back to article Furious Apple revokes Facebook's enty app cert after Zuck's crew abused it to slurp private data

Facebook has yet again vowed to "do better" after it was caught secretly bypassing Apple's privacy rules to pay adults and teenagers to install a data-slurping iOS app on their phones. The increasingly worthless promises of the social media giant have fallen on deaf ears however: on Wednesday, Apple revoked the company's …

  1. Alister

    Promise to do better

    Unfortunately, what Facebook mean by that is, "We'll work harder at not being discovered"...

    1. bombastic bob Silver badge
      Thumb Up

      Re: Promise to do better

      could not say this better.

    2. Anonymous Coward
      Anonymous Coward

      Re: Promise to do better

      And for their next trick, Facebook will be distributing rootkits.

      Surely it's only a matter of time ?

      1. Tim99 Silver badge
        Coat

        Re: Promise to do better

        Er, Facebook is a rootkit?

        1. Phil Endecott

          Re: Promise to do better

          Facebook roots your brain.

      2. Rol

        Re: Promise to do better

        Scarily, I think you've just touched on Facebook's next project - hackers paid by Facebook and provided with all the necessary information for them to craft code that slurps all the data they want.

        Using the derisory "plausible deniability" get out of jail tactic, Facebook will announce they were hacked when the malicious code is found, while quickly distributing version 2 of the hack and readying versions 3 to 50 for future deployment.

        If hackers can independently code highly effective viruses and rootkits from their bedroom, what chance has the world got when the likes of Facebook is in league with them to leverage customer's data via their own app.

        I wouldn't be at all surprised if Facebook's team weren't already designing another cleverly coded bit of "bad code" to open up a vulnerability for their "nothing to do with us" gang of miscreant hackers to lever open.

        Tin hat? Well, no. I thought it up just now, which means it's probably been discussed at length in the dark corridors of Facebook Mansion, along with the idea of Facebook secret under a volcanic island lair. They truly are the devil's tools of humanity's downfall.

    3. Mark 85
      Flame

      Re: Promise to do better

      Facebook should just be killed due to what they've done in the past. Now they need to be killed and with fire to destroy any remnant of it.

      1. Anonymous Coward
        Mushroom

        Re: Promise to do better

        Nuke them from orbit, it is the only way to be sure.

        1. }{amis}{
          Mushroom

          Re: Promise to do better

          Can we make sure to get the whole area so we can cull the bulk of the social $h1t holes at the same time please.

        2. Kane
          Boffin

          Re: Promise to do better

          "Nuke them from orbit, it is the only way to be sure."

          Look, this is a multi-billion dollar installation, okay? You can't make that kind of decision. You're just a grunt! Uh, no offense.

          1. Terje

            Re: Promise to do better

            Never tell that to the pissed off grunt with the launch keys for the rods from god!

        3. JJKing

          Re: Promise to do better

          No, they should be destroyed by sharks with lasers that have been mutated to grow legs so the Zuck can't escape them by retreating to his stolen land on Hawaii.

          Muhahahahahahaha (cough, cough, cough)

      2. Anonymous Coward
        Anonymous Coward

        Re: Promise to do better

        It's not simply that they deserve that punishment for what they've done in the past.

        It's been clear from the start that Facebook was about gathering as much personal data as much as possible, and clear almost as quickly that they'd disregard or weasel their way around any preference for privacy to do it.

        But what's damning isn't their past sleaziness. It's the fact that they've been called out on it time and time again and (at best) issued some vapid corporate fluff saying they'll change, then continued to behave in a similarly sleazy manner as if nothing had happened. It's had numerous chances to show that it will behave more responsibly- if only in its own self-interest- but has made clear that nothing would change.

        It's not merely that Facebook is- and always was- a sleazy and ethically bankrupt company, something that has become more obvious over the years (as has the damage that this has caused)... but this was always there. It's that their past record at this stage makes clear that this behaviour is so pathologically ingrained in the company culture that it cannot and will not change.

        *That* is why Facebook deserves to be killed off.

        1. }{amis}{
          Facepalm

          It's the fact that they've been called out on it time and time again

          Why would they change we have all been eating the same crap happily from the Tabacco, Pharma, Oil........ ect,ect for as long as commerce has existed.

          To be honest I wonder if part of the reason why the social messes won't move decisively on the political interference issue is that they know that as soon as a solid government appears in the States the hammer will fall on them.

        2. JJKing
          Paris Hilton

          Re: Promise to do better

          I wonder if the Winklevoss twins would have been as evil if they had managed to maintain ownership of their creation?

          Power corrupts. Absolute power corrupts absolutely.

          Even Paris is thinking deeply about my question. Deep in thought is not the only things she likes deep, eh Millsy

          1. Tikimon
            Devil

            Re: Promise to do better

            "I wonder if the Winklevoss twins would have been as evil if they had managed to maintain ownership of their creation? Power corrupts. Absolute power corrupts absolutely."

            YES the twins would have been better. As far as I know, they're not conscienceless psychopaths like Zuckerberg. Power didn't corrupt him, he was always an asshole.

            1. Anonymous Coward
              Anonymous Coward

              Re: Promise to do better

              Yes, this is something I wanted to go into in my original comment, but didn't have time to. The criticisms I made of Facebook are almost certainly the result of it being made in Zuckerberg's image.

              Zuckerberg is the guy who made the infamous "dumb fucks" comment about the people that handed their data over to him in the early days.

              When this first came to light, many people were inclined to give that the benefit of the doubt as youthful arrogance. That's legitimate- many people have said or done dickish things when they were younger, then become better people as they grew up.

              The better part of a decade later, and given Facebook's behaviour with him at the helm, I think it's clear that, no, that's a fair glimpse into the person that Zuckerberg is and always was... and that, more importantly, the company reflects *precisely* that mentality.

              If I'm wary of too readily applying the actual "psychopath/sociopath" (#) label to Zuckerberg himself, then I'd be less reticent about doing so to the company he founded.

