FB is a company with a completely rotten top-down culture. Nothing is going to change until a huge set of executive leadership swap, or they are forced to by mean of legislation.
After apologizing thousands of times, they internally justify each of those breaches by rejecting the fault to "users" or other external factors (source: several friends working at Facebook, and reading public tweets of Facebook leaders).
The culture there is inherently anti-privacy and whoever fundamentally disagree is about to leave or has already left.
Not just that, the top-down structure is shaped after a cult of personality.
Talking to my friends who work at Apple, FB, Google, Amazon and others, facebookers are the only ones who seem to be willing to defend their leader on a personal level, as if they had a dear friend being attacked.
My other friends couldn't care less if someone criticizes or attacks Bezos, Tim Cook, Sundar and so on.
The only other company I can think that behaves in the same way is Tesla with Musk (well, an Apple with Jobs in the old days), but the key difference is that most Muskians don't seem to work for Tesla, and the folks I know at Tesla aren't actually obsessed with Musk.
Have to agree. I've observed that there seems to be some hero worship in Facebook that employees use as justification for continuing to work there or being inspired to work only in Facebook (not anywhere else). The same process is also used to brush off every wrong that Mark Zuckerberg himself brushes off and/or apologizes (insincerely) for the millionth time.
It almost seems like a reinforcing self-selection mechanism is in place for such hero worship.
Maybe I am way off base, not knowing enough about these companies individual cultures, but
What I see from Apple, FB, and Google is too much optimism and belief in good. They arent cynical enough. "We are doing this gray area thing in a good way, and what we are doing WONT be used for bad." Its either sheer willpower of the leadership to force this culture OR its cognitive dissonance, OR its a lie and manipulative means to an end. In some way, I do believe Mark delusionally believes his "bringing the world closer together" so much so that it causes him to not think critically enough about how many people benefit from conflict and divide.
Apple takes a cynical approach to privacy, but an optimistic approach to the value of walled gardens.
Facebook takes a cynical approach to security and uptime, but an optimistic approach to evil social use. They default to "most people are good, and the few bad ones can be silenced. We can do this through AI and some eyeballs." Facebook, like many other companies is also WAY TOO OPTIMISTIC about people reading popups. People forget acknowledging something by the next day. People want to play a quiz, they are conditioned to click next next ok until they get to the quiz. Facebook vastly overestimates the majority of the populations care in knowing: is this safe to click, what are the consequences of clicking, do I know what I am doing, do i know how this works, do i care. You can honestly tell me that 99% of the world population understands what installing an SSL cert on their device actually does?
I think defending Mark amounts to people BELIEVING that the work they do WILL BE used for more good than bad. And people who distrust Facebook's competence care more about how tools can be used for bad than good. And so if you believe that youre building something that COULD be used for bad in the wrong hands (or you believe a competitor could build a more evil version first if you dont,) but believe you are the right hands to execute it in a positive way, you obviously are going to defend the leadership that vocalizes and spreads that belief among the workforce.
Apple would do good to give up a little on vendor lockin. Their turning point was iTunes being available on Windows. Microsoft, Google, and Facebook have all come to terms with making their best products run on all platforms. Homekit could be a good start. If spouses are split Apple/Anrdoid, they should both be able to manage a smarthome equally. Apple should be releasing killer apps that function fully on other platforms, but have some added benefit when run on their more integrated os.
Facebook would do good to stop believing that speech is good by default, and focus on amplifying "good" speech, instead of spending monumental effort to downrank "bad" speech. Facebook needs to let go of its cognitive dissonance, where it believes sharing twerk or fall viral videos equates people sharing their personal social experiences with close friends. Facebook may need to give up on its belief that one platform can function all as reddit/youtube and craigslist/vacationbabyphotos.
(As for google, they are way too optimistic that their org structure will support building and launching a product, and then iterating it. No one with any semblance of historical context trusts them anymore after reader/allo etc.)
Same here! The two terms I've heard describing the cultists so far are Muskians and Zuckerboys (and we should also include Zurckergals and Zuckerfolks).
This is mostly a millenials thing. I don't know why young people are fixated with the Zuckerbers and Bezos of the world. Did I miss something the past 15 years?. I'm in my 40s
Having idols is a young people thing. Young folks just didn't used to attach to business leaders as much as they do now. When I was a kid, typical idols were music stars, actors, sports stars. The Internet created a new category of success for young people, and therefore created a new category of idols for young people.
Geez, we are lucky the Koch brothers build their empire before the social media was a thing, otherwise they will be also considered "influencers and trend setters"
Result of a lack of community, friends and local family support system. Work has become Church, the CEO head of the flock, your role becoming your identity, bowing at the alter of RSUs and total comp.
That sounds like sampling bias rather than a real generational trait. Corporate culture like this isn't universal but it goes back to before many millennials were even born. It's become stronger in cases where it's part of the justification for extremely high compensation but it's an inevitable failure mode for human social systems.
This is probably everyone and their dog have an irrational belief that Zuck is a comic book villain when in reality he's just a regular old capitalist.
They think they can keep using an apology tour to dismiss all past misdeeds ("we have work to do"). It looks silly at this point and completely incompetent.
> source: several friends working at Facebook, and reading public tweets of Facebook leaders
The people I know at Facebook have been resorting to whataboutism (everyone is doing it, look at the Google app doing the same thing, for sure Apple is also hiring market research firms who do the same thing, why aren't you concerned about AT&T/Verizon, etc etc)
To be fair, whataboutism is rampant here too, on Reddit, and basically any forum with company fans. Any time a “Company A does something unethical” article comes up, people will always come out of the woodwork to defend with “Well Companies B and C do it too!”
I understand how FB was not using Apple's enterprise development program in good faith. Apple clearly has a right to do what they did.
I don't understand why FB is in hot water with the public for what they did. Users were informed that data collection was taking place and they were compensated for it. Now, was it wise on the users' part to join this program? Perhaps not, but last time I checked this is still a free country and people can sell their property for as much or as little as they want.
