Slashdot Mirror
Facebook Gave Device Makers Deep Access To Data On Users and Friends (nytimes.com)
According to a report from The New York Times, Facebook formed data-sharing partnerships with Apple, Samsung, and dozens of other device makers, allowing them to access vast amounts of its users' personal information (Warning: source may be paywalled; alternative source). From the report: Facebook has reached data-sharing partnerships with at least 60 device makers -- including Apple, Amazon, BlackBerry, Microsoft and Samsung -- over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, "like" buttons and address books.
But the partnerships, whose scope has not previously been reported, raise concerns about the company's privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users' friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users' friends who believed they had barred any sharing, The New York Times found. Most of the partnerships remain in effect, though Facebook began winding them down in April.
But the partnerships, whose scope has not previously been reported, raise concerns about the company's privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users' friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users' friends who believed they had barred any sharing, The New York Times found. Most of the partnerships remain in effect, though Facebook began winding them down in April.
and that product can be passed around a lot.
Domestic spying is now "Benign Information Gathering"
The user still had to sign in and grant access for the API to be useful.
Except that's not the issue here. Some user granting access to his/her own data is perfectly fine (I'm deliberately not going into whether it's smart or not).
The problem here is that data belonging to other people was accessible, even when these people did not grant access.
From the summary:
Facebook allowed the device companies access to the data of users' friends without their explicit consent, even after declaring that it would no longer share such information with outsiders.
Facebook essentially violated its own privacy policy.
The summary sounds as if it was written by someone who had the idea of an API explained to them, didn’t really understand it, and so they tried to explain it in less technical terms by referring to it as a “data sharing agreement”, giving it a very different connotation.
Whether an API or other (private) “data channel” (a term from the original article) was used is irrelevant. The story is about unauthorized use of personal data by third parties.