Until data is misused, Facebook’s breach will be forgotten

We cared about Cambridge Analytica because it could have helped elect Trump. We ignored LocationSmart because even the though the company was selling and exposing the real-time GPS coordinates of our phones, it was never clear exactly if or how that data was misused.

This idea, that privacy issues are abstract concepts for most people until they become security or ideological problems, is important to understanding Facebook’s massive breach revealed this week. 

The social network’s engineering was sloppy, allowing three bugs to be combined to steal the access tokens of 50 million people. In pursuit of rapid growth at affordable efficiency, Facebook failed to protect its users. This assessment doesn’t discount that. Facebook screwed up big time.

But despite the potential that those access tokens could have let the attackers take over user accounts, act as them, and scrape their personal info, it’s unclear how much users really care. That’s because for now, Facebook and it’s watchdogs aren’t sure exactly what data was stolen or how it was wrongly used.

The Hack That Broke The Camel’s Back?

This could all change tomorrow. If Facebook discovers the hack was perpetrated by a foreign government to interfere with elections, by criminals to bypass identity theft security checkpoints and steal people’s bank accounts or social media profiles, or to target individuals for physical harm, out will come the pitchforks and torches. 

Given a sufficiently scary application for the data, the breach could finish the job of destroying Facebook’s brand. If users start clearing their profile data, reducing their feed browsing, and ceasing to share, the breach could have significant financial and network effect consequences for Facebook. After years of scandals, this could be the hack that’s broke the camel’s back.

Yet in the absence of that evil utilization of the hacked data, the breach could fade into the background for users. Similar to the tension-filled departures of the founders of Facebook’s acquisitions Instagram and WhatsApp, the brunt of the backlash may not come from the public.

The hack could hasten regulation of social media. Senator Warner called on Congress to “step up” following the hack. He’s previously advocated for privacy laws similar to Europe’s GDPR. That includes data portability and interoperability rules that could make it easier to switch social networks. That threat of people moving to competing apps could succeed in compelling Facebook to treat user privacy and security better.

The FTC or European Union could hand down significant fines to Facebook for the breach. But given it earns billions in profit per quarter, those fees would have to be historically massive be a serious penalty for Facebook.

One of the biggest questions about the attack is whether the tokens were used to access other services like Airbnb or Spotify that rely on Facebook Login. The breach could steer potential partners away from building atop Facebook’s identity platform. But at least you don’t have to worry about changing all your passwords. Unlike hacks that steal usernames and passwords, the lasting danger of the Facebook breach is limited. The access tokens have already been invalidated, whereas password reuse can lead people to have their other apps hacked long after the initial breach.

Desensitized

If government investigators, journalists, or anti-Facebook activists want to make the company pay for its negligence, they’ll need to connect it to some concrete threat to how we live or what we believe.

For now, without a nefarious application of the breached data, this scandal could blend into the rest of Facebook’s troubles. Every week, sometimes multiple times a week, Facebook has some headline grabbing problem. Over time, those are adding up to deter usage of Facebook and spur more users to delete it. But without an independent general purpose social network they can easily switch to, many users have endured Facebook’s stumbles in exchange for the connective utility it provides. 

As breaches become more common, the public may be desensitized. At worst, we could become complacent. Corporations should be held accountable for privacy failures even when the damage done is vague. But between Equifax, Yahoo, and the cell phone companies, we’re growing accustomed to letting out a deep sigh with maybe some expletives, and moving on with our lives. The ones we’ll remember will be those where the danger metastasized from the digital world into our offline lives.

[Featured image via Getty]


Source: Tech Crunch

Carpooling service Klaxit partners with Uber for last-minute changes

French startup Klaxit connects drivers with riders so that you don’t have to take your car to work every day. And the company recently announced a new feature with the help of Uber. If your driver cancels your ride home, Klaxit will book an Uber for you.

Klaxit is a ride-sharing startup that focuses on one thing — commuting to work. And this problem is more complicated than you might think. You can’t just go to work with the same person every day because you don’t always go to work at the same time. Similarly, sometimes your driver has to leave work early, leaving you at the office with no alternative.

As a driver, you want to take the quickest route to work. So you want to be matched with riders who are exactly on the way to work.

Klaxit currently handles 300,000 rides per day. In particular, the company has partnered with 150 companies, including big French companies such as BNP Paribas, Veolia, Vinci and Sodexo.

Klaxit can be particularly useful for companies with large office buildings outside of big cities. Promoting Klaxit instantly fosters supply and demand from and to this office. But you don’t have to work for one of those companies to use Klaxit.

Local governments can also financially support Klaxit to improve traffic conditions and mobility for users who don’t have a car or a driver’s license. “Subsidizing rides on Klaxit is 8 to 10 times cheaper than building a bus line,” co-founder and CEO Julien Honnart told me.

One of the biggest concerns as a rider is that you’re going to be stuck at work in the evening. Klaxit is now asking its users to request a ride with two other drivers. If they both decline your request, Klaxit will book you an Uber ride to go back home.

You don’t have to pay the Uber ride and then get reimbursed, Klaxit pays Uber directly. You don’t need an Uber account either as Klaxit is using Uber for Business. MAIF is the insurance company behind this insurance feature, and also one of Klaxit’s investors. This is a neat feature to convince new users that they can trust Klaxit.

Klaxit competes with other French startups on this market, such as Karos and BlaBlaCar’s BlaBlaLines.


Source: Tech Crunch

Relike lets you turn a Facebook page into a newsletter

French startup Ownpage has recently released a new product called Relike. Relike is one of the easiest ways to get started with email newsletters. You enter the web address of your Facebook page and that’s about it.

The company automatically pulls your most recent posts from your Facebook page and lets you set up an emailing campaign in a few clicks. You can either automatically pick your most popular Facebook posts or manually select a few posts.

