Either Mark Zuckerberg is woefully ignorant of what happens at his company or he lied during his testimony to US lawmakers last week. As reported by Chris Griffith in the Murdoch Press, Zuckerberg said, ‘Anyone can turn off and opt out of any data collection for ads, whether they use our services or not.’
Actually, you can’t. As proven many times on this blog.
If you’d like to read that earlier post, here it is. This is still going on in 2018, and confirmed by others.
I can’t speak for shadow profiles because I am a Facebook user.
Summary: Facebook will ignore opt-outs done on its own site and at industry sites, and compile ad preferences on you. Been saying it, and proving it, for years.
I decided there’d be no harm getting that Facebook archive since I was no longer using it. And while I didn’t see phone logs as Dylan McKay did (I only had the app for about a month or so in 2012), what I did find was entirely in line with the privacy breaches I had been accusing Facebook of for years.
It relates to the Facebook ad preferences. In December 2016, I filed a complaint with the US Better Business Bureau over the fact that Facebook continued to compile data on your advertising preferences even after you opted out. During 2016, Facebook repopulated all my preferences not once, but multiple times, and I found a direct link between one of the advertisements it displayed in my feed and the recompiled preferences. This was the “smoking gun†the BBB asked me to find, though I never heard back from them.
As of 2018, knowing that Facebook will not respect your opt-outs, just as Google failed to do in 2011 (and potentially for two years before that), I visited the ad preferences’ page (here’s the link to yours, if you use Facebook and are logged in) regularly to keep it empty. What the download showed was very damning: Facebook has preferences compiled on me that do not appear on its ad preferences’ page.
Below are two screen shots, one of Facebook’s ad preferences’ page, and what is recorded in the archive. This is a direct violation of not only what the BBB says is one of its principles, it is a violation of the code advertisers subscribe to in industry bodies like the Network Advertising Initiative.
Above: Facebook’s own advertising preferences’ page, yet its user archive records something entirely different.
The archive is also interesting in claiming what ads I have supposedly interacted with. The ad preferences’ page says I have only clicked on an ad from my Alma Mater, St Mark’s Church School. The download says otherwise, recording clicks but not describing which device. However, I can categorically state that the downloaded record is 100 per cent false. I have not only never clicked on those ads (in either Facebook or on Instagram), I have not heard of some of these organizations. It is tempting, therefore, to conclude that if this is Facebook’s record of my activity, then it is misrepresenting click activity to advertisers, which I regard as extremely dishonest. We already know Facebook lies about users that ads can reach. Even if you don’t take my word for it, then you must ask yourself why the Facebook page and the Facebook download tell two very different stories. Which is right?
It’s the same story when it comes to which advertisers I have interacted with. The second list, in the user archive, is 100 per cent false. Has Facebook lied to advertisers over click activity?
This is not the end of it. As to which advertisers have my contact information, the ad preferences’ page say none. The download, however, says Spotify (which I have never used or downloaded), Shutterstock (whose site I have been on) and Emirates (and I am on their email list, but separately from Facebook). Again, why the two different records? And why has Facebook passed on this information to three advertisers without my consent?
Once again, when it comes to who has my contact information, Facebook tells me one story on an easily accessible page, and another one inside my user data archive. Which is true?
Yesterday, Mark Zuckerberg came out and made a statement on Facebook that had no apology (though he gave a personal one later on CNN) and, at a time when people demanded transparency, he continued with opaqueness.
First, he told us nothing we didn’t already know about the Cambridge Analytica scandal.
Secondly, he avoided the most pressing points.
No mention that Facebook had covered this up for two years. No explanation of why he failed to answer journalists about this for two years. No explanation on why Facebook tried to gag the story in The Observer by threatening legal action. No mention that it had failed, by law, to report a data breach that it knew about.
From the clips I saw on CNN, Zuckerberg claims he wants to restrict access to developers, and he still doesn’t know if there are other Cambridge Analyticas out there. Nothing about Facebook gathering more and more data on you and using it improperly themselves, which has actually been an ongoing issue. From the clips online provided by CNN, it wasn’t a hard-hitting interview, with the journalist going very easy on the milliardaire in what amounted to a puff piece. I really hope there was more meat than what we were shown, given how much ammo there is.
