• Darrell HanleyDarrell Hanley, 3 years ago

    It's more a few things:

    • Facebook's API was way too permissive in the amount of data it gave up, including for the ability of your friends to share your data without your permission. That's already been fixed but it it's more emblematic of a cultural problem with handling sensitive information

    • Facebook's TOS has been exposed as pretty much useless against rogue actors. Yeah, this was always a concern, but I think that if we were being honest with ourselves as an industry, we should have a serious discussion about permission based APIs, open APIs, and what sorts of data should be allowed to be accessed. Facebook should do a top to bottom rethink of every API endpoint and if developers actually need the data provided in it, and probably being way more descriptive of what each permission allows.

    • This incident represents another vehicle for hostile nation states and state sponsored actors can manipulate Facebook to build profiles. Today it's Cambridge Analytica, tomorrow it'll be some government that creates a Facebook app as a data honeypot, and Facebook isn't prepared for this new reality.

    6 points