The Facebook scramble to rewrite history

As Facebook scramble to try to head off prohibitive legislation in the UK, Europe and the USA, it’s trying to reinvent it’s history and mission.  I’m no Facebook historian, developer, professional watcher but it’s worth remembering some of it’s actual history, bugs, screw-ups and the often terrible defaults it implemented with new features.

I’d long imagined that Mark Zuckerberg was the embodiment of Zeke Hawkins character in the 1993 movie, Sliver. One of the things Hawkins said in the movies about his surveillance was the Google-esq:

We’ll do only good things.

All of the recent disclosures about access to Facebook data isn’t about hacking or other malicious activity, it is about poor design decisions; defaults in privacy that were good for Facebook but not for the user; and ultimately necessary for Facebook’s’ business model. They were not, as Facebook and Zuckerberg oft refer to them as data breaches.

As the voiceover says at the end of the Sliver trailer:

The view from the outside is nothing…. compared to the view…. inside.

My history with Facebook goes back to when it was “thefacebook”. I’d been a regular speaker and panelist at the Silicon Valley World Internet Center between 1998 and 2003 when I gave my last session on Open Source. The center was housed at Stanford University. Over my time there, I made contacts with many professional and personal contacts.

I started using livejournal as an emerging platform for “blogging” and tracking news for my then key triathlon interests in January 2004.  That April, through one of the contacts I’d made at the World Internet Center, I was offered a userid to take a look at “thefacebook”. I didn’t spend much time on it, it was fascile, juvenille and voyeristic. I wasn’t surprised to hear that in 2003, the Harvard University administration had charged Zuckerberg with breach of security, violating copyrights, and violating individual privacy.

That set the path that Facebook has followed since then, their design decisions, their defaults, everything has been aimed at making your information publicly available, searchable and collectable. As I texted a few days ago, none of this need happened if Facebook actually cared about privacy. Each and every time they implemented a new feature, they did so by setting the user privacy to the least private allowed.

While Facebook claimed they were not selling data, which was probably legally true, but they were always selling access to the data. If privacy was really central to Facebooks management of data, then they would have made the defaults very different than they did.

All those infuriating apps and quizzes that your “friends” were playing Farmville, Candy Crush, etc. let alone the apps that wanted to know actual personal information, like where you’d travelled to etc. For a while in 2007 there was even a class at Stanford known as the “Facebook class” where students, many of whom went on to make hundreds of thousands of US Dollars, were instructed on how to make Facebook apps.

As early as 2010, many of us were imploring people not to give companies like OK Cupid and apps like Lover of the Day access to your data, it was only ever going to end badly for someone.

Lover of the Day was installed nearly a million times. If every user that installed it had at least one hundred “friends” on Facebook,  that meant through a single app, four hundred million facebook users data could have been exposed and scraped. Even if “Lover of the Day” hadn’t overtly exploited this, it was totally naive rather than malicious.

By the end of 2010, there were hundreds of website scams that were, as far as I can see, just there to harvest your data, and that of your friends. There were numerous websites set up to track these, of which Facecrooks, was and still is one of the best.

When I got my Facebook data, before #DELETEFACEBOOK, I spent an hour searching through the data and my timeline to find interesting posts, pleas that I’d made to my friends about the lax controls, bad defaults and bad app choices they were making.In 2010 alone, I posted the following on my wall.

January 10th: “Well get used to it, the Facebook founder says your privacy is a relic of the past, everything should be public!”

March 2010: “So, not paying attention to the FB Privacy issue? Well last night the dumb ass’s made a change which made everyone’s email address public for about 30-mins even if you said not to or your settings… “

May 2010: “So yesterday Facebook blew their privacy yet again revealing private friend to friend conversations, allowing one friend to see outstanding friend requests of other friends…”

May 2011: When discussing the Symantec revelation that Facebook was leaking information to Third parties, I ended the post with – friends don’t give their friends personal information to strangers, don’t do the same on facebook!

By 2011, music streaming startup, Spotify, was known to be aggressively using and promoting their business through facebook by exploiting the weak/lax Facebook privacy. If anything, the US Government Federal Trade Commision hearings lead to facebook changes that were in marketing speak “more transparent” but reality, more opaque. They made it easier to stop sharing, but harder to know what was being shared.

In 2015, the scraping of user data was still rampant, I found a number of examples of warnings, mostly in so called “Big company” giveaways.

March 2015: Friends don’t invite friends invite to the SW Airlines ticket give away. It’s scam, they are harvesting Facebook id’s, friends lists and email addresses and who knows what else!