The site has countless more failings, including its bots and its bugs, but I’ve mentioned them before.
I’m unimpressed and for once, the market agreed, with shares dipping 2·7 per cent after Zuckerberg’s first comments in the wake of the scandal.
However, CNN Money thinks Cambridge Analytica is an anomaly, even when Facebook’s own boss says they are still to ‘make sure’ whether there are other firms out there in the same boat. ‘We’re going to go now and investigate every app that has access to a large amount of information.’ In other words, it hasn’t been done, and yet Facebook knew about this since 2015.
In other words, the world is seeing what I and others have talked about for years: Facebook is irresponsible, it does nothing till it’s embarrassed into it, and it collects a lot of data on you even after you’ve opted out of certain features on their site.
Not a lot has changed since 2009, when he gave this interview with the BBC. Say one thing, do another.
Facebook’s woes over Cambridge Analytica have only prompted one reaction from me: I told you so. While I never seized upon this example, bravely revealed to us by whistleblower Christopher Wylie and reported by Carole Cadwalladr and Emma Graham-Harrison of The Guardian, Facebook has shown itself to be callous about private data, mining preferences even after users have opted out, as I have proved on more than one occasion on this blog. They don’t care what your preferences are, and for a long time changed them quietly when you weren’t looking.
And it’s nothing new: in October 2010, Emily Steel wrote, in The Wall Street Journal, about a data firm called Rapleaf that harvested Facebook information to target political advertisements (hat tip here to Jack Martin Leith).
Facebook knew of a data breach years ago and failed to report it as required under law. The firm never acts, as we have seen, when everyday people complain. It only acts when it faces potential bad press, such as finally ceasing, after nearly five years, its forced malware downloads after I tipped off Wired’s Louise Matsakis about them earlier this year. Soon after Louise’s article went live, the malware downloads ceased.
Like all these problems, if the stick isn’t big enough, Facebook will just hope things go away, or complain, as it did today, that it’s the victim. Sorry, you’re not. You’ve been complicit more than once, and violating user privacy, as I have charged on this blog many times, is part of your business practice.
In this environment, I am also not surprised that US$37,000 million has been wiped off Facebook’s value and CEO Mark Zuckerberg saw his net worth decline by US$5,000 million.
Those who kept buying Facebook shares, I would argue, were unreasonably optimistic. The writing surely was on the wall in January at the very latest (though I would have said it was much earlier myself), when I wrote, ‘All these things should have been sending signals to the investor community a long time ago, and as we’ve discussed at Medinge Group for many years, companies would be more accurately valued if we examined their contribution to humanity, and measuring the ingredients of branding and relationships with people. Sooner or later, the truth will out, and finance will follow what brand already knew. Facebook’s record on this front, especially when you consider how we at Medinge value brands and a company’s promise-keeping, has been astonishingly poor. People do not trust Facebook, and in my book: no trust means poor brand equity.’
This sounds like my going back to my very first Medinge meeting in 2002, when we concluded, at the end of the conference, three simple words: ‘Finance is broken.’ It’s not a useful measure of a company, certainly not the human relationships that exist within. But brand has been giving us this heads-up for a long time: if you can’t trust a company, then it follows that its brand equity is reduced. That means its overall value is reduced. And time after time, finance follows what brand already knew. Even those who tolerate dishonesty—and millions do—will find it easy to depart from a product or service along with the rest of the mob. There’s less and less for them to justify staying with it. The reasons get worn down one by one: I’m here because of my kids—till the kids depart; I’m here because of my friends—till the friends depart. If you don’t create transparency, you risk someone knocking back the wall.
We always knew Facebook’s user numbers were bogus, considering how many bots there are on the system. It would be more when people wanted to buy advertising, and it would be less when US government panels charged with investigating Facebook were asking awkward questions. I would love to know how many people are really on there, and the truth probably lies between the two extremes. Facebook probably should revise its claimed numbers down by 50 per cent.