On NPR this morning I heard the argument that a lot of the detail of what is collected and how it is used is buried in the T&C. So what? Have we lost sight of personal responsibility? How naive are people? If you are getting something for free from a large corporation you're not getting it out the kindness of their heart. They are making money somehow. That is how the world works.
Panic, moral or otherwise, about this sort of stuff is going to push the tech industry into realm of regulatory capture. Well funded companies will be able to afford and absorb compliance costs where small bootstrapped startups, lifestyle businesses, and indie developers will be pushed out of the market.
I think the issues are:
- they were collecting data from users who were below legal age for responsibility and/or local laws about collecting data about minors.
- The general public know very little about everything. Companies have a moral duty to not only educate their users but also to not do wrong.
Personal responsibility is a flag many people wave but it's a farce. That argument can be used for anything, from seatbelts, to smoking, to privacy. It is impossible for everyone to know enough to make informed choices about EVERYTHING. There is a need for societal organisations (governments, NGOs, responsible journalism) to provide guidance to the public and legal limits in order to provide protection to the whole.
How interesting that you would choose as your examples "seatbelts", "smoking", and "privacy".
If you print in large letters on every pack of cigarettes, "SMOKING KILLS" and people still choose to smoke, should a benevolent government be allowed to prevent an individual's poor choice?
Right now, we allow the sale of cigarettes and prohibit the sale of raw milk.
Don't you see any room for personal responsibility? None?
Smoking is an interesting example because the negative effects aren't just confined to the individual. Smoking a cigarette is the atmospheric equivalent of peeing in the pool except it also causes cancer and other health issues. Maybe it's actually an important example because it's an undeniable illustration of 2nd order effects, which are less pronounced in other cases but probably still exist.
And "any room for personal responsibility"? There are plenty of domains of behavior that aren't regulated; there's a whole world of choices individuals are responsible for alone.
Various forms of regulation regarding smoking, seat belts, and yes, even raw milk are all working in areas where limited human capacity for evaluating risk meets deadly consequences. Privacy is arguably different since it's unlikely to be directly deadly, but it does meet risk evaluation limits and adds in that incentives of 3rd parties are against individual incentives, and many of those 3rd parties have incredible resources available to them in order to obscure behavior and subvert protections. A collective response is a reasonable one.
Privacy also meets your test for “second-hand” negative effects. You can be a monk, but someone snapping a picture and writing up a post can destroy your privacy as well as using the service yourself. More realistically, you can use FB for the bare minimum, but if your friends and family use it a lot, your privacy is gone again.
Some of the people using the Facebook spy app in this case were as young as 13 -- with "signed parental consent forms".
What do you think would be the proper response to a store selling cigarettes to 13-year-olds as long as they had a parent's signature? I think we'd still step in and stop them. The government can even revoke their license to sell tobacco to anyone in that case.
There's no "personal responsibility" at issue here. Our society has decided that 13-year-olds aren't old enough to give consent. I suspect there would have been less outcry, and for a different reason, had everyone involved in this issue been above the age of majority.
I'm eagerly waiting for Facebook to release T&C with terms as simple as "SMOKING KILLS". Yes, companies have to cover their asses and legalese is complex, but I'm assuming that nothing prevents them from having simplified, non-binding version of T&C available.
Isn't it something that more legalese in T&C could solve? Or a huge warning before simplified terms? I think I've seen few companies publish simplified terms, but I'd have to search for the examples now.
I'm not sure seatbelts/smoking are the best examples, because the negative consequences are quite clear and understood by most of society. I've never met a smoker that continued to smoke under the assumption it was good for them.
The consequences of privacy violations are much more nuanced; most people don't understand how data they enter onto a website will be used. And it's clear a lot of those companies want to continue to keep people in the dark about it, because it would likely freak them out.
Wow, what a condescending view point that people can't possibly think through things on their own without other people making decisions for them.
1. Parents need to monitor their child's Internet and phone activity. Why is it FB's responsibility to do that for them?
2. Smoking, seatbelts, and privacy are all personal choices that people should be able to make for themselves. You don't need to know that much to make an informed choice. It's called common sense and it is something that is disappearing and with it so are our rights.
> Wow, what a condescending view point that people can't possibly think through things on their own without other people making decisions for them.
...
> Smoking, seatbelts, and privacy are all personal choices that people should be able to make for themselves.
There is a legal minimum age for purchasing cigarettes. Most states have laws requiring the use of seatbelts. So why shouldn’t some power, be it governmental or corporate, push people towards protecting their privacy?
If you’re going to cherrypick counterexamples to the idea that people can think things through and make the right decision for themselves maybe try picking, ya know, counterexamples?
Monitoring internet activity is FB’s business. That’s how they make their money. That’s the product they sell to advertisers. Since this is their product they have responsibilities in this regard, no?
If I let you monitor all of my internet activity then no big deal. There are no society wide consequences from this. If a company the size of Facebook can do this then there are society wide consequences. Some of those consequences are good and some are bad. We need to mitigate the bad consequences. This is analogous to the mortgage industry problems back in 2008. If I make a bad loan to you no big deal. But if I make millions of bad loans that can wreck the entire economy then there’s a problem that society ought to mitigate against.
Actually I'm really happy that I was informed from my young age that smoking decreases my life expectancy. I never smoked in my life (except once-twice for trying it out).
I wish I knew this for air pollution as well, as I didn't care about it, and now I'm feeling the consequences every day.
Just the fact that smoking can lead to cancer is a recent development that improved the lives of so many people, it's statistically significant in the average life expectancy of the human race. But to get here it took fight from many researchers, regulators and non-profit organizations. This has nothing to do with common sense.
One more thing: have you seen the video of the child who's smoking at 2? Is he doing it because he's lacking common sense?
I generally agree but a couple times in the last few weeks I have had friends and family make comments about ditching facebook, and neither is at all technically inclined. It's possible that the message is making it to regular people, and once that ship sails there is no bringing it back into the dock.
Everyone I know who is not in tech has already dropped out or only uses Instagram. (I know Facebook owns Insta) I think Mark knows how useless Facebook is to people which is why he is aggressively trying to maximize his profits and still using really dumb PR tactics. He has been milking the idiots and kids for years, whats another 3.
another perspective: FB's big mistake was paying these users too little.
if FB had paid, say, $2000 a month instead of $20, the users would have been angry at Apple for forcing such a program to stop. FB would look like a force for good.