Just like any emailing service, you can choose between multiple templates, decide the day of the week and time of the day, import a database of email addresses and more. If you’ve used Mailchimp in the past, you’ll feel right at home.

But the idea isn’t to compete directly with newsletter services. Many social media managers, media organizations, small companies, nonprofits and sports teams already have a Facebook page but aren’t doing anything on the email front.

Relike is free if you send less than 2,000 emails per month and don’t need advanced features. If you want to get open rates, click-through rates and other features, you’ll need to pay €5 per month and €0.50 every time you send 1,000 emails.

The company’s other product Ownpage is a bit different. Ownpage has been working with media organizations to optimize their email newsletters. The company is tracking reading habits on a news site and sending personalized email newsletters.

This way, readers will get tailored news and will more likely come back to your site. Many big French news sites use Ownpage for their newsletters, such as Les Echos, L’Express, 20 Minutes, BFM TV, Le Parisien, etc.

Ownpage founder and CEO Stéphane Cambon told me that Relike was the obvious second act. Using browsing data for customized newsletters is one thing, but many talented social media managers know how to contextualize stories and maximize clicks (even if it means clickbait, sure).

The startup was looking at a way to get this data, and ended up creating Relike, which could appeal to customers beyond news organizations. For now, both products will stick around. In the future, the company plans to add Twitter and Instagram integrations as well as better signup flows for newsletter subscribers.


Source: Tech Crunch

What the heck is going on with measures of programming language popularity?

I looked at the TIOBE index today, as I do every so often, as most of the software pros I know do every so often. It purports to measure the popularity of the world’s programming languages, and its popularity-over-time chart tells a simple story: Java and C are, and have been since time immemorial, by some distance the co-kings of language.

But wait. Not so fast. The rival “PYPL Index” (PopularitY of Programming Languages) says that Python and Java are co-kings, and C (which is lumped in with C++, surprisingly) is way down the list. What’s going on here?

What’s going on is that the two indexes have very different methodologies … although what their methodologies have in common is both are very questionable, if the objective is to measure the popularity of programming languages. TIOBE measures the sheer quantity of search engine hits. PYPL measures how often language tutorials are Googled.

Both are bad measures. We can expect the availability of online resources to be an extremely lagging indicator; a once-dominant dead language would probably still have millions of relict web pages devoted to it, zombie sites and blog posts unread for years. And the frequency of tutorial searches will be very heavily biased towards languages taught en masse to students. That’s not a meaningful measure of which languages are actually in use by practitioners.

There are lots of weird anomalies when you look harder at the numbers. According to TIOBE, last C went from its all-time lowest rating to Programming Language Of The Year in five months. I can buy that C has had a resurgence in embedded systems. But I can also easily envision this being an artifact of a highly imperfect measure.

The more flagrant anomaly, though, in both of those measures, is the relative performance of Objective-C and Swift, the two languages used to write native iOS apps. I can certainly believe that, combined, they have recently seen a decline in the face of the popularity of cross-platform alternatives such as Xamarin and React Native. But I have a lot of trouble believing that, after four years of Apple pushing Swift — to my mind, an objectively far superior language — Objective-C is still more popular / widely used. In my day job I deal with a lot of iOS/tvOS/watchOS apps, and interview a lot of iOS developers. It’s extremely rare to find someone who hasn’t already moved from Objective-C to Swift.

But hey, anecdotes are not data, right? If the only available measures conflict with my own personal experience, I should probably conclude that the latter is tainted by selection bias. And I’d be perfectly willing to do that …

… except there is another measure of programming language popularity out there. I’m referring to GitHub’s annual reports of the fifteen most popular programming languages on its platform. Those numbers are basically a perfect match for my own experience … and they are way disjoint from the claims of both both TIOBE and PYPL.

According to GitHub’s 2016 and 2017 reports, the world’s most popular programming language, by a considerable distance, is Javascript. Python is second. Java is third, and Ruby a close fourth. This is in stark contrast to TIOBE, which has Java and C, then a big gap, then Python and C++ (Javascript is eighth) — and also to PYPL, which claims the order is: Python and Java, a huge gap, then Javascript and PHP.

Obviously the GitHub numbers are not representative of the entire field either; their sample size is very large, but only considers open-source projects. But I note that GitHub is the only measure which counts Swift as more popular than Objective-C. That makes it a lot more convincing, to me … but its open-source selection bias means it’s still far from definitive.

These statistics do actually matter, beyond being an entertaining curiosity and/or snapshot of the industry. Languages aren’t all-important, but they’re not irrelevant either. People determine what languages to study, and sometimes even what jobs to seek and accept, based on their popularity and their (related) projected future value. So it’s a little upsetting that these three measures are so starkly, radically different. Sadly, though, we seem to still be stuck with tea leaves rather than hard numbers.


Source: Tech Crunch

Solve, MIT’s take on social innovation challenges, may be different enough to work

Since McKinsey released a report on how best to use prizes to incentivize innovation nearly a decade ago, an entire industry has grown around social innovation challenges. The formula for these “save the world” competitions has become standard. Drum up a lot of buzz around an award. Partner with big names to get funding and high-profile judges. Try and get as many submissions as possible from across the world. Whittle down the submissions and come up with a list of finalists that get to pitch at a glitzy event with a lot of media attention.

On the final stage, based on pitches that last mere minutes, pick a winner that can get upwards of millions in prize funding. Don’t have a software platform to run a challenge of this kind? No worries, numerous for-profit vendors have sprung up that can do all the work for you—for anywhere from ten to a few hundred thousand dollars. The growth has been so exponential that prizes awarded through competitions has grown from less than $20 million in 1970 to a whopping $375 million just four decades later.

