Being opt-in and getting compensated are the two things I've seen people want from usage of their data. No one should have an issue with this since it does both.
I harbor serious doubts that most of the 'volunteers' here know exactly what it is they're providing -- the sign-up sheet probably didn't say "we will know very specifically your porn-watching habits" e.g.
I think that this is a fairly common when it comes to technology. The terms and conditions seem reasonable ("we collect some data to provide more relevant ads"), but when you look a bit more closely they build a personal file that contains who you communicate (email/text/call) with and how often, where you go, what you buy, which websites you visit, which videos you watch, etc to the extent that they are able. My mother is very smart, well-educated (she has a PhD), and relatively tech savvy (she works in scientific computing), but she was still floored when I told her about some of the tracking Facebook and Google perform. Google recording her location (which she technically agreed to, but did not realize) was enough that she asked me to help her migrate away from Gmail. She probably would have managed without my assistance, but the barrier would have been much higher.
"We will hold logs of you saying awful things to your girlfriend as you're breaking up in a file on you for the next 50 years" is more accurate. Privacy nihilism comes either from a lack of imagination, or a lack of perceived power.
It was open to adults as well, but yes. However, they had no duty to specifically enumerate that particular case anyway lol. And technically that is a crime under US law to distribute porn to minors, but its not a crime for the users to view it, so if they connect to a website intended for and operating in another country without such laws, there is no legal issue.
While I'm generally all for opt-in and free decision making I think some lines should only be crossed in special circumstances. Similarly to medical procedures that are only legal if the patient is very clearly informed about all potential risks (and that includes even those risks that are really not that probable) by an actual human being and not by just clicking on a button. In the case of Facebook they would in my opinion need to state very clearly that there is an albeit small risk of a breach and all collected data could be made public ("for example you employer might suddenly know which porn websites you are visiting or what people you have googled")
Big opt-ins require big explaining because people can only truly make free decisions if there is an actual effort to inform them about what is happening.
Edit: so maybe this is a bit extreme because I realize that this might similarly apply to (for example) phone manufacturers. I still think that actually analysing the traffic is a bigger risk than simply providing the phone/browser to generate the traffic because of the centralized target that is Facebook.
Regardless of whether Facebook was also trying to deceive users specifically—which we'll never know—they likely wanted to deceive Apple. I'm not going to blame any developer for attempting to bypass Apple's stupid restrictions.
Using intermediaries also allowed Facebook to technically not violate Apple's enterprise certificate contract (because the intermediaries were in violation instead).
> Using intermediaries also allowed Facebook to technically not violate Apple's enterprise certificate contract (because the intermediaries were in violation instead).
I actually though they would have done that, but it used the regular "iPhone Distribution: Facebook, Inc. (In-House)" cert, they didn't even create a shell entity and get a new one. Reports say Apple has revoked this cert, breaking all internal (legitimate) apps and possibly creating quite a bit of chaos for internal ops.{1} Their separate Apple Developer Program organization account, used to deploy TestFlight public and private betas and App Store apps, as well as local deployment to a small number of devices without Apple involvement for development testing, is not affected.
The intermediaries may or may not face consequences if they have separate agreements with Apple, but they did not use any Apple products to do their part and have not violated anything with Apple.
This is a massive overreach. I would be pretty shocked if the people involved in this "research program" truly understood just how much access to their private data they were granting Facebook.
Maybe there wouldn't be an issue if they were being 100% transparent and explicit about what information they are collecting and how it will be used. However, the article seems to paint a fairly compelling picture that FB is not acting in good faith.
The fact that they're targeting kids makes it that much more unethical.
It depends very much on what users are told they are signing up for. The ad in the article says a "paid social media research study", which couldn't be more vague compared to the level of access Facebook are granted through the root certificate.
Plus, the deliberate targeting of children that won't know better. And asking people to upload their Amazon order history! Pretty scummy.
> No one should have an issue with this since it does both.
Surely there's something to be said about age. There's a reason 14-year-olds can't enter into a legally binding contract.
Besides this, there's also the issue of how clear it is that the app is collecting private data. The article says:
"Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using."
which seems a lot like Facebook luring users into giving them their data without the users' knowledge.
Yeah.. these are minors though. It may not be illegal explicitly but the fact that they are minors feels different than the perspective of an enlightened bargain.