Facebook let Netflix see user DMs, quit streaming to keep Netflix happy

Alleged Facebook–Netflix/Spotify DM Access

  • Thread centers on claims that Facebook let Netflix (and Spotify) programmatically access users’ Messenger inboxes via “Extended API” / “Inbox API” and “Titan API” deals.
  • Some see this as monetizing private messages and part of broader anticompetitive arrangements.
  • Others stress this was tied to specific “chat inside Netflix/Spotify” features, not random bulk sharing.

User Consent, OAuth, and Scope

  • One side argues: if users explicitly logged into Netflix/Spotify with Facebook and enabled messaging, they effectively chose to use those apps as third‑party Messenger clients, so read/write access is expected.
  • Critics counter: users reasonably thought they were just sending recommendations, not granting full historical inbox access; calling this “opt‑in” ignores dark patterns and overbroad scopes.
  • There’s debate whether Facebook’s API design (“Inbox” read permissions vs write‑only) was lazy, negligent, or intentionally expansive.

End‑to‑End Encryption Confusion

  • Timeline discussed: Netflix deal started years before Messenger’s E2E became default; earlier E2E was optional and likely rare.
  • Several note that even with E2E, the app UI can exfiltrate decrypted text, so the main trust issue is the client software, not just the cryptography.
  • Others argue if Meta can read messages, it’s not “true” E2E; some suspicion that marketing language is misleading.

Onavo and Broader Surveillance Allegations

  • Comments reference court docs and past reporting about Onavo “kits” doing MITM on HTTPS traffic to monitor competitors like Snapchat.
  • Some ex‑employees say Onavo was seen internally as “sketchy,” but awareness of full scope varied.
  • Many view these allegations, if accurate, as among the worst privacy abuses in tech.

Antitrust, Collusion, and Competition

  • Several see the Netflix deal as part of an anticompetitive pattern: Meta using privileged data and special APIs to manage threats and partners.
  • Long subthread debates whether this is monopoly behavior vs “mere” collusion, and how/if regulators should restrict vertical integration and exclusive content deals.

Privacy Expectations and User Behavior

  • Many express that “private” or “direct” messages being accessible to business partners violates basic expectations, regardless of TOS.
  • Some advocate moving to Signal or minimal online use; others worry that overreacting could kill useful interoperability and data portability.