Either Mark Zuckerberg is woefully ignorant of what happens at his company or he lied during his testimony to US lawmakers last week. As reported by Chris Griffith in the Murdoch Press, Zuckerberg said, ‘Anyone can turn off and opt out of any data collection for ads, whether they use our services or not.’
Actually, you can’t. As proven many times on this blog.
If you’d like to read that earlier post, here it is. This is still going on in 2018, and confirmed by others.
I can’t speak for shadow profiles because I am a Facebook user.
Summary: Facebook will ignore opt-outs done on its own site and at industry sites, and compile ad preferences on you. Been saying it, and proving it, for years.
Beyond all that had gone on with AIQ and Cambridge Analytica, a lot more has come out about Facebook’s practices, things that I always suspected they do, for why else would they collect data on you even after you opted out?
Now, Sam Biddle at The Intercept has written a piece that demonstrates that whatever Cambridge Analytica did, Facebook itself does far, far more, and not just to 87 million people, but all of its users (that’s either 2,000 million if you believe Facebook’s figures, or around half that if you believe my theories), using its FBLearner Flow program.
Biddle writes (link in original):
This isn’t Facebook showing you Chevy ads because you’ve been reading about Ford all week — old hat in the online marketing world — rather Facebook using facts of your life to predict that in the near future, you’re going to get sick of your car. Facebook’s name for this service: “loyalty prediction.â€
Spiritually, Facebook’s artificial intelligence advertising has a lot in common with political consultancy Cambridge Analytica’s controversial “psychographic†profiling of voters, which uses mundane consumer demographics (what you’re interested in, where you live) to predict political action. But unlike Cambridge Analytica and its peers, who must content themselves with whatever data they can extract from Facebook’s public interfaces, Facebook is sitting on the motherlode, with unfettered access to staggering databases of behavior and preferences. A 2016 ProPublica report found some 29,000 different criteria for each individual Facebook user …
… Cambridge Analytica begins to resemble Facebook’s smaller, less ambitious sibling.
As I’ve said many times, I’ve no problem with Facebook making money, or even using AI for that matter, as long as it does so honestly, and I would hope that people would take as a given that we expect that it does so ethically. If a user (like me) has opted out of ad preferences because I took the time many years ago to check my settings, and return to the page regularly to make sure Facebook hasn’t altered them (as it often does), then I expect them to be respected (my investigations show that they aren’t). Sure, show me ads to pay the bills, but not ones that are tied to preferences that you collect that I gave you no permission to collect. As far as I know, the ad networks we work with respect these rules if readers had opted out at aboutads.info and the EU equivalent.
Regulating Facebook mightn’t be that bad an idea if there’s no punishment to these guys essentially breaking basic consumer laws (as I know them to be here) as well as the codes of conduct they sign up to with industry bodies in their country. As I said of Google in 2011: if the other 60-plus members of the Network Advertising Initiative can create cookies that respect the rules, why can’t Google? Here we are again, except the main player breaking the rules is Facebook, and the data they have on us is far more precise than some Google cookies.
Coming back to Biddle’s story, he sums up the company as a ‘data wholesaler, period.’ The 29,000 criteria per user claim is very easy to believe for those of us who have popped into Facebook ad preferences and found thousands of items collected about us, even after opting out. We also know that the Facebook data download shows an entirely different set of preferences, which means either the ad preference page is lying or the download is lying. In either case, those preferences are being used, manipulated and sold.
Transparency can help Facebook through this crisis, yet all we saw from CEO Mark Zuckerberg was more obfuscation and feigned ignorance at the Senate and Congress. This exchange last week between Rep. Anna Eshoo of Palo Alto and Zuckerberg was a good example:
Eshoo: It was. Are you willing to change your business model in the interest of protecting individual privacy?
Zuckerberg: Congresswoman, we have made and are continuing to make changes to reduce the amount of data …
Eshoo: No, are you willing to change your business model in the interest of protecting individual privacy?
Zuckerberg: Congresswoman, I’m not sure what that means.
In other words, they want to preserve their business model and keep things exactly as they are, even if they are probably in violation of a 2011 US FTC decree.
The BBC World Service News had carried the hearings but, as far as I know, little made it on to the nightly TV here.
