Breaches like that are intrinsic to Facebook's entire business model and Facebook's entire technical architecture... which is the same business model and the same technical architecture that all the other "platforms" have.
If you collect the data in a central place, and let other centralized actors have access to them, then you WILL have failures like that. If I can give your "app" permission to process my data, and if your "app" can simultaneously have permission to talk directly to you or to any third party, then my data WILL eventually get misused.
That's independent of the good will or lack thereof of the people operating it, by the way. It just plain WILL fail constantly. It's broken by design. It can never work right.
The correct reaction is to completely dismantle the entire "platform-based" structure of social networking. All of it. Shutting down Facebook would be a good start.
I suspect that the things you're calling "overreaction" are a lot less extreme than that correct reaction...
Customers frustrated by Facebook's bad behavior can vote with their wallets, something most Comcast customers can't do.
Most Comcast customers can go to the other member of the local duopoly. Pretty much ANY Comcast customer can go buy their own right of way and run their own cable to a NAP.
That's just about as practical as most Facebook users abandoning Facebook.
Sure, it's not the DEA's fault its drug sting fell apart and resulted in vehicle damage and the loss of life.
It sure goddamn well is. It was an obvious risk of the DEA's habitual use of irresponsible tactics. It's happened before, it's happened again, it's not justified, and it's not acceptable.
This article operates from a child's understanding of consent and coercion.
If I say "My great grandfather had the biggest club, so he got all the farmland, so suck my dick or starve", that's not a choice and your doing it doesn't imply any real consent. And if everybody you need to interact with has been manipulated into using my "platform", or even just chosen to use my platform, then saying "Give me your real name or go be isolated" isn't a choice either.
And let's talk about this "come in and tell a company" business.
Facebook. Is. A. Creation. Of. Government.
Governments aren't "coming in" to Facebook's affairs. People "came in" and asked governments to create the company in the first place.
A corporation doesn't exist at all except as a matter of law. It's not a person. It has no natural rights (and no mind, so it couldn't exercise natural rights if it had them). By chartering such an entity, the government actually RESTRICTS the rights of natural persons, most famously the right to individually sue people who act in concert to do them damage.
Issuing charters like that has side effects. No actual person could operate at that scale without some similar kind of charter. The existence of Facebook's "platform" requires the government to recognize fictional entities. And scale is a big part of the reason there's a problem.
There is absolutely no reason governments shouldn't put any restrictions those entrusted think appropriate on gifts like the "right" for a total fiction to be treated as a legal entity or the "right" for its owners and employees to avoid accountability for their actions.
It's not even like Facebook is a vehicle for its owners to exercise their rights to free speech. Facebook is a vehicle for selling advertising, period.
Don't pretend that massive institutions are beings with rights. If you want a "free" system, then decentralize the technology and eliminate these fiefdoms.
How's Feinstein surprising? She's been a spy lover since the beginning of time. Way before Trump was a thing. She only gets mad at the spies if they lie to her personally, and then not for long.
What is with Techdirt and the huge blind spot around "platforms"?
There is no "competitive social media market", because network effects favor concentration.
It so happens that I do "choose not to visit Facebook" (and others), and I suffer serious negative effects from the resulting social isolation. Meanwhile, people are still discussing me and probably tagging photos of me, on those platforms.
Obligating them to distribute "foreign propaganda" sounds fine to me. I don't know where anybody got the idea that free speech stoppedat a border. And I'm perfectly capable of rejecting Putin's bullshit, and so will other people be once they stop kidding themselves that they can depend on others to filter it out for them.
At this point I'm about ready to root for SESTA and all the other stupid, jackbooted government assholery, just out of the hope that it will force these companies to degrade their services enough that competition from truly decentralized systems is actually possible and something better can emerge.
And, indeed, there are competing app stores -- but the general argument around them (with the possible exception of Amazon's competing Android app store) is that if you want to keep your device secure, you'll only download via Google's app store.
Yeah, that's the argument generally made by Google's PR flacks and their dupes. It never has made any sense at all, mind you.
Google's checks aren't particularly effective, and Google Play is the number one distributor of Android malware just like it's the number one distributor of all Android software.
All that code review from people putting real money into the thing kept anybody from draining $100M out of it for like a whole week! Almost like every "investor" expected to free ride on the review of others...
And it's really, really hard to pull the artificial grafted-on toll out of a protocol, thus removing the "fat" aspect...
Just more idiocy from ICO morons. The market does not fix everything.
They're offering "live" data to anybody who fucking comes in over the Internet. That's "live" and "public" enough for me, thanks.
