Louise McGregor Internet, social media

Twitter Knows What You Did Last Summer

Twitter knows everything about you. Sort of. If twitter knows as much about you as it does about me it’s very likely got a few things right, and a bunch of things wrong.

Twitter thinks I’m interested in Ava DuVernay (I’m a fan), books and literature, which matches some of my personal interests. And then Big Data, Brands, Digital, Leadership, Travel, Books, Technology, so far so good!

But Twitter also got a lot wrong – it thinks I’m also interested in Automotive news (I’ve never owned a car), Baseball and MLB – um no, Soccer, Coca-cola, Fashion (barely), Office 365 and Uber. Also a whole bunch of presumably famous people that I would have to look up to find out why I am interested in them, I’m a bit hopeless on famous people. The whole thing is a bit like reading your horoscope, 25% me going “oh yes, that’s me” and 75% me going “so much no”.

You can check what twitter knows about you by going to “Settings and privacy” > “Your Twitter data” > “Interest and ads data.”

I’ve turned off the option to share my interests with partners because I’m a bit paranoid about data sharing and Twitter already annoys me with their notifications. But it doesn’t seem to go well, Vox reporter Emily Stewart shows the interests that came up for her, including family status, salary estimate and gender.

How does Twitter figure out these interests – I think mainly via tracking cookies that are picking up on my search terms, I admit I may have searched a few football/soccer related articles.

What does twitter do with them? Apparently throws that data into an algorithm to deduce the demographics to create those groups that interest advertisers. If that freaks you out, you can opt out of it.

The big platforms, including Twitter, tell us that more relevant ads will be Good For Us, in fact they’re good for the advertisers in the sense that sales rise. Harvard researchers found that when the viewer was aware of the techniques used to increased the relevancy of those ads, and judged the methods as “creepy” ad effectiveness declined. It’s a reaction I’ve noted in myself, and probably what led me to stop following brands on Facebook and to turn off the ad customisation options on Twitter in the first place.

Image by StockSnap from Pixabay

Louise McGregor Buzzword

Techlash

Techlash is a portmanteau word from technology and backlash, the FT gives a definition: The growing public animosity towards large Silicon Valley platform technology companies and their Chinese equivalents.

I’ve heard it in a few podcasts and seen it in a few articles recently, usually in reference to Facebook or twitter, often in connection to privacy issues or political fallout. But it’s older than I expected. Google trends indicates it was first in use in June 2006. Searches on the term peaked in November 2018, when Facebook was under fire for privacy breaches and for selling data to advertisers.

(This data from google is indexed with the date with the most interest being scored at 100, so it’s hard to know what this interest means. I compared the interest to other search terms and all I can say is – it’s not a very interesting term).

There are genuine concerns about “big tech” that all get rolled up into techlash;

For users this has been the decade where the internet went from being a playground to a marketplace, it’s the decade the internet lost its joy. Many consumers started to question where their data was going, the EU and California passed privacy legislation that impacted the online world. 18 months after Europe’s GDPR legislation went into effect I still occasionally find a site that has chosen not to adapt their site and blocks me – it’s not a surprise, the penalties are huge, 20M euro or 4% of global turnover whichever is greater.

So what’s the argument against change? That limiting tech companies will reduce innovation.
But these companies are no longer the innovators, Facebook buys innovators, and for a new platform to emerge against Facebook’s 2.4 billion user base seems close to impossible. Facebook, Amazon, Apple, Netflix and Google are the establishment now, we can stop treating them as the new kids on the block that need the special treatment to get started.

So what happens next? I expect regulation to protect users and workers (in the case of Uber et al), I expect some attempts to break up the biggest companies – which will fail, and some legislation around competition which might succeed if the EU and the US can find a way to pass similar legislation. I expect Chinese tech entrepreneurs to ignore as much of the legislation as they possibly can get away with.

I expect I will not by an AI virtual assistant in the coming year.

Louise McGregor social media

Facebook’s Fall from Grace

Following the attack at a mosque in Christchurch in which 50 people were murdered, New Zealand’s Prime Minister Jacinda Ardern called on Facebook to do better;

“They are the publisher, not just the postman. It cannot be a case of all profit, no responsibility.”