But do these prizes get the sort of world-saving results they aim for? There’s little quantified evidence to back that, and some leaders in philanthropy are broadly skeptical.

For its part, the Massachusetts Institute of Technology is trying a different approach to innovation challenges with Solve, taking some of what’s worked in these challenges and fusing it with elements of tech accelerator programs, including post-award training that focuses on results.

Solve is entering an already crowded field of innovation challenges. Many of these prizes overlap, with each vying to be the “Nobel” of its field. More prizes means more noise—which has led to a race to offer more money to get attention.

But even private-sector riches do not guarantee that prize money for innovation gets good results. In 2004, Bigelow Enterprises sponsored a $50 million Space Prize but it failed to capture the imagination of space researchers and eventually folded. Back in 2009, Netflix invited outside teams to improve it movie recommendation algorithm by 10% for a $1 million reward. The Netflix Prize led to a race among programmers, only for Netflix to eventually kill the entire plan because it was getting better results in-house.

Overall, the social innovation competitions tend to reward presentation, glitz and charisma, and penalize speaking English as a second language, introversion and inability to make flashy slides.

Solve, which held its third annual finalists event on Sunday September 23 in New York, is setting its own course.

Unlike other contests where questions are internally decided, Solve crowdsources the questions to begin with. Its team takes months to run hackathons and workshops around the world to decide on the four most pressing questions to become the focus of that year’s challenge. This year, the questions focused on teachers and educators, workforce of the future, frontlines of health and coastal communities.

The competition is then opened up to participants from around the world with relatively low barriers to entry, resulting in 1,150 submissions from 110 countries in the last competition round. (That’s at least one submission from nearly 60 percent of all countries in the world!)

The prize recipients of the GM Prize for Advanced Technology. Photo: Adam Schultz | MIT Solve

To qualify, though, participants need to have more than just an idea. They must have a prototype that works, be either in the growth, pilot or scale stage, and be tech-driven. Submissions are then evaluated by judges from across industry, intergovernmental organizations and academia to get to 15 finalists for each of the four challenge questions. These 60 finalists get a full day with judges to be asked in-depth questions and have their ideas evaluated.

The day after, with all the preparations completed, the finalists get three minutes apiece to present on stage. Crucially, instead of one winner, eight finalists are chosen for each of the challenge questions.

Each finalist receives an initial $10,000 prize, plus a pool of hundreds of thousands of dollars provided by partners including General Motors, the Patrick J. McGovern Foundation, Consensys, and RISE.

This year, for example, Ugandan health care startup Neopenda brought in an additional $30,000 in funding through Solve, from a UN program sponsored by Citi. An intelligent messaging app called TalkingPoints, meanwhile, received backing from General Motors and Save the Children to develop its personalized coaching technology for parents and educators. (You can see more details on this year’s winners and prizes here.)

As opposed to being a “one and done competition” where winning the prize money marks the end of the competition, managing director of community Hala Hanna tells me that the real work begins once the Solver teams are selected. Each qualifying Solver team gets 12 months of engagement and support from the organization. “Our value-add is providing a network, from MIT and beyond, and then brokering partnerships,” she explains.

Perhaps the biggest testament to the Solve method getting traction is its funders putting in even more cash in support. At the closing event on Sunday, an upbeat Matthew Minor, Solve’s director for international programs, took to the stage decked out in Solve-branded socks and a broad smile. He announced the winning finalists—and more funding opportunities. Two of Solve’s original backers, the Atlassian Foundation and the Australian government, are continuing to invest out of a standing $2.6 million budget for companies in the workforce track. RISE, a global impact investing fund, is putting an additional $1 million into companies focused on coastal communities.

The Australians have already put in funding to help past winners scale after the program. One of them is Ruangguru, a digital boot camp in Indonesia that gives youth dropouts resources they need to earn graduation certificates. The startup had reached nearly a million Indonesians prior to participating in Solve; through the program and the additional funding, it assisted more than 3 million Indonesian youth by the end of last year. Iman Usman, one of Ruangguru’s founders, tells me that Solve enabled them to enter into partnerships that helped them scale across Indonesia in a way they would have never been able to do on their own.

Solve has also been unequivocally good at ensuring diversity, both in its own staffing and—perhaps for related reasons—in those that are chosen as finalists. Of Solve’s 20 full-time staff, 14 are women, as are six out of the seven leadership team members and—by my count—at least seven nationalities from four continents are represented on staff.

The 33 Solver teams selected at the finals this year hail from 28 different countries, with 61 percent of them being women-led. At a time when the tech industry is struggling to increase diversity, Solve’s emphasis on diversity in challenge design and promotion has led to applicants and finalists that reflect the world Solve aims to help.

Hanna noted that increasing diversity is not as difficult as it’s made out to be. “Honestly, we’re not even trying that hard,” she explained. “So whoever says there are no women in tech, I say, crazy talk.”

The view from the Apella at Solve Challenge Finals on Sept. 23. Photo: Adam Schulz | MIT Solve

Still, Solve does have a few kinks to work out. By taking on extremely broad topics, the competition can sometimes lack focus. Lofty questions mean you can get very disparate answers, making it hard to compare them in a way that feels fair.

And while it’s great that the award monies are not all given to a single winner, it is not quite clear how funders pick the teams that do get funding. 15 qualifying finalists this year ended up winning money awards, some winning more than one, while the remaining 18 qualifying teams went home with the minimum amount. This is because Solve funders get to pick which of the teams that qualify at the finals get their respective monetary prizes. Of course, all 33 qualifying teams equally get to be a part of the Solve class with all the support and training that includes.

