Facebook data – do we get what we deserve?

Facebook has been hard to miss this week as it struggles to cope with an unfolding scandal over the way data analysis firm Cambridge Analytica got hold of information about 50 million users.

In the wake of the furore, Facebook has promised to take a tougher line with apps and others who want to mine the mountain of data the social network has stockpiled about its two billion active users.

For some, however, this latest data gathering debacle is the final straw and the hashtag #DeleteFacebook has been trending on Twitter.

Does that mean lots of people have deleted Facebook?

It’s hard to tell. The tag was used more than 50,000 times on Tuesday and Wednesday in tweets, reported the New York Times, which suggests it was a popular topic of discussion. But even if every one of those who used the tag, including singer Cher, deleted their account it would not make much difference to the social network’s total population.

In an interview, chief executive Mark Zuckerberg said he had not seen a “meaningful number” of people leaving the site.

And, as others have pointed out, even if you delete your Facebook data, it will still keep track of you via those friends and acquaintances who keep using the social network.

What would stop people using Facebook?

Not mistakes with user data, it seems. In a widely shared story, Josh Constine at news site Tech Crunch detailed the many different ways over the last 10 years that the site had gathered too much data and shared it too widely. Throughout that decade of mis-steps, Facebook grew almost without a hiccup.

Just as in the early days of the web when a lot of people thought that Google was the internet, now many look at it only through a window that Facebook provides.

  • Facebook’s biggest challenge yet
  • Facebook ‘lost sight’ of data accessed by apps, insider tells MPs
  • Cambridge Analytica: Facebook row firm boss suspended
  • Is leaving Facebook the only way to protect your data?

    Despite this, some changes to the age range of Facebook’s active users are becoming apparent. The average age of its population is rising because young people are less interested in using it.

    They prefer other messaging and social media apps. However, that might not mean they escape it entirely as Facebook owns a couple of services, Instagram and WhatsApp, that are popular with the younger crowd.

    So are people getting what they deserve?

    It has often been said that “if you are not paying for it, you are not the customer, you are the product” and it is a maxim that could be applied to a lot of websites. Most are free to use, signing up is easy and their terms and conditions can be agreed to with a single click.

    All it takes to get the extras is surrendering personal information.

    But those websites regularly betray the trust we place in them to safeguard that information, said Frederike Kaltheuner from digital rights group Privacy International.

    And, she said, many sites take the basic data and extrapolate from it to learn more about us.

    “Any company with enough data about their users behaviour can gain exceptionally sensitive insights into users’ lives,” she said.

    Few people realised that’s what they were surrendering every time they used a service and few appreciated that apps and other add-ons for popular sites were trawling for deep personal details, she added.

    Doesn’t our data help sell ads and keep sites free to use?

    They do, said Chris Combemale, head of the Direct Marketing Association, and there was no doubt that businesses had prospered by making intelligent use of this information.

    But he said firms had to be more transparent about the way they used that data.

    “In no way, shape or form, should companies be collecting data on the public without their knowledge, It is not acceptable,” he said.

    Customer confidence had been “shaken” by this week’s revelations and would be only restored if companies showed more clearly what was being done with data they held, he told the BBC.

    Steps to restore this trust would include ring-fencing data and stopping the third-party trade in data, said Ofri ben Porat, head of tech firm Pixoneye.

    “Privacy is everything,” he said. “Without privacy, there is no trust, and without trust there is no respect.”

    Jim Killock from the Open Rights Group said there were other problems with an online world powered by targeted adverts.

    The conviction that more data meant more productive ads had a downside, in that it drove sites to attract traffic at all costs. It meant they encouraged people to over-share, had given rise to “clickbait” and all those annoying adverts that promise far more than they deliver.

    In many cases there were better ways to get the right adverts to the right people at the right time, he said

    “Targeted ads are a pretty poor model,” he said. “They give limited returns and create a race to the bottom.”

Cambridge Analytica taken to court over data storage

A US citizen is taking Cambridge Analytica to court to get access to data he says it holds on him.

Prof David Carroll filed his legal challenge on the same day Facebook announced it had banned the company from its network.

He also wants Cambridge Analytica to disclose how it came up with the psychographic profile it had on him.

Legal experts believe the case could set a precedent for how such companies collect data.

