> <i>And, for the any employees still at Twitter, don’t underestimate the power of a pocket veto.</i><p>This is something I've been repeating to some of my younger colleagues.<p>Engineers aren't really fungible resources, to the extent that these projects require. Ask any manager how easy it is to swap "allocated resources", and they'll probably sigh heavily.<p>People are afraid that if they don't follow their manager's every request, they will be fired. But remember that hiring is <i>hard</i>, and managers are loath to fire someone they've already spent so much effort finding, hiring, and onboarding. Finding someone else to do it can take weeks, months, or longer! Which in many cases risks killing the project altogether.<p>Even if you're at the bottom of the chain, as the person who does the actual <i>implementation</i>, you have a lot of power on what gets prioritized.<p>See also the oft-circulated OSS "Simple Sabotage Field Manual" <a href="http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html" rel="nofollow">http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabota...</a>
“We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”<p>This should be posted absolutely everywhere with <i>this</i> as the hook. This type of request and the admittance that <i>companies give even more than that all the time</i> is headline news worthy.
The Tim Hortons mobile app in Canada did this very thing: monitoring your GPS location 24/7, and logging special events when you entered a competitor's store, like Starbucks.<p><a href="https://www.reuters.com/technology/investigation-finds-tim-hortons-app-violated-privacy-laws-says-canadian-2022-06-01/" rel="nofollow">https://www.reuters.com/technology/investigation-finds-tim-h...</a>
> Most people don't really appreciate how close Twitter was to shutting down.<p>> Twitter was on its death bed and was desperate for money.<p>I worked at Twitter at the same time, and while the company definitely was going through a rough patch at that time, it was absolutely not anywhere close to 'shutting down' or 'on its death bed' financially.
Finally, someone who quit.<p>So many of these stories are from someone who built the thing, profited, left, and then took up a new chapter of their career talking about how everything they did at <BAD COMPANY> was bad and that they should now receive funding, back pats, and NPR airtime for their new <GOOD COMPANY>.<p>My question is always: "So, are you going to give the money back?"<p>There really is a middle ground between just following orders and dedicating your life to sabotaging a company from the inside because someone there once thought about doing something that didn't 100% align with your personal mission.<p>You can refuse and you can quit.<p>More people need to read books on engineering ethics.
<a href="https://nitter.net/stevekrenzel/status/1589700721121058817" rel="nofollow">https://nitter.net/stevekrenzel/status/1589700721121058817</a><p>If you're not interested in visiting twitter directly.
> …Elon will do far worse things…<p>Non-sequitur. The story is about middle management doing evil things for almost no incentive except a small pat on the back for padding a short-term revenue number, while the actual owner-leader who benefits the most shuts it down.
All individuals are incentivized to do the wrong thing. CEO's are incentivized to sell data to make money. Engineers are incentivized to create bad software via making the people who pay them happier. Users are incentivized to give up their data in exchange for a free service. Politicians are incentivized by political donations and getting information they aren't constitutionally privileged to get.<p>Doing the ethical thing requires making less money (or losing money) for nearly all parties involved. Doing the right thing requires sacrifice.<p>In a happy world, the CEO has long term vision and sees the long term cost of loss of trust. The engineers see the ethical problem or betraying their peers and use their pocket veto to do the right thing. The user should be willing to pay a reasonable cost to receive the service they use. Politicians should see that the individual incentives harm the whole and create regulations that disincentivize the poor behavior.<p>Non-rhetorically: How do we ensure as a society that we live in the latter, and not the former?
For one story like this which emerges because the engineer refused, how many stories we will never heard about because it was simply done?<p>As software engineers, we are just like medical experts talking about the toxicity of cigarettes while ourselves buying cigarettes and distributing them to our own children.
Good reminder that while Google gets a lot of negative privacy attention it is telcos, ISPs, and lesser-known apps that are the most deplorable actors data collection and selling.
> <i>As far as I know, the project actually got canned. Jack genuinely didn’t like it. I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.</i><p>yeah, this is a major concern of mine now. while a few months ago i had some minor concerns with elon discussing taking it over, his behavior since this started has elevated those concerns to an absolute red alert level. the kind of data he has access to is terrifying.<p>i’m predicting whatever it is will make the facebook/cambridge analytica thing look tame in comparison.
