Facebook was warned about app permissions in 2011

Who’s to blame for the leaking of 50 million Facebook users’ data? Facebook founder and CEO Mark Zuckerberg broke several days of silence in the face of a raging privacy storm to go on CNN this week to say he was sorry. He also admitted the company had made mistakes; said it had breached the trust of users; and said he regretted not telling Facebookers at the time their information had been misappropriated.

Meanwhile, shares in the company have been taking a battering. And Facebook is now facing multiple shareholder and user lawsuits.

Pressed on why he didn’t inform users, in 2015, when Facebook says it found out about this policy breach, Zuckerberg avoided a direct answer — instead fixing on what the company did (asked Cambridge Analytica and the developer whose app was used to suck out data to delete the data) — rather than explaining the thinking behind the thing it did not do (tell affected Facebook users their personal information had been misappropriated).

Essentially Facebook’s line is that it believed the data had been deleted — and presumably, therefore, it calculated (wrongly) that it didn’t need to inform users because it had made the leak problem go away via its own backchannels.

Except of course it hadn’t. Because people who want to do nefarious things with data rarely play exactly by your rules just because you ask them to.

There’s an interesting parallel here with Uber’s response to a 2016 data breach of its systems. In that case, instead of informing the ~57M affected users and drivers that their personal data had been compromised, Uber’s senior management also decided to try and make the problem go away — by asking (and in their case paying) hackers to delete the data.

Aka the trigger response for both tech companies to massive data protection fuck-ups was: Cover up; don’t disclose.

Facebook denies the Cambridge Analytica instance is a data breach — because, well, its systems were so laxly designed as to actively encourage vast amounts of data to be sucked out, via API, without the check and balance of those third parties having to gain individual level consent.

So in that sense Facebook is entirely right; technically what Cambridge Analytica did wasn’t a breach at all. It was a feature, not a bug.

Clearly that’s also the opposite of reassuring.

Yet Facebook and Uber are companies whose businesses rely entirely on users trusting them to safeguard personal data. The disconnect here is gapingly obvious.

What’s also crystal clear is that rules and systems designed to protect and control personal data, combined with active enforcement of those rules and robust security to safeguard systems, are absolutely essential to prevent people’s information being misused at scale in today’s hyperconnected era.

But before you say hindsight is 20/20 vision, the history of this epic Facebook privacy fail is even longer than the under-disclosed events of 2015 suggest — i.e. when Facebook claims it found out about the breach as a result of investigations by journalists.

What the company very clearly turned a blind eye to is the risk posed by its own system of loose app permissions that in turn enabled developers to suck out vast amounts of data without having to worry about pesky user consent. And, ultimately, for Cambridge Analytica to get its hands on the profiles of ~50M US Facebookers for dark ad political targeting purposes.

European privacy campaigner and lawyer Max Schrems — a long time critic of Facebook — was actually raising concerns about the Facebook’s lax attitude to data protection and app permissions as long ago as 2011.

Indeed, in August 2011 Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that’s where Facebook’s European HQ is based).

“[T]his means that not the data subject but “friends” of the data subject are consenting to the use of personal data,” wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook’s friends’ data API. “Since an average facebook user has 130 friends, it is very likely that only one of the user’s friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users’ friends personal data (e.g. games, quizzes, apps that only post things on the user’s page) but Facebook Ireland does not offer a more limited level of access than “all the basic information of all friends”.

“The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific,” he added.

As a result of Schrems’ complaint, the Irish DPC audited and re-audited Facebook’s systems in 2011 and 2012. The result of those data audits included a recommendation that Facebook tighten app permissions on its platform, according to a spokesman for the Irish DPC, who we spoke to this week.

The spokesman said the DPC’s recommendation formed the basis of the major platform change Facebook announced in 2014 — aka shutting down the Friends data API — albeit too late to prevent Cambridge Analytica from being able to harvest millions of profiles’ worth of personal data via a survey app because Facebook only made the change gradually, finally closing the door in May 2015.

“Following the re-audit… one of the recommendations we made was in the area of the ability to use friends data through social media,” the DPC spokesman told us. “And that recommendation that we made in 2012, that was implemented by Facebook in 2014 as part of a wider platform change that they made. It’s that change that they made that means that the Cambridge Analytica thing cannot happen today.