Another kink is the audience choice award—selected through open online voting prior to the finals—but not tied to any clear concrete benefit. Take the example of Science for Sharing (Sci4S), a Mexico-based startup that trains teachers to better engage students in STEM and has already reached nearly a million children across Latin America. It garnered 419 community votes in the Education Challenge, more votes than any other participant in the category, and handedly won the audience choice award. Ultimately, Sci4S was not selected as a Solver team. Another education startup, Kenya-based Moringa School, only got two votes but was selected. While Moringa and others were compelling and qualified in their own right,  it’s still hard not to think that Sci4S should have focused all of its time on its presentation and ignored the audience vote.

All in all, Solve does get a number of things right where other innovation challenges have failed. Instead of anointing one winner for the entire competition, it selects a class of dozens—reflecting the simple fact that the world’s most intractable problems are not going to be solved by any singular idea. Unlike many challenges put on by educational institutions and open only to their own students, Solve opens its doors wide. And winning at the finals doesn’t end your connection with MIT, it only starts it, with all qualifying finalists getting a year of individualized support, training and mentorship.

Done right, prizes can be effective at incentivizing startups to focus on pressing societal issues that can truly benefit from tech-driven solutions. But prizes for the sake of prizes can add to the noise and dissipate scarce public resources and entrepreneur attention. In the increasingly crowded world of innovation challenges promising to change the world, MIT’s Solve is a step away from the noise and towards effective prize granting.


Source: Tech Crunch

The 2019 BMW i3 now has 153 miles of range thanks to a bigger battery

The BMW i3 is getting an upgraded battery — plus a bunch of other improvements —that will give the 2019 model about 153 miles of range. That’s roughly a 30% improvement from the previous model.

The boost in range is noteworthy, yet it still lags behind the Chevy Bolt and the Tesla Model S, Model X and Model 3 vehicles. And it’s only a smidge better than the much cheaper Nissan Leaf.

The upshot: it’s a steady improvement that expresses some continued investment and interest in the i3 brand. But will it be enough to keep this city car in the EV mix?

When the BMW i3 first went into production in 2013 it had a 22.6-kilowatt hour battery pack containing 60 ampere hours (Ah) batteries. That first i3 had range of 81 miles, according to EPA estimates. The company’s second-generation battery, introduced in 2016, grew to 33 kwh of gross energy (94 amp hours) and had a range of about 115 miles under the EPA cycle.

2019 BMW i3-new

Now the 2019 model, which will comes with 120 Ah batteries in a 42.2-kWh-battery pack, will be able to travel about 153 miles on a single charge, BMW said.

The upgraded battery will be available in both the i3 and the i3s. Pricing was not announced. Previous i3 model year is priced at about $45,000 for the base model.

Power hasn’t changed in the new 2019 models, which will go into production this November. The standard i3 comes with a 170-horsepower electric motor that will take it from zero to 60 miles per hour in 7.2 seconds. The sportier i3s will have a 181-horsepower motor that can go from zero to 60 in 6.8 seconds.

 

2019 BMW i3

The automaker is giving the i3 a few other improvements as well, including a new exterior color called Jucaro Beige metallic and adaptive LED headlights with automatic high beams. The exterior paint finishes Mineral Grey metallic, Imperial Blue metallic, Melbourne Red metallic, Capparis White and Fluid Black are still available.

Wireless charging and a Wi-Fi hotspot that can accommodate up to 10 devices will also be available for the BMW i3 and BMW i3s, the company said.

Customers will also new options for the sports package, which will include black wheel arch surrounds and a suspension with specific dampers, springs and stabilizers, lowered suspension, a widened track and 20-inch light alloy wheels.


Source: Tech Crunch

Autonomous shuttle startup May Mobility expands to a third U.S. city

May Mobility launched its first low-speed autonomous shuttle service in Detroit this summer. By March, the Ann Arbor, Michigan-based company will be operating in at least three U.S. cities.

The company, which just announced plans to expand to Columbus, Ohio, is planning to add another route in Grand Rapids, Michigan. It’s a rapid acceleration for a company that was founded less than two years ago.

May Mobility is different from other companies racing to deploy autonomous vehicles at a commercial scale. The startup, which was founded by veterans in the self-driving and automotive industry, has developed low-speed autonomous shuttles that are designed to run along a specific route in business districts or corporate and college campuses.

The company said it will bring four of its six-seat electric shuttles to Grand Rapids. The one-year pilot will begin March 2019.

This latest shuttle launch is part of a broader effort called the Grand Rapids Autonomous Mobility Initiative, a coalition of companies that includes Consumers Energy, French automotive supplier Faurecia, Gentex, Rockford Construction, Seamless and furniture maker Steelcase .

The aim of the program is to study how mobility impacts city infrastructure and prepare the community for autonomous vehicles. The program will also focus on how these autonomous vehicles improve or affect the mobility of elderly and disabled people.

The fleet will operate on a 3.2-mile section of an existing bus route that provides access to downtown and two of the city’s business districts. The route includes 22 stops, 30 traffic lights and 12 turns, including three left turns, according to the initiative.

Shuttles, which will be free for riders, will run complementary to the city’s existing DASH transportation fleet.

Fleet operations for the May Mobility vehicles will be housed at Rockford Construction’s
West Side offices within Circuit West, an area that boasts an innovative electric generation and distribution system.

May Mobility raised $11.5 million in seed funding in 2018 from BMW iVentures, Toyota AI and others. Trucks, Maven Venture and Tandem Ventures are also investors in the company.


Source: Tech Crunch

Bots replacing office workers drive big valuations

A lot of people still get paid to sit in offices and do repetitive tasks. In recent years, however, employers have been pushing harder to find ways to outsource that work to machines.

Venture and growth investors are doing a lot to speed up the rise of these worker-bots. So far this year, they’ve poured hundreds of millions into developers of robotic process automation technology, the term to describe software used for performing a series of tasks previously carried out by humans.