              I'm sure most people here know by now that it's been said that the behaviour of corporations in general would- were they actual people- be considered psycho/sociopathic. But Facebook's lack of ethics, its ability to say it'll change or to mouth platitudes, then to immediately go back to behaving just as sleazily as it did before as soon as it thinks no-one is paying attention, to not feel the need to justify itself (e.g. before parliament) if it doesn't have to... it all comes across as pathological, as sociopathic in a way that even the feigned sincerity of most corporations doesn't. At almost a fundamental personal level.

              Which is almost certainly because Facebook's culture is- at its most fundamental level- a reflection of the soulless, unethical, amoral, empathetically stunted individual that founded and continues to dominate it.

              (#) Don't read too much into the use of sociopath vs. psychopath or the legitimacy of either term; I'm not claiming that this is a clinical diagnosis...!

              1. JP_Veeam

                I totally agree

                If Zuck has a Mini Me now that he has a child, I hope he is not the villain in a future Austin Powers movie...

      3. Snake Silver badge

        Re: Promise to do better

        And, when it comes to online security I will repeat yet again, https://forums.theregister.co.uk/forum/all/2017/04/10/internet_society_full_encryption/#c_3152056

        "Only the paranoid survive."

        But do people listen?? Nooooo...

        Disable your Facebook mobile apps. Use Firefox and install the new Facebook Container add-on. Use NoScript and permanently block all Facebook, Doubleclick and et al ad and add-on scripts. Block all Facebook and Doubleclick cookies, and force all cookies to be flushed upon browser exit.

        I've even blocked background data for Google Play Services.

        Just Say No.

    4. Anonymous Coward
      Anonymous Coward

      They literally have a scandal every week

      And expect people to keep believing the same excuses each time!

      1. DryBones

        Re: They literally have a scandal every week

        It's been a safe bet so far.

        Nobody's lost money overestimating the stupidity of the common man.

        50% of people are below average intelligence.

        Money talks, BS walks.

        1. Snake Silver badge

          Re: Stupidity of the common man

          This. The install of Facebook Research was voluntary and only goes to show you how STUPID people are, giving up every single point of data in their lives...as long as money was attached to the loss.

          The fundamental problem of the world is that [even fairly] smart people, concerned people, thoughtful people or just plain conscientious people have to fight against massive amounts of global stupidity and sometimes even willful ignorance. The human race will never get anywhere until we can overcome the inertia of the people, sometimes quite intentionally being recidivist and backwards, regardless of the damage to others, because it is convenient for them.

          1. Paul 195
            Flame

            Re: Stupidity of the common man

            I get a bit fed up with the El Reg commentards ready to lambast the stupidity of everyone else.

            In this particular case:

            1) they were targeting children

            2) People outside the IT industry are not generally as well-informed about the bad habits of the likes of Facebook. Particularly as they cloak their behaviour in deceptive and misleading language .

            Calling people stupid is just victim blaming. The culpable party here is definitely Facebook.

        2. Anonymous Coward
          Anonymous Coward

          Re: They literally have a scandal every week

          It does not follow that 50% of a group are below or above the average of anything for that group.

          (Consider a group where 999 are 1ft high and 1 is more than 1ft high: 99.9% of them are below average height.)

          1. Michael Hoffmann Silver badge
            Boffin

            Re: They literally have a scandal every week

            It's way too early in the morning and it's been decades since my high school stochastics classes, but uhm... yes, it does follow:

            Given a large enough sample set with normal distribution (which such a population would be) you indeed get the "50% of a group are below average".

            Small sample sets, such as your example - and sadly just about everything you read in the MSM about "averages" - you're of course absolutely correct.

            Now, we can discuss whether the set of Facebook users follows a normal distribution, as opposed to already being warped towards the ... gullible spectrum of the population... that's a whole different question!

            1. Anonymous Coward
              Boffin

              Re: They literally have a scandal every week

              Yes, if you assume a normal distribution it does follow: my distribution was carefully chosen to be very non-normal (the sample size doesn't matter: it would be as true for a billion as it would for a thousand). But there's no reason to believe intelligence follows a normal distribution, because we have no good way of measuring it (IQ tests are junk) or even good reason to believe there is anything to measure really.

              (You can know IQ tests are junk by looking at values for suitable groups over time -- black people and women are good choices. The measured values change dramatically over timescales far too short to account for any kind of actual change in the group. This tells you that what the test is measuring can't be innate intelligence, but instead is driven by social factors such as access to education, cultural assumptions &c &c.)

              OK, well, I don't want to get into a big discussion about the pseudoscience of intelligence testing, and I kind of agree with your original point anyway.

          2. Public Citizen

            Re: They literally have a scandal every week

            I believe the intention was to make reference to the intelligence of the aggregate population, in which case the statement is not only valid but relevant.

            I certainly interpreted it that way.

        3. This post has been deleted by its author

    5. macjules

      Re: Promise to do better

      Quite agree. Facebook always seems to vow to "do better" after it is caught, but still carries on in its tried and tested almost criminal ways.

      1. StewartWhite

        Re: Promise to do better

        But isn't FB's motto "Move fast and break privacy"?

    6. fajensen

      Re: Promise to do better

      In other news: China rolls out 'Social Credit'; Facebook says, "Here, hold my beer ..."

    7. Snake Silver badge

      Re: Promise to do better

      Sadly Alistair, "Working harder to not be discovered" is the LONG modus operandi of corporate American business tactics (please remember, I'm an American here, so it is not simply someone outside spewing off). The sad part is that the rest of the world learned the ugliness of the tactic - get away with what you can - and gleefully copied it. Yes, Yes, its basis is in human nature, looking for any advantage versus the competition, but it seems industrialized America refined it to a fine polish and then exported the greed everywhere it touched.

      Like a plague. "Greed is Good".

    8. Antron Argaiv Silver badge
      Thumb Up

      Re: Promise to do better

      Zuckerberg's comment: "I dunno. They trust me. Dumb f*cks."

  2. DCFusor

    But but - Apple protects our privacy!

    Obviously, they've slammed shut one of the barn doors after the horses have all bolted.

    Not counting NSL and gag orders...

    Not to worry, only the worst outfits penetrate Apple's protections, the benign ones can't get in. You think.

