[zephyrnh]

I assume someone at Facebook, hopefully the person that wrote this, or someone who has more influence over this issue, is reading.

I am an engineer. I understand technology better than most of the general population. When I sign in to my Facebook account to use Spotify, I am absolutely not expecting that Spotify will now have access to read every single one of my private messages. This is a gross violation of trust, and if this is what happened, then the fact that you not only made this mistake, but also then published this blog post defending it, marks a low point for Facebook. Perhaps irrecoverably so for me.

"After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature."

This is a write permission. So you needed to give Spotify permission to create a message. It seems that your system combines the read and write permissions, since you just grouped them together by saying "access to the person's messages". It also seems from your defense that you see absolutely no issue with this. In order to share a song through Spotify, you are giving them access to every single private message the user has ever written.

I find it hard to believe that Facebook refuses to acknowledge any fault in this: The initial product decision, the upholding of this decision through previous privacy investigations, and this PR response. Am I misinterpreting the facts or scale of this?

[toufka]

> I find it hard to believe that Facebook refuses to acknowledge any fault in this.

I feel that the distance between their rhetoric and their technical machinations is their liability. And to those who say, "no big deal, everyone already knew this" - well, then why does Facebook's rhetoric not match their underlying technology?

If Facebook came out and said, "our business model is to sell ads, so we do everything legally in our power to give people the power to connect to each other, while supporting ourselves by selling ads," then I would have confidence in their statements. They instead obfuscate and disemble.

When they speak of "integration partners" and speak about using Facebook services on various devices, and not in terms of selling the data itself, opening up entire streams of data to read and write permissions, then their aims in this press release are different from the aims of their clients and shareholders. And the extent of that difference is a liability.

That they can't be honest in plain language about their technical systems means they don't yet have confidence that their technical systems would be culturally sustainable were they to be well understood. Incentives are not aligned here - and that is a very scary and generally untenable place to be.

[marrone12]

Well if you want to receive a message that someone sends you then you'd also need to grant Spotify read permissions. In essence, you'd be using Spotify as a client app for fb messenger. How else could that work without Spotify getting read/write access to your messages?

[runin2k1]

The same way that Spotify doesn't just ham-fistedly show you all your Facebook messages... and other apps don't show you messages intended for Spotify.

Presumably messages are tagged in such a way that the source and/or destination are intended for Spotify. Using that same system, you should be able to specify "Spotify can only read & write Spotify messages."

[chillacy]

That sounds like it would partition my messages, which is not what I want in a 3rd party messenger client.

[zephyrnh]

I assume the point here to send someone a message on FB with a Spotify link, so they click on it in their messages and it opens up the Spotify app. If you just want to send a message from one Spotify user directly to another in Spotify, you don't need FB messages at all, right? Spotify has a list of all your FB friend IDs already and knows which Spotify accounts each is connected to

[chillacy]

I think the use case is closer to Spotify acting as an alternative client to the messenger backend, much like Adium is an alternative client for Google Chat. Which in this case you have to trust the client. It feels grosser because Spotify isn’t just a desktop application, they could in theory have stored and mined your chats.

[jeromebaek]

There are a number of different authentication schemas with varying levels of privilege. The best practice is always to give the smallest subset of privilege necessary to accomplish whatever task is needed. But it looks like Facebook basically gave On Behalf of User privilege -- the highest level -- to basically everyone who needed any sort of API access from Facebook.

[SilasX]

I assume they could have done some kind of "firewalled plugin" architecture? Where there's Facebook code running alongside Spotify code but where the latter has no access to what the former is doing?

Edit: But more generally, this seems like a hard thing to get right, and I just don't see the mind-blowing value-add of being able to FB-message within Spotify!!omg that would justify it.

[danabramov]

Which is probably why these features were removed three years ago.

[SilasX]

Not by itself it doesn’t answer that. Why 3 years ago rather than 1 year or “this is stupid, why give Spotify access to all PMs on our system just so a user can send and view PMs within the third party app?

[grey-area]

Perhaps irrecoverably so for me.

It is well past time. FB have repeatedly demonstrated who they are.

[zephyrnh]

This incident is the first one I've felt this strongly about. There have been many others, but even Cambridge Analytica, to use that example, was just taking information that was semi-public (your likes and interests that all your friends could see), and abusing that information. But that was information that I never mentally compartmentalized as private. Sure the scale and method of abuse was unprecedented, but I also don't blame facebook as much as many people did for not really knowing the extent of how that data could be abused. I also believe that fake news spreading on facebook was a novel-at-the-time phenomenon who's impact was hard to detect until after the damage was done.

My private messages are a whole different category of private. Facebook had a phenomenal engineering team and I put the same trust in them that I put in google for my email. A hack is still possible, but it's the highest level of trust that I can have in a service that I can't control (sure things like Signal exist, but 99% of my friends don't use it, so there's a tradeoff). So this particular incident, and the dismissiveness of the response, is my dealbreaker

[r_c_a_d]

Me too. And since most of my social circle have moved from Facebook to WhatsApp for messaging, I am now seriously concerned that WhatsApp is no longer secure... or wont be in the future under Facebook's ownership.

[kareemsabri]

"After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature."

> This is a write permission. So you needed to give Spotify permission to create a message. It seems that your system combines the read and write permissions, since you just grouped them together by saying "access to the person's messages".

How is it a write permission when the thing you quoted says "send and receive messages"? That's an inbox. An inbox reads messages.