Link to the CIR, who got the documents unsealed.

This is revolting. Facebook literally preyed on children, even calling them "whales" - a term usually used by casinos and F2P games for willing big spenders.

In a just world, we would see Zuckerberg resigning, or being dismissed by the board.
posted by NoxAeternum at 12:08 PM on January 25, 2019 [23 favorites]

Oh, that's too good for Zuck!
posted by Goofyy at 12:14 PM on January 25, 2019

Zuckerberg still owns more than 50% of votes, so the board won't be firing him any time soon.
posted by Yowser at 12:14 PM on January 25, 2019 [2 favorites]

In a just world, we would see Zuckerberg resigning, or being dismissed by the board.

In a just world, a group of preschoolers would be given unfettered access to Zuckerberg's bank accounts.

Then he'd be dismissed by the board.
posted by Gorgik at 12:15 PM on January 25, 2019 [48 favorites]

>In a just world, we would see Zuckerberg resigning, or being dismissed by the board.

In a just world we'd see him obliged to struggle to stay employed, and to lie awake nights worrying about health insurance, like all the rest of us. He's worth 54 billion dollars, what possible difference could it make to him if he resigned? I'm afraid we're a lot further removed from a just world than that.
posted by Sing Or Swim at 12:28 PM on January 25, 2019 [30 favorites]

I gave up FB years ago, I've got most of my foot out of the door with Twitter, but I'm still in the WhatsApp/Instagram universe. I really need to find some alternatives and just leave and if that means I lose out on a social media part of my lifee because friends and family refuse to join me, so be it. I'm so sick of Facebook and all of its evil. Fuck Zuck.
posted by Fizz at 12:30 PM on January 25, 2019 [2 favorites]

Mark Zuckerberg gives the best-case scenario for Facebook. Here’s the worst case.
posted by 1970s Antihero at 12:31 PM on January 25, 2019 [5 favorites]

Friendly fraud, in practice, is an all-too-common horror story circulated among Facebook-using parents around the world.

Is it something different in theory, or is that just an awkward segue?

Are there any historical parallels that might establish a precedent on what Facebook's liability would be? The only thing that comes to mind is premium phone lines that either charged per minute, or per call. I remember The Box where callers got charged $2-$4 a call for picking a music video to be added to the queue. I'll admit I ran up a bill when I found that as a child.

From the CIR link: As he played, he occasionally clicked on a corner of the screen that gave him more abilities, such as magical items, or new ninja attacks for his character. It didn’t ask if he wanted to pay for it, or let him know that his mom’s credit card was being charged.

“There was no indication he was spending money,” Bohannon said. “So, 20 minutes later, I rechecked my credit card statement online. And sure enough, there was another $19.99 charge from Facebook.”

Wow. Premium currency is scummy enough, but all the shops I've seen are up front about how much they charge. I hope the developers and Facebook get roasted for that.
posted by dragoon at 12:34 PM on January 25, 2019 [4 favorites]

To better explain what happened - Facebook was finding that they were seeing high chargeback rates - around 10%, where 2% is usually grounds for a credit card company to pull a merchant account. So they look into it, and what they find is that the chargebacks are over kids unknowingly buying micro transactions, because there were no pop-ups saying that this was an actual purchase.

So, the FB devs do the right thing to start, testing basic confirmations, making users give part of the credit card number to confirm. It works, kids aren't able to charge as easily. Problem is, it also makes adult users think twice as well. FB, refusing to leave money on the table, then decides to go the absolute other direction - remove the confirmations, actually instruct game devs to not worry about what they called "friendly fraud", and set up a system to automatically dispute chargebacks to make it harder for parents to get their money back.

It was literally choosing to be evil just for some extra money.
posted by NoxAeternum at 12:37 PM on January 25, 2019 [96 favorites]

Facebook: literally choosing to be evil
posted by Fizz at 12:52 PM on January 25, 2019 [11 favorites]

Dear Corporate Counsel, when I discuss one of our products in an internal memo, should I call it "Friendly Fraud"?
posted by Nelson at 1:02 PM on January 25, 2019 [22 favorites]

I will answer that one pro bono: yes, because it makes enforcement actions that much easier, thereby saving you tax dollars!
posted by praemunire at 1:21 PM on January 25, 2019 [9 favorites]

Just to be clear, Facebook isn't calling their own practices "friendly fraud." That's the term for requesting a chargeback on a charge you did knowingly authorize (for purposes of argument here, if you're letting your kids mess around on a platform with stored payment credentials, that's on you). So the memo is paying "don't stop customers from perpetrating 'friendly fraud' on their credit card providers," not "we are committing 'friendly fraud' on our customers."

