Not sure why people are so hung up on the "breach" vs "not a breach" debate. The issue is this: taking a random personality quiz online is old news. We've been doing these since the 90s. The problem is that when you log in with FB, your real name, and all of your metadata is attached to that quiz.
It's not just "IP 12.342.32.1 is chaotic neutral" but "'Bob Smith, with a degree in X from Y, that likes A, B, and C and is newlywed' is chaotic neutral." The issue isn't really the quiz (and it's not even CA tbh), it's Facebook giving out real names, real pictures, etc. every time you "Log in with Facebook" on any random website or app.
If it was just this, I would be okay with it. It was also saying "and here is a list of all of Bob Smith's friends, and their info".
I have my Facebook profile set to 'friends', and perhaps its obvious now, but I guess I didn't realize an app installed by my great aunt now has all my information. I happily gave her access to see my profile, kids pictures, etc. But do I want every single thing she connects to to see any data I allow her to see?
Getting the discussion to "breach/not breach" is taking the discussion away from the actual point. Facebook is a cancer for privacy. The affiliates of Facebook are a cancer for privacy. Privacy is a human right. Facebook is cancer (imho).
That said, I believe FB would LOVE if we change the topic from PRIVACY to "anything-except-privacy".
And yes. Any/all dictators (of any shape or form) are trying to silence the media/journalists. Why would FB practice a different method?
This way they want to make sure that the next whistleblower won't have an outlet.
But this is how these sorts of OAuth schemes have always worked. It's always been explicit, too. You grant these apps access to this information. What exactly is the issue here? That this time it was used in a way people don't like? There's a reasonable debate to be had about how to deal with all this data, but to blame Facebook as if they made some error or leaked some data in an unauthorized way, or did anything that we didn't all know was possible this whole time is just totally disingenuous on the part of journalists and regulators.
Additionally, I think the public is now realizing how powerful the friend/follow metadata graph is. It's pretty easy/robust to infer traits about people for whom you don't have explicit information. Alan, Betty, and Charlotte filled out the quiz and all live in Florida; Dave has mutual friendships with Alan, Betty, and Charlotte; Dave probably lives in Florida. You can do this recursively and don't need to have concrete information about the majority of members in a graph in order to make pretty strong probablistic inferences about the traits of a large graph.
I believe it’s a legal point: In case of a breach, Facebook would have been required to disclose it to the affected users. They are pushing hard against the term because it might end up determining their liability.
This thread seems to think the technical implementation is at fault.
I'd offer an alternative: the fact that we're stuck "sharing" via centrally managed platforms is the real issue.
I don't care about Facebook auth mechanism. Regardless of how it shares data, FB still HAS all the data, and can find a different way to share that with whatever party they want.
There's no leverage in the information economy outside "Use the one or maybe 2 ISPs you have, and these handful of "top" providers online."
It's like having a meat space economy be controlled by a top-down authority, and you can only trade along it's finan... distribution network.
Oh wow, what a shock. We remade cyberspace society to be just as centrally controlled as meatspace society. While meatspace became more constrained in an authoritarian way yet again in human history.
Human society exists in a strange loop of "build walls that are used to oppress me."
Is there anyone in advertising who wouldn't want this? I honestly don't see why this is a problem. Many people don't care about what gets shared but do care about the benefits it brings to their user experience.
Sincere question: this article in the last paragraph says "Facebook threatening defamation against the Guardian for calling this a data breach is ludicrous and Facebook should be ashamed and apologize"
-- does this conclusion hinge on the fact that Facebook should have realized earlier that the app is harvesting data? If the creator of the app said that he is doing it for academic purposes only then how should have Facebook known? Not trying to defend Facebook, but calling this a breach is at least a little bit gray area, no?
A breach is unauthorized access, possession, or use of data. Cambridge Analytica was not allowed to retain this data, or to use it for commercial purposes. Therefore it’s a data breach.
Consider an alternative scenario: a Facebook employee has access to data to perform his job. He makes a copy, takes it with him, and uses it in his new startup. Breach? It’s exactly the same as above, only the employee was an external partner in reality.
If it's a "little bit gray", then you probably shouldn't sue for defamation about it.
The "breach"/"something-else-that's-not-a-breach" debate from what I've seen doesn't hinge on Facebook knowing or not, it's about if all loss of data can be called a breach or if the term should be reserved for cases where the perpetrator did aquire the data without Facebook knowing.
How would that not be a breach? Their system allowed a malicious entity acting in bad faith to gain large amounts of data under false pretenses. If they got the data by pretending to be an employee and social engineering their way into the data that way facebook would 100% call that a breach. Is this that different?
