You’re saying an entire system was added to integrate with user email accounts, download all their contacts, and upload them to a database at Facebook, accidentally?
> Facebook said it used to have a step in the account verification process where some users had the option to confirm their email address and voluntarily import their email contacts onto the site. The feature was meant to help them find their friends more effectively and improve ads, according to the company.
> That process was redesigned in May 2016. While the language, which explained the step, was removed, the feature itself was not, Facebook said. Hence, email contacts were still being uploaded to the site without users being aware of that fact.
The claim isn’t that the feature was created by accident. It’s that they failed to disable the feature in the backend when they removed parts of the UI. I can definitely see how this could happen by accident due to poor communication between managers and engineers across different teams. You could also choose to believe that it was an intentional error.
Have you noticed how no feature that brings monetary value to the users is ever accidentally added? I never accidentally received money from these companies, extra storage quota, personalized email address, premium account, etc. And certainly never something that you get to keep once they realize the mistake. The fact that they have such weak controls when it comes to protecting you but such strong controls when it comes to protecting themselves can only be a calculated decision. And the number of precedents of such "mistakes" that are always to their advantage is the proof.
It's a mistake only the first time. Knowing they get away with it every time and reap the reward is just an incentive to do it again and again. And people finding excuses and justifying this as being acceptable is one reason they get away with it. They rely on advocates for ignorance and defeatism to make such incidents feel like a banality, "oh well, what can you do", "it could happen to anyone", etc.
How many situations would you consider excusable where bad things happen to you because someone "accidentally" removed the step where you were informed what's happening and could say no?
Raises hand as an example of someone who essentially got a free server upgrade from 500G to 2T storage recently, due to people following a fixed procedure in a slightly unusual circumstance without thinking.
"Positive" accidents do happen. People just don't tend to shout about them publicly as much as they do about those with negative consequences or that affect many at the same time.
> someone "accidentally" removed the step where you were informed what's happening and could say no
In this case I can easily see this accident happen. A junior was told to remove those parts of the UI. That person has little of no knowledge of the back-end and does not have time to dig or think further because they have other work tickets assigned to them to get on with, just did the job and moved on.
Facebook may be deliberately shitty a lot of the time, that doesn't mean they aren't sometimes accidentally stupidly shitty too.
> would you consider excusable where bad things happen to you because someone "accidentally"
Of course this doesn't excuse it, just explains it. There was a fault in the management and/or work review processes. Someone should have had the opportunity to put two and two together and failed to do so. And there should be some fallout. To use a rather extreme analogy: accidentally killing someone through gross ineptitude is still a punishable crime (manslaughter), I would agree that accidentally breaching data collection rules through gross ineptitude should be too (though I doubt the coders/testers dealing with the "UI cleanup" ticket could be said to be responsible).
We're talking about different things. You're considering just the coding accident of an employee removing this and forgetting that. I'm talking about the intentional decision of not validating this in a better, more robust fashion, at least when it comes to issues that have a huge impact on security or privacy. This was a calculated decision. Whether it was done by not putting in place or by removing all the obstacles that could have prevented this makes no difference. After the first privacy "accident" they should have had in place all the processes required to make sure such an issue doesn't happen, then go unnoticed for so long.
If 5 years from now VW has another "rogue engineer" everybody will wonder how is it possible that it slip through the cracks again. Facebook let things like this slip through the cracks again and again.
> Of course this doesn't excuse it, just explains it.
It excuses it the second it's made too look like a random accident but somehow keeps happening again and again the same way, always to their advantage.
P.S. I'm sure no company accidentally gave such upgrades to 1.5 million users and let them get away with this. And they also didn't accidentally do this again and again. You highlighted perfectly the difference between an accident and an "accident".
> I'm talking about the intentional decision of not validating this in a better, more robust fashion, ...
In my experience, deciding not to do something is unlikely to be intentional. Instead, the something that’s not done simply never presented itself as an idea.
Do you have any evidence that this particular lapse was premeditated, or did you come to this conclusion based solely on your prior opinion of their actions?
> In my experience, deciding not to do something is unlikely to be intentional.
That's some weird experience. A decision is by definition intentional. It's literally "a conclusion or judgment reached after consideration". The moment a person with power of decision is made aware of an issue both action and inaction become conscious, deliberate decisions.
> did you come to this conclusion based solely on your prior opinion of their actions?
That's quite the assumption given the above and the fact that I was pretty clear that it's based on their continued stream of "mistakes" that tend to be massively in the company's favor. Almost feels like you made it in bad faith.
How many mistakes would you say it takes to make one start beefing up their internal processes so millions of people don't accidentally suffer repeatedly? How many before you start to at least consider that it can't be constantly attributed to bad luck? Would you feel different if a company kept overcharging you by mistake and never returned the money or fixed the issue? But now it's "just" and endless stream of your private data. Uncommon sense...
Sorry, so they built a system designed to vacuum up even more personal information and accidentally turned off the screen where they tricked people into giving the information up, leading to it being collected by default?
> Facebook said it used to have a step in the account verification process where some users had the option to confirm their email address and voluntarily import their email contacts onto the site. The feature was meant to help them find their friends more effectively and improve ads, according to the company.
> That process was redesigned in May 2016. While the language, which explained the step, was removed, the feature itself was not, Facebook said. Hence, email contacts were still being uploaded to the site without users being aware of that fact.
The claim isn’t that the feature was created by accident. It’s that they failed to disable the feature in the backend when they removed parts of the UI. I can definitely see how this could happen by accident due to poor communication between managers and engineers across different teams. You could also choose to believe that it was an intentional error.