[TravisHusky]

The cease and desist seemingly has no real legal basis, but I mean you can send a cease and desist for anything you want. My mom was building a shed on her property, some neighbors didn't like it so they had a lawyer send a cease and desist with no legal basis. My mom ignored the C&D and is enjoying her new shed.

The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold out much longer than everyone else. It's complete abuse of process, and really should be dealt with more harshly than it is.

[akudha]

demanded that I agree to never again create tools that interact with Facebook or its other services.

How is this legal in any shape or form? It is a browser extension, running on users' browsers, installed intentionally by his users. This is insane. The level of arrogance and entitlement here is mind blowing.

[matheusmoreira]

> The level of arrogance and entitlement here is mind blowing.

Yeah. They put a server on the internet but we're not supposed to talk to it. We can only do it on their terms. Gotta control those users so they don't hurt a billion dollar company's business interests.

I remember the pirate bay's responses to legal threats. That's exactly the kind of reply Facebook deserves.

[jonplackett]

Streisand effect in action. Installing extension now. Thanks FB legal team!

https://en.wikipedia.org/wiki/Streisand_effect

[quenix]

What were the pirate bay's responses, if you don't mind?

[InvaderFizz]

They were quite fun to read at the time.

Here is an old archive link to some: https://web.archive.org/web/20111223101839/http://thepirateb...

[akudha]

Please don't sue us right now, our lawyer is passed out in an alley from too much moonshine, so please atleast wait until he's found and doesn't have a huge hangover...

The problem here seems to be that the material is unreleased? If that is the case, you can easily fix the problem by releasing it. We'll be more than glad to help you distribute it - free of charge! - to our users.

Thank you for the link. Their responses are hilarious, haha

[noptd]

And their responses have aged brilliantly to boot.

[radmuzom]

If you are interested in a more detailed story, listen to this Darknet Diaries interview with one of the co-founders of PirateBay.

https://darknetdiaries.com/episode/92/

[tptacek]

I don't have an opinion one way or the other on this extension or Facebook's decision, but the premise of your comment --- "we put a service up on the Internet but you can only talk to it on our terms" --- that is actually how things work, and how they should work.

[matheusmoreira]

> that is actually how things work, and how they should work

I don't think so. Users simply don't have the power to negotiate these contracts. These "take it or leave it" deals are abusive. Especially since many times these platforms have network effects so strong you need to be part of them in order to not fail at life. Under these conditions, nobody can truly consent to anything. These "terms" should not even apply. Nobody even reads them, it doesn't matter what they say because it won't change the fact they need to be on Facebook because of family, work, school, whatever. They click "agree" not because they agree but because the sign up form won't submit if they don't.

So technology that lets us alter the deal is very much welcome indeed. They don't want us using this stuff but their permission is not necessary. Software is gonna interoperate with their site whether they want it or not. They should not even be able to find out that we're doing anything out of the ordinary. From their perspective, they should simply see a normal user agent issuing normal HTTP requests.

Adversarial interoperability. If they refuse to make the site work like we want it to, we'll do the work for them. This should be considered a form of legitimate self defense against their abuse.

[denton-scratch]

> you need to be part of them in order to not fail at life.

Srsly? "Failing at life" would appear to mean dying.

I don't think a social media account is a matter of life and death. FB is basically a kind of entertainment, so if you don't like the T&C you can always join a sports team or a choir, or whatever.

[matheusmoreira]

> "Failing at life" would appear to mean dying.

In my country it's simply not possible to communicate effectively without WhatsApp, Instagram and Facebook. If I refuse to use these things, I might as well simply ostracize myself from society. For some people, it could cost them their jobs, actually putting them at risk of dying.

> FB is basically a kind of entertainment

No. Facebook is communication, jobs, local information, even a market place with local groups where people sell their stuff. It's hard to describe just how thoroughly this company has managed to infiltrate my society and its way of life. People write pop songs about getting blocked on Instagram.

[EvanAnderson]

The nuance of how "we put up a service ... talk to it on our terms" is enforced is what is deeply concerning to me. Is that up to Facebook to use technical means to enforce their terms or is the force of law behind them? Where is that line drawn?

If I modify the DOM with an extension to hide content I don't like am I running afoul of the law? How about using Lynx instead of Chrome?

What constitutes "talking to" a service? Is it data I send to that server, or is it how my computer processes the data I receive and how I interact with it?

Different people are going to have wildly different opinions, and some of them are very troubling to me. Committing fraud is one thing, but simply using a service without exceeding your authority in a way the service provider doesn't prefer seems like something the service provider should handle without the force of law behind them.

[tptacek]

It is up to Facebook to use both technical means and enforceable contract law to draw lines around how their service can be used, the same way it is up to any of us to do the same with services we stand up on the Internet.

There are limits to both tools, and legislatures can enact new restrictions in response to public demand. But none of that is in play in this story.

If the argument upthread was "we should demand laws that prevent Facebook from locking out extensions to their platform", I wouldn't have a rebuttal (I might or might not support those restrictions). But the sarcastic dunk that was actually made, that it was somehow ridiculous that Facebook would have some say over the terms of how their platform was used, was weird and worth commenting on. It's not only not ridiculous, but actually the world as it exists today.

[javajosh]

>[they said] it was somehow ridiculous that Facebook would have some say over the terms of how their platform was used

It's less about FB's right to set boundaries, and more about what FB does when they feel the boundaries have been violated. In this case, they've perma-banned the guy and initiated threatening legal action. That action's extreme demands are NOT in FB's TOS, and reflect on FB's attitude of entitlement.

One argument against this is that FB is just doing the "standard legal thing" of demanding everything up-front, and then negotiating. That is true, but I don't think that just because every lawyer tries to bully their clients enemy means they should. And in this case FB is Goliath, swinging hard and fast at David.

And you know what? Fuck Goliath.

[mumblemumble]

Consider it by analogy: let's say I have a fax machine at my house, and someone keeps sending me faxes on it even though I don't want them to.

