The so-called "data breach" was always in reality a by-product of an open platform that hundreds of thousands of developers could easily build apps on top. You may err on the side of "more reviews" or "less powerful API", but in the end, those ideals are in tension. The more open the platform, the more open to this kind of "breach".<p>People who believe in the idea in this kind of platform having an API should have long ago spoken up in Facebooks defense. This is exactly what I was afraid would happen, and I expect worse to come from this "platform review". Given the kind of media coverage here, Facebook seems to have more to lose than to gain from letting random Hacker News kids build on their platform. And if so, they won't in the future.
The Facebook API has been useless since 2014 when most access to friend data was cutoff. Since then, if your objective was data collection, that could be easily achieved by scraping publicly available information (many friends lists are public, there are many public posts, etc. - certainly enough to use in aggregate to formulate campaign strategies etc.). I suspect that will be the next “scandal,” since in 2018, people can’t possibly take personal responsibility for the things they post and allow to be public.<p>Ironically, the “scandal” that caused this whole thing is a non-issue. Pre-2014 Facebook apps could collect a lot of information about you and your friends, along with their Facebook user IDs, and that was scary because there was a time when you could simply submit a list of user ID’s that you wanted to show a specific ad to. But since Facebook advertising cannot be targeted by user ID anymore, and this policy was in place well before the 2016 election, all of that data was essentially useless to any participant in the 2016 election other than for aggregate things like general campaign strategies. I am intimately familiar with the advertise by ID issue - I was awarded a $2k Facebook bug bounty for spotting an exploit in the Custom Audiences feature that allowed an equivalent version of targeting by ID after they disallowed it.<p>So while it’s possible that Obama used his special access to the entire US social graph to successfully influence his elections, it is impossible for Trump or Hillary to have done it <i>even if they had the data</i> because of the changes in the FB ad platform in between 2012 and 2016. This entire “scandal” was created and promoted by people that don’t understand, or actively ignored, this concept. If you ask everyone that has read the recent headlines, including reporters that wrote the stories, I’ll bet 99%+ will tell you that they believe they could be specifically targeted with ads.<p>It would be interesting to see if the executives at any of the media companies that have managed to sell this scandal to the public took unusually large short positions in Facebook stock before releasing the story. Since the story is effectively fraudulent (it was not possible for the election to have been influenced in the way that the stories imply), I assume that would be securities fraud.
Pausing app reviews is annoying for sure, but not allowing new users to authorize their app is really bad.<p>Meaning that new customers can't connect with facebook anymore to access their own data using OAuth! We don't need permissions about your friends, your photos, or whatever. Just accessing their own messages and posts (which is what our customers want to see in our app and pay for).<p>I know they are shell-shocked after #deletefacebook stuff, but this overreaction is ridiculous.<p>So glad it's not our only channel of communication through. Times like this you appreciate email - crazy huh?
Reading Facebook's PR as they try to fix "problems" that they previously leveraged to profit massively is like someone purposely tripping you and as you stand back up they spit in your face and say "Oh, sorry. I'll try not to do it again" in a condescending tone. [edited to remove things HN can't handle]
This is a bit out of left field, but since the height of Farmville I've argued that Facebook should offer cloud services. I know these days everyone wants you to build on their cloud and it's a bit oversaturated, but a very easy way for Facebook to make data available to developers while maintaining security is to run the code that operates on that data on their servers. Seems like such a no-brainer I'm surprised they haven't done it.<p>But maybe I'm missing something obvious.
I wonder if it's all still a net benefit for fb. I remember back in the day while doing heavy fb dev, being flabbergasted at what we were able to get. It solidified our decision to invest heavily in their platform. We were able to get millions of likes and other data by simply having a few thousand signups. At one point I thought it was a bug and had to ask around about it. We had to consider whether it is something that will be "discovered" and shutdown or not. The power of it cannot be understated, and without a doubt a major catalyst for the success of their platform. It's possible that they would be worth less today, including the $100B loss, without it.
Not sure if this headline is 100% accurate. oAuth for apps that have already passed Login Submission is still functioning. For example, new users to an app that is already in the FB app ecosystem can still create accounts via oAuth.<p>However, apps that request scopes like "user_friends" or "pages_messaging" [1] may error out during authentication.<p>[1] <a href="https://messenger.fb.com/newsroom/messenger-platform-changes-in-development/" rel="nofollow">https://messenger.fb.com/newsroom/messenger-platform-changes...</a>
Interesting how it's all about "sharing" and "community" when they want you to get on Facebook and all about "well you know you signed your privacy away" when you ask any questions. It's so disingenuous - I'm loving Facebook's self-created troubles.
Can anyone think of a useful Facebook app? I can’t think of one. They’re not as intrusive/awful as they were in the FarmVille era, but are any actually useful for users, not marketers?
Is it possible to create an app that can easily remove personal info, and delete all posted content that is, say older than n days old? If so, is there a new demand for this kind of app?