Fb is only "shutting down" it's iOS Spyware due to "bad press" not due to a sudden realisation that spying on children who are incapable of understanding the long-term consequences of the privacy invasion is fundamentally wrong/evil.
Fb only stop doing things that are obviously morally reprehensible when they get caught or called out in the media. They never proactively doing the right thing. :-(
It's not even that--they are not stopping the identical Android app, only the iOS one. From the media/public standpoint, the programs are nearly identical, so this is clearly a case of either Apple ordering them to stop and/or they know they are hosed for giving Apple the finger and trying to pull the plug before Apple revokes their entire company's enterprise certificate, which would break any internal apps (the intended use of enterprise certs) that they may be using. So it's not even the bad press, just them risking angering a company they depend on to do their business.
According to articles I saw in the last few hours, their "certificates" have been pulled. So this has likely already happened.
Also, Google updated API certificate behavior to only trust built in roots by default.
https://android-developers.googleblog.com/2016/07/changes-to... might explain why "project atlas" is only available for Android devices marshmallow and earlier (they can't snoop encrypted app traffic on later versions)
Nice! Glad Apple caused them some massive chaos. I'd forgotten about that roots thing, it's actually really nice albeit a little annoying for debugging/reverse engineering.
Yeah, the API change was back in 2016, somewhat close to the timing of Facebook's deployment of Onavo. The conspiracy theorist in me says Google might have got a tip about such behavior years ahead of the public revelation. SV companies are quite incestuous.
Everyone pin your certificates. If this was standard practice none of it ever could have happened.
Apple didn’t just ban the App, they revoked Facebook’s privileges to “side load” their internal apps, so Facebook employees can’t even order lunch or a company shuttle.
Almost by definition, we're only going to notice the "right things" they've done that they don't get called out on (i.e. have attention drawn to beforehand).
I would love to be a fly-on-the-wall at some of their meetings when someone says “So we are going to do data collection on minors without parental consent now” and all the developers just say “great I’ll code that up straight away”. Like is there no dissent at all? Is there no one at all who says “guys this is not OK”?
There's some powerful dissonance going on. I once interviewed an engineer. We spent a good 15m of the hour-long interview talking about the moral implications of social networking, the potential for powerful technology to cause harm, and what a developer's imperatives were. He was completely on the "side of right" - must use powers for good, data harvesting is bad, Facebook is an immoral business etc.
He turned down our offer to take a job building a data analytics platform at Facebook. "Oh it was just too exciting tech not to work on."
Facebook officially prohibits users younger than 13, mainly because US law has a lot of special requirements for children under that age ( https://en.wikipedia.org/wiki/Children%27s_Online_Privacy_Pr... ). I’m sure the app doesn’t have any special age-based code because if someone has a Facebook account, they’ve already told Facebook they’re 13 or older.
Amazonians reading this: I'd like to know how often does it cause someone to rethink their proposal when you use the magic words "disagree and commit"? Does it ever happen?
I mean consider this scenario: A, B, C, D, E are in a meeting to discuss a new project that A has planned. D and E like the idea. B is not committed either way. C says they can't see the project being a good thing but uses the magic words "disagree and commit". How often does it cause A to go back and say ok maybe my idea was not good?
In reality it's more like 'agree and submit' to the manager/pm making the proposal. Don't want to do the work because you find it goes against morals or personal beliefs? That's fine, they'll pivot you out of the company real quick.
There is an assumption that developers "knew" how the code being implemented is going to be used. In a big company like FB, as an IC or team, the context under which code gets developed may be far removed from how it gets used. I can imagine a scenario where someone developed this code for testing FB app on devices, another engineer had similar need and morphed it into different product etc.
The solution to these problems is oversight from security, compliance, and privacy on all systems dealing with consumer information, and having privacy education for all employees on regular basis. GDPR is a step in that direction.
Turns out a lot of people are willing to be unethical for a lot of money. If you can convince people to murder people and render them down to soap you can probably convince people to build spyware. You can even pretend that such data will never be used in a prejudicial fashion say to deny people employment in the future based on some social score.
Come on guys we just want to build a better ad what could possibly go wrong!
Fb only stop doing things that are obviously morally reprehensible when they get caught or called out in the media. They never proactively doing the right thing. :-(