There are so many places on the world where $2000 a month is more than most people get. Of course they didn't pay that much. I would probably consider it seriously given that currently I get about $800 and that is still considered average.
But that's a great example! If FB were paying you $2000 a month as a participant in this FB program, and then suddenly Apple made it so that FB could no longer operate this program -- would you be unhappy with FB or with Apple?
But paying such a large amount would certainly draw more attention to the program itself? It might have caused a ruckus earlier and be shut down in the very early stages by Apple. At that point it might not have affected that many people and not so many people would be angry at Apple.
I believe the amount was a way of treading a fine line between being a significant amount for the targeted audience, but not too much to attract too many people.
They did not make it clear that this app could bypass SSL. I've talked to numerous people on reddit who installed the app thinking that they were safe because all their communication was encrypted, not realizing that the whole point of the app is to bypass encryption.
> Have we lost sight of personal responsibility? How naive are people?
How can you blame this on personal responsibility when you need a law degree to understand the terms and conditions? Like many here I am intelligent and educated and I have an extremely difficult time understanding the legalese the T&C are written in. The average person would have an even harder time if they bothered to read it at all. Some lawyers have spoken out that they have a hard time understanding these agreements.
I would argue that there is no way any reasonable person would think the users were properly informed. You can't be properly informed when you have little to no chance of understanding what you're agreeing to without at least one lawyer.
As an EMS provider, the parent part trumps the consent part. It's a little different for us, as "emergent care" is certainly different from elective care.
> In 30 states that minor parent can consent for their child, even though they would not be able to consent for the same procedure for themselves!
If I had a nickel for every time someone appealed to "won't someone think of the children!" as an excuse to add more regulation and to squash individual rights and responsibility I might be able to afford one of Apple's iPhones.
This isn't a "won't someone think of the children" moment. Facebook targeted people who are not legally able to give consent and join in a contract, to try and get them into a contract. The same ethical and legal issues would exist if Facebook was targeting severely mentally disabled people who cant legally consent to a contract
I don't think most people would have truly understood how much control Facebook had over their phone with the access given. It's not as simple as "the user clicked 'I consent,' so it's ok." For better or worse, we have become conditioned to clicking "I agree" because we are bombarded with hundreds of pages of legalese to use anything these days. I don't think this absolves companies from acting ethically.
> Have we lost sight of personal responsibility? How naive are people? If you are getting something for free from a large corporation you're not getting it out the kindness of their heart. They are making money somehow. That is how the world works.
We can argue about this particular instance, but I think your argument is pretty flawed; it seems to imply that if I agree to a deal with a company, I can't be upset about ANYTHING slipped into the T&C. It really depends on what it is.
Yes, these people expected to trade some information for money, but it isn't naive of them to expect some reasonable limits to what they were collecting.
Although you may be technically correct, it doesn't matter.
People don't read T&C, and they don't like having companies spy on them like this. If companies won't be up front about their data collection (and burying the notice in a T&C isn't being up front) they'll just have to suffer the consequences when people find out.
Being glib, maybe Facebook and its employees (not the users) should stop being so naive. People aren't going to be happy when they fully understand what's been happening under the cover of "you agreed to the T&Cs", and it's Facebooks own fault. That's why this sort of news makes people happy in a perverse way. Facebook is a net negative to society, and it's funny watching bad things happen to the company.
I don't understand why this is all that controversial either. Is it really any different than what Nielson does with set meters to capture people's TV watching behavior?
I mean, doesn't it depend on what they are collecting? If it turns out that Nielson slipped something into their T&C that says they can turn on a listening device and listen to conversations in the house, it would be just as troublesome.
There are limits to what is reasonable in these sorts of deals, and if you are asking for something that most people would think is unreasonable, you better make it very clear when someone is signing up. You can't bury it in the T&C.
Yeah, I guess it all depends on whether or not the participants knew what they were signing up for. If Facebook said install this we will pay you to monitor your location, internet traffic, and app usage then there really shouldn't be an controversy (other than the Apple terms violation). Do we know for a fact that this info actually was buried in their T&C though?
FB has opened themselves up to a world of hurt in this endeavor. The copious privacy issues aside, the is an easy question of 'what happens when...' that I cannot fathom how their legal counsel overlooked.
For example: One of the persons that they were closely monitoring decides to harm themselves or others in a somewhat 'newsworthy' way. Think the plethora of young people with access to certain classes of firearms. A contrived set of circumstances could exist where that young person could have been stopped by the monitors at FB, yet was allowed to continue all the same, through the sheer stupidity/negligence of FB. Though this is only one scenario, there exist many others; I think anyone can come up with at least a dozen in under an hour.
Yes, the T&Cs 'cover' their asses in these events (morality be damned), but there are loopholes upon loopholes that can be quickly found when the camera crews start swarming and saying 'oh, but the kiddos!'.
Whatever legal counsel is at FB these days is too cavalier; they may be thinking that they can just throw a firm's worth of lawyers at any problem and bankrupt the opposing party. This is a very grave mistake. I suspect that any competent/moral lawyers have up and left by now, leaving only the amoral/incompetent attorneys that are just fine suckling off of FB. The evaporative effect is in full force at FB now (the Elves have left Middle Earth [0]).
Implying that individual people can keep up with legalese written in an intentionally misleading way by teams of lawyers is crazy. Especially when seemingly every single company and sale is treated like that.
It is effectively impossible for an average person to understand every agreement you need to make to be part of modern society, and that is by design of the companies
> people can sell their property for as much or as little as they want
This is correct, and when you figure out a way for people to sell only their data to FB/whoever, I will be right onboard, but while companies like FB are sucking in as much data about me as they can, in ways I can't control, I will have to disagree with you strongly.
I don't buy the personal responsibility argument here - most technology companies (Apple included) have extremely dense EULAs or T&C documents that are often designed to confuse, rather than clarify. Root access might be something that most people on HN understand without explanation, but my teenage sister likely doesn't.