    1. Anonymous Coward
      Anonymous Coward

      Re: But but - Apple protects our privacy!

      Ah yes, blame Apple for what Facebook and Google did that clearly violated their rules!

      Yes Apple should not have trusted such obviously unethical companies, and should put better restrictions in place to enforce the restrictions so there's no way around them. Name a company that has a better track record on security and privacy. There isn't one, despite Apple's known failings on these fronts from time to time. Everyone can do better, including Apple, but companies that make their money off mining personal information don't respect privacy even as a concept because if people started to care about it their bottom line would take a real beating.

      1. doublelayer Silver badge

        Re: But but - Apple protects our privacy!

        Apple didn't do this as a symbolic gesture. That app was running before the cert was revoked, and those installs have presumably all broken. There was a problem, actively existing, and Apple fixed it. In addition, they never allowed the app into the appstore, meaning they were already blocking it. Only by using this workaround and not telling Apple about it could Facebook get the app onto people's devices. When they found out that Facebook was doing that, they put a stop to it. Exactly what did Apple do wrong here?

        1. Anonymous Coward
          Anonymous Coward

          Re: But but - Apple protects our privacy!

          I was surprised to find it is possible to install an app distributed by means other than the app store without needing to install some sort of special certificate like you do for enterprise apps (non-developer)

          Apple does need to address that in some fashion, because I have to think these isn't the only cases where people are being fooled or bribed into installing stuff on their phones in this manner. I'm not sure how many enterprise developer licenses there are out there, but it looks like it is basically a "license to sideload" - and if you get people dumb enough or greedy enough to click through the "trust xxx" prompt you can probably get them to OK it when the app asks for permission to access your contacts, photos, messages etc. Without the App Store vetting they can ask for permissions for everything, and dumb people will be dumb and let the app do it.

          1. Ed

            Re: But but - Apple protects our privacy!

            With recent iOS versions you need to do more than just tap through prompts to install an enterprise-signed app. You need to go into the settings and manually approve the certificate. It's a pretty convoluted process - and one that the OS doesn't explain to you (intentionally, I assume, to minimise this occurrences of this sort of issue).

          2. John Stirling

            Re: But but - Apple protects our privacy!

            Never owned an Apple product, probably never will. Don't like the smug Cupertino bastards at all. I do on the other hand quite like Google stuff, and I don't have a social media presence at all to speak of.

            There - affiliations admitted; Apple did the right thing, exactly, and in a timely way. Google possibly did the right thing by pulling their version after getting fingered for doing the wrong thing - but hopefully at least without the breach of license terms that makes this Facebook crime so egregious. Facebook did the wrong thing, repeatedly and persistently.

            Facebook need to be prosecuted severely, with a European GDPR style 4% of global turnover fine.

            If I'm wrong about Google and they used a dev cert, then they need to be prosecuted on the same terms.

            1. Anonymous Coward
              Anonymous Coward

              Re: But but - Apple protects our privacy!

              Google used the same enterprise developer license bypass.

              While I agree "something needs to be done" fining them is a non-starter. Facebook and Google violated a private contract they had with Apple, that's not a criminal matter and governments should not get involved. Well they can get involved for investigating them on why they seem to do anything they can, and even what they specifically agreed they won't, in order to violate people's privacy even further, but they shouldn't get involved in those guys breaking a contract with Apple. If the contract gives Apple grounds on which to sue them for damages they should do so, if there's no such remedy all Apple can do is cut them off - which both have had done to them.

              Apparently there's a lot of chaos at Facebook over this, and Google is no doubt experiencing much the same (though I have to imagine the percentage of iOS users at Google is much lower, for obvious reasons) Some have even suggested Apple should cut their apps off from the App Store, but punishing consumers for misconduct they had nothing to do would be exactly the wrong thing to do, so I'm glad they haven't done it.

              Apple is presumably seeing if they can come up with ways to lock down this offering to prevent such abuses in the future, and if nothing else make sure there are clear and LARGE financial penalties if Facebook & Google are ever caught distributing enterprise developer apps to non-employees. Like billions in penalties, so that they will be forced to institute whatever internal controls are necessary to make sure no "clever" middle manager can do this again as a shortcut to steal iPhone users personal information.

      2. nematoad Silver badge

        Re: But but - Apple protects our privacy!

        "...don't respect privacy even as a concept because if people started to care about it..."

        And there is the problem. People just don't know and if they do know most don't care. All they want to do is communicate with their friends and family. A lot of the people using the internet are not like most here on El Reg. For them the internet is a tool and playground and they don't realise the nastiness that the like of Facebook, Google, Amazon and others are using to pad their bottom lines.

        1. Snake Silver badge
          Unhappy

          Re: But but, even family wishes to ignore the problem

          "And there is the problem. People just don't know and if they do know most don't care."

          My family gave my mother an Amazon Echo Dot for Christmas. I was rather furious, telling them that it listens in and records your conversations even when you didn't call on Echo to perform a task.

          They said they didn't care or mind, as long as it worked and played music when they wanted.

          Grrrrr.

          Benjamin Franklin must have been a time traveler. Was he a Gallifreian? Apparently he spotted the sheepdom of the world before it ever truly arrived.

    2. David Nash

      Re: But but - Apple protects our privacy!

      I am no fan of Apple, although I dislike them less than I do FB. I don't own a single one of their devices personally but it seems to me that they did the right thing here. Apple weren't the ones breaking the rules, and even if FB have a bad reputation it wouldn't be the right thing for Apple to have pre-emptively refused them a certificate.

  3. SW10

    It’s a rotten corporate culture

    It can’t be the work of a single ‘maverick’

    Someone had the idea, someone else said it was a good idea, another person then approved it without worrying about their boss’s reaction.

    Then someone was asked to implement it, and got that signed off and was able to get resources allocated from elsewhere. At no point did anyone think that they should flag or even stop it.

    Then the third parties pushed it out and the data started to flow in. Nobody thought that was odd. People were asked to analyse data and write algorithms and produce charts and slide decks. No one paused for thought.

    I mean, WTFIGO?

