[Puer]

1) This is just a duplicate of the NYT article already on the front page

2) NYT seems to intentionally not elaborating on the "access to users' private messages" part and conflating app permissions to actually scanning, parsing, storing, deleting, modifying individual messages. Until disproven, it sounds like these are just standard app permissions needed to implement functions like song sharing in Messenger chat (in the case of Spotify), or sending payments over chat (in the case of RBC).

This is disappointing journalism, to be honest. FB has done a lot of bad things and they deserve the negative press, but it does seem like NYT has some kind of personal agenda against the company and they aren't afraid of exploiting the tech ignorance of their readers to accomplish that goal.

This is like publishing "Popular privacy extension uBlock Origin 'Accesses your tabs and browsing history'". Yeah. Because it needs those things to function:

https://github.com/gorhill/uBlock/wiki/Permissions

Anyone who's ever written an Android app or a Chrome extension should see right through this sensationalism.

[bluesign]

Yeah it is standard permission but the situation is more like this.

- Facebook had some messages API for developers ( which apps can act as messenger client ), some kind of allowing 3rd party messenger applications, those had all access to messages, conversations, contacts (friends) etc

- Then Facebook deprecated this API

- Probably after that, someone came up with this ideas about sharing stuff on messenger, (song on spotify case, movie on netflix etc etc)

- Then someone in facebook figured out they can use this old API ( in the end they trust those names, they want to do minimal development for this stuff etc )

- So they whitelisted those apps for this deprecated API

So basically they messed up, by giving unlimited access to messages of users to some whitelisted apps, instead of giving let's say selective permission to just to 'send some message' over messsages

[catacombs]

> FB has done a lot of bad things and they deserve the negative press, but it does seem like NYT has some kind of personal agenda against the company and they aren't afraid of exploiting the tech ignorance of their readers to accomplish that goal.

To say The New York Times and the multiple reporters covering the Facebook scandals all have a personal agenda to make Facebook look bad is delusional.

The scandals started with Facebook, and the NYT, as well as other news organizations covering this story, are there to write about it.

Moreover, the Times spoke to nearly 60 current and former employees. You'd think if they had an agenda they wouldn't talk to that many people to corroborate the facts.

If the paper wanted to do a "hit piece," they'd just grab one of their columnists to write it and slap OPINION at the top of the story. A reminder for some people: Opinion is not the same as News. They are different departments that, in most newsrooms, do not dip in each others work.

The Times' investigations team is one of the best in American journalism. I highly doubt the editors would publish a story as a middle finger to Facebook. If you think otherwise, I welcome specific examples of agenda- pushing stories, with exactly the thing they're pushing out that benefits them and not the public.

Again, the scandals started with Facebook, and they're out now for every one to see.

The old saying goes, "Don't do anything that you'd wouldn't want published on the front page of The New York Times."

[stickfigure]

"Facebook gave your personal information to Netflix/Spotify/etc without your consent" is a scandal.

"Facebook gave your personal information to Netflix/Spotify/etc when you installed their app and approved the permission request" is NOT a scandal.

The NYT article makes it sound like the former, not the later. This is either incompetence or malicious intent.

[paganel]

>"Facebook gave your personal information to Netflix/Spotify/etc when you installed their app and approved the permission request" is NOT a scandal.

It is definitely a scandal, 99% of the users generally approving TOSes/permission request screens (including myself) have no idea what it's in there, we generally rely on the goodwill of the companies that wrote out those TOSes/permission request screens.

[catacombs]

Agreed.

This tweet about the issue with TOS sum things up nicely:

"If you were to describe a contract that

- no one has read

- it doesn’t matter if you read because you can’t bargain over the terms

- can be unilaterally changed at any time

- does not explicitly describe the consideration you provide (data!)

You’d fail your 1L contracts class"

[stickfigure]

Nonsense - these are not 10-page EULAs we're talking about. The permission dialogs are clear and explicit about what they will share and who they will share it with. And you always have the option of not installing the app.

[paganel]

Did that message explicitly say "we are going to give access to your private messages to external companies like X, Y, Z" or was it a more convoluted message like "Facebook has direct access to your private messages (of course it has, I'm on FB, ain't I?) and as such it might process your private data with another external entity"?

Either way, many, many of the users would have clicked OK on the confirmation screen even if it had said something like "Facebook is going to sacrifice your first-born child", that's why hiding behind confirmation screens/TOSes when doing nasty stuff like what's described in the article is not enough.

[jlarocco]

> ... we generally rely on the goodwill of the companies that wrote out those TOSes/permission request screens.

LOL. The only goodwill they have is towards their bottom line and covering their ass.

[IfOnlyYouKnew]

The NYT directly makes the accusation that private messages were shared without consent:

“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” said David Vladeck, who formerly ran the F.T.C.’s consumer protection bureau. “I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree.”