“They made the platform change in 2014, their change was for anybody new coming onto the platform from 1st May 2014 they couldn’t do this. They gave a 12 month period for existing users to migrate across to their new platform… and it was in that period that… Cambridge Analytica’s use of the information for their data emerged.

“But from 2015 — for absolutely everybody — this issue with CA cannot happen now. And that was following our recommendation that we made in 2012.”

Given his 2011 complaint about Facebook’s expansive and abusive historical app permissions, Schrems has this week raised an eyebrow and expressed surprise at Zuckerberg’s claim to be “outraged” by the Cambridge Analytica revelations — now snowballing into a massive privacy scandal.

In a statement reflecting on developments he writes: “Facebook has millions of times illegally distributed data of its users to various dodgy apps — without the consent of those affected. In 2011 we sent a legal complaint to the Irish Data Protection Commissioner on this. Facebook argued that this data transfer is perfectly legal and no changes were made. Now after the outrage surrounding Cambridge Analytica the Internet giant suddenly feels betrayed seven years later. Our records show: Facebook knew about this betrayal for years and previously argues that these practices are perfectly legal.”

So why did it take Facebook from September 2012 — when the DPC made its recommendations — until May 2014 and May 2015 to implement the changes and tighten app permissions?

The regulator’s spokesman told us it was “engaging” with Facebook over that period of time “to ensure that the change was made”. But he also said Facebook spent some time pushing back — questioning why changes to app permissions were necessary and dragging its feet on shuttering the friends’ data API.

“I think the reality is Facebook had questions as to whether they felt there was a need for them to make the changes that we were recommending,” said the spokesman. “And that was, I suppose, the level of engagement that we had with them. Because we were relatively strong that we felt yes we made the recommendation because we felt the change needed to be made. And that was the nature of the discussion. And as I say ultimately, ultimately the reality is that the change has been made. And it’s been made to an extent that such an issue couldn’t occur today.”

“That is a matter for Facebook themselves to answer as to why they took that period of time,” he added.

Of course we asked Facebook why it pushed back against the DPC’s recommendation in September 2012 — and whether it regrets not acting more swiftly to implement the changes to its APIs, given the crisis its business is now faced having breached user trust by failing to safeguard people’s data.

We also asked why Facebook users should trust Zuckerberg’s claim, also made in the CNN interview, that it’s now ‘open to being regulated’ — when its historical playbook is packed with examples of the polar opposite behavior, including ongoing attempts to circumvent existing EU privacy rules.

A Facebook spokeswoman acknowledged receipt of our questions this week — but the company has not responded to any of them.

The Irish DPC chief, Helen Dixon, also went on CNN this week to give her response to the Facebook-Cambridge Analytica data misuse crisis — calling for assurances from Facebook that it will properly police its own data protection policies in future.

“Even where Facebook have terms and policies in place for app developers, it doesn’t necessarily give us the assurance that those app developers are abiding by the policies Facebook have set, and that Facebook is active in terms of overseeing that there’s no leakage of personal data. And that conditions, such as the prohibition on selling on data to further third parties is being adhered to by app developers,” said Dixon.

“So I suppose what we want to see change and what we want to oversee with Facebook now and what we’re demanding answers from Facebook in relation to, is first of all what pre-clearance and what pre-authorization do they do before permitting app developers onto their platform. And secondly, once those app developers are operative and have apps collecting personal data what kind of follow up and active oversight steps does Facebook take to give us all reassurance that the type of issue that appears to have occurred in relation to Cambridge Analytica won’t happen again.”

Firefighting the raging privacy crisis, Zuckerberg has committed to conducting a historical audit of every app that had access to “a large amount” of user data around the time that Cambridge Analytica was able to harvest so much data.

So it remains to be seen what other data misuses Facebook will unearth — and have to confess to now, long after the fact.

But any other embarrassing data leaks will sit within the same unfortunate context — which is to say that Facebook could have prevented these problems if it had listened to the very valid concerns data protection experts were raising more than six years ago.

Instead, it chose to drag its feet. And the list of awkward questions for the Facebook CEO keeps getting longer.

from Social – TechCrunch https://techcrunch.com/2018/03/24/facebook-was-warned-about-app-permissions-in-2011/
via SEO & Social Media


Cambridge Analytica raided by UK data watchdog

The UK’s data watchdog, the ICO, finally obtained a warrant to enter and search the offices of Cambridge Analytica late Friday — carrying out an evidence gathering sweep of the company into the small hours of Saturday morning.

