[mobileexpert]

The whole point is that a major problem with CA was the scaled friend’s data collection. The NYU app scraping modality could easily do the same thing which violates the present FB consent/sharing model of you control your data going to or not going to third party apps. FB has to fight as hard as possible against such apps. Remember Clearview AI? If we want FB to fight CA and Clearview they must fight here as well.

[andybak]

> If we want FB to fight CA and Clearview they must fight here as well.

Or they could partner with NYU, offer technical insight to maintain integrity and privacy (me stifles laughter) and do everything to support researchers who potentially could help build trust in their platform.

Going after this group just isn't a good look if you're Facebook. If there are valid concerns then don't start with a Cease and Desist.

[nickff]

They might be willing to partner if NYU is willing to indemnify Facebook against any and all liabilities which may result. How likely is NYU to take on that risk? Why should we expect Facebook to take on the risk for NYU?

[MAGZine]

So is your opinion just that facebook just shouldn't be researched?

[nickff]

I don't really have a view on that, but I think researchers and universities should be held fully liable for the harms they cause, that way, they'll be more careful.

Some research just isn't worth the risk, but as an outsider, I'm not in a place to make that judgement. NYU could also insure against data breaches; in that case, we might get some good security audits.

[xg15]

Hang on. The whole chain of reasoning started with FB protecting users' interests through the permission system, which NYU ostensibly circumvented. How is it in the users' interests to indemnify Facebook?

[nickff]

If NYU internalizes the cost of all breaches (by indemnifying FB against harm), they will be very careful with the data, and prevent another Cambridge Analytica problem.

[XMPPwocky]

> The NYU app scraping modality could easily do the same thing

So could any browser extension with the ol' "read and modify your data on \*" permission. Or any browser. Or any third-party Facebook client.

There is a difference between being technically capable of doing a thing and actually doing the thing- especially in cases where the software authors are well-known and relatively easy to hold accountable. To say otherwise is a little bit goofy!

[ipsum2]

> especially in cases where the software authors are well-known and relatively easy to hold accountable

Like a certain lecturer and senior researcher at University of Cambridge?

https://en.wikipedia.org/wiki/Aleksandr_Kogan

[beagle3]

Suppose NYU sent a person to sit behind every NYU participant, and take a photo of their screen each time it changes - that would be exactly the same as NYU is doing (except more expensive); the participant knows that and gave their consent. It is within their rights to show their screen to anyone.

They are just doing it more economically then sending a person. This is entirely unlike CA, which effectively, sent a person to go through all participants available information as quickly as possible while they weren’t looking and store a copy of everything.