It’s a very simplified analysis—of course brand equity is made up of far more than trust—and doubters will point to the fact Facebook’s stock had been rising through 2017.
But, as I said, finance follows brand, and Facebook is fairly under assault from many quarters. It has ignored many problems for over a decade, its culture borne of arrogance, and you can only do this for so long before people wise up. In the Trump era, with the US ever more divided, there were political forces that even Facebook could not ignore. Zuckerberg won’t be poor, and Facebook, Inc. has plenty of assets, so they’re not going away. But Facebook, as we know it, isn’t the darling that it was a decade ago, and what we are seeing, and what I have been talking about for years, are just the tip of the iceberg.
I worry about the control that big corporations have over information. The danger is we get into the situation that existed in the Soviet Union with their papers, Pravda, which means “truth” and Izvestia, which means “news”. The joke was, there was no truth in Pravda and no news in Izvestia. Corporations will always promote stories that reflect well on them and suppress those that don’t.
That last bit definitely applies to a lot of the media today, especially those owned outside our country.
The rest makes for a great read as Prof Hawking talks about AI, the anti-science movement, Donald Trump, and what humanity needs to do urgently in science. Here’s that link again.
I don’t know if Instagram does this on all phones, but when I make multi-photo posts, it often leaves behind a very interesting image. Sometimes, the result is very artistic, such as this one of a Lotus–Ford Cortina Mk II.
You can see the rear three-quarter shot just peer in through the centre. I’ve a few others on my Tumblr, but this is the best one. Sometimes technology accidentally makes decent art. I’m still claiming copyright given it’s derived directly from my work.
With how widespread Facebook’s false malware accusations were—Facebook itself claims millions were “helped” by them in a three-month period—it was surprising how no one in the tech press covered the story. I never understood why not, since it was one of many misdeeds that made Facebook such a basket case of a website. You’d think that after doing everything from experimenting on its users to intruding on users’ privacy with tracking preferences even after opting out, this would have been a story that followed suit. Peak Facebook has been and gone, so it amazed me that no journalist had ever covered this. Until now. Like Sarah Lacy at Pando, who took the principled stand to write about Ãœber’s problems when no one else in the tech media was willing to, it appears to be a case of ‘You can trust a woman to get it right when no man has the guts,’ in this case social media and security writer for Wired, Louise Matsakis. I did provide Louise with a couple of quotes in her story, as did respondents in the US and Germany; she interviewed people on four continents. Facebook’s official responses read like the usual lies we’ve all heard before, going on the record with Louise with such straw-people arguments. Thank goodness for Louise’s and Wired’s reputations for getting past the usual wall of silence, and it demonstrates again how dishonest Facebook is.
I highly recommend Louise’s article here—and please do check it out as she is the first journalist to write about something that has been deceiving Facebook users for four years.
As some of you know, the latest development with Facebook’s fake malware warnings, and the accompanying forced downloads, is that Mac users were getting hit in a big way over the last fortnight. Except the downloads were Windows-only. Basically, Mac users were locked out of their Facebook accounts. We also know that these warnings have nothing to do with malware, as other people can sign on to the same “infected” machines without any issue (and I had asked a few of these Mac users to do just that—they confirmed I was right).
Facebook has been blocking the means by which we can get around the forced downloads. Till April 2016, you could delete your cookies and get back in. You could also go and use a Linux or Mac PC. But steadily, Facebook has closed each avenue, leaving users with fewer and fewer options but to download their software. Louise notes, ‘Facebook tells users when they agree to conduct the scan that the data collected in the process will be used “to improve security on and off Facebook,” which is vague. The company did not immediately respond to a followup request for comment about how exactly it uses the data it collects from conducting malware checks.’ But we know data are being sent to Facebook without our consent.