I could set up some technical mechanism to stop it, such as blocking their phone number. But, if it's easy for them to switch phone numbers, then that won't work well. And I may not be able to just block a whole area code, because there may be people I want to let fax me coming from that area code as well.

My other recourse, then, is threaten to sue them, and, if they continue, to actually sue them. And I would argue that I should be able to do that. Sending me faxes costs me financial resources and ties up my fax machine, so it's hardly zero cost to me, and it makes sense to have some third party to sort out the dispute and decide where the line should be drawn.

I can imagine other worlds with gentler, more even-handed approaches to sorting out these kinds of issues. Unfortunately, most those approaches fall under the general category of "regulation", and the country I reside in, the USA, decided a long time ago to eschew that kind of approach in favor of one that relies heavily on lawyering up and lawsuits.

[throwaway14356]

what if there is only one brand of fax, they are selling your phone number to advertisers and they demand you receave the faxes?

or say you have to listen to robocalls or els you cant use some unrelated monopolistic service or product?

i like the analogy but the real story is who would use such a tool. if someone feels they need such extreme measures i wouldnt dare deny them this. who in there right mind?

[denton-scratch]

> let's say I have a fax machine at my house

I haven't seen a fax machine in 20 years. I'd be surprised if anyone under 40 knows what they looked like.

[csydas]

Analogies are always risky business ;)

Facebook has a public service and one of the options is to Unfollow; someone wrote a browser extension to do this automatically for all items.

Fundamentally, what is the difference between automating this process and doing it manually?

In your example of a fax machine, arguably fax numbers are a private entity; there is no requirement for publishing fax numbers nor is fax automatically publicly listed for everyone to see. A malicious spammer would need to either obtain the fax number from a listing somewhere or brute-force the number, and similarly, the only way to __know__ that a fax has gone is ambiguous. obtain the fax number from a listing somewhere or brute-force the number, and neither is really analogous to what a browser offers.

I think your analogy conflates a few concepts incorrectly, namely that there is some unexpected or undue financial consequence to Facebook for publicly allowing users to Unfollow Groups; if the extension __needlessly__ generated traffic, this is closer to your analogy. But as I can see how the extension works (based on archived copies found on shady sites), it's not undue traffic, it's just expediting the process of manually Unfollowing groups.

Facebook shouldn't have a recourse here as I see it; the automation causes no undue burden on facebook that isn't possible by manually clicking, an arbitrary review of the extension suggests there is no undue stress on the servers that differs in any way from the traffic one might generate if they manually unfollowed groups. Automating the process indeed might be undesirable for Facebook in some way, but fundamentally the same result is achievable with manually clicking, and I think a more substantial evidence of damage is required from Facebook to justify such a threat.

If we take it to a logical comparison, should Facebook have the right to block a mouse + keyboard automation tool that I script to react at human speeds but is pixel-perfect to unfollow groups?

If the answer to this from Facebook is "yes", then the natural question is "what is the similarity between these processes?"; if the answer is "automation", then the natural question is "why is this damaging to Facebook as opposed to me just manually unfollowing??", and I'm not confident Facebook has a reasonable/strong answer to this.

If Facebook is fine with the slower method, then the question becomes "what is the real concern with the faster method? I will skip the logical follow-ups here as the response is already long.

Facebook should __not__ have the right to sue just because they don't like an activity; no one benefits from this; quite the opposite, smaller parties are actively harmed by such behavior as they lack the financial resources or confidence (or both) to respond to such a legal challenge, and this was never the intent of law. One should not need heavy financing to secure their natural rights; if Facebook wants to position that the extension is somehow illegal as per terms of service, I think the duty is on them to demonstrate how it's significantly damaging and how it differs from a dedicated person armed with a cup of coffee and an hour of free time; if Facebook cannot make a significant distinction outside of convenience for the person, then I don't see a basis for legal recourse.

[feanaro]

I'm not sure why you think the line is this clearcut, and in the wrong direction at that, but this gets murky really quickly.

You don't get a say in how I'm using my computer. If you're exposing your HTTP server to the world and letting users access it using their web browsers, you don't get to tell me my choice of web browser (that is, HTTP agent) is not to your liking.

[threeseed]

The line is crystal clear.

You can do whatever you want with your computer.

But when you use your computer to access a remote service you need to comply with their terms of service.

[wizzwizz4]

If their terms of service say “thou shalt not reverse-engineer”, and I want to connect my Facebook to my Friendica, UK law says that I'm allowed to do so, and Facebook is not allowed to have a problem with it – any clause in a contract that says otherwise is to simply be deleted.¹

¹: Technically, I think “ignored” is more accurate; if you're prohibited from reverse-engineering in general, the general prohibition would still apply even though it has a specific exemption. I'm not a lawyer, though.

[int_19h]

That depends on the terms - not everything goes. For example, they don't get to say that you must only use Facebook while naked.

And in this case, I would argue that this is a case where they should not have the ability to restrict this kind of interaction. If the law disagrees, then the law needs to be changed (and in the meantime, ignored to the extent possible).

[matheusmoreira]

> But when you use your computer to access a remote service you need to comply with their terms of service.

The only moral obligation is to not crack the server and take control of it. We won't make the server's processor execute our code. That's the line. Your computer runs your code, my computer runs my code.

Anything else is fair game. Server responds to my HTTP requests, so obviously anything I can do with HTTP requests is allowed. It doesn't matter what I use as user agent since it's the company's own code that's handling those requests.

Ironically, taking over control is exactly what big tech is doing with our computers. They take control away from us and give it to the copyright industry, to the advertisers, to everyone who would very much prefer that we users remain mere passive consumers just like in the days of television. Our computers are slowly becoming appliances.

[feanaro]

And this is in no way transgressing their terms of service since it's doing the exact same thing any HTTP agent would do. They don't get to choose which agent I use.

In other words, either the action is disallowed completely or it's allowed regardless of my choice of user agent.

[robbrown451]

Please elaborate.

