Skip to content
Naked Security Naked Security

Facebook battles tiny startup over privacy accusations

Is there no end to Facebook’s petty humiliations? It is now the turn of an obscure startup called Six4Three to cause the company trouble.

Is there no end to Facebook’s petty humiliations?
Two weeks ago, CEO Mark Zuckerberg found himself having to account for his company’s behaviour to members of the European Parliament, the latest round in the Cambridge Analytica ‘apology tour’ that happened after badly-received gigs in Washington in April.
But it’s not just the big guys that Facebook is having to answer to. This week, in a sign that even small problems have become big problems, it was the turn of an obscure startup called Six4Three to cause the company trouble.
The suit’s origins lie in Facebook’s 2014 decision to shut down the Friends data API, through which users could allow thousands of third-party apps to track their friends’ location, status, and interests.
One app that fell foul of this supposedly privacy-oriented change was Six4Three’s $1.99 smartphone app Pikinis which touted the ability to find pictures of a user’s Facebook friends in their swimwear.
Tough luck, you might say, except that Six4Three launched a suit in 2015, in which it was alleged that Facebook turned off the tap as a way of forcing developers to buy advertising, transfer intellectual property or even sell themselves to it at below market value.
The change came in the wake of post-2012 worries about Facebook’s ability to generate revenue from advertisers as they switched to mobile platforms, which allegedly gave Facebook the motive to strong-arm developers.

Closing the API resulted in Facebook “holding software companies hostage.” According to court documents cited by The Guardian:

Facebook continued to explore and implement ways to track users’ location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls.

It all sounds a bit puny – a single startup suing Facebook over events years in the past. As Facebook says:

Six4Three is taking its fifth shot at an ever-expanding set of claims and all of its claims turn on one decision, which is absolutely protected: Facebook’s editorial decision to stop publishing certain user-generated content via its platform to third party app developers.

You can argue Six4Three’s allegations either way. If you’re inclined to read them through the lens of the privacy allegations that sit at the heart of the Cambridge Analytica scandal, they’re another example of the way the company perfectly understood the value of its user data and wanted to monetise it.
Alternatively, by restricting third parties, Facebook was simply reigning in risky access that privacy advocates believe should never have been allowed in the first place.
Nevertheless, in a case that has rumbled on for three years and counting, the Cambridge Analytica revelations have undoubtedly given Six4Three an unexpected new angle of attack. The fact that in 2018 Facebook is still suspending third-party apps after having a post-Analytica rethink doesn’t exactly help it defend itself against this interpretation.
Another worry for Facebook is that a series of redacted emails filed as part of the suit could be made public within days unless it can have the case thrown out on a tactical defence of free speech under the US constitution’s First Amendment.
Not that long ago, a legal suit by a company nobody has heard of would have barely registered as a footnote in a business where these sorts of cases are common.
But as Mark Zuckerberg is finding out the hard way, his company is increasingly defined by a single moment in time – before Cambridge Analytica and after it.


Didn’t this 643 company initially complain that Facebook got too _tough_ on privacy by shutting off an API that user’s didn’t like, thus making the app a wasted investment for the developers?
Has this complaint now turned around into a lawsuit alleging that Facebook was also too _lax_about privacy?
I seem to have misfigured this, can someone clarify?


My best guess is that they originally went with “terms didn’t say the API would be turned off without warning so our investment was devalued in breach of terms” and has pivoted now into “they killed the API but are still doing everything they used to justify that themselves AND the first bit”. IANAL mind.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!