What really drives me crazy is how people are still surprised by this kind of thing. I stopped using Facebook four years ago, and I think it was one of the smartest decisions I've made. I value my privacy. There is so much complaining online about how Facebook is taking over everything, yet there is no action. If you have a problem with it, then don't use the service!
What really drives _me_ crazy is that the operating system on my phone doesn't give me control of what information and control I allow installed software to use (Android). I do use CyanogenMod which has something like control, but it is very displeasing that the stock options are either giving the developer every access right or not install the app.
I don't want to use either Android or iOS. I don't want to use Java or anything like it. The hardware I have is orders of magnitude more powerful than it needs to be to do the things I want it to do, and yet it does them poorly.
If I had a million dollars I'd make my own OS without all of the stupid waste, and I'm very surprised that nobody else has bothered to do so (well).
I think Facebook has done a good job helping people enjoy the habit of denying the importance of privacy in favor for a free service. I don't think many realize what they've sacrificed because they value it so little.
> I don't think many realize what they've sacrificed because they value it so little.
Exactly. Also, most people don't tend to question authority figures. That's what facebook has become for web 2.0 or whatever you want to call it, it's the thing that got most people to use internet actively as a part of their everyday lives.
It's not that. It's risks vs benefits and most people (I'm only speaking for the technically informed minority) weight the two and find out that at this point in time, the benefits are outweigh the risks.
Having a facebook account puts you in contact with your peers. Virtually everyone. It can be a huge social boost if used correctly (politeness, some language moderation, etc.), imagine how difficult would be for newcomers in town to socialize without using social media. Students that go away for Erasmus, etc. Facebook offers an incredibly valuable service.
What exactly will the NSA, Facebook or Google do with the user's data and how this entire privacy breach will actually play out in the future, no ones knows. Mind you that people actually like sharing their data with their peers and being part of a community such as this one.
Theoretically I can scrap all your posts run them through a "text analysis software" to extract data about your personality. So you're exposed anyway, the moment you put two words together online.
Most people don't realize the threat because everything is at virtual level yet. Only a few got bullied after online stalking. Once this group becomes a majority, things will change.
This problem you describe is the reason why Facebook is still printing cash. Somehow the majority of the population either just doesn't understand or doesn't care about the value of their privacy, or what their actions entail.
Perhaps this makes sense, (or at least here's a theory why).
Disclaimer:
I don't have time to do a massive research for this one (tl;didn't research), I will base the rest of my theory on these hypotheses which I can't prove are true, but I'm guessing are probably true (whatever true means). Don't take anything I say personally or seriously. I could be a sophisticated turing machine for all you know, and then you'd feel silly for getting all hyped up at a robot. So chill and enjoy the ride.
1. Despite what it may seem like, most people still don't really know how to use computers.
=and I don't mean like smartphones (which yes are computers but they make sht dead simple which almost puts them in a different category), I'm talking about setting up a good ol' desktop OS out of the box, getting it running on a network, configuring security, installing software, moving files, fixing permissions, etc.
2. OF THOSE who know how to use computers, many (if not most) of them do not know how to write code.
*=And not be a code hipsters, becuz damn am I sick of them, but I mean a lot of "devs" these days barely think about what it means to write executable code. JavaScript/V8 has opened the door to a lot of developers, though many still don't really understand how a computer program goes from looking like this:
3. OF THOSE who do know how to write code, only very few of them have gotten their heads out of their own asses and have built/done something to change the world :)
Okay, that last one was kind of a joke, but kind of not. But anyway, I digest...
So say you've just made this hit app ---in the past few years. Congrats! You've hit an interesting "sweet spot" in the general collective human consciousness in that you can sell software/"simplified" computers to people who largely have no clue what it is they are using! They call it "Facebook" or "Instagram" or "SnapChat" — not executable binaries running on a microprocessor in their pocket, live connected to several Fortune 500 companies that sell their data in real-time all across the Internet. Most likely if you explained a product in those terms to someone they'd think you're a weirdo (and maybe they'd be right, lol).
My theory is that to be open enough to consider these privacy claims, one would have to come to understand it on their own (otherwise, a part of their subconscious reaction to "foreign substance" will reject the information as "junk").
To even get to the point of understanding what this means, you'd have to get at least past Statement #2. To do something about it on a wide enough scale, you'd have to get past #3 and this is harder than it looks.
IMHO, it is because of #3 that ideas are meaningless — yeah we all get ideas in the shower but who gets off their ass, turns OFF the phone, turns OFF Facebook, and tune IN to whatever idea they'd like to manifest?
These people ended up creating Facebook. Instagram. SnapChat. Google. Apple.