    1. Anonymous Coward
      Anonymous Coward

      Re: It’s a rotten corporate culture

      The corporate culture of companies that make money off mining personal information is to reward employees who come up with ways of collecting ever better more detailed more real time personal information. The guy who came up with this probably got a bonus, and his boss got a promotion to a corner office.

      1. Ivan Headache

        Re: It’s a rotten corporate culture

        I worry about the ethics of the individuals who come up with these schemes in the first place.

        What if was their own kids or partners that were suckered in?

        Morals? Yes, we've heard of them,

    2. Anonymous Coward
      Anonymous Coward

      Re: It’s a rotten corporate culture

      > No one paused for thought.

      That is the core of it. They just obeyed. The standard in this is defined by the Milgram Experiment. In literature we have Lord of the Flies. They just followed the leader. The most horrific example were the low ranking people in Germany during WWII. They just obeyed. And in Nuremberg in 1946 this was defined as not being sufficient. That is rather an important decision. And 70 years later it is all forgotten. There are times I find the survival of humanity has been against all odds.

      1. AndrueC Silver badge
        Happy

        Re: It’s a rotten corporate culture

        There are times I find the survival of humanity has been against all odds.

        You're not the first person to think that.

        "According to the story in Ringworld (expanded in the Known Space novel Juggler of Worlds), the Puppeteers intervened with human reproduction beginning several generations in the past, with the intention of breeding humans for luck. This would be possible because they believed luck to be an inheritable psionic ability. They suspected such an ability was latent in humans already, having come to regard humanity as an unusually lucky species."

    3. Anonymous Coward
      Anonymous Coward

      Re: It’s a rotten corporate culture

      I'm just waiting to find out whether they've snuck in slurping code into the React codebase. The company culture and React evangelists probably wouldn't care anyway.

  4. Jeroen Braamhaar
    Pint

    I'll help Facebook do better!

    ... bulk erasing one of their servers at a time.

    1. I ain't Spartacus Gold badge
      Mushroom

      Re: I'll help Facebook do better!

      Explosives would be more efficient...

      1. J. Cook Silver badge
        Flame

        Re: I'll help Facebook do better!

        ... but then you can't reuse the hardware.

        Personally, I'd isolate just their data centers that are exclusively used by facebook, and call in the coordinates to the OADS platform for a 'hot' delivery...

        1. Oengus
          Mushroom

          Re: I'll help Facebook do better!

          How can we get Facebook added to the ROKSO database so we can get discounts on the OADS mission?

      2. Public Citizen
        Devil

        Re: I'll help Facebook do better!

        And would provide a much better visual for a "teachable moment".

        And I'm not inferring that Facebook is teachable or amenable to any sort of disciplinary action.

        It is a rotten corporate culture and if it was up to me an explosive demolition company would be hired and every single piece of hardware they own, from a pencil sharpener on up would be destroyed and used for landfill.

    2. luke@getyouonline.co.uk

      Re: I'll help Facebook do better!

      This is facebook remember, if you bulk erase the servers and re-use them you will probably find a firmware virus slurping the data of the new user of the hardware. This needs a terminator style slow lowering into a vat of molten metal!

  5. Anonymous Coward
    Anonymous Coward

    Where are the Fraud Police?

    Many people want new laws, legislation, etc., but if these programs are truly deceptive then the companies involved are committing a very straightforward criminal and civil violation called fraud. A big part of them problem, at least in the US, is that the court systems have veered sharply away from the most basic premise of contract theory: the notion that the parties involved must have a "meeting of the minds" in order to form a valid agreement (as a practical matter, quite a bit of legalese - much of it boilerplate - is necessary to prevent one side or another from abusing the more straightforward terms and conditions and this can be somewhat complicated to read). This means that both sides must grasp the materially meaningful parts of an agreement, if not every contractual nuance. By allowing the side providing an agreement to bury terms in 80 pages of dense legalese often vaguely linked to other agreements (with possibly contradictory terms), the government courts have turned the very notion of a contractual relationship on its head. The formation of the agreement is completely and totally one-sided, and companies like Facebook and Google (along with plenty more, I'm sure) are abusing the shit out of it.

    That we need a third-party like Apple to step in and more or less have its own umbrella of protection (quite imperfect as it is) shows the futility of the legislative and legal systems' ability to address this. I would prefer to see organizations like the ACLU and / or the EFF start looking into abusive EULAs and other agreements for abuse potential, violations, etc.

    Disclaimer: I Am Not A Lawyer, but I've helped design some of these huge agreements and I've always done my best to be clear, open, and fair when doing it. But unfortunately not everyone shares my values.

    1. Zog_but_not_the_first
      Unhappy

      Re: Where are the Fraud Police?

      Standing with their hands on their hips waiting for Cambridge Analytica Facebook to empty their offices before "raiding them"?

  6. Luke Worm

    Did Facebook have an app like that for Android also? If yes, what is Google doing about it?

    Apparently Google has a similar data slurping iOS app !

    https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/

    1. ecarlseen

      Popcorn time!

      It's one thing to swing the ban-hammer at Facebook... Google is another level. Waiting to see how this shakes out.

      1. bazza Silver badge

        Re: Popcorn time!

        It's one thing to swing the ban-hammer at Facebook... Google is another level. Waiting to see how this shakes out.

        One thing that might happen is that legislators see an easy way to ban social media apps; they could compel Apple and Google to revocke the app certificates. That’s a lot cheaper than national firewalls.

        So that doesn’t work on PCs but it’s a pretty good step along the path to eradication.

      2. Anonymous Coward
        Anonymous Coward

        Re: Popcorn time!

        The Google app in question here is small fry compared to what Facebook did.

        https://mobile.twitter.com/DaveLeeBBC/status/1090688792145489920

        That seems to have been stripped from the 9to5mac story to feed to pathetic Google haters

    2. Mark 85

      Did you see the PS at the bottom of the article... I've copy/pasted it here.

      PS: Looks like Google has a similar iOS app to Facebook's research application, which has also been shut down by Apple.

    3. Anonymous Coward
      Anonymous Coward

      Google app is not even remotely similar. The sources you linked stole that "news" from Twitter and stripped put lots of mitigation to "sex it up"

      1. pavel.petrman

        Google app may not be remotely similar, but it is of virtually no consequence - on iOS Google usually has maps, search, youtube apps, perhaps gmail, and on Android - ooops.

