Facebook let Netflix see user DMs, quit streaming to keep Netflix happy

509 点作者 edsimpson大约 1 年前

24 条评论

The article skips a lot of context to make it sound significantly worse than reality. Facebook didn't just randomly give Netflix access to everyone's messages. Specific user would need to purposefully log in to the Netflix app with their Facebook account in order to grant Netflix access to the chat functionality (intended to send movie recommendations to Facebook friends inside the Netflix app).<a href="https://about.fb.com/news/2018/12/facebooks-messaging-partnerships/" rel="nofollow">https://about.fb.com/news/2018/12/facebooks-messaging-partne...</a>Disclaimer: I work at Facebook but not on messaging or anything related to this article.

评论 #39859553 未加载

评论 #39861543 未加载

评论 #39860074 未加载

评论 #39861867 未加载

评论 #39860341 未加载

评论 #39859383 未加载

评论 #39860602 未加载

评论 #39859567 未加载

评论 #39862269 未加载

评论 #39861531 未加载

评论 #39859792 未加载

评论 #39860060 未加载

1vuio0pswjnm7大约 1 年前

"Meta said it rolled out end-to-end encryption "for all personal chats and calls on Messenger and Facebook" in December. And in 2018, Facebook told Vox that it doesn't use private messages for ad targeting.1 But a few months later, The New York Times, citing "hundreds of pages of Facebook documents," reported that Facebook "gave Netflix and Spotify the ability to read Facebook users' private messages.""1. "Does Facebook use info from your private messages to target you with ads?No. Facebook says it might look at your private messages to determine if they violate the company's policies, but it doesn't use that information for ad targeting. Facebook won't use the contents of your private messages to target you with ads on Facebook Messenger, WhatsApp or Instagram either, according to a spokesperson."<a href="https://www.vox.com/2018/4/11/17177842/facebook-advertising-ads-explained-mark-zuckerberg" rel="nofollow">https://www.vox.com/2018/4/11/17177842/facebook-advertising-...</a>If the messages are encrypted "end-to-end" or whatever the chosen marketing buzzwords, so that Facebook cannot read them, then how is FB able to "use" messages for anything. One accustomed to normal communications services might think FB is storing and delivering messages and that's all. But in truth, it's "using" them. (For purposes other than complying with any request from a court of comptent jurisdiction.)Exactly what they might be doing is of course highly confidential. You are free to take guesses. FB may answer yes or no. Answers cannot be verified, so their value outside of marketing is dubious.NB. Meta _is_ a third party. It feels as if some people believe they can redefine terms like "end-to-end", "third party", etc. As if they know many readers will happily go along for the ride.

评论 #39862344 未加载

评论 #39860756 未加载

mcherm大约 1 年前

I'm not clear whether I understood what the article is claiming. It's clear they claim that Meta shared customer's direct messages with a business partner without notifying the individuals who sent and received the messages. It also SOUNDED to me like the article was claiming they did so AFTER Meta introduced "end-to-end encryption" (which would ALSO mean that they were lying about offering end-to-end encryption). Am I reading that correctly?

评论 #39859292 未加载

评论 #39859230 未加载

评论 #39859325 未加载

评论 #39859152 未加载

kylecazar大约 1 年前

What is being claimed here?'granted programmatic access to FB user's inboxes' could mean a lot of things. What privileges? I read the article and still can't tell.I don't believe that Meta allowed Netflix to read messages that a user sent or received, but that seems to be what they're implying.

评论 #39859682 未加载

评论 #39860376 未加载

评论 #39859638 未加载

neilv大约 1 年前

I don't recall this potential bombshell (maybe because it was shortly before a Christmas, and the NYT headline looked like just more of the same ol'):> And in 2018, Facebook told Vox that it doesn't use private messages for ad targeting. But a few months later, The New York Times, citing "hundreds of pages of Facebook documents," reported that Facebook "gave Netflix and Spotify the ability to read Facebook users’ private messages."2018-12-18 <a href="https://arstechnica.com/tech-policy/2018/12/report-facebook-let-companies-get-even-more-data-than-previously-known/" rel="nofollow">https://arstechnica.com/tech-policy/2018/12/report-facebook-...</a>2018-12-18 <a href="https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html" rel="nofollow">https://www.nytimes.com/2018/12/18/technology/facebook-priva...</a>

评论 #39859661 未加载

评论 #39859833 未加载

评论 #39859888 未加载

评论 #39859279 未加载

crmd大约 1 年前

This is one of the litany of bad things that happens when antitrust precident is ignored and we allow a small number of companies to become large enough to dominate the economy.

评论 #39861706 未加载

评论 #39884121 未加载

评论 #39859422 未加载

stephenm00大约 1 年前

Buried in the article, but not just Netflix, Spotify as well.The New York Times, citing "hundreds of pages of Facebook documents," reported that Facebook "gave Netflix and Spotify the ability to read Facebook users’ private messages."

pc86大约 1 年前

This is literally the first time in my life I've heard of Facebook Watch.

bhouston大约 1 年前

There is a lot of confidential information in Facebook private messages, probably people cheating, plans to leave one's job, political organizing, brides, illegal activities, etc. If Netflix gets access to this information, it is likely that other companies and 3rd parties got access either directly or indirectly.Very scary what can be done with that information.

