As someone who has done a little bit of iOS development for fun, I wouldn't be surprised if this is an actual bug. There used to be 10 different ways to do the same thing inside iOS, and neither one was "correct."
Being a photo app, they probably figured out that having instant access to Camera is their top priority, and because you are allowed to access camera in the background and keep it on, there was no harm in doing so.
Of course one could also go deep and assume that Facebook is running all video through an ML that picks out faces, location, items, and whatever else they can grab around your surrounding, and then covert that into ad-intent, but however sexy that sounds from technical point, they are after all a public company and need to play by the rules. Unlikely to take on such a massive intrusion of your privacy, knowing that eventually it would get discovered.
> but however sexy that sounds from technical point, they are after all a public company and need to play by the rules. Unlikely to take on such a massive intrusion of your privacy, knowing that eventually it would get discovered.
You completely lost me here. We’re talking about Facebook, the company with a near infinite supply and history of privacy issues. Facebook has shown that rules don’t apply to it for as long as it can get away with it. Behind the scenes, it laughs at fines imposed by governments because they’re too tiny to have a material impact on the future of the company and its earnings.
> For the last 5 years, we accidentally recorded billions of people's reactions to ads as they scrolled past them, then accidentally fed that data into our ad placement algorithm.
> We're really, reallllllly sorry and promise to do better.
Wouldn't a network analysis be able to detect a difference in the amount of traffic coming out of the phone? Measure with and without Instagram installed, active, background, and given or denied camera access. If it's capturing images in the background that data has to go somewhere. Even if it batches for sending later. Another way to find out is to feed it "interesting" images with faces and objects, then compare if the camera is pointed at a blank wall for the same amount of time. If the phone is significantly noisier then you can conclude it's actually processing the images and not just dumping them to the bitbucket.
Would probably be very hard to spot that if you piggyback on normal story/image upload traffic payloads. Seems like a lot of work for something that's not really that helpful or easier to accomplish.
> Seems like a lot of work for something that's not really that helpful or easier to accomplish.
That could be said for Facebook surreptitiously uploading images by piggybacking them onto innocuous requests.
I’ve disabled the FB app’s cert pinning so I can MITM it and they really don’t seem to care about minimizing the number of requests. Tons of little logging events will be fired off separately instead of being condensed. Also, there are several unofficial Instagram apps that were developed by thoroughly reverse engineering the app’s private API. Seems unlikely that this could have evaded detection.
And just data volume-wise, it’s much harder to conceal uploading weighty images/video. Facebook and Instagram mostly just download data. A long term discrepancy in upload usage between when the app has camera permissions and when it doesn’t would be easy to spot.
I have no doubt Facebook is still doing creepy things we don't know about yet, but this particular theory just seems incredibly unlikely to me.
> I wouldn't be surprised if this is an actual bug.
Under other circumstances, yes perhaps. But in the case of a Facebook, with their complete disregard for privacy and search for more and more ways to collect data, this seems like an explicit feature implementation.
There were hundreds much worse leaks than any Facebook leak. Any credit card leak is much worse. But Facebook is an easy hatred target.
Nothing bad really happened as result of these leaks. Nobody harmed, nobody lost money, and don’t start again on that CA story which happened and fixed several years before you learned about it.
rough experience in a company with an ads department is one ought consider them like some kind of fungus - they may not have been part of a given effort to begin with, but without careful efforts to keep them away, they're bound to colonize whatever it is that gets created eventually.
Also... wouldn't the bandwidth of streaming back all that video be pretty obvious? Seems like it would take a lot of resources for data they probably already have anyway.
Agreed. No matter what advanced stenography they try to use, if the app’s upload volume increases when given camera permissions that'll be easy to spot. That alone wouldn't prove anything, but it would definitely be interesting enough to merit a deeper investigation. Jailbreaks on iOS are currently flourishing, and developing the multiple exploits needed to pull that off makes reverse-engineering the Instagram app seems easy by comparison.