Prof Carroll, who is an associate professor at Parsons School of Design in New York, requested a breakdown of the data Cambridge Analytica held on him when it emerged the company had built profiles on up to 240 million Americans.

PornHub greets bloggers after YouTube gun ban introduced

YouTube has banned videos that show people how to manufacture or modify guns and their accessories.

It had already banned videos linked to the sale of guns and accessories.

Many firearms enthusiasts noticed that some of their videos had been removed from the video-sharing website and some had their channels suspended.

Prominent gun video-bloggers said the move was an erosion of US citizens’ rights, and some said they would move their content to PornHub instead.

YouTube’s policies now prohibit videos that:

  • show how to make a firearm, ammunition, high-capacity magazine or homemade silencers
  • are designed to sell guns or specific accessories including high-capacity magazines and tools that convert a firearm to automatic fire
  • show how to convert a firearm to automatic or simulated-automatic fire
  • show how to install such accessories or modifications

    The changes will fully take effect on 20 April.

    The decision was met with anger from some videomakers who modify guns and show off their creations as a hobby.

    Karl Kasarda and Ian McCollum, who run the gun review site InRangeTV, said they had started posting their videos on Facebook and pornography site PornHub.

    “We will not be seeking any monetisation from PornHub… we are merely looking for a safe harbour for our content and for our viewers,” the pair said in a statement.

    Firearms manufacturer Spike’s Tactical said the change reflected attempts to “slowly chip away at our freedoms and erode our rights”.

    Videomaker Joerg Sprave said he appreciated YouTube was “now defining their guidelines” more clearly.

    But he said the change had been introduced without a transitional period.

    “Many gun channels must now be afraid,” he told news site Motherboard.

    “They should at least get some time to clean up their videos so the new rules are kept.”

    Unsuitable for children

    On Tuesday, YouTube was criticised after the Sun newspaper found step-by-step instructions on how to build an air rifle on YouTube Kids, the company’s app for children.

    Despite being designed for children, its content is curated by algorithms. Inappropriate videos have repeatedly slipped through the net.

    In February, the BBC’s Newsround programme found instructions on how to sharpen knives on YouTube Kids.

    At the time, YouTube said it had a variety of processes in place to try to prevent inappropriate material appearing on its platforms.

Mark Zuckerberg spins himself some time

There are two ways to look at Mark Zuckerberg’s comments on Wednesday, his first since the Cambridge Analytica crisis unfolded.

They showed either a chief executive getting on top of the situation, and making what sounded like significant concessions in areas we wouldn’t expect.

Or, it was a skilled, composed display of PR spin – a media appearance for which he had almost six days to prepare.

Speaking to CNN’s Laurie Segall, Mr Zuckerberg made it look like he was giving up a lot, while simultaneously dodging the big issues.

Yes, he said he welcomed more regulation – but in a way that wouldn’t have that much impact on Facebook’s business at all.

Yes, he said he would be “happy” to testify before Congress and other committees around the world – but immediately gave himself the get-out clause he has used to avoid all of the other hearings so far.

Yes, he did say sorry – but only for the situation, not specifically for the actions of his company.

Simply – Mr Zuckerberg did enough to buy some time as he tries to get his company in order, but not much more than that.

  • Zuckerberg apologises for data breaches
  • Cambridge Analytica: The story so far
  • Facebook ‘lost sight’ of data says insider

    His comment – “I actually am not sure we shouldn’t be regulated” – seemed like a major admission that the time may have come for stricter rules on his business.

    In reality, he was advocating for a bill that would arguably have more impact on the people who advertise on Facebook than Facebook itself.

    “I think there are things like ads transparency regulation that I would love to see,” he told CNN.

    He was referring to the Honest Ads Act that’s being debated by US politicians right now, a proposed law that would force buyers of any online advertising relating to candidates in an election campaign to be more transparent about funding. In other words, the internet equivalent of messages like “I’m Donald Trump and I support this message” being tacked to TV spots.

    The Honest Ads Act would also require companies like Facebook to take “reasonable” steps to determine that no foreign power was buying ads.

    Here’s what’s worth knowing: following the fall-out over Russian-bought ads in the 2016 US presidential election, Facebook said it created the tools needed to handle political ad spending better.

    So if the Honest Ads Act was passed today, chances are Facebook would already be in compliance.