I understand certain terms (such as saying you can't hit the server more often than a reasonable amount), but much beyond that I push back. If the laws allow them to make such all encompassing demands of how I use their product, well, laws can be changed, and I vote.

[tptacek]

You can vote much more forcefully by simply not using Facebook. Many of my friends have made exactly this decision and they seem fine.

[robbrown451]

I disagree. I don't think that solves the problem, at all.

One: Facebook is currently being accused of damaging democracy via misinformation and their "anger promoting" algorithm. That affects me, and my leaving Facebook doesn't solve that. Two: there is the monopoly issue (if that is the right word.... the issue I am concerned about lies on a spectrum, unlike many people's usage of "monopoly"). Prior to Facebook having dominance, I used to be in the loop of what my friends are doing, because they used phone, email, etc. Now they all use Facebook and my choice to not use it (which I don't, actually) results in my not being included in a huge number of things. In that sense, I think Facebook has become like a utility, like the phone company of old. I can't just find a social network product that I prefer, and use it instead.... my friends are not on it and other social networks are not interoperable with Facebook. (as phone providers and email providers are interoperable with one another)

Teens who use Facebook products are known to be harmed. Maybe you think they should just not use these products. That will cause even greater harm to their social lives than it causes to mine, since all their friends are using it and being connected with friends is very important to teens. Again, their simply not using the product doesn't address the problem. (and MY not using it especially doesn't help)

I think your comment is like saying "if you don't like constant robocalls, just cancel your phone plan rather than encourage laws to curtail them." Kind of throwing out the baby with the bathwater.

So yeah, I'll exercise my right to vote by actually voting. Luckily, many representatives are in agreement with my perspective on this.

[White_Wolf]

That is exactly how it works even with the extension. By building what ammounts to a GUI to a glorified database you are deciding on the interaction level with the database.

The fact that the extensions helps automate some tasks if a different matter. If it were an industrial level scraper that scraped anything public... that could be considered malicious and can cause tangible financial losses.

This extension on the other hand... You can't really justify sending a threat like that. You can come up with excuses but that is it.

[matheusmoreira]

Yeah. Imagine sending a C&D to an extension developer because their software is helping people break free from their social media feed addictions. Can't have that, it's reducing ad impressions!

It's like Facebook wants people to hate them.

[thriftwy]

Web Browser is called User Agent for a reason. It is not Corporate Agent or Facebook Agent. It should grant every right to the user with regards of look and feel of web sites, and none to the website being browsed.

Web site may merely suggest how it is best served.

[matheusmoreira]

I agee completely. This also extends to HTTP requests and all kinds of automation. We should be able to make a custom Facebook client if we want to. There's no reason their client must be the only one allowed to talk to their servers. Competition in this is space is obviously good for us. User agents should do what's good for us, not what's good for some company. If subverting their business interests is good for us, that's exactly what the software should do. We are its masters.

Really, the user should have all the power. These companies already have what, billions of dollars? That's power enough for them.

[feanaro]

> There's no reason their client must be the only one allowed to talk to their servers.

In a lot of cases it's also not their client in any sense of the word. Firefox, Chromium, Safari are not Facebook's.

[thriftwy]

At least, every browser should include a grabber which will mirror all information it sees to store locally/in the cloud.

Facebook bans you? You still have all your data intact.

I wonder if Facebook is legally still obliged to provide all its information to the user in the EU even after banning the user, and if they comply.

[threeseed]

> They put a server on the internet but we're not supposed to talk to it.

Just because a company offers a service doesn't give you the right to (ab)use it any way you want.

If that were the case hacking would be considered legal.

[throwoutway]

The requests are authorized, by authenticated users. Facebook could just deny the requests or rate limit. Or stop offering the unfollow feature (which they keep moving and hiding).

[matheusmoreira]

If I exploit a vulnerability in order to crack their security and run my own code on Facebook servers, I've committed a crime.

Sending an HTTP request to the Facebook server is not a crime. Facebook code is still in control. It can ignore my request.

[wizzwizz4]

> Just because a company offers a service doesn't give you the right to (ab)use it any way you want.

Didn't the US Supreme Court say it did, actually? I know that GDPR and the UK's Copyright Act have something to say about the matter.

[threeseed]

There is no law anywhere in the world that grants you permission to use any internet service for any purpose.

It's always subject to the conditions the service provider sets.

Otherwise again it would legalise hacking.

[wizzwizz4]

If a company offers a service to the general public, you are allowed to use that service for any purpose permitted by applicable law. Even if the EULA / ToS says you can't. It says so in the applicable law.

[rmah]

It's legal in the same way it's legal for me to demand that you never eat tomatoes again. It's also legal for you to demand that your neighbor turn off his TV. Anyone non-government party can pretty much demand anything from anyone else. It means next to nothing. Not trying to be snarky here. It's just that I find it odd that so many people seem to think that the law is about what's permitted when it's really about what's not permitted. At least in the USA.

Arrogance and entitlement on Facebook's part though, that I agree with.

[hetspookjee]

Now add the ingredients that you have a vested interest in setting an example, and have infinite resources to do so. Say you set aside a billion dollar to hammer your neighbour with lawsuit after lawsuit, no matter how frivolous. You can run this way for years while consistently losing. It’s not a matter of being right or wrong, it’s a matter of who has the longest breath. Sure After several years the tables might turn and the judges may find it odd you’re claiming such weird things, but then again you’ve been going at it for years already.

So sure there might be a moral argument on what is right or wrong, but the law in practice does not work like that. Unless a judge sets an example by nipping this behaviour in the bud with excessive fees, but good luck seeing that ever happen.

The only way I’d see the neighbour win is if a whale of an activist Party would side with him and make it clear that any legal fight will be taken up with the biggest defence possible, but this is equally unlikely to happen unfortunately.

[rmah]

I wasn't making a moral argument, I was making a practical one. The demand, in and of itself, means very little. Being notified may matter, but the fact that it was couched as a "demand" rather than a "request" is irrelevant. And the notice will only matter in so far as you are actually in breech of a contract or there is a tort or you are breaking a law. As you illustrated, it's primarily the ability to punish non-compliance that actually matters (via procedure, public relations, etc).