Process automation funding activity spiked last week with a $225 million Series C round for one of the category leaders, New York-based UiPath. Sequoia Capital and Alphabet’s CapitalG led the financing, which brings total capital raised by the 13-year-old company to more than $400 million, with a most recent valuation of $3 billion.

A Crunchbase News analysis of funding for startups and growth companies involved in robotic process automation indicates this has been a busy year overall for the space, with more than $600 million in aggregate investment across at least seven sizable deals.

Below, we spotlight some of the largest 2018 rounds in the space:1

UiPath, for its part, has a grand vision and an impressive growth rate. Its broad goal, laid out to incoming employees, involves “liberating the human workforce from tedious, repetitive tasks.”

And employers are willing to pay handsomely to liberate their employees. UiPath said that in one 21-month period, it went from $1 million to $100 million in annual recurring revenue, an absolutely astounding growth rate for an enterprise software company.

The other big unicorn in the process automation space, Automation Anywhere, is also in rapid expansion mode. The company said customers have been using its tools across a broad range of industries for tasks including integrating data in electronic medical records, streamlining mortgage applications and completing complex purchase orders.

One might ask: What are employees to do all day now that the bots have freed them of their tiresome tasks? The general refrain from UiPath and others in the process automation space is that their software doesn’t eliminate jobs so much as it gives workers time to focus on higher-value projects.

That may be broadly true, but there is a significant body of employment trend forecasting that predicts widespread job losses stemming from this kind of automation. It could take the form of layoffs, or it might not. Companies may indeed transition bot-displaced existing employees to other, higher-value roles. Even if they do that, however, process automation could enable reduced hiring for future jobs.

That said, there’s plenty of funding and hiring happening at the handful of high-growth companies that could determine whether the rest of us have a job in our futures.

  1. Providing comprehensive funding numbers for robotic process automation proved challenging because many startups list automation as part of a broader suite of offerings, rather than a core focus area. 


Source: Tech Crunch

Facebook is weaponizing security to erode privacy

At a Senate hearing this week in which US lawmakers quizzed tech giants on how they should go about drawing up comprehensive Federal consumer privacy protection legislation, Apple’s VP of software technology described privacy as a “core value” for the company.

“We want your device to know everything about you but we don’t think we should,” Bud Tribble told them in his opening remarks.

Facebook was not at the commerce committee hearing which, as well as Apple, included reps from Amazon, AT&T, Charter Communications, Google and Twitter.

But the company could hardly have made such a claim had it been in the room, given that its business is based on trying to know everything about you in order to dart you with ads.

You could say Facebook has ‘hostility to privacy‘ as a core value.

Earlier this year one US senator wondered of Mark Zuckerberg how Facebook could run its service given it doesn’t charge users for access. “Senator we run ads,” was the almost startled response, as if the Facebook founder couldn’t believe his luck at the not-even-surface-level political probing his platform was getting.

But there have been tougher moments of scrutiny for Zuckerberg and his company in 2018, as public awareness about how people’s data is being ceaselessly sucked out of platforms and passed around in the background, as fuel for a certain slice of the digital economy, has grown and grown — fuelled by a steady parade of data breaches and privacy scandals which provide a glimpse behind the curtain.

On the data scandal front Facebook has reigned supreme, whether it’s as an ‘oops we just didn’t think of that’ spreader of socially divisive ads paid for by Kremlin agents (sometimes with roubles!); or as a carefree host for third party apps to party at its users’ expense by silently hovering up info on their friends, in the multi-millions.

Facebook’s response to the Cambridge Analytica debacle was to loudly claim it was ‘locking the platform down‘. And try to paint everyone else as the rogue data sucker — to avoid the obvious and awkward fact that its own business functions in much the same way.

All this scandalabra has kept Facebook execs very busy with year, with policy staffers and execs being grilled by lawmakers on an increasing number of fronts and issues — from election interference and data misuse, to ad transparencyhate speech and abuse, and also directly, and at times closely, on consumer privacy and control

Facebook shielded its founder from one sought for grilling on data misuse, as UK MPs investigated online disinformation vs democracy, as well as examining wider issues around consumer control and privacy. (They’ve since recommended a social media levy to safeguard society from platform power.) 

The DCMS committee wanted Zuckerberg to testify to unpick how Facebook’s platform contributes to the spread of disinformation online. The company sent various reps to face questions (including its CTO) — but never the founder (not even via video link). And committee chair Damian Collins was withering and public in his criticism of Facebook sidestepping close questioning — saying the company had displayed a “pattern” of uncooperative behaviour, and “an unwillingness to engage, and a desire to hold onto information and not disclose it.”

As a result, Zuckerberg’s tally of public appearances before lawmakers this year stands at just two domestic hearings, in the US Senate and Congress, and one at a meeting of the EU parliament’s conference of presidents (which switched from a behind closed doors format to being streamed online after a revolt by parliamentarians) — and where he was heckled by MEPs for avoiding their questions.

But three sessions in a handful of months is still a lot more political grillings than Zuckerberg has ever faced before.

He’s going to need to get used to awkward questions now that lawmakers have woken up to the power and risk of his platform.

Security, weaponized 

What has become increasingly clear from the growing sound and fury over privacy and Facebook (and Facebook and privacy), is that a key plank of the company’s strategy to fight against the rise of consumer privacy as a mainstream concern is misdirection and cynical exploitation of valid security concerns.

Simply put, Facebook is weaponizing security to shield its erosion of privacy.

Privacy legislation is perhaps the only thing that could pose an existential threat to a business that’s entirely powered by watching and recording what people do at vast scale. And relying on that scale (and its own dark pattern design) to manipulate consent flows to acquire the private data it needs to profit.

Only robust privacy laws could bring Facebook’s self-serving house of cards tumbling down. User growth on its main service isn’t what it was but the company has shown itself very adept at picking up (and picking off) potential competitors — applying its surveillance practices to crushing competition too.

