Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

An app downloading data on behalf of the user is basically what Cambridge Analytica was doing.

The problem is that data ownership is complicated. If I know your phone number, can I share it with other people? That was CA (me downloading data about all my friends). Here the issue is private messages — is it okay for me to share the messages you sent privately to me? A lot of people will get quite upset if you do that!



If I send you something, you should be able to copy and distribute it as you see fit, no matter what I wish you would and wouldn't do with it, and my recourse should be limited to not sending you more things in the future.


In this interpretation, FB should not have been fined for CA. While it’s a cogent theory, regulators disagree with you and they have guns backing them up.


Thankfully many of us here live in countries where the pen is mightier than the sword. If regulators' opinions don't match up with those of the people, then maybe we need some new regulators.

Not trying to imply there's any sort of consensus here, of course. Just that "regulators disagree" certainly isn't the end of the discussion in any country with a functioning democracy.


What if you make me sign some sort of NDA/ToS?


To be clear, I'm not saying that there should be no consequences if you distribute a message that I didn't want you to. I'm just saying that I shouldn't be able to stop you from doing so. If you signed a contract saying you wouldn't, and then you do, I should still be able to sue for that, but the existence of such a contract shouldn't let me control your technology to prevent you from breaking it in the first place.


I'm confused, what's the point of the contract that says "you can't do this" if not to legally enforce that you can't do that?


I'm distinguishing between two different meanings of "can't": not allowed vs. not capable. You should be capable of violating NDA/ToS's, but possibly suffer legal consequences if you choose to do so.


> An app downloading data on behalf of the user is basically what Cambridge Analytica was doing.

Nowhere close. CA was asking permissions from users and then got the data from those users and all of their FB friends who did not agree to anything nor did they know their data is being collected.


This is exactly the crux of the problem. Consider Alice and bob, where bob used CA and Alice did not. Alice shares her data with bob. What can Bob do with it? Can he share it with CA?

It’s messy! Another similar problem in this vein is data about you that does not belong to you. Who owns your purchase history from Amazon, or which pages you clicked on? You? Amazon?


> An app downloading data on behalf of the user is basically what Cambridge Analytica was doing.

That's half of it. Is the app sending the data back to the app makers? If not then it's extremely different.


If the app is downloading the data, what’s stopping it from sending the data to the app makers?

Previously FB paid a 5 billion dollar fine because of insufficiently policing third part app developers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: