Day: 25 October 2021

I Am Not Sure, but It Seems Like Facebook Might Be Too Big nytimes.com

Sheera Frenkel and Davey Alba, New York Times:

With 340 million people using Facebook’s various social media platforms, India is the company’s largest market. And Facebook’s problems on the subcontinent present an amplified version of the issues it has faced throughout the world, made worse by a lack of resources and a lack of expertise in India’s 22 officially recognized languages.

[…]

Of India’s 22 officially recognized languages, Facebook said it has trained its A.I. systems on five. (It said it had human reviewers for some others.) But in Hindi and Bengali, it still did not have enough data to adequately police the content, and much of the content targeting Muslims “is never flagged or actioned,” the Facebook report said.

Casey Newton, Platformer:

Facebook likely spends more on integrity efforts than any of its peers, though it is also the largest of the social networks. Sissons told me that ideally, the company’s community standards and AI content moderation capabilities would be translated into every country where Facebook is operating. But even the United Nations supports only six official languages; Facebook has native speakers moderating posts in more than 70.

Maybe I am oversimplifying this, but perhaps some things are obviously simple: it is probably not possible to fairly and accurately moderate discussions between billions of people speaking hundreds of languages.

If Facebook were a utility, this would not be a problem — but it is not, nor should it be. Facebook is a business. Its features amplify our worst instincts which, in turn, boosts engagement with the company’s platforms and helps attract advertisers. Facebook’s representatives like to say that this is not true because advertisers and shareholders could not possibly be attracted to a company with a poor record, but in the years since Facebook was tied to genocide the company’s value has doubled.

Facebook is too large. It has too much control over platforms relied upon by too many people in too many languages and regions. That is in part because its platforms are very good at facilitating communication, but it is also because the company has acquired potential rivals and encouraged use by violating the net neutrality principles the company ostensibly supports. There are apps competing for different parts of Facebook’s business in different parts of the world, but Facebook’s products remain the glue holding together disparate factions. I do not think crowning Facebook by treating it like a utility, as some have suggested, is a wise decision, as the objectives of a private company are inherently different to those of a public entity. It makes more sense to break this giant into smaller pieces, both by mandating interoperability and exploring options to separate its self-competing products.

Maybe individual companies should not be this big.

Facebook and Google’s Alleged Collaboration to Fight Privacy

Twelve U.S. Attorneys General, led by Texas’ Ken Paxton, amended their suit against Google with fewer redactions and plenty more allegations than first seen ten months ago. Among the most serious claims in this suit are the examples of close cooperation between Google and Facebook to compromise user privacy.

For example, page 54 of the original complaint (PDF) stated that Google was granted “access to millions of Americans’ end-to-end encrypted WhatsApp messages, photos, videos, and audio files” and alleged this was an “egregious” privacy violation. This sounded like backing up WhatsApp conversations to Google Drive, and it was hard to see a different angle through the field of redactions in the suit. But on page 60 of the updated lawsuit, we get much more information:

[…] Conceding this fact in a June 2016 memo, Google wrote that “when WhatsApp media files are shared with 3rd parties such as Drive, the files are no longer encrypted by WhatsApp.” The memo continued, “For clarity, all of the [WhatsApp] data stored in Drive is currently encrypted with Google holding the keys.” What this meant was that Google, as a third party, could in fact access the photos, videos, and audio files, that users thought they had shared privately on WhatsApp.

Google knew users were misled about the privacy of their communications. The same June 2016 memo acknowledges: “WhatsApp’s current messaging around end-to-end encryption is not entirely accurate.” The memo also states: “WhatsApp currently markets that all communications through its product are end-to-end encrypted, with keys that only the users possess. They have failed to elaborate that data shared from WhatsApp to 3rd party services does not get the same guarantee. This includes backups to Google Drive.”

If these allegations are accurate, this implies that WhatsApp backups to Google Drive have a flaw akin to that of iMessage backups in iCloud — with one key difference:

[…] The Google Drive terms of service at the time even permitted Google the ability to use its access to users’ private WhatsApp communications in Google Drive to sell advertising.