This is either down to the natural news cycle: when Christopher Wylie blew the whistle on Cambridge Analytica in The Observer, it was major news, and subsequent follow-ups haven’t piqued the news editors’ interest in the same way. Or, the media were only outraged as it connected to Trump and Brexit, and now that we know it’s exponentially more widespread, it doesn’t matter as much.
There’s still hope that the social network can be a force for good, if Zuckerberg and co. are actually sincere about it. If Facebook has this technology, why employ it for evil? That may sound a naïve question, but if you genuinely were there to better humankind (and not rate your female Harvard classmates on their looks) and you were sitting on a motherlode of user data, wouldn’t you ensure that the platform were used to create greater harmony between people rather than sow discord and spur murder? Wouldn’t you refrain from bragging that you have the ability to influence elections? The fact that Facebook doesn’t, and continues to see us as units to be milked in the matrix, should worry us a great deal more than an 87 million-user data breach.
Steve Wozniak has quit Facebook, and apparently was surprised at the advertising preferences that the company had built up on him. Like me, Woz had been deleting the ad preferences and advertisers one at a time. Now, if Woz is surprised, then it shows you how serious it is. As I noted in my last post, Facebook even lies about those: on the public ad preferences page it might show none, in the big Facebook data dump it shows some. I believe it might even lie to advertisers about our activity.
Here’s something else I can tell you first-hand. When you see ads on Instagram, a Facebook subsidiary, they claim that the preferences are controlled within Facebook.
Inside the ad preferences, all alcohol ads are turned off. Guess what appeared in my Instagram? An ad for Heineken.
Unless Heineken has launched a non-alcoholic beer under that brand, then Facebook has lied once again.
Facebook’s ad preferences mean nothing. I saw a beer ad in Instagram, then checked my Facebook ad preferences, which Instagram claims control what ads I see. That’s a load of old bollocks (i.e. business as usual at Facebook Inc.).
And remember, throughout all of this, I had already opted out of ad customization on another Facebook page, so there’s no reason for Facebook to compile anything on me. Yet, regardless of that setting, it will compile and compile. It will even repopulate, with thousands of preferences, freshly deleted pages.
Now we know that there’s a possibility, if you weren’t clued up about your privacy settings, that these preferences were sold to others. The latest revelation is that CubeYou had sold user data also gathered under the guise of ‘academic research’. Remember, Facebook knew about the Cambridge Analytica leak in 2015 and sought to bury the story. The new CubeYou story proves that that was not isolated. But then, if you go back through what I have been writing in this blog for a good part of this decade, you really wouldn’t be surprised about any of this. In fact, you can probably make an educated guess and say that this was normal practice at Facebook: have money, will sell. Even President Duterte of the Philippines benefited from these practices, with 1·2 million Filipinos’ data harvested, and the list goes on. In New Zealand, Facebook has said that up to 63,714 Kiwis’ profiles were harvested. And now, it appears there’s even a link with US businessman Peter Thiel, who gained New Zealand residency after spending less than 1 per cent of the time required here, and whose companies, as defence contractors, have received millions of dollars of New Zealand taxpayer funds.
Thanks to Facebook, governments have a lot on us, something Edward Snowden has been saying for years. The difference in the 2000s and 2010s is, thanks to digital narcissism, we’re the ones willingly providing this information, while Facebook milks it for all it’s worth, before its enriched CEO pretends to play victim, and his people try to use legal means to shut down the negative media stories.
PS., April 14: If you thought the above was isolated, you’d be quite wrong:
@Instagram@Facebook What part of 'hide permanently' all alcohol ads do you not understand? Oh, that’s right, you don’t give a toss about user preferences and opt-outs. Hope you get done badly by your government. pic.twitter.com/58OVLd1Veo
I decided there’d be no harm getting that Facebook archive since I was no longer using it. And while I didn’t see phone logs as Dylan McKay did (I only had the app for about a month or so in 2012), what I did find was entirely in line with the privacy breaches I had been accusing Facebook of for years.
It relates to the Facebook ad preferences. In December 2016, I filed a complaint with the US Better Business Bureau over the fact that Facebook continued to compile data on your advertising preferences even after you opted out. During 2016, Facebook repopulated all my preferences not once, but multiple times, and I found a direct link between one of the advertisements it displayed in my feed and the recompiled preferences. This was the “smoking gun†the BBB asked me to find, though I never heard back from them.