In Europe lawmakers have already tightened privacy oversight on digital businesses and massively beefed up penalties for data misuse. Under the region’s new GDPR framework compliance violations can attract fines as high as 4% of a company’s global annual turnover.

Which would mean billions of dollars in Facebook’s case — vs the pinprick penalties it has been dealing with for data abuse up to now.

Though fines aren’t the real point; if Facebook is forced to change its processes, so how it harvests and mines people’s data, that could knock a major, major hole right through its profit-center.

Hence the existential nature of the threat.

The GDPR came into force in May and multiple investigations are already underway. This summer the EU’s data protection supervisor, Giovanni Buttarelli, told the Washington Post to expect the first results by the end of the year.

Which means 2018 could result in some very well known tech giants being hit with major fines. And — more interestingly — being forced to change how they approach privacy.

One target for GDPR complainants is so-called ‘forced consent‘ — where consumers are told by platforms leveraging powerful network effects that they must accept giving up their privacy as the ‘take it or leave it’ price of accessing the service. Which doesn’t exactly smell like the ‘free choice’ EU law actually requires.

It’s not just Europe, either. Regulators across the globe are paying greater attention than ever to the use and abuse of people’s data. And also, therefore, to Facebook’s business — which profits, so very handsomely, by exploiting privacy to build profiles on literally billions of people in order to dart them with ads.

US lawmakers are now directly asking tech firms whether they should implement GDPR style legislation at home.

Unsurprisingly, tech giants are not at all keen — arguing, as they did at this week’s hearing, for the need to “balance” individual privacy rights against “freedom to innovate”.

So a lobbying joint-front to try to water down any US privacy clampdown is in full effect. (Though also asked this week whether they would leave Europe or California as a result of tougher-than-they’d-like privacy laws none of the tech giants said they would.)

The state of California passed its own robust privacy law, the California Consumer Privacy Act, this summer, which is due to come into force in 2020. And the tech industry is not a fan. So its engagement with federal lawmakers now is a clear attempt to secure a weaker federal framework to ride over any more stringent state laws.

Europe and its GDPR obviously can’t be rolled over like that, though. Even as tech giants like Facebook have certainly been seeing how much they can get away with — to force a expensive and time-consuming legal fight.

While ‘innovation’ is one oft-trotted angle tech firms use to argue against consumer privacy protections, Facebook included, the company has another tactic too: Deploying the ‘S’ word — security — both to fend off increasingly tricky questions from lawmakers, as they finally get up to speed and start to grapple with what it’s actually doing; and — more broadly — to keep its people-mining, ad-targeting business steamrollering on by greasing the pipe that keeps the personal data flowing in.

In recent years multiple major data misuse scandals have undoubtedly raised consumer awareness about privacy, and put greater emphasis on the value of robustly securing personal data. Scandals that even seem to have begun to impact how some Facebook users Facebook. So the risks for its business are clear.

Part of its strategic response, then, looks like an attempt to collapse the distinction between security and privacy — by using security concerns to shield privacy hostile practices from critical scrutiny, specifically by chain-linking its data-harvesting activities to some vaguely invoked “security purposes”, whether that’s security for all Facebook users against malicious non-users trying to hack them; or, wider still, for every engaged citizen who wants democracy to be protected from fake accounts spreading malicious propaganda.

So the game Facebook is here playing is to use security as a very broad-brush to try to defang legislation that could radically shrink its access to people’s data.

Here, for example, is Zuckerberg responding to a question from an MEP in the EU parliament asking for answers on so-called ‘shadow profiles’ (aka the personal data the company collects on non-users) — emphasis mine:

It’s very important that we don’t have people who aren’t Facebook users that are coming to our service and trying to scrape the public data that’s available. And one of the ways that we do that is people use our service and even if they’re not signed in we need to understand how they’re using the service to prevent bad activity.

At this point in the meeting Zuckerberg also suggestively referenced MEPs’ concerns about election interference — to better play on a security fear that’s inexorably close to their hearts. (With the spectre of re-election looming next spring.) So he’s making good use of his psychology major.

“On the security side we think it’s important to keep it to protect people in our community,” he also said when pressed by MEPs to answer how a person who isn’t a Facebook user could delete its shadow profile of them.

He was also questioned about shadow profiles by the House Energy and Commerce Committee in April. And used the same security justification for harvesting data on people who aren’t Facebook users.

“Congressman, in general we collect data on people who have not signed up for Facebook for security purposes to prevent the kind of scraping you were just referring to [reverse searches based on public info like phone numbers],” he said. “In order to prevent people from scraping public information… we need to know when someone is repeatedly trying to access our services.”

He claimed not to know “off the top of my head” how many data points Facebook holds on non-users (nor even on users, which the congressman had also asked for, for comparative purposes).

These sorts of exchanges are very telling because for years Facebook has relied upon people not knowing or really understanding how its platform works to keep what are clearly ethically questionable practices from closer scrutiny.

But, as political attention has dialled up around privacy, and its become harder for the company to simply deny or fog what it’s actually doing, Facebook appears to be evolving its defence strategy — by defiantly arguing it simply must profile everyone, including non-users, for user security.

No matter this is the same company which, despite maintaining all those shadow profiles on its servers, famously failed to spot Kremlin election interference going on at massive scale in its own back yard — and thus failed to protect its users from malicious propaganda.

TechCrunch/Bryce Durbin

Nor was Facebook capable of preventing its platform from being repurposed as a conduit for accelerating ethnic hate in a country such as Myanmar — with some truly tragic consequences. Yet it must, presumably, hold shadow profiles on non-users there too. Yet was seemingly unable (or unwilling) to use that intelligence to help protect actual lives…

So when Zuckerberg invokes overarching “security purposes” as a justification for violating people’s privacy en masse it pays to ask critical questions about what kind of security it’s actually purporting to be able deliver. Beyond, y’know, continued security for its own business model as it comes under increasing attack.

