[HN Gopher] Facebook sues two Chrome extension makers for scrapi...
___________________________________________________________________
Facebook sues two Chrome extension makers for scraping user data
Author : dane-pgp
Score : 130 points
Date : 2020-10-02 12:27 UTC (10 hours ago)
(HTM) web link (www.zdnet.com)
(TXT) w3m dump (www.zdnet.com)
| kerng wrote:
| This is funny, its like Facebook is suing itself - what a strange
| world we live in.
| stanrivers wrote:
| This is interesting - instead of suing under the idea that
| scraping itself is wrong (courts have ruled that public
| information that you can get on websites can be scraped... I
| think it is something like 50%+ of web traffic in the U.S. is bot
| traffic), they are suggesting that scraping through a logged-in
| account is somehow different.
|
| If the user of the account consents to have the plugin installed
| on their computer and is made aware that the plugin will scrap
| this data, you could argue that there is nothing wrong here.
|
| However, people post on Facebook under the idea that the
| information they share will only be viewable by their friend
| group (or as dictated by their privacy settings).
|
| That's where this gets interesting... does the friend group of
| the person with the plugin have any rights to privacy that
| dictate what the person with the plugin can do with their data?
|
| If I take a picture of a newsfeed, for example, that has
| information my friends have posted, and share that somehow - am I
| violating their privacy _legally_?
|
| If not, how is this different?
|
| Will be interesting to follow this one.
| devit wrote:
| Pretty sure that either the user is not aware at all of the
| scraping, or anyway the scraping is not done in the user's
| interest and the user is not in a position to fully understand
| the implications, so it is a clearly malicious operation.
|
| In other words, they are abusing the user's trust to access the
| user's private data for their own profit, hence defrauding the
| user, and engaging in unauthorized access to the data shared
| between the user and Facebook without either party's full
| informed consent.
| colinmhayes wrote:
| I don't think facebook is serving ads in the users interest
| and the user doesn't understand the implications either. The
| user has to understand that there's no free lunch.
| philjohn wrote:
| It's a GDPR lawsuit waiting to happen, no?
| frenchyatwork wrote:
| This is also interesting, because people (mostly my friends)
| also use Facebook as a tool to share pictures and other PII
| about me without my consent. In that regard, I don't know if
| there's a clear difference between Facebook and these
| extensions.
| neves wrote:
| Really impressive is that the extensions are still in Chrome
| Store. Why didn't Facebook ask Google to remove them?
| gildas wrote:
| They are not.
| worstenbrood wrote:
| _Inserts spider-man pointing meme_
| Spivak wrote:
| This is going to forever be the disconnect between privacy
| advocates and companies handling user data.
|
| For FB/Google and other data stewards privacy means keeping
| your data safe from others because they consider themselves a
| trusted party.
| dhimes wrote:
| If not a trusted party, they perhaps more importantly
| consider it a competitive advantage that they'll defend my
| any means available.
| arcturus17 wrote:
| What they tell the public - and even delude themselves with
| -, versus what really drives them.
| esperent wrote:
| What Facebook considers is not what matters though. They've
| shown time and time again that they are terrible stewards of
| people's private data. They should not be a trusted party,
| and Google isn't far behind. Being sympathetic to their point
| is view when it comes to privacy is entirely the wrong angle
| to take.
| [deleted]
| stevenicr wrote:
| I've wondered if something like this was coming for
| honey/joinhoney extension..
|
| Sure pulling info from PortalX that us public is on thing - but
| what if Amazaon starts adding coupon codes for logged in users
| only? or even if not logged in, but recognized user - adds
| special promo price for doing thing Y.. at that point they are
| scraping non-public data. They would also be using that data for
| other purposes than just the single user who is accessing it -
| most likely..
|
| I find the lack of privacy discussing in the joinhoney ads I've
| heard to be a bit distressing personally.
|
| Just looked at their privacy policy, and I wonder if "Honey does
| not track your search engine history, emails, or your browsing on
| any site that is not a retail website (a site where you can shop
| and make a purchase)"
|
| Is purposefully trying put into user's mines, retail, you know
| like home depot, bed bath, etc.. but the way it's written can
| include online retail portals.. but with "(a site where you can
| shop and make a purchase)"" added as a qualifier - wouldn't this
| include pornhub and similar places?