As of 2018, knowing that Facebook will not respect your opt-outs, just as Google failed to do in 2011 (and potentially for two years before that), I visited the ad preferences’ page (here’s the link to yours, if you use Facebook and are logged in) regularly to keep it empty. What the download showed was very damning: Facebook has preferences compiled on me that do not appear on its ad preferences’ page.
Below are two screen shots, one of Facebook’s ad preferences’ page, and what is recorded in the archive. This is a direct violation of not only what the BBB says is one of its principles, it is a violation of the code advertisers subscribe to in industry bodies like the Network Advertising Initiative.
Above: Facebook’s own advertising preferences’ page, yet its user archive records something entirely different.
The archive is also interesting in claiming what ads I have supposedly interacted with. The ad preferences’ page says I have only clicked on an ad from my Alma Mater, St Mark’s Church School. The download says otherwise, recording clicks but not describing which device. However, I can categorically state that the downloaded record is 100 per cent false. I have not only never clicked on those ads (in either Facebook or on Instagram), I have not heard of some of these organizations. It is tempting, therefore, to conclude that if this is Facebook’s record of my activity, then it is misrepresenting click activity to advertisers, which I regard as extremely dishonest. We already know Facebook lies about users that ads can reach. Even if you don’t take my word for it, then you must ask yourself why the Facebook page and the Facebook download tell two very different stories. Which is right?
It’s the same story when it comes to which advertisers I have interacted with. The second list, in the user archive, is 100 per cent false. Has Facebook lied to advertisers over click activity?
This is not the end of it. As to which advertisers have my contact information, the ad preferences’ page say none. The download, however, says Spotify (which I have never used or downloaded), Shutterstock (whose site I have been on) and Emirates (and I am on their email list, but separately from Facebook). Again, why the two different records? And why has Facebook passed on this information to three advertisers without my consent?
Once again, when it comes to who has my contact information, Facebook tells me one story on an easily accessible page, and another one inside my user data archive. Which is true?
Yesterday, Mark Zuckerberg came out and made a statement on Facebook that had no apology (though he gave a personal one later on CNN) and, at a time when people demanded transparency, he continued with opaqueness.
First, he told us nothing we didn’t already know about the Cambridge Analytica scandal.
Secondly, he avoided the most pressing points.
No mention that Facebook had covered this up for two years. No explanation of why he failed to answer journalists about this for two years. No explanation on why Facebook tried to gag the story in The Observer by threatening legal action. No mention that it had failed, by law, to report a data breach that it knew about.
From the clips I saw on CNN, Zuckerberg claims he wants to restrict access to developers, and he still doesn’t know if there are other Cambridge Analyticas out there. Nothing about Facebook gathering more and more data on you and using it improperly themselves, which has actually been an ongoing issue. From the clips online provided by CNN, it wasn’t a hard-hitting interview, with the journalist going very easy on the milliardaire in what amounted to a puff piece. I really hope there was more meat than what we were shown, given how much ammo there is.
The site has countless more failings, including its bots and its bugs, but I’ve mentioned them before.
I’m unimpressed and for once, the market agreed, with shares dipping 2·7 per cent after Zuckerberg’s first comments in the wake of the scandal.
However, CNN Money thinks Cambridge Analytica is an anomaly, even when Facebook’s own boss says they are still to ‘make sure’ whether there are other firms out there in the same boat. ‘We’re going to go now and investigate every app that has access to a large amount of information.’ In other words, it hasn’t been done, and yet Facebook knew about this since 2015.
In other words, the world is seeing what I and others have talked about for years: Facebook is irresponsible, it does nothing till it’s embarrassed into it, and it collects a lot of data on you even after you’ve opted out of certain features on their site.
Not a lot has changed since 2009, when he gave this interview with the BBC. Say one thing, do another.
Facebook’s woes over Cambridge Analytica have only prompted one reaction from me: I told you so. While I never seized upon this example, bravely revealed to us by whistleblower Christopher Wylie and reported by Carole Cadwalladr and Emma Graham-Harrison of The Guardian, Facebook has shown itself to be callous about private data, mining preferences even after users have opted out, as I have proved on more than one occasion on this blog. They don’t care what your preferences are, and for a long time changed them quietly when you weren’t looking.
