[stickfigure]

"Facebook gave your personal information to Netflix/Spotify/etc without your consent" is a scandal.

"Facebook gave your personal information to Netflix/Spotify/etc when you installed their app and approved the permission request" is NOT a scandal.

The NYT article makes it sound like the former, not the later. This is either incompetence or malicious intent.

[paganel]

>"Facebook gave your personal information to Netflix/Spotify/etc when you installed their app and approved the permission request" is NOT a scandal.

It is definitely a scandal, 99% of the users generally approving TOSes/permission request screens (including myself) have no idea what it's in there, we generally rely on the goodwill of the companies that wrote out those TOSes/permission request screens.

[catacombs]

Agreed.

This tweet about the issue with TOS sum things up nicely:

"If you were to describe a contract that

- no one has read

- it doesn’t matter if you read because you can’t bargain over the terms

- can be unilaterally changed at any time

- does not explicitly describe the consideration you provide (data!)

You’d fail your 1L contracts class"

[stickfigure]

Nonsense - these are not 10-page EULAs we're talking about. The permission dialogs are clear and explicit about what they will share and who they will share it with. And you always have the option of not installing the app.

[paganel]

Did that message explicitly say "we are going to give access to your private messages to external companies like X, Y, Z" or was it a more convoluted message like "Facebook has direct access to your private messages (of course it has, I'm on FB, ain't I?) and as such it might process your private data with another external entity"?

Either way, many, many of the users would have clicked OK on the confirmation screen even if it had said something like "Facebook is going to sacrifice your first-born child", that's why hiding behind confirmation screens/TOSes when doing nasty stuff like what's described in the article is not enough.

[stickfigure]

When you installed the Spotify app, the message said "This will share your messages with Spotify".

You get similar messages when you install most mobile apps. What exactly are you looking for? If you want to install apps, and the apps are going to do anything useful with data, you need permissions.

nasty stuff like what's described in the article

This thread is about how the article is false and misleading. You can't use the article to justify the article.

[paganel]

> You can't use the article to justify the article.

What I'm saying is that giving access to FB private messages to entities outside of FB even with apparent user consent is not ok. Yes, I received that information from the article, but even if I had heard it from a neighbor down the hallway I would have thought the same thing.

> You get similar messages when you install most mobile apps. What exactly are you looking for?

I'm saying those user consent messages don't absolve FB or any such entity of anything when it comes to them sharing private user data with third-parties. I'm looking at them to not share private messages with 3rd party entities, even if that stands against some of the "usefulness" you mention.

[jlarocco]

> ... we generally rely on the goodwill of the companies that wrote out those TOSes/permission request screens.

LOL. The only goodwill they have is towards their bottom line and covering their ass.

[IfOnlyYouKnew]

The NYT directly makes the accusation that private messages were shared without consent:

“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” said David Vladeck, who formerly ran the F.T.C.’s consumer protection bureau. “I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree.”

Facebook, if you carefully parse their statement, does not deny this: https://news.ycombinator.com/item?id=18714352

[stvswn]

I'd agree if the facts were that the 3rd parties only had read/write access for messages that were coming from their platform. The NYT article implies that the 3rd parties had read access for all messages, including messages unrelated to the integration. The FB response article doesn't dispute this. If it is truly the case that FB gave the 3rd parties read access to all messages, that wouldn't be what users expected when they gave permission -- and it seems like unnecessary sloppiness and a lack of privacy controls at Facebook.