As much as I don't like facebook as a company, I think the jury reached the wrong decision here. If you read the complaint[1], "eavesdropped on and/or recorded their conversations by using an electronic device" basically amounted to "flo using facebook's sdk and sending custom events to it" (page 12, point 49). I agree that flo should be raked over the coals for sending this information to facebook in the first place, but ruling that facebook "intentionally eavesdropped" (exact wording from the jury verdict) makes zero sense. So far as I can tell, flo sent facebook menstrual data without facebook soliciting it, and facebook specifically has a policy against sending medical/sensitive information using its SDK[2]. Suing facebook makes as much sense as suing google because it turned out a doctor was using google drive to store patient records.
That's why in these cases you'd prefer a judgment without a jury. Technical cases like this will always confuse jurors, who can't be expected to understand details about sdk, data sharing, APIs etc.
On the other hand, in a number of highprofile tech cases, you can see judges learning and discussing engineering in a deeper level.
echoangle · 4m ago
Is it easier for the prosecution to make the jury think Facebook is guilty or for Facebook to make the jury think they are not? I don’t see why one would be easier, except if the jury would be prejudiced against Facebook already. Or is it just luck who the jury sides with?
kubb · 2h ago
Whenever you think of a court versus Facebook, imagine one of these mini mice trying to stick it to a polar bear. Or a goblin versus a dragon, or a fly versus an elephant.
These companies are for the most part effectively outside of the law. The only time they feel pressure is when they can lose market share, and there's risk of their platform being blocked in a jurisdiction. That's it.
potato3732842 · 1h ago
>These companies are for the most part effectively outside of the law
You have it wrong in the worst way. They are wholly inside the law because they have enough power to influence the people and systems that get to use discretion to determine what is and isn't inside the law. No amount of screeching about how laws ought to be enforced will affect them because they are tautologically legal, so long as they can afford to be.
HPsquared · 1h ago
It's one of those "I'm not trapped here with you; you're trapped here with me" type things.
entropi · 1h ago
I think this situation is described best as being "above" the law.
kubb · 1h ago
Pedantic, but fair. You're right.
Dylan16807 · 2h ago
All they need to do is impose a three digit fine per affected user and Facebook will immediately feel intense pressure.
akudha · 1h ago
$1 for the first user, $2 for second, $4 for third...By the 30th user, it would be painful even for mega corps. By 40th, it would be an absurd number.
Might also be worth trying to force them to display a banner on every page of the site "you're on facebook, you have no privacy here", like those warnings on cigarette boxes. These might not work though, people would just see and ignore them, just like smokers ignore warnings about cigarettes.
bell-cot · 57m ago
Who's this "they" you speak of, and why would they bother doing that?
codegladiator · 1h ago
three digit ? the only thing these folks understand is exponential growth per affected user.
lemonberry · 1h ago
The worst part for me personally is that almost everyone I know cares about this stuff and yet they keep all of their Meta accounts. I really don't get it and frankly, find it kind of disturbing.
I know people that don't see anything wrong with Meta so they keep using it. And that's fine! Your actions seem to align with your stated values.
I get human fallibility. I've been human for awhile now, and wow, have I made some mistakes and miscalculations.
What really puts a bee in my bonnet though is how dogmatic some of these people are about their own beliefs and their judgement of other people.
I love people, I really do. But what weird, inconsistent creatures we are.
kubb · 1h ago
Voting with your feet doesn't work if you don't have a place to go. People are afraid of losing their connections, which are some of the most precious things we have. Doesn't matter if it's an illusion, that's enough. Zuck is holding us hostage on our most basic human instincts. I think that's fucked up.
A4ET8a8uTh0_v2 · 1h ago
Eh, I care and I don't do it, but my wife does. I do not agree with her choices in that area and voice the concerns in a way that I hoped would speak to her, but it does not work as it is now a deeply ingrained habit.
I, too, have vices she tolerates so I don't push as hard as I otherwise would have, but I would argue it is not inconsistency. It is a question of what level of compromise is acceptable.
bossyTeacher · 1h ago
> The worst part for me personally is that almost everyone I know cares about this stuff and yet they keep all of their Meta accounts.
They care as much as people who claim to care about animals but still eat them, people who claim to love their wives and still beat/cheat them. Your actions are the sole embodiment of your beliefs
ajsnigrutin · 2h ago
Everybody blames facebook, noone blames the legislators and the courts.
