| For important context on my post here, please read tsunamihippo's post first: https://news.ycombinator.com/item?id=39859319. This story seems very overblown. Are we arguing that Facebook should not ever allow any third party app to ask permission to read the user's Facebook DMs? There are valid use cases for this permission, and every case where an app asks for it is not a "privacy violation". Sure, did Netflix or Spotify actually need the ability to read back DMs instead of just write them so that they could send recommendations? No, they shouldn't have needed that. If Facebook's API required that they have read access just to send a message, then that's crap design. But is it nefarious? No. As long as the user is appropriately briefed on what they are granting (and it appears that they were), and as long as Facebook addresses over-scoped permissions requested by third party apps in a timely manner, then this should not be an issue. I for one believe that we need to mandate that FAANG companies have these sorts of permission-driven systems to avoid the vendor lock in we're all too commonly stuck with today. Because these things are needed for competition to thrive and to avoid the big companies from creating moats that prevent us, the startups out there, trying to dethrone them, its all the more important that these companies invest in better UIs that help a user understand the implications of what they are doing, and better review processes to stop bad actors from exploiting users' ignorance on an ongoing basis. I despise Meta, but come on. Don't throw the baby (interoperability) out with the bathwater (interoperability can enable exploitation). |