[htrp]

This is different from LinkedIn v HiQ because HiQ was only scraping publicly available data that was generally accessible to the broader internet. In these two cases, the data is being scraped from FB/Insta using credentials that the client handed over or the mass creation of accounts solely for scraping purposes.

[Nextgrid]

> the mass creation of accounts solely for scraping purposes.

Those accounts wouldn't be allowed to view private data though unless they friend/follow the person first, so they'll only still be limited to data the account holders intend to be public and available to anyone.

There's also no evidence that the scraped data was aggregated at scale or commingled in any way, so even if customers provided their actual credentials which grant them access to private data of their friends, the scraper didn't share it with anyone else but them.

[squaresmile]

Yeah, I think this is more like the Cambridge Analytica situation.

[benwad]

Did FB ever take any legal action against Cambridge Analytica? I can't remember anything about it and this sounds very similar to that (although back in those days FB's tools made this incredibly easy).

[lesuorac]

No. FBs ToS at the time [1] allowed CA to do what they did.

Namely, CA didn't resell the data or give it to an ad agency.

[1]: https://web.archive.org/web/20180329131546/https://developer...

[Nextgrid]

I wish the Cambridge Analytica FUD would stop. CA's "attack" was to setup a malicious website that convinced idiots to give it access to their Facebook account using the standard oAuth2 flow.

Did they misuse the collected data? Sure. But people granted access to that data knowingly. This wasn't really an attack in my view.

Facebook wasn’t really complicit and definitely didn’t sell/give away any data.

[postalrat]

What would be your position the data being scraped is data the site is selectively providing google for indexing but don't provide publicly.