27 votes

Facebook banned someone for developing a Chrome extension designed to reduce its addictiveness

17 comments

  1. [11]
    mtset
    Link
    I think this is yet more evidence that vendor-owned app stores are a bad idea. This is not something that would have been possible to "take down" if it were just hosted on a website somewhere, or...

    I think this is yet more evidence that vendor-owned app stores are a bad idea. This is not something that would have been possible to "take down" if it were just hosted on a website somewhere, or even on GitHub; they could cease-and-desist the author, but users (who have the whole source code, since it's JavaScript!) could just rehost it elsewhere.

    As it is, though, large companies with lots of incentive to cave to almost any legal pressure, and to enforce "real" author identities, control the ways most people install software, so even if someone did rehost it as a dev-mode extension, many fewer people would have access. It would be a whack-a-mole of reposting it on the Google Chrome app store, getting S&D'd by Facebook, rinse and repeat.

    8 votes
    1. [8]
      NaraVara
      Link Parent
      The downside of that, though, is malware. This seems like a pretty straightforward script he's made so it's not materially that much harder for anyone a little technically inclined to do it...

      The downside of that, though, is malware. This seems like a pretty straightforward script he's made so it's not materially that much harder for anyone a little technically inclined to do it themselves.

      5 votes
      1. [7]
        mtset
        Link Parent
        Yeah. I'd argue that there are more ways to mitigate the malware threat than to mitigate the threat of total control by megacorps, though, and those tend to require less political capital.

        Yeah. I'd argue that there are more ways to mitigate the malware threat than to mitigate the threat of total control by megacorps, though, and those tend to require less political capital.

        1 vote
        1. [6]
          NaraVara
          Link Parent
          Such as what? The reason things centralized in the first place was because people simply didn't buy or install things otherwise. Any tech savvy person basically had to impose a blanket ban on...

          Such as what? The reason things centralized in the first place was because people simply didn't buy or install things otherwise. Any tech savvy person basically had to impose a blanket ban on their less savvy family members from installing software off the internet at all. If you didn't you'd have a call from a cousin or in-law every other week asking to fix their computer and you'd go over there and see about 12 "search bars" and a purple gorilla in the corner of the screen.

          14 votes
          1. [5]
            mtset
            Link Parent
            Well, in the consumer space, the industry absolutely did go all-in on vendor app vetting. In the enterprise space, though, application allowlisting and blocklisting through very capable modern...
            • Exemplary

            Well, in the consumer space, the industry absolutely did go all-in on vendor app vetting. In the enterprise space, though, application allowlisting and blocklisting through very capable modern endpoint detection and response (EDR) software has become extremely popular. In the free desktop space, "just works" containerization is all the rage and has been for a while, from Qubes to Flatpak. Other approaches exist, too, in more niche areas, like jack-and-plug capability matrices, or even more systemic things where applications don't get access to arbitrary data by default - Android, for instance, is somewhat like this.

            All that to say: it's a hard problem, but not an insoluble one, and lots of people have put lots of thought into it.

            4 votes
            1. [2]
              NaraVara
              Link Parent
              That’s because enterprise has IT departments to manage it. And containerization isn’t exactly user friendly for a layperson either. Even Android can be a mess of malware if you wander off the...

              That’s because enterprise has IT departments to manage it. And containerization isn’t exactly user friendly for a layperson either.

              Even Android can be a mess of malware if you wander off the Google Play store zone. There’s plenty of arbitrary data apps can get authorization for by sneaky means or other dark patterns. And it’s not even the active malware that contributes. Plenty of shady software exists that isn’t technically malware but ends up being extremely user hostile or privacy infringing anyway. People have made the decision that they’d rather trust their hardware makers as gatekeepers than trust themselves to parse all the shady nonsense out there, and it’s hard to blame them.

              7 votes
              1. mtset
                Link Parent
                All I'm saying is, maybe we should consider the possibility that other approaches exist, instead of veering as hard as possible into allowing Microsoft, Google, and Apple to control our digital lives.

                All I'm saying is, maybe we should consider the possibility that other approaches exist, instead of veering as hard as possible into allowing Microsoft, Google, and Apple to control our digital lives.

