I always love that argument. Because it reminds me when I was 5 and my mom said "Just because everyone else does it doesn't make it right." If your argument is one that a 5 year old is making, you might need to reconsider.
This is a sign of immaturity of the field in my mind and how management forms and enforces low standards. Developers need to have some leverage to push back from these arguments. Just my 2 cents.
I think we have power. If you can't get people to build a product because they don't think it is ethical, then you can't build the product. That is the leverage developers have.
Of course, this works best in an economy where there are a surplus of jobs.
Swimming with Sharks by Joris Luyendijk (about the finance industry in London) argues that amoral actors develop and thrive in environments where they get a “bonus” for good performance but fear no “malus” if their choices backfire. Organizationally, you see banks with separate, impotent, internal risk and compliance departments, while their “front offices” get literal cash bonuses for successful short term gambles. No rational actor sees any benefit to fighting for change: there’s no lasting result but personal ruin.
Developers have the power to refuse bad actions, especially like you say in a job-rich environment. But unless software developers experience risk consequences for developing something bad, some number of them will not obey their conscience.
While I fully agree with you I think the key part is what you say at the end.
> some number of them will not obey their conscience.
Let's just hope that as time progresses that more will follow their conscience. I honestly think that as our other needs are being taken care of that people are able to act more on their own personal ethics. It is substantially easier to be ethical when you can put food on the table.
I’m still concerned, though... addition to basic security, some people will compromise ethics for status. In particular, an observation JL made in the book is that people staying in the finance industry despite reservations were often parents buying their kids a fancy education.
Abolish Harvard to fix Facebook? Less Eton, more ethics?
The depressing part is that there is actually somewhat of a point to that.
I despise Google, Facebook et al
and I develop a webpage in my freetime for a club that I'm in. I'll gladly work an extra hour, if it means I can avoid sending data to one of those asshat companies, but it's really not as easy as it sounds.
I for example used a template to base my webpage on and that template creator chose a font, as he should, but then instead of statically embedding the font file, the guy included it by linking to Google Fonts, meaning that all of my users' browsers sent their IP and that they are visiting my webpage (as part of the HTTP Referrer) off to Google.
I found out by looking at my page with NoScript and I suppose, you could find out by looking at the network requests, too, but neither are necessarily something that a hobby webdev is going to look at.
Another time, a module decided to load JQuery off of a Google server. And incidentally, that module was installed by the guy who maintained the webpage before me, so that's another point how "everyone doing it" does actually make it harder on you.
Then we wanted to embed a map. I happened to know of OpenStreetMap, but most webdevs probably don't, because everyone's using Google Maps everywhere.
For videos, I was convinced to embed YouTube-videos, because of networking effects and such, so then I wanted to at least try to make it privacy-friendly and, you know, comply with EU law, so I put up a picture, if you clicked on that picture, it would then load in the actual YouTube player.
I was hoping to find a module that did this automatically. I found one. Exactly one, that is. And it was kind of shitty at that. So, then I had to spend not just one extra hour, but probably rather five, to try to patch that module up into a semi-usable something.
Privacy badger only lists: Twitter, Facebook, and Linkedin as trackers. Though I see that it is using google APIs, but PB doesn't think it is tracking.
Though interestingly the DDG app says "3 trackers blocked" and only shows twitter being blocked.
Yes, you can. But if your message is that social media networks are "privacy villians" then you shouldn't have a Twitter or a link to it in the first place.
That's nice of you to set standards for everybody, but it's still possible to exercise identity separation. FB doesn't know what my Twitter account is any more than HN does.
Many of us, as software developers, are taught to solve general problems instead of specific instances whenever we can. That's what I see as wrong with 99% of the commentary about this recently. Sure, there might be a bug in Facebook. Maybe it's a serious bug, and it really needs to be fixed. But it's a bug that manifests in many other places too. It's even possible that Facebook is neither the first nor the worst. Facebook doesn't have "assistants" that listen to your every word like Google and Amazon and Apple do. It doesn't have all of your email, or your entire search history, or the very OS on a device you have with you all the time. But I digress.