In a sane legal system, deliberately putting that information out there would get you a prison sentence, "demo" or no "demo". And even letting it outside of a closed billing system into a larger corporate system would be grounds for damages. Let's set the damages by statute at the same as the damages for sharing a pop song: $150k per record.
And "partners" are third parties. That's just what pieces of shit like to call the particular third parties they happen to be working with that week, as part of the various cons they're running.
Usually the reason this stuff gets farmed out to private contracts is that a bunch of "government can't do anything right" ideologues have forced it to be.
Re: Ah good old 'If it's in the rules I don't need to think for myself'...
I believe the current legal rule for determining whether a cop can "reasonably be expected" to know that his or her actions are illegal, unconstitutional, excessive, or whatever is that it has to have been personally explained to that particular cop by at least three Supreme Court Justices, on separate occasions. On videotape. Within the last week. With a signed triplicate acknowledgement from the cop.
But only if the cop's behavior causes the horrible, painful death of a total innocent, and the case is absolutely identical to the explained situation in every detail including the names. Otherwise it has to be the whole court en banc.
I think there's some kind of good faith exception, too.
By the way, the standard for prosecuting a citizen for identical behavior is that the behavior has to vaguely resemble something that might be illegal in the twisted mind of a prosecutor somewhere in Pakistan.
The DEA is a threat to families. It's a brutal jackbooted agency that exists only to enforce laws that aren't even within the government's legitimate scope of legislation in the first place. And, like the rest of the DOJ, it does that in a calculatedly inhuman way.
Next time you might want to pick a better example.
"Broadband providers should not block, throttle, or otherwise discriminate against lawful websites and services.”
... and the operators of either of the effective duopoly of mobile app stores should not block or otherwise discriminate against lawful applications, even if they compete with their own offerings...
... does not exist, and nobody has the slightest idea how to build it.
Only a credulous idiot would think that today's AI was even remotely close to being able to tell when a real crime was being committed, let alone when one was about to be. That would require at least human-level AI, and probably better than human.
Yes, there's stuff that can watch parking garage video and detect behavior that's often characteristic of people trying to break into cars... and then alert an actual person to watch that camera. No, there is nothing that can tell with any certainty when somebody is ACTUALLY trying to break into cars.
And that is a million times easier than somehow detecting any possible kind of pre-crime that may have been dreamed up by somebody with weeks to plan it.
If the network wants to protect its own resources by not allowing huge traffic floods, especially without some indication that the recipient actually wants the data, that's good. If the network wants to start guaranteeing that the source address on a packet bears some relation to where that packet came from, that's also good.
But oddly enough the people pushing "smart networks" don't want to make networks smart when it comes to dealing with their own internal functions, because that's actually hard. Nobody wants to actually redo the routing infrastructure.
Instead, what they want to do is to spy on traffic, filter it, "collect intelligence" from it, and sometimes react to it... including with things that you could reasonably call security attacks. In the process they'll introduce a bunch of complexity and create gridlock by making everything depend on everything else. And they'll further blur the lines about what you're allowed to do to somebody else's traffic. Those are actively bad for security.
Not to mention the number of things they'll simply break, because it's crazy hard to look at the traffic between two other parties and intuit what they're actually doing.
They'll also create the machinery for an Internet police state. I'm not saying there's any kind of conspiracy to do that. I'm saying that that's what the technology is actually good for, regardless of anybody's current intentions.
Anybody who suggests "smart networks" as a solution for any kind of privacy problem needs their head examined.
If some piece of shit endpoint misbehaves, then other endpoints need to protect themselves, and the network needs to stay out of it.
On the post: Techdirt Podcast Episode 160: Overreacting To Facebook's Mistakes Won't Solve Anything
Breaches like that are intrinsic to Facebook's entire business model and Facebook's entire technical architecture... which is the same business model and the same technical architecture that all the other "platforms" have.
If you collect the data in a central place, and let other centralized actors have access to them, then you WILL have failures like that. If I can give your "app" permission to process my data, and if your "app" can simultaneously have permission to talk directly to you or to any third party, then my data WILL eventually get misused.
That's independent of the good will or lack thereof of the people operating it, by the way. It just plain WILL fail constantly. It's broken by design. It can never work right.
The correct reaction is to completely dismantle the entire "platform-based" structure of social networking. All of it. Shutting down Facebook would be a good start.
I suspect that the things you're calling "overreaction" are a lot less extreme than that correct reaction...