Cambridge Analytica is at the centre of a data misuse storm that’s wiped billions off the value of Facebook since newspaper revelations late last week revealed the extent of data swiped by the UK political consultancy which intended to use the information for the Trump campaign.

In a statement on its website today, the ICO said:

The warrant to inspect the premises of Cambridge Analytica was executed at 20.00 on 23 March 2018. Our investigators left the premises at about 03.00.

We will now need to assess and consider the evidence before deciding the next steps and coming to any conclusions.

This is one part of a larger investigation by the ICO into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors.

ICO commissioner Elizabeth Denham has confirmed previously that complaints related to Cambridge Analytica’s use of Facebook data for political ad targeting form part of that larger, ongoing investigation.

It opened its formal investigation into the use of data analytics for political purposes in May 2017.

This week, after saying it had failed to obtain information it had requested from CA, the regulator applied for a warrant to enter and search CA’s offices — in the wake of reports by the New York Times and Observer of London based on interviews with former CA employee, Chris Wylie.

According to Wylie, CA used a survey app created by a Cambridge University academic to suck up data on 50M Facebook users. The intent was to use the information for political targeting purposes for the benefit of the Trump campaign.

Earlier this month Denham told a UK parliamentary committee that’s also running an investigation into fake news that she hoped to publish her review of digital political ad targeting this May. Although that was before the ICO decided it needed to apply for a warrant to raid CA’s offices.

The regulator has now said it will need time to sift through the evidence it gathered overnight — so it remains to be seen whether its wider review of political ad targeting will be delayed as a result.


In an online statement published yesterday, the acting CEO of CA, Alexander Taylor, apologized for Facebook “data and derivatives” having been obtained without consent “from most respondents”.

But he also claimed the company believed it was acting within Facebook’s policies and UK data protection law when it licensed the data from professor Aleksandr Kogan whose survey app was the Trojan horse used to gather 270,000 Facebook users’ data and their friends’ data — resulting in some 50M profiles being harvested in all.

“[CA] believed that the data had been obtained in line with Facebook’s terms of service and data protection laws,” writes Taylor.

He also claims that in October 2015 CA deleted the data from its file server after Facebook asked it to. But he seems less certain whether other copies might not have existed as he says the company “began the process of searching for and removing any of its derivatives in our system”.

“When Facebook sought further assurances a year ago, we carried out an internal audit to make sure that all the data, all derivatives and backups had been deleted, and gave Facebook a certificate to this effect. Please can I be absolutely clear: we did not use any GSR data in the work we did in the 2016 US presidential election,” he further claims.

“We are now undertaking an independent third-party audit to verify that we do not hold any GSR data,” Taylor adds. “We have been in touch with the UK Information Commissioner’s Office (ICO) since February 2017, when ​we hosted its team in our London office to provide total transparency on the data we hold, how we process it, and the legal basis for us processing it. I want to make sure we remain committed to helping the ICO in their investigations.”

from Social – TechCrunch https://techcrunch.com/2018/03/24/cambridge-analytica-raided-by-uk-data-watchdog/
via SEO & Social Media

House and Senate put Zuckerberg on notice: “You are the right person to testify before Congress”

Facebook CEO Mark Zuckerberg has been rather scarce lately, despite a host of woes besetting his company — but Wednesday he emerged from his cocoon to offer a limp apology, admit they had no control over data like that used by Cambridge Analytica, and that he “will happily” testify before Congress if he’s the right person to do so.

Well, Congress has taken him at his word. “You are the right person to testify before Congress,” wrote the leaders of the House Energy and Commerce Committee in a letter detailed early this morning. His capacity as CEO and “the employee who has been the leader of Facebook through all the key strategic decisions since its launch” make him the best person to testify.

Earlier this week Senators Klobuchar (D-MN) and Kennedy (R-LA) from the Senate Judiciary Committee specifically asked for Zuckerberg as well.

Senator Kennedy had sharp words (in a CNN interview) for Facebook and other tech companies that sent along some smooth operators to talk to them back in November: “We had one hearing — they all sent their lawyers. I don’t know what they paid them but they got their money’s worth, cause their lawyers didn’t say a damn thing.”

He and others are asking that the man himself come along.


The Senate Commerce Committee also desires his presence.

