Didn't realize this was a thing, cool that it worked.
As a loosely related note, there has been problems in the past where people come up with meanings for hand gestures without knowing the signed language of the region they are in, which leads to people misunderstanding something a person is signing as something completely different. Although probably not a problem in this case, just something to consider if you ever are so inclined to make a manual language.
If anyone was curious in ASL this is basically "B -> M", not that that was on purpose, just a different way this could be interpreted.
> Does the Signal for Help stand for something in a sign language?
> The Signal For Help is not meant to refer to any words, letters, or ideas in American Sign Language (ASL) or other sign languages. It is designed as a single hand motion someone can make during a video call to silently communicate they need support. Deaf community members were consulted on the Signal for Help prior to the launch of the campaign to check in about using this hand gesture.
I sometimes do a gesture similar to this one as a habit for cracking my (thumb) knuckles single-handed. Not as an intentional sign first tucking the thumb in the palm, and then traping it in, but rather as a single motion. I wonder if it could be mistaken for this gesture.
I don't do it rapdily, and it's a single-handed motion, so not the usual "cracking your knuckles" movement/gesture. I do wonder because it could look similar, though I don't specifically direct it so that it'll be palm-to-viewer, as the guides for this gesture tell you to do.
Letter signing is not typical in ASL and in any event BM is not a common letter sequence in English. I would also think that if I made eye contact with someone who signed BM to me, I would have to assume it was this signal or else they were being awfully rude https://en.wiktionary.org/wiki/BM#English
Really? I'm not deaf, but I did take 3 semesters of ASL, and knew a lot of deaf people. In my experience, fingerspelling is incredibly common.
It isn't that people spell everything, but is very common to spell a very specific word, especially for something technical, that one of your following signs will represent. You might spell "Macbook M1", and then use the sign for computer in the rest of the conversation.
I've also found that many people that weren't born deaf, but went deaf later, or that had hearing parents that didn't really help them, often don't know ASL well. It was common for someone to not recognize a sign and the other person would spell out what it was.
A funny oddity about spelling and the deaf. You might (at least I did) think that since they spell things out far more often than we do in spoken English that they'd know how to spell well. That is generally not the case unless the person was raised by hearing people.
I knew a couple where the husband was CODA (child of a deaf adult, both parents) but could hear/speak, and the wife was deaf but was raised by hearing parents. She actually could spell well, but he couldn't, and that was very atypical.
Yes, just like with hearing individuals, not everyone can spell well.
Often times, just like when reading, one may not notice every single letter in a given word, but with the sequence of letters, autocorrect, and context, the meaning is usually clear.
Yes, as mentioned elsewhere, finger-spelling is common when introducing a new person/entity/concept into the conversation.
Regarding the person's expressions, it's common in ASL to employ very dramatic facial expressions to assist and augment the signs themselves to help the "listener" arrive at the correct understanding and feeling.
This would only be possible with a syllable break as in something like fub/moore. Even then, I can't think of a name, or a word, or a common collocation, that features it. Syllables ending in /b/ aren't so common, though they're possible.
Also "entombment", "webmaster", and variations of them. But not many; /usr/share/dict/words on my system lists only 45, many of which are minor variations of each other.
Well, I had shifted into pronunciation (mostly because in writing the concept of a "syllable" doesn't exist), but in the larger context, yes, that's fair.
As the signal is shared and becomes known by the public, there is a risk that an abuser might learn about it. People in abusive situations are also often closely monitored by the person harming them, and they may not always feel safe enough to use the signal.
There is no one-size-fits-all solution for everyone facing abuse. Everyone faces their own unique circumstance. The Signal for Help is one tool some people may be able to use, some of the time, to indicate they need help without leaving a digital trace.
It is important that people reach out for support if and when they feel ready, and they should do it in the ways that feel safest for them. People supporting them should be ready to help without judgement, and they should follow the lead of the person who needs help.
can the 'tiktok scenius' react in real time and just instantly spread a new signal for the next person, don't underestimate how powerful that network is, has the highest quality interaction I have witnessed. more jokes than HN too
> My worry would be that as the signal becomes well known abusers will learn it
I'm so glad that the signal worked in this case, but you're absolutely correct: the problem with clandestine signals like this is that they need to be somewhat widely known to be effective, but if they become too widely known they become ineffective and even dangerous (since the bad actor would likely know the signal and intent).
I've heard stories about prevented tragedies via "code word" drink orders at bars -- maybe that tactic could be more widely applied (bars, restaurants, hotels, gas stations, etc.)
Being able to be made surreptitiously can be enough though. Nothing's foolproof, but if an abuser is trying to over-manage someone's communications or hand gestures, that itself is a give away for people to pay more attention.
I can understand wanting stay anonymous; many companies are hostile towards people who find security vulnerabilities. If they have a real vulnerability and share it I'd accept their request to stay anonymous.
If they would not share until I paid, or did something sketchy other than requesting anonymity then I would probably consider it more on the hostile side, but not just because they didn't want to share their true name.
Wow; that is a lot worse than I thought. I really wish IPv6 was better understood than it is now, it really is quite a good standard, but it is also quite a bit different than IPv4 which I think scares people away (it can also be hard to remember longer IPv6 addresses).
I think we need to start judging how good a standard is by how easy it is to implement for its intended purpose.
The purpose of IPv6 was to superscede IPv4. 25 years later, only 1/4 of the top sites from this link are IPv6 enabled. That's... well, at some point you have to stop blaming lazy sysadmins or stubborn vendors and start considering that it's genuinely just a bad and hard to understand standard.
In 2050 we'll still be on IPv4. That's how bad I think IPv6 is. Technically impressive? Sure. Viable as an understandable network paradigm and designed for widespread real-life use? Looking like no.
It's not that IPv6 is bad. There are no other, more successful alternative proposals to grow the address space while maintaining end-to-end connectivity. It's just a difficult coordination problem. From a purely technical point of view IPv6 works, today. It's not hard to set up IPv6 networks and connect them together. But there is a lot of IPv4-only equipment, legacy applications, etc. in active use which would have problems with any new protocol.
Not wrong, but I have a feeling that a protocol which changed things less would have caught on a lot faster. IPv6 changes a lot more than just expanding the address space.
32bit IPv4 gives us 4.2 billion IP addresses (although there are fewer usable addresses due to reservations etc.). If we would have just tacked on another byte we'd have 1 trillion (theoretical) IP addresses. Two extra bytes and we'd have some number I don't even know the name of (~2.7e14).
Changing from 213.113.223.023 to 142.213.113.223.023 is a lot less invasive, both for users and implementations (although increasing the address space isn't necessarily easy, it doesn't require an entire new stack).
Now, these other IPv6 changes aren't necessarily bad and also address real problems as well, but it seems IPv6 changes too much in one step for its own good. In this regard, it's not that dissimilar to Python 3 (except even worse!)
Also: one think that struck me about that list is that sites who do implement IPv6 are all Western, and that none of the Asian (mostly Chinese) sites implement IPv6. You'd expect it to be the other way round because Asian/Chinese would benefit a lot more from IPv6 since they have fewer allocated addresses, and their infrastructure also tends to be newer so legacy hardware is less of a concern. I don't know what this means or why this is the case though.
> I have a feeling that a protocol which changed things less would have caught on a lot faster.
Perhaps. IPv6 had more goals than just increasing the address space. Some of these goals were interdependent; for example, just increasing the address space without doing something about routing table complexity would have been a recipe for disaster, which is part of the reason why IPv6 uses much longer addresses with a fixed number of bits reserved for the local subnet, and why it also strongly discourages the non-hierarchical routing which has become commonplace in IPv4.
> Changing from 213.113.223.023 to 142.213.113.223.023 is a lot less invasive, both for users and implementations….