It was followed by a long bullet list of ways you could tell if the giveaway was a scam. My post ended in

If don’t doesn’t have at least two of those it’s a scam… It’s not harmless, it’s like showing up at an orgy and not using a condom.

When Zuckerberg and Facebook try to rewrite history claiming these were a breach of trust, or they didn’t sell data, or they acted as soon as they were notified, I don’t know what the hell they are talking about. They knew, they just didn’t care until the politicians got hurt, and now the optics look really bad.

Next. What should be done.

Zuckerberg/Facebook called to UK Parliament

Of course as a US Citizen, Zuckerberg can’t be compelled to attend. There can be so many serious consequences to not attending that Rubert Murdoch and other News International Executives attended when they were called.
 

Facebook has a lot of questions to answer

I teetered on the brink of deleting my facebook account last year. I removed the main app from my phone and a Windows tablet, and have never installed messenger. When it came down to it I balked at the final step. I did ulike pretty much all businesses and pages, as well as unfriended anyone not a real contact/friend etc.

The utility of facebook is still too great to remove myself completely. Although frankly I’ve had better results contacting businesses through Twitter and getting things done. Given it’s reach, facebook still remains useful. Delete the apps Facebook, Facebook Messenger, Instagram and Whatsapp.

If you want to delete your facebook account, it’s still relatively simple and you have 14-days to recover it, if you decide it was a mistake. Use this URL.

The Guardian published this over the weekend. It’s a long and important read that contains all the context and background detail into how Facebook was used to target people with advertising and social  profiling of potentailly millions of people to bias or persuade them to take a particular perspective.

Much of this data came through those terrible apps which ask you to confirm access to your facebook profile, and your friends profile. Even though you may have never used one of these apps, if your friends did, they likely gave away your data.

The New York Times is today reporting that Facebooks Chief Information Security officer is leaving the company. So this is obviously a big deal. Alex himself denies that, although with the share price drop already seen today, who knows the truth, the data misappropriation is still a big deal.

Charles Arthur has a daily email which goes out under the guise of The Overspill from his blog of the same name. It’s well worth the subscription. Todays included a link to Justin Hendrix blog for justsecurity.org on the Facebook data use, in it Justin poses seven key questions:

1. Why did Facebook take more than two years to inform the public of this massive breach?

2. Did the Trump campaign or Cambridge Analytica violate campaign finance laws?

3. Did Trump campaign or Cambridge Analytica employees lie to Congress, or to the British Parliament?

4. Did Facebook’s failure to disclose this breach to the public and notify its directly affected consumers break any laws?

5. Did any of the Facebook embeds in the Trump campaign know that stolen data was being used for targeting?

6. Did Facebook have evidence its own employees mishandled this situation? Was any disciplinary action taken?

7. Did other organizations or individuals exploit these apparent weaknesses, and are there other breaches we do not know about?

Irrespective of what you think about how the data was used, and the outcome, these questions need to be answered.

Retail vs Investment Banking

I’ve no idea what long term this change will make, but was delighted to receive this notification from my UK Bank, first direct, and HSBC subsidiary.

Something we are (very) unlikely to see here in the US in the near future.

Letter from HSBC

What is says is

We wanted to let you know that in line with new regulations introduced after the global financial crisis, later this year HSBC will be changing the way it’s structured in the United Kingdom (UK).

The new rules mean all banks with deposits of UKP 25bn or more will have to keep their “retail banking” business seperate from their “wholesale and investment banking” businesses, also known as ‘ring-fencing’.

Of course, this won’t stop another global financial meltdown, but at least in principle, they won’t be gambling with our money. If it happens it will still have as dramatic impact since the stocks, shares, futures, and companies will be hit the same way and everything will lose value as it did before. When all is said and done though, this is a good move.

Your move Elizabeth Warren.

FCC and Net Neutrality – Fraud in your name?

After this weeks hugely disappointing repeal of the net neutrality. The ACLU has their take on the repeal, here.

I’m more concerned though with the claim that up to 2-million comments supporting the repeal were submitted to the FCC using fraudulent identities. I actually don’t don’t think it would have made any difference given what we know about the commission members who voted in favor of repeal.

Still, I wanted to be sure my comment was actually the comment I submitted, and no one else had submitted a comment using my identity. You can check here. Simply add your name to the form and click search. You’ll have to go through the comments submitted by people with the same name to check your comment is there, or that a comment was submitted on your behalf. Make sure to check all the people with your name, lots of comments seem to have been submitted using older addresses.

If you find a comment submitted that claims to be from you, that you did not authorise someone else to submit, or did not submit your self, please do 2-things

  1. Complete the remainder of the form to lodge a complaint
  2. Write, preferably a paper letter, to you States Attorney General.

