Skip to content

Google

The Week in Tech: Facebook and Google Reshape the Narrative on Privacy

And from the bs department

QUOTE

…Stop me if you’ve heard this before: The chief executive of a huge tech company with vast stores of user data, and a business built on using it to target ads, now says his priority is privacy.

This time it was Google’s Sundar Pichai, at the company’s annual conference for developers. “We think privacy is for everyone,” he explained on Tuesday. “We want to do more to stay ahead of constantly evolving user expectations.” He reiterated the point in a New York Times Op-Ed, and highlighted the need for federal privacy rules.

The previous week, Mark Zuckerberg delivered similar messages at Facebook’s developer conference. “The future is private,” he said, and Facebook will focus on more intimate communications. He shared the idea in a Washington Post op-ed just weeks before, also highlighting the need for federal privacy rules.

Google went further than Facebook’s rough sketch of what this future looks, and unveiled tangible features: It will let users browse YouTube and Google Maps in “incognito mode,” will allow auto-deletion of Google history after a specified time and will make it easier to find out what the company knows about you, among other new privacy features.

Fatemeh Khatibloo, a vice president and principal analyst at Forrester, told The Times: “These are meaningful changes when it comes to the user’s expectations of privacy, but I don’t think this affects their business at all.” Google has to show that privacy is important, but it will still collect data.

What Google and Facebook are trying to do, though, is reshape the privacy narrative. You may think privacy means keeping hold of your data; they want privacy to mean they don’t hand data to others. (“Google will never sell any personal information to third parties,” Mr. Pichai wrote in his Op-Ed.)

Werner Goertz, a research director at Gartner, said Google had to respond with its own narrative. “It is trying to turn the conversation around and drive public discourse in a way that not only pacifies but also tries to get buy-in from consumers, to align them with its privacy strategy,” he said.
Politics of privacy law

Right – pacify the masses with BS.

Politics of privacy law

Facebook and Google may share a voice on privacy. Lawmakers don’t.

Members of the Federal Trade Commission renewed calls at a congressional hearing on Wednesday to regulate big tech companies’ stewardship of user data, my colleague Cecilia Kang reported. That was before a House Energy and Commerce subcommittee, on which “lawmakers of both parties agreed” that such a law was required, The Wall Street Journal reported.

Sounds promising.

But while the F.T.C. was united in asking for more power to police violations and greater authority to impose penalties, there were large internal tensions about how far it should be able to go in punishing companies. And the lawmakers in Congress “appeared divided over key points that legislation might address,” according to The Journal. Democrats favor harsh penalties and want to give the F.T.C. greater power; Republicans worry that strict regulation could stifle innovation and hurt smaller companies.

Finding compromise will be difficult, and conflicting views risk becoming noise through which a clear voice from Facebook and Google can cut. The longer disagreement rages, the more likely it is that Silicon Valley defines a mainstream view that could shape rules.

Yeah — more lobbyists and political donation subverting the democracy. The US should enact an EU equivalent GDPR now. And another thing, Zuckerberg’s cynical attempt to change the narrative by implementing end to end encryption is simply a bad idea. It gets them off the hook to moderate content (read: more profits), still allows them to sell ads and makes it nearly impossible for law enforcement to do their job. Hey Zuck, why not hand hang a sign out: criminals, pedophiles, gangs, repressive regimes, etc. – “all welcome here.”

Unearthed emails could be smoking gun in epic GDPR battle against Google, adtech giants

If online ads were simply outlawed, the problem would be fixed. That will not happen soon, so use the best ad-blocker you can, set your browser to dump cookies and other data upon exit (not available in Google Chrome –hhmmm now I wonder why..), and when done on one site, close browser and restart before going to new site.

Quote

Privacy warriors have filed fresh evidence in their ongoing battle against real-time web ad exchange systems, which campaigners claim trample over Europe’s data protection laws.

The new filings – submitted today to regulators in the UK, Ireland, and Poland – allege that Google and industry body the Interactive Advertising Bureau (IAB) are well aware that their advertising networks’ business models flout the EU’s privacy-safeguarding GDPR, and yet are doing nothing about it. The IAB, Google – which is an IAB member – and others in the ad-slinging world insist they aren’t doing anything wrong.