I would say 2602:7b:294e:d207::1 isn't much worse to remember or type than a dotted-quintet (based on, but not equal to, one of my real IPv6 addresses). Implementations don't have any issue with 128-bit addresses, and probably prefer that over an odd size like 40 bits due to alignment. Users usually don't have any reason to care about IP addresses; that's what DNS and mDNS are for. Or copy & paste if you absolutely must work with raw addresses.
> (although increasing the address space isn't necessarily easy, it doesn't require an entire new stack)
In practice, it does. You could certainly model it more closely on the original protocol, but the systems wouldn't be interoperable. System calls, library APIs, applications, and GUIs would all need to change. You'd have to rebuild all the routing hardware and redesign any protocols that embed IP addresses. Basically everything that needed to be updated to work with IPv6 would still need to be updated to work with "IPv4+1B". The changes might be smaller but it's the fact that you need to change these things at all that makes the process so difficult.
There are some other changes in IPv6 that are more debatable, like replacing DHCP with SLAAC when we could have probably just used a straightforward IPv6 adaptation of DHCPv4, at least in the beginning. SLAAC strikes me as the sort of thing that could have been deployed separately once IPv6 adoption was well underway. But I wouldn't say that these minor differences represent significant obstacles to IPv6 adoption.
It is interesting that most of Asia is trailing somewhat behind, whereas India is at the top of Akamai's charts for IPv6 adoption[0].
Same with Security Keys, there are a bunch of technologies like this, where you can literally write documentation explaining "This is what we did at our multi-billion dollar business to successfully solve the problem" and people will walk past, fingers stuffed in their ears, hoping that some day the problem will be solved somehow, but, like, magically without them having to change or learn. Just keep doing what they're doing and then, somehow magically it'll be fine. See also: Climate change.
For most people, IPv4 is a solution to a problem that didn’t require change or learning. It’s just what is used behind the scenes to make the web and chat and email happen. And happen it all does, without trouble, so why lots of money to replace it?
What is the sales pitch you would bring to the CEO of a Fortune 500?
> What is the sales pitch you would bring to the CEO of a Fortune 500?
When you buy or merge companies, and they both have RFC 1918 addresses, you'll probably have a conflict between the two entities. You'll probably have to implement NAT with-in your own network and hope the two sides don't have to talk to each other that much. (Or you completely re-IP the acquisition.)
With IPv6, either the companies will be using their own PI IPv6 space and/or they will be using unique ULA prefixes, so the chance of conflicts will be very small.
This at least was one of the business cases for Wells Fargo, "the fourth largest bank in the United States by total assets and is one of the largest as ranked by bank deposits and market capitalization":
Over time, ISPs are pushing more users to IPv6 + CGNATv4 because they don't have enough IPv4 addresses.
If an internet service needs to distinguish users by IP address, say for spam fighting reasons, then IPv6 will provide finer granularity because the addresses are not shared by multiple users. Depending on how the ISP implements CGNAT, IPv6 may also improve performance and geolocation accuracy.
(They'd also be doing those ISPs a favor, because offloading traffic to IPv6 lowers the operating costs of CGNAT.)
There isn't one until IPv6-only ISPs (or plans) pop up offering cheaper connectivity because you don't need an expensive v4 address. NAT sucks and everyone's job would be easier if they didn't have to deal with it, but the CEO likely doesn't care about that and probably just sees the "add IPv6 support" scope and cost estimate and NOPEs out.
I love IPv6 btw. I just don't think you'll see anything meaningful happen until FAANG drop IPv4 support. Imagine that. People would convert pretty quick if Google couldn't crawl your site or you couldn't buy an iPhone without IPv6...
That's not really the price of an IPv4 address: you don't have control over it, it's just not changing because they made a DHCP reservation or something. Owning an address means you can announce it to peers via BGP, set up PTR records, etc.
IPv4 addresses are expensive right now. Registries run out of new allocations years ago, so if you ask them you'll be put in a waiting list[1] hoping one for a block to be recovered. To get one right know you have to go on the market and negotiate a transfer: blocks are selling at ~50$/address right now. The price more than doubled in the last year or so: people are even speculating on it [2].
Your ISP probably hasn't tried to acquire IPv4 addresses recently. https://ipv4.global/reports/ shows prices around $40/address, so it would take 2-3 years to break even at $1.30/month.
(Although, people rent apartments with break-even periods well beyond 10 years, so maybe 2-3 is still fine.)
> it can also be hard to remember longer IPv6 addresses
mDNS helps since you can use hostname.local without having to set up a DNS server. I was going to make a joke blog post about using ipv4 addresses as hostnames so you can "keep using ipv4" while actually using ipv6, but I found you can't have "." in hostnames, so maybe instead use "-".
If you run your own DNS resolver for your local network, you can use a Discovery Proxy (RFC 8766) to allow unicast DNS resolution of multicast DNS records. I'm using mdns-discovery-proxy[0] (slightly modified to support a newer version of the zeroconf Python library) with bind9 so that xyz.local is mirrored in unicast DNS as xyz.home.arpa. The script (proxy.py in Git; I renamed it) is run with this systemd service (/etc/systemd/system/mdns-discovery-proxy.service):
Does mDNS work across VPN tunnels? The main reason I delay IPv6 is because I access hosts across the VPN by their IPs, and I don't want to publish their DNS records.
I guess that's equivalent to setting up a hosts file... Unless the DNS resolver can be configured to treat a selected server on the VPN side as authoritative for .mynetwork.
Also, ULA. You can have both “real” (internet-routable) IPv6 addresses for all devices as well as (fixed) ULA addresses for local communication and ease of use. fd00:dead:beef::/64
That looks like a sweet project. I'm happy to see web assembly being used in it too. I'll have to add it my long list of things I want to get around to tinkering with.
It is really nice, OpenVPN is good, but it is definitely harder to configure, and slower. I also like that it is hard to shoot yourself in the foot with Wireguard given it is really hard to mess up and create an insecure config.
ProtonVPN is also at least a bit better than other commercial VPNs, specifically the "Secure Core" feature is quite good. Proton is one of only like two or three companies I actually trust when it comes to their security and honesty.
The cease and desist seemingly has no real legal basis, but I mean you can send a cease and desist for anything you want. My mom was building a shed on her property, some neighbors didn't like it so they had a lawyer send a cease and desist with no legal basis. My mom ignored the C&D and is enjoying her new shed.
The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold out much longer than everyone else. It's complete abuse of process, and really should be dealt with more harshly than it is.
demanded that I agree to never again create tools that interact with Facebook or its other services.
How is this legal in any shape or form? It is a browser extension, running on users' browsers, installed intentionally by his users. This is insane. The level of arrogance and entitlement here is mind blowing.
> The level of arrogance and entitlement here is mind blowing.
Yeah. They put a server on the internet but we're not supposed to talk to it. We can only do it on their terms. Gotta control those users so they don't hurt a billion dollar company's business interests.
I remember the pirate bay's responses to legal threats. That's exactly the kind of reply Facebook deserves.
Please don't sue us right now, our lawyer is passed out in an alley from too much moonshine, so please atleast wait until he's found and doesn't have a huge hangover...
The problem here seems to be that the material is unreleased? If that is the case, you can easily fix the problem by releasing it. We'll be more than glad to help you distribute it - free of charge! - to our users.
Thank you for the link. Their responses are hilarious, haha
I don't have an opinion one way or the other on this extension or Facebook's decision, but the premise of your comment --- "we put a service up on the Internet but you can only talk to it on our terms" --- that is actually how things work, and how they should work.
> that is actually how things work, and how they should work
I don't think so. Users simply don't have the power to negotiate these contracts. These "take it or leave it" deals are abusive. Especially since many times these platforms have network effects so strong you need to be part of them in order to not fail at life. Under these conditions, nobody can truly consent to anything. These "terms" should not even apply. Nobody even reads them, it doesn't matter what they say because it won't change the fact they need to be on Facebook because of family, work, school, whatever. They click "agree" not because they agree but because the sign up form won't submit if they don't.