And then they get to call the shots, and "explain privacy" to the masses until the majority agrees to think differently.
I work at Facebook, more specifically, I've spent a considerable chunk of my time working on our Android app and the Android permissions we request. (I also worked on that same area before I joined Facebook)
These permissions were actually added several months ago, long before the WhatsApp deal was announced. There's no connection.
I want to correct some of the misrepresentations in the article.
The WRITE_CALENDAR permission: As many app developers will know, this permission is needed by any application that wants to create a calendar feed in the unified Android calendar storage, and create/modify events in it. In particular, the Facebook app would like to give you the option to import your Facebook events so that you can see them side-by-side with your other calendars like Google Calendar, corporate Exchange accounts and so on. We don't need to be able to send event invites or updates to attendees by email, but we can't divide the pre-set Android permission into any smaller pieces.
We use the READ_SMS permission to automatically read SMS codes from people who have turned on 2-factor authentication (called Login Approvals) for their accounts, or for phone confirmation messages when you add a phone number to your Facebook account. Unfortunately, the Android permissions system doesn't allow us to specify that we would like to be able to read only SMS messages from a specific number—the one we use to send these codes.
In general, we would love to be able to ask only for the permissions we need for the specific features we expect people to use. However, Android doesn't allow permission requests on demand; we have to request all permissions that cover each feature at install time, and people must choose to accept or deny all of them at once.
If you have specific questions about other permissions that our app requires, don't hesitate to ask, and I'll do my best to explain how they're used. We also have an official Help Center page that covers a lot of this material at https://www.facebook.com/help/210676372433246.
Why do you need to read the SMS as it comes in? Why can't you implement 2 factor authentication w/o a SMS via TOTP, using something like Google Authenticator? On all my accounts that I've been able to, I've turned on this "Virtual Token" based authentication, it's no great burden to enter a 6-digit number from my device to the screen when needed. Setting it up is a breeze as well, simply scan a qrcode off the screen.
FB is a big company with a lot of smart people. This approach must have been considered and then dismissed by at least one of your developers. Why the huge push to confirm and maintain a phone # connection to the service?
FB 2 factor auth works with TOTP. There is a code generator in our app, and you can set it up with Google Authenticator or other TOTP implementations.
However, there are people in the world that don't know much about computers, don't own a desktop, and their smartphone is the only general computing device they have. Throw in that mix the issue that quite a lot of these people have a low end device, where they can't install every and all apps they want. There are phones (one of them on my desk) where installing Facebook, WhatsApp, Messenger, and Hangouts pretty much maxes out the device memory. You can't afford a dedicated authenticator app.
At the same time, there are a lot of people that like to logout explicitly from their Facebook app before they close it.
So, no dedicated TOTP. No second device. Logged out, so can't use the built in code generator. What's your option for still using 2 factor auth for security, but making it as easy as possible for the legitimate account owner on their primary device, because said owner might know jack about computers?
The whole reason why Whatsapp is majorly successful is that it was the exact opposite of what Facebook is. People could download it, and then their address book was integrated. No ads, no mining your information, no signup. It was not successful due to viral marketing or integration with an all knowing social network.
Also, the people that matter in my life is in my phone book and vice-versa. Not hundreds of people that I don't see in ages. Almost no clutter and no managing.
The problem is this doesn't even matter to the average user. They've been so ingrained to just automatically accept these messages (EULA's, "warnings" etc) that they have become meaningless.
Even if you do get the odd person that actually cares, the question becomes "do I care enough to stop using this app". The answer is almost certainly no. If you actually cared about your privacy, you probably would have stopped using Facebook half a decade ago.
It doesn't help that (on Android at least) the control of permissions is so granular. I understand the desire to give users very fine control over their privacy, but the end result is that updates present you with a loooong list of permissions changes, and we all know that the longer a list gets the more likely it becomes that the user's eyes will just glaze over and they'll reflexively hit OK.
This is exacerbated by the fact that all the permissions requests are presented in the same way -- same font, same size, same color -- despite the fact that not all permissions requests are created equal. If an app wants to be able to talk to the network, that's a minor privacy concern. If an app wants to be able to read my address book, say, or my emails or SMSes, those are major privacy concerns. Those are the ones you want the user paying attention to and thinking about. The way the requests are presented should reflect that.
I want to have the per-permission denial back. I used to be able to deny some permissions while allowing other for an individual app. Here, I could turn off the app's permissions to access SMS messages and control WiFi without disabling its internet access or camera permissions.
This would cause some apps would crash, true, but at least I can control that and work with it. It was removed from Cyanogenmod around 7.0.
If he has root? I thought the selling point of Android is that it is open. Certainly people don't still have to jump through hoops to root their devices?
