Facebook: another routine scandal

From today’a New York Times:

SAN FRANCISCO — On the same day Facebook announced that it had carried out its biggest purge yet of American accounts peddling disinformation, the company quietly made another revelation: It had removed 66 accounts, pages and apps linked to Russian firms that build facial recognition software for the Russian government.

Facebook said Thursday that it had removed any accounts associated with SocialDataHub and its sister firm, Fubutech, because the companies violated its policies by scraping data from the social network.

“Facebook has reason to believe your work for the government has included matching photos from individuals’ personal social media accounts in order to identify them,” the company said in a cease-and-desist letter to SocialDataHub that was dated Tuesday and viewed by The New York Times.

Could reality be catching up with Facebook?

This — from Bloomberg — is interesting:

Facebook Inc. hasn’t been able to do anything right — except when it comes to making money, where it could do nothing wrong.

That changed on Wednesday, when the company posted disappointing growth in revenue, profits and the number of visitors to its digital hangouts. Results are still stellar by the standards of most companies, but investors in fast-growing technology companies react badly when their high hopes aren’t met, as Netflix recently found out. Facebook hit a record stock price on Wednesday, but after the release of its financial results, its shares dropped a stunning 24 percent in after-hours trading.

And no wonder. The company’s financial results, and especially its glimpse into a more pessimistic financial future, were utter disaster for investors. If what the company predicts comes to pass, the internet’s best combination of fast revenue growth and plump profit margins is dead. All at once, it seemed, reality finally caught up to Facebook.

Well, among other things (including plans for its very own earth-orbiting satellites), those 20,000+ content ‘moderators’ have to be paid for somehow.

Zuckerberg for Pope?

Roger McNamee, an early Facebook investor who has been sounding the alarm about the social media giant since the run-up to the 2016 presidential election, is not letting up.

In an interview with the Mercury News, McNamee talked about why he thinks Facebook should be reined in — and possibly broken up.

“It is no exaggeration to say that the AT&T consent decree planted the seed for Silicon Valley,” McNamee wrote. “One of the many fundamental patents in AT&T’s huge portfolio was the transistor. The combination of freely licensable patents and restrictions on AT&T’s ability to enter new markets enabled entrepreneurs to create today’s semiconductor, computer, data communications, mobile technology and software industries, among others.”

McNamee told this news organization that the changes Facebook is making now don’t go far enough, and that “nobody can make them” enact change that would truly address the myriad problems with the platform, including possible manipulation of Facebook’s massive number of users.

“There are 2.2 billion people on Facebook each with their own ‘Truman Show,’ ” McNamee said. “Everybody has their own set of facts.”

In addition, he takes issue with the attitudes of Facebook’s top executives.

Facebook is “almost the same size as Christianity,” McNamee said. “When you are presiding over the largest interconnected organization in the world, that gets to your head after a while.”

Zuckerberg for Pope?

Facebook’s Terms & Conditions in human-readable form

This morning’s Observer column:

One of the few coherent messages to emerge from the US Senate’s bumbling interrogation of Mark Zuckerberg was a touching desire that Facebook’s user agreement should be comprehensible to humans. Or, as Republican Senator John Kennedy of Louisiana put it: “Here’s what everyone’s been trying to tell you today – and I say it gently – your user agreement sucks. The purpose of a user agreement is to cover Facebook’s rear end, not inform users of their rights.”

“I would imagine probably most people do not read the whole thing,” Zuckerberg replied. “But everyone has the opportunity to and consents to it.” Senator Kennedy was unimpressed. “I’m going to suggest you go home and rewrite it,” he replied, “and tell your $1,200 dollar an hour lawyer you want it written in English, not Swahili, so the average American user can understand.”