Not that that makes them any less shitty.
posted by prize bull octorok at 1:37 PM on January 25, 2019 [9 favorites]

Back when the FTC was making examples out of COPPA violators, independent app developers were ruined by fines in the hundreds of thousands of dollars for allowing third-party advertisers to collect information on minors.

It seems unreasonable that Facebook can steal money from kids' parents, knowing they are kids, and not be introduced to a similarly sized boomstick.
posted by RobotVoodooPower at 1:55 PM on January 25, 2019 [8 favorites]

While it turns my stomach to say anything that smacks of defending Facebook, I'll note that in online technology there are many places where there's known potential for abuse but where attempts to prevent that class of abuse at the layer you're working with do more harm than good. So I actually find it more than plausible that as bad as it sounds the presentation associated with "Friendly Fraud — what it is, why it’s challenging, and why you shouldn’t try to block it" might have been saying something that isn't, of itself, heinous, like "This is why your efforts to try to block it wouldn't really work and why the obvious things you might try in an effort to block it would create problems".

None of this is to let Facebook off the book for countenancing, profiting from, and probably encouraging friendly fraud, just a note that that line, of itself, doesn't seem "particularly damaging" to me.
posted by Zed at 2:29 PM on January 25, 2019 [2 favorites]

Sorry, but no. If you read the CIR reporting, the reason that Facebook abandoned adding pop-ups and verification was because they found that the friction of verification not only stopped kids, but also gave adults pause:

Facebook launched an analysis to determine what was happening with Angry Birds. It found that in nearly all cases, about 93 percent of the time, it was because the credit card holder didn’t realize the game was charging their account.

“In nearly all cases the parent knew their child was playing Angry Birds, but didn’t think the child would be allowed to buy anything without their password or authorization first (Like in iOS),” a Facebook employee wrote.

The average age of those playing Angry Birds was 5 years old, according to Facebook’s analysis.

Then the employee wrote what is a common theme throughout the unsealed documents,

“If we were to build risk models to reduce it, we would most likely block good TPV.”

“TPV” is total purchase value, also called revenue.

If Facebook tried to stop children and their parents from unwittingly spending money, it would hurt the company’s revenue.

Their policy was akin to a convenience store saying "we won't card people buying alcohol, because that would prevent some legitimate purchases." It is atrocious, reprehensible, and shows the diseased culture at Facebook.
posted by NoxAeternum at 2:39 PM on January 25, 2019 [40 favorites]

I wasn't claiming Facebook wasn't being heinous, but that the article's quote in isolation didn't establish that. You (NoxAeternum) are providing much better reporting than the article did.
posted by Zed at 2:45 PM on January 25, 2019 [2 favorites]

prize bull octorok> [Friendly fraud is] 'the term for requesting a chargeback on a charge you did knowingly authorize (for purposes of argument here, if you're letting your kids mess around on a platform with stored payment credentials, that's on you). So the memo is paying "don't stop customers from perpetrating 'friendly fraud' on their credit card providers," not "we are committing 'friendly fraud' on our customers."'

I disagree with your summary. What you're describing is FF-CB. The fraud in this case might better be called "familial fraud." The fraud is perpetrated by the child by making unauthorized use of the parent's credit card. Facebook & the developers wanted that to continue, but the chargebacks were a real problem because banks can raise processing fees or cancel a merchant account completely.

If they'd been more generous with refunds (and made requesting them less confusing and given receipts for more than only 1/2 of purchases) so parents didn't have to request a chargeback, they could have allowed FF to continue.

Exhibit K is just the talking points for a presentation which was not unsealed. It mentions (but doesn't define) FF refunds, FF CBs, FF minor & FF adult. It also mentions"malicious" fraud in contrast to "friendly." I can't believe there's a question "When do we refund for it?" under Malicious. Always! Why the fork wouldn't they refund for a stolen credit card number?

