Users can use Facebook to connect with other people. In the process they share their information on Facebook. Facebook can use this information to categorize users based on their interests and serve them targeted advertising. Advertisers <i></i>do not<i></i> see who saw their ads unless the user interacts with the ad.<p>Now the platform itself is open and can be used by others in their apps to get user data. In such a case, the user himself approves sharing his data on Facebook with the app. This is what happened in the case of Cambridge Analytica. Users used a 3rd party app which collected data. They voluntarily did it. The app then shared it with Cambridge Analytica. The app developer got data from users and used it in ways he didn't disclose to his users.<p>Facebook makes close to no money from these third party apps. I have written apps in the past which ended up collecting user information which just sits in my database. I don't see how Facebook can prevent exploitation of this data as it can't be monitored. They could just shut down the pipe but I believe that will again make many people mad. The app developer is at fault.<p>Given above, I feel its the app developer at fault and not Facebook.<p>TL;DR Facebook advertising doesn't leak user information. Cambridge Analytica's approach would fail if people simply stopped using 3rd party apps.
> In such a case, the user himself approves sharing his data on Facebook with the app.<p>Most users are non-technical and have no idea what this really means. To users it means “if you don’t approve you won’t be able to use this”, so they do. It’s like giving candy to someone who doesn’t understand nutritional facts — all they understand is it tastes good, not that it’s also bad for you. Facebook and other companies know and take advantage of this.<p>Also, it’s my understanding the Cambridge Analytica app also pulled data about friends of people who used it, so even if you hadn’t consented to the app you were still scraped. <i>At the very least</i> Facebook is at fault for having a system that allows personal information of non-consenting users to be taken by third-parties.
Facebook <i>definitely</i> did something wrong. Facebook makes developers sign up to an agreement that states they won't pass the user's information on to other parties. Kogan did that and Facebook failed to stop him, and then failed again when they didn't follow up sufficiently with Cambridge Analytica. Putting in a framework to protect user's data and then failing to act on it means they failed to protect their users.<p>Kogan and Cambridge Analytica also did things that I would consider wrong, but that doesn't let FB off the hook.
The reports have been so vague as to what Cambridge Analytica did its hard to know what they have or how they used it.<p>I feel like the political climate is so energized right now that everyone is freaking out instead of waiting for details and specifics. Facebook seems to be taking this very seriously and, generally speaking, I've always been impressed with Zuckerburgs ability to be introspective and make changes instead of digging in his heels.<p>I'll give them the benefit of the doubt for the moment while all this shakes out.
(Part of) the problem is a lack of transparency to the cost you pay.<p>>They voluntarily did it.<p>If we're going from voluntarist morality then it seems okay initially but there are two main complicating factors that I see.<p>(1) Facebook and this app appear to be free. In reality they have a cost but because that cost takes the form of something other than money, the monetary value is obscured.<p>(2) Even the data itself is obscured from the user. Users don't know what data they've handed over, how it's been collected, what conclusions have been drawn from it, who it's been sold to, whether it's been combined with other data sources, etc.<p>Even the most voluntarist among us would probably see something wrong with the US healthcare system where you can't know the price of your services until after you've accepted them. Social media data collection is even one worse step than that because you <i>never</i> find out what price it is you've paid.<p>A fix to this is radical forced transparency, just like what GDPR is going to do.
You don’t see how Facebook could prevent exploitation? After 2014, they restricted access to friends data after CA first blew up. But they knew in 2012, the Obama campaign had similarly abused TOS to harvest friend data and to perform analaysis and cross-referencing with (such as identifying friends who are also on campaign donor lists).<p>Saying that people could just write a web scraper anyway is a bullshit rationalization. The technical barrier is high enough that it would make it an extremely costly option, certainly more costly than all the other data sources that campaigns traditionally use.<p>FB may not have outright committed evil, but they sure didn’t seem to prioritize safety for their users. And that’s enough on which to consider judging them accordingly.
While the title is framed to get people's input; in the text you proclaim that the issue is not Facebook but the users. So, what you are asking is - <i>I am convinced Facebook did not do anything wrong but prove me otherwise.</i><p>The problem with that there is no way to prove a negative. And you already have the biggest defense - "...but people shared their data willingly".<p>Still, here's my view on this - Facebook is designed to collect data but it also is designed to keep people engaged so that they share <i>even more</i>. They also make it easy for people looking to collect data.<p>Their whole business model is around data. So, I wouldn't be surprised if there is a leak showing Facebook specifically courting CA, just like twitter did with RT:<p><a href="https://www.theguardian.com/media/2017/oct/27/russias-rt-reveals-twitters-pitch-to-sell-millions-of-dollars-in-2016-election-ads" rel="nofollow">https://www.theguardian.com/media/2017/oct/27/russias-rt-rev...</a>
I'll leave this here, I don't want to pressure HN into learning anything about privacy or Facebook's practices though: <a href="https://phys.org/news/2018-02-belgian-court-facebook.html" rel="nofollow">https://phys.org/news/2018-02-belgian-court-facebook.html</a>
I agree. I find <a href="https://newsroom.fb.com/news/2018/03/suspending-cambridge-analytica/" rel="nofollow">https://newsroom.fb.com/news/2018/03/suspending-cambridge-an...</a> accurate about facts.<p>On the other hand, in Facebook's own words, "In 2015, we learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies". If Facebook learned this in 2015, why are they suspending violators in 2018? That part is blameworthy. But I agree the primary blame lies at Kogan, CA, SCL, etc.
Yes, the app developer is definitely at fault.<p>The question at hand is whether Facebook could/should have done something/more to avoid this kind of situation. I do not have a definite answer to this question, but one could imagine both technical and legal means that can be used to avoid such abuse of data.<p>The other question at hand is whether Facebook should be allowed to hold this kind of power. Again, I do not have a definite answer and if the answer is "no", I have no idea how this could be implemented.
> Facebook advertising doesn't leak user information.<p>It exposes too much data to advertisers/app, which most users unknowingly agree to. Which is still Facebook's problem and should be regulated. I think the downfall of FB has just started and Google is quite lucky that their efforts with G+ fell, because if they succeed they would be in same position.<p>Cambridge Analytica use of data is immoral and legality should be decided in courts.
facebook basically did nothing to ensure third party apps & developers were not violating its data access and sharing policies. most developers know it has always been pretty easy to harvest data from facebook by tricking users and once you have the data you can do whatever you want with it.<p>facebook probably didn't do anything illegal, but many people feel they failed to sufficiently protect user data from bad actors.<p>It the absence of laws or regulations to punish facebook, the only recourse is for users to leave the platform. this probably won't happen b/c most people don't know or don't care. but if we think its in the public good to protect this data we should seek to pass some regulations that require platforms like facebook to meet an acceptable threshold of data protection.<p>given the effects that harvesting facebook data can have on elections, its probably a good idea for regulators to step in.
One issue is that the older version of the graph API permitted third party apps to access your full friends list and data your friends had shared. So I post photos and statuses, and those aren't just visible to my friends but also to third party apps my friends are using.
The crux here is the difference between affirmatively doing something wrong and failing to do enough right. I'm not going to wade into the rest of the debate, but I think anybody giving an answer should try to be clear <i>which</i> question they're answering.