Through it all though, the fact that the other party demanded something of you instead of politely asked" or humbly requested is not really relevant. What matters is that you got notice. That's it.

[robbrown451]

I guess it is all in the definition of "demand." I interpret the word -- at least in this context -- to mean it has legal teeth, so to speak.

Even if they are enforcing their demand by way of banning users that don't comply, that may indeed be illegal. For instance, if Facebook made a demand that gay people may not declare themselves so on the platform or they will be banned, I'm sure they'd pretty quickly find themselves on the wrong side of the law.

But really, right now, something like this just gives Congress new things to grill Zuckerberg on, next time they bring him in. (which is inevitable, I think)

[cormacrelf]

It does not have teeth, but it would if the developer agreed to cease and desist. It’s an offer; in return they will not sue. (From what they might propose to abstain from suing, I am not sure. And whether that agreement would be a valid contract for certainty and completeness is another issue. But the general idea is “stop this or we will sue; if you do stop we won’t sue”.)

[robbrown451]

"in return they will not sue."

The threat of a lawsuit counts as "teeth," to me. But only if it is significant likelihood that the lawsuit will be successful.

So the way I tend to interpret things is a bit less pedantic: "can they demand?" means (to me) "do they have a way of forcing compliance that is likely be backed by a court?"

This does have the effect of making the word "demand" less of a binary and more of a gray scale.

[cormacrelf]

A fun thing about the law is that nobody cares about your interpretations of "demand" and "legal teeth, so to speak". The only important thing is that it was in fact framed as an offer: "demanded that I agree". The original question was:

> How is this legal in any shape or form?

And the answer is, any person or corporation has the power to make an offer not to sue. Consider this post a legally binding offer from me to you, not to sue you for any matter arising out of your reply to my comment. I demand thirty thousand US dollars for the covenant not to sue. You don't have to accept, but if you don't, or you agree but do not pay within 60 days, I reserve the right to sue.

You don't need any more authority or legal power than the power to contract. There is zero legal difference between what Facebook did, and what I just did. If you don't want to accept, I cannot make you. Facebook's negotiating position is only better because they have better lawyers, more money to waste on frivolous lawsuits, and the developer maybe felt they might have done something wrong.

[unclebucknasty]

>How is this legal in any shape or form?

IANAL, but have some experience with this from a business matter, resulting in obtaining advice of counsel.

And, yeah this is not a criminal matter, but a civil one, so you're right that the developer isn't likely in civil breach unless they are using FB resources (e.g. API or SDK) that they access under agreement with FB and are violating.

The irony is that if the FB standard user agreement prevents users from, say, using software to programmatically access the site, then it's the user of the extension who would be in breach with FB.

So, as long as the developer doesn't use the extension on their own FB account, then FB doesn't have much to stand on (and even then the C&D would only be applicable to the developer's use of the extension as a user).

On a related side note, if the extension actually did something not related to a specific account (e.g. scraped a public profile while not signed in), then even the user would likely not be in breach, as there is no affirmative assent (i.e. clickwrap) to terms of use required to simply visit the site.

[invokestatic]

There’s actually a concept of tortious interference, which can make you liable for assisting other people in breaking a terms of service, even if you never broke it yourself.

[unclebucknasty]

Yeah, I'm familiar with that concept too and actually nearly filed an action against a competitor for it (wish I had, as it was clear cut).

But, my understanding of the standard for that particular tort would make it difficult for FB to prevail. In particular, the two tests that might be hardest to meet are that FB would have to show damages and they would have to show that the developer's conduct led to the breach.

I'm not sure that merely creating a tool qualifies, especially for the latter. The user is not coerced or compelled by the developer to violate his agreement with FB.

Again, IANAL. Just thinking back to legal counsel I've received (and quite possibly misapplied here). Definitely plenty of gray area in civil law.

EDIT: Thinking back to this specific extension, it may be even harder for FB to prevail on tortious interference. The tool merely automates actions that FB makes freely available to its users. And to some extent all access to a site is "programmatic". So, I wonder how this compares to ad blockers or even other built-in browser capabilities that could "programmatically" alter the user experience when accessing FB's site. Really interesting.

[zja]

Sounds similar to what happened when Blizzard sued a company for selling World of Warcraft hacks. https://en.wikipedia.org/wiki/Glider_(bot)

[invokestatic]

Funny you should mention. I only know this cuz I used to sell cheats for games.

[bryanrasmussen]

I would suppose for any extension to work with Facebook the site it would need to be developed with knowledge of a Facebook page's DOM, as such the developer would need to go look at the page to be used and write code to do what the extension needs to do.

Thus I guess one legal argument would be that the ability of the extension to work proves the developer's use of Facebook the service even though they have been banned. So maybe there is something from that they can build up an argument, although it starts to sound far-fetched enough I might expect a judge to not buy it.

[polynomial]

Browser extensions don't kill FB accounts. People kill FB accounts.

[javajosh]

>How is this legal...

In theory, legality is the Judge's opinion of the law applied to circumstance. To even approach this state is extremely expensive and takes a great deal of time - on the order of years.

So, for the most part we're all on our own. And in that context, legality doesn't matter. At all. What does matter is leverage. The justice system itself is, ironically, most often used as leverage, not as a service for determining legality, but as a threat of the expense and time of getting to that determination.

It's sickening, but that's how it is.

[chrisseaton]

> How is this legal in any shape or form?

Are you asking how it's legal that you can demand someone to do something?

How is anything legal? Because there's no law against it. There's no law against demanding something. You can demand (almost) anything of anyone you want.

[throwaway14356]

what if you have some kind of leverage over them?

[chrisseaton]

Yes that’s usually legal. Again - what law are you thinking of when you ask if it’s illegal?

