by jmagaro88 on 4/3/19, 5:43 PM with 43 comments
by fixermark on 4/3/19, 7:04 PM
If it's earth-shatteringly bad for your users if their private data is leaked by a third-party, you cannot exfiltrate that data to a thrid-party. Full stop. No amount of policy un-leaks data, and "You cannot continue to operate as a Facebook service" is an empty threat the moment it becomes more valuable for the third-party to violate the agreement than to continue to operate as a Facebook service.
The takeaway: if you are responsible for user privacy, you must do the computations on the user's data. Have partners ship you the computations they wish to do, vet them, and then ship them results compliant with your users' expectations. Don't hand third-parties a subset of the keys to the kingdom and expect an honor system to preserve user privacy.
by t385glmp63v on 4/3/19, 5:52 PM
by ChrisCinelli on 4/3/19, 7:41 PM
At that time the Facebook's API was pretty much open and you can get everything. It was an experiment and Mark Zuckerberg had a lot of hope in what people could do with that data to add value to the users. I was not doubting that he was doing it with good intentions. But he was naive...
Unfortunately, most of the apps were abusing all the channels that Facebook was giving them to get more users and milk money out with ads and micro-payments (ex: through OfferPal Media - now Tapjoy).
During that time I was pretty surprised how much info people were giving away with a click through. Even on the main Facebook product people were posting all kind of stuff, including stupid things they were doing. It really seemed that people were becoming more open and it was the beginning of a new era for privacy (or lack thereof).
Facebook realized pretty quickly what apps were doing and they started adding more granular permissions. Eventually Facebook started limiting more and more access to the API until 2011/2012 when the user generating gold mine was pretty much gone. Again, Facebook has always been working to fix the experience for their users and also to make clear that those where 3rd party apps. But people did not really care.
There have been probably hundred of thousands of apps that had access to "sensitive" user data. According to the Facebook's Term of Service, data could not be stored for more than a certain amount of time. But nothing was technically preventing people to store that data forever...
And here we are...
by taytus on 4/3/19, 7:01 PM
A couple of local startups were talking about how to leverage the "login with facebook" button. It was a big thing...
Most people I talked to, told me: "The very first thing I do is to save all the email of their friends" or stuff like that.
So yeah, this was years ago. I'm failing to see how this is a surprise at all.
by AdmiralAsshat on 4/3/19, 8:15 PM
by socialhack3r on 4/3/19, 7:27 PM
Seems to suggest that FB platform apis were designed to not share any privacy metadata with devs. Maybe not the same as how apps like At The Pool stored that data, but might explain the firehose of data that FB gave devs and now they will point the finger and say it was their fault for these leaks/breaches. Food for thought.
by jrochkind1 on 4/3/19, 7:20 PM
by ghssji on 4/3/19, 9:43 PM
by nerdjon on 4/3/19, 6:13 PM
Not to downplay the issue... but its clearly written clickbait
by _-_T_-_ on 4/3/19, 6:05 PM
by miki123211 on 4/3/19, 6:17 PM