    4. Tigra 07
      Meh

      RE: Luke Worm

      "Did Facebook have an app like that for Android also? If yes, what is Google doing about it?"

      Yes, the BBC reported that the app is also available on Android. And no, Google has so far said and done nothing about this. Facebook is happy to apologise for getting caught, while carrying out the slurp on Android phones.

      1. David Nash

        Re: RE: Luke Worm

        The difference is that for Android, apps don't need to be signed to use them. Anyone can distribute an app for "side-loading", abuse of a corporate cert for internal apps is not required.

        So while FB also have this for Android, no rules needed to be broken in order to do so.

  7. Anonymous Coward
    Anonymous Coward

    Move fast & break things

    Try that in a shop and you'll pay for the damages

    Try that 'in public' and you'll pay for it in court

    Try that on 'the internet' and you'll be paid for it...

  8. Anonymous Coward
    Big Brother

    If you work for Facebook ...

    ... quit. It is morally indefensible for you to use your skills to make that company more powerful. By working there, you are making the world an objectively worse place.

    (quoting jwz, who is right on this.)

    1. Warm Braw

      Re: If you work for Facebook ...

      By working there, you are making the world an objectively worse place

      If you've already got a knighthood for that, it's hardly likely to be your prime consideration.

      1. Anonymous Coward
        Big Brother

        Re: If you work for Facebook ...

        I wasn't thinking about people with knighthoods: I was thinking about the people who write the code. If you are writing code for a company which is actively making the world a worse place, then quit.

        1. Anonymous Coward
          Anonymous Coward

          Re: If you work for Facebook ...

          I think this is time to re-appropriate the words of the late great Bill Hicks, originally talking about Marketing, but I think this fits, just replace Marketing with Facebook/Google:

          "By the way if anyone here is in advertising or marketing…kill yourself. It’s just a little thought; I’m just trying to plant seeds. Maybe one day they’ll take root – I don’t know. You try, you do what you can.

          (Kill yourself.)

          Seriously though, if you are, do.

          Aaah, no really. There’s no rationalisation for what you do and you are Satan’s little helpers. Okay – kill yourself.

          Seriously. You are the ruiner of all things good.

          Seriously.

          No this is not a joke. You’re [going], “There’s going to be a joke coming.” There’s no fucking joke coming. You are Satan’s spawn filling the world with bile and garbage. You are fucked and you are fucking us. Kill yourself. It’s the only way to save your fucking soul. Kill yourself

          Planting seeds.

          I know all the marketing people are going, “He’s doing a joke…” There’s no joke here whatsoever. Suck a tail-pipe, fucking hang yourself, borrow a gun from a Yank friend – I don’t care how you do it. Rid the world of your evil fucking machinations.

          I know what all the marketing people are thinking right now too: “Oh, you know what Bill’s doing? He’s going for that anti-marketing dollar. That’s a good market. He’s very smart.”

          Oh man, I am not doing that, you fucking, evil scumbags!

          “Ooh, you know what Bill’s doing now? He’s going for the righteous indignation dollar. That’s a big dollar. A lot of people are feeling that indignation. We’ve done research – huge market. He’s doing a good thing.”

          Godammit, I’m not doing that, you scum-bags! Quit putting a goddamn dollar sign on every fucking thing on this planet.

          “Ooh, the anger dollar. Huge. Huge in times of recession. Giant market. Bill’s very bright to do that.”

          God, I’m just caught in a fucking web.

          “Ooh, the trapped dollar, big dollar, huge dollar. Good market – look at our research. We see that many people feel trapped. If we play to that and then separate them into the trapped dollar…”

          How do you live like that? And I bet you sleep like fucking babies at night, don’t you?

          “What did ya do today, honey?”

          “Oh, we made ah, we made ah arsenic a childhood food now, goodnight.” [snores] “Yeah we just said, you know, is your baby really too loud? You know?” [snores] “Yeah, you know the mums will love it.” [snores]

          Sleep like fucking children, don’t ya. This is your world, isn’t it?"

    2. Anonymous Coward
      Anonymous Coward

      Re: If you work for Facebook ...

      Heh, a downvote: we found the person who works for Facebook!

  9. Roger B

    Do these "scandals" have any adverse affect though?

    Facebook spies, Facebook feeds you fake news, Facebook sold your details, Facebook listens through your ear piece, Facebook tracks you 24/7, Facebook leaked all your passwords, Facebook slept with your sister. The list goes on, but are people leaving? Deleting their accounts? or is the ability to share baby photos with Aunty whats her name in Melbourne, the chance to easily see who is driving to the football match on Sunday, the ability to easily check the time of your next pottery class so much more necessary than everything else that no one cares?

    1. Roger B

      Re: Do these "scandals" have any adverse affect though?

      Just had a thought, create a fake server update, get it installed at Facebook HQ, just pay someone in IT $20/month or something....then every time there is one of these scandals, we can track how many accounts get deleted.

      1. John Brown (no body) Silver badge

        Re: Do these "scandals" have any adverse affect though?

        "Just had a thought, create a fake server update, get it installed at Facebook HQ, just pay someone in IT $20/month or something....then every time there is one of these scandals, we can track how many accounts get deleted."

        Not sure if people are leaving or not, but month on month logins increased by 9% and revenues are up by 30% "Facebook's total profit for 2018 was $22.1bn (£16.9bn), up 39% on 2017. User growth was particularly strong in India, Indonesia and the Philippines, but flat in the US and Canada.

        I'm not sure what FB have to do wrong before people start to leave. I suspect they can do no wrong in the minds of those who use it, other than to stop being "the next cool thing" if or when something else comes along. I suspect they passed critical mass a long time ago.

    2. Anonymous Coward
      Anonymous Coward

      Re: Do these "scandals" have any adverse affect though?

      It doesn't have to result in people closing accounts to hurt them. It could result in people using Facebook less. A lot of people won't delete it because it is their only link to a lot of people, but you don't need to visit daily to keep in touch. If you go from daily to weekly, or weekly to monthly, that impacts Facebook's revenue even if their user count remains the same.

