Comment by Permit

Comment by Permit 3 days ago

29 replies

View on Hacker News

> Once network effects crowded a few winners, the drawbridges slowly pulled up. Previously simple APIs evolved into complicated layers of access controls and pricing tiers. Winning platforms adjusted their APIs so you could support their platforms, but not build anything competitive. Perhaps the best example of this was Twitter’s 2012 policy adjustment which limited client 3rd party apps to a maximum of 100,000 users (they’ve since cut off all 3rd party clients).

One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].

So a company considering creating a public-facing API must deal with the fact that:

1. This API could be helping my competitor

2. This API makes internal changes more difficult (typically there is a strong effort to maintain backwards compatibility).

3. If company XXX uses the API to extract data (that users have given them explicit access to), the ensuring scandal will not be called the "XXXX Data Scandal", but rather the "MYCOMPANY-XXX Data Scandal"[1].

[1] https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Ana...

mb7733 3 days ago

> One thing I haven't seen written about much is how these APIs turned into massive liabilities for privacy. If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them.

Is that really a privacy concern? Tweets are public. As soon as you post them, others can just save the page. No need for an API.

Reply View 1 reply
  • bloppe 2 days ago

    Data brokers don't care about easy APIs anyway. They'll save that tweet even if it takes a dozen engineers, a global bot net, and millions in cloud spend to do it at scale

    Reply View 0 replies
skybrian 3 days ago

Nowadays we expect popular tweets to be screenshotted, just as popular webpages are usually archived somewhere.

Bluesky has decided that it’s not a bug and is not going to be fixed: you can delete a post, but someone could have saved it, and worse, it’s digitally signed.

Reply View 7 replies
  • pfraze 3 days ago

    We generally would characterize the monopolies as the bug, not the public nature of the data

    Reply View 4 replies
    • skybrian 3 days ago

      Yeah, I don’t think it’s the wrong decision. Maybe I should have called it a design tradeoff.

      Edit: editing posts is nice to have.

      Reply View 2 replies
      • cryptonector 3 days ago

        > Yeah, I don’t think it’s the wrong decision. Maybe I should have called it a design tradeoff.

        How would you design Bluesky to prevent analog holes?

        Reply View 1 reply
        • skybrian 2 days ago

          There's no way to do that, but it doesn't mean that people give up on privacy.

          We could contrast Bluesky with the Fediverse: a maze of independent websites with uneven distribution and no systematic search or archiving. So, if you don't have much of a following and you delete a post, it's possible that nobody saved it. Some people prefer it that way.

          Reply View 0 replies
    • bloppe 2 days ago

      Are you saying the phenomenon is different on Twitter than on bluesky?

      Reply View 0 replies
  • cryptonector 3 days ago

    > Bluesky has decided that it’s not a bug and is not going to be fixed:

    It's called an "analog hole". It's very difficult to prevent analog holes. By difficult I mean: impossible.

    Reply View 0 replies
  • bunderbunder 3 days ago

    I haven't read it in 10 years, but this used to be pretty explicitly spelled out in Twitter's privacy policy, in plain language, in a way that I really appreciated. (Not that anyone ever reads the privacy policy.)

    But it really does make sense. Nothing you publicly tweet can ever be private, nor is there any real way you can reliably take it back. Because as soon as the tweet's been transferred to someone else's device, they now have every bit as much control over that content as they do over any other content that makes it onto their device.

    I'm a pretty pro-privacy person, to the point where I generally avoid social media sites. But this was also my policy back when I administered an oldschool Web forum: once it's posted, it's out of your control. Period. That's really the only policy for a public forum that makes any sense at all. If that's scary to you then maybe the things you're posting should be, y'know, kept private instead of being broadcast to the entire world.

    tl;dr: group chats are actually pretty cool.

    Reply View 0 replies
veqq 3 days ago

Precisely what kneecapped the semantic web. Why make it easier for the competition to take all of your data?

Reply View 5 replies
  • Y_Y 3 days ago

    I remember when the internet was collaboratorative rather than competitive. I think then tech companies got so big that they ran out of scientists and engineers and had to hire fairground hucksters.

    Reply View 3 replies
    • pixl97 3 days ago

      Yes and no.