Facebook also told Louise that a Mac user might have been prompted to download a Windows program because of how malware spoofs different devices—now, since we all know these computers aren’t infected, we know that that’s a lie. Then a spokesman told Louise that Facebook didn’t collect enough information to know whether you really were infected. But, as she rightly asks, if they didn’t collect that info, why would they force you to download their software? And just what precedent is that setting, since scammers use the very same phishing techniques? Facebook seems to be normalizing this behaviour. I think they got themselves even deeper in the shit by their attempts at obfuscation.
Facebook also doesn’t answer why many users can simply wait three days for their account to come right instead of downloading their software. Which brings me back to the database issues I discovered in 2014.
Louise even interviewed ESET, which is one of the providers of the software, only to get a hackneyed response—which is better than what the rest of us managed, because the antivirus companies all are chatty on Twitter till you bring this topic up. Then they clam up. Again, thank goodness for the fourth estate and a journalist with an instinct for a great story.
So please do give Louise some thanks for writing such an excellent piece by visiting her article, or send her a note via Twitter, to @lmatsakis. To think this all began one night in January 2016 …
Speaking for myself (which won’t affect Snap’s valuation at all), I could never get it to run. It said it needed Google Services, something which I don’t have and don’t want. Who wants Google tracking them all day long—while using up your own phone’s battery power?
As Sarah points out in a Tweet, this is why ‘you don’t build a $30b co off one generation’s fads’. Twitter should heed this make their experience better rather than have double standards, keeping one particular user on because they know they’re getting attention. (On that note, why is Twitter search so broken today?)
In Wired today: ‘Russian trolls stole US identities to hide in plain sight’. This included hacking to steal Social Security details, then create social media presences using real identities.
I could have told you about the fake Facebook presences in 2014. Hang on, I did. There was an entire series of blog posts about it here and on my Tumblr.
While I couldn’t have known who was behind these accounts, I said Facebook had an ‘epidemic’ of bots back then. Some were really fake. But many used convincing American names and US cities and towns. Some were hacked existing accounts but most, back then, were newly created. I even tended to list them before I got tired of doing so. In one night in 2014, I found 277 fake accounts. Facebook wouldn’t even let me report more than 50 per day. After reporting them, they left many of them up, and they necessitated repeated reports.
You can go on my Tumblr and find more posts like that, but with fewer than 277. Still, that wasn’t an outlier. I had another night were there were 240 or so.
Now, if one guy can find 200-plus in one night, just how many were there? Wired says:
According to the indictment, the Russians not only created Paypal accounts, bank accounts, and false identity documents with stolen American identities, but also created social media accounts, using victims’ names to more authentically fabricate political sock puppets and avoid detection.
And:
WIRED reached out to both Twitter and Facebook to ask if the companies had any prior knowledge of those impersonation instances, and Twitter declined to respond.
Facebook didn’t respond to WIRED’s specific questions on those stolen accounts.
Let me tell you now that Facebook did have prior knowledge of impersonation instances and stolen accounts, and I allege they go back many years. Special counsel Robert Mueller’s indictment alleges that the accused started their social media work (the ‘translator project’) in April 2014, the same year I reported what I saw. (A few years later, a massive bunch of South Korean Facebook accounts were hacked and renamed.) Commercial bot nets (my original suspicion, but then I’m lousy at thinking up crimes and would make an appalling crime novelist), or something more sinister?
To this day, Holly Jahangiri and I can still find them. I don’t even use my Facebook wall any more, and just have a glance at a few groups and pages I run. Even there the bots are coming thick and fast, and many of the ones Holly finds impersonate US military family members.
Maybe it’s a stretch to say it’s “the Russians”. I still find it hard to believe I could have stumbled upon anything like that, but reading that indictment, and the years the US Justice Department names, makes me wonder. There’s that list of 277—feel free to investigate them if you can, whether you are American or Russian. It’s open to all, and I’d love to know who was behind them. My only real surprise is that others, surely, must have seen this? So many of us use Facebook. I didn’t hunt for these people, they were just around, joining groups and pages, and sending friend requests to cover how fake they were. It didn’t take a genius to work out they were fake. I spent days reporting them because I didn’t want a site I was using to be full of bots, sucking up resources.