The real point is that targeting any "fix" too narrowly toward Facebook, or Google, or any one party doesn't fix it for the others. It might even distract from or interfere with development of a more general solution. But that's exactly the path a lot of people seem to be going. By all means, criticize Facebook if you think they've done something wrong, but don't stop there. Make sure you understand the full scope of the problem, and the options for addressing it in a general way, and the benefits or drawbacks of each approach. Progress doesn't come from everyone saying "me too" on a bug report. It comes from people talking about and then implementing ideas to make the bug stop happening anywhere. I've seen precious little of that.
Ugh. I hate these sorts of arguments. "ha! you're outraged? Maybe you're not outraged enough! You do something? Do more, you're not doing enough!". If you tell people "if you stop wasting water you don't solve global warming!" it typically won't entice them to do more; most people will hear "I might as well waste the water, my efforts are meaningless anyway".
> But I digress.
Yes you do. Starting with all that makes the reader feel that "they're not even the worst offenders, Google/Apple/Amazon is probably worse". Which may be true but you present no proof for that and it's not even something that you needed to argue.
> By all means, criticize Facebook if you think they've done something wrong, but don't stop there. Make sure you understand the full scope of the problem
Or stop there if you wish - it's still something. It's certainly better than thinking "I don't have time to understand the full scope, so I'll let others do the criticism".
> I've seen precious little of that.
Well, lead the way. Show us how to do it. Help us understand the full scope of the problem and address it in a general way. Don't just chide people for criticising Facebook.
I don't think he is arguing for more or less outrage, he just wants it directed better. I'd argue that picking out one offender and focusing on them is in some ways worse then focusing on the entire issue.
Facebook being slapped with a massive fine/being broken up might not do a lot to stop the general trading and exchange of users data online, but its enough to get the politicians to say "job done" and move onto the next issue. We need to focus on fixing the issues that allowed the FB/CA scandal to occur, instead of just focusing on the symptom.
> Facebook being slapped with a massive fine/being broken up might not do a lot to stop the general trading and exchange of users data online,
Or it might; the other companies are watching, and precedents do matter.
I honestly don't see how bringing Google/Amazon/Apple into this won't do more harm than good. In fact, if I were Zuckerberg, that's exactly how I would try to mitigate the issue for Facebook.
This is a great example of the impact of the 'ruse of solvency.' A solution which appears to the public to solve a problem yet actually doesn't is oftentimes worse than no solution at all, since it will erode pressure and advocacy by convincing people that the problem is already solved. This is a tactic frequently employed by lobbyists and legislators to cool down a hot issue.
> It might even distract from or interfere with development of a more general solution. But that's exactly the path a lot of people seem to be going
Or it could set a precedent... It has to start somewhere. Maybe Amazon or Google is next.
Were you thinking in general about some legislation? Say something like GDPR?
> Progress doesn't come from everyone saying "me too" on a bug report. It comes from people talking about and then implementing ideas to make the bug stop happening anywhere. I've seen precious little of that.
That happens if there is a common platform everything runs on. Maybe a shared library. You just fix the security bug in it and every application relying on it will benefit (generally speaking). In a way legislation, taxation, treaties, open standards are somewhat like it. When those change it affects everyone. But that is kind of rare, so doing it one instance at a time is still making some progress.
> In a way legislation, taxation, treaties, open standards are somewhat like it. When those change it affects everyone
That's the key: it affects everyone. In constitutional law there's this concept called a bill of attainder, which is a law directed toward a specific person instead of an action. Many constitutions, including that of the US, forbid them. I think any solution to these problems will be as much legislative/regulatory as technical - GDPR is an early model for this - but it has to be about the behavior. Otherwise it's just politicians playing favorites. I've seen some of the replies mention precedent as though it's a good thing, but we hardly need another precedent for the government picking winners and losers.
In fact I don't know of any example that required a plurality of people to act, that wound up being anything but a unit fix and not a global fix for a problem.
More than likely someone will go down in flames, everyone will congratulate themselves on a job well done and then it will be business as usual for everyone else doing the same thing. Hell, I'd be surprised if Facebook even takes the hit for this one.
I have nothing against Amazon and I had been a happy customer, but when I ponder which company has the most valuable information about me, it's Amazon - by far.