    Dodged hearings

    In the days following the Cambridge Analytica revelations, several investigatory committees in the US and Europe said they would be calling on Mr Zuckerberg to testify in person.

    “The short answer is I’m happy to,” he told CNN. “If it’s the right thing to do.”

    This has been Mr Zuckerberg’s position all along.

    In the past, he’s sent people like lawyer Colin Stretch, who took the lion’s share of questions when the social media companies were summoned to Washington late last year.

    When it wasn’t lawyers, the company opted to send specific department heads, such as policy boss Monika Bickert.

    But to be fair to Facebook, this is a valid approach. If Mr Zuckerberg is a good boss capable of delegating effectively, his department heads would certainly know more about their respective areas than he would.

    It’s worth remembering that when it comes to political theatre, those calling Mr Zuckerberg to Washington would enjoy very much the chance to look tough and impressive when dealing with a powerful tech leader.

    “That’s not a media opportunity – or at least it’s not supposed to be,” Mr Zuckerberg told CNN.

    “We just want to make sure we send whoever is best informed to do that.”

    The investigations looking at Facebook are focused on areas advertising, manipulation, consent and safety. Facebook has a top expert for each of those areas. But Mark Zuckerberg, it’s entirely reasonable to say, isn’t one of them.

    Sorry?

    When his initial statement was posted, those who read it noticed something immediately: he didn’t say sorry.

    Later, in follow up interviews – he appeared to offer something of an apology.

    “So this was a major breach of trust and I’m really sorry that this happened,” he told CNN, and repeated in similar words to Wired magazine, tech publication Recode and the New York Times, all of which were given interviews on Wednesday.

    And he is “sorry” – sorry that the company’s missteps and naivety (his word) led to $50bn being wiped off the company’s value and reputational damage from which it may never fully recover.

    His words today expressed an apology for the result, not the cause. Remember, it’s possible to feel sorry for one’s self.

    Analytica comeback

    For me, the most surprising remark Mr Zuckerberg made today was his answer to a question from the New York Times.

    “Are you giving any thought to allowing Cambridge Analytica back in?” asked the newspaper’s reporter, Sheera Frenkel.

    “We’re certainly not going to consider letting them back onto the platform until we have full confirmation that there’s no wrongdoing here,” Mr Zuckerberg said.

    So, it’s possible.

    Mr Zuckerberg’s recent struggles as chief executive have been because of his inability to understand the root of the public’s anger. First on fake news, and now this.

    Some people think that the public is less concerned about the specific nuances of whether or not a policy was breached, and more about the broad ethical stance of Facebook on the use of its data to achieve the aims that Cambridge Analytica promises its clients.

    Mr Zuckerberg had the chance to say such activity was no longer welcome on his network, but chose not to take it.

    View comments

Pressure mounts on Zuckerberg to face data breach concerns

Facebook founder and chief executive Mark Zuckerberg is facing intensified calls to appear in person at investigations into the social network’s conduct.

His company has been accused of failing to properly inform users that their profile information may have been obtained and kept by Cambridge Analytica, a data firm widely-credited with helping Donald Trump win the 2016 US presidential election.

Facebook said on Friday it had blocked Cambridge Analytica from Facebook while it investigated claims the London-based firm did not, as promised, delete data that was allegedly obtained using methods that were in violation of Facebook’s policies.

Both Cambridge Analytica and Facebook deny any wrongdoing.

Despite pledging that in 2018 he would “fix” his company, Facebook founder Mark Zuckerberg has managed to avoid engaging with the site’s growing number of critics – instead sending lawyers or policy bosses to various committee hearings.

The man in charge of Britain’s investigation into Russian meddling in the democratic process said he too wanted to press Mr Zuckerberg on the issue.

“I will be writing to Mark Zuckerberg asking that either he or another senior executive from the company appear to give evidence in front of the committee as part our inquiry,” said Damian Collins MP.

“It is not acceptable that they have previously sent witnesses who seek to avoid asking difficult questions by claiming not to know the answers.”

Mr Collins also said he would be recalling Cambridge Analytica chief executive Alexander Nix to parliament to answer more questions.

“It seems clear that he has deliberately misled the committee and parliament,” Mr. Collins said.

Cambridge Analytica and Mr Nix have denied any wrongdoing.