At this point it would be pretty dangerous for Zuckerberg not to heed the call. Lawmakers don’t take kindly to captains of industry who send underlings instead of tackling major issues like this personally.

As the Open Markets Institute’s Matt Stolller points out in an insightful tweet storm, however, the shortcomings of Facebook’s privacy rules are only part of the story. Once Congress has Zuckerberg in the hot seat, they might consider taking on the idea that Facebook has been playing news organizations and publishers like a fiddle.

from Social – TechCrunch https://techcrunch.com/2018/03/23/house-and-senate-put-zuckerberg-on-notice-you-are-the-right-person-to-testify-before-congress/
via SEO & Social Media

How Raya’s $8/month dating app turned exclusivity into trust

The swipe is where the similarity ends. Raya is less like Tinder and more like a secret society. You need a member’s recommendations or a lot of friends inside to join, and you have to apply with an essay question. It costs a flat $7.99 for everyone, women and celebrities included. You show yourself off with a video slideshow set to music of your choice. And it’s for professional networking as well as dating, with parallel profiles for each.

Launched in March 2015, Raya has purposefully flown under the radar. No interviews. Little info about the founders. Not even a profile on Crunchbase’s startup index. In fact, in late 2016 it quietly acquired video messaging startup Chime, led by early Facebooker Jared Morgenstern, without anyone noticing. He’d become Raya’s first investor a year earlier. But Chime was fizzling out after raising $1.2 million. “I learned the not everyone who leaves Facebook, their next thing turns to gold” Morgenstern laughs. So he sold it to Raya for equity and brought four of his employees to build new experiences for the app.

Now the startup’s COO, Morgenstern has agreed to give TechCrunch the deepest look yet at Raya, where the pretty, popular, and powerful meet each other.

Temptation Via Trust

Raya COO Jared Morgenstern

“Raya is a utility for introducing you to people who can change your life. Soho House uses physical space, we’re trying to use software” says Morgenstern, referencing the global network of members-only venues.

We’re chatting in a coffee shop in San Francisco. It’s an odd place to discuss Raya, given the company has largely shunned Silicon Valley in favor of building a less nerdy community in LA, New York, London, and Paris. The exclusivity might feel discriminatory for some, even if you’re chosen based on your connections rather than your wealth or race. Though people already self-segregate based on where they go to socialize. You could argue Raya just does the same digitally

Morgenstern refuses to tell me how much Raya has raised, how it started, or anything about its co-founder Mike McGuiness who owns LA public relations company the Co-Op Agency beyond that the team is a “Humble, focused group that prefers not to be part of the story.” But he did reveal some of the core tenets that have reportedly attracted celebrities like DJs Diplo and Skrillex, actors Elijah Wood and Amy Schumer, and musicians Demi Lovato and John Mayer, plus scores of Instagram models and tattooed creative directors.

Raya’s iOS-only app isn’t a swiping game for fun and personal validation. Its interface and curated community are designed to get you from discovering someone to texting if you’re both interested to actually meeting in person as soon as possible. Like at a top-tier university or night club, there’s supposed to be an in-group sense of camaraderie that makes people more open to each other.

Then there are the rules.

“This is an intimate community with zero-tolerance for disrespect or mean-spirited behavior. Be nice to each other. Say hello like adults” says an interstitial screen that blocks use until you confirm you understand and agree every time you open the app. That means no sleazy pick-up lines or objectifying language. You’re also not allowed to screenshot, and you’ll be chastized with a numbered and filed warning if you do.

It all makes Raya feel consequential. You’re not swiping through infinite anybodies and sorting through reams of annoying messages. People act right because they don’t want to lose access. Raya recreates the feel of dating or networking in a small town, where your reputation follows you. And that sense of trust has opened a big opportunity where competitors like Tinder or LinkedIn can’t follow.

Self-Expression To First Impression

Until now, Raya showed you people in your city as well as around the world — which is a bit weird since it would be hard to ever run into each other. But to achieve its mission of getting you offline to meet people in-person, it’s now letting you see nearby people on a map when GPS says they’re at hotspots like bars, dancehalls, and cafes. The idea is that if you both swipe right, you could skip the texting and just walk up to each other.

“I’m not sure why Tinder and the other big meeting people apps aren’t doing this” says Morgenstern. But the answer seems obvious. It would be creepy on a big public dating app. Even other exclusive dating apps like The League that induct people due to their resume more than their personality might feel too unsavory for a map, since having gone to an Ivy League college doesn’t mean you’re not a jerk. Hell, it might make that more likely.

