[xvector]

Having actually worked for Meta in both security and privacy capacities, I guarantee you that it's really not that conspiratorial.

No one wrote this article with the intention of "trapping privacy-minded tech enthusiasts."

I mean no offense, but this sort of thinking (that an engineering blog is attempting to attack you) is unhinged. There is not some grand conspiracy. Companies like this are not the shadowy, highly-competent and absolutely evil entities you think they are. They are barely functional to begin with.

[gretch]

Yup, also work in big tech and confirm this.

One really just has to think through the situation rationally, even assuming the most greediest of intentions:

> Clickbait to get every privacy-minded tech enthusiast on their site

Turns out the market of privacy-minded tech enthusiast is tiny and they hate clicking on ads. Trying to cajole this group into giving you money is pulling teeth.

Understood.

Let's deploy the same set of company resources and effort on the 99.99% other people in the market place, increase some efficiency by like 0.1% and make waaaayyyy more money.

[tgsovlerkhgsel]

Having worked elsewhere, this. Every part of it. Especially the "barely functional".

Different parts of the company working together is hard/rare enough. Them conspiring together... forget it.

[miken123]

“Never attribute to malice that which is adequately explained by stupidity.”

https://en.m.wikipedia.org/wiki/Hanlon%27s_razor

Also, I don’t think that the parent comment was being serious.

[Phemist]

I was indeed not very serious, neither is the comment I would write in response to this:

-- Ah yes, Hanlon's razor, one of the CIA's more successful PsyOps. --

But then I was shocked to learn that the Razor's namesake Robert J. Hanlon actually did work for the CIA and now I dont know what to think.

https://wydaily.com/obits/2019/04/09/robert-j-bob-hanlon-70-...

[rossjudson]

The ratio of "people who have opinions about what google/meta/etc might be doing" vs "people who have actually worked privacy/security in google/meta/etc" is abysmally low.

Most of what's said by people who actually known what they're talking about is drowned out by low-effort, conspiratorial, semi-intellectual laziness.

[xvector]

Yeah, this is the main reason I stopped using Reddit when I entered the industry.

Taking it a step further - I frankly don't think normal people are positioned to make any decisions or hold any opinions strongly about tech. They are so mislead by journalism it's not even funny.

My doctor friends feel similarly about medicine and how it's reported on (and the populace's common opinions on medicine.) The average person/voter is immensely mislead in basically every field they themselves are not an expert in.

[Terretta]

> I mean no offense, but this sort of thinking (that an engineering blog is attempting to attack you) is unhinged. There is not some grand conspiracy.

“You know, since we're trying to Z but don't have Y, we could probably use X to get Y…” said no inventive engineer ever.

No conspiracy needed. This happens.

[tgsovlerkhgsel]

X to get Y happens.

A tech company using a blog to get whatever imaginary consent from random anonymous privacy-aware individuals is so many levels of unhinged that it makes absolutely no sense whatsoever.

[Terretta]

The company wouldn't. Someone retroactively realizes they have the data, and then it does.

I'm certainly not saying it happened, or will happen, here. I'm saying it definitely happens.

This is why in regulated industries, there's an emphasis on "data minimization". Much like the principle of least privilege, but applied to whether you're letting your people or systems be exposed to it in the first place.

It's easy to follow a least privilege policy if there's an actual technical control not just agreement, and even easier if the control is "I never had it, didn't derive it, and made sure I couldn't if I wanted to".

If you aren't collecting it for any use, even inadvertently, you can't retcon it into availability for alternative uses.

[xvector]

> Someone retroactively realizes they have the data, and then it does.

This simply isn't within the realm of reason.

Engineers at Meta have far more impactful problems to solve than attempting to reverse engineer the browsing habits of the 12 privacy-sensitive tech enthusiasts reading their engineering blog.

From a ROI/time perspective, it is far in the negative for a single junior Meta engineer to spend even 10-20 minutes investigating this. It literally is not worth anyone's time.