[throwawayjay01]

How would this work in the case of data portability? If Facebook were to be forced to provide an API that allowed users to export all of their data to a competing social network would Facebook be responsible for ensuring that the competitor was using the data responsibly?

[fixermark]

Not at all; they'd be responsible for bundling that data in a well-defined format into a blob of some kind that the user can request be exfiltrated (after providing their credentials to authenticate the request). The third-party would then have to digest said blob. Users assume trust of the third-party regarding responsibility for data misuse when they feed the third-party the blob (same as if they'd hand-entered the data via a regular GUI). Google already offers a functional model of this via https://takeout.google.com

Putting control in the hands of the user is quite different from allowing third parties to exfiltrate data on a user without their consent.

(It is worth noting that this approach is still exploitable---third party convinces users to cough up their authentication codes, then acts as the user and makes the request for the whole kingdom themselves. But user education on the amount of power handed to someone when you literally give them your passwords is a separate issue).

[jsgo]

Say there's a startup that is going to revolutionize date keeping and events and scheduling and all that, for the sake of aping a common naming scheme, call them Calendr[1]. Only drawback is that their security is an afterthought, but they're not promoting that.

So a Facebook user that is friends with you on Facebook says to Calendr, "scan my contacts and generate a calendar that already has my contacts' birthdays and any events they've created on it (one would assume this list would include anything that is shared at the Friends Only and Public tiers) for me."

Three weeks later, Calendr is hacked and all of their data is accessible. A Have I Been Pwned-style service will let you read through the data and sure enough: fixermark's super secret event was now publicly viewed as part of this data set. You do not have an account with Calendr and you haven't even heard of it before.

How would you, as a Facebook user, prevent this from happening beyond not creating the event in Facebook? How would Facebook prevent this beyond not providing the data to the third party?

[1] edit: oh geez, there is a Calendr. This has nothing to do with the real Calendr (this is fictitious Calendr).

[fixermark]

They may not be able to prevent it without refusing to exfiltrate that data. But then they maintained clear resopnsibility (at the cost of usability) for the user's data. Excellent example though, because it highlights a real joint-ownership problem in data on a social network (the aggrieved fixermark in this case certainly couldn't have stopped his friend from hand-entering the details of the super-secret party into FakeCalendr without consent either; to a certain extent, sharing information always implies trust of the recipient to store that information responsibly).

Unfortunately, privacy / usability is the tradeoff. Facebook had clear incentives to simplify usability at the cost of privacy. But as a result, these breaches continued to happen.

(I use the past tense here because I don't know what their app ecosystem looks like now. When I was using it, it was extremely easy to do a full friends-of-friends data exfiltration, with the only guard against it being "Don't do that and then dump it publicly for all to see").

[wmf]

Yep, now if you have N friends your data might be in the hands of N companies. You'd need a GDPR-like privacy framework with audits and even then the risk of mistakes is enormous.

(Note that when people talk about data portability they're really talking about federation since social networking can't work otherwise. Non-social data is a little easier.)