She has a point, during the shooting in Christchurch the shooter live streamed his rampage through two mosques. I have seen a couple of screen grabs from the video and the images look like a very graphic shooter game. We now know that the first man to see him at the first mosque greeted him with the words “Welcome, Brother” and presumably this greeting was recorded on the live stream. It’s now illegal to publish the video stream in New Zealand, and the article where I saw these images has been taken down. To give Facebook credit once the New Zealand police alerted them I understand their Global Escalations Teams worked to remove instances of the live stream from their platform. But technically, under US law, they cannot be held responsible in court.

The video may still be out there, I’m not interested in seeing it but when researching for this article I found an interesting autocomplete in a google search, and it seems the effort to remove the video was not perfect.

In the Easter shootings across Sri Lanka which had a significantly higher death toll, their government worked quickly to block social media, and continue to circumscribe citizens’ use of social media. It’s not the first time the Sri Lankan government have blocked social media due to concerns about the spread of extremism via social media sadly.

How is this possible?

Social media platforms have benefited from a piece of US law, section 230 of the US Communications Decency Act which says;

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”

It’s an important part of maintaining free speech on the internet and it means I’m not liable for comments someone leaves on this blog, and nor is WordPress. The EFF explains in more detail.

More scandal

This isn’t the only issue Facebook has been faced with, last year they admitted to a security breach that may have affected 90 million accounts.

There are also growing concerns about health impacts as research piles up about the harmful impact of social media, particularly on children. There’s also evidence that anti-vaccination activists are targeting ads to people likely to be wavering on the vaccination question, and the number of Measles outbreaks keeps growing.

More famously their algorithms have undermined democracy in at least two countries. This is via the link to Cambridge Analytica, here’s how that worked as explained by journalist Carole Cadwalladr;

With all this scandal, how is the company doing?

Well. Facebook is doing well.

Revenue continues to grow, user numbers continue to grow. User numbers have apparently levelled off slightly in the US and in Europe, but it’s not clear that this is due to scandals.

Facebook currently makes more than 1.6 million USD per employee, 98% of their revenue is from advertising (2018 annual figures).  Which begs the question of just who the customer is. Remember that they don’t pay for any of the content placed on Facebook – in contrast to, say, a glossy magazine like Vogue which at least provides some content to dilute the advertisements. So we, the users are the content providers and our attention is the commodity sold to advertisers.

Regulation Required

It seems this isn’t a problem that the free market can solve. We’re now living with a platform that is with us 24/7, pulls together a global community of almost half the world’s population, and holds data on our every move – and tends to seek more data rather than less. One way that Facebook has grown is by acquiring Instagram and WhatsApp, and the company is now so rich that it can buy any competitor thus stifling innovation. Governments have seen the impact on their country – in Sri Lanka, in New Zealand with devastating effects – and in their elections. During the campaigning to appeal the 8th amendment in Ireland Facebook banned all ads that were funded from outside Ireland, showing that it is possible to contain the damage of foreign influence. The EU put the GDPR legislation in place, in an attempt to protect citizens against the power that Facebook and other social media companies have accrued, in response Facebook moved millions of accounts from Irish servers to US servers – out of the reach of EU legislation.

The US is also stepping up, with the FTC investigating Facebook’s use of personal data and a hefty 5 billion USD fine looming over the company. Even that might not be enough, there’s a bipartisan call for tougher protections on consumer privacy.

I started writing this post in December, it’s been re-written more than any other post I’ve ever made, but every time I thought I was ready to hit publish something else happened. I nearly delayed again to analyse the information coming out of F8 and more analysis on the appearance of a change in Facebook’s policy on privacy, there’s a pretty good analysis on the Vergecast – they’re not convinced and nor am I.

Image via pixabay

Louise McGregor Digital, Just Stop It

Just Stop It: Asking for my Date of Birth

Just Stop itIt’s interesting, government departments in many countries cannot ask for any personal information unless it is needed for the services they provide. Why can internet sites get away with this? Your date of birth is a critical piece of identity information, but it’s absolutely not necessary to register for a website.

A number of websites ask you your birth date as part of their registration process, including – as shown in the above example – Yahoo!

Yahoo! in this case tries to soften the blow by promising to provide me with a “better experience”. Let me translate what that means; they will guess based on your age which ads should be served to you. So if you’re in your thirties, and perhaps visit a baby clothes site, you’ll get baby ads, if you’re over forty five it’ll be hair-loss and menopause remedies. Get older and it’s incontinence pads. As if you couldn’t search for such products without their help.