Facebook, if you carefully parse their statement, does not deny this: https://news.ycombinator.com/item?id=18714352

[stvswn]

I'd agree if the facts were that the 3rd parties only had read/write access for messages that were coming from their platform. The NYT article implies that the 3rd parties had read access for all messages, including messages unrelated to the integration. The FB response article doesn't dispute this. If it is truly the case that FB gave the 3rd parties read access to all messages, that wouldn't be what users expected when they gave permission -- and it seems like unnecessary sloppiness and a lack of privacy controls at Facebook.

[jamiequint]

> To say The New York Times and the multiple reporters covering the Facebook scandals all have a personal agenda to make Facebook look bad is delusional.

Maybe they're just technologically illiterate then, because many of the NYT articles conveniently eliminate nearly all of the context or specifics around data use in a way that seems deliberately designed to make Facebook look bad. e.g. the story on partner deals last year conveniently did not mention that it would be impossible for FB to make an app that worked on feature phones without the existence of an API like the one the NYT got so worked up about.

> If the paper wanted to do a "hit piece," they'd just grab one of their columnists to write it and slap OPINION at the top of the story.

That's not how hit pieces work.

> The Times' investigations team is one of the best in American journalism. I highly doubt the editors would publish a story as a middle finger to Facebook. If you think otherwise, I welcome specific examples of agenda- pushing stories, with exactly the thing they're pushing out that benefits them and not the public.

Try reading all of the NYT pieces on FB for the last 12 months (including Cambridge Analytica) then look at the state of the tech world and the size of Facebook during the time they were making those decisions, then look into the technical details behind many of them (actual hacks excluded). The "FB is evil" narrative is not nearly as clear cut as you think.

[Symmetry]

Given how much damage Facebook has done to traditional new reporting it would be unreasonable to expect reporters not to bear Facebook any ill will. They're making, what, half as much as they did in 2010? And that's after the huge drop in revenue that Craigslist caused.

I'm sure the reporters and editors involved are trying their best to be fair. But succeeding in those circumstances is really, really hard.

[msbarnett]

> 2) NYT seems to intentionally not elaborating on the "access to users' private messages" part and conflating app permissions to actually scanning, parsing, storing, deleting, modifying individual messages. Until disproven, it sounds like these are just standard app permissions needed to implement functions like song sharing in Messenger chat (in the case of Spotify), or sending payments over chat (in the case of RBC).

I find your argument to highly misleading. Facebook asked users for permission to grant the apps the permission to send messages, and then when the users approved that request, implemented that access by white-listing the applications to give them carte-blanche access to a deprecated API that included not just message-sending abilities, but full read-write access to their entire Messenger history, along with the rest of the deprecated Instant Personalization API.

Cambridge Analytica has already demonstrated how bad actors will misuse any access they have for profit -- granting broader than described permissions simply opens the door to further such abuses. It's utterly naive to believe that these companies would all voluntarily restrain their access to the subset users had been told about, rather than full suite of data they were handed access to.

[beaner]

> Facebook asked users for permission to grant the apps the permission to send messages, and then when the users approved that request, implemented that access by white-listing the applications to give them carte-blanche access to a deprecated API that included not just message-sending abilities, but full read-write access to their entire Messenger history

Is that in the article though? I don't think OP is guilty of being misleading, maybe just not fully informed. I didn't know this bit, either. Can you source it?

[bhk]

> Cambridge Analytica has already demonstrated how bad actors will misuse any access they have for profit ...

Facebook was the bad actor. Facebook divulged user data to the thisisyourdigitallife app in ways that were counter to what it told users. When the scandal broke, Facebook claimed that its terms of service were violated because the app was collecting the data for commercial purposes, not research[1], but in either case FB would have been divulging private data improperly.

[1] https://www.theguardian.com/news/2018/mar/17/cambridge-analy...

[buboard]

Ironically, facebook gives much more details in there response: https://newsroom.fb.com/news/2018/12/facebooks-partners/

[IfOnlyYouKnew]

They gave private messages to Spotify and others, without consent. The Times nowhere makes, or implies, or hints at those companies abusing that data, although the possibility is obvious. Sharing the most private data is already a violation of trust, privacy, Facebook’s public statements, and possibly law.

If you think “sharing data with X without consent” implies that data being misused by X, then that’s a process happening entirely within your head. I agree that it an obvious thought to have, which is probably why so many people have problems distinguishing what they read from what the words made them think off.

This obvious thought process is also why I’m somewhat certain the reporters pondered the possibility, just like you and me. But they decided against putting it in their article, sticking only to the specific facts they had the internal documents and 60 sources to verify.

[njahu]

The media has been running a smear campaign on Facebook for months now.