Deleted tweets

In an attempt to get out ahead of a story in the New York Times and Observer newspapers, Facebook made an announcement late Friday night, California time, that it was blocking Cambridge Analytica from using Facebook while it investigated claims the inappropriately-obtained data had not been deleted as promised.

This was followed by remarks from Alex Stamos, the firm’s chief security officer, who wrote and then deleted a series of tweets. He objected to the word “breach” being used to describe how data from as many as 50 million peoples’ user profiles may have been obtained without explicit user consent.

“I have deleted my tweets on Cambridge Analytica,” he later wrote.

“Not because they were factually incorrect but because I should have done a better job weighing in.”

Christopher Wylie, a Canadian data analytics expert who worked with Cambridge Analytica, revealed how it and its partners harvested data belonging to mostly US voters. Over the weekend, he announced he had been suspended from Facebook.

Skip Twitter post by @chrisinsilico

Suspended by @facebook. For blowing the whistle. On something they have known privately for 2 years. pic.twitter.com/iSu6VwqUdG

— Christopher Wylie (@chrisinsilico) March 18, 2018

Report

End of Twitter post by @chrisinsilico

On top of its initial statement, Facebook on Sunday said it was conducting a “comprehensive internal and external review” into whether the data, gathered via an app created by Global Science Research (GSR), still existed.

GSR was set up by University of Cambridge associate professor Aleksandr Kogan and his colleague Joseph Chancellor. According to the Guardian, Mr Chancellor was given a job at Facebook as a researcher just months after GSR carried out the data-gathering exercise that Facebook now says violated its policies.

Facebook has not commented on the calls for Mr Zuckerberg to appear in front of the several committees expressing a desire to hear from him.

But one analyst warned that this controversy is a direct threat to Facebook’s business model, and therefore Mr Zuckerberg will be expected to put investors at ease, sooner rather than later.

“This has potential to grow into something a lot more onerous,” said Daniel Ives from GBH Insight.

“So he has to get ahead of this storm before it turns into a hurricane.”

View comments

Elon Musk fans targeted in crypto-cash scam

Fans of entrepreneur Elon Musk have been targeted in an emerging crypto-currency scam.

The scammers pose as celebrities on Twitter and claim to be giving away crypto-cash such as Bitcoin or Ether to their fans.

They ask people to send them a small amount of crypto-currency to qualify for the giveaway, but victims do not get any bitcoins back.

Twitter has not yet removed the imposter Elon Musk account.

How does the scam work?

The scammers impersonate well-known personalities on Twitter by copying their profile pictures and choosing usernames very similar to the genuine accounts.

They then post replies to popular tweets made by the genuine celebrity. This gives their nefarious messages prominence on Twitter.

Typically, the scammers ask people to send them small amounts of crypto-currency, offering to send a larger amount back as part of a giveaway.

The scam can be convincing, because at first glance it looks like the celebrity has replied to their own tweet.

However, the fake profiles can be detected as they do not have Twitter’s “verified” badge and often have no followers and have never posted before.

Amplified by bots

On Tuesday, an account posing as Elon Musk using the username @elonmuskik tweeted that the entrepreneur was going to “give away” 3,000 Ether, worth about £1.7m.

The scam was amplified by several automated accounts known as bots.

The bots had been dormant since September 2017 and had never posted before, but came to life to chat among themselves about the supposed crypto-cash giveaway.

“Sо nice! Just sent and immediately received back. You’re super fast,” one said.

The founder of the Ethereum (ETH) crypto-currency Vitalik Buterin has been targeted by the scam so many times that he has changed his username to “No I’m not giving away ETH”.

“No, I’m not giving away ETH… y’all are getting nothing,” he tweeted.

Twitter has been criticised for taking a long time to tackle the problem of bots on its platform.

It told the BBC: “We’re aware of this form of manipulation and are proactively implementing a number of signals to prevent these types of accounts from engaging with others in a deceptive manner.”

At the time of publication, the fake Elon Musk post had been up on the platform for 11 hours and remained visible.

Reddit admits hosting Russian propaganda

Reddit has become the latest social-media platform to admit that Russian propaganda was used on its site during the 2016 US presidential election.

It follows leaks from news site The Daily Beast showing a Russian troll farm active on the website.