|
| Fingers crossed the browser makers will include on-off toggles
| for extensions soon - similar to how uBlock origin has - would be
| great to have a whitelist list of sites that I could have my
| browser remind me that I can turn on SpyShoppingExtensionToCheck
| - then auto turn off when leaving set list..
|
| I avoided so many chrome extensions that said 'perms to view /
| change all web pages/ - even though I may have really wanted to
| use them on blankTube and yaddaTube - I didn't want them reading
| all web pages, and the current UI for turning off and on is not
| optimal imho.
| johnward wrote:
| For those that don't know, there was a public case about the
| legality of scraping involving HiQ and LinkedIn
| (https://www.forbes.com/sites/emmawoollacott/2019/09/10/linke...)
|
| TL;DR; It was considered to be legal because HiQ were scraping
| public profiles.
|
| This case may be a little bit different because these scrapers
| seem to target both public and private data.
|
| Also see: https://medium.com/@tjwaterman99/web-scraping-is-now-
| legal-6... (which mentions a facebook example very similar to
| this)
| beagle3 wrote:
| It is also different because the scrapers are acting as agents
| of individual users.
|
| Those individual users likely go against FBToS in doing so -
| but the browser extension maker is not a party to those ToS.
| extra88 wrote:
| > the scrapers are acting as agents of individual users.
|
| According to the article, it's the reverse, the individual
| users are acting as paid agents of the scrapers, a proxy
| giving scrapers access to data through the users' access to
| Facebook.
| beagle3 wrote:
| The extension is still impersonating or watching the user,
| with full permission from the user (acting as its agent,
| it's UserAgent even) - if anyone broke FB's ToS, it's the
| user, not the maker of the extension.
|
| I wonder what legal principle gives Facebook standing to
| sue the makers of the extension.
| extra88 wrote:
| Even if the specific act of letting the extension run is
| the fault of each user and presumably means they each
| violated Facebook's ToS, they can probably sue the
| extension makers for bribing the users to violate the
| ToS.
|
| Each user only chooses to install the extension, the
| extension makers choose what data to scrape and I'm sure
| at least some of what's scraped truly belongs to
| Facebook, not their users or customers.
|
| If a Facebook account can be considered a technological
| barrier protecting intellectual property, they could sue
| under DMCA anti-circumvention provisions. The users
| installing the extension could be accomplices but they're
| not really the ones scraping and collecting the data.
| beagle3 wrote:
| > If a Facebook account can be considered a technological
| barrier protecting intellectual property, they could sue
| under DMCA anti-circumvention provisions.
|
| It would also likely make screen readers, screenshots,
| and many other things illegal. I don't think it can be
| considered a "technological barrier", but who knows what
| courts will decide.
|
| That said, I'd be surprised if that's the angle Facebook
| is taking - because they did (and still do) the same
| thing with their phone apps collecting ("scraping")
| address book records and uploading them to facebook
| servers -- and that would be an estopple-able admission
| of guilt if they do (even if the courts decide against
| them in THIS particular case).
|
| I'll wait till more details come out.
| edmundsauto wrote:
| IANAL, but if I make a tool whose purpose is to violate
| the FB ToS, I could be liable under torturious
| interference (I think that's what it's called).
| Basically, I can't make money off of things that violate
| other people's contracts.
| Reelin wrote:
| I think tortious interference
| (https://en.wikipedia.org/wiki/Tortious_interference)
| requires having the specific intention of causing the
| violation to occur. Not just that one party happened to
| be motivated to break contract because of something you
| did but rather that your actions were motivated by
| specifically trying to get them to break the contract _in
| and of itself_.
| beagle3 wrote:
| Do you know which jurisdictions have a precedent of ToS
| being considered a contract?