      I'm more concerned with whether Google's scandals hurt them. They're caught doing basically the same thing here, but since Facebook was found first it will get most of the attention. They've been caught doing a lot of bad stuff, maybe not as many cases as Facebook but with a bigger long term impact on people's privacy.

      It is easier for people to hurt Facebook by using it less, but unless people actively take a step to avoid Google like using DDG instead of Google search, switching from Chrome to Firefox, or switching from Android to iPhone, they aren't hurting Google. You can't "use it less" by searching less or browsing less, it is all or nothing. Those steps are all harder to take (well maybe not the DDG change) than going from daily to weekly Facebook visits, and thus people are less likely to take them.

      1. Doctor Syntax Silver badge

        Re: Do these "scandals" have any adverse affect though?

        "A lot of people won't delete it because it is their only link to a lot of people"

        T'other way round. It's their only link because they won't delete it.

        1. David Nash

          Re: Do these "scandals" have any adverse affect though?

          "It's their only link because they won't delete it."

          True, and what's worse in my view is companies and (more often) other organisations that use FB or other social media as their main internet presence.

          Nearly as bad as when you see a tradesman's van with a gmail or a hotmail email address on it. Just unprofessional.

    3. big_D

      Re: Do these "scandals" have any adverse affect though?

      I think just about everybody in my family has left Facepalm and most are leaving WhatsApp behind.

      Was talking to my eldest daughter and her friend (he is doing an MSc in computing) and mentioned the combining of WhatsApp, Facebook Messenger and Instagram. She asked what Instagram was! :-O

    4. Anonymous Coward
      Anonymous Coward

      Re: Do these "scandals" have any adverse affect though?

      Roger B,

      "... the ability to easily check the time of your next pottery class so much more necessary than everything else that no one cares?"

      In a nutshell that is exactly the problem.

      Joe Public does not care as they get Facebook for 'FREE' and it is so essential for life that it cannot be given up.

      Most people do not care *until* the problem hits them in the face when it is too late.

      The only way to fight Facebook is to create an alternative that does know what privacy means BUT how would such an entity compete with FB when it is everywhere and assuming it could survive it would need to be financially viable which is a HUGH ask when the internet is totally 'infected' at all levels with FB related links (visible & invisible).

      Maybe the 'Nuke it from orbit' solution is the only viable option !!! ;) :)

    5. Anonymous Coward
      Anonymous Coward

      Re: Do these "scandals" have any adverse affect though?

      One day, they will inevitably lead to regulations FB won't like. FB looks really inept at keeping a low profile and avoid one scandal after another. Maybe they thing they are smarter, or that enough money funneled to politicians will be enough. But FB is underestimating the fear politicians have it can control their future re-elections, and not all politicians like to be stooges only. Corrupted, maybe, but not wholly controlled by someone else. Especially since once FB can influence what people think and vote, it might not need to "lobby" (read "pour a lot of money") much in Washington to achieve what it needs.

  10. KBeee

    Scum

    Why does everything FB touches end up smelling of shit?

    1. Oengus
      Joke

      Re: Scum

      Easy the "F" isn't Face. That was a typo. It is Feces (American spelling because it is an American company).

  11. Ommerson

    In other news

    Would somebody care to speculate how on earth TechCrunch (linked at bottom of article) thinks their cookie opt-out is in any way GDPR compliant?

    1. Wellyboot Silver badge

      Re: In other news

      The same way all these companies view legality.

      They haven't lost a court case all the way to the supremes yet.

      1. Alex Read

        Re: In other news

        Too many payments* for FB, Google etc. to ever be held to accountable & sheeple never vote with their feet in droves** US culture means this will just continue get worse & more underhanded until their laws sre chanded to allow this evildoing.

        * I would say maffia style or backhanders, but it's so commonplace the term 'lobbying' is used.

        ** Sadly this is why EA continues to exist.

    2. Dan 55 Silver badge

      Re: In other news

      I guess they have a fundamental misunderstanding of what privacy is, like Facebook (only not as bad).

  12. Anonymous Coward
    Anonymous Coward

    How do these "enterprise developer certificates" work?

    The regular "enterprise certificates" require you install a specific certificate on your phone through a separate process before you can install corporate signed apps. That extra step makes it hard to abuse.

    From what I can read of this, the enterprise "developer" certificate doesn't require doing anything special, you just download the app, then click through a prompt and you've given the app special powers? Why hasn't Apple been checking for this? Just because they aren't granting enterprise developer certificates to just anyone doesn't mean the Facebooks and Googles of the world aren't just as evil as anyone else if not worse! Did they trust them too much and not think to look for abuse, or is there some reason why they couldn't find this during app review (i.e. did Facebook / Google try to hide their use of this?)

    If these companies are using it for testing internal builds of software or special corporate only apps, they should be able to provide an MDM server for employees to get a certificate from. Require some sort of delivery method like that which would be IMPOSSIBLE for outsiders to do, thus guaranteeing that only employees of a company can do this. Sorry Facebook & Google, you'll have to find another chink in the armor to steal people's information, and make more excuses about how it isn't as bad as it sounds!

    1. Crazy Operations Guy

      Re: How do these "enterprise developer certificates" work?

      The installer module in IOS ignores certificates not in the default CA store. Installing anything on an IOS device therefor requires a certificate that a clean IOS device trusts. From what I understand, Apple will act like a CA and cut a code-signing certificate for developers as part of the Enterprise agreement (So they just have to sign a CSR, and not add it to the certificate store each time a new company signs up to the Enterprise Program).

      You can add whatever certificates you want, even ones with the code-signing attribute, but that attribute won't matter, the installer still won't install your code.

      The entire point is to prevent people from jail-breaking their devices through various means, such as emulating a MDM system, or manually forcing the certificate (which won't work either, the module verifies the signature of the certificate store against a key burned into the firmware, so making changes without Apple's private signing key or the tools to physical change the silicon yourself).

  13. cd

    Apple needs to ban the FB app altogether and to put a privacy warning pop-up in Safari when the site is accessed.

