> As the screenshots below illustrate, the Facebook GDPR popup requires users to go into “Manage data settings” to turn off ads based on data from third parties. If the user simply clicks “Accept and continue”, the setting is automatically turned on. This is not privacy by default.
Beautiful! A minimal demonstration of a clear violation of the principal of data protection by default (article 25 of the GDPR).
It will we really hard to talk oneself out of this one.
That flow was really scummy. I remember going through it.
The entry point was an email claiming you have to "read and accept the updated policies in order to continue using the site". And the first thing you're presented with was that two-choice "Manage data settings" / "Accept and continue", implying for the user who is less than extremely careful that if you don't "Accept and continue", you won't be able to use the site anymore.
It's only after that modal that you're presented with the updated T&Cs which you indeed need to either accept or delete your account.
And of course all the various things people have noted:
- A red dot in the fake-header to make you think you have pending notifications
- A complete disregard for "privacy by default"
All this right after Mark testified in congress saying "no we used to be bad and we made mistakes but now we really care, you see".
For a site that despises transparency, Facebook has never been so transparent about how little it gives a crap about its users.
I have some friends working at Facebook who will probably read this and be upset I think so little of their place of work. Folks, I have a huge respect for some of the excellent work that goes on at Facebook, especially in open source. But that doesn't change how scummy the core site itself is.
By staying at Facebook your friends are explicitly supporting these and other scummy actions. They have decided to hold their noses and prioritise themselves over humanity.
some people work for charities, some people work for facebook. the employees make the company, and are complicit if they don’t react harshly to decisions made by their board like google employees did... if nobody wants to support the scummy tactics that “the company” is pushing, it won’t get done. sometimes you need to have a spine to get anything changed otherwise we are just heading for a blade runner distopia, and we in the tech industry are pushing us there as fast as our pay cheques can.
people quit google over the military project because they didn’t agree with it. i don’t think it’s crazy to do the same over facebooks disgusting manipulation of their user base.
I don't think it's crazy either, I just think it's totally inappropriate to tell people to think less of their friends when they don't have the full context.
There's a lot of FB employees on HN and I wager a lot of them know how scummy their employer is. Yes, many are staying for the paycheck (and because leaving a job isn't an easy thing for everyone), but I know several who are staying because they feel that their position is where they can produce the most good for the world.
Similarly, I know many people in politics who despise who/what they work for, but keep at it because that is where they can make a difference.
It doesn't always work. But it also doesn't make me think less of them. At least of the ones who aren't staying because of the $.
No, they are not producing any kind of good for the world, never mind "the most".
For the users, Facebook is just a means of communication, among many others. If it disappeared tomorrow 10 different platforms would replace it and the level of goodness in the world might even increase.
Doing good is probably the lamest, least truthful excuse for working at Facebook, goes to show how self-deluded people can be.
What if you are working at Facebook on improving Linux's network stack for example? Sure, if you have the skills to do that, you will find work very easily. But is it easy to find a job that would allow you to make these kind of contributions?
> but I know several who are staying because they feel that their position is where they can produce the most good for the world
Do you think Facebook is a net positive for the world? Borderline, or overwhelmingly?
To be clear, I'm not asking whether some people get net benefit out of it, I'm talking about the net overall effect on society and the individuals within it.
Personally, I believe it is causing tremendous psychological damage, and that anyone that works there is a contributor to that end.
I believe Facebook, overall, is a net negative. But that doesn't mean it doesn't have its own positives.
Sticking to the "net positive / net negative" terms, imagine Facebook contributes a number of positive / negative points to the world. Now the sum can be a net negative, but that doesn't mean some line items aren't positives.
Where do you work? Is your company flawless? Are you a contributor to every single one of its misdeeds merely because you work there? This isn't an easy thing to answer for everyone. I think it's certainly a question more Facebook employees should ask themselves though.
That is what net means, there will be positives and negatives which contribute to the net. For the record I agree with you, I think Facebook is overall negative but not by much, there are very strong positives.
I agree, you can't say that to someone to just drop their friends because the company they work for is evil. Hell, I'd actually like to see where all the people calling for this work — them lets see if we can hold their companies to the same light, and if they would actually be willing to quit. I'm saying this a non-facebook user for a number of years, this sounds pretty ridiculous to expect.