|
| Being a one-sided, no negotiation and with no "meeting of
| minds", most European jurisdictions won't consider this a
| contract -- facebook can kick any user out, but it is
| unlikely they could recover damages from anyone (or have
| standing). At least that's my impression -- though US
| courts, especially in states that have UCITA or similar,
| are more likely to consider this a contract.
|
| edit: I've found two jurisdictions, and both of them
| require proof of actual economic harm for standing (among
| many other things). I'll wait for more specific details
| about Facebook's approache.....
| Reelin wrote:
| In the US at least, yes, but it varies based on the
| specific situation.
| (https://law.stackexchange.com/questions/13549/)
| muunbo wrote:
| In other news, the pot calls the kettle black
| akersten wrote:
| Facebook should lose this one. Secret shopping isn't illegal, and
| using tools to secret shop isn't illegal either. Going after
| camera manufacturers because they are tools used to secret shop
| _certainly_ isn 't illegal, even if the camera was called the
| "SecretShopper 3000" and paid you to do it.
|
| The users on the other hand, if they were unaware of what the
| extensions were doing in exchange for that money, might have a
| case against the extension manufacturers. But how could Facebook
| possibly have standing?
|
| Not a lawyer, the above are feelings.
| ffpip wrote:
| Even amazon does this.
|
| https://chrome.google.com/webstore/detail/alexa-traffic-rank...
|
| 700k users
| ceejayoz wrote:
| Is there any evidence Amazon is scraping user profile data,
| friends lists, etc. with that?
|
| "Measuring traffic" and "harvesting data" aren't the same.
| postalrat wrote:
| It's advertised to scrape search queries. I assume it could
| be scraping other information as well.
|
| Is there any evidence it is not?
| safog wrote:
| I guess to take this one step further, if these extensions become
| ad platforms by themselves and replace ads that facebook puts in
| your feed w/ their own ads, what would happen?
|
| uBlock origin (basic) - blocks facebook tracking, does not track
| you, inserts non personalized ads.
|
| uBlock origin (premium) - 1$ / mo. Blocks all ads.
|
| As an example.
| cookiengineer wrote:
| > if these extensions become ad platforms by themselves and
| replace ads that facebook puts in your feed w/ their own ads,
| what would happen?
|
| This is literally what ISPs do these days.
| jefftk wrote:
| ISPs injecting ads is one reason that everything should be
| HTTPS now
| neilparikh wrote:
| Doesn't the Brave browser do this?
| lgats wrote:
| I wonder if this will go the way of the LinkedIn profile scraping
| case:
|
| https://news.ycombinator.com/item?id=21241395
|
| https://news.ycombinator.com/item?id=22180559
| lukejduncan wrote:
| Didn't LinkedIn lose a lawsuit that forced them to allow
| scraping? How does that not apply here?
| dane-pgp wrote:
| I wonder if the court would rule differently if the extensions
| were designed to enable interoperability with other social
| networks. Admittedly it would be a rather awkward UX if you had
| to browse pages in FB before returning to your preferred social
| network to view the scraped data there.
| SimeVidas wrote:
| What does scraping user data from Facebook mean? Deleting it?
| [deleted]
| cookiengineer wrote:
| Scraping != Scrapping.
|
| One is acquiring data on a large scale, the other one is
| throwing data in the trash.
| shajznnckfke wrote:
| If people are going to be mad at Facebook for allowing Cambridge
| Analytica to get access to user data by tricking users into
| providing access to their data on Facebook by installing apps,
| they really ought to support Facebook in the effort to block
| these entities who are pulling the same scheme with chrome
| extensions.
| asdfasgasdgasdg wrote:
| Not only that, but recognize that any location where people
| share information about themselves is susceptible to attacks
| like this. Even personal blogs. If you make it so that your
| friends can see things about you, and your friends are wont to
| install extensions, then you are vulnerable to this kind of
| attack. Decentralized open source solutions will not help with
| this problem. Quite the opposite: who will fund the lawsuit?
| shajznnckfke wrote:
| Facebook had to dedicate some resources to even go looking
| for extensions like this. They only have 5000-10000 installs.
| IMO it demonstrates a change in the company's attitude toward
| protecting user data from the old days of letting people
| download the entire social graph of the US.