    1. Anonymous Coward
      Anonymous Coward

      Sadly that would be a good approach to intentionally losing market share and reducing profits. Given that this would cause shareholders to lose (make less) money & they're publically-traded it is probably illegal, unless they could justify it on very definite legally-defensible grounds (if Facebook were, say, providing a forum for racists ... oh, wait).

  14. jayAyyyy

    Uber all over again

    Looks to me like some VCs want to divorce Mark from his company. Just like Uber and Papa John's. I've got no feelings either way. The guy's despicable, but I'm not certain behaving just as bad is any sort of counter balance.

  15. Dan 55 Silver badge

    The sound of the world's smallest violin - in the quantum realm

    With its certificate revoked, Facebook employees are reporting that their legitimate internal apps, also signed by the cert, have stopped working.

    Oh, that's a shame.

    And the tight bastards couldn't cough up for another certificate for something they knew was as dodgy as hell?

    The consumer iOS Facebook app is unaffected.

    I'm pretty sure other developers pulling this stunt would have had their App Store apps banned too.

    1. 142

      Re: other developers pulling this stunt would have had their App Store apps banned too.

      I suspect they thought of it.

      I wonder will we get to the point that Apple kick FB to touch once and for all.

      It would be very Apple to kill a feature their users view as sacrosanct, and yet somehow increase sales.

    2. Franco Bronze badge

      Re: The sound of the world's smallest violin - in the quantum realm

      And the tight bastards couldn't cough up for another certificate for something they knew was as dodgy as hell?

      No, because as the article states the developer cert was used to get around the fact that Apple had already kicked the app from their store because it broke the rules. The fact that it has now been revoked and broken several other FB apps comes under the category of too bad but it's your own fault. We're not talking about a 3rd party code signing certificate from Verisign or whoever here, but one issued by Apple to appstore developers, so they can't just go and buy one.

      It's quite unlikely that Apple will issue a new developer cert to FB without at the very least some legal assurances that it will not be abused again, not that paltry fines seem to be much of a concern to FB or Google when they get caught with their hands in the data cookie jar.

      1. Dan 55 Silver badge

        Re: The sound of the world's smallest violin - in the quantum realm

        As another poster mentioned below, they could have set up a one-man developer shop just to upload this app.

        I guess they're convinced of their own infallibility and they have the God-given right to invade privacy.

  16. Anonymous Coward
    Big Brother

    FFS!!

    How many lies will it take for people stop using Facebook? They have consistently lied to everyone and they think that its all OK. "Oh its for connecting people". Utter crap. Its nothing more than a data harvesting service. I was on Facebook, then I deleted it (for personal reasons), then (like an idiot) I decieded to resign up for it. The alarming thing was that I was using a different email address and the suggested friends list were from my old Facebook account!! At that point I went "nah", and deleted it. Never again. If people are happy with their data being flogged to the first company with a cheque book to wave money in front of Facebook, then (as my Dad would say) "buona fortuna!". For me, I will never touch Facebook with a barge pole.

    1. Doctor Syntax Silver badge

      Re: FFS!!

      their data being flogged to the first any company with a cheque book

      FTFY

      1. Persona Silver badge

        Re: FFS!!

        I don't think they deliberately sell the data, but I'm happy to see the evidence to be proven wrong.

        As I see it, it's too valuable to just sell as by holding onto it they can continually monetize it with dynamic ads that lets the advertizer select the data characteristics Facebook will use to target the add.

  17. Anonymous Coward
    Anonymous Coward

    Why didn't they even *try* and hide this

    Why not use the developer cert for a different organisation? A subsidiary for example. Or just register a new company name (something* vague, but likable) and hide in there.

    To use the official Facebook cert is lazy. To have that cert revoked, causing pain to their own staff using other apps signed with that same cert, is crazy.

    Most 'industry funded think tanks' do this when the industry players themselves don't want to seen to be involved. Something like:

    Free Enterprise Internet Safety Research Consortium, or Combined Charities Committee or Clean Energy Monitoring Group, or similar. We've all seen hundreds of these bogus names (and I'm sure there's hundreds more we don't see - which is entirely the purpose).

    1. Franco Bronze badge

      Re: Why didn't they even *try* and hide this

      To use the official Facebook cert is lazy.

      I would have chosen "arrogant" personally. FB even now having been found out, and being slated for it even on regular news sites such as the BBC, probably don't think they've done anything wrong.

    2. Phil Endecott

      Re: Why didn't they even *try* and hide this

      > Why not use the developer cert for a different organisation?

      Because these “enterprise” certs are not available to most organisations, e.g. small to medium sized businesses. You need to be someone like IBM to get one.

  18. Winkypop Silver badge
    Facepalm

    Will no one rid me of this turbulent pest?

    In other NEWS:

    https://www.theverge.com/2019/1/30/18204186/facebook-q4-2018-earnings-user-growth-revenue-increase-privacy-scandals

    Apols to: @HenryThySecond

    1. Anonymous Coward
      Anonymous Coward

      Re: Will no one rid me of this turbulent pest?

      facebook-q4-2018-earnings-user-growth-revenue-increase-privacy-scandals

      The fundamental problem for society of both Zuckbook and Google's business model (and for that matter, the shitbag credit rating companies), is that the companies who pay them for their slurped data do not have their brands associated by the public with the rank maplractice of those companies. Until the funding is cut off, none of these companies will change their culture.

      Most users know there's something dodgy about these companies, but don't understand or don't care how it affects them. When did your non-IT relatives ever do a subject access request to find out what these companies have on them, and look through the vast volumes and question whether this was a fair exchange?

      So the vast majority don't fully understand the problem, and then they don't actively hold to account those companies whose adverts they get force-fed. I do. Maybe you do. But we're part of a moderately informed, technically savvy group that is what, 1% of the population.

    2. Tim Almond

      Re: Will no one rid me of this turbulent pest?

      A lot of people really don't care. I really don't care. I post photos of my dog, lunch with my family in a restaurant. Movies I've seen. I have a few hundred followers many of whom are vaguely friends. I'm not going to post the results from the VD clinic or my bank account details.