The fresh submissions come soon after the UK Information Commissioner’s Office (ICO) revealed plans to probe programmatic ads. These are adverts that are selected and served on-the-fly as you visit a webpage, using whatever personal information has been scraped together about you to pick an ad most relevant to your interests.

Typically, advertisers bid for space on a webpage in real-time given the type of visitor: the page is fetched from a website, it brings in ad network code, which triggers an auction between advertisers that completes in a fraction of a second, and the winning ad is served and displayed (assuming the advert isn’t blocked.) This transaction, dubbed real-time bidding or RTB, happens automatically and immediately when an ad is required, and it can be fairly convoluted: ad slots may be passed through a tangle of publishers and exchanges before they arrive in a browser.

Netizens known to be wealthy and with a lot of disposable income, or IT buyers with big spending budgets, for example, will command higher ad rates than those unlikely to buy anything through an ad. This is why ad networks and exchanges, like Google, love to know everything about you, all that lovely private data, so they can tout you to advertising buyers and target ads at you for stuff you’re previously shown an interest in.

The ICO’s investigation will focus on how well informed people are about how their personal information is used for this kind of online advertising, which laws ad-technology firms rely on for processing said private data, and whether users’ data is secure as it is shared on these platforms.

Meanwhile, these latest filings follow on from gripes lodged by the same online rights campaigners late last month and in 2018.

The privacy warriors allege the aforementioned auction systems fall foul of Europe’s General Data Protection Regulation (GDPR) because netizens do not have much or any real control over the massive amounts of ad-related data lobbed between sites and services. Moreover, this information can be highly personal – sometimes including location coordinates along with pseudonymous identifiers, personal interests, and the site they are browsing.

The complaints, which point the finger of blame at the IAB’s openRTB and Google’s Authorized Buyers systems, were filed to watchdogs in the UK by Open Rights Group executive director Jim Killock and privacy research Michael Veale; in Ireland by Johnny Ryan of browser biz Brave; and in Poland by the Panoptykon Foundation.

The IAB has consistently stressed that the complaints should not be directed at RTB technology makers, such as itself – and that doing so is like holding road builders accountable for people who break the speed limit. In other words, the tech can be abused, but apparently not by its developers. And the industry body claimed the complainants have only proven it is possible to break the law, not that it has been broken.

As such, the privacy warriors hope to add more weight to their arguments, and today submitted a fresh set of documents to regulators in the aforementioned trio of nations. This cache includes examples of the data passed through RTB systems, and the number of daily bid requests ad exchanges make, which reach 131 billion for AppNexus and 90 billion for Oath/AOL.
Programmatic trading, or is that problematic trading?

The complainants have also filed documents they claim prove the IAB has long been aware that there is a potential problem with RTB systems and their compliance with GDPR.

Among the latest cache is an email from 2017 – obtained under a Freedom-of-Information request – sent from the CEO of IAB Europe, Townsend Feehan, to senior staff in the European Commission Directorate General for Communications Networks, Content, and Technology.

The email reveals Feehan lobbying commission staffers against proposals for a new ePrivacy Regulation – which was meant to come into force with GDPR but has been stuck in negotiations – saying it could “mean the end of the online advertising model.”

Programmatic trading would seem, at least prima facie, to be incompatible with consent under GDPR

The exec attached an 18-page document to the email detailing IAB Europe’s reasoning, which discussed the impact of proposals to tighten rules on the use of people’s private data to the same level as that of GDPR, particularly the requirement of someone’s consent to share their information. Crucially, consent under GDPR requires that people are told clearly what’s going on with their sensitive info, which means website visitors must be told the identity of the data controller(s) processing their data and the purposes of processing. Given the instantaneous and convoluted nature of ad bidding, it is seemingly impossible to alert netizens prior to the real-time auctions, it is claimed.

This, essentially, is the rub between GDPR and today’s on-the-fly web advertising, it would seem.

“As it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding (RTB) scenario, programmatic trading, the area of fastest growth in digital advertising spend, would seem, at least prima facie, to be incompatible with consent under GDPR,” the IAB said.

Brave’s Johnny Ryan said this acknowledges the issue at the core of the campaigners’ complaint – and suggests the IAB doesn’t think adtech’s operating model can work with GDPR.

