[tpush]

Really interesting stuff in there.

> Facebook email 24 January 2013

> Justin Osofsky – ‘Twitter launched Vine today which lets you shoot multiple short video segments to make one single, 6-second video. As part of their NUX, you can find friends via FB. Unless anyone raises objections, we will shut down their friends API access today. We’ve prepared reactive PR, and I will let Jana know our decision.

> MZ – ‘Yup, go for it.’

[AlexandrB]

What's really striking is how user-hostile this conversation is. Forget about whether the user wants to share their data or not - it's all about what Facebook wants to do. In this case, that's snuffing competition by denying access, in the case of Cambridge Analytica, it's sharing data for purposes of shady data "research".

[cjhopman]

Yeah, that seemed unexpectedly flippant/dismissive. But a couple things:

1. If you look at the docs, that's from Exhibit 44 which indicates that it's actually an excerpt from a messenger discussion, not email 2. Twitter had previously blocked both Instagram and Tumblr in the same way 3. Facebook had previously blocked Twitter in the same way 4. In some of the other docs here, you can see that there was much more discussion about what their policy should be around reciprocity and apps competing with facebook's features 5. The first line of that indicates that there was likely discussion/planning about this before that conversation

[Mahn]

There's nothing that Facebook did here than any other company, in tech or otherwise, wouldn't have done.

And for the record, Facebook did not "share data with Cambridge Analytica for shady research purposes". A rogue third party developer created one of those shitty quiz apps for Facebook, and then proceed to get users to signup for it; several million did, which allowed said developer to harvest data thanks to the very permissive APIs that Facebook provided at the time. He then proceeded to sell this data to Cambridge Analytica. Facebook has a responsibility in what happened there, but "Facebook sold data to Cambridge Analytica" is a widly misconstrued story.

[nathan_long]

> There's nothing that Facebook did here than any other company, in tech or otherwise, wouldn't have done.

This isn't true. Lots of companies wouldn't steal users' call logs - eg, Mozilla, Signal, and plenty of boring, normal ones who make TODO list apps or whatever.

It also isn't relevant. See how that argument flies in criminal court. "Anybody else would have stolen that car."

What we see here (again) is that FB does nasty things and it's in the public interest to stop them - along with "any other company" who does the same things.

[wahern]

Facebook's business is car stealing. They tell you that upfront: we want your car, and if you park it in our garage we're going to take it.

All this anger over Facebook is ridiculous.[1] Now, if you want to talk about Android and Google's decision to make it more difficult to not only control but to know what data apps (especially theirs!) will take, that's a different matter....

[1] Especially from geeks, and particularly geeks from the 1990s and earlier when we were told that unless we promoted non-centralized publication models that we'd see the very constellation of centralized, user-antagonistic, profiteering services we now have. Whenever someone says, "but why would you want to host your own e-mail/web/chat server, my head wants to explode." It's always "why would you" (or "why would you, it'll never be as good as GMail/Facebook/Twitter/etc"; never, "maybe I should promote and help work on projects that make it easier".

[altcognito]

"A rogue third party developer"

We are all rogue third party developers, and clearly, the priority, much like most businesses is to make a profit, and the customers/ethics come second.

I love the fact that you get bent out of shape that Facebook didn't sell it though, it's a theme I've seen with Facebook employees: "But we didn't sell it!"

I'm not sure if they are lamenting the fact they didn't sell it but I sure as hell can tell what they give a damn about. If you want to hide under "anybody would have done it", lets take a trip down histories gravestones and figure out whether or not we should bother trying to do the right thing because it is the right thing to do.

[deogeo]

> There's nothing that Facebook did here than any other company, in tech or otherwise, wouldn't have done.

Dubious, but still good point. Meaning legislation to force companies to behave slightly less unethically is all the more direly needed.

[rhizome]

If exfiltration of user information and data was not the explicit purpose of FB's API policies, they soundly rejected the principle of lead privilege, which dates back 45 years and is no doubt incorporated into FB's own systems.

thanks to the very permissive APIs that Facebook provided

Why did they do this?

https://en.wikipedia.org/wiki/Principle_of_least_privilege

[varenc]

Facebook improved this years ago and you can see the discussion surrounding this change in the released emails. These days a Facebook app can't ask for your entire friends list, instead, it only gets to see your friends that have also authorized that app. Also, user IDs now have a per-app namespace so they can't be (easily) correlated between different apps.

The discussion revealed in this release is pretty fascinating. For example, you can see that at some point Zuck's friends authorized 31 apps and 76% of those apps had "read_stream" access giving access to their entire newsfeed.

Through one lens this is Facebook locking down their API in an anti-competitive way, which is somewhat true, but mostly this feels like an API change making privacy improvements for users. (The Cambridge Analytica data came from an older app that was running before these changes were made...)