So technology that lets us alter the deal is very much welcome indeed. They don't want us using this stuff but their permission is not necessary. Software is gonna interoperate with their site whether they want it or not. They should not even be able to find out that we're doing anything out of the ordinary. From their perspective, they should simply see a normal user agent issuing normal HTTP requests.
Adversarial interoperability. If they refuse to make the site work like we want it to, we'll do the work for them. This should be considered a form of legitimate self defense against their abuse.
> you need to be part of them in order to not fail at life.
Srsly? "Failing at life" would appear to mean dying.
I don't think a social media account is a matter of life and death. FB is basically a kind of entertainment, so if you don't like the T&C you can always join a sports team or a choir, or whatever.
In my country it's simply not possible to communicate effectively without WhatsApp, Instagram and Facebook. If I refuse to use these things, I might as well simply ostracize myself from society. For some people, it could cost them their jobs, actually putting them at risk of dying.
> FB is basically a kind of entertainment
No. Facebook is communication, jobs, local information, even a market place with local groups where people sell their stuff. It's hard to describe just how thoroughly this company has managed to infiltrate my society and its way of life. People write pop songs about getting blocked on Instagram.
The nuance of how "we put up a service ... talk to it on our terms" is enforced is what is deeply concerning to me. Is that up to Facebook to use technical means to enforce their terms or is the force of law behind them? Where is that line drawn?
If I modify the DOM with an extension to hide content I don't like am I running afoul of the law? How about using Lynx instead of Chrome?
What constitutes "talking to" a service? Is it data I send to that server, or is it how my computer processes the data I receive and how I interact with it?
Different people are going to have wildly different opinions, and some of them are very troubling to me. Committing fraud is one thing, but simply using a service without exceeding your authority in a way the service provider doesn't prefer seems like something the service provider should handle without the force of law behind them.
It is up to Facebook to use both technical means and enforceable contract law to draw lines around how their service can be used, the same way it is up to any of us to do the same with services we stand up on the Internet.
There are limits to both tools, and legislatures can enact new restrictions in response to public demand. But none of that is in play in this story.
If the argument upthread was "we should demand laws that prevent Facebook from locking out extensions to their platform", I wouldn't have a rebuttal (I might or might not support those restrictions). But the sarcastic dunk that was actually made, that it was somehow ridiculous that Facebook would have some say over the terms of how their platform was used, was weird and worth commenting on. It's not only not ridiculous, but actually the world as it exists today.
>[they said] it was somehow ridiculous that Facebook would have some say over the terms of how their platform was used
It's less about FB's right to set boundaries, and more about what FB does when they feel the boundaries have been violated. In this case, they've perma-banned the guy and initiated threatening legal action. That action's extreme demands are NOT in FB's TOS, and reflect on FB's attitude of entitlement.
One argument against this is that FB is just doing the "standard legal thing" of demanding everything up-front, and then negotiating. That is true, but I don't think that just because every lawyer tries to bully their clients enemy means they should. And in this case FB is Goliath, swinging hard and fast at David.
Consider it by analogy: let's say I have a fax machine at my house, and someone keeps sending me faxes on it even though I don't want them to.
I could set up some technical mechanism to stop it, such as blocking their phone number. But, if it's easy for them to switch phone numbers, then that won't work well. And I may not be able to just block a whole area code, because there may be people I want to let fax me coming from that area code as well.
My other recourse, then, is threaten to sue them, and, if they continue, to actually sue them. And I would argue that I should be able to do that. Sending me faxes costs me financial resources and ties up my fax machine, so it's hardly zero cost to me, and it makes sense to have some third party to sort out the dispute and decide where the line should be drawn.
I can imagine other worlds with gentler, more even-handed approaches to sorting out these kinds of issues. Unfortunately, most those approaches fall under the general category of "regulation", and the country I reside in, the USA, decided a long time ago to eschew that kind of approach in favor of one that relies heavily on lawyering up and lawsuits.
what if there is only one brand of fax, they are selling your phone number to advertisers and they demand you receave the faxes?
or say you have to listen to robocalls or els you cant use some unrelated monopolistic service or product?
i like the analogy but the real story is who would use such a tool. if someone feels they need such extreme measures i wouldnt dare deny them this. who in there right mind?
Facebook has a public service and one of the options is to Unfollow; someone wrote a browser extension to do this automatically for all items.
Fundamentally, what is the difference between automating this process and doing it manually?
In your example of a fax machine, arguably fax numbers are a private entity; there is no requirement for publishing fax numbers nor is fax automatically publicly listed for everyone to see. A malicious spammer would need to either obtain the fax number from a listing somewhere or brute-force the number, and similarly, the only way to __know__ that a fax has gone is ambiguous. obtain the fax number from a listing somewhere or brute-force the number, and neither is really analogous to what a browser offers.
I think your analogy conflates a few concepts incorrectly, namely that there is some unexpected or undue financial consequence to Facebook for publicly allowing users to Unfollow Groups; if the extension __needlessly__ generated traffic, this is closer to your analogy. But as I can see how the extension works (based on archived copies found on shady sites), it's not undue traffic, it's just expediting the process of manually Unfollowing groups.
Facebook shouldn't have a recourse here as I see it; the automation causes no undue burden on facebook that isn't possible by manually clicking, an arbitrary review of the extension suggests there is no undue stress on the servers that differs in any way from the traffic one might generate if they manually unfollowed groups. Automating the process indeed might be undesirable for Facebook in some way, but fundamentally the same result is achievable with manually clicking, and I think a more substantial evidence of damage is required from Facebook to justify such a threat.
If we take it to a logical comparison, should Facebook have the right to block a mouse + keyboard automation tool that I script to react at human speeds but is pixel-perfect to unfollow groups?
If the answer to this from Facebook is "yes", then the natural question is "what is the similarity between these processes?"; if the answer is "automation", then the natural question is "why is this damaging to Facebook as opposed to me just manually unfollowing??", and I'm not confident Facebook has a reasonable/strong answer to this.
If Facebook is fine with the slower method, then the question becomes "what is the real concern with the faster method? I will skip the logical follow-ups here as the response is already long.
Facebook should __not__ have the right to sue just because they don't like an activity; no one benefits from this; quite the opposite, smaller parties are actively harmed by such behavior as they lack the financial resources or confidence (or both) to respond to such a legal challenge, and this was never the intent of law. One should not need heavy financing to secure their natural rights; if Facebook wants to position that the extension is somehow illegal as per terms of service, I think the duty is on them to demonstrate how it's significantly damaging and how it differs from a dedicated person armed with a cup of coffee and an hour of free time; if Facebook cannot make a significant distinction outside of convenience for the person, then I don't see a basis for legal recourse.
I'm not sure why you think the line is this clearcut, and in the wrong direction at that, but this gets murky really quickly.
You don't get a say in how I'm using my computer. If you're exposing your HTTP server to the world and letting users access it using their web browsers, you don't get to tell me my choice of web browser (that is, HTTP agent) is not to your liking.
If their terms of service say “thou shalt not reverse-engineer”, and I want to connect my Facebook to my Friendica, UK law says that I'm allowed to do so, and Facebook is not allowed to have a problem with it – any clause in a contract that says otherwise is to simply be deleted.¹
¹: Technically, I think “ignored” is more accurate; if you're prohibited from reverse-engineering in general, the general prohibition would still apply even though it has a specific exemption. I'm not a lawyer, though.
Similar situation here. I also have certain rights that Facebook tries to deny me through their contract clauses. I consulted a lawyer and was told those could be ignored.
Apparently it's a thing in the US. People can sign their rights away to these companies. Needless to say, those counter-rights clauses have become standard in every contract. Read one of these abusive contracts and you've read them all. "We reserve all possible rights while you promise not use any of yours" summarizes every terms of service out there.
That depends on the terms - not everything goes. For example, they don't get to say that you must only use Facebook while naked.