> If you are getting something for free from a large corporation you're not getting it out the kindness of their heart. They are making money somehow.
Facebook always lead with how they're a "community". They make their money from ads. But that never leads. Facebook isn't sold as a place where you see ads - it's a place where you "connect with friends." There's a sophisticated business that 13 year olds might not inherently understand.
It's related to what we already know about Facebook: They are willing to bend the rules and engage in questionable behavior.
They were happy to violate the terms of Apple's enterprise development program. Yet another display of disrespect. So how can the public trust Facebook with their data?
It’s really hard to not be brought joy by Facebook being kicked like this. But on a less emotional level, if one wants to change Facebook culture and behavior, it’s hard to see causing a lot of individual employee pain (in addition to the business as a whole) as in any way a bad thing.
Especially as this causes frustration for Facebook employees that directly stems from Facebook’s misconduct, rather than holding Facebook customers hostage.
I agree. It was individual employees who violated the agreement - if it makes Facebook employees actually think about their actions then overall it’s a good thing.
It’s gotten to the point where I start to ask myself - if you work or Facebook, are you a good person? My personal opinion is that you might be, but you are likely are not.
One wonders what actually would effect change on the part of Facebook. Clearly the market doesn't care about the ethical lapses beyond the major initial headlines.
The truth is that Facebook wouldn't be able to get away with a lot this if they didn't have an incredibly talented engineering division. And even though most individuals aren't making these terrible decisions, they definitely support them through their work.
If Facebook becomes an unattractive destination due to the social cost of working there, that might bring about change.
"It was individual employees who violated the agreement"
How do you know this? Facebook invested well over a hundred million dollars into this particular app, I would have to hear some very compelling arguments to see this episode as "misconduct of individual employees".
That being said I agree with the stance on thinking before doing, it's just that I don't believe that Facebooks operational conduct is rooted in individual employees, but rather in their company culture, values and leadership.
I don't think that's the parents point, but instead that inside the "blob" Facebook individuals have made the decisions, and bear direct responsibility for what happened. "Company culture" doesn't absolve the individual.
I have been saying for a long time that out industry needs an ethical code of conduct. And employees who willingly work for companies acting unethically should be shunned throughout the industry.
Imagine a world where people knew that having Facebook or SCO or Palantir on your resume meant automatic rejection by any company subscribing to the code of conduct. Unethical companies would face huge pressure from their own workforce to clean up their act.
This reminds me of the saying way back in 2016 American elections:
“If you vote for Trump, it doesn’t mean that you’re not a good person, but it does mean that someone being a bad person isn’t a deal breaker for your support”
I think that sentence could start off with “If you work for Zuck...” just as well.
Or the person is not 15 years old, and doesn't believe there are "good persons" in politics, or that the alternatives (in GOP or Dems) were better people.
Or the person goes even further, and doesn't believe the puritan tenet that "good person == good politician". There were excellent politicians that were bad in their behavior, and vice versa.
E.g. the person might care more about not encouraging a hawkish member of the establishment, that continued to beat the drum of American supremacy and threatened even more wars and tension coming on (e.g. with Iran) -- compared to merely voting someone who is e.g. sexist (as if that matters for the kind of decisions a President takes).
Being sexist doesn’t matter for the kinds of decisions a president makes? Excuse me? Supreme Court justice nominations, for instance?
In fact, the Supreme Court invalidates your entrie argument, because guess what: I want people I think are “good people” to be in charge of interpreting the constitution. I think everybody can agree with that.
>Being sexist doesn’t matter for the kinds of decisions a president makes? Excuse me? Supreme Court justice nominations, for instance?
Yeah, it doesn't matter. Worse case you get more male justices. What do you really expect will happen? Some justice will be unpointed which will undo women's voting rights or equality laws?
>In fact, the Supreme Court invalidates your entrie argument, because guess what: I want people I think are “good people” to be in charge of interpreting the constitution. I think everybody can agree with that.
Well, I don't agree with that. I would not care less if one of my "constitutional interpreters" drinks, takes cocaine, or has extra marital affairs for example. I only care that the direction they take the law is good. There have been legendary lawmakers and politicians that had all kinds of personal vices.
Then again, I'm not American, so I don't have the puritan trait. You guys managed to have a problem with the personal life of MLK too. Nobody in Europe would even think to ask such a BS question:
Given that’s exactly what has happened, yes I do think that’s what would happen. I’m sure even as a non-American you’re aware of Brett Kavanaugh and his potential effect on abortion law.
And I don’t care what they do in their personal life either. I care about how those things will effect they laws the pass: if someone drinks and does cocaine and has extramarital affairs, but doesn’t fuck over women/minorities, I’m all for them. If someone does the opposite, I’m against them.
> sexist (as if that matters for the kind of decisions a President takes).
Considering that the President has an powerful role in all federal legislation, an even more powerful role in federal regulation, and can appoint like minded people to a variety of positions (including, but not limited to, the federal judiciary) that have extensive influence and whose terms extend beyond his own, yeah, bigotry—whether based in gender, race, religion, or whatever else—in that office matters quite a bit.
I know good people working for Facebook, but it does make me think "After everything you know about Facebook, the fact you would still work there, makes me respect you a lot less"
This is true, but doesn't mean what most think it does because it doesn't address knowledge/belief about whether someone's bad. Someone could vote for Trump because they're an idiot. To an extent that's true of working for Zuck as well, except that Facebook has a much more rigorous interview process than the White House. While it's not good to be an idiot, it's not the same as being amoral and I think that's what most people read in the original statement. Consider these alternatives.
"If you vote for Trump and know he's bad..."
"...it does mean that the possibility of someone being a bad person..."
Google shat themselves and unpublished something similar and apologized heh.
I wonder if Apple has done a tremendous favor to web applications because in hindsight letting Apple (or any of these companies) have a company-wide on/off switch for your own apps like that is a bad idea.
Wow, good find. Apple should absolutely be revoking Google’s certificate as well in this case.
But they use the enterprise certificate for their external “research” apps, because they are doing things on the device (using internal APIs) that an approved app is not permitted to do, and that is certainly not possible through the web browser.