Stuff like this could easily make them pay multi-billion dollar fines, stuff that affects more users maybe even in the trillion range. When government workers come pick up servers, chairs and projectors from company buildings to sell at an auction, because there is not enough liquid value in the company to pay the fines, they (well, the others) would reconsider quite fast and stop with the illegal activities.
favflam · 1h ago
Sarah Williams (forgot the name) testified in US Congress as to Facebooks strategies on handling governments. Based on her book, it seems Brazil has been the most effective out of major democratic governments in confronting Facebook. Of course, you have China completely banning Facebook.
I think Mark Zuckerberg is acutely aware of the political power he holds and has been using this immense power at least for the last decade. But since Facebook is a US company and the US government is not interested in touching Faceebok, I doubt anyone will see what Zuckerberg and Facebook are up to. The US would have to put Lina Khan back in at the FTC, or put her high up in the Department of Justice to split Facebook into pieces. I guess the other hope is that states' attorneys' general when an anti-monopoly lawsuit.
kubb · 1h ago
Don't get me wrong, I don't "blame Facebook". I lament the environment that empowers Facebook to exist and do harm. These companies should be gutted by the state, but they won't because they pump the S&P.
fHr · 1h ago
Roblox lul
comrade1234 · 2h ago
I don't think many of you read the article... the Flo app is the one in the wrong here, not meta. The app people were sending user data to meta with no restrictions on its use. Despite however the court ruled.
PunchTornado · 1h ago
> The app people were sending user data to meta with no restrictions on its use
And then meta accessed it. So unless you put restrictions on data, meta is going to access it. Don't you think it should be the other way around? Meta to ask for permission? Then we wouldn't have this sort of thing.
raverbashing · 4m ago
Here's the restriction: don't send it to fb in the first place!
gruez · 1h ago
Do you think AWS should ask for permission before processing some random B2C app user's data?
paintbox · 1h ago
From the article: "The jury ruled that Meta intentionally “eavesdropped on and/or recorded their conversations by using an electronic device,” and that it did so without consent."
If AWS wanted to eavesdrop and/or record conversations of some random B2C app user, for sure they would need to ask for permission.
gruez · 1h ago
If you read the court documents, "eavesdropped on and/or recorded" basically meant "flo used facebook's SDK to sent analytics events to facebook". It's not like they were MITMing connections to flo's servers.
Everybody misses the key information here - it’s a Belarusian app. CEO and CTO are Belarusian (probably there are more C-level people who are Belarusian or Russian). Not only are users giving up their private information but they are doing so to the malevolent (by definition) regimes.
When the Western app says they don’t sell or give out private information, you can be suspicious but still somewhat trustful. When a dictator-ruled country’s app does so, you can be certain every character you type in there is logged and processed by the government.
ramanh · 1h ago
The company cut all ties with Belarus more than three years ago, and all employees relocated to Europe.
graemep · 45m ago
Where in Europe? Belarus is in Europe, and so is much of Russia (the largest European country). Plenty of variation in the rest of Europe.
What do you mean by cut all ties? The owners and management have no assets in Belarus or ties to the country?
ramanh · 17m ago
you can open "contact us" page on their website.
pllbnk · 43m ago
I can only cite myself to emphasize the point that they didn’t:
> CEO and CTO are Belarusian (probably there are more C-level people who are Belarusian or Russian).
Actually, quick google search shows slavic (either Russian or Belarusian) names for CFO and CMO. Changing physical location means very little these days.
thrance · 3m ago
Why would an app that tracks menstrual cycle need to integrate with the Facebook SDK?? Pure insanity.
everdrive · 2h ago
Don't use apps. It's a simple as that. 95% of the time they are not worth the incredible privacy invasion they impose on users.
amarcheschi · 1h ago
Mozilla did a comparison between period tracking apps and there are some that should respect user's privacy
Pardon my ignorance, but can't you just solve this by disabling location permissions, etc for a given app?
everdrive · 1h ago
You can -- the real problem here is that each app could violate your privacy in different ways. Unless you break TLS and inspect all the traffic coming from an app (and, do this over time since the reality of what data is sent will change over time) then you don't really know what your apps are stealing from you. For sure, many apps are quite egregious in this regard while some are legitimately benign. But, do you as a user have a real way to know this authoritatively, and to keep up with changes in the ecosystem? My argument would be that even security researchers don't have time to really do a thorough job here, and users are forced to err on the side of caution.
throwaway290 · 1h ago
What they do then is create an app where location is necessary, make that app spin up a localhost server, then add js to facebook and every site with a like button to phone that localhost and basically deanon everyone.
cnity · 1h ago
How could this possibly work without port forwarding?