Nope. The "selling point" of Android is that it's free (as in no licensing costs). Carriers are still free to lock it down, and of course they do, complete with bootloader lock.
Personally I think bootloader locks on general-purpose computing hardware should be made outright illegal, regardless of whether the company would like to sell it as an "appliance".
In the vast majority of cases, yes you do. I had to use an exploit to root my phone. When I lost it and insurance got me an identical phone, there had been a firmware update that patched the hole. Didn't update anything else, still the same outdated version of Android, I just couldn't root it. I still haven't been able to. It drives me mad.
I'm several versions behind on updating my Facebook app, because every update brings a litany of new unnecessary permissions.
For a brief period Android offered the ability to selectively disable permissions on apps after the fact, but that feature was removed. I'll probably soon be switching to an alternative ROM that still supports it.
This is the real problem. iOS asks you when an app tries to do something which involves potentially sensitive information being revealed – I find myself uninstalling apps frequently on my Nexus because an update is asking for new permissions, and I've read the comments about fine-grained controls, but I don't want to install an app to allow me to have granular permission controls over other apps – I should not have to do that.
I just use the web page now for the same reason, the high precision GPS request was way too much information to give out. The effect is that I use facebook less when I'm out and about which is also a positive.
Isn't Facebook correctly assuming that if you use it you're okay with your life being an open book? They've never attempted to hide it and everyone who's uncomfortable with that has moved on, or at least using it very conservatively.
Just who are these people who have secrets? Which people depend on the ignorance of the people around them to live their lives?
Are you afraid your wife might learn about your mistress?
Are you afraid your business partners (bosses, coworkers, corporate contacts, government regulators) might learn about your communicable diseases?
Are you afraid your religious associates might learn about your immoral activity?
Are you afraid your children might learn about your illegal smuggling operations?
Are you afraid your Amish friends might learn of your technology company?
The question wasn't "who needs to keep a secret", but rather "who is depending on Facebook to keep their secrets?" It's a valid point, the media has blared long enough that Facebook can't be trusted with secrets. If someone doesn't know that by now, they haven't done the due diligence that should be reasonably expected of anyone communicating online.
Are you telling facebook any of this? Why would you? Are there instances of facebook (or anyone else) notifying wives of mistresses? It seems much more likely that making a wall post to your mistress with the wrong account is the new call on the family cell phone, which was the new letter to the wrong address of its day.
I think Google should improve the way apps can ask access to these things. just telling us whats going to be used is not enough IMO, in fact i see this kind of dialog so many times and just tap through. I should be given option to restrict access after the fact if i see it fit.
What's funny is that they're concerned by the additional permissions Facebook is asking for. Facebook's app already has full access to contact info, which they 'accidentally' used to wipe out everyone's email contacts. I think after that debacle Facebook would have to literally wiretap the mic/camera to actually sink any lower.
Bought a Nokia N900 last week and running Debian on it. Once you do a few tweaks to fix the battery life and performance, it's brilliant. How sad is it though, that despite being almost five years old, it's still one of the most open, hackable phones around. Switching from Android to the N900 felt like what switching from Windows to Linux felt like - like I have maximum control over the device, with the freedom to modify anything (relatively) easily.
I think Facebook started adding permission to read texts BEFORE WhatsApp purchase. Or were they preparing before purchase of WhatsApp?
Either way, when I first heard about Facebook reading my texts few months ago, I just deleted Facebook app from my android. Keeps me from wasting time reading facebook posts on my phone also...
Seems Facebook is drawing inward to what they are really good at: letting people communicate. They tried to be everything to everybody and suprise! they alienated and aggravated their users with spam. If Facebook doesn't focus on doing at least one thing well, the bubble will burst.
You don't have to stop using Facebook, just use the HTML version instead of the app. I switched after the email debacle and it's been great, never looked back.
I think when I made the decision to stop using Facebook was when I created a new account and realized how empty the actual value proposition was when you were starting fresh.
I then realized that people on facebook I actually would've never met or even hang out or even actively talk or like. People that matter are people that have my phone number and skype and can meet me directly.
After this epiphany, I deleted my facebook, I no longer saw any value in having a few hundred "friends" on a website that intrinsically offers no value without the underlying participants, whom I valued to be close to zero, as they were not within reach in real life.
I found skype offered all the tools I needed. I downloaded whatsapp only to be hit with the same feeling I got from Facebook, these were merely tools acting as social buffering mechanism for digital interaction but SMS already serves this purpose well and voice conversation or meeting in person solves a far better value.
Twitter, I'm also thinking of retiring. Instagram? Selfies? Things don't change and that is human relationships, being on any of these platforms is a self fulfilling prophecies.