The IAB has since launched a “Consent and Transparency Framework” to help companies involved in RTB systems meet their legal requirements – but opponents argue that this doesn’t change the facts at the heart of the matter.

Similarly, a document from May 2018 produced by the IAB Tech Lab – a group that produces standards, software, and services for digital publishers, marketers, media, and adtech firms – acknowledged concerns about GDPR compliance. In it, the lab said publishers were concerned “there is no technical way to limit the way data is used after the data is received by a vendor for decisioning/bidding on/after delivery of an ad but need a way to clearly signal the restriction for permitted uses in an auditable way.”

It also said that “surfacing thousands of vendors with broad rights to use data w/out tailoring those rights may be too many vendors/permissions.” And elsewhere in the 2017 document, the IAB said that, since third parties in adtech have “no link to the end-user [they] will be unable to collect consent.”
All your basis are belong to…?

It is question-marks like these, from the industry itself, that the privacy campaigners hope will bolster their case. These concerns were also highlighted by the ICO’s tech policy lead Simon McDougall in a blog post earlier this month outlining the body’s plan to look into adtech.

“The lawful basis for processing personal data that different organisations operating in the adtech ecosystem currently rely upon are apparently inconsistent,” he said. “There seem to be several schools of thought around the suitability of various basis for processing personal data – we would like to understand why the differences exist.”

He added that the ICO was interested in how and what people are told about how their personal data is used for online advertising, and how accurate these disclosures are.

A third prong of the ICO probe will consider the security of the data that is widely and rapidly shared during the auctions. “We are interested in how organisations can have confidence and provide assurances that any onward transfers of data will be secure,” said McDougall.

The ICO stressed that it was in the fact-finding stages of its work, and that it wanted to listen to all the “diverging views” on adtech.

And, for their part, the complainants in the case against IAB Europe and Google have said that they aren’t, necessarily, seeking an end to online advertising. Rather, they want to see adtech firms operate without sharing the highly personal information they do at the moment. For instance, Ryan said that the IAB RTB system allows 595 different kinds of data to be included in a bid request. Scrapping the use of just four per cent would be an “easy, long overdue, fix

Break up Facebook (and while we’re at it, Google, Apple and Amazon)

Reich concludes “We must resurrect antitrust” – yes and we need to do that very fast.

Quote

Big tech has ushered in a second Gilded Age. We must relearn the lessons of the first, writes the former US labor secretary

Last week, the New York Times revealed that Facebook executives withheld evidence of Russian activity on their platform far longer than previously disclosed. They also employed a political opposition research firm to discredit critics.

There’s a larger story here.

America’s Gilded Age of the late 19th century began with a raft of innovations – railroads, steel production, oil extraction – but culminated in mammoth trusts owned by “robber barons” who used their wealth and power to drive out competitors and corrupt American politics.

We’re now in a second Gilded Age – ushered in by semiconductors, software and the internet – that has spawned a handful of giant hi-tech companies.

Facebook and Google dominate advertising. They’re the first stops for many Americans seeking news. Apple dominates smartphones and laptop computers. Amazon is now the first stop for a third of all American consumers seeking to buy anything.

“Amazon the first stop..” — The main reason is that they have allowed illegal predatory pricing to drive out competition. And Amazon is usually never a good deal. Check it out carefully: Prime products are always more expansion than elsewhere even on the Amazon site. With Prime you pay twice. Brilliant!

This consolidation at the heart of the American economy creates two big problems.

First, it stifles innovation. Contrary to the conventional view of a US economy bubbling with inventive small companies, the rate at which new job-creating businesses have formed in the United States has been halved since 2004, according to the census.

A major culprit: big tech’s sweeping patents, data, growing networks and dominant platforms have become formidable barriers to new entrants.

The second problem is political. These massive concentrations of economic power generate political clout that’s easily abused, as the New York Times investigation of Facebook reveals. How long will it be before Facebook uses its own data and platform against critics? Or before potential critics are silenced even by the possibility?

America responded to the Gilded Age’s abuses of corporate power with antitrust laws that allowed the government to break up the largest concentrations.