What Facebook indisputably does do with ‘shadow contact information’, acquired about people via other means than the person themselves handing it over, is to use it to target people with ads. So it uses intelligence harvested without consent to make money.

Facebook confirmed as much this week, when Gizmodo asked it to respond to a study by some US academics that showed how a piece of personal data that had never been knowingly provided to Facebook by its owner could still be used to target an ad at that person.

Responding to the study, Facebook admitted it was “likely” the academic had been shown the ad “because someone else uploaded his contact information via contact importer”.

“People own their address books. We understand that in some cases this may mean that another person may not be able to control the contact information someone else uploads about them,” it told Gizmodo.

So essentially Facebook has finally admitted that consentless scraped contact information is a core part of its ad targeting apparatus.

Safe to say, that’s not going to play at all well in Europe.

Basically Facebook is saying you own and control your personal data until it can acquire it from someone else — and then, er, nope!

Yet given the reach of its network, the chances of your data not sitting on its servers somewhere seems very, very slim. So Facebook is essentially invading the privacy of pretty much everyone in the world who has ever used a mobile phone. (Something like two-thirds of the global population then.)

In other contexts this would be called spying — or, well, ‘mass surveillance’.

It’s also how Facebook makes money.

And yet when called in front of lawmakers to asking about the ethics of spying on the majority of the people on the planet, the company seeks to justify this supermassive privacy intrusion by suggesting that gathering data about every phone user without their consent is necessary for some fuzzily-defined “security purposes” — even as its own record on security really isn’t looking so shiny these days.

WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

It’s as if Facebook is trying to lift a page out of national intelligence agency playbooks — when governments claim ‘mass surveillance’ of populations is necessary for security purposes like counterterrorism.

Except Facebook is a commercial company, not the NSA.

So it’s only fighting to keep being able to carpet-bomb the planet with ads.

Profiting from shadow profiles

Another example of Facebook weaponizing security to erode privacy was also confirmed via Gizmodo’s reportage. The same academics found the company uses phone numbers provided to it by users for the specific (security) purpose of enabling two-factor authentication, which is a technique intended to make it harder for a hacker to take over an account, to also target them with ads.

In a nutshell, Facebook is exploiting its users’ valid security fears about being hacked in order to make itself more money.

Any security expert worth their salt will have spent long years encouraging web users to turn on two factor authentication for as many of their accounts as possible in order to reduce the risk of being hacked. So Facebook exploiting that security vector to boost its profits is truly awful. Because it works against those valiant infosec efforts — so risks eroding users’ security as well as trampling all over their privacy.

It’s just a double whammy of awful, awful behavior.

And of course, there’s more.

A third example of how Facebook seeks to play on people’s security fears to enable deeper privacy intrusion comes by way of the recent rollout of its facial recognition technology in Europe.

In this region the company had previously been forced to pull the plug on facial recognition after being leaned on by privacy conscious regulators. But after having to redesign its consent flows to come up with its version of ‘GDPR compliance’ in time for May 25, Facebook used this opportunity to revisit a rollout of the technology on Europeans — by asking users there to consent to switching it on.

Now you might think that asking for consent sounds okay on the surface. But it pays to remember that Facebook is a master of dark pattern design.

Which means it’s expert at extracting outcomes from people by applying these manipulative dark arts. (Don’t forget, it has even directly experimented in manipulating users’ emotions.)

So can it be a free consent if ‘individual choice’ is set against a powerful technology platform that’s both in charge of the consent wording, button placement and button design, and which can also data-mine the behavior of its 2BN+ users to further inform and tweak (via A/B testing) the design of the aforementioned ‘consent flow’? (Or, to put it another way, is it still ‘yes’ if the tiny greyscale ‘no’ button fades away when your cursor approaches while the big ‘YES’ button pops and blinks suggestively?)

In the case of facial recognition, Facebook used a manipulative consent flow that included a couple of self-serving ‘examples’ — selling the ‘benefits’ of the technology to users before they landed on the screen where they could choose either yes switch it on, or no leave it off.

One of which explicitly played on people’s security fears — by suggesting that without the technology enabled users were at risk of being impersonated by strangers. Whereas, by agreeing to do what Facebook wanted you to do, Facebook said it would help “protect you from a stranger using your photo to impersonate you”…

That example shows the company is not above actively jerking on the chain of people’s security fears, as well as passively exploiting similar security worries when it jerkily repurposes 2FA digits for ad targeting.

There’s even more too; Facebook has been positioning itself to pull off what is arguably the greatest (in the ‘largest’ sense of the word) appropriation of security concerns yet to shield its behind-the-scenes trampling of user privacy — when, from next year, it will begin injecting ads into the WhatsApp messaging platform.

These will be targeted ads, because Facebook has already changed the WhatsApp T&Cs to link Facebook and WhatsApp accounts — via phone number matching and other technical means that enable it to connect distinct accounts across two otherwise entirely separate social services.

Thing is, WhatsApp got fat on its founders promise of 100% ad-free messaging. The founders were also privacy and security champions, pushing to roll e2e encryption right across the platform — even after selling their app to the adtech giant in 2014.

WhatsApp’s robust e2e encryption means Facebook literally cannot read the messages users are sending each other. But that does not mean Facebook is respecting WhatsApp users’ privacy.

On the contrary; The company has given itself broader rights to user data by changing the WhatsApp T&Cs and by matching accounts.

So, really, it’s all just one big Facebook profile now — whichever of its products you do (or don’t) use.