When it comes to Facebook (or other social media companies) it's all about self-portrayal and in the end we have control which information we provide. To some degree at least.
Amazon on the other hand has direct unfiltered buying behaviour data. Isn't this advertiser heaven?
You're assuming that targeting people's finances is the best way to leverage the data collected. In Facebook's case, they are using it to literally assert influence over masses of people. When other groups get access to that same data, then they too can use that data to assert influence because that's literally what the platform has been developed into (not implying this was Facebook's intent all along).
I think these groups targeting your pocket book may have the most immediate effect on your person -- however -- I don't think it's the scariest or most malicious outcome.
Climate, activities, fashion, lifestyle, branding, etc... can all be determined from photos. Computers are getting better at this, just look at Amazon's fashion camera, the "Echo Look" that recommends clothing.
The stores and credit card processors sell the information to Amazon, Google, etc...
There was an article in Forbes or Bloomberg or something recently that stated that Google now gets something like 80% of all credit card transaction data, online or offline.
Unless you use one of the free options to block them, like uMatrix. It’s easy, it requires little or no effort. My bigger concern with FB is what they learn about me from people other than myself; I can’t control thst at all.
Why would Amazon want to give this data away? If somebody else can use the data better than amazon, they'll probably steal the sales from Amazon too, and amazon loses out.
Amazon has an eerily cultish dedication to customer privacy. The phrase "work vigorously to earn and keep customer trust" is practically line one of their principles[1].
Amazon appears to be under the belief that retaining customer trust is much more valuable than selling customer data for immediate gain.
I suspect it has to do with their unique financial setup that allows them to operate with a long-view, and not have to chase quarterly profit.
Bezos says, “If you make customers unhappy in the physical world, they might each tell six friends. If you make customers unhappy on the Internet, they can each tell 6,000.”
This information is certainly very important for advertisers. However, if you shop on websites with Google analytics, etc. Google will have the exact same information, combined with the rest of the information it's able to collect.
Databrokers enable this - take a look at something like Acxiom's developer APIs.[1] You'll find that they have some quite interesting stuff, like whether someone's interested in gambling.[2] Facebook partners with these folks (as do many others) to enable them to build this aggregated database.
Interestingly, you can log in and see your own profile there. I did that a few years ago, and introduced subtle errors into it (e.g. I changed my car to a different brand of car, and the "extended warranty services" robocalls around a year later started calling about my nonexistent vehicle).
Spotify reserves the right to sell your details/listening habits when their terms of use changed... (ie genres of music you like, the types of musicians etc)
Is this facebook data being funneled back to the record labels and their parent companies to sell advertising? my research says its likely, this feels similar to the CA situation, just not as political..?
If you use Facebook to login to Spotify then that information is definitely available. The information doesn't even need to be sold to the record labels. If the labels then use Facebook ads, the targeting can be as specific as someone who likes a particular band or song.
The fact that people use Facebook to login to EVERYTHING, means that Facebook has access to their usage data.
No, that's not true. If Spotify sells the data without anonymizing it, then it could tracked back to Facebook, but otherwise OAuth only provides them with your email and Facebook ID: listening data doesn't flow anywhere automatically.
A different thing is Facebook gadgets on random websites while you are logged in into Facebook.
Yes i think is correct, so the data could be sold by either Facebook, spotify (or both) to 3rd parties.
(Direct quotes from their privacy policy below)
"Consistent with the permissions you give us to collect the information, we may use the information we collect, including your personal information:
1. to provide, personalise, and improve your experience with the Service and products, services, and advertising (including for third party products and services) made available on or outside the Service (including on other sites that you visit), for example by providing customised, personalised, or localised content, recommendations, features, and advertising on or outside of the Service;"
....
And here are some of the parts about data collection:
"We may also collect other information available on or through your Third Party Application account, including, for example, your name, profile picture, country, hometown, email address, date of birth, gender, friends’ names and profile pictures, and networks.
You may also choose to voluntarily add other information to your profile, such as your mobile phone number and mobile service provider.
...