评论 #39859671 未加载

timetraveller26大约 1 年前

So it's true that just talking to anybody about anything automatically triggers a flag in some server somewhere.

_heimdall大约 1 年前

The encryption concerns here are a bit confusing IMO. Facebook owns the UI that show you the text of the messages.There doesn't have to be a backdoor into E2E encryption at all per say, a simple UI property check would give full access to message contents directly in the frontend code. Throw that into a private API and Bob's your uncle, decrypted messages that were transmitted with 100% secure E2E encryption.

评论 #39859835 未加载

dbg31415大约 1 年前

Facebook is always going to pull stunts like this.They don't do creepy things on occasion by accident, they do them intentionally by default.Same old story for the last 20 years. Zuck is creepy AF, everything he touches is creepy AF.<a href="https://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5" rel="nofollow">https://www.businessinsider.com/well-these-new-zuckerberg-im...</a>

treme大约 1 年前

how much effort did meta put into building a legit competition vs netflix/youtube? it's hard to imagine they couldn't put up a decent competition with max user reach and $just how great of a moat do yt/netflix have? is Disney the only one mounting a decent fight?

评论 #39859147 未加载

评论 #39861894 未加载

ozfive大约 1 年前

This is wiretap level.

tored大约 1 年前

Never use Facebook or any other of the big ones as a login provider. Always use a separate account for each cloud service.

2muchcoffeeman大约 1 年前

Facebook had a streaming service? This is the first I’ve heard about it.

frogpelt大约 1 年前

If the product is free, you and ALL of your data are the product.

itioo大约 1 年前

My solution is to not use online products.I have a Gmail account because everyone needs email these days, and an iPhone with Gmail and banking and little else “online”Sorry not sorry tech people but I never really asked to be born or have your existence specifically but on me specifically.You’re society’s problem, not mine. It can deal with it without knowing I exist.

mgoetzke大约 1 年前

What is Facebook Watch ?

rezonant大约 1 年前

For important context on my post here, please read tsunamihippo's post first: <a href="https://news.ycombinator.com/item?id=39859319">https://news.ycombinator.com/item?id=39859319</a>.This story seems very overblown. Are we arguing that Facebook should not ever allow any third party app to ask permission to read the user's Facebook DMs? There are valid use cases for this permission, and every case where an app asks for it is not a "privacy violation". Sure, did Netflix or Spotify actually need the ability to read back DMs instead of just write them so that they could send recommendations? No, they shouldn't have needed that. If Facebook's API required that they have read access just to send a message, then that's crap design. But is it nefarious? No.As long as the user is appropriately briefed on what they are granting (and it appears that they were), and as long as Facebook addresses over-scoped permissions requested by third party apps in a timely manner, then this should not be an issue.I for one believe that we need to mandate that FAANG companies have these sorts of permission-driven systems to avoid the vendor lock in we're all too commonly stuck with today.Because these things are needed for competition to thrive and to avoid the big companies from creating moats that prevent us, the startups out there, trying to dethrone them, its all the more important that these companies invest in better UIs that help a user understand the implications of what they are doing, and better review processes to stop bad actors from exploiting users' ignorance on an ongoing basis.I despise Meta, but come on. Don't throw the baby (interoperability) out with the bathwater (interoperability can enable exploitation).

评论 #39861721 未加载

评论 #39860742 未加载

drexlspivey大约 1 年前

Facebook also installed root certificates through Onavo to spy on their competition. Some email exchanges from this court doc <a href="https://storage.courtlistener.com/recap/gov.uscourts.cand.369872/gov.uscourts.cand.369872.735.0.pdf" rel="nofollow">https://storage.courtlistener.com/recap/gov.uscourts.cand.36...</a>From Zuck:Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . . Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.From Danny Ferrante (FB Data Scientist):- We developed "kits" that can be installed on iOS and Android that intercept traffic for specific sub-domains, allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage (i.e., specific actions that people are performing in the app, rather than just overall app visitation). This is a "man-in-the-middle" approach.- Our plan is to work with a third party—like GFK, SSI, YouGov, uTest, etc.—who will recruit panelists and distribute the kits under their own branding. We already have proposals from several of these providers.- The panelist won't see Onavo in the NUX or in the phone settings. They could see Onavo using specialized tools (like Wireshark).

评论 #39860404 未加载

advael大约 1 年前

Gonna give it like two weeks before tech bosses posit that users don't have a reasonable expectation of privacy in their private messages

评论 #39859135 未加载

评论 #39859254 未加载

_tk_大约 1 年前

Two things are truly horrifying if this is true. 1. Just how normalized this behavior has become in Silicon Valley upper management circles. 2. That this has not gotten out earlier. Hundreds or thousands of employees at both companies could have reported this to the FTC or elsewhere.

评论 #39859297 未加载

评论 #39859259 未加载

staticautomatic大约 1 年前

Cue the FCC for yet another toothless Meta consent decree.

评论 #39859257 未加载