Comment by ImPostingOnHN

> If a Twitter API allows me to siphon tweets off of Twitter, you can never delete them. If a Facebook API allows (user-approved apps) to view the names of my friends and the pages they like, this data can be used to create targeted political ads for those users[1].

Not only is this already possible (I can open up twitter and press "control-P"; I can open up Facebook and see names)*, but it's already being done by those companies. If you thought Cambridge Analytica was bad, imagine what Facebook is doing with even more user data.

That indicates that the issue isn't protecting users from that sort of abuse (since they are the abusers in that sense), but to prevent business competitors from doing the same and reduce user choice (eg users who don't want to have to have their eyes bleed to read their content on these sites).

If the goal is to keep information secret from X, disclosing it to X via 1 programmatic means while restricting it via another, fails to achieve that goal.

> So a company considering creating a public-facing API must deal with the fact that:

1. It could be helping users, which is more important to users than Facebook winning some corpo-war-on-data-access. Is it more important to Facebook et al, though? Clearly not, and therein lies the ethical failing of Facebook et al.

* - "but wait" I hear some saying, "you're just a human, you can't do that at scale!" Well: the data got on my computer screen programmatically, and it's trivial to reuse those methods to get the data you want. It's just an extra step or two that frustrates legitimate users.