President Teddy Roosevelt went after the Northern Securities Company, a giant railroad trust financed by JP Morgan and John D Rockefeller, the nation’s two most powerful businessmen. The US supreme court backed Roosevelt and ordered the company dismantled.

In 1911, President William Howard Taft broke up Rockefeller’s sprawling Standard Oil empire.

It is time to use antitrust again. We should break up the hi-tech behemoths, or at least require they make their proprietary technology and data publicly available and share their platforms with smaller competitors.

There would be little cost to the economy, since these giant firms rely on innovation rather than economies of scale – and, as noted, they’re likely to be impeding innovation overall.

But is this politically feasible? Unlike the Teddy Roosevelt Republicans, Trump and his enablers in Congress have shown little appetite for antitrust enforcement.

Republicans rhapsodize about the “free market” but have no qualms about allowing big corporations to rig it at the expense of average people. Yet as the late Robert Pitofsky, former chairman of the Federal Trade Commission, once noted: “Antitrust is a deregulatory philosophy. If you’re going to let the free market work, you’d better protect the free market.”

But the Democrats, for their part, have shown no greater appetite for antitrust – especially when it comes to big tech.

In 2012, the staff of the FTC’s bureau of competition submitted to the commissioners a 160-page analysis of Google’s dominance in the search and related advertising markets, and recommended suing Google for conduct that “has resulted – and will result – in real harm to consumers and to innovation”.

But the commissioners, most of them Democratic appointees, chose not to pursue the case.

The Democrats’ recent “better deal” platform, which they unveiled a few months before the midterm election, included a proposal to attack corporate monopolies in industries as wide-ranging as airlines, eyeglasses and beer. But, notably, the proposal didn’t mention big tech.

Maybe the Democrats are reluctant to attack the industry because it has directed so much political funding to Democrats. In the 2018 midterms, the largest recipient of big tech’s largesse, ActBlue, a fundraising platform for progressive candidates, collected nearly $1bn, according to the Center for Responsive Politics.

As the New York Times investigation makes clear, political power can’t be separated from economic power. Both are prone to abuse.

Antitrust law was viewed as a means of preventing giant corporations from undermining democracy. “If we will not endure a king as a political power,” thundered Ohio’s Senator John Sherman, the sponsor of the nation’s first antitrust law in 1890, “we should not endure a king over the production, transportation and sale” of what the nation produced.

In the second Gilded Age as in the first, giant firms at the center of the American economy are distorting the market and our politics.

We must resurrect antitrust.

Peter Thiel Employee Helped Cambridge Analytica Before It Harvested Data

Quote

I think this story shows that the Facebook data mining is the tip of the iceberg. It will drag in Google and others.

As a start-up called Cambridge Analytica sought to harvest the Facebook data of tens of millions of Americans in summer 2014, the company received help from at least one employee at Palantir Technologies, a top Silicon Valley contractor to American spy agencies and the Pentagon.

It was a Palantir employee in London, working closely with the data scientists building Cambridge’s psychological profiling technology, who suggested the scientists create their own app — a mobile-phone-based personality quiz — to gain access to Facebook users’ friend networks, according to documents obtained by The New York Times.

Cambridge ultimately took a similar approach. By early summer, the company found a university researcher to harvest data using a personality questionnaire and Facebook app. The researcher scraped private data from over 50 million Facebook users — and Cambridge Analytica went into business selling so-called psychometric profiles of American voters, setting itself on a collision course with regulators and lawmakers in the United States and Britain.

The revelations pulled Palantir — co-founded by the wealthy libertarian Peter Thiel — into the furor surrounding Cambridge, which improperly obtained Facebook data to build analytical tools it deployed on behalf of Donald J. Trump and other Republican candidates in 2016. Mr. Thiel, a supporter of President Trump, serves on the board at Facebook.

The connections between Palantir and Cambridge Analytica were thrust into the spotlight by Mr. Wylie’s testimony on Tuesday. Both companies are linked to tech-driven billionaires who backed Mr. Trump’s campaign: Cambridge is chiefly owned by Robert Mercer, the computer scientist and hedge fund magnate, while Palantir was co-founded in 2003 by Mr. Thiel, who was an initial investor in Facebook.

Google Link?