                6 votes
            2. [2]
              nothis
              Link Parent
              Always wondered why the hell this is such a problem? Any system that can prevent a non-signed app from running outside the App Store should also be able to just have a switch that disallows apps...

              systemic things where applications don't get access to arbitrary data by default

              Always wondered why the hell this is such a problem? Any system that can prevent a non-signed app from running outside the App Store should also be able to just have a switch that disallows apps from reading other apps' data, prevent access general parts of the hard disk or have download-only network restrictions for installing updates.

              3 votes
              1. mtset
                Link Parent
                Yeah, from the perspective of implementation, this is not a hard control to put in place. The problem is that it breaks everything not explicitly designed for it, not just malicious programs.

                Yeah, from the perspective of implementation, this is not a hard control to put in place. The problem is that it breaks everything not explicitly designed for it, not just malicious programs.

                3 votes
    2. [2]
      post_below
      Link Parent
      I agree about vendor app stores. For accuracy, though, the author is referring to a browser extension, which he took down himself. So it's not an example of a centralized app hub being the...

      I agree about vendor app stores.

      For accuracy, though, the author is referring to a browser extension, which he took down himself. So it's not an example of a centralized app hub being the culprit. It's about FB's ToS and the author's understandable aversion to going to court against Facebook in the UK.

      2 votes
      1. mtset
        Link Parent
        Yep! The point I was making was that there'd be nothing to "take down" if these vendor app stores didn't both act as bottlenecks for most users and encourage, if not enforce, just one owner per...

        Yep! The point I was making was that there'd be nothing to "take down" if these vendor app stores didn't both act as bottlenecks for most users and encourage, if not enforce, just one owner per piece of software.

        1 vote
  2. NaraVara
    Link
    Title speaks for itself. This is pretty gross behavior.

    Title speaks for itself. This is pretty gross behavior.

    5 votes
  3. an_angry_tiger
    Link
    The full C&D can apparently be found here: https://louisbarclay.notion.site/Unfollow-Everything-cease-and-desist-letter-from-Facebook-ea219169421b457bb7ce010b7bf9ce1f It isn't strictly about them...

    The full C&D can apparently be found here: https://louisbarclay.notion.site/Unfollow-Everything-cease-and-desist-letter-from-Facebook-ea219169421b457bb7ce010b7bf9ce1f

    It isn't strictly about them not wanting people to use an unfollow extension, it also includes:

    • accessing and/or collecting users' content or information (I believe the extension had some data collection it sent back to the author when used, per the HN threads)
    • using Facebook trademarks (the big kicker)
    • interfering with or impairing the intended operation of Facebook (kinda weak)
    • facilitating or encouraging others to violate terms (not sure what that entails)
    5 votes
  4. [4]
    bilbodwyer
    Link
    This reminds me of the (possibly apocryphal) story of an iOS developer who came up with an app called Breathe, which displayed a blank white screen for a few seconds before you opened any other...

    This reminds me of the (possibly apocryphal) story of an iOS developer who came up with an app called Breathe, which displayed a blank white screen for a few seconds before you opened any other app. As I remember, Apple took that one down pretty quickly too.
    These companies are not our friends, and they want our eyeballs on their services for the maximum amount of time, no matter what overtures they make towards "digital wellbeing."

    3 votes
    1. Diff
      Link Parent
      I'm no expert, but as far as I know something like that isn't even possible with the tools iOS gives you.

      I'm no expert, but as far as I know something like that isn't even possible with the tools iOS gives you.

      8 votes
    2. [2]
      NaraVara
      Link Parent
      This sounds apocryphal because that seems like a function that would require system level controls that app developers can't really access. Maybe you could do it by enabling certain accessibility...

      This reminds me of the (possibly apocryphal) story of an iOS developer who came up with an app called Breathe, which displayed a blank white screen for a few seconds before you opened any other app.

      This sounds apocryphal because that seems like a function that would require system level controls that app developers can't really access. Maybe you could do it by enabling certain accessibility settings, but Apple takes a dim view of requiring accessibility settings for non-essential things as it's almost always a vector for malware.

      7 votes
      1. mtset
        Link Parent
        Eeh, citation needed. Until they added system level autofill support, all password managers abused the a11y infrastructure.

        it's almost always a vector for malware.

        Eeh, citation needed. Until they added system level autofill support, all password managers abused the a11y infrastructure.

        2 votes