And in this case, I would argue that this is a case where they should not have the ability to restrict this kind of interaction. If the law disagrees, then the law needs to be changed (and in the meantime, ignored to the extent possible).
> But when you use your computer to access a remote service you need to comply with their terms of service.
The only moral obligation is to not crack the server and take control of it. We won't make the server's processor execute our code. That's the line. Your computer runs your code, my computer runs my code.
Anything else is fair game. Server responds to my HTTP requests, so obviously anything I can do with HTTP requests is allowed. It doesn't matter what I use as user agent since it's the company's own code that's handling those requests.
Ironically, taking over control is exactly what big tech is doing with our computers. They take control away from us and give it to the copyright industry, to the advertisers, to everyone who would very much prefer that we users remain mere passive consumers just like in the days of television. Our computers are slowly becoming appliances.
And this is in no way transgressing their terms of service since it's doing the exact same thing any HTTP agent would do. They don't get to choose which agent I use.
In other words, either the action is disallowed completely or it's allowed regardless of my choice of user agent.
It's irrelevant how you violate their Terms of Service only that you do.
If I attempt XSS or SQL Injection against a website it is still illegal regardless of whether the HTTP request uses the same user-agent or is similar to other requests.
You're missing a crucial point, which is that an XSS or SQL injection requests are different requests from those made during regular use. The intent of sending such a request is also different.
In this case, we are dealing with the same requests with the same intent, just made with a different browser. As stated previously, you cannot force my choice of browser.
Now please tell me which (real or imaginary) ToS clause this violates and how it could possibly violate it, even hypothetically.
I never read ToS. Not being a lawyer, I have no way to know which clauses are enforcible, and which aren't. For the same reason, I am not capable of putting a correct interpretation on many of the clauses.
So I never read them. I don't consider them to mean anything. If you operate a public website, that's like erecting a billboard. You can attach ToS to your billboard, but nobody's going to read your ToS; they'll just read your billboard.
I'd like a plugin that can auto-click ToS popups. Like, click any button that says "Accept" (or "So sue me, sucker!")
I understand certain terms (such as saying you can't hit the server more often than a reasonable amount), but much beyond that I push back. If the laws allow them to make such all encompassing demands of how I use their product, well, laws can be changed, and I vote.
I disagree. I don't think that solves the problem, at all.
One: Facebook is currently being accused of damaging democracy via misinformation and their "anger promoting" algorithm. That affects me, and my leaving Facebook doesn't solve that. Two: there is the monopoly issue (if that is the right word.... the issue I am concerned about lies on a spectrum, unlike many people's usage of "monopoly"). Prior to Facebook having dominance, I used to be in the loop of what my friends are doing, because they used phone, email, etc. Now they all use Facebook and my choice to not use it (which I don't, actually) results in my not being included in a huge number of things. In that sense, I think Facebook has become like a utility, like the phone company of old. I can't just find a social network product that I prefer, and use it instead.... my friends are not on it and other social networks are not interoperable with Facebook. (as phone providers and email providers are interoperable with one another)
Teens who use Facebook products are known to be harmed. Maybe you think they should just not use these products. That will cause even greater harm to their social lives than it causes to mine, since all their friends are using it and being connected with friends is very important to teens. Again, their simply not using the product doesn't address the problem. (and MY not using it especially doesn't help)
I think your comment is like saying "if you don't like constant robocalls, just cancel your phone plan rather than encourage laws to curtail them." Kind of throwing out the baby with the bathwater.
So yeah, I'll exercise my right to vote by actually voting. Luckily, many representatives are in agreement with my perspective on this.
> Teens who use Facebook products are known to be harmed
There is nothing special about Facebook products that make them harmful.
It's a glorified message board which facilitates the exact same harmful social interaction that is prevalent on other sites e.g. TikTok, Reddit, Snapchat.
This idea that you can ban Facebook and Instagram and suddenly the internet is safe for kids is just ridiculous.
> There is nothing special about Facebook products that make them harmful.
Sure, there is. Addiction. People are addicted to this stuff. They're addicted to likes, reactions, seeing their follower numbers increase. They're addicted to the algorithmic content feeds. Facebook is actively working towards keeping it that way. They probably want to make it even more addictive. They want people using their software at all times in order to collect data and serve ads.
Why else would they C&D an unfollow extension developer? They want people to keep following so they get addicted to the infinite content plus ads feed.
Also, nobody is excusing any of the other sites you mentioned. There's plenty of things wrong with them as well and we'll condemn them for it. We're just focusing on Facebook right now because it's the subject of this particular thread.
I think this discussion applies to TikTok, Snapchat and Reddit as well. Facebook (along with Instagram) is probably the worst offender at the moment, but any laws that apply to Facebook would apply to others.
> This idea that you can ban Facebook and Instagram and suddenly the internet is safe for kids is just ridiculous.
Who said that? I don't think they should be banned, but I do think they should be regulated or otherwise held accountable. A big part of it might be being more transparent with their algorithm, and giving tools to users to control it more.
I think where we are is akin to back in the days where people realized that, no, we aren't going to ban buildings, but we are going to have building codes. We aren't going to ban food, but we are going to have an FDA. Etc. The free market doesn't address all problems.
That is exactly how it works even with the extension. By building what ammounts to a GUI to a glorified database you are deciding on the interaction level with the database.
The fact that the extensions helps automate some tasks if a different matter. If it were an industrial level scraper that scraped anything public... that could be considered malicious and can cause tangible financial losses.
This extension on the other hand... You can't really justify sending a threat like that. You can come up with excuses but that is it.
Yeah. Imagine sending a C&D to an extension developer because their software is helping people break free from their social media feed addictions. Can't have that, it's reducing ad impressions!
Web Browser is called User Agent for a reason. It is not Corporate Agent or Facebook Agent. It should grant every right to the user with regards of look and feel of web sites, and none to the website being browsed.
Web site may merely suggest how it is best served.
I agee completely. This also extends to HTTP requests and all kinds of automation. We should be able to make a custom Facebook client if we want to. There's no reason their client must be the only one allowed to talk to their servers. Competition in this is space is obviously good for us. User agents should do what's good for us, not what's good for some company. If subverting their business interests is good for us, that's exactly what the software should do. We are its masters.
Really, the user should have all the power. These companies already have what, billions of dollars? That's power enough for them.
Yeah. Their overreach in that case is even more offensive. The whole notion of Facebook having any say in the matter is absurd. Who are they to say which extensions or scripts people should or shouldn't be able to use?
> I wonder if Facebook is legally still obliged to provide all its information to the user in the EU even after banning the user, and if they comply.
If they aren't, they should be. Facebook's contracts aren't above the law which says people have a right to their data. Does the law care that the user was banned? I don't think so. Nor should a banishment somehow invalidate someone's rights.
The requests are authorized, by authenticated users. Facebook could just deny the requests or rate limit. Or stop offering the unfollow feature (which they keep moving and hiding).
If a company offers a service to the general public, you are allowed to use that service for any purpose permitted by applicable law. Even if the EULA / ToS says you can't. It says so in the applicable law.
It's legal in the same way it's legal for me to demand that you never eat tomatoes again. It's also legal for you to demand that your neighbor turn off his TV. Anyone non-government party can pretty much demand anything from anyone else. It means next to nothing. Not trying to be snarky here. It's just that I find it odd that so many people seem to think that the law is about what's permitted when it's really about what's not permitted. At least in the USA.
Arrogance and entitlement on Facebook's part though, that I agree with.
Now add the ingredients that you have a vested interest in setting an example, and have infinite resources to do so. Say you set aside a billion dollar to hammer your neighbour with lawsuit after lawsuit, no matter how frivolous. You can run this way for years while consistently losing. It’s not a matter of being right or wrong, it’s a matter of who has the longest breath. Sure After several years the tables might turn and the judges may find it odd you’re claiming such weird things, but then again you’ve been going at it for years already.
