The New York Times claimed that Facebook was sharing private data with Huawei, "a telecommunications equipment company that has been flagged by American intelligence officials as a national security threat", when in actual fact the data was shared with the friends those people had chosen to share the data with, via the smartphones in those friends' pockets.
Though I actually meant to link to the previous article in the series, which sets out the New York Times' astounding spin more clearly - this is the one where they claim that it was somehow an attack on user privacy to not make the setting which stopped companies like Cambridge Analytica getting all your data also force all your friends to install the official Facebook app to interact with you: https://www.nytimes.com/interactive/2018/06/03/technology/fa...
Like, in one part of the article they literally had network logs of their reporter's Blackberry device, after he logged into Facebook on it, pulling down information from Facebook which he was authorised to access directly to that device - and they presented this as though it was proof that Facebook were being incredibly dishonest in not treating it as though they were giving Blackberry, a third party, access to all that incredibly sensitive personal data. They took advantage of the fact that most people are too technically clueless to understand that Blackberry in actual fact didn't have that data in any way, shape or form, that it never left the pocket of the person who was granted access to it and they knew it.
> that it never left the pocket of the person who was granted access to it and they knew it.
How do they (you) know that? How hard would it be for Huawei or Blackberry to exfiltrate that data?
What that and other incidents show is that Facebook had a widespread pattern of sharing data and trying to control the reach of that data through contracts and legal power rather than actually controlling it. This strategy makes leaks inevitable.
While it was likely easier to exfiltrate data this way, you can rest assured that if they want to exfiltrate it, as the producers of the hardware and the firmware, they can easily do it.
They control the kernel. They can read it from the screen, from the app memory, from the TCP stream with a minor patch to the TLS code. Seriously, the "how do you know" rabbit hole has to start from first principle.
You don't know. And the special API made is easier if it did happen. But it was not an enabler or anything - if they wanted to, they did it without, before, or with Facebook's help.
Though I actually meant to link to the previous article in the series, which sets out the New York Times' astounding spin more clearly - this is the one where they claim that it was somehow an attack on user privacy to not make the setting which stopped companies like Cambridge Analytica getting all your data also force all your friends to install the official Facebook app to interact with you: https://www.nytimes.com/interactive/2018/06/03/technology/fa...
Like, in one part of the article they literally had network logs of their reporter's Blackberry device, after he logged into Facebook on it, pulling down information from Facebook which he was authorised to access directly to that device - and they presented this as though it was proof that Facebook were being incredibly dishonest in not treating it as though they were giving Blackberry, a third party, access to all that incredibly sensitive personal data. They took advantage of the fact that most people are too technically clueless to understand that Blackberry in actual fact didn't have that data in any way, shape or form, that it never left the pocket of the person who was granted access to it and they knew it.