Let's say that it was in fact intended as a user experience optimization, as you suggested. If you were Facebook, and you now had access to the camera's feed when it wasn't in use, would you really be able to restrain yourself from violating the user's privacy? I imagine for Facebook it would be like seeing a freshly cooked pie on a window sill.
facebook has done worse and they aren't going anywhere over privacy concerns (privacy is antithetical to their raison d'etre)
and budgeting for fines and legal fees as contingency for when pseudo legal practises that have business beneifits are discovered is standard practice in most large corporations
If they get caught they just pay a few billion in fines. They do that all the time and still turn a profit. Maybe their shadiness attracts advertisers and makes up for it in part. Criminal consequence is needed to deter them at this point.
It's noted in the article that no photos or videos were taken when Facebook inadvertently showed the camera page to the user. If they weren't capturing anything, then it really was a bug.
> If they weren't capturing anything, then it really was a bug.
That's not true. The camera could quite easily have been intentionally enabled at applciation startup in order to have simplified code or instant responses later.
You were probably downvoted for using the F word, but outside of that that, I tend to agree that camera init is slow AF.
In fact, by playing privacy-advocate games, Apple is inevitably punishing every app except their own because while they will show "This app is using your camera," I wonder if the same rules apply to their own camera usage.
Does it? I am yet to update to the new iOS because too many things break with early releases, and I've gotten tired of broken releases. But right now I can swipe my phone to the left, and get a sub-second access to my camera. There's no way it's not pre-loaded for this to work so fast.
My question is whether developers, who are not Apple, would be able to load the camera with the same speed that Apple. Does iOS load Camera in the same way that Apps do, or does iOS have access to lower-level API?
I don't have the answer, but I'd be curious to know if someone's got the know-how.
> Unlikely to take on such a massive intrusion of your privacy, knowing that eventually it would get discovered.
I don't think that's a reason for them not to do it. They could just claim it was an accident, they weren't really collecting the data, etc etc ad infinitum and most people would continue to use facebook just as they always have.
The day I uninstalled the facebook app was the day it asked for permission to read all text messages (on top of the many, many other permissions it already had). I figured the next step would be audio and video (after all, there wasn't much left to ask for at that point).
My wife, on me telling her about this, pointed the most obvious way Instagram could be using this, without storing, recording, or transmitting anything.
As you scroll your feed, they analyze your face, and use your expressions to see how you feel about a particular post. It’s like “likes” on steroids.
They already have the face detection, expression detection, etc code built into their app through the filters and those act in real time and locally. It would be super easy to redirect that towards analyzing user expressions in response to posts they may be reading at the time.
If only battery life/processing/machine learning were that good. It's possible companies would do things like this if were technically feasible, but we're a long way away (I work on camera ML at IG).
The correct answer to what is going on is Facebook's official response in the article.
Because that’s all they need. And even less than normal because you don’t need to figure out bunny ears and exaggerated smiles. Simply whether a person is smiling or not.
Can you link to me a project hat does facial sentiment analysis in an efficient way? Actually curious if it’s possible to do this without hurting battery life much.
They can always cache the data and do the processing at a later time when your device is charging and/or when you do something resource-intensive (like uploading a video, etc) to conceal the extra resource usage.
Can we please talk about the elephant in the room?
There are software engineers, designers, project managers, etc., at Facebook who implemented this bug/feature, right? Given the competitive nature of recruiting and employment at Facebook, this feature was not thrown in by accident, or as a bad joke. This behaviour was implemented as part of a bigger feature, or by itself. It was designed, prioritized, and consciously scheduled for implementation, testing, and deployment. It won against other competing ideas with respect to scheduling, budget, and fulfilling team, departmental, and organizational objective key results (OKRs).
Artifacts that mention this behaviour exist: whether it be in email chains, project-planning and task-management tools like JIRA, commit messages from version control systems like git, deployment logs, and many, many other such things.
Some of those people participate in this forum. Some others no doubt know who they are or who they could be to fair degree of accuracy. Do the rest of us care? Or, do we just point fingers like we are doing now and then go back to hibernating / feigning ignorance until the next time something like this happens again?