Facebook and Google have since improved their privacy. Google Drive was part of Google’s unified privacy policy, but the company currently says that Google Drive, Google Photos, and Gmail are not used for ad targeting. Facebook now offers password-protected encryption of WhatsApp backups to iCloud and Google Drive.

The suit does not claim that Facebook profited directly from this poor backup security for ad targeting or for other reasons, nor that it was even aware of the vulnerability. But it does claim that Google and Facebook worked closely to improve ad targeting with unique — and, some might say, anticompetitive — partnership agreements. From page 79:

Indeed, since signing the agreement, Google and Facebook have been working closely in an ongoing manner to help Facebook recognize users in auctions and bid and win more often. For example, Google and Facebook have integrated their software development kits (SDKs) so that Google can pass Facebook data for user ID cookie matching. […]

It certainly seems like Facebook could have incidentally benefitted when WhatsApp users backed up their conversations to Google Drive. I always chuckle at those who believe that either company is using a phone’s microphone to pick up conversations for ad targeting keywords, when the truth is a more banal brand of evil. And then there’s their Safari workaround.

Francis Agustin, Insider:

Google worked with Facebook to undermine Apple’s attempts to offer its users great privacy protections, 12 state attorneys general alleged in an update to an antitrust lawsuit against the search engine.

“The companies have been working together to improve Facebook’s ability to recognize users using browsers with blocked cookies, on Apple devices, and on Apple’s Safari Browser,” the amended complaint states. “Thereby circumventing one Big Tech company’s efforts to compete by offering users better privacy.”

From the suit:

[…] Google offered to help Facebook better identify users using JavaScript on publisher properties. By helping Facebook to better identify users in ad auctions, Google helps Facebook’s network FAN bid and win more often than other bidders in Google’s auctions.

This sounds like an extension of the alleged shared tracking identifiers when a developer integrates both SDKs. It has echoes of the Safari-specific cookies Google set, for which it was penalized $22.5 million in 2012. Google did not admit wrongdoing because the U.S. legal system does not prioritize admissions of guilt.

There are plenty more allegations in this lawsuit — that Google leveraged its market advantage with Chrome to opt users into greater levels of tracking, that the advantages of AMP are largely fraudulent — but it is this close collaboration between two dominant and privacy-hostile companies that I think deserves more comprehensive investigation. Their business models are individually destructive. But consider how much personalized data they have collected and also linked; and — for what? To sell advertisements that are a little more relevant?

What a hollow achievement, the price for which has been the eradication of privacy on the web.

Documents Leaked From Facebook Have Been Passed to a Consortium of Press Outlets nytimes.com

If you are making your way through the myriad investigations into Facebook teased last week by Facebook itself, you may find it useful to know the background on their origin. Not because it is suspicious — in fact, quite the opposite — but because Facebook seemed so concerned with getting ahead of these stories.

Ben Smith at the New York Times:

[Frances] Haugen chose a middle path, one that appears to have captured the best of both arrangements, from her perspective, while also foiling Facebook’s attempts to contain the story.

First she handed her documents to The Journal for a boutique rollout. Then she opened the journalistic equivalent of an outlet store, allowing reporters on two continents to root through everything The Journal had left behind in search of overlooked informational gems. Her intention was to broaden the circle, she said. She added that she plans to share the documents with academic writers and publications from parts of the world where she sees the greatest peril, including India and parts of the Middle East.

There are some who regard this coordinated rollout as inherently suspicious, but I think it is a savvy use of public relations for maximum social impact.

One thing I am trying to keep straight in my own head, as more reporting is published, is the source of different leaks. The Wall Street Journal’s “Facebook Files” series is primarily sourced to documents from Haugen, as are stories from other publications collected under the “Facebook Papers” banner. But a story on Friday from the Washington Post is sourced to a different whistleblower.

One thing that remains unclear is whether Haugen and her team supplied these documents to the other outlets, or if they received them from a third party. Smith implies that Haugen’s team passed them to the Times and other publications around the beginning of October, but a different article by Mike Isaac says that the Times received them from a “congressional staff member”. My bet is that both are true: after the Journal began publishing, I bet reporters from other publications leaned on their Washington sources to provide copies. But Haugen’s team was probably unaware of that, and also brought the documents to those other reporters. This is just a guess, but it aligns with the details in Smith’s article.