Of course Facebook's JS won't add itself to websites, so half of the blame goes to webmasters willingly sending malware to browsers.
fHr · 1h ago
The sad truth
bell-cot · 2h ago
True. Unfortunately, users are all humans - with miserably predictable response patterns to "Look at this Free New Shiny Thing you could have!" pitches, and the ruthless business models behind them.
princevegeta89 · 2h ago
It's very rare to see any privacy related news without Meta being involved in the story.
bell-cot · 1h ago
For those disinclined to read the article...
> [...] users, regularly answered highly intimate questions. These ranged from the timing and comfort level of menstrual cycles, through to mood swings and preferred birth control methods, and their level of satisfaction with their sex life and romantic relationships. The app even asked when users had engaged in sexual activity and whether they were trying to get pregnant.
> [...] 150 million people were using the app, according to court documents. Flo had promised them that they could trust it.
> Flo Health shared that intimate data with companies including Facebook and Google, along with mobile marketing firm AppsFlyer, and Yahoo!-owned mobile analytics platform Flurry. Whenever someone opened the app, it would be logged. Every interaction inside the app was also logged, and this data was shared.
> "[...] the terms of service governing Flo Health’s agreement with these third parties allowed them to use the data for their own purposes, completely unrelated to services provided in connection with the App,”
Bashing on Facebook/Meta might give a quick dopamine hit, but they really aren't special here. The victims' data was routinely sold, en mass, per de facto industry practices. Victims should assume that hundreds of orgs, all over the world, now have copies of it. Ditto any government or criminal groups which thought it could be useful. :(
No comments yet
josefritzishere · 28m ago
Zuckerberg does not seem to repect the law. There really should be criminal charges by now.
chubs · 1h ago
This is really disappointing. I used to have a fertility tracking app on the iOS App Store, zero data sharing, all local thus private. But, people don’t want to pay $1 for an app, and I can’t afford the marketing drive that an investor-backed company such as this has… and so we end up with situations like this. Pity :(
itsalotoffun · 2h ago
I mean.. there's simply no repercussions for these companies, and only rivers of money on the other side. The law is laughably inept at keeping them in check. The titans of Surveillance Capitalism don't need to obey laws. CFOs line-item-ing provisional legal settlement fees as (minor) COGS. And us digital serfs, we simply have no rights. Dumb f*cks, indeed.
potato3732842 · 2h ago
The line between big business and the state is blurry and the state wants to advance big business as a means to advance itself. Once you understand this everything makes sense, or as much "sense" as it can.
dkiebd · 2h ago
Users gave their data to Flo, and Flo then gave it to Meta. What repercussions do you want for Meta?
Etheryte · 2h ago
Buying stolen goods does not mean they're yours because the seller never had any ownership to begin with. The same applies here, just because there's an extra step in the middle doesn't mean that you have any rights to the data.
Ekaros · 2h ago
Some percent of their revenue as fine per case. Only way to scare these companies at this point.
j33zusjuice · 1h ago
A significant portion, too, not fractions of a percent. Frankly, I want the fines to bankrupt them. That’s the point. I want their behavior to be punished appropriately. Killing the company is an appropriate response, imo: FB/Meta is a scourge on society.
pbiggar · 2h ago
Meta should never have used them. Deeply unethical behaviour
aboringusername · 9m ago
Another aspect of this is why Apple/Google let this happen in the first place. GrapheneOS is the only mobile OS I can think of that lets you disable networking on an per-app level. Why does a period tracking app need to send data to meta (why does it even need networking access at all)? Why is there no affordance of user-level choice/control that allows users to explicitly see the exact packets of data being sent off device? It would be trival for apps to have to present a list of allowed IPs/hostnames, and users to consent/not otherwise the app is not allowed on the play store.
Simply put, it should not be possible to simply send arbitrary data without some sort of user consent/control, and to me, this is where the GDPR has utterly failed. I hope one day users are given a legal right to control what data is sent off their device to a remote server with serious consequences for non-compliance.
pbiggar · 2h ago
Meta truly is the worst company. In almost everything Meta does, it truly makes the most user-hostile decisions, awful decision, every single time.
Cambridge Analytica
The Rohingya Genocide
Suppressing Palestinian content during a genocide
Damage to teenage (and adult) mental health
Anyway, I mention this because some friends are building a social media alternative to Instagram: https://upscrolled.com, aiming to be pro-user, pro-ethics, and designed for people, not just to make money.
ivanmontillam · 1h ago
Your comment started very useful, then it became spam. Great way to lose goodwill.
[1] https://www.courtlistener.com/docket/55370837/1/frasco-v-flo...
[2] https://storage.courtlistener.com/recap/gov.uscourts.cand.37... page 6, line 1
On the other hand, in a number of highprofile tech cases, you can see judges learning and discussing engineering in a deeper level.