Of course their internal-use apps could be WebView almost certainly.
Right. I love hating on FB as much as the next person but the stronghold Apple has over the hardware is absolutely unreal. Imagine buying $10M worth of iPhones every year for your workforce and then Apple pulling your critical software because there's no alternative way to side load apps for the market research department. Which, by the way, might be a bit scummy but as far as I can see theres no indication they have broken any laws there either.
FB can still side load apps all they want, they just can't do it on an enterprise scale like they currently do because they've abused their enterprise agreement.
This is not different than abusing (say) Microsofts MSSQL to host on a 10,000 core machine when you have a 2 core license.
"Who really owns the phone" is a misnomer, because you've licensed the OS. The physical hardware is of course yours but the OS remains property of Apple, your data remains the property of you. This is especially clear if you take the time to read the EULA. (Although EULA's have questionable legality in many parts of the world)
It’s a very good point that a less efficient way to side load apps onto an iPhone exists.
The enterprise cert program and associated software and infrastructure allows efficient internal side-loading under specific licensing conditions. If you break the license you don’t get to keeping using the product just because you bought the hardware that that licensed software happens to run on!
It shouldn't involve the same review. Apps internal to a company might break some rules set by Apple, but are agreed to by the employee in question via their contract or consent. The whole point of the enterprise distribution system is to easily distribute apps inside your organization.
Facebook clearly abused the distribution system here.
FB first broke their appstore agreement with Apple (resulting in the app getting kicked out of the appstore), then violated another agreement, which was subsequently cancelled by Apple.
You don't understand what parent comment is saying ... it complains Apple's closed environment not allowing of any apps to be installed in anyone's phone unless app is downloaded from AppStore.
> Apple's closed environment not allowing of any apps to be installed in anyone's phone unless app is downloaded from AppStore
Except the enterprise distribution which is what Facebook fucked up by breaking the rules. You have to try really hard to get that revoked, Facebook did and now they're in a tough spot. This is fine.
I don't think anybody's suggesting that Facebook should be an exception - rather, it would be good if Apple allowed everybody to sideload iphone apps (other than enterprise and developer keys, which are both great for their niche but not general-purpose)
Why does Facebook need to use native apps for employee shuttle and information portal? They could use a web page or PWA saved to the phone's home screen.
iOS deliberately has no notification options available for PWAs and various other shortcomings to push people into the app store. I imagine internal enterprise apps need those.
I don't think anybody is forcing you to avoid the app store? Your love of curated app-stores and other people's love of side-loading aren't mutually exclusive...
If you tell the average user they need to sideload your app to access some free content, they will happily click past any number of scary warnings. I personally would appreciate being able to sideload, but there’s a reason iPhones don’t get laden with crapware in the hands of someone inexperienced with tech the way that desktop computers do. Does that mean we shouldn’t support sideloading? No idea. But there are trade offs.
It is as soon as several must-have apps (say, the ones all your friends and family use to communicate) are side-load only. If they allow other channels to install apps and make them easy enough that non-nerds can do it, network effects will quickly make it de facto necessary to run at least some apps from outside the app store.
iPhone users pay a premium to have a third party evaluate apps before they’re out on the App Store. If they wanted to do the evaluation themselves, they wouldn’t pay that premium.
I would like the ability as well, but I can see the argument against it. If you provide that vector, there will be plenty of people trying to attack it. If you are staking a claim on privacy and security, you want to minimize the number of attack vectors on your devices.
I don't think this ever crosses an iPhone user's mind one bit.
And being a former iPhone dev, they really didn't vet much of anything, it was mostly what the employee was feeling that day that got your app accepted or not. This was back in 2013 or so, so things may have changed, but it really was a coin flip...
That level of control is exactly one of the reasons why I don't buy devices from Apple. If FB think they can use iPhones and mess with Apple's licensing terms they are very delusional. Hopefully this was (another) wake up call for everybody.
FB Employees do get the choice of either 2 Android phones (a Galaxy S9 or a Pixel 3, IIRC) or an iPhone so I'd wager they're just going to make a build system for their iPhone employees to sideload the apps through their internal build process or something.
You can only sideload to devices that are registered in your Apple Developer account, and there's a 100-count limit per each device class (iPhone/iPad, i.e.). This doesn't seem feasible.
Another option is TestFlight, but for devices that aren't registered (so-called "external beta") the app has to go through some App Store review.
Essentially, yes. The OS enforces that an app bundle is signed by a cert that was issued by Apple.
Without going through Apple at all, the only option is jailbreaking, to bypass the signing check. No one's figured out (publicly) how to jailbreak the last two major versions, though, as far as I know (there were some jailbreaks that worked for iOS 11 betas).
Another option still involves getting a cert from Apple, but it's free. You just need to create an Apple ID. The limitation here is that you have to re-install the app (IIRC) every seven days.
It seems the article almost wants us to feel sorry for Facebook.
Facebook are really the Oracle of the "social" tech companies. They are not even pretending to be good or follow rules. As long as cash / clicks / impressions keep coming in nothing is off the table.
Google is struggling with its positive PR image, every time they fall short they are judged by the "Don't be evil" motto and everything it entailed. Facebook doesn't have to worry about such details and it's easier for them in a way. Their shares are going up as we saw recently, CA scandal didn't do much damage, everything is great.
> “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organisation.
Watch them pivot to "these researchers are part of the Facebook family, so their network device are considered part of the internal network's edge, we did nothing wrong".
This is where regulation eventually has to come in, IMO. People like to talk about how the market will solve problems, but per today's posts about Facebook racking up thousands of dollars of credit card charges from 5 year olds and their positive earnings results, the market looks at these kind of things and says "Yep, this is great for our bottom line." Facebook isn't going to fix itself.
Sounds like you might work at Facebook. If so, mild inconvenience or not, I am glad it happened. Going around the terms stated in an agreement to accomplish something forbidden by the agreement is a type of fraud. Fraud is illegal.