> Given the competitive nature of recruiting and employment at Facebook
Interviewing at FAANG is about cracking the interview and the tests; it doesn't reflect all the skills that would be relevant in the real world. You can very well be a mediocre engineer but grind Leetcode all day long and eventually pass the interview (and the reverse is also true, a lot of otherwise great engineers wouldn't be able to pass their test), so just because the code is written by FAANG doesn't mean it's bug-free or that the bugs were deemed important enough to be fixed.
>“We only access your camera when you tell us to — for example, when you swipe from Feed to Camera. We found and are fixing a bug in iOS 14 Beta that mistakenly indicates that some people are using the camera when they aren’t,” the spokesperson said. “We do not access your camera in those instances, and no content is recorded.”
Interesting to see the difference in perspectives: Reddit is jumping on that quote about it being a bug and saying it's definitely intentional, while HN is taking a more conservative approach. Personally, I always err on the side of bug/incompetence rather than maliciousness in matters like this because even Facebook isn't brazen enough to pull something this obvious.
This is just the TikTok clipboard problem all over again. Reasonable developers who've dealt with initializing APIs that are complex or not their initial forte will make decisions like "initialize the camera on app open if we need it and then pull data from it later." It's pretty trivial to make that mistake.
I wouldn't even be surprised if this is part of Instagram having a goal to make opening camera capture really fast. They've done very similar things intentionally before. [0][1]
While that final conclusion might definitely be true, have you even considered how that exact behavior may already led us to a rather nasty reality?
A reality in which many companies might regularly get away with malice by just claiming incompetence? As if that should even have any influence on their (legal) responsibilities in the first place(?)
Assuming malice does happen, and I certainly think it does, at which point would you consider this approach willful ignorance? Would it not make one actually part of the problem, instead of just an observer?
More to the point, when is personal happiness more important than discovering the truth? Is the latter not a personal responsibility to anyone, given a capacity?
You’ve sort of blown right past the word “assume” in this expression.
Assumption is what we go on when we have no proof - so, until you have proof, assume incompetence.
Making this initial assumption (effectively giving the benefit of the doubt) does not mean you should stop looking for proof/under lying reasons.
What it does is reduce the dopamine hit you get from being angered/outraged and let’s you think with a clearer head moving forward in your thinking/investigating.
I at no point said “assume incompetence and then stick your head in the sand and pretend all is fine” that’s has its own saying “ignorance is bliss”
Ah, ok - I didn’t used the word assume in my initial comment, picked it up from yours. Probably a better version would be “don’t assume malice when it can be explained by incompetence”
In Facebook’s case, assuming malice is a rational way of looking at their actions.
For instance, and this is really one of many — Facebook took phone numbers from users for 2FA, promising it’d only be used for security and... used those numbers for ads[1].
These are among the top app developers in the world you're talking about. Instagram isn't a todo list or torch app made by a 12yr old in their bedroom. Incompetence doesn't come into it.
Are you getting that interpretation from the article's text? The article says that Instagram found and is fixing a bug in iOS. That is incredibly doubtful, since they don't have the source code or OTA update mechanism for iOS. They found and are fixing a bug in Instagram code on iOS.
To be fair given the Facebook family of applications history in regards to gathering information from every source possible there isn't much reason to give them the benefit of the doubt.
Even more funny (or sad?) is people reading an article with a headline saying it's Instagram, clearly quoting Instagram as saying they'll fix the bug, and then claim Apple is at fault, despite nothing in the article suggesting that.
Yes that was indeed the case, but the twist is that even if you scrolled to the side views, the camera would still remain active. They actually had (still have?) a low power mode toggle in the settings that I believe deactivated this behavior.
For a while already I have been noticing the red "screen recording" bar on top of the screen appearing and quickly going away at random moments while Instagram is open (since iOS 13 at least). Seems to happen usually while I'm browsing photo library and/or post drafts.
Anyone else noticed that? Is it along the same lines as the camera usage bug, or maybe they are just ferociously recording app usage analytics?
The worst possibility is that IG's always recording my screen (perhaps in concert with the front camera) but successfully suppressing the bar most of the time, and only sometimes the workaround stops working so screeen recording bar shows up for a second. That would be so far from a welcome development.