On the post: Hey Mark Zuckerberg: Don't Lock Down Everyone's Data, Open It Up To Services That Give Your Users More Control Over Their Data
Hey Mark Zuckerberg
On the post: Cable's Top Lobbyist Again Calls For Hyper Regulation Of Silicon Valley
Most Comcast customers can go to the other member of the local duopoly. Pretty much ANY Comcast customer can go buy their own right of way and run their own cable to a NAP.
That's just about as practical as most Facebook users abandoning Facebook.
On the post: Court Moves Business Owner One Step Closer To Getting Paid Back For Vehicle DEA Destroyed In A Failed Drug Sting
It sure goddamn well is. It was an obvious risk of the DEA's habitual use of irresponsible tactics. It's happened before, it's happened again, it's not justified, and it's not acceptable.
On the post: German Court Says Facebook's Real Names Policy Violates Users' Privacy
This article operates from a child's understanding of consent and coercion.
If I say "My great grandfather had the biggest club, so he got all the farmland, so suck my dick or starve", that's not a choice and your doing it doesn't imply any real consent. And if everybody you need to interact with has been manipulated into using my "platform", or even just chosen to use my platform, then saying "Give me your real name or go be isolated" isn't a choice either.
And let's talk about this "come in and tell a company" business.
Facebook. Is. A. Creation. Of. Government.
Governments aren't "coming in" to Facebook's affairs. People "came in" and asked governments to create the company in the first place.
A corporation doesn't exist at all except as a matter of law. It's not a person. It has no natural rights (and no mind, so it couldn't exercise natural rights if it had them). By chartering such an entity, the government actually RESTRICTS the rights of natural persons, most famously the right to individually sue people who act in concert to do them damage.
Issuing charters like that has side effects. No actual person could operate at that scale without some similar kind of charter. The existence of Facebook's "platform" requires the government to recognize fictional entities. And scale is a big part of the reason there's a problem.
There is absolutely no reason governments shouldn't put any restrictions those entrusted think appropriate on gifts like the "right" for a total fiction to be treated as a legal entity or the "right" for its owners and employees to avoid accountability for their actions.
It's not even like Facebook is a vehicle for its owners to exercise their rights to free speech. Facebook is a vehicle for selling advertising, period.
Don't pretend that massive institutions are beings with rights. If you want a "free" system, then decentralize the technology and eliminate these fiefdoms.
On the post: Theresa May Again Demands Tech Companies Do More To Right The World's Social Media Wrongs
Re: Re: We can fix her problems right here, right now.
On the post: After Basically No Debate, And No Opportunity For Amendments, Senate Votes To Expand NSA Surveillance
On the post: For The Second Time In A Week, German Hate Speech Laws Results In Deletion Of Innocent Speech
On the post: Dear Al Franken: Net Neutrality Is Not A Magic Wand You Can Wave At Any Company
What is with Techdirt and the huge blind spot around "platforms"?
There is no "competitive social media market", because network effects favor concentration.
It so happens that I do "choose not to visit Facebook" (and others), and I suffer serious negative effects from the resulting social isolation. Meanwhile, people are still discussing me and probably tagging photos of me, on those platforms.
Obligating them to distribute "foreign propaganda" sounds fine to me. I don't know where anybody got the idea that free speech stoppedat a border. And I'm perfectly capable of rejecting Putin's bullshit, and so will other people be once they stop kidding themselves that they can depend on others to filter it out for them.
At this point I'm about ready to root for SESTA and all the other stupid, jackbooted government assholery, just out of the hope that it will force these companies to degrade their services enough that competition from truly decentralized systems is actually possible and something better can emerge.
On the post: Google Removed Catalonian Referendum App Following Spanish Court Order
Yeah, that's the argument generally made by Google's PR flacks and their dupes. It never has made any sense at all, mind you.
Google's checks aren't particularly effective, and Google Play is the number one distributor of Android malware just like it's the number one distributor of all Android software.
On the post: How To Avoid Future Krack-Like Failures: Create Well-Maintained 'Fat' Protocols Using Initial Coin Offerings
Oh, yeah, yeah right, great idea...
... worked great for Ethereum with the DAO.
All that code review from people putting real money into the thing kept anybody from draining $100M out of it for like a whole week! Almost like every "investor" expected to free ride on the review of others...
And it's really, really hard to pull the artificial grafted-on toll out of a protocol, thus removing the "fat" aspect...
Just more idiocy from ICO morons. The market does not fix everything.