This is a really weak-sauce dictatorship, come on! In a real autocracy, Facebook would simply suspend all involved journalists' and editors' Facebook accounts for 6 hours with a message that Big Brother is watching and the suspensions will be formalized if they don't drop their story.
Any editors or journalists that don't cooperate should have their Facebook, Whatsapp, or any other service suspended. (If any other service starts gaining network effects, Facebook can just buy it when it has < 100k users - this is how a monopoly works under network effect)
Anyway Mark Zuckerberg, my message to you is if you want to be remembered as one of the worst autocrats who ever lived, you are really going to have to step up the retaliation. Maybe introduce targeted executions of journalists?
This is fun to watch. The most evil company I can think of is being exposed for its core purpose. Are people going to realize what a monster Facebook is?
No, Americans will continue to give zero fucks. A few more people will be outraged, but business as usual will continue. Maybe Facebook will claim they "fixed" the problem that created this "breach" (as it's being called), but nothing will change
When millions of Americans get their news from Facebook, it's doubtful that many current users will find out what is happening. It is certainly similar to the Fox News effect.
You left out "espouse noble ideals" - "connecting people" or "making America great again." It's behind these public "facades" that the litigating into submission and threatening into silence is done.
I wonder how the UK goverment will react to this, aswell as the EU, considering they tend to value privacy in a different light then the american court system.
There needs to be serious discussion in society and the legal community, about the deliberate "weaponization" of legal actions. Where the purpose is not to pursue a legitimate and balanced complaint, but rather to cow another party into compliance/cooperation by threat to destroy them through legal actions rather than the outcome of a legal process.
The threat of forcing the other person to spend themselves into bankruptcy, for example.
Standards need to be defined and enforced, where such activity is grounds for punishment up to and including disbarment.
To the extent such already exists, it is clearly proving insufficient.
Law should be about justice, first. Not just another field of unfettered warfare.
Also, to that end, sealed records and confidentiality should be more severely constrained. The judicial system is a public system; everyone should be able to see what you're up to in it, for better and for worse.
Protecting clearly threatened victims, sure. Defined legitimate, critical secrets, for defined limited periods of time, ok (real national security, trade secrets). Beyond that, not so much. Not at all, maybe.
The NYTimes article you link to doesn't contain the word "threat". This piece appears to contain a new bit of information about the ethically challenged behavior of FB and CA. It deserves a separate conversation.
One thing I don't understand, at one hand you are supposed to keep digital data for X amount of years ( I think 7), and on the other hand the company cannot make use of it, why would it be sitting on servers, might as well make use of it.
so, this is effectively two solid admissions of guilt, in hand. why bother suing journalists if there isn't a truth that you don't want to get out?
needless to say the idea that they want to suppress journalists is egregiously illiberal and warrants our unanimous excoriation of these businesses.
zuck's silence (terror? or destroying more evidence, as they have already done?) is very telling. if we organize, the bell will toll for facebook. it is long overdue.
as a bonus, zuck's presidential run is ruined, hopefully.
Downvote the above hard to confront your withrdawal symptoms then make your posts with your contact details announcing you are going to leave facebook, a few reminders then do it.
Life is better without them. They really haven't got you, you can break free just by deciding to do it.
This will blow over, Facebook is far too entrenched and without serious competition. Some people will use Facebook less and replace it with Whatsapp and Instagram, but Zuckerberg has that base covered
[+] [-] dvt|8 years ago|reply
It's not just "IP 12.342.32.1 is chaotic neutral" but "'Bob Smith, with a degree in X from Y, that likes A, B, and C and is newlywed' is chaotic neutral." The issue isn't really the quiz (and it's not even CA tbh), it's Facebook giving out real names, real pictures, etc. every time you "Log in with Facebook" on any random website or app.
[+] [-] briffle|8 years ago|reply
I have my Facebook profile set to 'friends', and perhaps its obvious now, but I guess I didn't realize an app installed by my great aunt now has all my information. I happily gave her access to see my profile, kids pictures, etc. But do I want every single thing she connects to to see any data I allow her to see?
[+] [-] HenryBemis|8 years ago|reply
That said, I believe FB would LOVE if we change the topic from PRIVACY to "anything-except-privacy".
And yes. Any/all dictators (of any shape or form) are trying to silence the media/journalists. Why would FB practice a different method?
This way they want to make sure that the next whistleblower won't have an outlet.
[+] [-] darawk|8 years ago|reply
[+] [-] akjetma|8 years ago|reply
[+] [-] IAmEveryone|8 years ago|reply
[+] [-] vha32oiwe|8 years ago|reply
I'd offer an alternative: the fact that we're stuck "sharing" via centrally managed platforms is the real issue.
