We took these actions to stop unauthorized scraping and protect people's privacy
It's not really unauthorized if people installed the pluggin for the express purpose of providing the researchers with data about the ads they received and how their personal information may have gotten them targeted for those ads. Given IRB requirements, that would have to have been made clear to users as well. Not like the click-wrap "I agree" buttons Facebook and other use to keep knowledge what users are giving to them opaque.
I believe FB is being purposely disingenuous with its statement there - using the language of user privacy and security to protect itself from third-party academic research.
The authorisation it talks about here is not the users - it’s their authorisation. The privacy concerns are the advertisers (yes, really - they claimed at one point some adverts include names and contact details for the advertiser, and hence constitute private information). That’s why they say “people’s privacy” without explicitly identifying the people they are protecting.
> they claimed at one point some adverts include names and contact details for the advertiser, and hence constitute private information
So if Facebook allowed ads do contain PII haven't their privacy protections already failed? And if advertisers are allowed to include PII by design then it cannot really be private. If it is private then surely users whom the ad targets have a right to record their experience.
They are referring to the privacy of _other_ users whose information could be scraped by these plugins, contrary to the privacy guarantees of their post (e.g. "only my friends can see this"). I'm sceptical of Facebook's motivations, but we should at least be accurate.
This is possible with any extension that can scrape site data or every camera ever made. Also the source of the extension can prove such exfiltraion is not its purpose.
This extension is explicit about scraping and storing data from Facebook, which obviously makes it rather more of a target.
And I'm not sure what the point of bringing up a camera is - obviously Facebook can't stop people doing that, but I can't see why that entails that they should simply do nothing about any scraping of data.
By unauthorized, they mean unauthorized by Facebook. They own their users and they'll be damned if they let some researchers shed light on their user exploitation activities.
In this day and age, mere mortals are not allowed to do anything that goes against a corporation's business interests. If it costs them money, it might as well be illegal as far as they're concerned.
It's not really unauthorized if people installed the pluggin for the express purpose of providing the researchers with data about the ads they received and how their personal information may have gotten them targeted for those ads. Given IRB requirements, that would have to have been made clear to users as well. Not like the click-wrap "I agree" buttons Facebook and other use to keep knowledge what users are giving to them opaque.