Except for the "think less of them," part, I don't think it's inappropriate -- we all get to vote every second of the day for the companies that rule our world. We vote with our wallet every time we buy even the smallest thing, and we vote with our clicks when we choose to use web services.
It is far from the most extreme of social changes that have occurred in history to suggest people stop using a particular company's tools.
I think people at Facebook do have some moral frustration and consider leaving from time to time. It's simply impossible, especially in these times, to avoid asking oneself the moral question of the consequences of my own actions when they affect billions, even if the aim is as innocuous as to hook up the user for some time longer. Nevertheless, I agree that judging them from the outside is quite difficult as we don't know the full context.
Superior orders, often known as the Nuremberg defense, lawful orders or by the German phrase Befehl ist Befehl ("an order is an order"), is a plea in a court of law that a person—whether a member of the military, law enforcement, a firefighting force, or the civilian population—not be held guilty for actions ordered by a superior officer or an official.[1]
The Nuremberg defence is widely regarded as invalid.
There's a difference between working at Facebook actively being involved in the creation of such scummy designs, dark patterns, etc; and merely working on one of its open source libraries. Facebook does do some good and comparing what they're doing to war crimes ... does that really help?
I think that's a distinction without a difference. Facebook doesn't have engineers working on open source libraries because they want to do good in the world, and those other people working on scummy designs and dark patterns just didn't get the memo. They do open source work because:
* The projects directly help their business operations; those engineers might be doing the same work, anyway, even if Facebook were zealously closed source.
* Open source work gives the company image a boost in the minds of potential employees. This expands the labor pool, reducing the wages FB needs to pay, and helps give FB access to talent it otherwise simply could not have. In this case, hiring engineers to work on open source projects is little more than a PR campaign targeted at people like you and me--and it's clearly working on you.
The "good deeds" of their open source work are entirely accidental; the whole point of employing engineers to work on open source libraries is to help their business, which is inherently exploitative.
I agree with lancewiggs: by working at Facebook, your friends are aiding and abetting one of the most unethical and socially-dangerous companies in modern times. Think less of them.
> By staying at Facebook your friends are explicitly supporting these and other scummy actions. They have decided to hold their noses and prioritise themselves over humanity.
> Think less of them.
Given their explicit support of scummy actions and not humanity, do you feel Facebook employees should be punched, in the defence of humanity?
That's a horrible metric to apply measuring 'human worth', whatever that is. Humans are by default wired to do what everyone else is doing. Just using Facebook because everyone else is doing it as well is what humans do. They flock to the communities and forums where the action is. They cannot comprehend graph theory intuitively and what power Facebook potentially wields in interfering in their lives.
Governments are supposed to protect people from threats the masses cannot comprehend. Like example taking care of vaccinations.
Facebook will never care about Privacy. People like Zuckerberg are scum, and deserve jail. As an individual, I really do NOT want to live in the same society as this kind of person.
I noticed Twitch is doing the same thing, if you "manage your choices" you get the banner to "manage your choices" on every page load, the only way to get rid of the banner was to "accept" which accepts everything. (I hope it was just a 'bug' but it didn't feel like it.)
I don't get it though, if companies are so scared of being fined 4% of revenue that they put up these banners, aren't they inviting the worse end of the punishment scale by trying to weasel around the law rather than just ignoring it completely?
The worst offender I've encountered is imgur.com, where "click here to manage your privacy settings" brings you to a page with literally hundreds of advertisers.
About half are on "allowed" by default. If you want to disallow, you have to select each entry individually.
The other half only specify "requires opt-out", apparently imgur expects you to contact some third party to do so.
How on earth they expect to weasel around the law with this ham-fisted approach is beyond me.
>How on earth they expect to weasel around the law with this ham-fisted approach is beyond me.
They reckon, perhaps correctly, that almost all websites weasel around the law and only very few of them will ever be fined.
Privacy activists will go after the big fish first and there will be time for the small sites to correct course once it becomes clear what is and isn't permitted.
I would absolutely not expect good behaviour from them with respect to advertising, including but not limited to tracking.