A former intern at SCL — Sophie Schmidt, the daughter of Eric Schmidt, then Google’s executive chairman — urged the company to link up with Palantir, according to Mr. Wylie’s testimony and a June 2013 email viewed by The Times.

“Ever come across Palantir. Amusingly Eric Schmidt’s daughter was an intern with us and is trying to push us towards them?” one SCL employee wrote to a colleague in the email.

Ms. Schmidt did not respond to requests for comment, nor did a spokesman for Cambridge Analytica.

In an interview this month with The Times, Mr. Wylie said that Palantir employees were eager to learn more about using Facebook data and psychographics. Those discussions continued through spring 2014, according to Mr. Wylie.

Mr. Wylie said that he and Mr. Nix visited Palantir’s London office on Soho Square. One side was set up like a high-security office, Mr. Wylie said, with separate rooms that could be entered only with particular codes. The other side, he said, was like a tech start-up — “weird inspirational quotes and stuff on the wall and free beer, and there’s a Ping-Pong table.”

Mr. Chmieliauskas continued to communicate with Mr. Wylie’s team in 2014, as the Cambridge employees were locked in protracted negotiations with a researcher at Cambridge University, Michal Kosinski, to obtain Facebook data through an app Mr. Kosinski had built. The data was crucial to efficiently scale up Cambridge’s psychometrics products so they could be used in elections and for corporate clients.

“I had left field idea,” Mr. Chmieliauskas wrote in May 2014. “What about replicating the work of the cambridge prof as a mobile app that connects to facebook?” Reproducing the app, Mr. Chmieliauskas wrote, “could be a valuable leverage negotiating with the guy.”

Those negotiations failed. But Mr. Wylie struck gold with another Cambridge researcher, the Russian-American psychologist Aleksandr Kogan, who built his own personality quiz app for Facebook. Over subsequent months, Dr. Kogan’s work helped Cambridge develop psychological profiles of millions of American voters.

One can only hope this will broaden the understanding of what “you are the product” means to free services peddled by big tech. Then again…..

Google Chrome vows to carpet bomb meddling Windows antivirus tools

Quote

Browser will block third-party software from mucking around with pages next year.

By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows.

“In the past, this software needed to inject code in Chrome in order to function properly; unfortunately, users with software that injects code into Windows Chrome are 15 per cent more likely to experience crashes.”

In particular, the target here seems to be poorly coded AV tools can not only crash the browser or cause slowdowns, but also introduce security vulnerabilities of their own for hackers to exploit.

Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes. With Chrome 68, the browser will block third-party code in all cases except when the blocking itself would cause a crash. In that case, Chrome will reload, allow the code to run, and then give the user a warning that the third-party software will need to be removed for Chrome to run properly. The warning will be removed and nearly all code injection will be disabled in January of 2019.

“While most software that injects code into Chrome will be affected by these changes, there are some exceptions,” said Hamilton.

“Microsoft-signed code, accessibility software, and IME software will not be affected.”

Russian Influence Reached 126 Million Through Facebook Alone

Quote

Russian agents intending to sow discord among American citizens disseminated inflammatory posts that reached 126 million users on Facebook, published more than 131,000 messages on Twitter and uploaded over 1,000 videos to Google’s YouTube service, according to copies of prepared remarks from the companies that were obtained by The New York Times.

The new information goes far beyond what the companies have revealed in the past and underline the breadth of the Kremlin’s efforts to lever open divisions in the United States using American technology platforms, especially Facebook. Multiple investigations of Russian meddling have loomed over the first 10 months of the Trump presidency, with one leading to the indictments of Paul Manafort, the former Trump campaign chief, and others on Monday.

For Facebook, Google and Twitter, the discovery of Russian influence by way of their sites has been a rude awakening. The companies had long positioned themselves as spreading information and connecting people for positive ends. Now the companies must grapple with how Russian agents used their technologies exactly as they were meant to be used — but for malevolent purposes.

Rude Awaking? Bullshit. For whom? Connecting people for positive good? More bullshit! It is about hoovering up personal user data and selling it! Come on, wake up!

Just say no to Social Media. Just say no to Google. Demand privacy.