In my case I lie, I have a birth date that I use as my “internet birthday”. Which means I’ll get the incontinence pad ads a little late.

Louise McGregor Customers, Digital

GDPR – Privacy Data in the EU


If you’re in the EU you will have been bombarded with messages in the last few weeks, emails from everything you’ve ever subscribed to, forced logged out of apps, and screeds of new terms and conditions to read. It’s all because of GDPR, the European General Data Protection Regulation.
The GDPR is a new law on data privacy in the EU and it relates to companies, individuals and organisations processing personal data for commercial use. It’s meant a lot of work over the last 3 years for anyone working in digital and a lot of lawyers. It grants citizens very specific rights over their personal data, here’s the list of rights from the EU official site:

The responsibility rests with companies to obtain clear consent from you, and you must opt in to receive information from them, the law states that “pre-ticked boxes are not considered to be valid consent under GDPR”. The law also recognises that consent is not always possible, for example an employee cannot consent to be supervised by CCTV for a productivity issue – since there is a power imbalance between the employer and the employee. The penalties for companies are steep, up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. No wonder companies are working hard to set up good privacy systems.

As an individual, a consumer and an employee I like the principles of the law. I’m glad to see a comprehensive overall of how our data is used, and that the EU is using its power to counteract the power behind US tech giants who haven’t taken as much care of my data as I’d like. But oh boy it’s exhausting to read everyone’s terms and conditions and sort out what I’m going to agree to. And not all companies present it in the easiest way. Here’s the notification on data sharing from FastCompany

Seems OK right?
That’s until you scroll and find out that there are 53 companies other than Fast Company who get access to your data, and they get your data not just from Fast Company but also from other sites which use these companies – that’s code for tracking cookies being set on your computer so they know which site you use. I work in digital and I have heard of about 8 of these. There’s no way anyone has time to look through the conditions of all these sites and evaluate what is being done with the data.
  1. Fast Company
  2. EMX Digital LLC
  3. BIDSWITCH GmbH
  4. Adform A/S
  5. AdRoll Inc
  6. Adobe Advertising Cloud
  7. AppNexus Inc.
  8. Flashtalking, Inc.
  9. SalesForce DMP
  10. Quantcast International Limited
  11. Bombora Inc.
  12. Oath (EMEA) Limited
  13. Index Exchange, Inc.
  14. DoubleVerify Inc.​
  15. Confiant Inc.
  16. Purch Group, Inc.
  17. Dataxu, Inc.
  18. MediaMath, Inc.
  19. Research Now Group, Inc
  20. Revcontent, LLC
  21. LiveRamp, Inc.
  22. Criteo SA
  23. OpenX Software Ltd. and its affiliates
  24. DigiTrust / IAB Tech Lab
  25. Liveintent Inc.
  26. Eyeota Ptd Ltd
  27. Integral Ad Science, Inc.
  28. BeeswaxIO Corporation
  29. Celtra, Inc.
  30. Revcontent, LLC
  31. Conversant Europe Ltd.
  32. Lotame Solutions, Inc.
  33. Justpremium BV
  34. RhythmOne, LLC
  35. PubMatic, Inc.
  36. PulsePoint, Inc.
  37. GumGum, Inc.
  38. SlimCut Media SAS
  39. Sharethrough, Inc
  40. Sizmek Technologies, Inc.
  41. Sonobi, Inc
  42. Smart Adserver
  43. The Rubicon Project, Limited
  44. Unruly Group Ltd
  45. Teads
  46. Tapad, Inc.
  47. The Trade Desk, Inc and affiliated companies
  48. SpotX
  49. TripleLift, Inc.
  50. Sovrn Holdings Inc
  51. Sublime Skinz
  52. Taboola Europe Limited
  53. comScore, Inc.
  54. district m inc.

Some companies weren’t able to make their sites GDRP compliant in the two years since the law was passed and I got this message

Me: “You promise??!!”

Louise McGregor Digital

Privacy and Data Protection

CM2017_01_privacy.png

There are no surviving letters from Captain Cook to his wife, she burnt them saying they were “too personal and sacred”. We’re losing the idea that some things might be worth holding as personal and sacred. Part of that is our own doing, we’re sharing more images, texts and posts than ever (today’s count = 2 blog posts, 5 images, 4 links, spread across seven accounts). But a bigger part, a scary part, is from the technologies we use and the changing government rules.

Governments are taking more and more of our data. Last year the UK government expanded its surveillance powers last year with the passing of the Investigatory Powers Bill, which creates a government database to store the web history of every citizen in the country.

But perhaps the most insidious increase in data collection is via our mobile phones. I don’t share personal information on Facebook itself (I lied about my date of birth), but if I leave the application permissions on default then I grant Facebook the right to data from my calendar, camera, contacts, location, microphone, phone, sms, and storage. The location data means that Facebook knows where I live, where I work, and where my favourite cafe is. The contact data means they potentially know my mother’s home phone number.

Your phone knows more than you realise, health data from your fitbit, stored passwords for your banking account, your exact location – either via the location app or via wifi pings. And beyond Facebook we install dozens of apps and grant them permissions, in this edition of the BBC’s “Click” programme they report on an app that collects a frightening amount of data, which happens to have been downloaded 50M downloads.

In general it doesn’t really matter if someone knows where I work,  I publish that information on LinkedIn anyway, and it probably doesn’t matter much that someone finds out where I live. But it might. For vulnerable people – those escaping domestic violence, refugees, protesters – this is information that they definitely want to keep private.  (Here are some practical tips to secure your phone, from encryption to app management. )

In fact the EU Charter on Human Rights asserts that data protection is a human right with the words “Everyone has the right to the protection of personal data concerning him or her” and there is debate on whether this should be a global human right.  If you think we have a right to privacy then it’s a pretty short step to thinking data protection must be an important part of that.

Tomorrow is Data Protection Day, celebrate by adding two factor authentication to your accounts, checking app permissions and adding encryption to your phone.

Image: Occhiata   |  Franco   |   CC BY 2.0

 

Louise McGregor Buzzword, Scam File

Doxxing

I heard this for the first time recently, despite being online for hours of every day for the last 15 years, and despite witnessing a couple of examples of it.

So what is it? Here’s the definition the Urban Dictionary gives, you’ll note it’s from 2008


Some examples;

  • in an anonymous forum someone figures out who you are IRL (in real life) and publishes your real name.
  • your social security number ends up on a site based in the former soviet union – and you’re the First Lady, Michelle Obama
  • the head of FBI’s home address was posted online (although an out-of-date address)

It sounds like a problem, and it could be in some cases, but it’s legal. Or at least it’s legal to re-publish public information.

If the information is obtained by hacking or by social engineering then a crime may have be committed, and if the information is used to infiltrate emails, commit fraud or to threaten someone that is a crime.

But publishing public information? Not a problem.

Which means we should all be smart about how much information we share online, but as the number of devices we use grows, and the amount we communicate online grows this gets harder.

image: address book via pixabay

Louise McGregor social media

Facebook Privacy – a better format

Facebook privacy shortcutsIn a week where Instagram (now owned by facebook) was in the news for changing its terms and conditions, facebook improved its privacy set up by introducing privacy shortcuts.

I haven’t found any change to the options available, or any change to my settings – I’d be writing a very different post if that were the case. This just makes it a whole lot easier to check my settings. With the “view as”  option I can also see how various group members can see my posts in a really easy way – my mother doesn’t need to know some of the nonsense my friends post…. and that picture was photoshopped, honest.

I don’t always like how facebook behaves, but this seems to be a good step.

 

image privacy 

Louise McGregor Digital

Facebook Timeline – the Inevitable

Apparently from Saturday you’ll have to switch to Facebook’s timeline.

I’ve resisted it. I found it harder to find things on other people’s profile so I didn’t want to change my own but I finally gave in to the inevitable and updated my facebook page to timeline last weekend. I did some research, and the two things I knew I had to change were the cover image and my privacy settings. I also knew I needed to check which apps were connected to my facebook account and ensure that there was no frictionless sharing that I did not want.

1; The Cover Image

This is the large banner style image that is at the top of the page, your profile image is now set into the lower left of it.

The large image with the orange people is the cover image, the small one on the lower left is the profile image. It’s good if they work together.

I’m a bit leery of posting photos of myself online, I like my face well enough, but I’ve had a couple of minor stalker-ish issues in the past. So I choose my favourite image from my holiday last summer, of calm seas and boats at anchor. It was taken soon after dawn on a day with no wind in the middle of a sailing holiday. It goes with my profile picture – but that’s luck rather then good management. The overall impression is pleasing, but not particularly creative.