That site was the final bail of hay that had me install ad blocking measures at the network level. Too often their advertising partners would attempt pop-ups, drive-by installs, gaining access to microphones, and other arse-hole-ery.
For myself I can just stop going there, but there are others in the household that wouldn't have done and I didn't want the job of cleaning their machines is something did get in. Of course my other option is add imgur.com itself to a malicious sites list so it'll be blocked completely at the network level...
Same goes with Tumblr and Yahoo for example, where everything is enabled by default and you have to go one (I'm not talking about 10-20, it's more like +300) by one to enable the tracking done by advertising/marketing companies.
One of the better thing is, though I don't want to advocate the behavior of auto opt-in at all, that most of these sites are at least using something like TRUSTe or Oath, where you only have to disable hundreds of marketing services once and are done with all the sites, which are using the same service for cookie consent.
It's against the law to make the options opt-out but these companies are still trying hard to don't obey by the law, it's really comical.
The paper deals with this, it even says this gives the users the false impression of control. I remember this weird pop up if you allow Facebook applications of friends to access your information. It was never really clear if you agree or disagree to it by checking the check boxes.
> This is the most blatant malcompliance with GDPR IMO, when will data protection authorities start fining FB?
The GDPR fans on HN have said over and over again that GDPR wouldn't result in instant fines, that companies would be given a warning and an opportunity to make changes. We'll soon find out if that's true or not.
Well, it has something to do with acting in good faith too. Not respecting GDPR because of an oversight or even laziness is likely to be met with warnings.
But blatantly violating it on purpose (this is no question: these companies have specifically claimed they implemented these obviously non-compliant processes because of GDPR) should not warrant any goodwill on the part of authorities.
facebook made their changes, and failed. they’ve played their hand, now it’s time for the law to tell them what utter bull it is. do you think facebook is going to change anything from now?
the point of “no instant fines” is to give companies a chance to change and develop their GDPR systems. if those systems are both complete, and in violation, why shouldn’t they be fined?
That is yet to be determined by the regulator and the courts. Facebook has made their changes. Now someone will complain to the regulator. Then the regulator will make a determination and maybe ask Facebook to make further changes. Then Facebook has another opportunity to comply. If they refuse to make those changes they will get fined and can go to court to fight the regulator's decision.
At least that is my understanding of how this system works.
The GDPR doesn't specify anything precisely. Facebook made changes, they clearly do comply with the GDPR because the GDPR gives much leeway in how it's interpreted.
But there's a deeper reason why the EU fining Facebook would be a deep demonstration of malaise, incompetence and greed. From the report:
Research has shown that most users will never look at, let alone change, the
default settings.
That's right, and you know why? Because users don't care and never did. This entire privacy crusade is made up out of whole cloth, by the EU, to obtain power and money. These foolish governments constantly demand more and more controls, consent agreements and so on and the users constantly don't use those new controls and always consent because they were perfectly fine to begin with.
There are no dark patterns. There are no evil conspiracies. There are only users, who enjoy broadcasting every detail of their lives to their friends and sometimes the world.
So it turns out they were right - GDPR went into effect a month ago, Facebook didn't comply (and many other companies either, not offering privacy by default), and nobody paid any fee.
Wait, what? Why would you expect fines being levied within a month of the directive going into effect? The process from a first complaint to a payable fine probably takes a year or more.
"To personalise content, tailor and measure ads and provide a safer experience, we use cookies. By tapping on the site, you agree to our use of cookies on and off Facebook."
Agreeing to something by tapping anywhere on the site doesn't sound enforceable...
> It will we really hard to talk oneself out of this one.
I'm reasonably sure they knew it's a violation. So it feels like they're either prepared to fight over it, or testing the ground to see what the consequences are... After all, I would have guessed that they're in for major losses in ad revenue if most people sign out. So it's worth almost any risk.
> As the screenshots below illustrate, the Facebook GDPR popup requires users to go into “Manage data settings” to turn off ads based on data from third parties. If the user simply clicks “Accept and continue”, the setting is automatically turned on. This is not privacy by default.
Beautiful! A minimal demonstration of a clear violation of the principal of data protection by default (article 25 of the GDPR).
It will we really hard to talk oneself out of this one.