I doubt it's screen recording; as far as I know no third-party app can record the screen and even if they could there's easier ways to collect analytics than record a huge video which you then need to upload & process. I'm pretty sure the red bar also appears when an app is using the microphone in the background, which would be more likely in this case.
This is fucking important. I think it's deceiving to refer to different child companies as if they are separate entities, instead of refering to the mother entity. It only benefits the corporation when this happens, not customers. I'd even call it Doublespeak or a PR strategy. Divide and conquer. The illusion of choice. Monopoly is the name of the game.
Except we’re not talking about companies, we are talking about the actual app in question. The app is called instagram and it is separate from another app called Facebook by the same company.
In my opinion, a great place to define that boundary is when you have to move to a completely separate app; unless something's majorly changed recently, you can't access the majority of Facebook or Instagram from the other app unless you end up in a WebView and login that way. At that point, you aren't using a native experience where they have the same level of access that they do from the actual app and the main issue about having the camera open isn't even relevant anymore, haha.
That isn't to say that Facebook Inc. (the parent company) doesn't have their hands in the Instagram pot, because they obviously do and it only seems natural based on their past behavior they'll integrate heavily and push way past bounds they should be allowed to. All of that said, it doesn't mean the other poster is wrong about making it known this is a problem inside of Instagram rather than in Messenger or Facebook (the app).
I understand where you're coming from; being able to deflect their transgressions on a child company and then toss it aside and rebrand when it gets too much heat isn't a way they should be able to operate; heck, I'm just as skeptical as anyone that this is just a "bug" and have personally disliked FB's practices for a while; however, it doesn't make sense to start treating all products from large companies as if they're all just one single thing. In my mind, I akin it to Google having a pretty gnarly bug in GMail, but then everyone not being able to separate it from Search; it feels like an apt comparison to me, especially since Google is just a few steps down from the nefariousness of FB in some people's minds.
My critique has less to do with bugs or with the programmers who are coding these apps, and more to do with the parasitic business models and the proprietary underlying functions and capabilities that these engineers are asked to implement by the Venture Capitalist-backed Silicon Valley-startups they work for. Or more precisely, my critique has to do with the dynamics of the corporatocracy and technocracy and how it relates to our economic system, including the effects on humanity's health and the health of our planet.
I actually agreed with you that the way Facebook and other companies abuse their acquired / spun off companies and toss them aside when it gets heated is wrong, and that it definitely has an impact on the entire tech ecosystem, including just consumers of tech; originally, you asked how you could separate apps from each other, and the only reason I included the statement about GMail was to give more insight on how I viewed the topic, but it looks like it didn't matter since only six words of my response is what you took away.
I don't think we'll be able to really have a good discourse on this since we're approaching it from two different areas of discussion, but I appreciate your response.
For those commenting that IG may be secretly and nefariously using data from the camera for business purposes; IG has a "download your data tool". It includes all the of your data that IG stores. Spoiler Alert: silently-recorded feeds from your camera are not in that dump.
Agreed, and I think this is obvious. Facebook probably has a thousand metrics of how long you spend looking at things, what you tend to look at, how likely you are to look at something different. None of this is downloadable.
Just like Facebook's "download your data" tool used to not include the companies that shared information about you... until they decided to make this public (and provide a UI to see it) and then suddenly it appeared in the data dump.
I am not saying whether the camera behavior is incompetence or malice, I am just saying that "download your data" features rarely give you all your data, both for malicious reasons (in the case of Facebook) as well as technical reasons (some data in raw form might belong to multiple individuals so you can't just give them that raw version and need to write extra code to sanitize that data which might not have been done yet so until then you would be missing that data).
sometimes my battery start draining a lot faster and my phone becomes really hot while I'm not doing anything special... not sure what is causing it yet.
Being a photo app, they probably figured out that having instant access to Camera is their top priority, and because you are allowed to access camera in the background and keep it on, there was no harm in doing so.
Of course one could also go deep and assume that Facebook is running all video through an ML that picks out faces, location, items, and whatever else they can grab around your surrounding, and then covert that into ad-intent, but however sexy that sounds from technical point, they are after all a public company and need to play by the rules. Unlikely to take on such a massive intrusion of your privacy, knowing that eventually it would get discovered.