|
| And there is a real trade-off here. 10 years ago everyone
| would be hating them for cracking down on the open web if
| they did this, and calling it anti-competitive to silo user
| data.
| wolco2 wrote:
| Isn't that what they are doing. I'm not a big fan of
| facebook policing others while they horde data themselves.
| asdfasgasdgasdg wrote:
| They view themselves as an agent of their users. The
| users willingly give them data, with the intention of
| sharing it with a select audience. As the user's agent,
| one should generally abide by their wishes, and
| especially prevent the data from being shared further
| abroad than the user intended.
| bredren wrote:
| I'd argue most Facebook users do not know the difference
| between what FB does with their personal info and what
| this other organization does.
|
| For those that installed the extension, one is Facebook,
| one gives free gift cards. Both are "okay."
|
| So I don't see this as protecting users so much as
| ensuring no one else monetizes their data.
| asdfasgasdgasdg wrote:
| It's not about the user who installs the extension. It's
| about the user's friends.
| ysavir wrote:
| Unless Facebook stopped creating shadow profiles of non-
| users (have they? I'm not a user and don't keep up with
| it) I don't think they have a leg to stand on.
| Jon_Lowtek wrote:
| > Facebook had to dedicate some resources to even go
| looking for extensions like this.
|
| Its called "data abuse bounty program"
|
| You find an app like this, rat them out to facebooks legal
| team, you get a small bounty and FB sues them for fame and
| profit.
| shajznnckfke wrote:
| Interesting if you can get a bug bounty for reporting
| this. I think if an enterprising bounty hunter heard
| about that, a bunch of anonymously authored extensions
| might start mysteriously appearing. It might pay better
| than building web apps for people on upwork.
| tqi wrote:
| Yeah it's interesting to me that people are disregarding the
| parallels. Is Facebook responsible for keeping your (and your
| friends) data out of 3rd party hands or not? Maybe if the
| makers of these extensions were affiliated with GOP PACs...
|
| EDIT: Also to be clear, I do think it is Facebooks
| job/responsibility/obligation
| Reelin wrote:
| > Is Facebook responsible for keeping your (and your friends)
| data out of 3rd party hands or not?
|
| They are responsible for the activity that they directly
| facilitate on their own platform. They have legal authority
| over the interactions they directly engage in (ie with
| users). They have no say (legally or otherwise) over what
| goes on outside the bounds of their own platform and thus no
| responsibility for it.
|
| Regulators, not individual actors, are the ones with
| authority over the broader ecosystem. GDPR and CCPA are
| examples of such.
|
| What's next, should Google be permitted to publish a ToS
| forbidding access to their services with non-Chrome browsers
| and then legally pursue other browser makers for facilitating
| the violation of their ToS?
| ganzuul wrote:
| Not if you follow the money? CA was an FB customer, weren't
| they?
| shajznnckfke wrote:
| My understanding is that CA got the data by building a free
| quiz app on Facebook's platform (I don't think FB was getting
| paid for that, correct me if I'm wrong). The difference is
| that the quiz app used Facebook's developer-facing APIs to
| access the data, whereas these Chrome extensions are
| hijacking the user agent to access the data via Facebook's
| browser-facing APIs. I don't think it makes a difference as
| to whether Facebook ought to try to stop the data collection
| to prevent the another CA-type scandal, and to protect itself
| from the resulting uproar. The fact that the extension
| developers haven't made any agreement with FB means that FB
| needs different legal tools to try to shut it down, and
| perhaps they won't succeed.
| ganzuul wrote:
| A quick search indicates they have free plans up to a
| certain number of active users and then you need to call
| them. So apparently they keep their pricing secret.
| amelius wrote:
| But what if I want to periodically scrape my facebook data to
| migrate to a different platform?
| scared2 wrote:
| You can directly request it from the platform. No need to use
| a crappy extension.
| amelius wrote:
| Yes, but that only gives me my own data. I might want to
| export events to a different platform, including which of
| my friends go to these events.
|
| Also, I might want to read my friends' posts on a different
| client.
