Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

He produced an app and used the platform.



If they violated the ToS — which as I understand it they did — that would mean it’s more accurate to say “abused” here.


Didn't they get more than what was expected from the API? The user accepted his profile information but they also got his friends information.

Based on Wikipedia: > Abuse is the improper usage or treatment of an entity, often to unfairly or improperly gain benefit.

That seems like they used the API improperly to access his friends information and got the friends information.

For sure Facebook shouldn't have given that information, but it was also clear that information wasn't supposed to be there, that Cambridge Analytica were aware of it and abused it.


The user accepted his profile information but they also got his friends information.

That was expected and agreed to behavior by all parties (users, developers, and Facebook) at the time. I know it’s out of fashion in 2018 to acknowledge that TOS exist and that users should have read them before agreeing to them (or at least before complaining after the fact), but this is the reality.

The “abuse” part was that you were supposed to only access data that was necessary for the operation of your app. Accessing friends’ profile information to make an app that shows people who work at the same company as you, for example, was completely acceptable and a good use case. Collecting it for purposes unrelated to the stated purpose of the app was and is abuse. The Obama For America app also abused the platform in this way, but on a vastly larger scale - they pulled the entire US social graph (about 4x as many profiles as Kogan had) after less than 1 million people actually authorized the app and used it in all sorts of ways outside their app. This technique was widely celebrated in the press, right up until the “wrong” candidate won.


> I know it’s out of fashion in 2018 to acknowledge that TOS exist and that users should have read them before agreeing to them (or at least before complaining after the fact), but this is the reality.

It's not "out of fashion," it's unrealistic and unreasonable.

If everyone fully read and understood every TOS and EULA they're affected by, along with all the unilateral changes they also usually "agree" to be bound by in the future, everyone would spend so much time reading them that they'd die because they'd have no time to eat, let alone actually use the services tied to the documents.


They got their friends' public profile, which is for public access anyway.


I actually agree with you that it's not as big of a deal as the press has made it out to be...certainly not Congressional hearings big. But it was a violation of the developer policies in force at the time to use data for any purpose outside of the app.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: