Facebook’s Fall from Grace

Following the attack at a mosque in Christchurch in which 50 people were murdered, New Zealand’s Prime Minister Jacinda Ardern called on Facebook to do better;

“They are the publisher, not just the postman. It cannot be a case of all profit, no responsibility.”

She has a point, during the shooting in Christchurch the shooter live streamed his rampage through two mosques. I have seen a couple of screen grabs from the video and the images look like a very graphic shooter game. We now know that the first man to see him at the first mosque greeted him with the words “Welcome, Brother” and presumably this greeting was recorded on the live stream. It’s now illegal to publish the video stream in New Zealand, and the article where I saw these images has been taken down. To give Facebook credit once the New Zealand police alerted them I understand their Global Escalations Teams worked to remove instances of the live stream from their platform. But technically, under US law, they cannot be held responsible in court.

The video may still be out there, I’m not interested in seeing it but when researching for this article I found an interesting autocomplete in a google search, and it seems the effort to remove the video was not perfect.

In the Easter shootings across Sri Lanka which had a significantly higher death toll, their government worked quickly to block social media, and continue to circumscribe citizens’ use of social media. It’s not the first time the Sri Lankan government have blocked social media due to concerns about the spread of extremism via social media sadly.

How is this possible?

Social media platforms have benefited from a piece of US law, section 230 of the US Communications Decency Act which says;

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”

It’s an important part of maintaining free speech on the internet and it means I’m not liable for comments someone leaves on this blog, and nor is WordPress. The EFF explains in more detail.

More scandal

This isn’t the only issue Facebook has been faced with, last year they admitted to a security breach that may have affected 90 million accounts.

There are also growing concerns about health impacts as research piles up about the harmful impact of social media, particularly on children. There’s also evidence that anti-vaccination activists are targeting ads to people likely to be wavering on the vaccination question, and the number of Measles outbreaks keeps growing.

More famously their algorithms have undermined democracy in at least two countries. This is via the link to Cambridge Analytica, here’s how that worked as explained by journalist Carole Cadwalladr;

With all this scandal, how is the company doing?

Well. Facebook is doing well.

Revenue continues to grow, user numbers continue to grow. User numbers have apparently levelled off slightly in the US and in Europe, but it’s not clear that this is due to scandals.

Facebook currently makes more than 1.6 million USD per employee, 98% of their revenue is from advertising (2018 annual figures).  Which begs the question of just who the customer is. Remember that they don’t pay for any of the content placed on Facebook – in contrast to, say, a glossy magazine like Vogue which at least provides some content to dilute the advertisements. So we, the users are the content providers and our attention is the commodity sold to advertisers.

Regulation Required

It seems this isn’t a problem that the free market can solve. We’re now living with a platform that is with us 24/7, pulls together a global community of almost half the world’s population, and holds data on our every move – and tends to seek more data rather than less. One way that Facebook has grown is by acquiring Instagram and WhatsApp, and the company is now so rich that it can buy any competitor thus stifling innovation. Governments have seen the impact on their country – in Sri Lanka, in New Zealand with devastating effects – and in their elections. During the campaigning to appeal the 8th amendment in Ireland Facebook banned all ads that were funded from outside Ireland, showing that it is possible to contain the damage of foreign influence. The EU put the GDPR legislation in place, in an attempt to protect citizens against the power that Facebook and other social media companies have accrued, in response Facebook moved millions of accounts from Irish servers to US servers – out of the reach of EU legislation.

The US is also stepping up, with the FTC investigating Facebook’s use of personal data and a hefty 5 billion USD fine looming over the company. Even that might not be enough, there’s a bipartisan call for tougher protections on consumer privacy.

I started writing this post in December, it’s been re-written more than any other post I’ve ever made, but every time I thought I was ready to hit publish something else happened. I nearly delayed again to analyse the information coming out of F8 and more analysis on the appearance of a change in Facebook’s policy on privacy, there’s a pretty good analysis on the Vergecast – they’re not convinced and nor am I.

Image via pixabay

Just Stop It: Asking for my Date of Birth

Just Stop itIt’s interesting, government departments in many countries cannot ask for any personal information unless it is needed for the services they provide. Why can internet sites get away with this? Your date of birth is a critical piece of identity information, but it’s absolutely not necessary to register for a website.

A number of websites ask you your birth date as part of their registration process, including – as shown in the above example – Yahoo!

Yahoo! in this case tries to soften the blow by promising to provide me with a “better experience”. Let me translate what that means; they will guess based on your age which ads should be served to you. So if you’re in your thirties, and perhaps visit a baby clothes site, you’ll get baby ads, if you’re over forty five it’ll be hair-loss and menopause remedies. Get older and it’s incontinence pads. As if you couldn’t search for such products without their help.

In my case I lie, I have a birth date that I use as my “internet birthday”. Which means I’ll get the incontinence pad ads a little late.

GDPR – Privacy Data in the EU


If you’re in the EU you will have been bombarded with messages in the last few weeks, emails from everything you’ve ever subscribed to, forced logged out of apps, and screeds of new terms and conditions to read. It’s all because of GDPR, the European General Data Protection Regulation.
The GDPR is a new law on data privacy in the EU and it relates to companies, individuals and organisations processing personal data for commercial use. It’s meant a lot of work over the last 3 years for anyone working in digital and a lot of lawyers. It grants citizens very specific rights over their personal data, here’s the list of rights from the EU official site:

The responsibility rests with companies to obtain clear consent from you, and you must opt in to receive information from them, the law states that “pre-ticked boxes are not considered to be valid consent under GDPR”. The law also recognises that consent is not always possible, for example an employee cannot consent to be supervised by CCTV for a productivity issue – since there is a power imbalance between the employer and the employee. The penalties for companies are steep, up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. No wonder companies are working hard to set up good privacy systems.

As an individual, a consumer and an employee I like the principles of the law. I’m glad to see a comprehensive overall of how our data is used, and that the EU is using its power to counteract the power behind US tech giants who haven’t taken as much care of my data as I’d like. But oh boy it’s exhausting to read everyone’s terms and conditions and sort out what I’m going to agree to. And not all companies present it in the easiest way. Here’s the notification on data sharing from FastCompany

Seems OK right?
That’s until you scroll and find out that there are 53 companies other than Fast Company who get access to your data, and they get your data not just from Fast Company but also from other sites which use these companies – that’s code for tracking cookies being set on your computer so they know which site you use. I work in digital and I have heard of about 8 of these. There’s no way anyone has time to look through the conditions of all these sites and evaluate what is being done with the data.

Some companies weren’t able to make their sites GDRP compliant in the two years since the law was passed and I got this message

Me: “You promise??!!”

Privacy and Data Protection

CM2017_01_privacy.png

There are no surviving letters from Captain Cook to his wife, she burnt them saying they were “too personal and sacred”. We’re losing the idea that some things might be worth holding as personal and sacred. Part of that is our own doing, we’re sharing more images, texts and posts than ever (today’s count = 2 blog posts, 5 images, 4 links, spread across seven accounts). But a bigger part, a scary part, is from the technologies we use and the changing government rules.

Governments are taking more and more of our data. Last year the UK government expanded its surveillance powers last year with the passing of the Investigatory Powers Bill, which creates a government database to store the web history of every citizen in the country.

But perhaps the most insidious increase in data collection is via our mobile phones. I don’t share personal information on Facebook itself (I lied about my date of birth), but if I leave the application permissions on default then I grant Facebook the right to data from my calendar, camera, contacts, location, microphone, phone, sms, and storage. The location data means that Facebook knows where I live, where I work, and where my favourite cafe is. The contact data means they potentially know my mother’s home phone number.

Your phone knows more than you realise, health data from your fitbit, stored passwords for your banking account, your exact location – either via the location app or via wifi pings. And beyond Facebook we install dozens of apps and grant them permissions, in this edition of the BBC’s “Click” programme they report on an app that collects a frightening amount of data, which happens to have been downloaded 50M downloads.

In general it doesn’t really matter if someone knows where I work,  I publish that information on LinkedIn anyway, and it probably doesn’t matter much that someone finds out where I live. But it might. For vulnerable people – those escaping domestic violence, refugees, protesters – this is information that they definitely want to keep private.  (Here are some practical tips to secure your phone, from encryption to app management. )

In fact the EU Charter on Human Rights asserts that data protection is a human right with the words “Everyone has the right to the protection of personal data concerning him or her” and there is debate on whether this should be a global human right.  If you think we have a right to privacy then it’s a pretty short step to thinking data protection must be an important part of that.

Tomorrow is Data Protection Day, celebrate by adding two factor authentication to your accounts, checking app permissions and adding encryption to your phone.

Image: Occhiata   |  Franco   |   CC BY 2.0

 

Doxxing

I heard this for the first time recently, despite being online for hours of every day for the last 15 years, and despite witnessing a couple of examples of it.

So what is it? Here’s the definition the Urban Dictionary gives, you’ll note it’s from 2008


Some examples;

  • in an anonymous forum someone figures out who you are IRL (in real life) and publishes your real name.
  • your social security number ends up on a site based in the former soviet union – and you’re the First Lady, Michelle Obama
  • the head of FBI’s home address was posted online (although an out-of-date address)

It sounds like a problem, and it could be in some cases, but it’s legal. Or at least it’s legal to re-publish public information.