[quotemstr]

> How is this legal in any shape or form? It is a browser extension, running on users' browsers, installed intentionally by his users. This is insane. The level of arrogance and entitlement here is mind blowing.

Google banned the Chrome extension "bypass paywalls" for doing nothing bad except annoying Google's friends.

This is why walled gardens are bad. It's not Google's place or Facebook's place or Apple's place or anyone's place to tell me what programs I can run on my own computer.

[chemmail]

They think they own the internet. But in some countries they do.

[walrus01]

Give the source code to the extension to a developer located in an impossible legal jurisdiction like Afghanistan. Let them publish it. Good luck to Facebook hiring a lawyer and trying its luck in the Taliban's court system. Even before the collapse of the previous government in Kabul it would have been a near impossibility.

[dashtiarian]

I'm a developer in Iran willing to do this, email in the profile, just in case the owner wants to and reads this.

[quickthrower2]

This is so awesome! Is this the start of a new thing / movement I wonder?

Such a plugin is beholden to the extension “marketplaces” so it would be good to include instructions on how to self install the extension if chrome bans it.

[KorematsuFredt]

Happy to donate for the cause as well. Please do this.

[650REDHAIR]

I'll donate to this project.

[inglor_cz]

Donating money to a project in Iran may be legally hairy for Americans. Check the situation before doing so. I am all for helping worthwhile projects financially, but international politics is a mess.

[walrus01]

I've seen a case where somebody had their zelle or venmo account permanently removed for sending a small transfer to their friend with the description "for the cubans" - they were paying their buddy back for an order of sandwiches.

https://en.wikipedia.org/wiki/Cuban_sandwich

[FrameworkFred]

Paypal actually did this to me for hiring an indonesian kid to sketch a t-shirt design for $50.

Before I clicked send, I verified that Paypal said they'd send the money without charging a fee. He received it, minus the fee they claimed they wouldn't charge. So, I tried to send another $10 to cover the difference and I got torpedoed into some black hole of no return.

Now I can't use paypal to buy anything without submitting a bunch of documentation, which is super weird considering I don't have to send anything like that to use their competitors' services, so it's never going to happen.

I assume it's some sort of regulation they're attempting to follow, but haven't thought through, but who knows? It's definitely costing them money, but maybe not enough to justify improving the UX.

[djrogers]

That sounds more like urban legend than a true story. Neither Zelle nor Venmo (and it's a strike that you can't specify) have an obligation to cancel accounts based on comments.

If they did, half of the accounts in Venmo would be banned already - have you read the comments in the public feed? People know that feed exists, and use it to troll their friends all the time.

[short12]

I've never seen a bank or credit card company put in any effort regarding cuban cigars. A few of the best shops are clearly illegal just because of the name alone. But they all accept visa and Mastercard

You don't even need to bother with h dark web and cryptocurrency. It will just flat out show up on your bill without issue.

[evolve2k]

And then we wonder if crypto has a real market.

[roozbeh18]

ah, had a discussion with a friend about sending money with Iran in the comments. he said his poker buddies used to donate 10% of the winning for someone to help orphans in iran. in the paypal transfer he wrote "for the good work you do in iran". his account got banned and money never got returned. later his account was reinstated but money never was returned.

[davchana]

Isn't it that one can just unpack any extension? Unless it is doing something on server side too; all client side code is in extension itself?

[Bluestein]

Seconded.

[mrtksn]

That's actually... interesting. It's a well established tactic to go to another country and publish your stuff from there if you like to keep annoying a government or institution. You know, Snowden is in Russia, some Russian journalists are in EU countries. It happens all the time since ever.

What if someone creates a Telegram group where developers from hostile countries(like US&Iran, UK&Russia, Japan&China) pass each other projects that are not obviously illegal but not feasible due to risk of persecution?

In this case, If FB thinks it has a case can try its luck by sending Google a scary looking letter then proceed to compel Google to remove the extension by court order.

[JulianMorrison]

Do you want a Facebook own-brand drone army? Because this is how you get one.

[notatoad]

Meh, given current Facebook PR trends I give it about a week before we learn they've already got one.

[aaroninsf]

Delivery drone can deliver quite a range of things.

[JulianMorrison]

"Our new fleet of stand-off delivery drones and inertially guided gliding packages can accurately drop your purchase onto your front lawn from 31,000 feet"

[quickthrower2]

Free clay pigeon shooting? Sure!

[jessaustin]

So the MVP drones will do what twenty years of trillion-dollar brutality couldn't do? Wow you seem to have an even lower opinion of the effectiveness of USA military than I do... I suspect Taliban would laugh at this idea.

[JulianMorrison]

I mean #1 you missed the bit where I'm not being serious? But #2, the US military is just fine at blowing up specific named people in specific locations. It's trying to mould an entire nation with their own ideas and traditions into a carbon copy of America that they're not great at. Facebook, I think, would avoid this trap.

[jessaustin]

No they really are not any good at accomplishing any military objective. The Afghan War was originally pitched as "kill this specific person". Within a month of the start of hostilities, that person had relocated to a different nation. Somehow the war went on for another decade, before an ObL impersonator who had been held by ISI for years less than a mile from PMA Kakul was ceremonially executed as an elaborate reelection campaign event. Somehow, the war also went on for another decade after that.

Of course I know this is all a joke, but I enjoy taking jokes seriously. It seems that only nations who are carbon copies of USA in the very worst sense could harm their own citizens to enforce TOS of American firms. (For instance, no one would be surprised if Australia did this.) I suspect that even a very extensive drone force would fail to accomplish Facebook's goals in Afghanistan.

[int_19h]

https://www.maverickdrone.com/products/skynet-drone-defense-...

[Eikon]

And then, where to publish it? On a website based in an American jurisdiction? On some browser extension store?

Great idea.

[walrus01]

Individual civilian afghans are not embargoed by US law - it's not Iran. The Taliban are, of course, embargoed and listed in various things like the OFAC list.

Hundreds of thousands of ordinary Afghans have gmail accounts, many companies use google workspace or office365, etc. For example.

