Facebook users mistrusted apps with data long before Zuckerberg did

No, Farmville, you may NOT have access to my photos.

Thousands of pages of court documents containing Facebook’s internal communications leaked to the public on Wednesday. Reading between the lines of business bluster, you’ll find ideological clashes between executives; these dense email chains would come to shape Facebook’s future, and now reveal its blind spots.

One such oversight comes in the realm of user trust in third party apps. By contrasting a 2011 email exchange between executives, and some of Mark Zuckerberg’s own thoughts from 2012, it appears that Facebook’s users were wise to the risks of giving third party apps access to their personal data long before Facebook’s CEO was. 

For those of you who missed the Cambridge Analytica scandal, a third-party app misusing access to user data is what initiated Facebook’s current nightmarish standing in the world as a company that’s irresponsible with its users’ data, privacy, and trust. So it’s more than a little *cringe* that users apparently saw the danger of third-party apps before Mark Zuckerberg did.

In a June 2011 email exchange between Mike Vernal, then VP of product and engineering, and Will Cathcart, former VP of product management (and current head of WhatsApp), the two discuss the tradeoffs between privileging user trust vs. developer trust.

Initially, Vernal makes the argument that Facebook needs a “graduated set of enforcements” for app makers who violate rules, rather than what he later calls “a shotgun.”

Cathcart counters that Facebook needs to prioritize user trust and privacy over “developer pain.” 

As he makes an argument for this, Cathcart drops an interesting tidbit about how Facebook users’ trust in third party apps is eroding; Facebook users were already becoming more and more wary about granting apps access to their data — in 2011. Cathcart writes:

Users don’t trust apps to do the right thing. My understanding is that 56% of the time when a user sees a platform permission dialog, they don’t grant them. This has been steadily getting worse — it’s up from only 39% a year ago. Anecdotally, I’ve watched many friends and family members encounter a permissions dialog, hesitate, and —when I queried them — describe anxiety over what would happen to their account based on past negative experiences. 

It’s not clear what data Cathcart is referring to, but it is presumably internal.

Cathcart also connects this decreasing trust in the safety of apps to a lack of faith in Facebook to do anything about sketchy apps. 

“Users don’t trust us enough to handle bad apps,” Cathcart writes. “A lot of the anecdotal feedback was along the lines of: ‘I really feel that report[ing] an application will have no result.'”

Cathcart also connects this lessening of faith into the rise of spam. Here’s his whole argument:

These messages — and the data Facebook executives were aware of — stand out in stark contradiction to one of Mark Zuckerberg’s correspondences from October 2012. Zuckerberg’s email is also contained within the NBC trove, but it initially became public knowledge when the UK parliament released a portion of the internal documents in December 2018.

In October 2012, over a year after Facebook users were apparently becoming wary of third party apps, Zuckerberg didn’t really see the problem these apps posed for users’ data and security.

“I’m generally skeptical that there is as much data leak strategic risk as you think,” Zuckerberg wrote in an email. “I just can’t think if any instances where that data has leaked from developer to developer and caused a real issue for us. Do you have examples of this?”

This note has been read as deeply ironic: Fast forward to 2016, when news of Cambridge Analytica and the compromised data of what would eventually be counted at 87 million users came to light. 

It turns out that untrustworthy third party apps did indeed cause “a real issue” for Facebook — and Facebook’s users were wise to the risks before its CEO was.