Facebook let Netflix see user DMs, quit streaming to keep Netflix happy
Alleged Facebook–Netflix/Spotify DM Access
- Thread centers on claims that Facebook let Netflix (and Spotify) programmatically access users’ Messenger inboxes via “Extended API” / “Inbox API” and “Titan API” deals.
- Some see this as monetizing private messages and part of broader anticompetitive arrangements.
- Others stress this was tied to specific “chat inside Netflix/Spotify” features, not random bulk sharing.
User Consent, OAuth, and Scope
- One side argues: if users explicitly logged into Netflix/Spotify with Facebook and enabled messaging, they effectively chose to use those apps as third‑party Messenger clients, so read/write access is expected.
- Critics counter: users reasonably thought they were just sending recommendations, not granting full historical inbox access; calling this “opt‑in” ignores dark patterns and overbroad scopes.
- There’s debate whether Facebook’s API design (“Inbox” read permissions vs write‑only) was lazy, negligent, or intentionally expansive.
End‑to‑End Encryption Confusion
- Timeline discussed: Netflix deal started years before Messenger’s E2E became default; earlier E2E was optional and likely rare.
- Several note that even with E2E, the app UI can exfiltrate decrypted text, so the main trust issue is the client software, not just the cryptography.
- Others argue if Meta can read messages, it’s not “true” E2E; some suspicion that marketing language is misleading.
Onavo and Broader Surveillance Allegations
- Comments reference court docs and past reporting about Onavo “kits” doing MITM on HTTPS traffic to monitor competitors like Snapchat.
- Some ex‑employees say Onavo was seen internally as “sketchy,” but awareness of full scope varied.
- Many view these allegations, if accurate, as among the worst privacy abuses in tech.
Antitrust, Collusion, and Competition
- Several see the Netflix deal as part of an anticompetitive pattern: Meta using privileged data and special APIs to manage threats and partners.
- Long subthread debates whether this is monopoly behavior vs “mere” collusion, and how/if regulators should restrict vertical integration and exclusive content deals.
Privacy Expectations and User Behavior
- Many express that “private” or “direct” messages being accessible to business partners violates basic expectations, regardless of TOS.
- Some advocate moving to Signal or minimal online use; others worry that overreacting could kill useful interoperability and data portability.