[notatoad]

I think the point was that having an Afghani publish the source wouldn't really accomplish anything because Facebook could just go after whatever service was used to publish it, instead of the person who published it.

An Afghani can access GitHub or the chrome extension store, but those are both run by American companies who will obey Facebook's takedown requests.

[walrus01]

At least that shifts the dangerous legal-financial burden onto google's lawyers, if they want to fight a takedown request to remove an extension from the extension store.

[colejohnson66]

I doubt Google would fight it and would just take it down no questions asked

[14]

What about torrenting? Why not offer is somewhere a bit more decentralized?

[throwawayboise]

Now you're into territory where yes, the extension is available, but nobody can find it and only the very technically astute will be able and willing to install it. FB achieves 99.9% of their goal.

[tbeseda]

Afghan* Afghani is the currency

[notatoad]

oh, TIL. thanks for the correction.

[AtlasBarfed]

Oh yeah, find someone that wants to be a target of a major US corporation in Afghanistan/third world.

You forget we have Guantanamo where people were "renditioned" with little or no legal basis either in the US or otherwise, and I believe there are people in Guantanamo that have no publicly provided evidence to be there?

All it takes is waiting for some politically opportune reason to enact a little dragnet and getting someone on some CIA list with little evidence, and BAM, You're in something like Guantanamo or even worse (client torture security services, assassination, etc).

Yes we withdrew forces, but we've been there a decade and likely have a large network of CIA contacts that would kill or injure a random Afghan civilian.

The US Government is a very very very very dangerous entity to anyone in the third world should you get on their radar. They are dangerous to US citizens with the Padilla case, antiterrorism law overreach, no fly lists, and a variety of other harassment techniques.

The state department and CIA are power extensions of the corporate elite in the United States. We have toppled regimes for oil... minerals... even bananas.

Russia would be far better.

[rpmisms]

I have family there, let me know if I can help.

[manquer]

Even better fund organizations like EFF to take cases like this and make sure there is legal precedent that gives a strong footing to all developers.

Hiding in other countries is a not sustainable solution, they are going to force extension stores to remove it etc payment gateway not to process you, pushing you as a dev to the fringes and silence others

The chilling effect is the real aim, they are effectively signaling that they can come after anyone who pisses their business model of.

[matheusmoreira]

Better yet: anonymous git hosting as a tor hidden service. Now there's nothing they can do but rage at all the "unauthorized" extensions giving users control over their little platform.

[lacker]

The cease and desist seemingly has no real legal basis

It seems pretty straightforward to me - the Facebook terms of service say that you won't make scripts that interact with the Facebook site except through approved APIs, the cease and desist is telling him that he is breaking this agreement. There's no lawsuit involved, Facebook will just enforce this themselves by banning the account and making the script not work. It's not a big deal, this probably happens hundreds of times a day for various bots that people make that manipulate Facebook in different ways.

[asdff]

I feel like websites shouldn't be able to just ban scripting. What if I have a disability and a custom script is the only way I can interface with fb?

[ethbr0]

Why do we need to appeal to the differently abled?

If I own a general purpose computer, and I purchase a connection to the internet, I'm entitled to interact however I desire* with an internet service, or the information it chooses to send me.

It is not entitled to have the information it sent to me displayed in a certain way, and it certainly isn't entitled to bitch when I choose to interact with it in a way different than its preferences.

If that's what it wants, then it's welcome to sell a sealed appliance that only interacts in allowed ways. And we'll see what choices people make.

* With the exception of actions that impact others, e.g. DoS, authentication bypass, malicious hacking

[NoSorryCannot]

If everyone is entitled to interact with the internet on their own terms, then why would that not include a service being entitled to act in a way that's adversarial to your desires?

[cybernautique]

In my opinion, it does! However, on my machines, I am the arbiter. Facebook cedes control to me the moment any of their content hits my browser.

[throwawayboise]

Except that when you signed up for a FB account you agreed to access the site on their terms, not yours.

And let's be honest, and I'm the last person to defend FB, but they are not likely to be going to be going after a lone user who has automated something for his own convenience with Selenium or whatever...

Once I decided I wanted to delete a lot of old email from a webmail account. There was no "select all" function so I wrote a one-liner in the javascript console of the browser. When that worked, I automated clicking the "delete" button, and then added a loop to do it over and over. This probably violated a TOS clause somehow, but nothing ever came of it.

[nickff]

Is this a moral/ethical, polemical, or a legal argument?

Why are you entitled to all these things? What gives you the right to demand that others act in accordance with your desires?

[drdeca]

I’m pretty sure it isn’t meant as a legal argument.

What entitles me to control of my computer? “My computer is mine, and you cannot have it.”.

That being said, I’m somewhat more open to the validity of restrictions for how to interact with the server.

If someone e.g. is running an MMO with e.g. in-game items with real money value, and someone else is like, distributing cheats to get these items immediately, it seems fair that the MMO owner should be able to make them stop (though, like, ideally their game would just be secure?)

But if users are permitted to interact with the server in a particular way, I see no reason to allow requiring that users actually touch their mouse and keyboard while doing things they are allowed to do using their mouse and keyboard.

[6510]

But since they do require that now indirectly I have an idea....

Lets have a law that requires all large services to expose all account settings though an API(?!)

Basically, 1) you [as usual] get to set up the terms of service that your users must stick to, 2) you get to pick what account options you want to offer to the user. i.e. do you want to receive email notifications yes/no, do you want to upload an avatar yes/no, what url/email/phone number do you want to display on your profile etc 3) You do not own these settings and shall provide an API for the user to change them.

You could extend the concept with things like allowing the download of a contact list with the contacts who have this enabled and the information they chose to share. Or say offer TOS updates though the API.

But the initial goal should be for browsers to offer a uniform settings page for all websites you have accounts for.

Remember that unsolicited email check box just above that for to the terms of service? If you use the site all the time you might want to opt in but who wants to dig though a website looking for it? Maybe in hind sight targeted advertisement is just what you wanted? Maybe a feed of updated settings would be useful.