Since Zuckerberg’s staff are currently so overworked, the Observer is proud to announce that it has drafted a new, human-readable user agreement that honours Zuckerberg’s new commitment to “transparency”. Here it is…

Read on

Fixing Facebook: the only two options by a guy who knows how the sausage is made

James Fallows quotes from a fascinating email exchange he had with his friend Michael Jones, who used to work at Google (he was the company’s Chief Technology Advocate and later a key figure in the evolution of Google Earth):

So, how might FB fix itself? What might government regulators seek? What could make FaceBook likable? It is very simple. There are just two choices:

a. FB stays in its send-your-PII1-to-their-customers business, and then must be regulated and the customers validated precisely as AXCIOM and EXPERIAN in the credit world or doctors and hospitals in the HIPPA healthcare world; or,

b. FB joins Google and ALL OTHER WEB ADVERTISERS in keeping PII private, never letting it out, and anonymously connecting advertisers with its users for their mutual benefit.

I don’t get a vote, but I like (b) and see that as the right path for civil society. There is no way that choice (a) is not a loathsome and destructive force in all things—in my personal opinion it seems that making people’s pillow-talk into a marketing weapon is indeed a form of evil.

This is why I never use Facebook; I know how the sausage is made.


  1. PII = Personally Identifiable Information 

Facebook is just the tip of the iceberg

This morning’s Observer column:

If a picture is worth a thousand words, then a good metaphor must be worth a million. In an insightful blog post published on 23 March, Doc Searls, one of the elder statesman of the web, managed to get both for the price of one. His post was headed by one of those illustrations of an iceberg showing that only the tip is the visible part, while the great bulk of the object lies underwater. In this case, the tip was adorned with the Facebook logo while the submerged mass represented “Every other website making money from tracking-based advertising”. The moral: “Facebook’s Cambridge Analytica problems are nothing compared to what’s coming for all of online publishing.”

The proximate cause of Searls’s essay was encountering a New York Times op-ed piece entitled Facebook’s Surveillance Machine by Zeynep Tufekci. It wasn’t the (unexceptional) content of the article that interested Searls, however, but what his ad-blocking software told him about the Times page in which the essay appeared. The software had detected no fewer than 13 hidden trackers on the page. (I’ve just checked and my Ghostery plug-in has detected 19.)

Read on

“The business model of the Internet is surveillance” contd.

This useful graphic comes from a wonderful post by the redoubtable Doc Searls about the ultimate unsustainability of the business model currently dominating the Web. He starts with a quote from “Facebook’s Surveillance Machine” — a NYT OpEd column by the equally-redoubtable Zeynep Tufecki:

“Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Doc then points out the irony of his Privacy Badger software detecting 13 hidden trackers on the NYT page on which Zeynep’s column appears. (I’ve just checked and Ghostery currently detects 19 trackers on it.)

The point, Doc goes on to say, is that the Times is just doing what every other publication that lives off adtech does: tracking-based advertising. “These publications”,

don’t just open the kimonos of their readers. They bring people’s bare digital necks to vampires ravenous for the blood of personal data, all for the purpose of returning “interest-based” advertising to those same people.

With no control by readers (beyond tracking protection which relatively few know how to use, and for which there is no one approach or experience), and damn little care or control by the publishers who bare those readers’ necks, who knows what the hell actually happens to the data? No one entity, that’s for sure.

Doc points out that on reputable outfits like the New York Times writers like Zeynep have nothing to do with this endemic tracking. In such publications there probably is a functioning “Chinese Wall” between editorial and advertising. Just to drive the point home he looks at Sue Halpern’s piece in the sainted New Yorker on “Cambridge Analytica, Facebook and the Revelations of Open Secrets” and his RedMorph software finds 16 third-party trackers. (On my browser, Ghostery found 18.) The moral is, in a way, obvious: it’s a confirmation of Bruce Schneier’s original observation that “surveillance is the business model of the Internet”. Being a pedant, I would have said “of the Web”, but since many people can’t distinguish between the two, we’ll leave Bruce’s formulation stand.

What can be done about the downsides of the app economy?

Snippet from an interesting interview with Daphne Keller, Director of Intermediary Liability at the Stanford Center for Internet and Society:

So how did Facebook user data get to Cambridge Analytica (CA)?