And it’s nothing new: in October 2010, Emily Steel wrote, in The Wall Street Journal, about a data firm called Rapleaf that harvested Facebook information to target political advertisements (hat tip here to Jack Martin Leith).
Facebook knew of a data breach years ago and failed to report it as required under law. The firm never acts, as we have seen, when everyday people complain. It only acts when it faces potential bad press, such as finally ceasing, after nearly five years, its forced malware downloads after I tipped off Wired’s Louise Matsakis about them earlier this year. Soon after Louise’s article went live, the malware downloads ceased.
Like all these problems, if the stick isn’t big enough, Facebook will just hope things go away, or complain, as it did today, that it’s the victim. Sorry, you’re not. You’ve been complicit more than once, and violating user privacy, as I have charged on this blog many times, is part of your business practice.
In this environment, I am also not surprised that US$37,000 million has been wiped off Facebook’s value and CEO Mark Zuckerberg saw his net worth decline by US$5,000 million.
Those who kept buying Facebook shares, I would argue, were unreasonably optimistic. The writing surely was on the wall in January at the very latest (though I would have said it was much earlier myself), when I wrote, ‘All these things should have been sending signals to the investor community a long time ago, and as we’ve discussed at Medinge Group for many years, companies would be more accurately valued if we examined their contribution to humanity, and measuring the ingredients of branding and relationships with people. Sooner or later, the truth will out, and finance will follow what brand already knew. Facebook’s record on this front, especially when you consider how we at Medinge value brands and a company’s promise-keeping, has been astonishingly poor. People do not trust Facebook, and in my book: no trust means poor brand equity.’
This sounds like my going back to my very first Medinge meeting in 2002, when we concluded, at the end of the conference, three simple words: ‘Finance is broken.’ It’s not a useful measure of a company, certainly not the human relationships that exist within. But brand has been giving us this heads-up for a long time: if you can’t trust a company, then it follows that its brand equity is reduced. That means its overall value is reduced. And time after time, finance follows what brand already knew. Even those who tolerate dishonesty—and millions do—will find it easy to depart from a product or service along with the rest of the mob. There’s less and less for them to justify staying with it. The reasons get worn down one by one: I’m here because of my kids—till the kids depart; I’m here because of my friends—till the friends depart. If you don’t create transparency, you risk someone knocking back the wall.
We always knew Facebook’s user numbers were bogus, considering how many bots there are on the system. It would be more when people wanted to buy advertising, and it would be less when US government panels charged with investigating Facebook were asking awkward questions. I would love to know how many people are really on there, and the truth probably lies between the two extremes. Facebook probably should revise its claimed numbers down by 50 per cent.
It’s a very simplified analysis—of course brand equity is made up of far more than trust—and doubters will point to the fact Facebook’s stock had been rising through 2017.
But, as I said, finance follows brand, and Facebook is fairly under assault from many quarters. It has ignored many problems for over a decade, its culture borne of arrogance, and you can only do this for so long before people wise up. In the Trump era, with the US ever more divided, there were political forces that even Facebook could not ignore. Zuckerberg won’t be poor, and Facebook, Inc. has plenty of assets, so they’re not going away. But Facebook, as we know it, isn’t the darling that it was a decade ago, and what we are seeing, and what I have been talking about for years, are just the tip of the iceberg.
Since Louise Matsakis’s story on Facebook’s malware scanner came out in Wired, the number of hits to my pieces about my experience has dwindled.
This can mean one of two things: (a) Wired’s getting the hits, which I don’t mind, considering they are the only tech media who had the cohones to talk about it; (b) Facebook, after being busted by the mainstream media, has stopped falsely accusing its users of having malware on their systems.
Certainly on Twitter, although Twitter has broken its search function recently, far fewer Tweets with Facebook malware appear in a search.
Of the two, (b) is more likely, because in previous circumstances, Facebook has only backed down after being embarrassed by the media, or after they receive a threat that could land them in an embarrassing situation.
That includes the times it kicked off drag queens and kings, only to have them fight back with the media’s help; or leave porn and kiddie porn up, till they’re threatened with reports to the authorities.