He won the battle (pyrrhic-ly) but not the war. Fine grained location is commonly bought and sold in the USA:
<a href="https://www.vice.com/en/article/v7v34a/fog-reveal-local-cops-phone-location-data-manual" rel="nofollow">https://www.vice.com/en/article/v7v34a/fog-reveal-local-cops...</a>
This really isn't a just for <i>Twitter</i>; this is the danger of selling any application with a large install-base. Doesn't really matter if it's a social network app, borderline-useless mobile app, Facebook App (I'm looking at you, Cambridge Analytica), chrome extension, or pypi/npm module, all of these things are <i>capable</i> of collecting extremely fine-grained user detail, and selling it off.<p>It doesn't matter if the current owners don't/won't do it, there is essentially nothing that prevents someone else from buying it up, and doing nefarious things with the existing install base.<p>And as far as "Terms of Service" go, there is essentially nothing to prevent a future owner from updating the Terms of Service, and then doing the above.
Anyone using social media services need to pay attention to this story. When the profit margins shift ever so slightly, or say massively like with the Apple changes, then these companies will take meetings with executives like this Telco who wanted data on when people are going into their competitors stores. Unbelievable, or should I say, totally believable and totally expected.
> As far as I know, the project actually got canned. Jack genuinely didn’t like it.<p>> I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.<p>When has Elon been against user privacy? Also, isn't Elon good friends with Jack? I feel like they would see eye to eye with this. In fact Elon seems like the type that would try to champion emerging fads like crypto, differential privacy, and zero knowledge proofs. Harvesting data is boring and easy.
> With Twitter's _change in ownership_ last week, I'm probably in the clear to talk about the most unethical thing I was asked to build while working at Twitter.<p>Generally not true/safe. Any NDA still in effect would be transferred to the new owner. If the author genuinely believes this, they may want to delete this tweet asap. If it's just rhetorical, well ok then.
Very true about the pocket veto, and I've said this to my team before - I can give advice, I can argue for my values, but my lever as a manager is hire or fire. I don't have time to do the implementation, and the person doing the implementation realistically is going to decide the inplementation. I can influence, but really, they decide.
"We get a lot more than that from other tech companies."<p>And hence why almost every app on my phone has location access 'never' and only the ones that really need it have it 'while using app'.<p>Of course, I never even got the Twitter app, I've always just used it in Safari on my phone.
> We ran an alternative by the telco. They didn’t like it and were frustrated. So was Sales. I was asked to go to telco’s HQ and figure out exactly what they want.<p>Sales. Sales at Twitter sells user data to Twitter's customers [who aren't necessarily even advertisers].<p>Got it.
This made me cringe:<p>> Legal said the request was fine – none of it violated the user ToS.<p>Almost as if was watching an episode of some dystopian show happening somewhere in the future. It's sad to learn it's already happened.
> Twitter, like most mobile apps, logs <i>everything</i> users do – every swipe, tap, edit, delay, etc… – for debugging, metrics, and experiments.<p>Maybe other things too
The worst part of these types of stories is every time I tell my non-tech friends and family about this stuff, the vast majority respond with: “so what?” They genuinely do not care about their own privacy from companies. Then they bash Facebook or who ever else is in the news most recently about misusing data and can’t connect the dots. It really feels like a losing battle of trying to save people from themselves. :(
Intriguing:<p>> I wound up meeting with a Director who came in huffing and puffing.<p>> The Director said “We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. <i>We get a lot more than that from other tech companies.”</i><p>If they have so much data on us, why is the ad targeting so laughably bad? Facebook has recently been pushing me to watch Hocus Pocus 2. -_-
There are tons of data brokers that get near real time user level location data from mobile apps (usually not from ‘name brand’ apps but from the long tail) and then sell this as aggregated data products to others: eg <a href="https://docs.safegraph.com/docs/monthly-patterns" rel="nofollow">https://docs.safegraph.com/docs/monthly-patterns</a> .
> <i>One of the first areas I worked on was improving the way our mobile apps uploaded logs. Twitter, like most mobile apps, logs </i>everything* users do – every swipe, tap, edit, delay, etc… – for debugging, metrics, and experiments.*<p>A reminder: use the mobile web version of any services you use, not the app, and use NextDNS to block all the tracker hosts at DNS level.
<i>> And, for the any employees still at Twitter, don’t underestimate the power of a pocket veto.</i><p>Here's a comment I made a month ago, or so: <a href="https://news.ycombinator.com/item?id=33001139" rel="nofollow">https://news.ycombinator.com/item?id=33001139</a><p>I was asked to do an unethical thing, just after being promoted.<p>I declined, but everything turned out OK.
I think this post buried the lead a little bit.<p>"All other social media companies give us more than is"<p>An app logging signal strength can pin point your location, which is then commonly sold to companies such as telcos as alleged in this story.<p>Owning a phone without GPS turned on, any app can track and sell your every movement without violation of any T&C or local laws.<p>That is beyond distressing.