Facebook and Google promoted false news about Las Vegas

“Social media: The internet version of the supermarket tabloid. Written by the mindless for the mindless.” Unfortunately it is picked up by mainstream media and is swallowed and regurgitated by a good percentage of the 65% of Americans who get their “news” from social media. The article also points up to a failure in machine learning (AI) algorithms in use by the Facebook, Google and their ilk.

Quote

Facebook and Google promoted false news stories claiming that the shooter who killed more than 50 people in Las Vegas was a Democrat who opposed Donald Trump. The misidentification spread rapidly from dark corners of the internet to mainstream platforms just hours after hundreds were injured at a festival near the Mandalay Bay casino, the latest example of fake news polluting social media amid a breaking news story.

The flow of misinformation on Monday illustrated a particularly grim trend that has increasingly dominated viral online propaganda during US mass shootings – hyper-partisan trolls battling to blame the tragedy on opposing political ideologies. …

Despite the fact that the claims were unproven and coming from non-credible sources, Facebook’s “Safety Check” page, which is supposed to help people connect with loved ones during the crisis, ended up briefly promoting a story that said the shooter had “Trump-hating” views, along with links to a number of other hoaxes and scams, according to screenshots. At the same time, Google users who searched Geary Danley’s name were at one point directed to the 4chan thread filled with false claims.
..
False content can quickly move from social media to legitimate news sources, she added: “People are putting out crap information on purpose … It’s really easy to get shit into the news cycle by being on Twitter.”

A YouTube user also pushed an unsubstantiated rumor that the suspect was a Hillary Clinton supporter.

Google IMAP losing old security protocols this month

Quote

Google’s ongoing elimination of the antediluvian SSLv3 and RC4 protocols is taking another step on June 16.
From that date, Gmail’s IMAP and POP services will join its SMTP services in rejecting connections using those protocols.
Recognising, perhaps, that not everybody’s been paying attention, Mountain View is giving users and sysadmins time to adjust. It may take “longer than 30 days for users to be fully restricted from connecting” using clients that still run those protocols, the company’s announcement states.
However, most clients already support more modern TLS versions.
Beyond the deprecation date, sysadmins will start to see errors if they try running SSLv3 or RC4 in connection, and app developers are likewise warned they need to push out upgrades.
It’s been a year since the IETF put a bolt into the skull of SSLv3, issuing RFC 7568 as a not-so-gentle reminder to the industry.
And as a cipher, RC4 has been a dead duck for years.
So if your favourite mail app tells you “upgrade now”, you might want to ask why they’ve taken so long.

Took long enough!

Chrome trumps all comers in reported vulnerabilities

Quote

More vulnerabilities were discovered in Google Chrome last year than any other piece of core internet software – that’s according to research that also found 2014 clocked record numbers of zero-day flaws.

The Secunia Vulnerability Review 2015 report [PDF] is built on data harvested by the company’s Personal Software Inspector tool residing on “millions” of customer end points, each with an average of 76 installed applications.

It said the Chocolate Factory’s web surfer had more reported vulnerabilities than Oracle Solaris, Gentoo Linux, and Microsoft Internet Explorer which rounded out the top four among the analysed core products. ….Chrome leads the browser pack with 504 reported vulnerabilities followed by Internet Explorer with 289 and Firefox with 171. Some 1035 flaws were reported across all browsers including Opera and Safari, up from 728 in 2013.

Wait, but isn’t Google itself a threat?

Google Malvertising App

Quote

Android apps that should be innocuous are pimping smut by way of slack supervision of their advertising networks, with two app authors complaining to The Register that the root of the problem lies with The Chocolate Factory.

The authors of two popular Sydney public transport apps told us Google’s app monetisation service AdMob is failing to catch disallowed advertisements that should be easy to spot for the world-dominating ad-and-click network.

Malvertising is a rising problem because users are turning to ad blockers as a security precaution, both to protect against malware and to keep material they deem inappropriate out of their eyeballs. The latter outcome is made necessary by ads like those below, which The Register has observed in the Arrivo and TripView public transport timetable apps, both of which are likely to pop up on minors’ phones.

If, as it seems to this untutored eye, the ad got past filters by presenting its text as an image with extra space to defeat character recognition, Google deserves its backside kicked through all the letters of its Alphabet. Twice per letter, once per language.