"When you use or interact with the Service, we may use a variety of technologies that collect information about how the Service is accessed and used. This information may include:
information about your type of subscription and your interactions with the Service, such as interactions with songs, playlists, other audiovisual content, other Spotify users, Third Party Applications, and advertising, products, and services which are offered, linked to, or made available on or through the Service;
The details of the queries you make and the date and time of your request;
User Content (as defined in the Terms and Conditions of Use) you post to the Service including messages you send and/or receive via the Service;
technical data, which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Spotify Service, unique device ID, device attributes, network connection type (e.g., WiFi, 3G, LTE) and provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and Spotify application version.
motion-generated or orientation-generated mobile sensor data (e.g., accelerometer or gyroscope).
You may integrate your Spotify account with Third Party Applications. If you do, we may receive similar information related to your interactions with the Service on the Third Party Application, as well as information about your publicly available activity on the Third Party Application. This includes, for example, your “Like”s and posts on Facebook. We may use cookies and other technologies to collect this information; you can learn more about such use in the section Information about cookies and other technologies of this Privacy Policy."
Wow, I didn't know this about Spotify! Too bad there's no opt-out. I actually like the social aspect of Spotify (seeing what my friends listen to often introduces me to new bands) but it's a shame I can't limit the selling of that data. Hell, I'd even pay for the right to keep my data to myself!
some quick searching says that spotify pays the record companies monthly, around 50-70% of revenue for the music licensing.
however there seems to be a serious distinction between free subscriptions and paid.
Because free users are getting music for free, this seems to be where the Spotify Group may be packaging up and selling data to music companies or elsewhere to pay for hosting, salaries etc.
I guess the opt out is to disconnect your facebook from spotify;
Or, create a new separate spoitify account. But, because your billing/email settings would be the same.. it's would be easy to join/coalesce the account data in the backend.
While I would love to see greater privacy awareness and consideration from all entities I use, the fact is that there are certain web properties that I find indispensable and without a privacy considered alternative.
Facebook I can live without, likely even happier than with it. I also think that the social contract of "sell me as a product in exchange for enabling my social communication" is not the correct paradigm, and once there's a user friendly alternative similar to secure scuttlebutt (i.e. Mozilla level friendly), that best represents the proper social contract (I'll provide hardware resources to enable my social communication).
A problem in this argument is that "enabling my social communication" is extremely vague and possibly negative reward compared to cost. In some sense people have been tricked into believing that "enabling my social communication" in the Facebook way is beneficial, while it might not be.
Seriously, writing off any attempt at discussing or fixing the problem because "it's a pipe dream"/"network effect"/etc will ensure that you do end up going nowhere.
It's not news that Facebook is gathering and storing TONS of information about its users (and even non-users). Google, Amazon, Apple, Microsoft are all guilty of the same thing.
I thought Apple was pretty good about respecting user privacy. If you opt out of sharing analytics with Apple, what information to they still gather and store?
When you create an Apple ID, apply for commercial credit, purchase a product, download a software update, register for a class at an Apple Retail Store, contact us or participate in an online survey, we may collect a variety of information, including your name, mailing address, phone number, email address, contact preferences, and credit card information.
When you share your content with family and friends using Apple products, send gift certificates and products, or invite others to participate in Apple services or forums, Apple may collect the information you provide about those people such as name, mailing address, email address, and phone number. Apple will use such information to fulfill your requests, provide the relevant product or service, or for anti-fraud purposes.
In certain jurisdictions, we may ask for a government issued ID in limited circumstances including when setting up a wireless account and activating your device, for the purpose of extending commercial credit, managing reservations, or as required by law.
It all seems perfectly reasonable. If you buy something, they need your credit card info, etc...
The problem is that most companies sell that information on to other parties. I've read on the interwebs that Apple doesn't, but I'd feel better if I could see it in a web page or something more concrete.
What is the actual difference between Google/Facebook and "third parties"? Google actively uses information it gets about me in ways I don't approve of, and generally can't opt out of without stopping use of the services entirely.
Sure, Cambridge Analytica was using the data to influence an election, but Google is not shy about it's own social activism, and it's efforts to manipulate users into seeing it's view of the world.