So sure there might be a moral argument on what is right or wrong, but the law in practice does not work like that. Unless a judge sets an example by nipping this behaviour in the bud with excessive fees, but good luck seeing that ever happen.
The only way I’d see the neighbour win is if a whale of an activist Party would side with him and make it clear that any legal fight will be taken up with the biggest defence possible, but this is equally unlikely to happen unfortunately.
I wasn't making a moral argument, I was making a practical one. The demand, in and of itself, means very little. Being notified may matter, but the fact that it was couched as a "demand" rather than a "request" is irrelevant. And the notice will only matter in so far as you are actually in breech of a contract or there is a tort or you are breaking a law. As you illustrated, it's primarily the ability to punish non-compliance that actually matters (via procedure, public relations, etc).
Through it all though, the fact that the other party demanded something of you instead of politely asked" or humbly requested is not really relevant. What matters is that you got notice. That's it.
I guess it is all in the definition of "demand." I interpret the word -- at least in this context -- to mean it has legal teeth, so to speak.
Even if they are enforcing their demand by way of banning users that don't comply, that may indeed be illegal. For instance, if Facebook made a demand that gay people may not declare themselves so on the platform or they will be banned, I'm sure they'd pretty quickly find themselves on the wrong side of the law.
But really, right now, something like this just gives Congress new things to grill Zuckerberg on, next time they bring him in. (which is inevitable, I think)
It does not have teeth, but it would if the developer agreed to cease and desist. It’s an offer; in return they will not sue. (From what they might propose to abstain from suing, I am not sure. And whether that agreement would be a valid contract for certainty and completeness is another issue. But the general idea is “stop this or we will sue; if you do stop we won’t sue”.)
The threat of a lawsuit counts as "teeth," to me. But only if it is significant likelihood that the lawsuit will be successful.
So the way I tend to interpret things is a bit less pedantic: "can they demand?" means (to me) "do they have a way of forcing compliance that is likely be backed by a court?"
This does have the effect of making the word "demand" less of a binary and more of a gray scale.
A fun thing about the law is that nobody cares about your interpretations of "demand" and "legal teeth, so to speak". The only important thing is that it was in fact framed as an offer: "demanded that I agree". The original question was:
> How is this legal in any shape or form?
And the answer is, any person or corporation has the power to make an offer not to sue. Consider this post a legally binding offer from me to you, not to sue you for any matter arising out of your reply to my comment. I demand thirty thousand US dollars for the covenant not to sue. You don't have to accept, but if you don't, or you agree but do not pay within 60 days, I reserve the right to sue.
You don't need any more authority or legal power than the power to contract. There is zero legal difference between what Facebook did, and what I just did. If you don't want to accept, I cannot make you. Facebook's negotiating position is only better because they have better lawyers, more money to waste on frivolous lawsuits, and the developer maybe felt they might have done something wrong.
IANAL, but have some experience with this from a business matter, resulting in obtaining advice of counsel.
And, yeah this is not a criminal matter, but a civil one, so you're right that the developer isn't likely in civil breach unless they are using FB resources (e.g. API or SDK) that they access under agreement with FB and are violating.
The irony is that if the FB standard user agreement prevents users from, say, using software to programmatically access the site, then it's the user of the extension who would be in breach with FB.
So, as long as the developer doesn't use the extension on their own FB account, then FB doesn't have much to stand on (and even then the C&D would only be applicable to the developer's use of the extension as a user).
On a related side note, if the extension actually did something not related to a specific account (e.g. scraped a public profile while not signed in), then even the user would likely not be in breach, as there is no affirmative assent (i.e. clickwrap) to terms of use required to simply visit the site.
There’s actually a concept of tortious interference, which can make you liable for assisting other people in breaking a terms of service, even if you never broke it yourself.
Yeah, I'm familiar with that concept too and actually nearly filed an action against a competitor for it (wish I had, as it was clear cut).
But, my understanding of the standard for that particular tort would make it difficult for FB to prevail. In particular, the two tests that might be hardest to meet are that FB would have to show damages and they would have to show that the developer's conduct led to the breach.
I'm not sure that merely creating a tool qualifies, especially for the latter. The user is not coerced or compelled by the developer to violate his agreement with FB.
Again, IANAL. Just thinking back to legal counsel I've received (and quite possibly misapplied here). Definitely plenty of gray area in civil law.
EDIT: Thinking back to this specific extension, it may be even harder for FB to prevail on tortious interference. The tool merely automates actions that FB makes freely available to its users. And to some extent all access to a site is "programmatic". So, I wonder how this compares to ad blockers or even other built-in browser capabilities that could "programmatically" alter the user experience when accessing FB's site. Really interesting.
I would suppose for any extension to work with Facebook the site it would need to be developed with knowledge of a Facebook page's DOM, as such the developer would need to go look at the page to be used and write code to do what the extension needs to do.
Thus I guess one legal argument would be that the ability of the extension to work proves the developer's use of Facebook the service even though they have been banned. So maybe there is something from that they can build up an argument, although it starts to sound far-fetched enough I might expect a judge to not buy it.
In theory, legality is the Judge's opinion of the law applied to circumstance. To even approach this state is extremely expensive and takes a great deal of time - on the order of years.
So, for the most part we're all on our own. And in that context, legality doesn't matter. At all. What does matter is leverage. The justice system itself is, ironically, most often used as leverage, not as a service for determining legality, but as a threat of the expense and time of getting to that determination.
Are you asking how it's legal that you can demand someone to do something?
How is anything legal? Because there's no law against it. There's no law against demanding something. You can demand (almost) anything of anyone you want.
> How is this legal in any shape or form? It is a browser extension, running on users' browsers, installed intentionally by his users. This is insane. The level of arrogance and entitlement here is mind blowing.
Google banned the Chrome extension "bypass paywalls" for doing nothing bad except annoying Google's friends.
This is why walled gardens are bad. It's not Google's place or Facebook's place or Apple's place or anyone's place to tell me what programs I can run on my own computer.
Give the source code to the extension to a developer located in an impossible legal jurisdiction like Afghanistan. Let them publish it. Good luck to Facebook hiring a lawyer and trying its luck in the Taliban's court system. Even before the collapse of the previous government in Kabul it would have been a near impossibility.
This is so awesome! Is this the start of a new thing / movement I wonder?
Such a plugin is beholden to the extension “marketplaces” so it would be good to include instructions on how to self install the extension if chrome bans it.
Donating money to a project in Iran may be legally hairy for Americans. Check the situation before doing so. I am all for helping worthwhile projects financially, but international politics is a mess.
I've seen a case where somebody had their zelle or venmo account permanently removed for sending a small transfer to their friend with the description "for the cubans" - they were paying their buddy back for an order of sandwiches.
Paypal actually did this to me for hiring an indonesian kid to sketch a t-shirt design for $50.
Before I clicked send, I verified that Paypal said they'd send the money without charging a fee. He received it, minus the fee they claimed they wouldn't charge. So, I tried to send another $10 to cover the difference and I got torpedoed into some black hole of no return.
Now I can't use paypal to buy anything without submitting a bunch of documentation, which is super weird considering I don't have to send anything like that to use their competitors' services, so it's never going to happen.
I assume it's some sort of regulation they're attempting to follow, but haven't thought through, but who knows? It's definitely costing them money, but maybe not enough to justify improving the UX.
That sounds more like urban legend than a true story. Neither Zelle nor Venmo (and it's a strike that you can't specify) have an obligation to cancel accounts based on comments.
If they did, half of the accounts in Venmo would be banned already - have you read the comments in the public feed? People know that feed exists, and use it to troll their friends all the time.
I've never seen a bank or credit card company put in any effort regarding cuban cigars. A few of the best shops are clearly illegal just because of the name alone. But they all accept visa and Mastercard
You don't even need to bother with h dark web and cryptocurrency. It will just flat out show up on your bill without issue.
ah, had a discussion with a friend about sending money with Iran in the comments. he said his poker buddies used to donate 10% of the winning for someone to help orphans in iran. in the paypal transfer he wrote "for the good work you do in iran". his account got banned and money never got returned. later his account was reinstated but money never was returned.