      The internet was collaborative when it was very small. You still had islands like AOL and Compuserve and such.

      Then as it got bigger the big islands like AOL broke, and the views started going to larger and larger websites (think things like news sites). These sites had to work with vendors (Microsoft/Apache) to be able to support the load without crashing. While this is occurring hardware got a lot faster and databases more performant (along with things like K/V caching).

      This lead to the last 'social media' wave where just a few large companies could host enough servers to serve everyone on the internet (within reason). These companies sucked a lot of wind out of the smaller companies that were successful. You could wake up one day and find out Google had implemented your entire business model and is giving it away for 'free'.

      But free was never free. Those big companies need your eyeballs. They need your attention. And they will do anything regardless of the ethics to keep it (what are small fines between friends). There was not much more room to expand in to, you're only expanding into other companies. You take over/replace the ones that give their data away and 'compete/fight with' the ones that don't.

      Reply View 1 reply
      • theendisney a day ago

        The amish are still laughing at us and it just keeps getting more embarresing.

        Big tech companies are full of extremly competent people who for the most part cant get shit done. A hand full of cooperating people armed with curiosity and the desire to make something useful can do things tens to thousands of times better.

        What are these websites they make that need hundreds of requests to show a bit of text? I cant view source without repeatedly screaming from laughter.

        Maybe the answer to the riddle is to force the pattern and make usefulness as well as asking for help requirements for participation.

        Reply View 0 replies
    • pas a day ago

      ... alas that was fundamentally "borrowed time". Since our culture did not change (to a radically open cooperative supportive one) as more and more of our life has became online more and more the Internet became like our society.

      Reply View 0 replies
  • jandrewrogers 3 days ago

    More precisely, one of several things that kneecapped the semantic web.

    Reply View 0 replies
ImPostingOnHN 3 days ago

> If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].

Not only is this already possible (I can open up twitter and press "control-P"; I can open up Facebook and see names)*, but it's already being done by those companies. If you thought Cambridge Analytica was bad, imagine what Facebook is doing with even more user data.

That indicates that the issue isn't protecting users from that sort of abuse (since they are the abusers in that sense), but to prevent business competitors from doing the same and reduce user choice (eg users who don't want to have to have their eyes bleed to read their content on these sites).

If the goal is to keep information secret from X, disclosing it to X via 1 programmatic means while restricting it via another, fails to achieve that goal.

> So a company considering creating a public-facing API must deal with the fact that:

1. It could be helping users, which is more important to users than Facebook winning some corpo-war-on-data-access. Is it more important to Facebook et al, though? Clearly not, and therein lies the ethical failing of Facebook et al.

* - "but wait" I hear some saying, "you're just a human, you can't do that at scale!" Well: the data got on my computer screen programmatically, and it's trivial to reuse those methods to get the data you want. It's just an extra step or two that frustrates legitimate users.

Reply View 0 replies
MichaelZuo 3 days ago

It does like seem there are so many inherent disadvantages that the original proponents must have been confused or intentionally ignoring realistic factors…

It’s like they never even tallied up all plausible advantages and disadvantages in the first place. So how did anyone determine it was an overall net positive?

Reply View 11 replies
  • __MatrixMan__ 3 days ago

    Are you proposing that interoperability is not an overall net positive? If it's getting a bad rap right now it's just because it's not always simultaneously a competitive advantage. But that line of thinking is a race to the bottom.

    I mean, why not just kill your competitors? Then your product, however bad, would be the only one. Clearly a net negative, but a competitive advantage.

    What has changed is that we've recently lowered the bar for how much of a net positive we plan on shooting for. Top dog on the trash heap is, I guess, now an enviable position.

    Reply View 10 replies
    • MichaelZuo 3 days ago

      Privacy, reputation risk, etc., seem like huge disadvantages… so it’s not clear at all if it’s a net positive overall.

      Someone has to actually do that analysis in the first place. It doesn’t just automatically become true.

      Reply View 9 replies
      • ImPostingOnHN 3 days ago

        What are the privacy and reputation risks for me as a user, if I'm able to access my data via API?

        If you're referring to 'net positive [for facebook]' rather than [for users] or [for society], then the point is conceded that facebook can make more profits abusing their users versus being more considerate of them.

        Reply View 8 replies