But this startup is betting that its vetted, interconnected, “cool” community will be excited to pick fellow Raya members out of the crowd to see if they have a spark or business synergy.

That brings Raya closer to the holy grail of networking apps where you can discover who you’re compatible with in the same room without risking the crash-and-burn failed come-ons. You can filter by age and gender when browsing social connections, or by “Entertainment & Culture”, “Art & Design”, and “Business & Tech” buckets for work. And through their bio and extended slideshows of photos set to their favorite song, you get a better understanding of someone than from just a few profile pics on other apps.

Users can always report people they’ve connected with if they act sketchy, though with the new map feature I was dismayed to learn they can’t yet report people they haven’t seen or rejected in the app. That could lower the consequences for finding someone you want to meet, learning a bit about them, but then approaching without prior consent. However, Morgenstern insists.”The real risk is the density challenge”.

Finding Your Tribe

Raya’s map doesn’t help much if there are no other members for 100 miles. The company doesn’t restrict the app to certain cities, or schools like Facebook originally did to beat the density problem. Instead it relies on the fact that if you’re in the middle of nowhere you probably don’t have friends on it to pull you in. Still, that makes it tough for Raya to break into new locales.

But the beauty of the business is that since all users pay $7.99 per month, it doesn’t need that many to earn plenty of money. And at less than the price of a cocktail, the subscription deters trolls without being unaffordable. Morgenstern says “The most common reason to stop your subscription: I found somebody.” That ‘success = churn’ equation drags on most dating apps. Since Raya has professional networking as well though, he says some people still continue the subscription even after they find their sweetheart.

“I’m happily in a relationship and I’m excited to use maps” Morgenstern declares. In that sense, Raya wants to expand those moments in life when you’re eager and open to meet people, like the first days of college. “At Raya we don’t think that’s something that should only happen when you’re single or when you’re twenty or when you move to a new city.”

The bottomless pits of Tinder and LinkedIn can make meeting people online feel haphazard to the point of exhaustion. We’re tribal creatures who haven’t evolved ways to deal with the decision paralysis and the anxiety caused by the paradox of choice. When there’s infinite people to choose from, we freeze up, or always wonder if the next one would have been better than the one we picked. Maybe we need Raya-like apps for all sorts of different subcultures beyond the hipsters that dominate its community, as I wrote in my 2015’s piece “Rise Of The Micro-Tinders”. But if Raya’s price and exclusivity lets people be both vulnerable and accountable, it could forge a more civil way to make a connection.

from Social – TechCrunch https://techcrunch.com/2018/03/23/raya-app/
via SEO & Social Media

Facebook knows literally everything about you

Cambridge Analytica may have used Facebook’s data to influence your political opinions. But why does least-liked tech company Facebook have all this data about its users in the first place?

Let’s put aside Instagram, WhatsApp and other Facebook products for a minute. Facebook has built the world’s biggest social network. But that’s not what they sell. You’ve probably heard the internet saying “if a product is free, it means that you are the product.”

And it’s particularly true in that case because Facebook is the world’s second biggest advertising company in the world behind Google. During the last quarter of 2017, Facebook reported $12.97 billion in revenue, including $12.78 billion from ads.

That’s 98.5 percent of Facebook’s revenue coming from ads.

Ads aren’t necessarily a bad thing. But Facebook has reached ad saturation in the newsfeed. So the company has two options — creating new products and ad formats, or optimizing those sponsored posts.

Facebook has reached ad saturation in the newsfeed

This isn’t a zero-sum game — Facebook has been doing both at the same time. That’s why you’re seeing more ads on Instagram and Messenger. And that’s also why ads on Facebook seem more relevant than ever.

If Facebook can show you relevant ads and you end up clicking more often on those ads, then advertisers will pay Facebook more money.

So Facebook has been collecting as much personal data about you as possible — it’s all about showing you the best ad. The company knows your interests, what you buy, where you go and who you’re sleeping with.

You can’t hide from Facebook

Facebook’s terms and conditions are a giant lie. They are purposely misleading, too long and too broad. So you can’t just read the company’s terms of service and understand what it knows about you.