Facebook said that around half of my friends had switched – but not all of those had uploaded a new cover photo, so I suspect for some it hasn’t been a choice.

For a brilliant (and funny) riff on the whole cover photo concept, take a minute to check this out.

2; Privacy Settings

It’s one of my gripes about Facebook – the privacy settings aren’t that easy to find. But because facebook now pushes everything you do onto your timeline it’s important to find them and check your settings.

Look for the little arrow on the top right of the page, click on it and you’ll see a short menu which includes Privacy Settings.

Facebook privacy settingsOnce you have found it and clicked on privacy settings it is easy, easier than it has been, to control who can connect with you, and who can see and post to your timeline.

You will also need to go through your timeline and remove anything that you don’t want to be seen – some things that were buried in the past are now easier for your friends and contacts to browse to. You can remove items individually by clicking on the “edit or remove”button on the upper right of the image. I like the “micro control” this gives visitors to facebook.

It’s easier on timeline for someone to find old posts you made, to limit this to friends only click on “Limit the Audience for Past Posts” on the privacy settings post. They’ve made this step hard to reverse so be sure it’s what you want before saying yes. For me this was a no-brainer, I’ve never wanted to share publically on facebook so limiting who can see the history probably doesn’t change what non-friends can see – but I enabled it just to be sure.

You can also delete your posts from other people’s timeline – this could be important because you do not know their privacy settings, and it’s their settings that will apply to your post. Here’s how.

3; Frictionless Sharing

This is the concept that information from one place, or internet service is shared on facebook. It’s why you’re seeing what your colleague listens to on Spotify or what your brother has read on Washington Post. I don’t particularly want to know, and I definitely don’t want to share. So I haven’t enabled this sort of sharing. In fact I will not click through to articles from Washington Post because I don’t want this sort of cross-platform sharing.

When I set up timeline I checked which apps had access to my facebook account (via the privacy settings), it’s only two and neither of them post to facebook automatically. Which is good news for me – I won’t be spamming my friends.

So it’s done. I’m on timeline. It took me about fifteen minutes.

Others have become more concerned about the facebook security, in some cases to the point where they purge their profile regularly or delete it all together. My personal approach is that I don’t put anything there that isn’t more or less public, and I only connect to family and friends. I lock down the security fairly strongly (only friends can see my profile), and I check the site daily (OK not just for security reasons). I still think it’s a great tool – but everyone has to take responsibility for protecting their own data and being smart about what they share online. It’s public people.

Louise McGregor Business, Digital

Cookies

Have you ever heard of the “EU’s Privacy and Electronic Communications Directive”? Well it’s come into effect as law in the UK as of 25 May this year, with businesses having a year to comply.

Here in the Netherlands no law amendment has been made, but it will be discussed in the Tweede Kamer (House of Representatives), so I’m watching to see what the outcome will be. I don’t know the progress in other EU countries. (You can read more about the Dutch situation, in Dutch).

What seems to be required is an “opt-in” before a cookie placed on the visitors computer. Since most commercial websites add cookies for a range of purposes this will have a huge impact, and could significantly impact a visitor’s browsing experience. Imagine if every click on a site raised a pop-op informing you that a cookie was being placed and asking for you to agree or cancel. Most visitors would be quickly annoyed.

But there are other ways this could be implemented, I was visiting All Thing D for the first time. I was presented with this banner.

The promise to only present this note the first time you visit this site is met by setting a cookie, but it’s tracking cookies they are more concerned about. The “read more” link takes you to a page explaining their point of view on tracking cookies, and giving visitors information on how to remove cookies, or opt-out.

It’s a method that is more helpful to the visitor, and more visitor-friendly, but I’m not sure whether it will meet the requirements of the EU directive.

Cookies often store information about your last visit so that you do not have to re-enter information to a site, so they can be helpful – including password information on registration sites. Cookies can also be used as part of measuring traffic on the site. But they can also track all the sites you visit and send that information back to the site that set the cookie, or be used to track your viewing behaviour in order to customise the ads offered to you. The EU directive is connected to concerns at these uses of cookies.

I would definitely like to see more information available for visitors on what cookies are being set and how they are used. But endless popups are incredibly irritating for the user, so I’m hoping the ‘provide information’ option and one accept will work. Then of course there’s the question of whether visitors outside EU should have their visiting interrupted if it’s not legally required.

Expect updates.

image [cookies] /RHiNO NEAL/ CC BY-NC-ND 2.0