[the_snooze]

I've been reading a lot of comments about this, and something that always comes up is the question "why shouldn't people be able to sell their data?"

I have two objections to that. First, they're almost certainly not making that deal from an informed position. Security and privacy are very complicated matters, and most people won't even realize to ask questions about data retention, aggregation, sharing, differential privacy, etc. Instead, they'll substitute in an easier more salient question (https://en.wikipedia.org/wiki/Attribute_substitution), like "Is $20 a month something I want?"

The second issue is that MITMing all network traffic on a phone will necessary scoop up the user's credentials, as well as private messages and metadata from that user's friends and family. It's naive to think about privacy as something an individual can accomplish. When you sell data from your networked social device (i.e., your phone), you're also selling out all your friends and family. Given all that really hot data, what incentives are there for the data collector to act responsibly and protect that data? The reality is pretty much none.

[bob_theslob646]

"First, they're almost certainly not making that deal from an informed position"

After spending an hour reading similar comments to yours, I have to ask this question.

How informed should the user be? What qualifies as an informed user? This is getting into some dangerous territory because it because implies so some sort of contract literacy.

>The second issue is that MITMing all network traffic on a phone will necessary scoop up the user's credentials, as well as private messages and metadata from that user's friends and family.

Do they not already do that with access to Facebook Messenger and Instagram? Why is this not screamed from the top of every hill?

This data collection is also different because they literally say it is for research.( They are protected legally, unfortunately)

>Given all that really hot data, what incentives are there for the data collector to act responsibly and protect that data?

Hmm how about getting fined?(The issue is how much should they be fined and the answer in my opinion should be similar to how the SEC prosecutes for insider trading: fine on top of whatever you made, to strongly discourage you from doing so again or jail them.

[gerash]

I agree. I've seen Facebook doing shady things but I don't think this is one of them.

As a company they want to collect data for whatever reason (a research project, training data for an ML system, creating a new product, refining an existing one or assessing the overall market). So they built software for data collection and are paying people money in exchange. How is this different from Amazon Mechanical Turk or any crowdsourcing platform which pays people for data?

I admit I haven't seen what the contract looks like but are people suggesting that the end user still does not understand that they are providing user data to be used by Facebook in exchange for money or have no power to decline such offer?

But it's much easier for the press to run click baity titles like "Facebook spies on teens! Again!!" and many folks on HN quickly jump on the bandwagon.

That said, the part of this backlash I sympathize with is if someone hates benefiting FB and have any of their data in their hands but then has a friend who uses this service and uploads all their collected chat conversations to FB.

and no, I don't work for them.

[cmsj]

What is "dangerous territory" about "contract literacy" when the typical Terms & Conditions for basically any app/service/website are dozens of pages of legalese?

[michaelmrose]

When one facebook user messages another both users have consented to trust facebook for good or ill. The question is actually much more interesting when you consider a federated network like email.

[bob_theslob646]

It is the million dollar question because like wiretap laws vary by state ( one party consent, two party consent) their is nothing for things like this related to data sharing.