A number of US States Attorney Generals are suing the Federal government over this issue. However, many have not joined that effort, including mine, Colorado.

Here is my comment, as submitted.

US Broadband and cable Internet access is already one of the most expensive in the developed world. It is also fragmented and suffers from overcharging for access to services. This proposal will only allow this to get worse, and potentially hamper both the development of small business services, and the use and consumption of both those and existing services. This must NOT be allowed to proceed. I write as a former IBM Distinguished Engineer and Member of the IBM Academy of Technology, and more recently, a Senior Distinguished Engineer and Executive Director at Dell Inc.

And finally the Presidents Tweet. Because I assume #NetNeutrality is too complex for him to understand, he assumes it’s too complicated for everyone else. Note the #NetNeutality auto-correct/mistype in the Presidents tweet. Explain it? He can’t even type it.

Ripping off customers

I saw the following tweet and literally laughed-out-loud. In the past two years I’ve got to the checkout confirmation step on music and theatre events and cancelled out and closed the browser window more times than I care to remember. Ticket “fees” and “convenience” charges are rampant.

The airline industry over the past year has gone the complete opposite direction, some forced by legislation, some by marketplace competition. They nickel and dime you for charges for everything. The Trump administration has rescinded a rule requiring Airlines to disclose baggage fees upfront. This rule previously made it easier to compare airfare prices across airlines.

Enjoy!

Fear of Automation

ZDNet has a good summary of a few recent reports on automation, a subject I’ve covered here more than once.

The more interesting survey report is from a Harris Poll for ZipRecruiter, an online employment marketplace.

ZipRecruiter’s nationwide data shows 60% of job seekers believe fears around robots taking away jobs are overhyped while 2 in 5 employed job seekers (41%) believe their current job will be automated within their lifetime.

This is more than likely because workers asked, don’t see the big picture. They don’t get involved with decisions and discussions about how to cut cost and risk from their workflow.

I’m not saying that we’ll wake up one day and everything will be taken over by robots, that’s not the case at all. It’s worse than that, automation is insidious and for the most part, invisible.

The ZDNet article by  for Robotics also links to recent reports from MckInsey and Redwood Software. Greg points out that:

  • 4 in 5 job seekers agree that the current technology boom has left certain people (84%) and cities (78%) behind.
  • Half of job seekers (50%) say the introduction of the Internet has generally done more harm than good. Employed job seekers are more likely to agree with this sentiment than unemployed job seekers (53% employed vs. 40% unemployed).
  • 2 in 5 job seekers (44%) believe there is no such thing as a bad technological advancement.

What this ignores, for the 50% that thinks the Internet is good, is that without it, and the automation and communication it has enabled, the workplace would be very different today. And that is one way the creep of insidious automation has been taking over.

Bringing Jobs Back to the USA

As the GOP push through their tax bill, without any transparency, one of the big ticket items is corporate tax breaks.

My opinion is the government are really wasting their time, and our money giving tax breaks, especially to companies to repatriate their overseas earnings, in some kind of swap for jobs. No such thing will happen, sure there will be a few winners here and there, but nothing substantial and certainly nothing overtime.

If the government wanted to do this, they’d have been better creating an incentive program, which gave them tax deductions for each net new job they created, the longer their total employment numbers were up, net new, the lower the tax rate on repatriation would go.

I posted the following on twitter… but in a debate about it today, realized I’d left the link off for the NPR article. Here it is.

From Tax to Pariah – Colorado’s TABOR history

One mans crusade to limit Government, what he wanted, how he did it, and what happened. At least Bruce was principled. A great listen, especially on the consequences for the State and Bruce(The Pariah?)

The Taxman Episode 1
The Taxman Episode 2
The Taxman Episode 3

You get what you want in Texas

The Austin American Statesman today published a frank review of the Texas rules on disclosure of chemical storage “Information scarce on chemical plant blasts — just like Texas wanted“. I wrote about this issue precisely back in “The Texas Freedom Illusion” and after the “West Disaster” report.

In essence, under the veil of “security”, Governor Abbott has effectively just stopped individual Texans from finding out about these storage facilities, and in the same way as you are much more likely to be shot by a gun owning family member, than a jihadi; you are much more likely to get killed, poisoned, or otherwise impacted by a local company than you are by terrorists exploiting the freely available information.

This regulation was alway problematical and is going to bite ordinary Texans until it is repealed. The idea that people have time to go around to each and every high fenced industrial lots within a mile or so of their home and ask what chemicals they are storing is just nonsense, more so in large cities.