Otherwise, they ignore you—as they have done with users who have complained about the malware scanner for four years.
It’s not unlike Google, who only stopped hacking Iphones in 2012 after The Wall Street Journal busted them for doing so, or only changed their cookie policies to be in line with their own claims after I busted them in 2011 to the Network Advertising Initiative for lying.
These firms do have too much power because the law means nothing to them, but embarrassment in the court of public opinion does.
After Louise’s article came out, Bloomberg did a story on it, as did one independent media outlet.
So while a very small part of me isn’t thrilled that my hits on this blog have dropped, I’m actually far more pleased to know far fewer people are being lied to by Facebook about having malware on their systems. I’m also happy that tens of thousands, maybe even millions, aren’t wasting their time downloading and running a fake scanner which sends their private data to Facebook.
It’s also interesting how quickly Facebook switched off their fake-warning system, within days of Louise’s article.
It wasn’t as quick as Google switching off their Iphone privacy circumventing after the WSJ (same day) but the speed at which Facebook ceased telling people they have malware does suggest that those warnings were, as I said all along, fake. Louise asked the right questions and none of Facebook’s answers made sense.
Facebook has plenty more misdeeds, and, in time, I am sure the tech media will get to them.
It may find that despite its wealth, on a lot of things it actually needs to play by the very rules it claims to follow. And that means no more forced downloads of software that send your private data to them.
How much has TPPA changed? Not a lot, according to this petition. The full content is below, and if you agree, click through to dontdoit.nz and add your signature. Point (e) is the one that most of us understand, and according to the petition, it’s still there.
While all trade agreements have some form of investor–state dispute settlement process, what has leaked out (since the process remains secret) about TPPA, and TPPA-11, is that the process remains unfair. ISDSs have morphed into something where corporations can get far more than a fair go against governments that might, for example, nationalize their assets, which were their original intent, one that I think is fair. But here are some examples of where things can go terribly wrong, and there’s nothing in TPPA-11 that (apparently) prevents these sorts of things happening.
We, the undersigned, express our grave concern that:
(a) The Labour Party, New Zealand First and the Green Party all said in the Select Committee report on the Trans-Pacific Partnership Agreement (TPPA) that they would not support its ratification;
(b) The text agreed by eleven countries after the US pulled out, the TPPA-11, remains the same as the original TPPA, with a small number of items in the original text being suspended, not removed;
(c) The government has promised a new inclusive and progressive approach to trade and investment agreements, but there is nothing new and progressive to justify the renaming of the TPPA-11 as the Comprehensive and Progressive Agreement on Trans-Pacific Partnership;
(d) There are many provisions in the TPPA-11 that restrict the regulatory sovereignty of the current and future Parliaments;
(e) The Government has instructed officials not to include investor-state dispute settlement (ISDS) in future agreements, yet the TPPA-11 still contains the core investor protection rules that can be enforced through ISDS;
(f) The secrecy that the governing parties criticised in the original negotiations continues and that the text will apparently not be released until after the agreement is signed;
(g) There has been no analysis of the economic costs and benefits of the TPPA-11, including the impact on employment and income distribution, as the governing parties called for in the select committee report;
(h) There has been no health impact assessment of the revised agreement as called for by the current Government in the select committee report, nor any assessment of environmental impact or constraints on climate action;
(i) The Crown has not discussed ways to improve the Treaty of Waitangi exception and strengthen protections for Māori as the Waitangi Tribunal advised;
(j) Despite these facts, the Government has announced its intention to sign the TPPA-11 on 8 March 2018;
and urge the House to call upon the Government:
(k) not to sign the TPPA or the Comprehensive and Progressive Agreement on Trans-Pacific Partnership;
(l) to conduct a principles-based review of New Zealand’s approach to free trade, investment and economic integration agreements that involves broad-based consultation;
(m) to engage with Māori to reach agreement on effective protection of their rights and interests consistent with te Tiriti o Waitangi and suspend negotiations for similar agreements until that review is concluded;
and further, urge the House to pass new legislation that
(n) establishes the principles and protections identified through the principles-based review under paragraph (l) as the standing general mandate for New Zealand’s future negotiations, including;
i. excluding ISDS from all agreements New Zealand enters into, and renegotiating existing agreements with ISDS;