Co-founder Steve Huffman said that it had removed “a few hundred accounts” suspected of being of Russian origin.

In a blogpost, he said “indirect propaganda”, which was more complex to spot and stop, was the biggest issue.

“For example, the Twitter account @TEN_GOP is now known to be run by a Russian agent. Its tweets were amplified by thousands of Reddit users, and sadly, from everything we can tell, these users are mostly American and appear to be unwittingly promoting Russian propaganda.”

Conspiracy theories

Mr Huffman added: “I believe the biggest risk we face as Americans is our own ability to discern reality from nonsense, and this is a burden we all bear.

“I wish there was a solution as simple as banning all propaganda, but it’s not that easy. Between truth and fiction are a thousand shades of grey.

“It’s up to all of us—Redditors, citizens, journalists—to work through these issues.”

The @TEN_GOP account appeared to be run by Republicans in Tennessee. It tweeted a mix of pro-Trump content and conspiracy theories, as well as more obvious fake news stories.

The Daily Beast investigation suggested no outright support of any particular candidate or viewpoint and concluded that Russia’s aim was to provoke and divide Americans on the internet and, as a result, in the physical world too.

Social media ‘weapon’

Social media platforms are under increased scrutiny from the US Congress over the issue of Russian meddling in the 2016 election.

Facebook has given the Senate Intelligence Committee thousands of ads believed to have been purchased by Russian agents.

The Washington Post reported that Reddit was now likely to be questioned over its involvement in the “weaponisation of social media” during the election.

Special counsel Robert Mueller has charged 13 Russians with interfering in the US election, all of whom are linked to troll farm the Internet Research Agency.

Meanwhile, pressure is mounting on Reddit to clean up the content on its platform.

In February, it banned a group that was generating fake porn – imagery and videos that superimpose a person’s face over an explicit photo or video without permission.

This week, it emerged that another subreddit was sharing images of dead babies and animals being harmed.

Mr Huffman said the company was aware of the group, which currently has nearly 19,000 subscribers, and that the community was “under review”.

Twitter bot purge prompts backlash

The hashtag #TwitterLockout has trended after an apparent purge of suspected malicious bots on the social network.

Dozens of users report having had their accounts suspended until they provided a telephone number which they then had to verify, to prove they were real.

Some members have raised concerns about their amount of lost followers, and claimed discrimination against right-wing political beliefs.

Others have in turn mocked allegations of bias.

“Twitter’s tools are apolitical, and we enforce our rules without political bias,” the social network has said in response.

“Every day we proactively look for suspicious account behaviours that indicate inorganic or automated activity, violations of our policies around having multiple accounts, or abuse.

“And every day we take action on any accounts we find that violate our terms of service, including by asking account owners to confirm a phone number so we can confirm a human is behind it.

“This is part of our ongoing, comprehensive efforts to make Twitter safer and healthier for everyone.”

The firm allows automated software to be used to send tweets under some circumstances, but forbids the posted content from being misleading.

It has also issued new guidance about the use of automation and having multiple accounts.

The action follows an indictment announced last week by special counsel Robert Mueller against 13 Russian nationals and three Russian firms.

They are alleged to have used fake accounts on Twitter and other social media platforms to conduct “information warfare against the United States”.

Twitter and Facebook had faced criticism from US lawmakers earlier in the year for not having taken the problem seriously enough.

‘Junk news’

One researcher who has studied digital disinformation campaigns said a Twitter crackdown should come as no surprise.

“This is a company that’s under a lot of heat to clean up its act in terms of how its platform has been exploited to spread misinformation and junk news,” said Samantha Bradshaw from the University of Oxford’s Computational Propaganda Project.

“It now needs to rebuild trust with users and legislators to show it is trying to take action against these threats against democracy.”

Criminals hide ‘billions’ in crypto-cash – Europol

Three to four billion pounds of criminal money in Europe is being laundered through cryptocurrencies, according to Europol.

The agency’s director Rob Wainwright told the BBC’s Panorama that regulators and industry leaders need to work together to tackle the problem.

The warning comes after Bitcoin’s value fell by half from record highs in December.

UK police have not commented to the programme.

Mr Wainwright said that Europol, the European Union Agency for Law Enforcement Cooperation, estimates that about 3-4% of the £100bn in illicit proceeds in Europe are laundered through cryptocurrencies.

