In 2016, Facebook announced they would shut down the BaaS company Parse, which they acquired less than 3 years earlier for $85 million. At the time that just did not make sense. In light of Mark Zuckerberg’s testimony to Congress, that decision seems obvious. It was the death blow to our app right at the time of finalizing development. Mark stated that they do not share user data with app developers. This was absolutely not the case in the days of Parse, when they had an API to do just that. To be clear, not aggregate data, but rather specific user data. Interestingly, Zuckerberg made a comment suggesting that he still feels that there are situations where users would want Facebook to share data between apps or sites while adamantly insisting they did not do that. And though he may have exonerated himself from that issue, Facebook does get user data beyond what users are volunteering to the site. I wanted to write this to quickly explain what a BaaS does, why they flew too close to the sun, and hit on a few security issues that I think everyone should think about. I think people generally understand there is an issue, but are not entirely clear what the issue is and I want to elaborate on the issue as I see it.
All Your BaaS Belong To Us
It would have been beautiful
“I think the mistake we made is viewing our responsibility as just building tools…”
Shutting down Parse now makes total sense. It was the Silicon Vally version of shredding documents. All these app companies had evidence of Facebook user data on databases hosted by Facebook. If sharing user data is seen as an invasion of privacy, shutting down the database that had evidence of that was and is a no-brainer. Mark said multiple times that “…we do not share user data with anyone.” That statement is only true in the present tense.
I also want to explain why other statements were incredibly misleading, especially to a non-technical Senator. Mark said he thinks about user data in two buckets: user data on your profile like name, age, favorite bands, and images that users gave Facebook. The other is anything you post to be seen by others in the feed. But there is another bucket! The dark bucket! Mark alluded to a conspiracy theory (which Reply All has a fantastic episode on titled Is Facebook Spying On You?) that posit they are using mobile phones to record personal conversations to better target ads. He unequivocally denied that. As the Reply All episode pointed out, it would probably be too much data anyway. But then, how does Facebook know that you want Charcoal Toothpaste after only just hearing about it at a random marketing conference? I didn’t search that! Or browse to a page selling it! Answer: the data trinity: location data, browsing/search history, and knowing how you are connected with people around you. I was at a marketing conference and Facebook saw several people also at that conference searching for Charcoal Toothpaste and maybe one even bought some (which is actually pretty awesome after all) so they put all that together and now you see those f*&^ing ads all over the internet until you get you some. See, Facebook has data that extends beyond what you give that site and they get it from cookies on your browser when you search on Google or shop on Amazon. It’s like a venereal disease. That little detail was left out. Facebook has given us the internet equivalent of herpes simplex 10.