Seriously, Andrew? How about this: instead of spending a nice Sunday afternoon with my wife in the park, I, secret blackops covert Facebook employee, am reading and trying to understand 30-odd blog posts like this one. :(
You bring up a very good point. Perhaps the permission model is flawed because it's based on contract law, which usually assumes both informed and motivated consent. The low stakes of a permission dialog may be a difference in degree that becomes a difference in kind. Your simpler model, which is a kind of lazy evaluation of permissions, is interesting but I humbly suggest that it should be thought out more.
But your point is buried under paragraphs of fear-mongering and attempts to pre-empt any sort of counterargument or constructive discussion. If you want to have a reasonable discussion, ok. My email is in my profile or we can have it here. Otherwise this is just another hasty hitpiece.
EDIT: I tend to agree with the response from Facebook employees that me claiming there is covert action on this forum is very questionable. I put some strikethrough in the original post. Now, let's get back to the points that aren't so ad hominem.
As a Facebook employee, you might not like the analogy, but it's a good metaphor. I really want what FourSquare has to offer - I want to connect with all my Facebook friends. However, the catch is that I can literally ONLY get this by allowing them to post to my wall. How is that not a good parallel to a devil's bargin?
2) "preys on our children" - As I understand it, minors can use Facebook. Minors then get tricked into allowing wall posts in order to get gems and little nothings in games. That's preying on children, much the same way Angry Birds and the social iPad games prey on children with the Mighty Eagle and what not.
3. covert influence by engineers - I just don't believe the sudden rush of Facebook engineers to comment on Hacker News didn't start with some conversations in Facebook. I don't really have any proof for this, except I've never heard from any of you on this forum until recently, and then several people all at once.
Also, typically commenters who have affiliations will call them out in their comment - it's nice that you and these other guys list yourselves as Facebook employees in your profiles, but not doing the disclosure explicitly seems to smack of the same attitude that makes the Facebook platform so insidious.
I think the article's point is fair - that the Facebook platform basically mandates developers ask people for all sorts of permissions when they want to do just once thing. And I don't blame FourSquare.
As for the rhetoric, I regret it - not because I think it's unfair, but because it didn't get the article the attention I think it deserves, so I failed.
We've gone far off the topic now, but I hope we can come back to it someday.
"I've never heard from any of you on this forum until recently"
I've been an HN user under this handle since it was called "Startup News", and I've seen your username here and there for years. For what it's worth, I'm a longtime HN user and I care about what goes on here.
I can't help that you think it's "insidious". If you look at my comments I often also mention that I work for FB explicitly. Honestly it gets tiresome, and I feel as though it can hurt what I'm saying as much as it helps, as it can come across as boosterism.
I really am spending an afternoon on the couch reading these things, because blooms of posts often occur after feature launches. I care what people think, and I don't always agree with the things we launch, and there are often very insightful critiques, eg randomwalker. No one asks me to do it. If someone makes a claim about, say, security or ads, I might ping a friend who knows more about that area. We're not omniscient.
I prefer hearing from real people than PR-pasturized stuff two days later. But now you're giving me stick for doing even that. What would you prefer? No response at all?
Obviously Facebook employees talk to each other about when they're being slammed to the degree that we (as a company, and as individuals) have been recently. There's been no rallying cry for everyone to rush to HN - we want to be here and correct factually inaccurate information and explain how things work and why things are being done from a vision and technical point of view.
You'll note that pretty much everyone who posts to HN are long-time members (aristus created his account nearly 5 years ago, and has 4k+ karma, lbrandy 3.5 years ago with 2k+ karma). I only created an account of my own 9-ish months ago (before I started at Facebook), although I'm a long-time reader. This isn't a sudden rush of support from people who don't consider themselves part of this community.
We usually identify ourselves as employees (you can take a look through comments from aristus, mkjones, finiteloop, myself), and as you say, most of us include our affiliation in our profiles as well in case we forget to on a particular comment. This isn't by chance - we're told early on that anonymously/covertly posting about Facebook is incredibly not cool.
I think you're making two good points, and thank you for engaging.
1) The permission model, ie "ask for everything up front" may be broken. A few times I've forgotten that I approved some app or another and was surprised when it pops up. It's depressing how many apps ask for the world because they think they will need it. This breeds a little fear each time I get that permissions screen.
Once upon a time I happened to work with Yahoo's OpenMail platform, and we had exactly the same problems. I don't think this is malice. At most we (FB and everyone else using this model) are being stupid.
2) The permissions are not granular enough, and the model forces otherwise good apps to behave badly in order to create a viral loop. I think (hope) this will get better with the new Open Graph "verbs".
Your proposed solution is interesting. Some mobile apps do this, eg only asking for access to your GPS info once you hit a feature that uses it. I don't think it completely solves #1 though it makes the connection between feature and permission more apparent.
This model can also have "coercion", ie an app asking for nothing up front but being effectively useless unless you allow it. This is the "crippleware" model, and you already see it in nominally free mobile apps that don't work until you make an in-app purchase.
I don't know the right answer either. My question for you: can you imagine a world exactly as it is, broken perm model and all, that did not result from concerted evil motivations?
Most people know that stories can be flagged on Hacker News, but I didn't know until today that stories can be silently and opaquely de-front-paged. I posted this op-ed on Facebook, and it eventually caught on and made the front page, probably because a Facebook engineer commented and called attention to it.
So, there I am hanging out, browsing around the web, watching a little StarCraft 2, discussing the article and comments with my friends on Gmail and GChat - when poof, the story is gone. Not dead gone, like it had been flagged by a moderator or a bunch of users in the normal fashion. Not dead gone like you could tell someone had flagged it.
Instead, my story has been silently assassinated. It's still live, and it still shows up under New, but it no longer rates the front page, even though it outscores other articles.
Wasn't it Foursquare thst in this case pushed you to the wall-post level? Sure, Facebook provided the tool, but Foursquare made the decision most proximate to your discomfort - maybe they should get top-billing in the critique.
"it preys on our children"
"covert influence by their engineers on forums"
Seriously, Andrew? How about this: instead of spending a nice Sunday afternoon with my wife in the park, I, secret blackops covert Facebook employee, am reading and trying to understand 30-odd blog posts like this one. :(
You bring up a very good point. Perhaps the permission model is flawed because it's based on contract law, which usually assumes both informed and motivated consent. The low stakes of a permission dialog may be a difference in degree that becomes a difference in kind. Your simpler model, which is a kind of lazy evaluation of permissions, is interesting but I humbly suggest that it should be thought out more.
But your point is buried under paragraphs of fear-mongering and attempts to pre-empt any sort of counterargument or constructive discussion. If you want to have a reasonable discussion, ok. My email is in my profile or we can have it here. Otherwise this is just another hasty hitpiece.