This is just one reason why I <i>always</i> prefer to use the website rather than an app.<p>If I use the website I'm browsing on my terms: adblocking enabled, no location data, a lot less surface area for tracking.<p>When you use the app then you're browsing on their terms: geolocation, tracking, ads, everything.
I'm confused by the bit that says it's ok now??? If an NDA applied before the buyout it still applies, so why mention it now? Attention? Confusion about how employee contracts and NDAs apply? Not entirely true?<p>Can't figure out which from the thread
I don't know what's more disturbing. The request, Legal's response, or the people responding to the thread and finding none of this is unethical.<p>Seems like we have lost something along the way.
The author was asked to work on several unethical projects while at Twitter. As stated in the title, this is only "the most" unethical one. Did he refuse to fulfil the other requests.
I wonder how many stories like this are waiting to come out from the 2010s, the era that turned the internet into a centralized hellscape that ran on ads and creepy data collection.
This revelation just shows that doing the right thing depends on the accidental and rare "good guy" to hold their foot down. It's not something we can rely on.<p>The Elon Musk burn in that sense is distracting. He hasn't done anything in this direction yet. He very well may, but he hasn't. So it's a false accusation/speculation.<p>Counter to that, there is the <i>fact</i> that Twitter's legal and sales departments (pre-Musk) were totally cool with sending fine-grained location data to whoever pays for it.<p>Controversy should focus on actual events, not imaginary ones. As such, old Twitter has some explaining to do and it's worrying that no actual Telco is named. Finally, a quote like "other tech companies give us far more" should launch a swarm of journalists to dig as deep as possible.
> I wound up meeting with a Director who came in huffing and puffing.
> The Director said “We should know when users leave their house, their commute to work, and everywhere they go throughout the day. Anything less is useless. We get a lot more than that from other tech companies.”<p>First thing today I did, was uninstalling the Twitter app. Even if it's not in (who knows). Totally forgot about the big apps deals with the global spying business.
This take of "Elon will do a lot worse things with the data" is my own personal take on WHY Musk bought Twitter.<p>He's of a libertarian bent, so it could well be a real part of the story that he wants more free speech, and less censorship of similar folks.<p>However, I do believe he is playing that up to try and avoid any discussion of the monumental tranche of data he is sitting on top of and the potential value of it. I recall in the early days, the entire Twitter database was made available to researchers, who found they could predict overall market movement (up, down, some basic idea how much) about 3 days ahead of time by looking at sentiment trends.<p>All of that is worth "Take over the World" kind of money, where as the free speech stuff is, well. Worth percentage points at best.
> I would assume Elon will do far worse things with the data.<p>I notice here the casual dismissal of actual, observed harm for the sake of fantasies of future harm. I wish that the similar casual dismissal of government censorship laundered through private media monopolies came with some similar sort of fear of how President Trump or President DeSantis will handle their brand-new tools in a couple of years.<p>That being said, Democrats saw what Bush did with his unchecked executive powers, and didn't roll a thing back when they later had the Presidency and both houses of Congress. Instead, they continued doing politics by executive order, and cemented AUMF as a declaration of a permanent state of emergency.
For as much shit as GDPR gets (sometimes rightfully so), I'm really glad there is at least some data protection in the EU. The free-for-all that is hiding stuff in the TOS is atrocious and terrifying. Twitter and Facebook being each in control of one person at the top, each with "eccentric" tendencies, makes this situation really dystopian.
This is a perfect example of why EU implemented GDPR. We can't trust companies to protect their users. Once money is involved, the outcome often depends on a few conscientious employees with the strength to say "NO"<p>Som may say that
> Most people don't really appreciate how close Twitter was to shutting down. The 2016 election was the only thing that saved them and made them relevant again<p>So in the Good Timeline there's no Twitter _and_ no President Trump?
> I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.<p>The story is interesting, but this line is petty. It's also more than a bit ironic, given that the OP just spent N tweets describing how the <i>previous</i> management wasn't exactly setting high ethical bars.<p>The worst aspect of "Twitter culture" is the tendency -- illustrated here, perfectly -- to slander people, just to make the mob shake their pitchforks harder.<p>I sincerely hope Musk finds a way to fix that.
I'm not Musk fanboy, but the leap in the end to put the dirt on him is outrageous ("I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.").<p>Let me try to summarize what author actually said in the end: "I left, I sent email to then CEO of twitter and PER MY KNOWLEDGE the project was canned, I don't know if it actually was. But new guy still could do worse things".<p>If you're so moral, why not blow whistle to public when you left previously, and not write unsubstantiated claims about new owner now.