“It’s growing quite quickly and we’re quite concerned,” he said.

  • What is Bitcoin?
  • Bitcoin – risky bubble or the future?
  • Bitcoin energy use in Iceland set to overtake homes

    There many different types of cryptocurrencies but the best known is Bitcoin. They are intended to be a digital alternative to pounds, dollars or euros.

    However, unlike traditional currencies, they are not printed by governments and traditional banks, nor controlled or regulated by them.

    Instead, digital coins are created by computers running complex mathematical equations, a process known as “mining”. A network of computers across the world then keeps track of the transactions using virtual addresses, hiding individual identities.

    The anonymous and unregulated nature of virtual currencies is attracting criminals, making it hard for police to track them as it is difficult to identify who is moving payments.

    ‘Money mules’

    Mr Wainwright said: “They’re not banks and governed by a central authority so the police cannot monitor those transactions.

    “And if they do identify them as criminal they have no way to freeze the assets unlike in the regular banking system.”

    Another problem Europol has identified involves the method that criminals use to launder money.

    Proceeds from criminal activity are being converted into bitcoins, split into smaller amounts and given to people who are seemingly not associated with the criminals but who are acting as “money mules”.

    These money mules then convert the bitcoins back into hard cash before returning it to the criminals.

    “It’s very difficult for the police in most cases to identify who is cashing this out,” Mr Wainwright said.

    He said that police were also seeing a trend where money “in the billions” generated from street sales of drugs across Europe is being converted into bitcoins.

    He called on those running the Bitcoin industries to work with enforcement agencies.

    “They have to take a responsible action and collaborate with us when we are investigating very large-scale crime,” he said.

    “I think they also have to develop a better sense of responsibility around how they’re running virtual currency.”

    ‘Too slow’

    Although British police have yet to respond to requests from Panorama, Parliament is seeking to step up regulations.

    The Treasury Select Committee is looking into cryptocurrencies and details of EU-wide regulations to force traders to disclose identities and any suspicious activity are expected later this year.

    Alison McGovern, Labour MP for Wirral South who is serving on the committee, has been calling for an inquiry into cryptocurrencies.

    “I think that will draw the attention of the Treasury and the Bank [of England] and others to how we put in place a regulatory system,” she said.

    “I think probably hand on heart we have all been too slow, but the opportunity is not lost, and we should all get on with the job now.”

    “Who Wants to be a Bitcoin Millionaire?” is a collaboration between BBC Click and Panorama and airs on BBC One on 12 February at 20:30 GMT.

    View comments

Taiwanese police give cyber-security quiz winners infected devices

Police have apologised after giving infected memory sticks as prizes in a government-run cyber-security quiz.

Taiwan’s national police agency said 54 of the flash drives it gave out at an event highlighting a government’s cybercrime crackdown contained malware.

The virus, which can steal personal data and has been linked to fraud, was added inadvertently, it said.

The Criminal Investigation Bureau (CIB) apologised for the error and blamed the mishap on a third-party contractor.

It said 20 of the drives had been recovered.

Around 250 flash drives were given out at the expo, which was hosted by Taiwan’s Presidential Office from 11-15 December and aimed to highlight the government’s determination to crack down on cybercrime.

Cyber-fraud ring

All the drives were manufactured in China but the CIB ruled out state-sponsored espionage, saying instead that the bug had originated from a Taiwan-based supplier.

It said a single employee at the firm had transferred data onto 54 of the drives to “test their storage capacity”, infecting them in the process.

The malware, identified as the XtbSeDuA.exe program, was designed to collect personal data and transmit it to a Polish IP address which then bounces it to unidentified servers.

The CIB said it had been used by a cyber-fraud ring uncovered by Europol in 2015.

Only older, 32-bit computers are vulnerable to the bug and common anti-virus software can detect and quarantine it, it said.

The server involved in the latest infections had been shut down, it said.

In May, IBM admitted it had inadvertently shipped malware-infected flash drives to some customers.

The computer maker said drives containing its Storwize storage system had been infected with a trojan and urged customers to destroy them.

At the time, it declined to comment on how the malware ended up on the flash drives or how many customers had been affected.

The trojan, part of the Reconyc family, bombards users with pop-ups and slows down computer systems.

It is known to target users in Russia and India.