| joshuamorton wrote:
| That very quickly veers into territory that violates
| facebook's terms of service.
| Reelin wrote:
| > tricking users into providing access to their data on
| Facebook by installing apps
|
| > same scheme with chrome extensions
|
| These are very different things. One took place via Facebook's
| own platform while the other did not.
|
| If their own platform officially allowed for third parties to
| collect user data, it is reasonable to complain about that
| being the case.
|
| If their own platform explicitly forbid collecting user data in
| such a manner but they stood by and let it happen anyway, it
| seems reasonable to object to that.
|
| I don't see how it's any of their business what a legitimate
| user does with their own data after it's been sent to them (ie
| the page loads). I suppose they could add a provision to their
| ToS disallowing such use; if a violation were discovered they
| could ban the user in question. But a third party almost
| certainly never agreed to such a ToS. It's not the existence of
| the program that violates the contract but rather a specific
| instance of its usage.
| [deleted]
| ballenf wrote:
| The gall of FB is amazing considering how recently they did the
| exact same thing:
|
| https://techcrunch.com/2019/01/29/facebook-project-atlas/
|
| That's where FB paid teens to install a root cert on phones that
| tracked every thing the users did for market research. And then
| paid them for it.
| yuliyp wrote:
| What? the Atlas thing is recording what a set of people do,
| passively. These extensions are actively scraping extra data
| from web sites beyond what the user is doing.
| fxtentacle wrote:
| Company scraping your data everywhere on the internet sues
| someone for scraping data on their part of the internet.
|
| ^_^
|
| I hope that the judge will require Facebook to stop scraping
| themselves first, before they request others to stop it, too.
| djohnston wrote:
| any sources on data that FB is scraping about you?
| monadic2 wrote:
| This has got to be a joke.
| macNchz wrote:
| Given their tracking pixels are installed on at least 8
| million websites(1), they are effectively watching everything
| you do on a large proportion of popular/commercial websites.
|
| They were also caught a few years ago asking users to "verify
| their emails" by providing Facebook their email account
| password(2), after which FB's servers logged into the user's
| email account and scraped their contacts out without warning.
|
| They also acquired a popular VPN app explicitly so they could
| comb through the users' traffic data and identify competing
| apps for acquisition.(3)
|
| In my opinion it's core to how the company has always been.
| Facebook's predecessor, or perhaps first iteration, FaceMash,
| was a hot-or-not game based on student photos scraped from
| Harvard's internal websites(4).
|
| [1] https://theoutline.com/post/4578/facebook-is-tracking-
| you-on...
|
| [2] https://www.theverge.com/2019/4/18/18485089/facebook-
| email-p...
|
| [3] https://techcrunch.com/2019/02/21/facebook-removes-onavo/
|
| [4] https://www.thecrimson.com/article/2003/11/19/facemash-
| creat...
| ccktlmazeltov wrote:
| the pixel is installed by web developers, the same way
| google analytics or any script is setup on a website.
| aeternum wrote:
| Which makes it even worse. At least with the extension
| the user is deciding to install it.
|
| In the webpage case, the web developer is choosing to
| provide the user's data to Facebook or Google (without
| the user's consent). The vast majority of people don't
| even understand how this works and think that Facebook
| can only see activity performed on Facebook itself.
| ciarannolan wrote:
| > They were also caught a few years ago asking users to
| "verify their emails" by providing Facebook their email
| account password(2), after which FB's servers logged into
| the user's email account and scraped their contacts out
| without warning.
|
| Why aren't developers in jail for this? Breaking into
| someone's email account and exfiltrating their data -
| disgusting. Clicking "OK" on a 500 page ToS doesn't get you
| out of this.
|
| I'm so sick of this criminal behavior being brushed off as
| "growth hacking", "move fast and break things", or some
| other bullshit. The people creating this garbage should
| feel some shame and face real consequences.
| paulryanrogers wrote:
| They had been scraping contacts from email inboxes and
| devices, IIRC
| yuliyp wrote:
| FB asks you explicitly if you want to upload your contacts
| as part of helping you find your friends. That's a far cry
| from "scraping your data everywhere on the internet" from
| the your grandparent post.
