anyone who would listen what the problem was years in advance.

Felten is not as famous as Schneier but just as important, and has been doing lots of important work such as fighting against electronic voting systems.

[drewmol]

>what more is there to ask?

(1) Make an ernest attempt to use ML, algorithms to identify their customers who are using those leaked datasets Facebook negligently exposed and help devalue the data, instead of eagerly selling them targeted advertising services? I don't know if they did this, but it sure seems doubtful.

(2) Quickly and openly disclose the extent of the leaked data

(3) Stop using manipulative and deliberately opaque TOS to enable ever more data collection

I'm not being sarcastic or insincere, this is my honest opinion of that they could have done. I am continually surprised at how many people making $$$ in ad-tech/PII data mining and brokering seem niave to the fact that this type of behavior would inevitably result in exponential growth of user outrage

[hunt]

> (1) Make an ernest attempt to use ML, algorithms to identify their customers who are using those leaked datasets Facebook negligently exposed and help devalue the data, instead of eagerly selling them targeted advertising services? I don't know if they did this, but it sure seems doubtful.

How could they do that? The cat is out of the bag and FB aren't going to have any knowledge about where that data is now. Have there been reports of it getting out from CA?

> (2) Quickly and openly disclose the extent of the leaked data

I think some caution is a good idea, they don't want to get the numbers wrong - although they are making steps in the right direction with the message to 87 million on their news feeds.

[drewmol]

True, it's not easy to do, and maybe it's not feasable to determine who is using the data. I don't know, maybe someone from Facebook will chime in on the issue, or leak some more info about company behavior.

>I think some caution is a good idea, they don't want to get the numbers wrong - although they are making steps in the right direction with the message to 87 million on their news feeds.

Totally agree with the second part, but ~4 years (only divulging the info when forced to during PR damage control mode) is well past being cautious. It's being cautious with the amount of damage the disclosure does to your profits, Equifax doesn't even wait that long.