Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lukeschlather 4 hours ago

I really don't understand how this is legal. I guess Facebook maybe doesn't actually have any compliance requirements in the USA, but time series screenshots of any SRE's screen are going to contain data that should not be stored by some data vacuum. I know Meta has a reputation for shitty data handling practices and US regulations are light compared to Europe, but how are they planning on securing passwords, encryption keys, PII, etc. ? Can employees turn this off at their discretion? What happens if someone forgets to turn it off before they cat the companywide ssh root private key? Even setting aside legality, someone with access to this training data would have what sounds like an unacceptably broad level of access to company systems unless Facebook wants to get hacked.

kube-system 3 hours ago | parent | next [-]

This is legal for most businesses under US law, especially on company devices. And unfortunately not unheard of. Compliance with this data is typically handled in the same way you'd handle any data access situation -- by restricting access to the screencaps to a specific group of people.

Not that I support it -- but typically companies don't do this in spite of security concerns, they do it to address security concerns. But of course, what meta is doing sounds like a different situation. It sounds like they want to make a model that replaces part of their workforce.

lukeschlather 3 hours ago | parent [-]

I understand the security spyware, though I think it's somewhat questionable there. But this sounds like deliberately putting all of your most sensitive data in a blender and then inevitably letting anyone get a taste of the smoothie.

kube-system 3 hours ago | parent [-]

Just like you'd secure data on a normal internal production system, I'd presume one wouldn't simply let anyone get a taste of the smoothie. But who knows -- move fast and break things, I guess.

avaer 3 hours ago | parent | prev | next [-]

This data is going to get leaked in a breach. It will be used against you in a court of law. It will be used for training and (regardless of what anyone says) will be used to fire you once the AI can do your job.

And when all of the above happens Meta will be absolved of any responsibility.

I don't understand how it's legal either. I guess we need laws against it yesterday.

2ndorderthought 3 hours ago | parent [-]

It doesn't have to get leaked. They can sell it and use it as another means to identify Internet users. Meta is pretty infamous for identifying, tracking, and understanding user behavior. We are kind of past the point where these companies care at all. If you think the push to add age verification to operating systems is an unrelated giggle I envy you. Something something Cambridge analytica.

kube-system 3 hours ago | parent [-]

I think it's their employees here that have cause to be concerned, not internet users.

Meta already has literally have billions of people's personal profiles and browsing history.

I don't think screenshots of their SWE's IDEs is going to be useful for identifying internet users.

2ndorderthought 3 hours ago | parent [-]

They could perfect it in house and then roll it out as a product. The way people type and use a mouse are pretty identifying especially when coupled with other things.

I do agree screenshots themselves are less useful for that.

kube-system 3 hours ago | parent [-]

That doesn't make any sense.

1. Why use their employee's data to fingerprint input? They could do that to a billion+ of their users instead.

2. Input fingerprinting is multi-decades old science, there are already production products that do this.

numpad0 3 hours ago | parent | prev | next [-]

All psychological experiments that loosely relates to Web became default legal when A/B tests became normalized after Google started it. It is not something that may be covered by blanket waivers. It's something that require participation under free will and independent review boards and such. For every single one of those little tests.

The cat is out of the bag, but that doesn't mean it's a non-issue.

4 hours ago | parent | prev [-]
[deleted]