On the post: Wireless Carriers Again Busted Collecting, Selling User Data Without Consent Or Opt Out Tools
Re:
In a sane legal system, deliberately putting that information out there would get you a prison sentence, "demo" or no "demo". And even letting it outside of a closed billing system into a larger corporate system would be grounds for damages. Let's set the damages by statute at the same as the damages for sharing a pop song: $150k per record.
And "partners" are third parties. That's just what pieces of shit like to call the particular third parties they happen to be working with that week, as part of the various cons they're running.
Corporate toady.
On the post: Australia's National Rape Hotline Run By Insurance Company, Who Demands All Sorts Of Private Info
Re: Ah... so typical of government...
Just saying...
On the post: Court Tells Sheriff's Dept. Shackling Kids Above The Elbows Is Excessive Force
Re: Ah good old 'If it's in the rules I don't need to think for myself'...
I believe the current legal rule for determining whether a cop can "reasonably be expected" to know that his or her actions are illegal, unconstitutional, excessive, or whatever is that it has to have been personally explained to that particular cop by at least three Supreme Court Justices, on separate occasions. On videotape. Within the last week. With a signed triplicate acknowledgement from the cop.
But only if the cop's behavior causes the horrible, painful death of a total innocent, and the case is absolutely identical to the explained situation in every detail including the names. Otherwise it has to be the whole court en banc.
I think there's some kind of good faith exception, too.
By the way, the standard for prosecuting a citizen for identical behavior is that the behavior has to vaguely resemble something that might be illegal in the twisted mind of a prosecutor somewhere in Pakistan.
On the post: Treasury Department Wing Latest To Be Accused Of Domestic Spying
Of course it's going to be "abused" like this; that's completely obvious and unsurprising.
But its official "use" is illegitimate mass spying in the first place.
On the post: Dear Government Employees: Asking Questions - Even Dumb Ones - Is Not A Criminal Offense
Re: Re:
The DEA is a threat to families. It's a brutal jackbooted agency that exists only to enforce laws that aren't even within the government's legitimate scope of legislation in the first place. And, like the rest of the DOJ, it does that in a calculatedly inhuman way.
Next time you might want to pick a better example.
On the post: Apple Throws Its Support Behind Net Neutrality. Sort Of.
... and the operators of either of the effective duopoly of mobile app stores should not block or otherwise discriminate against lawful applications, even if they compete with their own offerings...
On the post: Welcome To The Technological Incarceration Project, Where Prison Walls Are Replaced By Sensors, Algorithms, And AI
The technology on which this would rely...
Only a credulous idiot would think that today's AI was even remotely close to being able to tell when a real crime was being committed, let alone when one was about to be. That would require at least human-level AI, and probably better than human.
Yes, there's stuff that can watch parking garage video and detect behavior that's often characteristic of people trying to break into cars... and then alert an actual person to watch that camera. No, there is nothing that can tell with any certainty when somebody is ACTUALLY trying to break into cars.
And that is a million times easier than somehow detecting any possible kind of pre-crime that may have been dreamed up by somebody with weeks to plan it.
On the post: DEA Looking To Buy More Malware From Shady Exploit Dealers
"Selective"??????
To heck with that.
Selling exploits and malware is out of bounds, period. It doesn't matter who you sell them to. These people need to get real jobs.
On the post: US Senators Unveil Their Attempt To Secure The Internet Of Very Broken Things
Fuck "smart networks"
If the network wants to protect its own resources by not allowing huge traffic floods, especially without some indication that the recipient actually wants the data, that's good. If the network wants to start guaranteeing that the source address on a packet bears some relation to where that packet came from, that's also good.
But oddly enough the people pushing "smart networks" don't want to make networks smart when it comes to dealing with their own internal functions, because that's actually hard. Nobody wants to actually redo the routing infrastructure.
Instead, what they want to do is to spy on traffic, filter it, "collect intelligence" from it, and sometimes react to it... including with things that you could reasonably call security attacks. In the process they'll introduce a bunch of complexity and create gridlock by making everything depend on everything else. And they'll further blur the lines about what you're allowed to do to somebody else's traffic. Those are actively bad for security.
Not to mention the number of things they'll simply break, because it's crazy hard to look at the traffic between two other parties and intuit what they're actually doing.
They'll also create the machinery for an Internet police state. I'm not saying there's any kind of conspiracy to do that. I'm saying that that's what the technology is actually good for, regardless of anybody's current intentions.
Anybody who suggests "smart networks" as a solution for any kind of privacy problem needs their head examined.
If some piece of shit endpoint misbehaves, then other endpoints need to protect themselves, and the network needs to stay out of it.
Next >>