What happened here was a breach of the developer’s agreement with FB — not some kind of security breach or hacking. GSR did more with the data than the TOS permitted—both in terms of keeping it around and in terms of sharing it with CA. We have no way of knowing whether other developers did the same thing. FB presumably doesn’t know either, but they do (per reporting) have audit rights in their developer agreements, so they, more than anyone, could have identified the problem sooner. And the overall privacy design of FB apps has been an open invitation for developments like this from the beginning. This is a story about an ecosystem full of privacy risk, and the inevitable abuse that resulted. It’s not about a security breach.

Is this a widespread problem among app developers?

Before we rush to easy answers, there is a big picture here that will take a long time to sort through. The whole app economy, including Android and iPhone apps, depends on data sharing. That’s what makes many apps work—from constellation mapping apps that use your location, to chat apps that need your friends’ contact information. Ideally app developers will collect only the data they actually need—they should not get a data firehose. Platforms should have policies to this effect and should give users granular controls over data sharing.

User control is important in part because platform control can have real downsides. Different platforms take more or less aggressive stances in controlling apps. The more controlling a platform is, the more it acts as a chokepoint, preventing users from finding or using particular apps. That has competitive consequences (what if Android’s store didn’t offer non-Google maps apps?). It also has consequences for information access and censorship, as we have seen with Apple removing the NYT app and VPN apps from the app store in China.

For my personal policy preferences, and probably for most people’s, we would have wanted FB to be much more controlling, in terms of denying access to these broad swathes of information. At the same time, the rule can’t be that platforms can’t support apps or share data unless the platform takes full legal responsibility for what the app does. Then we’d have few apps, and incumbent powerful platforms would hold even more power. So, there is a long-complicated policy discussion to be had here. It’s frustrating that we didn’t start it years ago when these apps launched, but hopefully at least we will have it now.

Why Facebook can’t change

My €0.02-worth on the bigger story behind the Cambridge Analytica shenanigans:

Watching Alexander Nix and his Cambridge Analytica henchmen bragging on Channel 4 News about their impressive repertoire of dirty tricks, the character who came irresistibly to mind was Gordon Liddy. Readers with long memories will recall him as the guy who ran the “White House Plumbers” during the presidency of Richard Nixon. Liddy directed the Watergate burglary in June 1972, detection of which started the long chain of events that eventually led to Nixon’s resignation two years later. For his pains, Liddy spent more than four years in jail, but went on to build a second career as a talk-show host and D-list celebrity. Reflecting on this, one wonders what job opportunities – other than those of pantomime villain and Savile Row mannequin – will now be available to Mr Nix.

The investigations into the company by Carole Cadwalladr, in the Observer, reveal that in every respect save one important one, CA looks like a standard-issue psychological warfare outfit of the kind retained by political parties – and sometimes national security services – since time immemorial. It did, however, have one unique selling proposition, namely its ability to offer “psychographic” services: voter-targeting strategies allegedly derived by analysing the personal data of more than 50 million US users of Facebook.

The story of how those data made the journey from Facebook’s servers to Cambridge Analytica’s is now widely known. But it is also widely misunderstood…

Read on

Facebook’s sudden attack of modesty

One of the most illuminating things you can do as a researcher is to go into Facebook not as a schmuck (i.e. user) but as an advertiser — just like your average Russian agent. Upon entering, you quickly begin to appreciate the amazing ingenuity and comprehensiveness of the machine that Zuckerberg & Co have constructed. It’s utterly brilliant, with a great user interface and lots of automated advice and help for choosing your targeted audience.

When doing this a while back — a few months after Trump’s election — I noticed that there was a list of case studies of different industries showing how effective a given targeting strategy could be in a particular application. One of those ‘industries’ was “Government and Politics” and among the case studies was a story of how a Facebook campaign had proved instrumental in helping a congressional candidate to win against considerable odds. I meant to grab some screenshots of this uplifting tale, but of course forget to do so. When I went back later, the case study had, well, disappeared.

Luckily, someone else had the presence of mind to grab a screenshot. The Intercept, bless it, has the before-and-after comparison shown in the image above. They are Facebook screenshots from (left) June 2017 and (right) March 2018.

Interesting, ne c’est pas?