Or maybe you just want to delete your accounts in a convenient way.

[qwytw]

Sounds like a factual argument, if facebook provides access through an open website that implements standard web api's the users can interact with it however they want/are able regardless if fb likes that or not.

[TeMPOraL]

> Why do we need to appeal to the differently abled?

Because it's the only avenue we have. Providing accessibility tends to require creating holes in otherwise user-hostile UX, and big companies can't give up on accessibility due to PR reasons - which makes it a perfect beachhead for people who just want a sane and respectful computing experience.

[ben_w]

> With the exception of actions that impact others, e.g. DoS, authentication bypass, malicious hacking

It is very easy to DoS by accident with software; and while I’m in favour of totally breaking the economic model of FB in this way, doing so definitely has an impact on others (specifically the Other which is FB itself).

[ethbr0]

True, but the only way to prevent that is by stripping users of autonomy.

And in a choice between user autonomy and service stability, I can't side with the latter over the former.

[AlecSchueler]

Because we share society with people who have various interaction difficulties and the larger community has for a long time accepted that we shouldn't deny access to daily goods and services for those people. It's like a mandate that a shop needs disabled access, it's totsllu reasonable

[amelius]

Except FB will just ignore your argument and detect and ban your automated service.

[feanaro]

Agreed, but people seem to often miss this point. There is nothing special in browsers that allows them to do something that "scripts" cannot do. They are both HTTP user agents.

[asdff]

I hate the whole song and dance too with how you have to fake your user agent and add human like delay to interactions whenever you make a useful script on the web these days. You aren't stopping malicious behavior since they know how to penetrate these systems trivially, you just make it harder for the average user who has to learn as they go how to rope around these issues and hope they don't get IP banned along the way for making a website slightly more useful to them.

[nickff]

If you have a disability, and you can't use the site, you're probably entitled to make an ADA claim against them.

[dghlsakjg]

If Facebook makes a change to intentionally make accessibility harder, then you can sue Facebook under the ADA if you are an American.

There is a whole category of law where they just go around suing businesses for not being accessible enough. Quite a lot of money in it.

[lacker]

Disabilities deserve special protection, but in practice companies seem pretty good about working with usability extensions. AFAICT almost all cases where companies don't support disabled users enough, it's unintentional. There's a little bit of extra work like providing alt image tags that companies neglect, or they don't think to test on color-blind users, that sort of thing, rather than banning usability extensions for violating the TOS.

[KerryJones]

I agree with you that they shouldn't be able to ban scripting... but they're only going to use it for things that they believe hurt the website. If there's a law that says "don't do it" they can sue the people they don't like and ignore the ones they don't care about.

[quantified]

Browsers only automate user interactions with the underlying HTTP APIs. What defines “scripting” here?

[salawat]

They can't ban the account. The account would be the downloader's and presumably, would auto-generate unfollow actions just as a user in a browser would manually. If they break the script, they'll probably break the unfollow UI for legitimate human user's and create evidence that they employ dark UI practices as a core part of their business strategy, which would be a P.R. nightmare.

Messing with this is a lose-lose for Facebook.

[lacker]

If they break the script, they'll probably break the unfollow UI for legitimate human users

Messing with this is a lose-lose for Facebook.

Nah, this sort of thing really happens all the time. Think hundreds of scripts like this automatically disabled each day. This one just flukily got some press attention. Large tech companies will have teams entirely dedicated to preventing scripts from doing things while keeping the site running as normal for regular users.

[Talanes]

https://slate.com/technology/2021/10/facebook-unfollow-every...

The actual timeline of events doesn't match what you think would happen. They banned him and then used the threat of a lawsuit to get him to take down the extension/code.

[newhotelowner]

If they could ban the account, they would have done it.

Extension is more like a automated tool. Don't need any permission from Facebook. User can install the tool, and click on a button to unfollow your friends.

Facebook could write TOS for his users not to run a script on their website.

I write scripts (userscripts) all the time. I have a script for Gmail that I use it all the time. Gmail doesn't know that.

[UglyToad]

Yeah this is the problem more generally with the legal system both in my home country of England but especially in the US. As one hn user put it so perfectly recently "the process is the punishment".

I think a lot of people in the software bubble don't realize what a huge sum even $100 is for the average person, the law only affords power and protection to the rich and already powerful.

[javajosh]

Tangentially, I wonder why both the words "cease" and "desist" are necessary. Aren't they synonyms? Perhaps it's just for emphasis?

[dlivingston]

“ A legal doublet is a standardized phrase used frequently in English legal language consisting of two or more words that are near synonyms, usually connected by "and", and in standard orders, such as "cease and desist".

The doubling—and sometimes even tripling—often originates in the transition from use of one language for legal purposes to another… To ensure understanding, the terms from both languages were used. This reflected the interactions between Germanic and Roman law following the decline of the Roman Empire.”

https://en.m.wikipedia.org/wiki/Legal_doublet

[lelandfe]

Thought this was also pretty great:

> Doublets may also have arisen or persisted because the solicitors and clerks who drew up conveyances and other documents were paid by the word

[svachalek]

That seems likely and probable.

[rzzzt]

Are solicitors and clerks also doublets?

[marcus0x62]

No, but if a lawyer can find a way to bill you for the services of both, they will.

[djrogers]

No, but conveyances and other documents was. ;-)

[abruzzi]

This is interesting. I've always worked off the assumption that while english legal documents look like english they are actuallysomething a little special. These words get tested in court cases and opinions are written about them and what them mean. So, in this case my assumption (possibly incorrect) had been that each of those words had specific legal meaning, and perhaps a venn diagram would show 95% overlap of the sets, by using both words they get 100% overlap.

(Its also why lay people shouldn't write their own contracts, because a lawyer with contract experience won't use words that haven't been tested.)

[hackcasual]

Driving without due care and attention

[dboreham]

To have and to hold.

