[presumably]

> "unintentional" is a straight up lie based on how software works

This is a very dangerous statement to make.

Large systems are not like hackathon projects where you might understand and hold the entire scope and flow in your mind.

Software absolutely can and does lead to unintended outcomes, else there would be no bugs.

[bathtub365]

You’re saying an entire system was added to integrate with user email accounts, download all their contacts, and upload them to a database at Facebook, accidentally?

[djannzjkzxn]

The article provides some relevant details:

> Facebook said it used to have a step in the account verification process where some users had the option to confirm their email address and voluntarily import their email contacts onto the site. The feature was meant to help them find their friends more effectively and improve ads, according to the company.

> That process was redesigned in May 2016. While the language, which explained the step, was removed, the feature itself was not, Facebook said. Hence, email contacts were still being uploaded to the site without users being aware of that fact.

The claim isn’t that the feature was created by accident. It’s that they failed to disable the feature in the backend when they removed parts of the UI. I can definitely see how this could happen by accident due to poor communication between managers and engineers across different teams. You could also choose to believe that it was an intentional error.

[bathtub365]

Maybe the business should be set up so there’s less chance of such devastating breaches of privacy happening.

[presumably]

Please respond to the actual contents of my post, and not a strawman version of it.

I’m saying what I said, nothing more.

> Software absolutely can and does lead to unintended outcomes, else there would be no bugs.

Edit: also see this: https://news.ycombinator.com/item?id=22429620

TFA explains how the system was added, it’s absurd and intellectually dishonest to interpret my post as saying what you wrote.

[close04]

Have you noticed how no feature that brings monetary value to the users is ever accidentally added? I never accidentally received money from these companies, extra storage quota, personalized email address, premium account, etc. And certainly never something that you get to keep once they realize the mistake. The fact that they have such weak controls when it comes to protecting you but such strong controls when it comes to protecting themselves can only be a calculated decision. And the number of precedents of such "mistakes" that are always to their advantage is the proof.

It's a mistake only the first time. Knowing they get away with it every time and reap the reward is just an incentive to do it again and again. And people finding excuses and justifying this as being acceptable is one reason they get away with it. They rely on advocates for ignorance and defeatism to make such incidents feel like a banality, "oh well, what can you do", "it could happen to anyone", etc.

How many situations would you consider excusable where bad things happen to you because someone "accidentally" removed the step where you were informed what's happening and could say no?

[dspillett]

> I never accidentally ... extra storage quota

Raises hand as an example of someone who essentially got a free server upgrade from 500G to 2T storage recently, due to people following a fixed procedure in a slightly unusual circumstance without thinking.

"Positive" accidents do happen. People just don't tend to shout about them publicly as much as they do about those with negative consequences or that affect many at the same time.

> someone "accidentally" removed the step where you were informed what's happening and could say no

In this case I can easily see this accident happen. A junior was told to remove those parts of the UI. That person has little of no knowledge of the back-end and does not have time to dig or think further because they have other work tickets assigned to them to get on with, just did the job and moved on.

Facebook may be deliberately shitty a lot of the time, that doesn't mean they aren't sometimes accidentally stupidly shitty too.

> would you consider excusable where bad things happen to you because someone "accidentally"

Of course this doesn't excuse it, just explains it. There was a fault in the management and/or work review processes. Someone should have had the opportunity to put two and two together and failed to do so. And there should be some fallout. To use a rather extreme analogy: accidentally killing someone through gross ineptitude is still a punishable crime (manslaughter), I would agree that accidentally breaching data collection rules through gross ineptitude should be too (though I doubt the coders/testers dealing with the "UI cleanup" ticket could be said to be responsible).

[close04]

We're talking about different things. You're considering just the coding accident of an employee removing this and forgetting that. I'm talking about the intentional decision of not validating this in a better, more robust fashion, at least when it comes to issues that have a huge impact on security or privacy. This was a calculated decision. Whether it was done by not putting in place or by removing all the obstacles that could have prevented this makes no difference. After the first privacy "accident" they should have had in place all the processes required to make sure such an issue doesn't happen, then go unnoticed for so long.

If 5 years from now VW has another "rogue engineer" everybody will wonder how is it possible that it slip through the cracks again. Facebook let things like this slip through the cracks again and again.

> Of course this doesn't excuse it, just explains it.

It excuses it the second it's made too look like a random accident but somehow keeps happening again and again the same way, always to their advantage.

P.S. I'm sure no company accidentally gave such upgrades to 1.5 million users and let them get away with this. And they also didn't accidentally do this again and again. You highlighted perfectly the difference between an accident and an "accident".

[kd5bjo]

> I'm talking about the intentional decision of not validating this in a better, more robust fashion, ...

In my experience, deciding not to do something is unlikely to be intentional. Instead, the something that’s not done simply never presented itself as an idea.

Do you have any evidence that this particular lapse was premeditated, or did you come to this conclusion based solely on your prior opinion of their actions?

[bathtub365]

Sorry, so they built a system designed to vacuum up even more personal information and accidentally turned off the screen where they tricked people into giving the information up, leading to it being collected by default?

[not2b]

Yes, but in this case it is a highly desirable outcome for Facebook. They didn't just get lucky.

[cameronbrown]

Do you really think Facebook profited from this? I'd bet they took a million dollar PR hit if anything.

[uoaei]

Yes, absolutely. It provides a whole new set of connections to improve their view on the IRL social network. It's hard to quantify exactly how much it benefits Facebook but it's not hyperbole to say it contributes positively to everything that makes Facebook money.

[JohnJamesRambo]

Did you read the article?

[Barrin92]

>Large systems are not like hackathon projects where you might understand and hold the entire scope and flow in your mind.

I've seen this argument repeatedly now in a defense of Facebook, recently in a twitter thread where a facebook employee in a discussion about hate speech moderation responded along similar lines of "we are simply too large and don't know what's going on in every corner of the system"

I find it funny that this is used as a sort of excuse or defense. We can draw another conclusion. Like Goethe's Sorcerer's Apprentice Facebook has lost control over its own machinations and is simply too large.