Unfortunately, Facebook had a fundamental misunderstanding of how privacy <i>has</i> to work, and their users will be paying for their error for years.<p>If it's earth-shatteringly bad for your users if their private data is leaked by a third-party, you cannot exfiltrate that data to a thrid-party. Full stop. No amount of policy un-leaks data, and "You cannot continue to operate as a Facebook service" is an empty threat the moment it becomes more valuable for the third-party to violate the agreement than to continue to operate as a Facebook service.<p>The takeaway: if you are responsible for user privacy, <i>you</i> must do the computations on the user's data. Have partners ship you the computations they wish to do, vet them, and then ship them results compliant with your users' expectations. Don't hand third-parties a subset of the keys to the kingdom and expect an honor system to preserve user privacy.
Facebook has a Data Abuse Bounty program where they pay for reporting third-party data leaks like these: <a href="https://www.facebook.com/data-abuse/faq/" rel="nofollow">https://www.facebook.com/data-abuse/faq/</a>
Between 2007 and 2009 it was a far west for Facebook apps.
A gift app that you could write with about 100 line of code could reach 10 millions of users in 2 days. More complex apps could do better. That was the most amazing part.<p>At that time the Facebook's API was pretty much open and you can get everything. It was an experiment and Mark Zuckerberg had a lot of hope in what people could do with that data to add value to the users. I was not doubting that he was doing it with good intentions. But he was naive...<p>Unfortunately, most of the apps were abusing all the channels that Facebook was giving them to get more users and milk money out with ads and micro-payments (ex: through OfferPal Media - now Tapjoy).<p>During that time I was pretty surprised how much info people were giving away with a click through. Even on the main Facebook product people were posting all kind of stuff, including stupid things they were doing. It really seemed that people were becoming more open and it was the beginning of a new era for privacy (or lack thereof).<p>Facebook realized pretty quickly what apps were doing and they started adding more granular permissions.
Eventually Facebook started limiting more and more access to the API until 2011/2012 when the user generating gold mine was pretty much gone. Again, Facebook has always been working to fix the experience for their users and also to make clear that those where 3rd party apps. But people did not really care.<p>There have been probably hundred of thousands of apps that had access to "sensitive" user data. According to the Facebook's Term of Service, data could not be stored for more than a certain amount of time. But nothing was technically preventing people to store that data forever...<p>And here we are...
Anecdata: A couple of years ago, I was at one of the very first (not sure if not the only one) FB connect meetings here in Dallas.<p>A couple of local startups were talking about how to leverage the "login with facebook" button. It was a big thing...<p>Most people I talked to, told me: "The very first thing I do is to save all the email of their friends" or stuff like that.<p>So yeah, this was years ago. I'm failing to see how this is a surprise at all.
Since there are many anecdotal reports of Facebook failing to delete the profile history data even after closing your account, is there a better way people should be scrubbing their data? Some kind of tool, perhaps, that edits all of your posts and replaces them with scrambled / gibberish text?
This other article that got posted today might explain why this happened in more detail: <a href="https://medium.com/@six4three/deceit-by-design-zucks-dirty-secret-he-doesn-t-want-you-to-know-67dcc94e2b5d" rel="nofollow">https://medium.com/@six4three/deceit-by-design-zucks-dirty-s...</a><p>Seems to suggest that FB platform apis were designed to not share any privacy metadata with devs. Maybe not the same as how apps like At The Pool stored that data, but might explain the firehose of data that FB gave devs and now they will point the finger and say it was their fault for these leaks/breaches. Food for thought.
I don’t really get it. Isn’t the opposite of this (restricting third party developers) exactly what people are furious at Twitter over, for killing Tweetbot etc.?
One hell of a clickbait headline.
Since it is more fallout from the previous data handling issues and not further screwups on Facebook's part.<p>Not to downplay the issue... but its clearly written clickbait