[rhizome]

Facebook improved this years ago and you can see the discussion surrounding this change in the released emails...

This is the same elision they use. My question was, in the face of almost two generations of awareness of the principle of least privilege (almost typed "lead" again!), why did they design the API so that it gave away so much information and data in the first place?

Through one lens this is Facebook locking down their API in an anti-competitive way, which is somewhat true, but mostly this feels like an API change making privacy improvements for users. (The Cambridge Analytica data came from an older app that was running before these changes were made...)

https://newsroom.fb.com/news/2018/12/response-to-six4three-d...

Read the "Whitelisting" section. The only change they mention is turning off the ability to request permission to access the now-problematic data and information (let's say "D&I"). Of course, we also know that this is selectively applied. That's not "somewhat" anticompetitive, it's not necessarily different that the CA problem, and at any rate is only a marginal privacy improvement for users because there's (my estimate) no way in hell they're going to tell us who still has access to the APIs.

[kjeetgill]

Can't they trivially use your first name and/or email to correlate across apps? I'm pretty sure those are all part of the lowest permission class.

[varenc]

I don't think the Facebook API gives you access to your friends emails...but agreed there are still ways to correlate this. (hash of profile photos for example?)

[basch]

The "permissive api" is facebook changing what words mean over time. People signed up, shared things, and then facebook changed default behaviors without communicating the change WELL.

http://mattmckeon.com/facebook-privacy/

In April 2010 basically everything a new user posted to facebook was public by default. They didnt "care deeply about peoples privacy."

[Khaine]

Facebook provided the means for Cambridge Analytica to occur. Facebook also shared social graph information with Obama's campaign.

Facebook is far from blameless, and should be held to account for its scummy behaviour, and for enabling scummy behaviour.

[ladzoppelin]

That's not true man. Some companies were "allowed" to use/get the data even after it was shutdown and the API was created in the first place to entice the masses.

[InTheArena]

It's worth remembering that Facebook did share data in violation of their own terms of use with the Clinton came - in fact, that policy came about because Obama "abused" Facebook to collect contact information for friends of people who liked or followed his campaign. Despite this policy change, Facebook allowed Clinton to do the same. They claimed it was by mistake, but even after the mistake was revealed, they didn't change it or cut off Clinton. Clinton's campaign manager speculated it was because "they agreed with us", but also thought that the Trump campaign had similar access (so far, no evidence has emerged to that).

Facebook is not a good actor, anyway you look at it. They are selling data to first or second parties, who are using it to damage our country.

[rmc]

Maybe the problem is profit-driven companies...

[zepto]

Yeah - if everyone was assigned a job by the government we wouldn’t have this problem.

[hkt]

Yeah, so much for openness and connecting people.

Funny that the committee ended up being the open ones.

[ryanwaggoner]

If you own a grocery store and there's a guy on the other side of town who is cheaper, the people who come to your store because it's more convenient would love for you to be forced to just give away half your space to your competitor. Doesn't mean it's "user hostile" to refuse to do so.

[oliveshell]

I agree; of course that isn’t.

But being forced to give away half your physical retail space is hardly the same thing as just letting them keep using an API that you provide explicitly for such use.

Also, more broadly: one would have quite a hard time making the case that Facebook isn’t nakedly, gleefully, and rapaciously user-hostile.

[ryanwaggoner]

I don't agree, but it's probably not worth making the case. Facebook has billions of users. I assume you think that they want to leave, but they "can't", or that they just don't know how hostile Facebook is towards them.

I think a lot of people who hate Facebook just have a hard time believing that most people just don't care about the same things you do, or to the same degree. They're still on Facebook and Instagram and Whatsapp because they see the world differently from you.

[traek]

> But being forced to give away half your physical retail space is hardly the same thing as just letting them keep using an API that you provide explicitly for such use.

In this case, Facebook was deprecating the API and declined to provide special whitelist access to a competitor.

[kevindqc]

So they just heard about Vine, and decided to deprecate the API the same day? That doesn't sound right to me. That conversation seems to indicate they just wanted to block them ASAP (same day), nothing to do with deprecation?

[traek]

> So they just heard about Vine, and decided to deprecate the API the same day?

No? Where are you getting this read from? The documents clearly show them discussing it from a year prior to shutting down Vine's API access, and planning on announcing it publicly ~6 months prior.

I can't find anything from a quick google search on when the API deprecation actually took effect, but assuming the timeline from Exhibit 43 is accurate, Twitter actually had whitelisted access for over 3 months before being shut down.

[evilzuku]

Nothing says evil more than preparing reactive PR to bury your competitors. And the nonchalant way his response sends chills down my spine. These people will suffocate innovation just to win.

