[tasubotadas]

What a bullsh*t. People got some money for giving up some privacy. Nobody was forced to do this. And now everybody is freaking about a fairly reasonable trade.

What's next? People will start harassing students/researchers that do paid studies?

[zapzupnz]

Certainly nobody was forced to do it, but it is more than likely that nobody understood what they were being asked to do. Not only that, children were being targeted by this scheme. Lastly, the implementation on iOS circumvented rules relating to an app distribution which shows Facebook’s proclivity for flouting the rules.

Pushing the app distribution thing aside, being aboveboard in every other respect is still insufficient justification for ethically questionable processes.

Facebook has a history of unscrupulous untrustworthiness which should not be overlooked when examining the implications of the scheme, particularly the requirement to install a root certificate. To ignore the context of the polemic, to pretend Facebook is just another company rather than one of the largest collectors of personal, private information on the planet, multiple times caught invading peoples' privacy through less than honourable means, is foolhardy at best and dangerous at worst.

[tasubotadas]

Well, I am not a big fan of telling people what to do or what not to do. Do you want to sell your private info to some corps? Feel free to do so.

Will it blow up in your face? Perhaps. I could not care less. It's your problem. You didn't know what you were being asked for? Again - it's your problem.

People agreed to do that on their own, they got paid for that, and, most likely, they don't care if FB knows what kind of porn do they browse.

All the stuff about ethics and "honourable means" is irrelevant in this argument. Is war ethical? Is spying honourable? Depends on whom you ask.

>requirement to install a root certificate

Requirement? You can just tell them to f*ck off.

In any case, I could not care less about this, but what annoys me is the people that pretend to be super-nannies that gonna save the world by telling what the others should do. Through history, this has never worked.

[zapzupnz]

> Do you want to sell your private data to corporations? Feel free to do so

That isn't the point. The point is that Facebook preyed on technical illiteracy and a general and widespread lack of understanding of the implications of participating in the program. Effectively, the majority of participants were tricked. The age range for participants also included people who were not of age, and therefore not legally responsible for their actions. Facebook must accept that responsibility.

The point is that Facebook flouted Apple's guidelines for the distribution of apps outside the App Store, showing a blatant disregard for the protections put in place to protect consumers from bad actors. Facebook has positioned itself as a bad actor through their actions, not only in the questionable collection of data the implications of which the users will likely be unaware, but also in how such a program was distributed: in direct violation of the protections offered by the App Store.

The point is not about the choices made by the end users, but rather the unscrupulousness of a big company that knows better — but has done this before, far too many times.

Finally, the very nature of online interactions in the modern era means that people aren't just signing away their own privacy but also, to a lesser extent, the privacy of those with whom they interact. Facebook is perfectly aware of this potentiality, but users are not and, on the whole, will never be because it isn't their job to understand the technical dimensions of online communication. A big company like Facebook, however, does know and should have behaved accordingly.

> [...] is irrelevant in this argument. Is war ethical? Is spying honourable?

What do these two examples have to do with the actual circumstance? "Market research" is not war, and it certainly should never be construed as synonymous with spying. Do not construct a strawman against which to argue, it demeans your argument.

> Requirement? You can just tell them to fck off.

You could, but then you would not be adequately participating in the research. You would not be using the VPN as described. You would not earn the $20. There would be no discussion.

Of course, you're failing to account for the fact that none of the participants will have had the privacy and security implications of the root certificate explained to them in a way that made sense to them. They'll have simply followed instructions to get their money.

I do not think that people should ever be blamed for being deceived as to the severity of their actions in situations such as this; a big company like Facebook does not escape scrutiny here. Clearly you believe differently, although the downvotes will tell you how well-received such a laissez-faire attitude to other peoples' private lives and preying on their technical ignorance is seen, so I shan't bother to comment any further.

> what annoys me is the people that pretend to be super-nannies that gonna save the world by telling what the others should do

Thankfully, that's not the situation at all*, and I fear you're simply projecting some negative feelings on to this article in order to justify having an unjustifiable gripe.

Here's what's happening:

- Facebook previously had a VPN service that it advertised as being for market research purposes. It was removed from the App Store.

- Facebook then started using Apple's alternative app distribution method intended only for use in enterprise situations, not for the general public.

- They were found out.

- Facebook voluntarily ended the program for iOS users.

- Apple revoked Facebook's certificate as punishment for flouting the rules.

Who is tell whom to do what, here? Facebook did many things wrong, were found out, and were punished appropriately. The technical details of their actions were analysed and found to be vastly overstepping their bounds, yet in step with their continual and repetitive breaches of personal privacy.

There's nothing more to it than that, so put the strawman back on the farm where it belongs.

[epaga]

One of the more important issues here is that after the whole Onavo thing already got them into hot water, Facebook completely flaunted Apple's clear rules re: enterprise certificates, and snuck in AGAIN through the back door.

I'm very interested to see what Apple's response is going to be. I'd not be shocked (in fact I'd be delighted) to see them penalize FB in some way, perhaps suspend their App Store account or something.

[epaga]

Aaaand there we are: https://www.theverge.com/2019/1/30/18203551/apple-facebook-b...

[klodolph]

I think you might underestimate how seriously universities take research ethics, these days. Ever since the late 1970s or so. I doubt Facebook’s actions would have gotten past a typical university ethics board, which would be required before the study could proceed.

[dave5104]

That's rather charitable, comparing this project by Facebook to an academic study.

[klodolph]

Did you mean to reply to the parent comment?

[mensetmanusman]

With the replication crisis hitting ~half of publications, there is still work to do.

[gaius]

And now everybody is freaking about a fairly reasonable trade

OK let’s imagine that you have a close friend or family member with some confidential issue - maybe an illness, maybe debt, maybe they are in the closet. Occasionally they message you, on old -fashioned SMS or email mentioning something about it.

How many dollars is a reasonable trade to tell a data collection agency everything you know so they can add it to their file on your friend/relative?

[mruts]

Probably a lot more than $20/month. But it certainly has a price. What FB is doing is definitely scummy, but if individuals are disclosed of the risks and exactly what the app does, I think they should be able to make this trade if they want to.

I probably wouldn't, unless it was in excess of maybe >$1000/month. And even then I'd probably just get a new phone. But people should have the right to sign contracts, even if they seem exploitative, as long as they are aware of what they are agreeing too.

The main problem it seems here is that a lot of the people were underage.

[briandear]

Good point. Someone else essentially gets paid to compromise your privacy without your consent.

[mruts]

I mean, if you tell me something, I can legally decide to tell someone else. Unless we signed a contract or something.

[briandear]

Actually, in some states, to record conversations, two-party consent is necessary. 11 states, including California, require two-party consent. It’s a fair assumption that an app that is vacuuming up everything someone does on a phone is potentially gathering data that would fall under two-party consent laws. Also eavesdropping is also a potential crime under common law. It’s a murky legal area in this case, but one that certainly has some merit.

[gaius]

Sure, but maintenance of the confidence of a friend shouldn’t need a law.

[tasubotadas]

Well, I pity the fools that assume that their communications are private when they are using SMS, FB Messenger, or Hangouts. If you want your info to stay private, do not send it to untrustworthy parties via untrustworthy means.

Even if you stick with apps like Telegram or Wire (my choice), you have to have in mind that your phone might have a keylogger on (looking at Xiomi and Huawei).

[gaius]

If you want your info to stay private, do not send it to untrustworthy parties via untrustworthy means

Well there’s the rub isn’t it. I don’t think most people would consciously decide to rat out their friends secrets for $20 - or indeed for any price. But somehow, it’s happening.