That's actually... interesting. It's a well established tactic to go to another country and publish your stuff from there if you like to keep annoying a government or institution. You know, Snowden is in Russia, some Russian journalists are in EU countries. It happens all the time since ever.
What if someone creates a Telegram group where developers from hostile countries(like US&Iran, UK&Russia, Japan&China) pass each other projects that are not obviously illegal but not feasible due to risk of persecution?
In this case, If FB thinks it has a case can try its luck by sending Google a scary looking letter then proceed to compel Google to remove the extension by court order.
"Our new fleet of stand-off delivery drones and inertially guided gliding packages can accurately drop your purchase onto your front lawn from 31,000 feet"
So the MVP drones will do what twenty years of trillion-dollar brutality couldn't do? Wow you seem to have an even lower opinion of the effectiveness of USA military than I do... I suspect Taliban would laugh at this idea.
I mean #1 you missed the bit where I'm not being serious? But #2, the US military is just fine at blowing up specific named people in specific locations. It's trying to mould an entire nation with their own ideas and traditions into a carbon copy of America that they're not great at. Facebook, I think, would avoid this trap.
No they really are not any good at accomplishing any military objective. The Afghan War was originally pitched as "kill this specific person". Within a month of the start of hostilities, that person had relocated to a different nation. Somehow the war went on for another decade, before an ObL impersonator who had been held by ISI for years less than a mile from PMA Kakul was ceremonially executed as an elaborate reelection campaign event. Somehow, the war also went on for another decade after that.
Of course I know this is all a joke, but I enjoy taking jokes seriously. It seems that only nations who are carbon copies of USA in the very worst sense could harm their own citizens to enforce TOS of American firms. (For instance, no one would be surprised if Australia did this.) I suspect that even a very extensive drone force would fail to accomplish Facebook's goals in Afghanistan.
Individual civilian afghans are not embargoed by US law - it's not Iran. The Taliban are, of course, embargoed and listed in various things like the OFAC list.
Hundreds of thousands of ordinary Afghans have gmail accounts, many companies use google workspace or office365, etc. For example.
I think the point was that having an Afghani publish the source wouldn't really accomplish anything because Facebook could just go after whatever service was used to publish it, instead of the person who published it.
An Afghani can access GitHub or the chrome extension store, but those are both run by American companies who will obey Facebook's takedown requests.
At least that shifts the dangerous legal-financial burden onto google's lawyers, if they want to fight a takedown request to remove an extension from the extension store.
A takedown request is only binding on a well-capitalized firm like Google if it is based on some legal rationale that could survive a test in court. It isn't clear that the request under discussion has such a rationale. At the very least Google would take this to some court and force a judge to say something about it.
Once a firm grows accustomed to following orders from their competitors, bad times lie ahead.
YouTube obeys DMCA with respect to copyrighted media. DMCA is an established system that allows services like YouTube to exist in the first place. The threat letter doesn't mention DMCA or copyright, because this extension couldn't possibly be perceived as infringing on copyright. Instead it speculates about trademarks and TOS violations. There isn't a standardized takedown regime related to those. TOS is not law.
It's true that some low-level manager in the chrome web store organization might just submit to this sort of letter. It would be a mistake for such a manager to ever receive this sort of letter. This is for the legal department. There's no way that a competent general counsel would decide that the best strategic move is to just follow the orders of major competitors. Google already employs dozens of lawyers; it's not costly to send a couple to court. In this case, the PR alone would be a huge win.
if you really want to make a DMCA complaint against youtube they will honour it, but they try to push all requests through their own DMCA-alike system that lets copyright holders file takedown notices, but it doesn't have any legal standing under the DMCA or any other country's copyright laws. the youtube takedown notice system is basically "if you ask nicely we'll take it down".
Sure, the YouTube (not Chrome Web Store which is a completely different organization) system requires far more of creators and far less of "owners" than DMCA specifies with respect to copyright. We're still talking about copyright. The extension under discussion cannot be construed as violating copyright, or even facilitating violation of copyright. That's why even the crazy overblown threat letter doesn't mention copyright. It probably would have, even if it did so without justification, if the end goal had been to take down a YouTube video. The end goal in this case was actually to take down a Chrome extension, which is only similar in the sense that the people who make such a decision also work for Alphabet.
Now you're into territory where yes, the extension is available, but nobody can find it and only the very technically astute will be able and willing to install it. FB achieves 99.9% of their goal.
Oh yeah, find someone that wants to be a target of a major US corporation in Afghanistan/third world.
You forget we have Guantanamo where people were "renditioned" with little or no legal basis either in the US or otherwise, and I believe there are people in Guantanamo that have no publicly provided evidence to be there?
All it takes is waiting for some politically opportune reason to enact a little dragnet and getting someone on some CIA list with little evidence, and BAM, You're in something like Guantanamo or even worse (client torture security services, assassination, etc).
Yes we withdrew forces, but we've been there a decade and likely have a large network of CIA contacts that would kill or injure a random Afghan civilian.
The US Government is a very very very very dangerous entity to anyone in the third world should you get on their radar. They are dangerous to US citizens with the Padilla case, antiterrorism law overreach, no fly lists, and a variety of other harassment techniques.
The state department and CIA are power extensions of the corporate elite in the United States. We have toppled regimes for oil... minerals... even bananas.
Even better fund organizations like EFF to take cases like this and make sure there is legal precedent that gives a strong footing to all developers.
Hiding in other countries is a not sustainable solution, they are going to force extension stores to remove it etc payment gateway not to process you, pushing you as a dev to the fringes and silence others
The chilling effect is the real aim, they are effectively signaling that they can come after anyone who pisses their business model of.
Better yet: anonymous git hosting as a tor hidden service. Now there's nothing they can do but rage at all the "unauthorized" extensions giving users control over their little platform.
The cease and desist seemingly has no real legal basis
It seems pretty straightforward to me - the Facebook terms of service say that you won't make scripts that interact with the Facebook site except through approved APIs, the cease and desist is telling him that he is breaking this agreement. There's no lawsuit involved, Facebook will just enforce this themselves by banning the account and making the script not work. It's not a big deal, this probably happens hundreds of times a day for various bots that people make that manipulate Facebook in different ways.
Why do we need to appeal to the differently abled?
If I own a general purpose computer, and I purchase a connection to the internet, I'm entitled to interact however I desire* with an internet service, or the information it chooses to send me.
It is not entitled to have the information it sent to me displayed in a certain way, and it certainly isn't entitled to bitch when I choose to interact with it in a way different than its preferences.
If that's what it wants, then it's welcome to sell a sealed appliance that only interacts in allowed ways. And we'll see what choices people make.
* With the exception of actions that impact others, e.g. DoS, authentication bypass, malicious hacking
If everyone is entitled to interact with the internet on their own terms, then why would that not include a service being entitled to act in a way that's adversarial to your desires?
Except that when you signed up for a FB account you agreed to access the site on their terms, not yours.
And let's be honest, and I'm the last person to defend FB, but they are not likely to be going to be going after a lone user who has automated something for his own convenience with Selenium or whatever...
Once I decided I wanted to delete a lot of old email from a webmail account. There was no "select all" function so I wrote a one-liner in the javascript console of the browser. When that worked, I automated clicking the "delete" button, and then added a loop to do it over and over. This probably violated a TOS clause somehow, but nothing ever came of it.
I have not signed up for a FB account and yet they still try to deliver payloads to my browser, in the form of tracking buttons embedded in non-FB sites. They've likewise ceded all control of those buttons, and what I do with them, to me!
I’m pretty sure it isn’t meant as a legal argument.
What entitles me to control of my computer? “My computer is mine, and you cannot have it.”.
That being said, I’m somewhat more open to the validity of restrictions for how to interact with the server.