People are really starting to hate Facebook these days, and your guys' attitude doesn't seem to be changing much because of it. I, for one, LOVE this, because it means by the time you do recognize your sliding favor among customers, it will be too late for you to do anything about it. You will become the new Myspace, which is exactly what you deserve to be.
If you don't work for Facebook, then none of the above applies to you.
[EDIT:] the parent comment was deleted. The comment stated something to the effect of "It wasn't a big deal, it didn't affect our workflows or production applications."
I completely understand now what my friends at Uber were saying about the Internet hivemind and especially the HN hivemind.
Journalists routinely manipulate their stories to tell the story they want to tell, and right now it’s “Facebook is evil.” You are entitled to your opinion but nothing I or my coworkers do is evil and we would never engage in anything unethical. In a large company there will always be bad apples but to paint an entire company as somehow being a conspiracy is frankly mind boggling.
I would love to turn the mirror on all the haters and see how their lives would be if journalists reported manipulated facts on the worst moments of their lives.
> You are entitled to your opinion but nothing I or my coworkers do is evil and we would never engage in anything unethical.
This is somewhat of a pet peeve of mine, but there are relatively few cases where there is near-universal agreement of what is or is not ethical (i.e. "ethical" is a value judgment); that's why ethics courses teach methods and structures to argue one way or the other.
Your particular case is, I am fairly sure, not one of those "universal agreement" cases. I don't know what exactly you do at Facebook, but a number of people conclude that some or large parts of Facebooks operation are unethical.
Additionally, individual conduct in a larger system is generally not pertinent to the outcome of said larger system. An usual example is people in the Manhattan project not knowing that they are working towards offensive nuclear weapons, and of course various examples related to Nazis, but that may not be the best example when you (the recipient) seem to be trapped in a world of absolute ethics.
Facebook has had countless incidents of violating user privacy and trust. This is just the latest. When a company has the same problems happening over and over across different departments it's clear there's a company-wide problem.
Even without the definitely-evil incidents that have occurred, simply greedily collecting and then hoarding that much information about people is so grossly and willfully negligent as to qualify. The very basis of everything they do is hopelessly tainted.
Yes, that makes an awful lot of other companies—not just tech-first companies—pretty damn evil, too. "Everyone's doing it" and "it's not illegal and is making us money" aren't defenses I accept for this disgusting behavior.
[EDIT] that said, piling on people for working at evil companies is probably unproductive and unfair for many of the same reasons that e.g. boycotts are wildly ineffective, plus such a large percentage of the economy's kinda-evil that the whole thing would get confusing and nasty and kinda pointless. Piling on someone for being delusional about whether their employer is evil, though... well, that's an awful lot less unfair.
> nothing I or my coworkers do is evil and we would never engage in anything unethical.
Don't you see? Everyone who turned out to be evil in the end would have said and felt the exact same way while they were actually doing their evil. People and corporations do the things they do because they feel they have the right to do those things, and that they are justified in doing those things, in virtually all cases. That is the case for people and corporations who, in hindsight, did lots of evil and unethical things as well.
In the future that may very well include Facebook. And every last Facebook employee will claim that they had no idea what was going on, and/or that they weren't a part of the "evil side" of Facebook, or whatever they have to say to themselves to maintain the illusion that they did nothing wrong.
Your actions alone are not what decide if what you are doing is immoral. If you are in the armed services and you assemble or maintain weaponry designed to kill people (as I did in the US Air Force) then that work is arguably evil and immoral. I feel that what I did was immoral, and at the time I would have laughed at anyone that said turning a torque wrench is immoral. I was doing my job. I was tightening bolts to 100 in/lb and I was putting guidance systems onto test equipment to make sure they worked. I was making sure that those devices would kill when someone set them loose. I definitely did not believe that I was doing anything wrong at the time, and I definitely believe that I was in the wrong today, depending on how those weapons are or will be used. If they are used to sate some evil maniac like our current president then I did immoral work. If they are used to keep peace, then I did not. Weapons are rarely used to keep peace, however. Grenades are not peacekeeping weapons. Scatter bombs are not peacekeeping weapons.
Facebook spying on children without consent is not a justifiable action. Facebook working around the language of their agreement with Apple in order to do something forbidden by that agreement is not a justifiable action.
Speaking of systemic effects, please don't pile on this user, or any other individual who happens to be in a position that the majority hates right now. That quickly develops into an ugly dynamic that we don't want here. What you posted at https://news.ycombinator.com/item?id=19046964 is unmistakeably a step in that brutal direction.
> Going around the terms stated in an agreement to accomplish something forbidden by the agreement is a type of fraud. Fraud is illegal.
It’s going to be hard for me to take this seriously on a website where the traditional way to read WSJ and NYT articles is by using services that violate the newspaper ToS. It just sounds like pseudo-sanctimony.
Certainly I find it suspicious if both views are simultaneously upvoted. If you must, read my comment as impugning the integrity of those who actually hold both views. Considering that both the view that TOS are sacrosanct and the view that HN readers should have paywall free access to these news sources are widely popular and have few, if any, detractors, I’m quite comfortable saying what I did.
I agree, Dang, - however - A suggestion for something for YC/HN to do:
Find a way to have a serious objective talk with the greater community on the extraordinarily global reaching issues of the impact of Silicon Valley on society, community, culture as a whole.
Look at what we have to just emerge in the last 1.5 decades alone from "unicorns" in silicon valley:
* US policy seemingly being set/disrupted via twitter
* Mental health studies coming out on the negative impact of Facebook
* Election manipulation through ad-powered platforms such as Google and FB
* Massive cultural dialogue and political revolutions being fueled through twitter
* Assassinations being corroborated through Apple an watch
* Global spying and surveillance conducted through all our connected technology
Just to name a few of the globally impactful issues of our day which directly stem from the efforts of Silicon Valley in specific and the tech industry in general.
As the preeminent VC company in the minds of any young entrepreneur who wants to build the Next Big Thing, I would pose that YC actually has a social responsibility to, at a minimum, foster a conversation on these issues in a meaningful, serious and deep manner.
What are the consequences of MASSIVE success of a company?
