HN Distilled

Essential insights from Hacker News discussions

Some users have noticed settings that let Meta analyze and retain phone photos

Original Article

Hacker News Discussion

Here's a summary of the themes from the Hacker News discussion, with direct quotes:

App Permission Abuse and User Scrutiny

A central theme is the concern over how apps, particularly those developed by Meta (Facebook, Instagram, WhatsApp), request and potentially abuse permissions, especially access to the photo library. Users express a deep distrust of these companies and a desire for more granular control and transparency.

  • "I’d highly recommend never granting any app full access to your photos." - cj
  • "One issue with permissions is that they apply to the entire app, including any third-party dependencies. Lots of apps use libraries given to them by advertising services -- they notoriously exploit permissions given to the app." - loumf
  • "The problem is people have to actually do this, and it's cumbersome." - const_cast
  • "Meta, on the other hand, has every incentive to scan my whole library, and I assume they would. So even though it makes posting to Instagram much more painful, I selectively limited photo library access for Instagram." - turnsout
  • "Meta abuses permissions when given? Shocked, I am SHOCKED I tell you." - rootnod3
  • "Meta is by far the most shamelessly insensitive tech giant. They must actively seek out the most morally depraved devs, I can only imagine the people in those meetings when discussing some of these implementations must have been laughing at how devious they are." - workaccount2
  • "Facebook has been doing this for well over a decade. I once got a notification from the Facebook app, 'Do you want to share this photo with Kim?' because Kim was just randomly in the distant background of a photo I had taken of my daughter at kindergarten drop-off. I deleted the Facebook app that day and I make a point to never give any social media app access to my photo library." - jkubicek

iOS Photo Access Controls and Their Usability

The discussion frequently touches upon iOS's photo access controls, specifically the "Limited Access" feature and the system photo picker. While these features are generally seen as improvements for user privacy, their usability and implementation by app developers are debated.

  • "This should be a non-issue if you use Apple’s privacy settings to limit Facebook to only have access to the photos you want to use." - cj
  • "Apple should improve the UI of this photo selection because it’s very cumbersome to scroll and select the same photos twice." - gessha
  • "Agreed. The feature set is in desperate need of the search option both on approved photos and when attempting to approve additional photos. Very often I have to go into the photos app, find the photo, make a mental record of approximately where it is in history and scroll scroll scroll. Obnoxious and cumbersome." - Clent
  • "IME giving it 'limited access' works well; you can save anything without issue." - vladvasiliu
  • "Not really, given WhatsApp could be theoretically keeping a local copy and the operating system can't really do anything about it. It would also be a pretty weird case to code. Imagine writing an app where if you tried to save a file, you couldn't immediately access it afterwards." - gruez
  • "It works fine in other apps such as Signal and even Teams. I don't really want Moxie or MSFT to have persistent access to any part of my personal photo album either, no matter how good they say they'll be." - skylurk
  • "The only feature request I have is to be able to scope app permissions to an album, since the current flow of selecting individual photos adds a lot of friction." - jamwil
  • "There is no need for apps to access the entire camera roll just so I can select one photo to use with that app. I know that that’s partially implemented with the limited photo access now, but it’s confusing from a UI perspective and I don’t understand why this isn’t the default." - AndroTux
  • "It allows you to select which photos an app has access to, and I doubt anybody uses it more than once because of how many taps it takes to include a new photo. Unless I'm missing something." - privatelypublic
  • "That’s not a OS limitation, this is a UX dark pattern from WhatsApp that they've purposefully added to make the UX terrible to push people into granting 'Full Access'." - Zanfa
  • "Maybe one thing we can agree on is that if apps have to opt-in to the API that's better for users, then we can also blame Apple." - hombre_fatal
  • "Apple actually has a great API for selecting a single photo in a privacy-respecting way which does not give the developer access to the library at all. But oddly, there is no corresponding API for safely saving or updating a photo in the library. So if your app involves editing a photo, you can't use this API." - turnsout

The Ubiquity and Necessity of WhatsApp

Despite privacy concerns, WhatsApp's dominant position in global communication is a recurring point, making it difficult for users to abandon it.

