Comment by lukeschlather
15 hours ago
I really don't understand how this is legal. I guess Facebook maybe doesn't actually have any compliance requirements in the USA, but time series screenshots of any SRE's screen are going to contain data that should not be stored by some data vacuum. I know Meta has a reputation for shitty data handling practices and US regulations are light compared to Europe, but how are they planning on securing passwords, encryption keys, PII, etc. ? Can employees turn this off at their discretion? What happens if someone forgets to turn it off before they cat the companywide ssh root private key? Even setting aside legality, someone with access to this training data would have what sounds like an unacceptably broad level of access to company systems unless Facebook wants to get hacked.
This is legal for most businesses under US law, especially on company devices. And unfortunately not unheard of. Compliance with this data is typically handled in the same way you'd handle any data access situation -- by restricting access to the screencaps to a specific group of people.
Not that I support it -- but typically companies don't do this in spite of security concerns, they do it to address security concerns. But of course, what meta is doing sounds like a different situation. It sounds like they want to make a model that replaces part of their workforce.
I understand the security spyware, though I think it's somewhat questionable there. But this sounds like deliberately putting all of your most sensitive data in a blender and then inevitably letting anyone get a taste of the smoothie.
Just like you'd secure data on a normal internal production system, I'd presume one wouldn't simply let anyone get a taste of the smoothie. But who knows -- move fast and break things, I guess.
This data is going to get leaked in a breach. It will be used against you in a court of law. It will be used for training and (regardless of what anyone says) will be used to fire you once the AI can do your job.
And when all of the above happens Meta will be absolved of any responsibility.
I don't understand how it's legal either. I guess we need laws against it yesterday.
It doesn't have to get leaked. They can sell it and use it as another means to identify Internet users. Meta is pretty infamous for identifying, tracking, and understanding user behavior. We are kind of past the point where these companies care at all. If you think the push to add age verification to operating systems is an unrelated giggle I envy you. Something something Cambridge analytica.
I think it's their employees here that have cause to be concerned, not internet users.
Meta already has literally have billions of people's personal profiles and browsing history.
I don't think screenshots of their SWE's IDEs is going to be useful for identifying internet users.
3 replies →
All psychological experiments that loosely relates to Web became default legal when A/B tests became normalized after Google started it. It is not something that may be covered by blanket waivers. It's something that require participation under free will and independent review boards and such. For every single one of those little tests.
The cat is out of the bag, but that doesn't mean it's a non-issue.