If someone e.g. is running an MMO with e.g. in-game items with real money value, and someone else is like, distributing cheats to get these items immediately, it seems fair that the MMO owner should be able to make them stop (though, like, ideally their game would just be secure?)
But if users are permitted to interact with the server in a particular way, I see no reason to allow requiring that users actually touch their mouse and keyboard while doing things they are allowed to do using their mouse and keyboard.
But since they do require that now indirectly I have an idea....
Lets have a law that requires all large services to expose all account settings though an API(?!)
Basically, 1) you [as usual] get to set up the terms of service that your users must stick to, 2) you get to pick what account options you want to offer to the user. i.e. do you want to receive email notifications yes/no, do you want to upload an avatar yes/no, what url/email/phone number do you want to display on your profile etc 3) You do not own these settings and shall provide an API for the user to change them.
You could extend the concept with things like allowing the download of a contact list with the contacts who have this enabled and the information they chose to share. Or say offer TOS updates though the API.
But the initial goal should be for browsers to offer a uniform settings page for all websites you have accounts for.
Remember that unsolicited email check box just above that for to the terms of service? If you use the site all the time you might want to opt in but who wants to dig though a website looking for it? Maybe in hind sight targeted advertisement is just what you wanted? Maybe a feed of updated settings would be useful.
Or maybe you just want to delete your accounts in a convenient way.
Sounds like a factual argument, if facebook provides access through an open website that implements standard web api's the users can interact with it however they want/are able regardless if fb likes that or not.
> Why do we need to appeal to the differently abled?
Because it's the only avenue we have. Providing accessibility tends to require creating holes in otherwise user-hostile UX, and big companies can't give up on accessibility due to PR reasons - which makes it a perfect beachhead for people who just want a sane and respectful computing experience.
> With the exception of actions that impact others, e.g. DoS, authentication bypass, malicious hacking
It is very easy to DoS by accident with software; and while I’m in favour of totally breaking the economic model of FB in this way, doing so definitely has an impact on others (specifically the Other which is FB itself).
Because we share society with people who have various interaction difficulties and the larger community has for a long time accepted that we shouldn't deny access to daily goods and services for those people. It's like a mandate that a shop needs disabled access, it's totsllu reasonable
Agreed, but people seem to often miss this point. There is nothing special in browsers that allows them to do something that "scripts" cannot do. They are both HTTP user agents.
I hate the whole song and dance too with how you have to fake your user agent and add human like delay to interactions whenever you make a useful script on the web these days. You aren't stopping malicious behavior since they know how to penetrate these systems trivially, you just make it harder for the average user who has to learn as they go how to rope around these issues and hope they don't get IP banned along the way for making a website slightly more useful to them.
Disabilities deserve special protection, but in practice companies seem pretty good about working with usability extensions. AFAICT almost all cases where companies don't support disabled users enough, it's unintentional. There's a little bit of extra work like providing alt image tags that companies neglect, or they don't think to test on color-blind users, that sort of thing, rather than banning usability extensions for violating the TOS.
I agree with you that they shouldn't be able to ban scripting... but they're only going to use it for things that they believe hurt the website. If there's a law that says "don't do it" they can sue the people they don't like and ignore the ones they don't care about.
They can't ban the account. The account would be the downloader's and presumably, would auto-generate unfollow actions just as a user in a browser would manually. If they break the script, they'll probably break the unfollow UI for legitimate human user's and create evidence that they employ dark UI practices as a core part of their business strategy, which would be a P.R. nightmare.
If they break the script, they'll probably break the unfollow UI for legitimate human users
Messing with this is a lose-lose for Facebook.
Nah, this sort of thing really happens all the time. Think hundreds of scripts like this automatically disabled each day. This one just flukily got some press attention. Large tech companies will have teams entirely dedicated to preventing scripts from doing things while keeping the site running as normal for regular users.
The actual timeline of events doesn't match what you think would happen. They banned him and then used the threat of a lawsuit to get him to take down the extension/code.
If they could ban the account, they would have done it.
Extension is more like a automated tool. Don't need any permission from Facebook. User can install the tool, and click on a button to unfollow your friends.
Facebook could write TOS for his users not to run a script on their website.
I write scripts (userscripts) all the time. I have a script for Gmail that I use it all the time. Gmail doesn't know that.
Yeah this is the problem more generally with the legal system both in my home country of England but especially in the US. As one hn user put it so perfectly recently "the process is the punishment".
I think a lot of people in the software bubble don't realize what a huge sum even $100 is for the average person, the law only affords power and protection to the rich and already powerful.
“ A legal doublet is a standardized phrase used frequently in English legal language consisting of two or more words that are near synonyms, usually connected by "and", and in standard orders, such as "cease and desist".
The doubling—and sometimes even tripling—often originates in the transition from use of one language for legal purposes to another… To ensure understanding, the terms from both languages were used. This reflected the interactions between Germanic and Roman law following the decline of the Roman Empire.”
This is interesting. I've always worked off the assumption that while english legal documents look like english they are actuallysomething a little special. These words get tested in court cases and opinions are written about them and what them mean. So, in this case my assumption (possibly incorrect) had been that each of those words had specific legal meaning, and perhaps a venn diagram would show 95% overlap of the sets, by using both words they get 100% overlap.
(Its also why lay people shouldn't write their own contracts, because a lawyer with contract experience won't use words that haven't been tested.)
Cease - Latin to cessare meaning "to yield", then Old French.
Desist - Latin to stare (sta-re, not homonym of stair) meaning "to stand", then (still) Latin to "sistere" meaning "to stop" plus prefix de, which in this context is "an order (from top, aka court) to down (aka to you)", then Old French.
Huh.
So this is basically court-enforced stop and yielding to the other party.
My law professor told me it was a temporal phrasing: stop doing it (cease), and don't do it in the future (desist). Otherwise I could stop for one day, or in the age of the internet one minute, and then begin again: I would have ceased and resumed.
A much more related example of ignoring of ignoring a Cease and Desist is the one that Zuckerberg received from the Winklevoss twins as he and Eduardo were marketing The Facebook -- only it had some legal basis.
> The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold out much longer than everyone else.
There is no certainty in the legal system, they could very well win even if they are in the wrong. More so when they can employ an army of lawyers and put economic pressure on the system.
Not a lawyer but I believe that only applies to actual lawsuits. Anyone can send you a C&D and you can choose to ignore it. It will cost at least $300 to consult with a lawyer to even write a response. If the other party really believes they are right, they will sue you.
I can't find it now because google is garbage these days but years ago I once ran across forum thread or blog post from a small business owner who semi-regularly received random bogus patent infringement and other claims with offers to settle matter out of court for thousands of dollars.
He had a lawyer but after burning through a lot of money with carefully-written objections, he decided to just start ignoring them altogether. Which generally worked. These lawyers (and their clients) were just trolling for easy cash and never actually wanted to go to court because their claims were bogus and they would almost certainly lose.
Sometimes, however, the other party's law firm would call him on the phone to follow with their demands. He would let them yammer on for a few minutes, ask some innocent questions, and then finally interrupt them with something like this. "Here is what I have to say to your client's claim... you have a pen and paper ready? I need you to write this down. Okay, good. Here it is: 'Fuck you.' No wait, I'm not done yet. Just let me speak. I want you to also add, 'and go to hell" please. That is my official legal response. Have a nice day." And slammed the phone down.
Take the story with a grain of salt, but he said it worked 100% of the time.
The Reply of the Zaporozhian Cossacks [1] comes to mind as an appropriate response to Facebook, as does the reply of the Cleveland Stadium Corporation [2].
That would require a lawsuit IIRC, but it does have a some legal ramifications - I remember reading somewhere that C&D would make it easier for the recipient of it to sue.
It definitely doesn't help their image or any antitrust lawsuit FB might be facing.
"The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold"
Meh. Just show up. Don't hire lawyers. File motions all day to see more evidence.