I don’t like Facebook either, but personal attack’s are not acceptable on this forum. Isn’t being able to talk to someone who works for Facebook better than not being able to talk to them at all? Why would this person continue to post if they know they will just be attacked?
Maybe they would think twice about continuing to burn the most productive years of their only life at this company if they knew what people thought of them.
Regardless of your opinion on Facebook, I don't think its employees should have to deal with a personal attack like that. It's one thing to try to get them to reconsider their viewpoint on their job, and quite another to flippantly call them out with a response that doesn't foster discussion.
> Apple has left Facebook’s campus in disarray after the company revoked the social network’s permission to build or run employee-only applications, according to reports. Employees were reportedly left unable to read cafeteria menus, call for inter-office transport or use versions of the social network’s own apps.
If you just ignore all the evil things Facebook did. The moral of the story is don't relies on a non-free computer and OS.
Two things: first, this seems like a reasonable response to the breach Facebook committed.
Second, it illustrates the folly behind relying on the continued good will of a 3rd party offering an essentially (or very nearly) free service. If Facebook was licensing EDCs for millions a year, this ban might not have been the first reaction Apple took.
They can't do it, that's not how Apple's EDC licensing works. I wasn't proposing they should have paid more-- My point was that customers paying for a product have more leverage than those receiving one for free, and so relying on a free product for pieces of your business operations can put you in a tenuous position.
It seems like there's something getting lost here. A lot of comments and even articles make it sound like Apple is retaliating against fb at random, which is not true. FB had an internal app agreement with apple to distribute apps to it's employees. Probably this one: https://developer.apple.com/programs/enterprise/
They violated the terms of the agreement, and therefore the have lost access. They also probably violated the terms of the app store as a whole, but who knows.
Whether or not one should have to be part of that program to install Enterprise apps is a different issue.
This brings a smile to my face. I don't care anymore what excuses people come up for Facebook's behavior. Enough is enough and Facebook has crossed the line years ago. No remorse, no forgiveness.
I just hope they haven't awoken a sleeping giant. Facebook has enormous capital and engineering capacity. If they decided to have their own app store and/or phone ecosystem, their brand might position them as a viable competitor to Google or Apple. But would we be better off for it?
They already tried their own phone ecosystem. I'm not saying that they shouldn't/can't try again, but it seems like Facebook's hubris is their worst enemy.
"We have invented something no one else has thought of. A small personal computerised device. Now you're able to stay docked twenty-four seven. On the bus. You can dock. On the subway. Stay docked. You can be docked in at home, and at the same time, you're docking with some kids at the public pool. We went to the guys at Fruit Computers and we told them we wanted to make our hardware as compatible as possible... Now you can dock your Lifeinvader to an iFruit or any other device, and it'll take all the data off and reformat it into Lifeinvader-friendly information.
I'd suggest getting a Pixel or other Android device if Apple's privacy stance bothers you. They will act on behalf of the consumer, regardless if you feel like "but it's my phone!".
Yes, it's your phone. But not your app store. You can use your iPhone perfectly well without ever having opened the app store.
I am pessimistic on the issue because people prefer to pay indirectly because it feels like it's free and everybody likes free.
The business model of FB and Google deviates from Apple in a major way, with Apple you give the money and get the service. With Google and FB, you get the service and the cost is added to the stuff you buy. It's not necessarily even a price increase, maybe it's just directing the money from the billboard owners to the technologists.
I don't see how FB or Google can lose unless someone in power(like a politician or an activist businessman) makes it stop despite the popular opinion. The fight between advertisers is vicious and FB doesn't look like afraid of getting its hands dirty.
For someone somewhere "evil" Apple screwed up their entertainment on that FB app which just gives away free stuff and even pays you to use their VPN.
> with Apple you give the money and get the service
I mostly agree but to be fair with Apple you rent the service. They dictate what you are allowed to install on your phone, only after they deem it suitable.
For users for whom the developer tools aren't a realistic option, which is the vast majority of them, apple does dictate what you can install on your phone.
For the rest of us, for the low low price of $100 to join the developer program plus $1000 for a Mac, we can get the ability to install software that we can build, which more-or-less precludes sideloading as an option for commercial software.
So, for all practical purposes, yes, Apple does dictate what you can install on their phone. The question is really whether you think that that's a feature or a misfeature.
That's different from controlling what YOU as a user can install on your phone. Apple controlls what you can make people install on their phones.
These are vastly different things. You own your phone and you can do whatever you want with it. It's just that you can't use Apple's distribution channels to spread you code.
You also can't put your own code on it without a developer key, and Apple is the gatekeeper for getting a developer key.
Theoretically you could bypass everything by replacing the OS, except that you can't replace the OS without yet another key that Apple isn't sharing with anyone.
No, you don't have to hack anything, you can write your code and run it on your iPhone that's running the legit iOS without going through Apple's review process.
People who develop apps do it everyday many times because they need to run their code on devices. You don't ask apple for permission every time you press the build button.
You don't have to go through the review process for getting an app approved for the app store. But you do still have to apply for a developer key, and buy the necessary additional equipment (which can only legally be Apple hardware), and comply with the associated contractual agreement.
That does mean Apple has a nonzero amount of control over that channel, too.
Literally every piece of electronics in front of me right now is either an Apple device, or connected to an Apple device.
I'm not hating on them. I'm just advocating a realistic perspective on the situation. iOS is a walled garden. That some people (myself included) see that as a net positive doesn't make it not one.
So I have to pay yearly rent to write and install my own apps onto my phone? And if I do not pay that rent it stops functioning? What if I want to install an app someone else wrote onto my phone but doesn't want to put it in the App Store? I get what you are saying but I don't want my mom approving what I install onto the device I paid for.
That's not true. This whole story is about Facebook's enterprise signing cert being revoked so they can no longer distribute apps outside the app store. Please stop spreading misinformation.
> What Apple dictates is what people can distribute on their App Store.
That's the unfortunate status quo. But it would absolutely be possible to legislate Apple (and Google Play Services - grey area) to allow 3rd party stores/apps.
