Comment by miki123211

Comment by miki123211 2 days ago

4 replies

View on Hacker News

Twitter was "special" because they actually had an API.

No other social media site (besides Reddit) had one. Facebook kind of tried, although theirs was always a lot more limited, and got shut down when it turned out Cambridge Analytica used it for widespread election fraud[1].

Both Twitter and Reddit did basically the same thing at roughly the same time, Twitter just had the misfortune to be under the control of Elon Musk, so the move was perceived as ideological.

[1] As it later turned out, Cambridge Analytica was basically a "nothing burger", they claimed to be able to accomplish a lot while, in reality, accomplishing very little. The damage to interoperability was already done, though.

shadowgovt 2 days ago

Indeed. CA's impact on election outcomes was likely negligible; Antonio Martínez's "Chaos Monkeys" makes the case that Trump using CA was more indicative of the overall notion that Trump's team was spending money to try a bit of everything (online and offline) and the Clinton campaign wasn't. Their tactical failure was believing they could redirect the money to down-ticket races because Clinton / Trump was such an obvious matchup that they didn't need to spend to win.

What CA did show was that Facebook's statements about protecting user privacy were fundamentally incompatible with the way their API worked, so they had to shut it down because the alternative would have been to just sort of... Let it hang in the air that it wasn't hard for a third-party to build a system to completely bypass user intent in scoping their information.

(I had the misfortune of trying to write a Facebook app about fifteen years prior, and that was my takeaway at the time also... "Do people, like, realize that their whole process for protecting scraping the social network via third-party app integration is the honor system?" Turns out people didn't).

Reply View 3 replies
  • miki123211 2 days ago

    What Mastodon is doing seems suitably ironic in this situation.

    For those unaware, Mastodon's APIs are extremely open and it's very easy to scrape, to the point of providing you with a "firehose" of all public posts that an instance sees, both local and federated, with no authentication required. They also have an extreme anti-scraping culture, anybody who admits to running any kind of scraper which is not strictly opt-in, even for benign / scientific purposes, is very quickly shunned and blocked. Most instances also have a "disallow scraping via robots.txt" policy by default.

    The results? I posted a canary token[1] link on a medium-sized, well-federated, well-protected instance which disallows scraping, and it got hit by some shady social media crawler in a fraction of a second. It started getting hit by many other strange crawlers later on, and it still keeps getting visits (mostly from Google now).

    Reply View 1 reply
    • shadowgovt 2 days ago

      It's an ecosystem of people that seem insistent on the idea that you can put stuff online behind no authentication wall and expect to stay exclusively on servers you believe it should be on.

      And I don't know what to tell them, because that's not how the internet has ever worked.

      Reply View 0 replies