| pixl97 wrote:
| Not years ago they did not. Phones didn't even have
| security options to ask at that time.
| monadic2 wrote:
| Off-hand I suspect your contact book is more valuable
| than virtually anything publicly available on you. It's
| also entirely unnecessary to building a lookup-by-email
| or lookup-by-phone. I'm going to go ahead and say it's a
| much more evil practice than scraping.
| junon wrote:
| They scrape all of your contacts and create ghost profiles to
| better track connections of even people who do not use their
| services.
|
| Apple does this too. Well, did - not sure if they still do.
| gitpusher wrote:
| > Apple does this too
|
| This doesn't sound familiar. What case(s) are you referring
| to?
| crazygringo wrote:
| This is actually fascinating, legally. What are they suing them
| for? Under what law or legal principle?
|
| A maker of extensions never agrees to Facebook's ToS in the first
| place, so there's no breach of contract.
|
| It would seem that only individual users could in theory be sued,
| though obviously Facebook would never do that because of the PR
| nightmare.
|
| IANAL, so I'm really curious if anyone thinks Facebook could win
| this in court? (Regardless of whether it works by threatening to
| drown the extension maker in legal costs.)
| henryfjordan wrote:
| Looks like they are suing under breach of contract, because
| employees of the companies had FB accounts and therefore broke
| the ToS, as well as unjust enrichment. The actual complaint is
| here:
|
| https://www.scribd.com/document/478333898/Facebook-lawsuit-v...
| wolco2 wrote:
| The defense is to put in a legal bullet point that anyone who
| has ever worked or represented facebook cannot legally
| download or use this extension.
| crispyporkbites wrote:
| Hold up- so if Facebook puts any clause in their ToS, I could
| be sued by them for breaching it? I agreed to create an
| account there, but I didn't read or understand the TOS.
|
| Does deleting my account help? Or can they say in their tos
| that it's perpetual? And oops I already agreed to that)l
| [deleted]
| extra88 wrote:
| > What are they suing them for? Under what law or legal
| principle?
|
| The Computer Fraud and Abuse Act (CFAA) allows for civil cases.
| The law prohibits accessing a computer without authorization,
| or in excess of authorization. This isn't a case of users
| knowingly using a tool to scrape data for their own use, the
| users installing the extension are, at most, mules, for the
| extension makers.
|
| Alternately, maybe copyright infringement. Some of the data are
| considered facts, that are not copyrightable (even in
| aggregate, in the U.S.) but at minimum, the actual content of
| ads scraped is copyrightable. There might be a question of
| whether Facebook has standing to sue over infringement of ads
| for other businesses but their ToS may cover some non-exclusive
| copyright to shared
| [deleted]
| stanrivers wrote:
| How does the idea that while the user of the extension might
| agree, the friend group that is sharing the information that
| is being scraped has not consented?
|
| That seems to be an important difference, no?
| ummonk wrote:
| Right. It's as if it is essentially a hacking tool, since
| the user of the extension would seemingly be violating the
| FB terms of service.
| wolco2 wrote:
| The users of the extension have access granted to those
| friend groups by the owners of those groups. Through that
| access things get saved. Consent was given...
| edmundsauto wrote:
| Consent, perhaps, but not a license for using the data.
| Reelin wrote:
| Which if you think it through means that the friends
| might have legal standing to sue the _user_ of the
| extension.
|
| Not to sue Facebook or the extension author and
| definitely not for Facebook to sue the extension author.
| extra88 wrote:
| Yes, there's harm to Facebook, the other users whose data
| is scraped, and probably to organizations advertising on
| Facebook. The masses of users and organizations are
| unlikely to be aware this is going on or to be able to
| organize and sue the extension makers.
|
| These extensions are made by shitty companies using shitty
| practices to make money. If current legal frameworks aren't
| well suited to deal with it, that doesn't make them any
| less shitty.
| abeyer wrote:
| These extensions are made by shitty companies using
| shitty practices to make money by "stealing" data from a
| shitty company with shitty practices to make money.
