The "break fast and move things" mantra isn't black and white, nor is it universal. It is a general alignment that, at the high level says, don't be afraid to make calculated mistakes but be prepared to quickly respond to feedback and those mistakes as appropriate.
That means a privacy or a security issue will be tackled with the utmost urgency--we would even shut down the site if we didn't have a quick fix for a security/privacy bug. However, if one of the Timeline aggregations isn't working or if a particular text box is not aligned, then we will fix it with the next release (usually in another day or half).
So it's not true that "move fast and break things" means "it's OK to introduce privacy/security holes" or even "it's OK to release shitty products". It just means we push early and push often.
Yes, you are not misunderstood, there is no need to clarify/interpret this slogan for us. The OP is saying that some mistakes are irreversible. Say, for example, a buggy privacy feature which -- because of fast and loose implementation -- allows users to see previously very private nude pics of a celebrity which he/she had only sent to their partner.
Even if it took only 30 seconds to find the error and the entire site was unplugged from the web so you could fix the bug, the damage is done, it's permanent and it's devastating. Facebook is crossing the line from failures being trivial to failures being potentially catastrophic. Sad, perhaps, by the standards around here, but some people conduct their lives on Facebook -- encouraged by Facebook to do so, mind you -- and you guys are treating it a little more seriously than a hackathon, from the sounds of it.
I feel that this kind of criticism is out of place, since Facebook has been working this way (successfully) for almost a decade without anything like that happening on a great scale.
Yes, mistakes can happen and they do happen everywhere, but Facebooks standards seem quite reasonable to me and they must be, since such mistakes would not be tolerated by its users.
Anyways, I doubt that Facebook ever encouraged its users to upload nude pictures. Whoever does this must be out of his/her mind.
Being able to cluster similar faces together and ask me in a single question "We think this is Jon Smith. [Correct] [Incorrect]" so I can tag my entire album in one click, would be powerful and something I'd want, since my album of 100 photos probably only has 2 or 3 people in it anyway.
The parent asked why you weren't /selling/ call options. So if the premiums were high, then you would be making a larger margin. Perhaps you confused it with buying puts?
Just curious, how much Google stock does she have, and does that affect what strategies she can pursue with Yahoo? i.e. it may encourage a more cooperative stance with Google than a competitive one, even if the latter is better for Yahoo individually.
1. Is it bad (or unfair) for the IRS to use technology to fight tax fraud? I mean, every dollar not collected from a tax evader is an extra dollar that must be collected from a law-abiding citizen. It sucks for the person with the pool, but if it means lower taxes for everyone else, I think that would be a good thing.
2. Google Maps is public, but what obligations does Facebook have to reveal photos that are posted privately (i.e. to friends), to law enforcement?
1. No, its not bad. I was not looking at the issue from "right" or "Wrong" perspective. This is only one example. I am sure there are others.
2. Unfortunately, its not even up to the judge to determine "obligations". Companies that grow as big as Facebook tend to turn evilish. ATT is a private company with healthy profits; your phonecalls suppose to be private and you pay ATT for delivering of service, but yet you have NSA and others involved, where the Government publicly saying "yes we listen everything, we OCR your conversations looking for terrorism, we record everything in our trillion terabytes storage center". Skype is private too but its been known they are or may be listening too.
To think that profits-seeking revenue-troubled Facebook will not want to look for additional ways of making money such as selling your data to government is naive. I really can imagine, sooner or later, an official set aside budget that Govetnment will come up with that will be spend only on asking Facebook for full access to their databases. Who knows, perhaps this is they way FB will turn profitable-healthy. Guess the question would be if that, hopefully, will finally scare ppl off of using it.
It seems obvious, to me, but I guess I'll spell it out:
Facebook wants access to your email so badly that they're willing to steal it. This is, in my opinion, among the worst things they've ever done for user privacy (and security, but mostly privacy in this case), in a long list of subtle, and not-so-subtle tactics.
It also has very real security consequences. The automatic contact list updates for potentially millions of users means that sensitive information is likely flowing into facebook servers as we speak, without users knowing it. Passwords, medical information, company secrets, who knows what else? Someone who trusts facebook enough to use it for social interactions might not trust them enough to know about their medical conditions, proprietary company data, passwords for other sites, etc. Facebook took away that privilege for many people with this change.
All that said, here's what's important: This does nothing good for users, and a few bad things. The fact that facebook made this change, knowing that the vast majority of users were not interested in using facebook email thus far, tells us that facebook thinks first of facebook. Even if there were no privacy or security concerns, what the user wants wasn't even in the equation, when facebook did the math on this.
Why would that sensitive information start flowing to people's @facebook.com email addresses automatically when Facebook changed the email address shown on the site?
Wait, seriously? People are using websites where the password reset emails are being sent from somebody's Droid phone? I think you've gotten a little carried away.
I said nothing about password reset emails. I come from an IT background. I can't even count the number of times I've sent temporary passwords over email to co-workers, customers, etc., including from my phone. If something can be sent via email, it will be, and when the numbers are in the millions...there's a lot of data that people consider private.
Maybe a phone call to communicate a password would be better. Not as convenient of course, but security and convenience don't often go together. That assumes your voice provider isn't recording the call.
Frustrated voice fades in, "Right, capital L. No, slash, not backslash. The one that's leaning to the right. Bottom-left to top-right. By the shift key. On your phone? I'm not sure where it is on your phone's keyboard. Ohh, you got it? Ok, the rest is lowercase..."
Sometimes an email or text is better for everyone. But I always split up the info between two bands. Most info in an email and a SMS for the password. Or just have them change it after they log in.
Sure, sometimes that's what you need to do. But, other times, if you know you're sending to a trusted server, such as your own company server that you manage yourself (or people who are trusted manage), it's deemed acceptable to send passwords via email. The problem here is that facebook has introduced a new vector.
It's low grade evil; but low grade evil multiplied by millions starts looking like more serious evil. Just like low grade incompetence begins to cause serious harm when it is inflicted on millions.
Ever seen sites with the ability to connect via Facebook? It often grants said site(s) with the user's Facebook primary-email. Now all personal emails, including password recoveries, are going through Facebook for said site(s).
I'm having a hard time imagining a scenario where a site would send some information via email but that same information would not be available to anyone logging in via the web interface. But whatever.
You seem to lack imagination when it comes to nefarious deeds, which is fine; unfortunately, facebook does not lack imagination in this area (and in fact, one could argue this is a core belief at facebook, since it was founded upon a hacking incident wherein Zuckerberg borrowed student data).
They desperately want your email...they don't want it because it's cool to be an email provider. They want it because they intend to use it. The point isn't what specific piece of data they'll get from it (though passwords will be among that data--as a mail server administrator of 15+ years I can assure you of that); the point is that it's simply evil for them to interject their servers into the path via deceptive means.
Example: http://i.imgur.com/khYDf.png
I'm a page owner (130k+ fans).