I don't care about Facebook auth mechanism. Regardless of how it shares data, FB still HAS all the data, and can find a different way to share that with whatever party they want.
There's no leverage in the information economy outside "Use the one or maybe 2 ISPs you have, and these handful of "top" providers online."
It's like having a meat space economy be controlled by a top-down authority, and you can only trade along it's finan... distribution network.
Oh wow, what a shock. We remade cyberspace society to be just as centrally controlled as meatspace society. While meatspace became more constrained in an authoritarian way yet again in human history.
Human society exists in a strange loop of "build walls that are used to oppress me."
[+] [-] equalunique|8 years ago|reply
[+] [-] feelin_googley|8 years ago|reply
Wild guess (probably incorrect):
http://web.archive.org/web/20170205180142/https://www.foley....
[+] [-] kreetx|8 years ago|reply
-- does this conclusion hinge on the fact that Facebook should have realized earlier that the app is harvesting data? If the creator of the app said that he is doing it for academic purposes only then how should have Facebook known? Not trying to defend Facebook, but calling this a breach is at least a little bit gray area, no?
EDIT: concise wording
[+] [-] IAmEveryone|8 years ago|reply
Consider an alternative scenario: a Facebook employee has access to data to perform his job. He makes a copy, takes it with him, and uses it in his new startup. Breach? It’s exactly the same as above, only the employee was an external partner in reality.
[+] [-] detaro|8 years ago|reply
The "breach"/"something-else-that's-not-a-breach" debate from what I've seen doesn't hinge on Facebook knowing or not, it's about if all loss of data can be called a breach or if the term should be reserved for cases where the perpetrator did aquire the data without Facebook knowing.
[+] [-] DCF|8 years ago|reply
[+] [-] logicallee|8 years ago|reply
Any editors or journalists that don't cooperate should have their Facebook, Whatsapp, or any other service suspended. (If any other service starts gaining network effects, Facebook can just buy it when it has < 100k users - this is how a monopoly works under network effect)
Anyway Mark Zuckerberg, my message to you is if you want to be remembered as one of the worst autocrats who ever lived, you are really going to have to step up the retaliation. Maybe introduce targeted executions of journalists?
Just some thoughts.
[+] [-] jstalin|8 years ago|reply
[+] [-] f2n|8 years ago|reply
[+] [-] curun1r|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] TAForObvReasons|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] paulcole|8 years ago|reply
• Nestle
• Every cigarette maker
• Gun companies
• Mosanto
• Pharma companies who charge astronomical prices
• Private prison companies
[+] [-] matt_s|8 years ago|reply
Threaten lawsuits, fire/demote people that don't agree with you, etc.
[+] [-] bogomipz|8 years ago|reply
[+] [-] SSLy|8 years ago|reply
[+] [-] kazen44|8 years ago|reply
[+] [-] pasbesoin|8 years ago|reply
The threat of forcing the other person to spend themselves into bankruptcy, for example.
Standards need to be defined and enforced, where such activity is grounds for punishment up to and including disbarment.
To the extent such already exists, it is clearly proving insufficient.
Law should be about justice, first. Not just another field of unfettered warfare.
Also, to that end, sealed records and confidentiality should be more severely constrained. The judicial system is a public system; everyone should be able to see what you're up to in it, for better and for worse.
Protecting clearly threatened victims, sure. Defined legitimate, critical secrets, for defined limited periods of time, ok (real national security, trade secrets). Beyond that, not so much. Not at all, maybe.
[+] [-] sol_remmy|8 years ago|reply
[+] [-] pacala|8 years ago|reply
[+] [-] mithoon|8 years ago|reply
[+] [-] cryoshon|8 years ago|reply
needless to say the idea that they want to suppress journalists is egregiously illiberal and warrants our unanimous excoriation of these businesses.
zuck's silence (terror? or destroying more evidence, as they have already done?) is very telling. if we organize, the bell will toll for facebook. it is long overdue.
as a bonus, zuck's presidential run is ruined, hopefully.
[+] [-] mieseratte|8 years ago|reply
Defamation, per TFA.
[+] [-] usmsid|8 years ago|reply
[+] [-] harry8|8 years ago|reply
[+] [-] harry8|8 years ago|reply
Life is better without them. They really haven't got you, you can break free just by deciding to do it.
(Apologies for mentioning up/down voting)
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] decacorn|8 years ago|reply
[+] [-] wongarsu|8 years ago|reply
[+] [-] anonnel|8 years ago|reply
Or, perhaps the castle is reaching the next phase of construction, where users are supposed to have an appropriate level of fear.
[+] [-] gabriel171|8 years ago|reply
[deleted]
[+] [-] mankash666|8 years ago|reply