These companies are for the most part effectively outside of the law. The only time they feel pressure is when they can lose market share, and there's risk of their platform being blocked in a jurisdiction. That's it.
You have it wrong in the worst way. They are wholly inside the law because they have enough power to influence the people and systems that get to use discretion to determine what is and isn't inside the law. No amount of screeching about how laws ought to be enforced will affect them because they are tautologically legal, so long as they can afford to be.
Might also be worth trying to force them to display a banner on every page of the site "you're on facebook, you have no privacy here", like those warnings on cigarette boxes. These might not work though, people would just see and ignore them, just like smokers ignore warnings about cigarettes.
I know people that don't see anything wrong with Meta so they keep using it. And that's fine! Your actions seem to align with your stated values.
I get human fallibility. I've been human for awhile now, and wow, have I made some mistakes and miscalculations.
What really puts a bee in my bonnet though is how dogmatic some of these people are about their own beliefs and their judgement of other people.
I love people, I really do. But what weird, inconsistent creatures we are.
I, too, have vices she tolerates so I don't push as hard as I otherwise would have, but I would argue it is not inconsistency. It is a question of what level of compromise is acceptable.
They care as much as people who claim to care about animals but still eat them, people who claim to love their wives and still beat/cheat them. Your actions are the sole embodiment of your beliefs
Stuff like this could easily make them pay multi-billion dollar fines, stuff that affects more users maybe even in the trillion range. When government workers come pick up servers, chairs and projectors from company buildings to sell at an auction, because there is not enough liquid value in the company to pay the fines, they (well, the others) would reconsider quite fast and stop with the illegal activities.
I think Mark Zuckerberg is acutely aware of the political power he holds and has been using this immense power at least for the last decade. But since Facebook is a US company and the US government is not interested in touching Faceebok, I doubt anyone will see what Zuckerberg and Facebook are up to. The US would have to put Lina Khan back in at the FTC, or put her high up in the Department of Justice to split Facebook into pieces. I guess the other hope is that states' attorneys' general when an anti-monopoly lawsuit.
And then meta accessed it. So unless you put restrictions on data, meta is going to access it. Don't you think it should be the other way around? Meta to ask for permission? Then we wouldn't have this sort of thing.
If AWS wanted to eavesdrop and/or record conversations of some random B2C app user, for sure they would need to ask for permission.
https://www.courtlistener.com/docket/55370837/1/frasco-v-flo...
When the Western app says they don’t sell or give out private information, you can be suspicious but still somewhat trustful. When a dictator-ruled country’s app does so, you can be certain every character you type in there is logged and processed by the government.
What do you mean by cut all ties? The owners and management have no assets in Belarus or ties to the country?
> CEO and CTO are Belarusian (probably there are more C-level people who are Belarusian or Russian).
Actually, quick google search shows slavic (either Russian or Belarusian) names for CFO and CMO. Changing physical location means very little these days.
https://www.mozillafoundation.org/en/privacynotincluded/cate...
Of course Facebook's JS won't add itself to websites, so half of the blame goes to webmasters willingly sending malware to browsers.
> [...] users, regularly answered highly intimate questions. These ranged from the timing and comfort level of menstrual cycles, through to mood swings and preferred birth control methods, and their level of satisfaction with their sex life and romantic relationships. The app even asked when users had engaged in sexual activity and whether they were trying to get pregnant.
> [...] 150 million people were using the app, according to court documents. Flo had promised them that they could trust it.
> Flo Health shared that intimate data with companies including Facebook and Google, along with mobile marketing firm AppsFlyer, and Yahoo!-owned mobile analytics platform Flurry. Whenever someone opened the app, it would be logged. Every interaction inside the app was also logged, and this data was shared.
> "[...] the terms of service governing Flo Health’s agreement with these third parties allowed them to use the data for their own purposes, completely unrelated to services provided in connection with the App,”
Bashing on Facebook/Meta might give a quick dopamine hit, but they really aren't special here. The victims' data was routinely sold, en mass, per de facto industry practices. Victims should assume that hundreds of orgs, all over the world, now have copies of it. Ditto any government or criminal groups which thought it could be useful. :(
No comments yet
Simply put, it should not be possible to simply send arbitrary data without some sort of user consent/control, and to me, this is where the GDPR has utterly failed. I hope one day users are given a legal right to control what data is sent off their device to a remote server with serious consequences for non-compliance.
Cambridge Analytica The Rohingya Genocide Suppressing Palestinian content during a genocide Damage to teenage (and adult) mental health
Anyway, I mention this because some friends are building a social media alternative to Instagram: https://upscrolled.com, aiming to be pro-user, pro-ethics, and designed for people, not just to make money.