That’s why some people have been downloading their Facebook data. You can do it too, it’s quite easy. Just head over to your Facebook settings and click the tiny link that says “Download a copy of your Facebook data.”

In that archive file, you’ll find your photos, your posts, your events, etc. But if you keep digging, you’ll also find your private messages on Messenger (by default, nothing is encrypted).

And if you keep digging a bit more, chances are you’ll also find your entire address book and even metadata about your SMS messages and phone calls.


All of this is by design and you agreed to it. Facebook has unified terms of service and share user data across all its apps and services (except WhatsApp data in Europe for now). So if you follow a clothing brand on Instagram, you could see an ad from this brand on Facebook.com.

Messaging apps are privacy traps

But Facebook has also been using this trick quite a lot with Messenger. You might not remember, but the on-boarding experience on Messenger is really aggressive.

On iOS, the app shows you a fake permission popup to access your address book that says “Ok” or “Learn More”. The company is using a fake popup because you can’t ask for permission twice.

There’s a blinking arrow below the OK button.

If you click on “Learn More”, you get a giant blue button that says “Turn On”. Everything about this screen is misleading and Messenger tries to manipulate your emotions.

“Messenger only works when you have people to talk to,” it says. Nobody wants to be lonely, that’s why Facebook implies that turning on this option will give you friends.

Even worse, it says “if you skip this step, you’ll need to add each contact one-by-one to message them.” This is simply a lie as you can automatically talk to your Facebook friends using Messenger without adding them one-by-one.

The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger

If you tap on “Not Now”, Messenger will show you a fake notification every now and then to push you to enable contact syncing. If you tap on yes and disable it later, Facebook still keeps all your contacts on its servers.

On Android, you can let Messenger manage your SMS messages. Of course, you guessed it, Facebook uploads all your metadata. Facebook knows who you’re texting, when, how often.

Even if you disable it later, Facebook will keep this data for later reference.

But Facebook doesn’t stop there. The company knows a lot more about you than what you can find in your downloaded archive. The company asks you to share your location with your friends. The company tracks your web history on nearly every website on earth using embedded Javascript.

But my favorite thing is probably peer-to-peer payments. In some countries, you can pay back your friends using Messenger. It’s free! You just have to add your card to the app.

It turns out that Facebook also buys data about your offline purchases. The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger.

In other words, Messenger is a great Trojan horse to learn everything about you.

And the next time an app asks you to share your address book, there’s a 99-percent chance that this app is going to mine your address book to get new users, spam your friends, improve ad targeting and sell email addresses to marketing companies.

I could say the same thing about all the other permission popups on your phone. Be careful when you install an app from the Play Store or open an app for the first time on iOS. It’s easier to enable something if a feature doesn’t work without it than to find out that Facebook knows everything about you.

GDPR to the rescue

There’s one last hope. And that hope is GDPR. I encourage you to read TechCrunch’s Natasha Lomas excellent explanation of GDPR to understand what the European regulation is all about.

Many of the misleading things that are currently happening at Facebook will have to change. You can’t force people to opt in like in Messenger. Data collection should be minimized to essential features. And Facebook will have to explain why it needs all this data to its users.

If Facebook doesn’t comply, the company will have to pay up to 4 percent of its global annual turnover. But that doesn’t stop you from actively reclaiming your online privacy right now.

You can’t be invisible on the internet, but you have to be conscious about what’s happening behind your back. Every time a company asks you to tap OK, think about what’s behind this popup. You can’t say that nobody told you.

from Social – TechCrunch https://techcrunch.com/2018/03/23/facebook-knows-literally-everything-about-you/
via SEO & Social Media

Tumblr confirms 84 accounts linked to Kremlin trolls

Tumblr has confirmed that Kremlin trolls were active on its platform during the 2016 US presidential elections.

In a blog post today the social platform writes that it is “taking steps to protect against future interference in our political conversation by state-sponsored propaganda campaigns”.

The company has also started emailing users who interacted with 84 accounts it now says it has linked to the Russian trollfarm, the Internet Research Agency (IRA).

In the blog post it says it identified the accounts last fall — and “notified law enforcement, terminated the accounts, and deleted their original posts”.

“Behind the scenes, we worked with the Department of Justice, and the information we provided helped indict 13 people who worked for the IRA,” it adds.

In an email sent to a user, which was passed to TechCrunch to review, the company informs the individual they “either followed one of [11] accounts linked to the IRA, or liked or reblogged one of their posts”.