  • "There is no reason they paid so much for it. In a lot of the world, they’re essentially required." - lazide
  • "Contortion: And next to impossible to get rid of. I would much rather use Signal but convincing even privacy-conscious people to switch is an uphill battle." - Contortion
  • "My whole family switched and hasn’t missed whatsapp. That said I am still stuck on whatsapp, it is basically the only messaging app people use in a lot of the world and used by a ton of businesses." - mrbombastic
  • "I need whatsapp to communicate with global KOLs for work." - randycupertino
  • "By definition they are social apps, so it's not usually up to just individuals whether to use them. For example if I stopped using what's app I'd cut myself off from the majority of my friends and family." - awesan

App Store Review and Developer Responsibility

There's a sentiment that Apple (and by extension, Google) could enforce stricter guidelines regarding permissions and app behavior during the app store review process.

  • "The solution is just straight up banning apps from the app store which request full photos permissions but only need a picker. Just make that part of the developer terms and start banning low hanging fruit and the apps will confirm in no time." - const_cast
  • "True, and this could maybe be solved by better app store review. Every app submitted to the app store is reviewed by a human for approval. The reviewers could apply more scrutiny to photo permissions and reject apps whose permissions aren't justified." - dgs_sgd
  • "DFXM12: This is probably not true. If it is, if your ties are so weak that they rely on an app, maybe it is ok to let them go and seek stronger social ties elsewhere." - dfxm12
  • "Apple should also stop letting apps know that we have given them a limited photos or contacts list: Telegram refuses to work if you provide it with just 1 dummy contact." - Razengan

Broader Concerns about Meta's Business Model and Ethics

Beyond specific permission abuses, the discussion highlights fundamental criticisms of Meta's business model, ethical practices, and its impact on society.

  • "The truth is, Meta isn’t building community, it’s building a surveillance hellscape where every click, glance, and pause is commodified. If you work there and still believe you're doing something good for the world, you're either delusional or willfully blind." - kjok
  • "Zuckerberg: Yeah so if you ever need info about anyone at Harvard. Zuckerberg: Just ask. Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS... Zuckerberg: people just submitted it. I don't know why. They "'trust me'" Zuckerberg: Dumb fucks." - gmd63 (referencing early Facebook practices)
  • "Meta isn’t just crawling your photos. If you gave it permission not just “While using the app” to anything, it’s gathering up metadata about you and sending it home. Contacts, emails, location, imei, photos, video exif, browser history if you happen to open a mini-safari view from an ad, app usage statistics, your IP address, your device information, anything they can gather - they are." - reactordev
  • "If you're not paying for it, you are the product." - frasermarlow
  • "Even if you are paying for it, you are still the product (I guess "a" product). Meta (or whoever) is not going to give up revenue streams just because you're giving them money too. Realistically, for consumer products like this, preventing user tracking and data collection would have to be legislated and enforced." - dfxm12
  • "Some of those data brokers have no qualms with breaking cybersecurity laws either." - reactordev
  • "It’s my strong opinion that the only methods you’ve seen to this point[3-7] were deliberately chosen to be ones that don’t work, and make things worse in the long run." - mikewarot

Alternative Workarounds and Strategies

Users discuss various manual workarounds and behavioral changes to mitigate privacy risks, such as using copy-paste, the web browser version of apps, or isolating work-related apps.

  • "My solution to this is to go Photos -> share photo -> whatsapp. Instead of starting from whatsapp" - ozgrakkurt
  • "What I do is open the photos app and then either copy & paste into the whatsapp message field or use the sharing dialog to share a photo / video on whatsapp. I guess that would also work for the files app. It’s extra steps but it’s worth it for me." - orthogonal-wren
  • "I have a whole separate Android profile to maximise it's separation from anything and everything else." - BLKNSLVR
  • "I use WhatsApp via browser. It's a fight (e.g. you have to force desktop layout) and clearly something they'd prefer you didn't do but ... it's usable." - ethagnawl
  • "I use it every time. The alternative is to give Meta access to your whole photo roll, which… they will obviously abuse, whatever toggles you set, right?" - bee_rider
  • "The iOS you can... (1) Choose no permission... (2) Copy and Paste photos... (3) Choose 'only selected photos'... (4) Choose 'all photos'..." - greggman65
  • "The copy/paste feature is underused on iOS. These days if an app needs access to a photo, I try to determine whether the app uses the system photo picker (which doesn't need the app to have photos permission). If it doesn't I simply use the Photos app to copy a photo and then paste afterwards." - kccqzy