[thinkloop]

Now we're only missing what the two languages are for "cease and desist"

[zinekeller]

Cease - Latin to cessare meaning "to yield", then Old French.

Desist - Latin to stare (sta-re, not homonym of stair) meaning "to stand", then (still) Latin to "sistere" meaning "to stop" plus prefix de, which in this context is "an order (from top, aka court) to down (aka to you)", then Old French.

Huh.

So this is basically court-enforced stop and yielding to the other party.

[citizenkeen]

My law professor told me it was a temporal phrasing: stop doing it (cease), and don't do it in the future (desist). Otherwise I could stop for one day, or in the age of the internet one minute, and then begin again: I would have ceased and resumed.

[fogof]

They are slightly different in meaning. Cease = Stop doing it. Desist = Don’t do it again.

[morsch]

It has an interesting history.

https://en.m.wikipedia.org/wiki/Legal_doublet

[celticninja]

Cease is more like stop doing something you were already doing, where is desist is More like don't even start it.

So perhaps they should be cease or desist.

[James-Livesey]

Perhaps, but then one _could_ say, "I'll pick 'cease', please! I'll get back to doing it again later"

[wavefunction]

Or "stop doing it and don't restart"

[JadeNB]

Even more ominous than a cease & desist is a cease & decease, which is how the article (presumably inadvertently) describes it.

[ineedasername]

Stop it & die!

It would be an appropriate way for Facebook to phrase their C&D considering the forms that cyber-bullying take on the platform

[smileysteve]

A much more related example of ignoring of ignoring a Cease and Desist is the one that Zuckerberg received from the Winklevoss twins as he and Eduardo were marketing The Facebook -- only it had some legal basis.

[panta]

> The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold out much longer than everyone else.

There is no certainty in the legal system, they could very well win even if they are in the wrong. More so when they can employ an army of lawyers and put economic pressure on the system.

[pixl97]

Would this be considered a SLAPP?

[cyral]

Not a lawyer but I believe that only applies to actual lawsuits. Anyone can send you a C&D and you can choose to ignore it. It will cost at least $300 to consult with a lawyer to even write a response. If the other party really believes they are right, they will sue you.

[bityard]

I can't find it now because google is garbage these days but years ago I once ran across forum thread or blog post from a small business owner who semi-regularly received random bogus patent infringement and other claims with offers to settle matter out of court for thousands of dollars.

He had a lawyer but after burning through a lot of money with carefully-written objections, he decided to just start ignoring them altogether. Which generally worked. These lawyers (and their clients) were just trolling for easy cash and never actually wanted to go to court because their claims were bogus and they would almost certainly lose.

Sometimes, however, the other party's law firm would call him on the phone to follow with their demands. He would let them yammer on for a few minutes, ask some innocent questions, and then finally interrupt them with something like this. "Here is what I have to say to your client's claim... you have a pen and paper ready? I need you to write this down. Okay, good. Here it is: 'Fuck you.' No wait, I'm not done yet. Just let me speak. I want you to also add, 'and go to hell" please. That is my official legal response. Have a nice day." And slammed the phone down.

Take the story with a grain of salt, but he said it worked 100% of the time.

[bmsleight_]

"I refer you to the reply given in Arkell and Pressdram".

https://prunescape.fandom.com/wiki/The_Reply_Given_in_Arkell...

[CamperBob2]

The Reply of the Zaporozhian Cossacks [1] comes to mind as an appropriate response to Facebook, as does the reply of the Cleveland Stadium Corporation [2].

1: https://en.wikipedia.org/wiki/Reply_of_the_Zaporozhian_Cossa...

2: https://www.snopes.com/fact-check/cleveland-browns-letters/

[xxpor]

C&Ds are also specifically protected speech under the first amendment, under the theory they're really a threat to petition the government.

[c2h5oh]

That would require a lawsuit IIRC, but it does have a some legal ramifications - I remember reading somewhere that C&D would make it easier for the recipient of it to sue.

It definitely doesn't help their image or any antitrust lawsuit FB might be facing.

[bathtub365]

It’s impossible to tell since there isn’t a lawsuit

[ransom1538]

"The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold"

Meh. Just show up. Don't hire lawyers. File motions all day to see more evidence.

[6510]

and in this case: bring journalists and popcorn

[blocked_again]

> My mom was building a shed on her property, some neighbors didn't like it so they had a lawyer send a cease and desist with no legal basis

> The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold out much longer than everyone else.

Convincing people that America is the land of the free, is the biggest trick the devil has ever pulled.

[colechristensen]

Nobody has ever been “free” but damn are we a whole lot more free than most humans in the history of civilization.

[int_19h]

Americans are so free that they have to pay $2,350 for the privilege of becoming non-Americans.

[XCSme]

> My mom was building a shed on her property, some neighbors didn't like it

Note that depending on the country, you might still need authorization to build any structure on your own property.

[TravisHusky]

Yeah; she had the permits. It was kinda funny from the outside because people kept complaining to the county and the county kept pushing back saying it was approved. That shed must've been inspected 3 separate times because of a couple of neighbors who didn't even live on the same street but I guess were just bored.

The neighborhood has an HOA but the HOA actually had no actual rules because they were not properly registering with the county when they made bylaws (where my mom is all HOA rules have to be submitted to the state, otherwise they are not enforceable). Gotta love HOAs.

[ethbr0]

I recently moved into a neighborhood with a stricter HOA, after avoiding them for most of my life.

My plan is to wait until February 2022, and build the ugliest golden Trump mailbox I can slap together. Then, when they ask me to take it down, request an appeal, and film the ensuing meeting. Then, send said video to Fox News et al. Then, run for HOA on a platform of abolishing the HOA.

... I really don't like neighbors telling me what I can and can't do.

[vegetablepotpie]

I can’t help but point out the irony of this post that building an idol of a politician is considered an act of defiance against authority.

[Nasrudith]

Well it is being used as a tool in the literal sense. Who it applies to of all parties mentioned above in the perojative sense will be left as an exercise to the reader (as it is a matter of opinion).