[rchaud]

CEOs and executives are the closest equivalent of royalty in the United States. Their media coverage is often hagiographic as a result. They are humanized and puffed up in the press to an extent that foreign press would never think to do about business leaders in their own countries.

Inch upon inch of columns are dedicated to their morning habits, favourite TV shows and fashion choices, and other fluff content to make them "relatable" to the average joe/jane. This is especially magnified when it comes to SV execs because they wear hoodies and tshirts instead of bespoke suits.

And that's what leads to reactions like "I can't believe he'd be so callous to users", as if the person in question is a hard working bootstrapper and not a billionaire looking to maximize market share and profit.

[gowld]

Zuck has a bespoke hoodie, and ordered a pallet of them for the company so his employees could dress like him.

[hkt]

Gross

[makomk]

As the news coverage of the time pointed out, Facebook did this to Twitter a few months after Twitter themselves did the same thing to Instagram (which was already owned by Facebook at that point) and Tumblr: https://www.theverge.com/2013/1/24/3913082/facebook-has-appa... All of the big social networks were and still are like this.

[gk1]

> And the nonchalant way his response sends chills down my spine.

CEOs of massive companies don't have time to write long and explanatory emails. They put people in charge that they trust, so they can just say one word or sentence and know that it'll get handled.

[gammateam]

Sometimes I write some half ass objection before green lighting it just in case the convo gets leaked

idgaf though

[e40]

> These people will suffocate innovation just to win.

I don't like Zuck, but come on, you just described every CEO in America, that when they have a choice they will do this.

[untog]

Yes. Which is bad!

[e40]

Very definitely this is bad. But it's not a surprise.

[Mankrik]

It shouldn't have to come as a surprise in order to be against it, that's how we get complacent and accepting of this behavior.

[PavlovsCat]

Nobody said it is.

[deytempo]

Isn’t that like saying one must be a foolish consumer because they live in a western nation?

[oska]

I don't agree that Elon Musk is like this (quite the reverse) and I'm sure there are many other CEOs who aren't too.

Let's not normalise sociopathology, even given its prevalence amongst business executives.

[fma]

I'm no Musk fan but he opened up all the Tesla patents so other manufacturers can use their intellectual property.

Maybe he had ulterior motives... Don't know. But opening up patents is certainly the opposite of squashing innovation.

[oska]

Yes, that was my point. That Musk actively encourages other companies to share in his companies' innovations.

[Lio]

I am definitely no fan of Zuck but on the subject of Elon Musk, this is the same guy who tried to use his high media profile to call an innocent man a pedophile just because he would follow Musk’s crazy plan.[1]

So that another one off the “CEO billionaire but not a sociopath” list.

[1] https://www.theguardian.com/technology/2018/jul/15/elon-musk...

[oska]

I'd suggest you find a better source than The Guardian for news about Elon Musk. They have run a relentless smear campaign against him for years now. Just one more reason to loathe that publication, in my book.

[tobylane]

Can I read about this somewhere? Did the Observer write about it?

[traek]

> Nothing says evil more than preparing reactive PR to bury your competitors.

Really?

[dreamdu5t]

Hyperbole. Facebook is a free website... A website.

Burying competitors is a good thing. That’s the whole point. That’s literally the objective of every business in the entire economy.

[primax]

The holocaust? That's nothing! Check out these guys, they're preparing PR to say bad things about their new competitors.

[wlesieutre]

I have a hard time feeling bad for Twitter getting API access pulled out from under them. How many times have they done that to products/services that depended on Twitter APIs?

[raverbashing]

It's official, Mark Zuckerberg is the new Bill Gates. As in "we don't care about ethics"

[TAForObvReasons]

This was known for a very long time. The "Dumb fucks" comments were brought to the public attention many years ago. The problem is that Silicon Valley gave Facebook a pass on all of the ethical transgressions for years (most likely since they minted many millionaires and billionaires in the valley)

[Yhippa]

I perceive the tech community to be okay with this as long as Facebook keeps giving us excellent open source tools.

[Tempest1981]

Gave them a pass, yes, and also bought lots of FB stock, and shared in the spoils.

[jamiegreen]

What is NUX? I was googling and closest I could find was New User Experience, is that right?

[Operyl]

New User eXperience.

[jamiegreen]

Thanks

[joering2]

Is that for real? I remember Mr. Zuckerberg said their mission is to connect the world together.

Can you help me understand how you make world smaller place and connecting people by "shut down their friends API access" ?

[mulmen]

Connect the world together on Facebook.

[tlow]

Did you read the entirety of this report? Can you share any more interesting quotes/bits?

If you did read, would you suggest other HN users read it?