They dictate what you run on the phone if it requires using their native SDK. Aside from the Flash event almost a decade ago, they haven't tried to restrict web content
I haven't had an Android phone in almost a decade using just iPhones. iOS's web browser game is actually the most frustrating part about Apple's walled garden for me.
You can compile your own browser and install it. People act as if Apple is sending the police if they install an App that doesn't meet Apple's guidelines. Limitations are about the distribution on the App Store.
> Does Tim Cook pray at nights to slow down other peoples code on iPhone?
No, but the security team tries their best to keep unsigned, dynamically generated code (such as what might come out of your browser's JIT JavaScript engine) from running.
I disagree. What is “line” you referred to and who gets to define it?
No one forced you to use Facebook. Look, I don’t use FB, and I don’t particular respect Mark or Sheryl, but the daily barrage of anti tech posts crapping on FB, Apple, or Amazon are turning this place into armchairs experts and politicians all pretending to be on some moral high ground when their own employers are likely just as greed driven.
We need comprehensive regulation IMO. What that should look like, I’m not qualified to say. Regardless, it’s sad to see hacker news morph into Reddit.
I don't use Facebook either and yet they still collect data on me. Its the same issue that happened with Experian leaking data on people who never did business with Experian.
I'd be comfortable calling that a line that got crossed
I wouldn’t. That line doesn’t exist, at least in the laws of the legal system. It might cross your own moral boundary, but that’s intrinsic to you and subjective at best.
I’m not defending them as a company. I do think the rest of the media is just as horrible and would seize a similar opportunity if given the chance.
>>I wouldn’t. That line doesn’t exist, at least in the laws of the legal system.
Who cares? It is well known that the legal system trails technology by at least a decade. Therefore, it should be clear that we are discussing a line of an ethical nature, not a legal one.
Well said, we have to get past this "well you have a choice" nonsense. Data is too easily acquired and cross-referenced for that to be remotely true anymore.
Experian's entire business model is built around collecting data about people who have never interacted directly with Experian. In fact, our entire system of credit would break down unless there were ways for lenders to know the credit-worthiness of their borrowers. Now, very good arguments can be made that credit rating has an inherent conflict of interest if privatized. But that's another conversation. In this one, we seem to continually fail to distinguish between 'information about you' and 'private information.' There is clearly a distinction. Figuring out exactly what that distinction is almost certainly a regulatory problem.
People report their personal wealth and income to the local tax authority every year, presumably that tells you something about a person's financial credibility.
It's down to the unfortunate reality that people aren't the actual customers of Facebook or Experian, their actual customers are advertisers and lenders (principally there's a few other people but basically anyone who's asked you for permission for a credit report). Under that lens it makes perfect sense that both would have information about everyone because it makes them more valuable.
It's easier to see with Experian because people pretty much never actually use their credit report actively but rather monitor it to know what the actual users will see about them. It's a metric about you rather than a metric for you. Same basic schema applies to the advertiser profile Facebook builds. They've just built a facade to get you to give them a lot of info willingly (in the case of users).
> It's down to the unfortunate reality that people aren't the actual customers of Facebook or Experian, their actual customers are advertisers and lenders
These are kind of opposite cases, aren't they?
With Facebook, their actual customers are people who want to have a relationship with you.
With Experian, their actual customers are people who you want to have a relationship with.
Lenders also want to have a relationship with you too. They want to make all the loans they can as long as they're good loans. Either way it doesn't change the dynamic that much for the average person they're the product, or I suppose more accurately information about them is the product and the companies are the customer.
I agree. I also think that we need a lot more regulations, because the problem isn't only Facebook, there are so many companies that hold/collect/sell our information, and that's the bigger problem in my opinion, Facebook is just the biggest one so we hear about it the most.
Just because you don't use Facebook doesn't mean that some other company isn't doing the same thing with your data, you just probably haven't heard of it.
I wonder how pervasive the abuse of the EDC for customer-facing apps actually is. If this got through FB / Google's legal teams, they might know of others who have done this without consequence.
> The worse part is there has to be someone that KNEW they where in violation.
Given the timeline outlined in the TechCrunch article it seems practically certain to me that they intentionally used the Apple EDP infrastructure to circumvent Apple's ban on literally the same app.
Apple, the maker of the hardware, is also a stakeholder in users’ privacy. They are not obligated to assist Facebook in the undermining of users’ privacy. If their stance on privacy does not meet Facebook’s requirements, Facebook is free to develop their own phone to run their own apps.
They could have started by understanding that another company has control over their infra and maybe not be evil. That being said, a web app (like the FT uses on IOS so they do not have to cut in apple on $) that is a saved web clipping would work without having to load an application.
Apparently Google did exactly the same thing! Their “research” app only targeted adults though, which still violates Apple policy but is a lot less scummy.
Not sure how owning a market research subsidiary would make it any more fraudulent than it already is. (It's of course also not a full protection against Apple deciding the parent deserves to be punished too)
Getting enterprise certificate is not easy and requires manual approval from Apple for registered company. I can imagine that getting another one can be hard, if ever possible.
> all employees are given brand new iPhone x’s.
> [...]
> replacing every employees phone
Huh? Employees are given a choice of iPhone or Android; the full infrastructure stack already exists for both, internal apps are built and deployed for both. I'm pretty sure that IT could switch the whole company to Android overnight if they had the hardware in stock...
Guess I was misktaken. I had the choice between a thinkpad and MacBook and given an iPhone, didn’t realize we could get an android or just didn’t pay attention...
Apple would be a great company if it didn't botch 'right to repair', overprice their products, and restrict their OS and APIs. Regardless, there's not much 'American' left in American tech products, let alone all US products. Apple and Essential are the only two cell phone manufacturers left, if that, and Essential just dropped theirs :( Somebody needs to make it cost effective to print circuit boards and encasing frameworks so we can move our tech back to the US. At least Apple is pushing back against Facebook and the NSA/gov. Everybody else is selling our privacy.
After apologizing thousands of times, they internally justify each of those breaches by rejecting the fault to "users" or other external factors (source: several friends working at Facebook, and reading public tweets of Facebook leaders).
The culture there is inherently anti-privacy and whoever fundamentally disagree is about to leave or has already left.