Google's only protective of our data for selfish reasons: If you sell our data outright, the third party doesn't have need of you anymore, but if Google maintains a tight hold on the data, Google can continually sell the ability to make use of it (through Google's advertising services and the like) over, and over, and over.
Google keeps a tight hold on the data, whereas Facebook had APIs that allowed FB-apps to crawl segments of the FB graph. By doing that thousands of times, apps could export a large part of the data, and FB lost control over how the data could be used. By contrast, Google retains control.
I understand your point that we as end-users don't have any control over the way the data is used in either case. But I do think there is a material difference between the two scenarios.
I just don't see why "Google retaining control" is a positive, when Google is as hostile an actor as Cambridge Analytica. If companies are going to use data to sway public opinion and tailor advertising, how much does it really matter which company is doing it?
What makes Cambridge Analytica worse than Google, specifically? Is the distinction you can draw between the two objective, or subjective to your personal view (or political party)?
(From what I've found, most people upset with "all political parties are the same" are people who belong to one, and are upset that they get grouped in with people who do the exact same things they do. Not "all political parties" are the same, but the two of them I deal with as a US citizen definitely are.)
I would argue both Google and many other data collection based companies do this as well. Data is collected under the auspices of being able to "provide you with better services", even though the actual purpose is to target ads to you more accurately. (They may have better legal disclaimers and statements of how data will be used stuffed in their EULAs nobody reads, but I don't feel that's much less deceptive in reality.)
Retaining control is a positive because it allows you to change your mind and change what's being done with the data--or for that matter for legislation to limit wat you may do with the data.
Once the data is out of your control, there is no longer any way to control what is done with it. Don't think that Cambridge Analytics are the only ones who did this and who have this data. Shutting down CA won't stop the exported FB data from being put to all sorts of uses.
Isn't part of the complaint that Cambridge Analytica was instructed to delete the data by Facebook, and claimed they did, but in fact, that they did not?
What is to say Facebook itself or Google can't operate in the same way?
I'm personally more concerned with the sheer volume of information that Google/Facebook/whoever collects about me. The Cambridge Analytica scandal shouldn't have surprised anyone that is remotely concerned with privacy. If the data is collected and stored, it's creates vulnerabilities to be hacked/leaked.
In which way have Google, Amazon, or Apple had any known breaches like this or even FB back in 2008 having API security "leaks" where everyone could pull down the entire graph?
Facebook is a pioneer in letting others dip into their vast treasure trove with doe-eyed innocence and many apologies.
The parent said "gathering and storing". While facebook is a lot more loose about who they give that data to it's still worth taking a long hard look at what data you want these companies to have, and consider how they are using it today and what they might be using it for or who they might expose it to tomorrow.
Completely by the by but is the scrolling on this page screwed up for anyone else? Seems to have a weird slow non-native scrolling method for me. I'm running Firefox on Android
It all comes down to profits. The media companies need the data. And I would argue that most people aren't sharing information directly with publishers on the internet, it all goes through Facebook and Google (the companies they are criticizing).
This equivalence is false. Facebook’s business is selling access to your private data to third parties. Google’s business is not that. They are not the same.
Google's business is tracking me despite me not wanting to be tracked. It doesn't matter what they do with that data, I don't want them to have it.
There are differences, but they aren't worth worrying about. You are still vulnerable to being abused by Google's data about you as well as Facebook's data.
Yes, what’s annoying is that if you are using Gmail, you are automatically logged in on all other Google services, including Maps, YouTube etc. When I’m searching a doctor’s address or watching a stupid video on YouTube (most of the time embedded in some other webpage), I don’t always want it to be added to my history. https://myactivity.google.com
Now I’m using Firefox Multi-Account Containers to separate Gmail from the rest. And I am considering switching entirely to ProtonMail.
Well I disagree with the second part of your argument. You are MUCH more likely to be abused by Facebook’s “partners”. If you are not logged on to Google they don’t construct a personally-identifying profile of you. They may have some log somewhere that says “this IP address read 15 reviews of light truck tires” but they don’t have the capability to just sell in a printed and bound format the personal data of CaptSpify. Whereas if Facebook had that data I could just phone them up and buy it, no questions or restrictions. I think that difference is large enough to note.