ii. a requirement for the government to commission and release in advance of signing an agreement independent analyses of the net costs and benefits of any proposed agreement for the economy, including jobs and distribution, and of the impact on health, other human rights, the environment and the ability to take climate action;
iii. a legislative requirement to refer the agreement to the Waitangi Tribunal for review prior to any decision to sign the treaty; and
(o) makes the signing of any agreement conditional on a majority vote of the Parliament following the tabling in the House of the reports referred to in paragraph (n) (ii) and (iii);
and for the House to amend its Standing Orders to
(p) establish a specialist parliamentary select committee on treaties with membership that has the necessary expertise to scrutinise free trade, investment and economic integration agreements;
(q) require the tabling of the government’s full mandate for any negotiation prior to the commencement of negotiations, and any amendment to that mandate, as well as periodic reports to the standing committee on treaties on compliance with that mandate;
(r) require the tabling of any final text of any free trade, investment and economic integration agreement at least 90 days prior to it being signed;
(s) require the standing committee on treaties call for and hear submissions on the mandate, the periodic reports, and pre-signing version of the text and the final text and report on those hearings to Parliament;
(t) require a two-third majority support for the adoption of any free trade, investment or economic integration agreement that constrains the sovereignty of future Parliaments that is binding and enforceable through external dispute settlement processes.
Given New Zealand First’s vehement opposition to it while outside of government, it’s hard to believe that the minor changes would have satisfied the party so easily.
If you have the same concerns as the petition writers, and believe our government should do (k) through (t), then the petition’s at dontdoit.nz.
In Wired today: ‘Russian trolls stole US identities to hide in plain sight’. This included hacking to steal Social Security details, then create social media presences using real identities.
I could have told you about the fake Facebook presences in 2014. Hang on, I did. There was an entire series of blog posts about it here and on my Tumblr.
While I couldn’t have known who was behind these accounts, I said Facebook had an ‘epidemic’ of bots back then. Some were really fake. But many used convincing American names and US cities and towns. Some were hacked existing accounts but most, back then, were newly created. I even tended to list them before I got tired of doing so. In one night in 2014, I found 277 fake accounts. Facebook wouldn’t even let me report more than 50 per day. After reporting them, they left many of them up, and they necessitated repeated reports.
You can go on my Tumblr and find more posts like that, but with fewer than 277. Still, that wasn’t an outlier. I had another night were there were 240 or so.
Now, if one guy can find 200-plus in one night, just how many were there? Wired says:
According to the indictment, the Russians not only created Paypal accounts, bank accounts, and false identity documents with stolen American identities, but also created social media accounts, using victims’ names to more authentically fabricate political sock puppets and avoid detection.
And:
WIRED reached out to both Twitter and Facebook to ask if the companies had any prior knowledge of those impersonation instances, and Twitter declined to respond.
Facebook didn’t respond to WIRED’s specific questions on those stolen accounts.
Let me tell you now that Facebook did have prior knowledge of impersonation instances and stolen accounts, and I allege they go back many years. Special counsel Robert Mueller’s indictment alleges that the accused started their social media work (the ‘translator project’) in April 2014, the same year I reported what I saw. (A few years later, a massive bunch of South Korean Facebook accounts were hacked and renamed.) Commercial bot nets (my original suspicion, but then I’m lousy at thinking up crimes and would make an appalling crime novelist), or something more sinister?
To this day, Holly Jahangiri and I can still find them. I don’t even use my Facebook wall any more, and just have a glance at a few groups and pages I run. Even there the bots are coming thick and fast, and many of the ones Holly finds impersonate US military family members.
Maybe it’s a stretch to say it’s “the Russians”. I still find it hard to believe I could have stumbled upon anything like that, but reading that indictment, and the years the US Justice Department names, makes me wonder. There’s that list of 277—feel free to investigate them if you can, whether you are American or Russian. It’s open to all, and I’d love to know who was behind them. My only real surprise is that others, surely, must have seen this? So many of us use Facebook. I didn’t hunt for these people, they were just around, joining groups and pages, and sending friend requests to cover how fake they were. It didn’t take a genius to work out they were fake. I spent days reporting them because I didn’t want a site I was using to be full of bots, sucking up resources.
.jpg)