|
| You're just a pawn sitting in the middle while the
| parties to this fight over who gets to exploit you most
| effectively. The only positive outcome here would be if
| the courts hugely overstepped their mandate and told
| everyone involved that this data shouldn't be available
| at all, you have to destroy it now.
| monadic2 wrote:
| Sure, but doesn't the TOS harm the user by restricting
| their access to their own data? Facebook might have a
| case but you can't possibly paint them as a victim here.
| extra88 wrote:
| The issue not so much the extensions scraping the
| individual user's own data (or data about them) but
| scraping data about advertisers and about other users.
|
| Facebook is harmed through resource consumption by the
| scraping, the infringement of any copyrights they hold on
| what's scraped, and potentially harmed in their
| relationship with their advertising customers and their
| users.
|
| How bad Facebook's own practices are is irrelevant to the
| issue of what these extension makers have done. Dirtbags
| have rights too.
| tzs wrote:
| > Alternately, maybe copyright infringement. Some of the data
| are considered facts, that are not copyrightable (even in
| aggregate, in the U.S.).
|
| Facts aren't copyrightable, but a collection of facts might
| be if there was sufficient creativity involved in the
| selection and arrangement of the facts.
|
| The big case on this was Feist Publications, Inc., v. Rural
| Telephone Service Co., 499 U.S. 340 (1991), where a company
| copying a telephone book was found not to be if infringing
| because the phone book was not be copyrighted.
|
| The Court ruled that there is a constitutional requirement
| for at least some minimal degree of creativity in a work for
| it to be copyrighted. In the case of a phone book, neither
| the selection criteria (everyone in this region who has a
| phone) nor the arrangement (alphabetical order by name).
|
| The Court also noted that if there is sufficient creativity
| in the selection or arrangement to support copyright, the
| copyright would be on that selection and arrangement. The
| underlying facts would still be uncopyrightable. In the case
| of the phone book, for example, that would mean that even if
| Rural had used a creative arrangement and could copyright
| that, Feist could still take all the names and phone numbers
| and produce its alphabetical phone book from them.
|
| Applying this to Facebook, it may be that they do have
| copyright in the selection and arrangement of facts that were
| scraped. Whether or not the scraper is infringing would hinge
| on what they did with those facts.
| lmkg wrote:
| The case you mention is one-half of the picture, and I feel
| it's important to mention the other half.
|
| The White Pages are not copyright-able, which is what your
| case describes. But the Yellow Pages _are_ copyright-able
| (somewhat). This is because grouping the businesses into
| categories clears the bar of "minimal degree of
| creativity" that you mention. However, the individual
| listings are still not subject to copyright so there's no
| problem with taking them and re-arranging them.
| extra88 wrote:
| > Whether or not the scraper is infringing would hinge on
| what they did with those facts.
|
| I don't think the scraping companies could mount a
| successful fair use defense so they'd definitely be found
| to be infringing and could be ordered by a court to stop.
| What damages they might pay would depend on what they did
| with the data.
| johnnyfaehell wrote:
| >This isn't a case of users knowingly using a tool to scrape
| data for their own use, the users installing the extension
| are, at most, mules, for the extension makers.
|
| I feel it's reasonable for the average person to figure that
| a plugin that pays them for using Facebook and Twitter is
| paying for the data generated from those sessions. There is
| already a case with LinkedIn where courts are allowing data
| scraping even though LinkedIn disallows it and forced
| LinkedIn to stop blocking it.
|
| I feel like this is a case Facebook should lose. Facebook
| wants complete ownership of the data from Facebook for
| marketing purposes because obviously if they're the only ones
| that have the data they have a monopoly. But preventing
| others from gathering competing data seems to be a breach of
| Antitrust. And Facebook execs will openly admit this is what
| they're doing. They've shut down multiple influencer related
| companies who completely backed down from a cease and desist
| from Facebook. And they're refusing to allow anyone to grant
| influencer agencies access to their data. This is Facebook
| telling people who they can give their data to. As well as
| Facebook saying companies can't scrape public information and
| then sell the statistics. And statistics can't be
| copyrighted.