“As part of our commitment to transparency, we want you to know that we uncovered and terminated 84 accounts linked to Internet Research Agency or IRA (a group closely tied to the the Russian government) posing as members of the Tumblr community,” the email begins.

“The IRA engages in electronic disinformation and propaganda campaigns around the world using phony social media accounts. When we uncovered these accounts, we notified law enforcement, terminated the accounts, and deleted their original posts.”

Last month Buzzfeed News — working with researcher, Jonathan Albright, from the Tow Center for Digital Journalism at Columbia University — claimed to have unearthed substantial Kremlin troll activity on Tumblr’s meme-laden platform — identifying what they dubbed as “a powerful, largely unrevealed network of Russian trolls focused on black issues and activism” which they said dated back to early 2015.

The trolls were reported to be using Tumblr to push anti-Clinton messages, including by actively promoting Democrat rival Bernie Sanders.

Decrying racial injustice and police violence in the US was another theme of the Russian-linked content.

Since then The Daily Beast has also reported on leaked data from the IRA which also implied agents at the trollfarm had used Tumblr — and also Reddit — to spread political propaganda to target the 2016 US election.

Those IRA leaks suggested the IRA had created at least 21 Tumblr accounts — and included names replete with slang terms, including some accounts listed in the user email we’ve reviewed.

Tumblr, which is owned by TechCrunch’s parent company Oath, did not respond to an email we sent to their press office last month asking about possible Kremlin activity on its platform.

In today’s public post, the company writes: “As far as we can tell, the IRA-linked accounts were only focused on spreading disinformation in the U.S., and they only posted organic content. We didn’t find any indication that they ran ads.”

As well as emailing affected users, Tumblr says it will be keeping a public record of usernames linked to the IRA or “other state-sponsored disinformation campaigns”.

The full list of 84 Kremlin accounts on its public page is as follows:

It also suggests users step in and “correct the record” when they see others spreading misinformation, regardless of whether they believe it’s being done intentionally or not.

Concluding its email to the user who had unwittingly engaged with 11 of the identified IRA accounts, Tumblr adds: “We deleted the accounts but decided to leave up any reblog chains so that you can curate your own Tumblr to reflect your own personal views and perspectives.

“Democracy requires transparency and an informed electorate and we take our disclosure responsibility very seriously. We’ll be aggressively watching for disinformation campaigns in the future, take the appropriate action, and make sure you know about it.”

Asked how he feels to learn Kremlin trolls had unknowingly infiltrated his Tumblr feeds, the user told us: “It’s unsettling, although maybe not surprising, that we legitimize and signal boost bad actors on social platforms by ‘liking’ or reposting content that doesn’t appear to have any political agenda at first glance.”

from Social – TechCrunch https://techcrunch.com/2018/03/23/tumblr-confirms-84-accounts-linked-to-kremlin-trolls/
via SEO & Social Media

Elon Musk deletes own, SpaceX and Tesla Facebook pages after #deletefacebook

Elon Musk apparently wasn’t aware that his company SpaceX had a Facebook page. The SpaceX and Tesla CEO has responded to a comment on Twitter calling for him to take down the SpaceX, Tesla and Elon Musk official pages in support of the #deletefacebook movement by first acknowledging he didn’t know one existed, and then following up with promises that he would indeed take them down.

He’s done just that, as the SpaceX Facebook page is now gone, after having been live earlier today (as you can see from the screenshot included taken at around 12:10 PM ET).

As of this publishing, going to any of the above pages directs you to a message saying “Sorry, this content isn’t available right now” instead. That’s a quick turnaround, since Musk seems only to have found out these pages existed about 20 minutes prior to his taking them all offline.

Musk also responded to another comment on Twitter regarding his own and his companies’ prolific use of Instagram, which is of course owned by Facebook. The prolific entrepreneur noted that Instagram was “borderline,” since FB’s “influence is slowly creeping in,” but it seems like he’s okay with maintaining that presence for now.

Prior to their deletion, both the SpaceX and Tesla pages had over 2.6 million Likes and Follows, and super high engagement rates. You have to wonder whether Musk’s social media management employees cried a little when these went down.


from Social – TechCrunch https://techcrunch.com/2018/03/23/elon-musk-deletes-own-spacex-and-tesla-facebook-pages-after-deletefacebook/
via SEO & Social Media