If the information is obtained by hacking or by social engineering then a crime may have be committed, and if the information is used to infiltrate emails, commit fraud or to threaten someone that is a crime.

But publishing public information? Not a problem.

Which means we should all be smart about how much information we share online, but as the number of devices we use grows, and the amount we communicate online grows this gets harder.

image: address book via pixabay

Facebook Privacy – a better format

Facebook privacy shortcutsIn a week where Instagram (now owned by facebook) was in the news for changing its terms and conditions, facebook improved its privacy set up by introducing privacy shortcuts.

I haven’t found any change to the options available, or any change to my settings – I’d be writing a very different post if that were the case. This just makes it a whole lot easier to check my settings. With the “view as”  option I can also see how various group members can see my posts in a really easy way – my mother doesn’t need to know some of the nonsense my friends post…. and that picture was photoshopped, honest.

I don’t always like how facebook behaves, but this seems to be a good step.

 

image privacy 

Facebook Timeline – the Inevitable

Apparently from Saturday you’ll have to switch to Facebook’s timeline.

I’ve resisted it. I found it harder to find things on other people’s profile so I didn’t want to change my own but I finally gave in to the inevitable and updated my facebook page to timeline last weekend. I did some research, and the two things I knew I had to change were the cover image and my privacy settings. I also knew I needed to check which apps were connected to my facebook account and ensure that there was no frictionless sharing that I did not want.

1; The Cover Image

This is the large banner style image that is at the top of the page, your profile image is now set into the lower left of it.

The large image with the orange people is the cover image, the small one on the lower left is the profile image. It’s good if they work together.

I’m a bit leery of posting photos of myself online, I like my face well enough, but I’ve had a couple of minor stalker-ish issues in the past. So I choose my favourite image from my holiday last summer, of calm seas and boats at anchor. It was taken soon after dawn on a day with no wind in the middle of a sailing holiday. It goes with my profile picture – but that’s luck rather then good management. The overall impression is pleasing, but not particularly creative.

Facebook said that around half of my friends had switched – but not all of those had uploaded a new cover photo, so I suspect for some it hasn’t been a choice.

For a brilliant (and funny) riff on the whole cover photo concept, take a minute to check this out.

2; Privacy Settings

It’s one of my gripes about Facebook – the privacy settings aren’t that easy to find. But because facebook now pushes everything you do onto your timeline it’s important to find them and check your settings.

Look for the little arrow on the top right of the page, click on it and you’ll see a short menu which includes Privacy Settings.

Facebook privacy settingsOnce you have found it and clicked on privacy settings it is easy, easier than it has been, to control who can connect with you, and who can see and post to your timeline.

You will also need to go through your timeline and remove anything that you don’t want to be seen – some things that were buried in the past are now easier for your friends and contacts to browse to. You can remove items individually by clicking on the “edit or remove”button on the upper right of the image. I like the “micro control” this gives visitors to facebook.

It’s easier on timeline for someone to find old posts you made, to limit this to friends only click on “Limit the Audience for Past Posts” on the privacy settings post. They’ve made this step hard to reverse so be sure it’s what you want before saying yes. For me this was a no-brainer, I’ve never wanted to share publically on facebook so limiting who can see the history probably doesn’t change what non-friends can see – but I enabled it just to be sure.

You can also delete your posts from other people’s timeline – this could be important because you do not know their privacy settings, and it’s their settings that will apply to your post. Here’s how.

3; Frictionless Sharing

This is the concept that information from one place, or internet service is shared on facebook. It’s why you’re seeing what your colleague listens to on Spotify or what your brother has read on Washington Post. I don’t particularly want to know, and I definitely don’t want to share. So I haven’t enabled this sort of sharing. In fact I will not click through to articles from Washington Post because I don’t want this sort of cross-platform sharing.

When I set up timeline I checked which apps had access to my facebook account (via the privacy settings), it’s only two and neither of them post to facebook automatically. Which is good news for me – I won’t be spamming my friends.

So it’s done. I’m on timeline. It took me about fifteen minutes.

Others have become more concerned about the facebook security, in some cases to the point where they purge their profile regularly or delete it all together. My personal approach is that I don’t put anything there that isn’t more or less public, and I only connect to family and friends. I lock down the security fairly strongly (only friends can see my profile), and I check the site daily (OK not just for security reasons). I still think it’s a great tool – but everyone has to take responsibility for protecting their own data and being smart about what they share online. It’s public people.