      1. Franco Bronze badge

        Re: Will no one rid me of this turbulent pest?

        From the article "The app is downloaded outside of the normal Apple App Store, and gives Facebook extraordinary access to a user's phone, allowing the company to see pretty much everything that person does on their device."

        You aren't just giving up the contents of your FB profile with this app but a whole lot more

  19. Potemkine! Silver badge

    Everything within Apple, nothing outside Apple, nothing against Apple

    Apple and FB users share at least one thing: credulity.

  20. Stoneshop
    Pirate

    Cicero said it already

    Ceterum censeo faciem liber esse delendam.

    And salt the frigging earth where their HQ stood.

    1. Warm Braw

      Re: Cicero said it already

      Appropriately, you have faciem in the accusative...

      1. Zog_but_not_the_first
        Trollface

        Re: Cicero said it already

        People called Romans, they go to the house?

    2. Anonymous Coward
      Anonymous Coward

      Re: Cicero said it already

      IIRC it was Cato...

    3. paulll

      Re: Cicero said it already

      I do think Ellen Ripley said it better, though.

  21. chivo243 Silver badge
    Devil

    tasty, real tasty

    I'm pinching myself to see if this is a dream. My gast is totally flabbered! Really, they used the same cert for many different needs? Fire someone and promote someone.... Isn't that how it works?

    1. Doctor Syntax Silver badge

      Re: tasty, real tasty

      "Really, they used the same cert for many different needs?"

      Maybe Apple only lets a company have one. If it's only for developers why would they need more?

  22. kbb
    Trollface

    New law - not a chance

    Do Not Track Kids Act? It won't pass because it's not a snappy acryonym - DNTKA. It needs to be something like PATRIOT to get passed these days.

    1. Anonymous Coward
      Joke

      Re: New law - not a chance

      Call it Track Restrictions and Users Managed Privacy and the Senate will vote it - the House of Representatives, oh wait...

    2. Phil O'Sophical Silver badge

      Re: New law - not a chance

      The "Forbid Any Corporate Effort Buying Observations Of Kids" act?

    3. PerlyKing
      WTF?

      Re: New law - not a chance

      It won't pass because it's not a snappy acryonym

      I was thinking the same thing :-) He must have been really furious not to even take the time to think up a decent acronym!

  23. Anonymous Coward
    Anonymous Coward

    Another angle

    I wonder how many such devices were part of a BYOD scheme and thereby used (maybe inadvertently) for Corporate Espionage to Facebook's benefit?

  24. Anonymous Coward
    Anonymous Coward

    And you worry about the Russians influencing elections?

    Come on. FB & Google likely shapes adds with 'tailored experiences' for political purposes far more than anyone else.

    Then likely blames the Russians as a cover.

    Will Big Media get a grip and go on the offensive against FB & google - who are destroying their business..... Probably too dumb to see it - and the FB/Google story doesnt have a Trumpian angle.

  25. theloon

    Dump FB and never look back

    Each time one of these essentially criminal activities is revealed, it continues to feel good not to be part of FB.

  26. steviebuk Silver badge

    There was...

    ....United States v. Microsoft Corp. There now needs to be United States v. Facebook case. And, just as was an option but never happened at the end of the Microsoft one, they should now break Facebook up.

    1. Public Citizen
      Mushroom

      Re: There was...

      Fakebook needs to be broken down to and at the atomic level.

      Anything less, such as a Standard Oil type breakup, only creates multiple seeds [already having the corrupted corporate culture in their new corporate DNA] for wider dissemination of the corruption.

  27. adam payne

    Facebook doing dodgy things...never. /sarcasm

  28. the.spike
    Coat

    But they were getting paid?

    To play devils advocate, haven't people been moaning that our personal data is free and people just give it up? At least this time they were getting paid for it..

    1. David Nash

      Re: But they were getting paid?

      No, they were teenagers getting bribed for something they didn't appreciate the consequences of.

      Just paying for something doesn't always mean it's alright.

      1. Anonymous Coward
        Anonymous Coward

        Re: But they were getting paid?

        Just like teenagers were paid for a trip to Jeffrey Epsteins private island......

  29. 89724102172714182892114I7551670349743096734346773478647892349863592355648544996312855148587659264921

    It should be no surprise that Facebook again has snuck deep in Uranus

  30. IGnatius T Foobar !

    It's a shame they can't both lose.

    It's a shame they can't both lose. Facebook and Apple are both companies that cannot be trusted.

  31. RancidOrange

    How to curtail Facebook's antics?

    Easy, change their legal position from being a platform to being a publisher. All this shit will stop overnight.

  32. DenTheMan

    Are you listening Facebook?

    Apple are not taking the Mic.

  33. Flame Boar

    Do you trust Facebook?

    I haven't trusted FB for years, but this crap is beyond the pale. I really do not believe that FB management understands the term "ethics". Even if the "opt in" consent form was very clear (which it was NOT), saying that a 13 year old could comprehend that they were giving FB 100% access to everything that they do or say is ludicrous. I wonder how FB was able to get parental consent. Zuckerberg and Sandberg are highly compensated con artists. What truly amazes me is that they believe that their BS doesn't stink.

  34. JP_Veeam

    Politicians are helping us ?

    Ed Markey, following in the footsteps of Ted Kennedy, promising to introduce a bill to stop this. Amazing he finally woke up...

    Meanwhile, the news has caught the attention of a US lawmaker. Senator Ed Markey (D-MA) is furious that Facebook "has been offering teens financial compensation for access to vast amount of those minors’ personal information, including personal messages, web history, and photos."

  35. Moog42

    Sir Nick

    I'm sure Sir Nick Clegg will turn it round for them...

    The ICO needs to move a damn sight faster on these things .

  36. Aodhhan

    C'mon, who is really shocked?`

    Typical leftist strategy.

    Use what power you have to gain more power.

    Then use this power to find dirt on everyone--in order to have control.

    If it's information you really can't use or don't care about... you can bet someone does.

    ...so sell this information for money or a commodity you can use.

    Zuckerberg and the rest of Facebook's minions are simply crooked information brokers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like