This means that even without literally reading your WhatsApps, Facebook can still know plenty about a WhatsApp user, thanks to any other Facebook Group profiles they have ever had and any shadow profiles it maintains in parallel. WhatsApp users will soon become 1.5BN+ bullseyes for yet more creepily intrusive Facebook ads to seek their target.

No private spaces, then, in Facebook’s empire as the company capitalizes on people’s fears to shift the debate away from personal privacy and onto the self-serving notion of ‘secured by Facebook spaces’ — in order that it can keep sucking up people’s personal data.

Yet this is a very dangerous strategy, though.

Because if Facebook can’t even deliver security for its users, thereby undermining those “security purposes” it keeps banging on about, it might find it difficult to sell the world on going naked just so Facebook Inc can keep turning a profit.

What’s the best security practice of all? That’s super simple: Not holding data in the first place.


Source: Tech Crunch

Two weeks with a $16,000 Hasselblad kit

For hobbyist photographers like myself, Hasselblad has always been the untouchable luxury brand reserved for high-end professionals.

To fill the gap between casual and intended photography, they released the X1D — a compact, mirrorless medium format. Last summer when Stefan Etienne reviewed the newly released camera, I asked to take a picture.

After importing the raw file into Lightroom and flipping through a dozen presets, I joked that I would eat Ramen packets for the next year so I could buy this camera. It was that impressive.

XCD 3.5/30mm lens

Last month Hasselblad sent us the XCD 4/21mm (their latest ultra wide-angle lens) for a two-week review, along with the X1D body and XCD 3,2/90mm portrait lens for comparison. I wanted to see what I could do with the kit and had planned the following:

  • Swipe right on everyone with an unflattering Tinder profile picture and offer to retake it for them
  • Travel somewhere with spectacular landscapes

My schedule didn’t offer much time for either, so a weekend trip to the cabin would have to suffice.

As an everyday camera

The weekend upstate was rather quiet and uneventful, but it served to be the perfect setting to test out the camera kit because the X1D is slow A. F.

It takes approximately 8 seconds to turn on, with an additional 2-3 seconds of processing time after each shutter click — top that off with a slow autofocus, slow shutter release and short battery life (I went through a battery within a day, approximately 90 shots fired). Rather than reiterating Stefan’s review, I would recommend reading it here for full specifications.

Coming from a Canon 5D Mark IV, I’m used to immediacy and a decent hit rate. The first day with the Hasselblad was filled with constant frustration from missed moments, missed opportunities. It felt impractical as an everyday camera until I shifted toward a more deliberate approach — reverting back to high school SLR days when a roll of film held a limited 24 exposures.

When I took pause, I began to appreciate the camera’s details: a quiet shutter, a compact but sturdy body and an intuitive interface, including a touchscreen LCD display/viewfinder.

Nothing looks or feels cheap about the Sweden-designed, aluminum construction of both the body and lenses. It’s heavy for a mirrorless camera, but it feels damn good to hold.

XCD 4/21mm lens

Dramatic landscapes and cityscapes without an overly exaggerated perspective — this is where the XCD 4/21mm outperforms other super wide-angle lenses.

With a 105° angle of view and 17mm field of view equivalent on a full-framed DSLR, I was expecting a lot more distortion and vignetting, but the image automatically corrected itself and flattened out when imported into Lightroom. The latest deployment of Creative Cloud has the Hasselblad (camera and lens) profile integrated into Lightroom, so there’s no need for downloading and importing profiles. 

Oily NYC real estate brokers should really consider using this lens to shoot their dinky 250 sq. ft. studio apartments to feel grand without looking comically fish-eyed.

XCD 3,2/90mm lens

The gallery below was shot using only the mirror’s vanity lights as practicals. It was also shot underexposed to see how much detail I could pull in post. Here are the downsized, unedited versions, so you don’t have to wait for each 110mb file to load.

I’d like to think that if I had time and was feeling philanthropic, I could fix a lot of love lives on Tinder with this lens.

Where it shines

Normally, images posted in reviews are unedited, but I believe the true test of raw images lies in post-production. This is where the X1D’s slow processing time and quick battery drainage pays off. With the camera’s giant 50 MP 44 x 33mm CMOS sensor, each raw file was approximately 110mb (compared to my Mark IV’s 20-30mb) — that’s a substantial amount of information packed into 8272 x 6200 pixels.

Resized to 2000 x 1500 pixels and cropped to 2000 x 1500 pixels

While other camera manufacturers tend to favor certain colors and skin tones, Dan Wang, a Hasselblad rep, told me, “We believe in seeing a very natural or even palette with very little influence. We’re not here to gatekeep what color should be. We’re here to give you as much data as possible, providing as much raw detail, raw color information that allows you to interpret it to your extent.”

As someone who enjoys countless hours tweaking colors, shifting pixels and making things pretty, I’m appreciative of this. It allows for less fixing, more creative freedom.

Who is this camera for?

My friend Peter, a fashion photographer (he’s done editorial features for Harper’s Bazaar, Cosmopolitan and the likes), is the only person I know who shoots on Hasselblad, so it felt appropriate to ask his opinion. “It’s for pretentious rich assholes with money to burn,” he snarked. I disagree. The X1D is a solid step for Hasselblad to get off heavy-duty tripods and out of the studio.

At this price point though, one might expect the camera to do everything, but it’s aimed at a narrow demographic: a photographer who is willing to overlook speediness for quality and compactibility.

With smartphone companies like Apple and Samsung stepping up their camera game over the past few years, the photography world feels inundated with inconsequential, throw-away images (self-indulgent selfies, “look what I had for lunch,” OOTD…).

My two weeks with the Hasselblad was a kind reminder of photography as a methodical art form, rather than a spray and pray hobby.

Reviewed kit runs $15,940, pre-taxed:


Source: Tech Crunch