That is not the point. The person you replied to wasn't saying they know for sure they were stealing user data, just that Meta has no way of knowing they aren't, and even if they aren't right now, no way of knowing if they will start in the future.
It doesn't matter what the app does at this moment, it can be changed at any point.
Should Meta also ban users who connect to their services from GrapheneOS, since it could be updated to steal all of your application data in the future?
>That is not the point. The person you replied to wasn't saying they know for sure they were stealing user data, just that Meta has no way of knowing they aren't, and even if they aren't right now, no way of knowing if they will start in the future.
But isn't such an application running on the end-user's hardware and making requests at the end-user's behest?
If so, what does Meta have to do with it at all? Should they be allowed to tell me what software I'm allowed to run on my hardware?
The risk you mention is all on the user's side and none of it on Meta's side. If the user decides they want to accept that risk, AFAICT it's no skin off Meta's nose. Or am I missing something here?
>If I grant a friend permission to view my photos, I am not also granting some random 3rd party that permission.
Assuming the "third-party" client is just that (a client app), there really shouldn't be an issue. If I use FluffyChat[0] instead of Element[1], do the FluffyChat folks have access to all my (and those with whom I communicate) Matrix communications? If I use Element, do they have such access?
If you use Firefox to access Facebook, are you granting Mozilla full access to your (and your FB friends') profiles?
There has been a lot of noise about "third-parties" and how they only exist to steal your data.
But we use "third-party" clients all the time. Web browsers, IRC clients, and a host of other "third-party" apps. Why aren't you up in arms about them stealing your data and that of your contacts?
Those other third party apps usually have a monetization scheme that's clearly separate from a need to steal your data or are open source which allows you to see if there's any weirdness or build it yourself. And I shouldn't need to mention that if it was found out that Firefox was uploading data from every page you read to their servers that there would be a massive reckoning.
Tell me, for the OGApp what is the monetization scheme? How do they intend to make money? By default if you don't see anything upfront you should assume that your data is what is being monetized. And your data in this case includes everything the app can pull down from Instagram while it's acting as a proxy.
Similarly and I keep mentioning this: Just because there's no current evidence of them stealing your data does not make them trustworthy. A site asking you for Steam login details would be almost impossible to prove that it's phishing for login details, but it would be a bad, bad idea to put in your login info anyways.
If they want their app to be trusted then it should be made open source.
>Tell me, for the OGApp what is the monetization scheme? How do they intend to make money? By default if you don't see anything upfront you should assume that your data is what is being monetized. And your data in this case includes everything the app can pull down from Instagram while it's acting as a proxy.
I have no idea. I'd never heard of this app as I don't ever use whatever functionality it provides.
I'm not saying these folks are saints, I have no idea what sort of people they are. If it makes you feel better, I'll posit that they're scumbags who would sell their own mother for a nickel.
But that doesn't change the fact that I (or anyone else, for that matter) should be able to use the client of their choice for anything. If that's not the case, then Meta (or HN, for that matter, if they decide to be as scummy as Meta) would be within their rights to decide which browser you use to connect to their properties, and what add-ons you install in that browser.
Sorry, that's not an acceptable solution[0].
>If they want their app to be trusted then it should be made open source.
You won't get any argument about that from me. But even if these guys are all clones of the anti-christ scheming to destroy humanity (for the record, I have no idea and make no value judgement about the ethical standards of the app publisher and its employees) by creating a subset of the data Meta already collects, if I (or anyone else) decides they want to use that software on their personal property, who's to say what can or can't run on that hardware?
I don't (and wouldn't try to) speak for anyone else, but my property belongs to me and I will run the software I choose on my property. That has nothing to do with Meta or the publisher of the app discussed in TFA. Rather, it's about my control of my property. Full stop.
[0] My objection is one of principle, not about any specific software. And I stand by that objection.
Yes, you can choose whatever software you want to run, but Meta would be in full rights to ban you for using third party clients. And Meta has a vested interest in ensuring that people aren't using clients that scam their users out of their credentials because said users don't exist in a vacuum. They have friends, family, private messages and so forth that other users did not consent to have stolen or taken by a third party. This was the whole Cambridge Analytica controversy in a nutshell and their decisions around stuff like this all stem from that.
And in fact, sites are within their rights to determine which browser you can use to connect. Sites are often designed for and optimized around certain browsers and if they detect you running Internet Explorer 3, they can tell you to go away. This is a fact of the internet. And you're just as free to simply not go to their sites. This has been a fact for decades. No site is obligated to serve your obscure internet browser. And no API is obligated to serve every client that calls it.
>And Meta has a vested interest in ensuring that people aren't using clients that scam their users out of their credentials because said users don't exist in a vacuum.
Did this specific app actually "scam users out of their credentials?"
I'd expect that they didn't "scam" anything. The end user installed the app and voluntarily provided their credentials in order to access their content.
How is that a scam? If I'm using an Android phone and sideload an app to access say, HN, whether that's an apk from a publisher's website or from F-Droid, have I been scammed out of my HN credentials by that app's publisher?
If the app claimed to be the "official" app from Meta and used phishing techniques to get folks to install the app and/or reveal their credentials, that would be scamming.
But a deliberate choice by a user to use a specific app for a specific purpose, with the app in question actually serving that specific purpose doesn't seem like a "scam" to me.
Sure, Meta doesn't like it for a bunch of reasons. And it doesn't surprise me that they took action to smack these guys down. But characterizing this app as a "scam" doesn't seem to reflect reality.
That is not the point. The person you replied to wasn't saying they know for sure they were stealing user data, just that Meta has no way of knowing they aren't, and even if they aren't right now, no way of knowing if they will start in the future.
It doesn't matter what the app does at this moment, it can be changed at any point.