| reaperducer wrote:
| _I feel it 's reasonable for the average person to figure
| that a plugin that pays them for using Facebook and Twitter
| is paying for the data generated from those sessions._
|
| I suspect that, to date, you've mostly met above-average
| people.
|
| The average person, in my experience, has no such
| expectation or understanding. All they know is "free
| money!"
| johnnyfaehell wrote:
| Luckily, I believe the legal standard may be a reasonable
| person would understood it. :)
| henryfjordan wrote:
| > courts are allowing data scraping even though LinkedIn
| disallows it and forced LinkedIn to stop blocking it
|
| Courts only said "If your server responds to an
| unauthenticated GET request, that's on you". Linkedin is
| free to stop providing that data or move it behind a login
| wall, they just don't want to because it helps them with
| SEO. Contrast that with these plugins that are absolutely
| accessing data behind the user's login.
|
| Also with regards to the antitrust assertions you make,
| Facebook is absolutely not required to share their data
| with anyone. People give their data to FB, FB can do what
| they want with it (as long as it's within the ToS).
| Facebook can't stop me from also giving my data to someone
| else outside the platform, but they do not have to
| facilitate that process in any way.
| johnnyfaehell wrote:
| > Courts only said "If your server responds to an
| unauthenticated GET request, that's on you". Linkedin is
| free to stop providing that data or move it behind a
| login wall, they just don't want to because it helps them
| with SEO. Contrast that with these plugins that are
| absolutely accessing data behind the user's login.
|
| Yes, exactly. Basically saying if LinkedIn was providing
| the data they couldn't block the data for specific
| people. In contrast, these plugins are collecting data
| that someone has chosen to make available to them. This
| is Facebook attempting to stop people from giving data to
| their competitors. This is anti-competitive. Overall the
| LinkedIn case said that if the user made that data
| available then that is on them. Not that it was an
| unauthenticated request, but that the data was made
| public and there was no attempt to bypass any privacy
| filters.
|
| > Also with regards to the antitrust assertions you make,
| Facebook is absolutely not required to share their data
| with anyone. People give their data to FB, FB can do what
| they want with it (as long as it's within the ToS).
| Facebook can't stop me from also giving my data to
| someone else outside the platform, but they do not have
| to facilitate that process in any way.
|
| One of Facebook's services is to provide that data to
| other services so you can use those services with that
| data. Saying no you can't share that data and not provide
| you that data in export is well, anti-competitive. This
| is saying "No, we don't want you to give those people
| that data." This is anti-competitiveness. Suing companies
| and preventing them from competing is predatory. You make
| claims that Facebook doesn't have to do these things, I
| feel like Facebook should be forced to allow these
| things. Just like we force Facebook to do other things
| like delete user data or make user data available (which
| it actually isn't doing completely last time I checked
| because you can't export your data and then have the
| exact same data on your own system.)
| [deleted]
| anigbrowl wrote:
| I'm not sure that FB has standing in this case.
| extra88 wrote:
| I bet they do. Even if most of what is scraped is more
| properly considered as belonging to their users and
| customers, I'm sure at least some of what's scraped truly
| belongs to Facebook.
|
| Even if the specific act of letting the extension run is
| the fault of each user and presumably means they each
| violated Facebook's ToS, they can probably sue the
| extension makers for bribing the users to violate the ToS.
| Reelin wrote:
| > sue the extension makers for bribing the users to
| violate the ToS
|
| That's an interesting thought. A ToS is just a (rather
| questionable, in many cases) contract. Can party A sue
| party C for bribing party B to violate a contract between
| A and B? Genuine question - I honestly don't know, but my
| guess is no.
| darepublic wrote:
| I feel like users should be having automated tools to scrape
| for their own use. Once these kind of sophisticated browser
| automation tools come out eventually Google and ilk will be
| putting out all stops to prevent browser automation and
| verify who is using the browser, their real identity and what
| they are allowed to see (and not see)
| extra88 wrote:
| > users should be having automated tools to scrape for
| their own use.
|
| I agree but that's not happening in this case.
___________________________________________________________________
(page generated 2020-10-02 23:01 UTC)