> My mom was building a shed on her property, some neighbors didn't like it so they had a lawyer send a cease and desist with no legal basis
> The only problem is Facebook is huge and is willing to drag out lawsuits they won't win just to destroy people's lives because they can afford to hold out much longer than everyone else.
Convincing people that America is the land of the free, is the biggest trick the devil has ever pulled.
Yeah; she had the permits. It was kinda funny from the outside because people kept complaining to the county and the county kept pushing back saying it was approved. That shed must've been inspected 3 separate times because of a couple of neighbors who didn't even live on the same street but I guess were just bored.
The neighborhood has an HOA but the HOA actually had no actual rules because they were not properly registering with the county when they made bylaws (where my mom is all HOA rules have to be submitted to the state, otherwise they are not enforceable). Gotta love HOAs.
I recently moved into a neighborhood with a stricter HOA, after avoiding them for most of my life.
My plan is to wait until February 2022, and build the ugliest golden Trump mailbox I can slap together. Then, when they ask me to take it down, request an appeal, and film the ensuing meeting. Then, send said video to Fox News et al. Then, run for HOA on a platform of abolishing the HOA.
... I really don't like neighbors telling me what I can and can't do.
Well it is being used as a tool in the literal sense. Who it applies to of all parties mentioned above in the perojative sense will be left as an exercise to the reader (as it is a matter of opinion).
As a computer scientist who makes a living from developing new technology, I hate that many of my peers seem to think the solution to every problem is a piece of technology or some app.
Seriously, this is sad, and feels so cold. As others have mentioned we have service dogs in hospitals to visit kids. And also as others have mentioned, the hospital that piloted this is funded partially by the toy company Mattel, so I question the bias in this study.
It's probably because the social robot is unusual/different/fun for the children. In the future, if everything is done by robot, then you'll see a study which claims "a visit from a social human improves hospitalized children's outlook"
Yeah; I definitely think for kids it has a certain novelty that makes the hospital stay more interesting and enjoyable. I don't think this could scale beyond a fun novelty though; but that is more of just a personal opinion on my part.
I am glad your peers are not burdened by your cynicism and are willing to try new things. If these things do not work, then do not use them. Your cynicism should be reserved for the deployment/productization of these technologies in the face of research that says they do not work. The research itself should be encouraged!
Do you believe that this problem is already solved and not worth the researcher's time? If so, that reflects negatively only on you and I am glad others are striving to do even better.
Of course such studies should be reviewed and critiqued, but it is intellectually lazy to point only to the source of funding without further consideration.
Also a reply on hacker news is not the place for me to go into a complete peer review of this research. I am merely pointing out that they are promoting essentially a toy and the hospital is funded mainly by a toy company.
Also, no, I don't think that this research is necessarily a waste, but I would caution people from thinking this solves anything meaningful, and also would caution people from using this technology in lieu of real human interaction.
It is a novelty, a fun toy. My cynicism comes from seeing people trying to automate human interaction in seemingly every facet of life. My point is not everything has a technical solution, and beyond a small research project I could see larger scale versions of this being detrimental to patients since it will be used in lieu of other non-technical solutions.
My reply was a deliberately harsh reply to what I perceived as an (undeliberately) harsh/cheap critique of the work presented here.
These researchers spent seven months interacting child patients, some of whom were likely terminally ill, in an effort to make one of the hardest experiences of their lives a little less difficult. They would spend an hour interacting with and playing with the children via the robot. 90% of parents found the experience positive enough to request another visit.
There is plenty of room for valid critique here. Perhaps the kids would have preferred an Xbox. Perhaps the novelty will wear off quickly.
There is less room for critiques like "this feels sad and cold" or knee-jerk reactions about techies trying to solve everything with technology. If you had paused and asked yourself "Who even ran this study?" you would have noticed that the lead author is not even a techie but a doctor! Presumably they have some exposure to the problems these children face.
I was frustrated by your comment because you have allowed a misplaced cynical view to halt any curiosity you might have had about this study. Your cynicism allowed you to immediately dismiss it.
My comment was deliberately harsh. I think you should re-read your comment and imagine how Dr. Gabriel Oland or other members of the team might perceive it.
Alright; fair enough. If I am willing to give criticism I need to also be willing to be criticized.
I stand by my original comment though. I really don't think the team should take my feedback as a personal insult, it is simply my own personal view on it, not a formal critique.
I read the research because I was genuinely curious, and I still think it feels like it falls in line with the old adage "when you have a hammer, everything looks like a nail". The fact that the lead researcher was a doctor doesn't change that for me.
I dislike a lot of projects like this because I have had experiences in my industry where people want to optimize and automate everything. Perhaps this will work, but in my experience things like this fall flat; I am always opened to being surprised though, and I certainly will not be upset if this does end up helping people and my read on it was wrong.
It is kinda funny, right before this whole Facebook thing happened I started trying to explore BGP more. I actually found a really cool guide(https://labs.ripe.net/author/samir_jafferali/build-your-own-...) from RIPE that walks you through setting up an AS to do anycast.
I have been doing some pretty heavy networking stuff for years, but I finally got an AS number and IPv6 block assigned to me. My thought is that if it is cheaper to just do something to learn it rather than taking a class you should just do it.
The least expensive way, if you have a networking presence in their service region, is to retain the services of a sponsoring LIR in the RIPE area. For example, Securebit will do it for 60CHF setup and 15CHF per year: https://www.securebit.ch/internet/resources
You need to show that you will have connectivity through two upstreams to justify receiving an ASN. This is easy to do, pick two providers from bgp.services (or pick one other provider and also list Securebit's tunnelbroker.ch service).
You will also need to show that you have a network presence in the RIPE service area. This is also easy to do, rent an inexpensive dedicated server or a couple of BGP virtual machines in Europe and have a copy of the invoice ready to give to your chosen sponsoring LIR.
Regarding IPv6 blocks, there are two types of IP space assigned from the registries: provider aggregated and provider independent space. The latter is directly assigned to you as an end user for your own use (you can't assign it to customers for their networks, for example). If you have PI space, you can move it from one LIR to another without changing numbers. The free IPv6 space that LIRs and others will lend you is PA space so you can't take those numbers with you. There's no real distinction if you are just learning, but you might want to choose a sponsoring LIR bundle that comes with PI IPv6 space in case you think you might change LIRs and want to keep your existing IP setup.
Oh, one other thing: the provider independent assignments from RIPE are /48, or the smallest IPv6 subnet that can be announced (akin to an IPv4 /24). If you want to announce multiple IPv6 subnets into the global BGP table, you will need a larger allocation, usually from your sponsoring LIR. Every sponsoring LIR I've seen will give you anywhere from a /44 to a /40 for free and that's many /48s for you to play with.
(It's no longer possible to get PI IPv4 space from registries. You'd have to buy it on the open market and it is expensive. You can either buy IPv4 PA space from the open market or you can join RIPE and get a single /24, and both are expensive.)
If you are at all interested in networking, I highly recommend doing this or joining the private DN42 network that's mentioned elsewhere in the thread. Setting this all up and actually seeing your IP addresses respond to pings from a machine halfway around the world is, to me, an amazing feeling.
We aren't going to run out of 32-bit (six digit) ASNs or IPv6 addresses any time soon, so you're not consuming a scarce resource by doing this.
Awesome writeup; I used SnapServ and so far the guy that runs it has been nothing but awesome. I am not experienced what it comes to this specific area of networking since it is my first time trying to get my own IP block; he walked me through everything and even corrected dumb mistakes I made in my RIPE registration with great explanations as to what my mistakes were.
BGP is spoken between networks. There are a lesser known "IGP" protocols stitching together the insides of those networks. IS-IS and OSPF being the most notable. Though the nature of the beast is that when you screw up BGP everyone sees it, and when you screw up your IGP it could just look like servers or load balancers having a bad day. Though if a telco messes them up everyone notices.
