If Facebook can't maintain a business model without selling their well-trained and dopamine-addicted userbase like a commodity, then their business model does not deserve to be maintained.
Facebook did not "sell" anything in this case. Facebook is a neutral carrier that got duped like everyone else. A malicious company used Facebook's API to ask for access to people's data and certain data about their friends, and people stupidly said yes. Should we now fault Facebook for complying with their user's wishes?
That very plainly was not the users' wishes. The users' wishes were "go away, window, I want to see my feed, yes whatever, click."
That was something that ill-informed users were effectively tricked into doing by a malicious third party who intentionally fogged up the information they gave to those users.
The fact that Facebook gathered the data to begin with is already a huge problem. If they need to do that to exist, they shouldn't exist, and this is another tiny straw on top of the huge pile of reasons why that business model shouldn't exist.
I don't care how responsible you are with all that data, you shouldn't be gathering it.
> The users' wishes were "go away, window, I want to see my feed, yes whatever, click."
Facebook will never ask you out of the blue whether you want to share your data with Cambridge Analytica. They have nothing to gain from it.
What happened is that idiots clicked on some kind of personality test (or similar) shared by one of their equally-stupid friends, the consent prompt appears as it should (and is very clear about what data will be shared) and they clicked yes. There are arguments here that these links should've been identified/marked as malicious and thus removed to begin with, but that's a separate issue.
Removing API access because some people are dumb will lead to lots of collateral damage (including towards those same idiots who expect to be able to "Login with Facebook" everywhere and are suddenly locked out of all these accounts), and will not solve the problem - malicious parties will just start asking for raw Facebook credentials or to install malicious apps/browser extensions to work around the lack of API access.
> The fact that Facebook gathered the data to begin with is already a huge problem
Which data are we talking about here? My understanding is that the data obtained by CA is data that the user explicitly put on their profile (such as photos, etc) and "friends" relationships. Ad targeting data (which is the real issue when it comes to Facebook's data collection) was not included.
---
My worry here (and the reason for the relatively harsh language) is that this lawsuit will set a precedent and give arguments for platforms to restrict API access even more and hurt potential competition as well as impose annoying & unnecessary barriers to users who know what they're doing. We already have this issue with banking where some banks insist on using a hardware 2FA device to protect against scams, and it's not really effective because people are stupid enough to use the 2FA device over the phone with a scammer despite the bold warnings about not using it over the phone printed right on the device itself.