By the way, if you've had a card number stolen and don't know how, it might not be the shady e-commerce site you shopped at trying to steal your money, but just serving up analytics or ads in the purchase flow that came from somewhere infected with magecart [previously]. I had a card number stolen last year, cancelled & reissued, then had *that* number stolen two months later. Thought it was a shady hotel desk person and I'm glad I didn't accuse them!
posted by ASCII Costanza head at 4:40 PM on January 25, 2019 [3 favorites]

Why the fork wouldn't they refund for a stolen credit card number?

When they don't want to double up on a refund because there's an active chargeback case and the refund might automatically be taken out of their merchant account by their bank?

I'm not sure what you're getting at here, it just looked to me like people were reading "friendly fraud" as some sort of incriminating colloquialism that Facebook made up, when it's a thing with a very specific meaning.
posted by prize bull octorok at 4:53 PM on January 25, 2019 [2 favorites]

Yes, according to Wikipedia:

Chargeback fraud, also known as friendly fraud, occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services.

(Apparently "friendly fraud" is a reference to "friendly fire" - that is, it's a kind of fraud that comes from the customer themself, rather than from someone else who's using the credit card without permission.)

The problem for Facebook and game developers is that it's very difficult to tell whether a "my kid did it" refund request is really just an adult who bought some kind of "virtual good", used it to play their game, then changed their mind later (and possibly got their kid to take responsibility when the credit card bill came in). Personally I have no sympathy for them at all, because I hate these kinds of microtransaction-based exploitation schedules called "games" and wish they would go away, but some of what Facebook says does make a bit more sense in that light.
posted by A Thousand Baited Hooks at 9:44 PM on January 25, 2019 [2 favorites]

Look, we can see why they did it, but it's still pretty heinous. The analogy to carding for liquor purchases is pretty apt, I think. It is not ethical to deliberately allow the victimization of large swaths of your customer base just because you might also shut out a portion of your legitimate business if you took steps to prevent that victimization.
posted by Anticipation Of A New Lover's Arrival, The at 6:26 AM on January 26, 2019 [4 favorites]

I'm not thrilled that this was allowed to be sealed in the first place, and seriously wonder how many other damaging practices corporations of all stripes have been hidden because a judge ordered it to be so. Certainly it may hurt a business if the public finds out they have been engaging in despicable practices, but isn't this how a 'free market' is supposed to work?
posted by el io at 12:19 AM on January 27, 2019 [1 favorite]

And because preying on kids is okay at Facebook:

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

They continue to find new ways to lower the bar.
posted by NoxAeternum at 6:55 AM on January 30, 2019 [1 favorite]

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app.

We got several letters from Google offering us I think $50 per month to let them mine all of our data from our home router. It was tempting, since goodness knows they're already taking a lot for free.
posted by hydropsyche at 6:59 AM on January 30, 2019

Also, two Democratic senators are asking Facebook to explain themselves regarding microtransactions:

Two Democratic senators have asked Facebook CEO Mark Zuckerberg to explain why the social network apparently "manipulated children into spending their parents' money without permission" while playing games on Facebook.

"A new report from the Center for Investigative Reporting shows that your company had a policy of willful blindness toward credit card charges by children—internally referred to as 'friendly fraud'—in order to boost revenue at the expense of parents," US Sens. Edward Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote in a letter to Zuckerberg today. "Notably, Facebook appears to have rejected a plan that would have effectively mitigated this risk and instead doubled down on maximizing revenue."

posted by NoxAeternum at 7:49 AM on January 30, 2019 [1 favorite]

And in response to Facebook's agreement violating data harvesting app, Apple has revoked Facebook's enterprise signing certificate:

Apple has shut down Facebook’s ability to distribute internal iOS apps, from early releases of the Facebook app to basic tools like a lunch menu. A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release “dogfood” (beta) apps have stopped working, as have other employee apps, like one for transportation. Facebook is treating this as a critical problem internally, we’re told, as the affected apps simply don’t launch on employees’ phones anymore.

The shutdown comes in response to news that Facebook has been using Apple’s program for internal app distribution to track teenage customers with a “research” app.

Short version: Apple has eviscerated Facebook's iOS development because of their data harvesting.
posted by NoxAeternum at 10:05 AM on January 30, 2019 [2 favorites]