from Hacker News

Meta enforces purpose limitation via Privacy Aware Infrastructure at scale

by seanieb on 8/31/24, 7:20 PM with 53 comments

  • by tgsovlerkhgsel on 8/31/24, 9:32 PM

    This looks very much like it was created (at least partly) in response to the Digital Markets Act, which prohibits companies regulated under it ("Gatekeepers", https://digital-markets-act.ec.europa.eu/gatekeepers_en) from combining data across different services without the consent from the user.

    Fines for DMA violations are up to 10% of global revenue (not profit) for the first violation, up to 20% for repeat violations, plus other penalties and remedies. Also, an ongoing fine of 5% of revenue until brought in compliance.

    My impression is that DMA is taken quite seriously by Big Tech, especially given that it's clear that they're directly being targeted by it.

  • by transpute on 8/31/24, 8:00 PM

    Ambitious effort! Was this motivated by regulation?

    It would be interesting to compare the capabilities and policy challenges of at-scale data privacy, with patterns in single-node systems like SE Linux and App Armor, which have been historically daunting.

    Sqrrl (now Amazon) work on Apache Accumulo has tools for access control plumbing in large datasets, https://accumulo.apache.org/

    > Every Accumulo key/value pair has its own security label which limits query results based off user authorizations.

  • by Terretta on 8/31/24, 10:36 PM

    Meanwhile, I can't use Threads without tying it to Instagram.

    And from there, in turn, FB: https://webapps.stackexchange.com/questions/108777/prevent-i...

  • by miken123 on 8/31/24, 8:02 PM

    Lovely that their blog with privacy propaganda has a cookie banner that is not compliant with any privacy law in any way. Says everything about their efforts, I guess.

  • by imiric on 8/31/24, 8:26 PM

    What a strange article and initiative by Meta. So we're expected to believe that Meta is doing all this engineering out of some newly discovered concern for user privacy, and ignore the decades of blatant privacy violations, for which they've been fined numerous times? I suppose they've decided that the cost of this effort is less than the fines they would have to pay otherwise, so it probably makes business sense. It doesn't hurt as PR fodder to balance the negative press either.

    But let's not be fooled. Advertising and user privacy is a zero-sum game. Adtech is a giant business today precisely because they've violated user privacy since the beginning, taking advantage of the fact that the average web user is either unaware of what they're giving up, or they just don't care. All these supposed privacy initiatives by adtech corporations are simply an answer to increased regulation and public awareness. Otherwise they would happily continue siphoning everyone's data without thinking twice about it. They actually still do for areas of their business that are not under the spotlight yet: shadow profiles, data broker transactions, etc.

  • by barbazoo on 8/31/24, 9:06 PM

    Like putting lipstick on a pig.