> If you are not logged on to Google they don’t construct a personally-identifying profile of you.
Have they guaranteed this in writing somewhere, or is this just something that you're saying? It's harder to put together a profile that's not personally identifying than one that is; what if I ever used google maps to find directions from my house?
I think this says more about you than about Google. By stating what they retain they've set themselves up for legal action by their users, if they deviant from those statements. If that's not good enough for you nothing would be.
Yeah, just like FB would never abuse the trust people put into them, or Microsoft has way too much incentive to lie to their users, so they would never do that either. /sarcasm
I could list a thousand companies who say one thing, and do another. I find it extremely naive to believe them at face value.
Probably because, and not to get too political but, the perceived slight from those two was helping Trump. Though, I don't think there is much data that supports the notion that data analytics helped Trump more than Hillary. I think the argument that Hillary's ground game was horrendous holds up more under scrutiny.
Perhaps the government should protect us more actively. It could hand us fake-ids we can use when dealing with these companies. And it could give us fake home addresses, etc. Like a witness protection program, but for everybody. And it could provide an API for sending (e)mail to real users, using their fake info. And it could set up a VPN service for everybody to mask IP addresses.
The internet has been a "wild west" for its entire existence. While this allowed it to grow and improve freely, it also brought about bigger issues. Government intervention could work, but the government getting involved in tech usually sucks.
Yes, the other companies are probably just as bad, but one at a time, please. It is very hard to keep the attention of the man on the street, we should not split it across multiple companies.
Only focusing on Facebook's scandal shifts attention away from the real issue, which is tracking on the internet in general. Most people aren't aware of the extent to which they are sharing information.
Focusing on Facebook gives the benefit of focus. Techies have been warning people for years about tracking on the internet, but “tracking on the internet” is a vague premisse.
It’s by bringing the actions of popular bad actors to light that we’ll raise awareness to the rest. People need something tangible that they see is affecting them, and Facebook’s scandal is just that.
> It’s by bringing the actions of popular bad actors to light that we’ll raise awareness to the rest.
What usually happens is that the one "bad actor" gets turned into a "bad apple," convincingly repents, is renamed, or is dismantles, other companies have a quiet period during the media frenzy to avoid being the next focus, then continue with impunity.
If focusing on facebook brings legislative changes, then good. If focusing on facebook just punishes facebook, who cares?
> If focusing on facebook just punishes facebook, who cares?
Everyone. Punishing one single bad actor (and one of the biggest, at that) is indisputably better than punishing zero. By having one answer by the consequences of their actions, the others see the same can happen to them.
The math is simple. A bunch of little people against multiple tech giants. There’s no way the people have a chance to deal with all the giants at once. One at a time, maybe.
Focusing on Facebook exclusively (for now) will give the public a real, indisputable, concrete example on why data mining is terrifying. If you start babbling on how "everyone's doing it" then you take away much of the importance and seriousness of the topic. People start going "you didn't know that? Of course they do" and "yeah, what can you do about it, right?" and just shrug the issue away.
But with the specifics of Facebook and CA, you know that something can be done, and that not everyone has been doing it the same way and at the same magnitude.
Even if it's just Facebook, it's a step forward. You can't expect to take down all internet giants at once.
The problem is when you lose all technical details and are just left with who you think is good and who is evil.
We should be asking, how do other companies share their data? How much info does someone publishing to each app store get? What do third-party vendors on Amazon get? What do advertisers get?
Also, how much did direct marketers already know before the Internet came along?
Steve Jobs actually envisioned building an ads product where the ads were actually beautiful and enhanced the user experience, in his final years. That was the idea behind iAd. I occasionally get these types of ads from youtube where I'm actually glad they showed it to me. No other ad product has ever met this bar for me including fb so that's why I think they deserve the market's current skepticism, that and allegedly selling political ads at different CPMs to different parties (this is not legal in other types of media).
The price gouging is a whole other issue...which is a by-product of the availability of this data.
If Facebook/Google are really gathering our data to enhance advertising, it isn't helping the end user. Although it could, if they shifted their focus from ad revenue to user experience (not gonna happen).
- Facebook
- LinkedIn
- Twitter
- Google