Day: 19 December 2018

Some Android Apps Using Facebook’s SDK Transmitted Sensitive User Data to Facebook buzzfeednews.com

Charlie Warzel, Buzzfeed:

Major Android apps like Tinder, Grindr and Pregnancy+ are quietly transmitting sensitive user data to Facebook, according to a new report by the German mobile security initiative Mobilsicher. This information can include things like religious affiliation, dating profiles, and healthcare data. It’s being purposefully collected by Facebook through the Software Developer Kit (SDK) that it provides to third-party app developers. And while Facebook doesn’t hide this, you probably don’t know about it.

[…]

As long as you’ve logged into Facebook on your mobile device at some point (through your phone’s browser or the Facebook app itself), the company cross-references the Advertising ID and can link the third-party app information to your profile. And even if you don’t have a Facebook profile, the data can still be transmitted and collected with other third-party app data that corresponds to your unique Advertising ID.

[…]

A Facebook representative clarified to BuzzFeed News that while it enables users to opt out of targeted ads from third parties, the controls apply to the usage of the data and not its collection. The company also said it does not use the third-party data it collects through the SDK to create profiles of non-Facebook users. Tinder, Grindr, and Google did not respond to requests for comment. Apple, which uses a similar ad identifier, was not able to comment at the time of publication.

The only reason this is allowed is because users don’t know it’s happening. Very few people would actually approve of Facebook doing this if it were spelled out in plain language terms.

Developers, for their part, should not be using SDKs that connect to Facebook — or, for that matter, other surveillance companies such as Google. That can be difficult; these companies have either created or purchased some of the most critical and widely-used components in many a developer’s toolchain. It is imperative that non-surveillance alternatives are developed and promoted further.

Apple Says Some 2018 iPad Pros Ship Bent and They Don’t Consider It a Defect macrumors.com

I first heard about this over a month ago when two people in a small Slack room mentioned that they were seeing bending in their new iPads. One of those people took it to an Apple Store where it was captured by a technician, along with two other brand new iPad Pros opened in front of them.

Most rumours of bending devices are the result of someone applying excessive pressure in an attempt to bend them. These products are made of metal so, yeah, they’ll bend at some point. That’s an artificial controversy.

In this case, though, Apple says that bending of the 2018 iPad Pros is a result of the manufacturing process and that they do not consider it a defect. I don’t think that’s acceptable. These are thousand-dollar devices designed and engineered by a company known for its fastidious attention to detail; there is simply no excuse why they should be bent as a result of its manufacturing.

Is it functionally problematic? No, and Apple says that it won’t worsen over time. But is it a defect? Yeah, totally. A manufacturing process that left a dent would not be tolerated; why should this?

Faked Influence and Sponsorship Deals theatlantic.com

Taylor Lorenz, the Atlantic:

A decade ago, shilling products to your fans may have been seen as selling out. Now it’s a sign of success. “People know how much influencers charge now, and that payday is nothing to shake a stick at,” said Alyssa Vingan Klein, the editor in chief of Fashionista, a fashion-news website. “If someone who is 20 years old watching YouTube or Instagram sees these people traveling with brands, promoting brands, I don’t see why they wouldn’t do everything they could to get in on that.”

But transitioning from an average Instagram or YouTube user to a professional “influencer” — that is, someone who leverages a social-media following to influence others and make money — is not easy. After archiving old photos, redefining your aesthetic, and growing your follower base to at least the quadruple digits, you’ll want to approach brands. But the hardest deal to land is your first, several influencers say; companies want to see your promotional abilities and past campaign work. So many have adopted a new strategy: Fake it until you make it.

Something about this is just so fascinating to me. It kind of reminds me of the sports attire you can buy that has brand logos all over it, or the tuning company decals you can buy for the fender of your car to make it look a bit like Pirelli is sponsoring your daily commute. I get it — it’s a way to indicate that someone has enough influence to have made them worth sponsoring — but it’s fascinating that this is now an aspirational lifestyle.

See Also: Olivia Pettter in an article earlier this year for the Independent about hotels being “overwhelmed” with requests from hopeful Instagram and YouTube users.

Facebook’s Corporate Partnerships Allowed Unregulated Private Data Sharing Without Explicit Consent nytimes.com

Gabriel J.X. Dance, Michael LaForgia and Nicholas Confessore, in an astonishing investigation for the New York Times:

For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews.

The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.

[…]

Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.

The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.

Shira Ovide:

It was only nine months ago that Facebook had a massive scandal over how its partners harnessed user data, and here we are again.

Casey Johnston:

Facebook can’t even get its story straight about data that it freely gave to a Russian search engine […] that the Russian government, and in particular the FSB (formerly KGB) routinely raids and fucks with constantly.

Kashmir Hill, whose own investigations for Gizmodo of — among other things — Facebook’s “People You May Know” feature have helped open the books on what the company does with users’ data unbeknownst to them:

In the summer of 2017, I asked Facebook if it used signals from “third parties such as data brokers” for friend recommendations. Kicking myself for not recognizing the evasion in their answer.

Facebook said that they don’t get information for People You May Know from data brokers; they didn’t say anything about acquiring it directly.

Zeynep Tufekci:

So, as many suspected, Facebook combined data from wherever it could in order to suggest “people you may know” — also outing psychiatrist’s patients to one another etc. What this reporting shows is that Facebook exchanged people’s *data* (without informing them) to get that data.

Richard Tofel:

Only in, by my count, the 36th graf of this otherwise excellent story does the NYT reveal that it entered into one of these agreements. Seems like that might have been worth mentioning earlier.

I am still struggling to understand how any executive at Facebook — or, indeed, many of the companies with which they had partnerships — could set aside the obvious ethical concerns about sharing users’ personal data, including their private messages without clearly asking them first. Major corporation behaves in unconscionable manner is, sadly, nowhere near as rare a story as it ought to be, but I am surprised by just how morally bankrupt Facebook is as an organization.

Moreover, the fact that there are virtually no laws in the United States to restrict such an egregious exploitation of users indicates a de factor authorization of the selling-out of Americans on an unprecedented scale.