Facebook Tracking: Why Secrets Are Important to Some Digital Players

May 12, 2021

I read a headline which I assume was crafted to shock; to wit: “Analytics Suggest 96% of of Users Leave App Tracking Disabled in iOS 14.5.” The headline did not surprise me, nor did the fact that four out of 100 in the sample said, “Sure, follow, listen, and watch me 24×7.” The write up states:

According to the latest data from analytics firm Flurry, just 4% of ?iPhone? users in the U.S. have actively chosen to opt into app tracking after updating their device to iOS 14.5. The data is based on a sampling of 2.5 million daily mobile active users.

The article points out:

Facebook, a vociferous opponent of ATT [app tracking tech], has already started attempting to convince users that they must enable tracking in iOS 14.5 if they want to help keep Facebook and Instagram “free of charge.” That sentiment would seem to go against the social network’s earlier claim that ATT will have a “manageable” impact on its business and could even benefit Facebook in the long term.

Several observations:

  • Secrets work. Making certain behaviors “known” undermines a number of capabilities; for example, revenue, trust, and data collection
  • iPhone users appear to be interested in keeping some of their mobile centric behaviors within their span of control. (What about iPhone users in China and Russia? Alas, the write up did not include those data.)
  • Processing items of data across time and within the monitored datasphere may make it difficult for some entities to perform in the manner they did prior to the introduction of ATT.

Net net: Flowing information erodes certain beliefs, social constructs, and processes. Once weakened by bits, these beliefs, constructs, and processes may not be reconstructable. The Apple ATT may have unforeseen consequences.

Stephen E Arnold, May 12, 2021

Online: Finding Info Is Easy or Another Dark Pattern?

May 7, 2021

When I attended meetings about online search, I found considerable amusement in comments like “Online makes finding information easy” and “I am an expert at finding information on Google.” Hoots for sure.

I read “How to Find a Buyer or Seller’s Facebook Profile on Marketplace.” According to the write up, at some time in the recent past “finding” information about a person offering something for sale on Facebook Marketplace was easy. Since I have never used Facebook Marketplace, I can accept the facile use of the word “easy” as something a normal thumbtyping Facebooker could do. Some investigators probably had the knowledge required to figure out who was pitching a product allegedly stolen from a bitcoin billionaire.

The write up identifies about nine steps in the process to navigate from a listing’s “seller handle” to the vendor’s Facebook profile. I thought this online search was easy.

I can think of several reasons why Facebook makes finding information difficult with weird words and wonky icons. (One of these was described as a “carrot” in the write up. A carrot? What’s up, Mark?

It is possible that Facebook wants to accrue clicks and stickiness. Since I don’t use Facebook, I am not a good judge of how sticky the site is. I do know that some individuals in government agencies think a lot about Facebook and the information the company’s databases contain.

Another possibility is that Facebook wants to make it more difficult for stalkers, miscreants, and investigators to move from a product listing to the seller information. The happy face side of me says, “Facebook cares about its users.” The frowny face says, “Facebook wants to make life difficult for anyone to get useful information because accountability is a bad thing.”

A third possibility is that Facebook’s engineers are just incompetent.

Net net: Finding information online is easy as long as one works at the organization with the data and the person doing the looking has root. Others get an opportunity to explore a Dark Pattern. Fun. Helpful even.

Stephen E Arnold, May 7, 2021

The Addiction Analogy: The Cancellation of Influencer Rand Fishkin

May 5, 2021

Another short item. I read a series of tweets which you may be able to view at this link. The main idea is that an influencer was to give a talk about marketing. The unnamed organizer did not like Influencer Fishkin’s content. And what was that content? Information and observations critical of the outstanding commercial enterprises Facebook and Google. The apparent points of irritation were Influencer Fishkin’s statements to the effect that the two estimable outfits (Facebook and Google) were not “friendly, in-your-corner partners.” Interesting, but for me that was only part of the story.

Here’s what I surmised from the information provided by Influencer Fishkin:

  1. Manipulation is central to the way in which these two lighthouse firms operate in the dark world of online
  2. Both venerated companies function without consequences for their actions designed to generated revenue
  3. The treasured entities apply the model and pattern to “sector after sector.”

Beyond Search loves these revered companies.

But there is one word which casts a Beijing-in-a-sandstorm color over Influencer Fishkin’s remarks. And that word is?


The idea is that these cherished organizations use their market position (which some have described as a monopoly set up) and specific content to make it difficult for a “user” of the “free” service to kick the habit.

My hunch is that neither of these esteemed commercial enterprises wants to be characterized as purveyor of gateway drugs, digital opioids, or artificers who put large monkeys on “users” backs.

That’s not a good look.

Hence, cancellation is a pragmatic fix, is it not?

Stephen E Arnold, May 5, 2021

Facebook: Everlasting Delight!

April 29, 2021

We are still aghast at the carelessness that allowed hackers to access user information for about a billion accounts between Facebook and LinkedIn. The Facebook breach, at least, has spawned a couple of interesting side stories. First we learned that CEO Mark Zuckerberg uses chat app Signal, a competitor to Facebook’s WhatsApp. We also found out the Facebook breach has forced “Have I Been Pwned” to rework its search functionality, at least for this particular data set.

The folks at Signal must be delighted. India Today reports that the “Leaked Phone Number of Mark Zuckerberg Reveals He Is on Signal.” While both Signal and WhatsApp boast end-to-end encryption, there have been issues with what Facebook does with the back-up files. From Facebook’s point of view, this tidbit about Zuckerberg comes at an unfortunate juncture. Writer Yasmin Ahmed points out:

“The news comes at a time when many users outraged with Facebook-owned WhatsApp’s new privacy policy are moving to seemingly safer alternatives like Signal. WhatsApp’s contentious new terms of service are slated to come into effect from May 2021. The updated privacy policy changes how Facebook can access users’ chats with business accounts.”

Oh dear. In another tangent, we are interested in this change prompted by the leak—“The Facebook Phone Numbers Are Now Searchable in Have I Been  HYPERLINK “https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/”Pwned,” explains the security check site’s own Troy Hunt. It is good to see a site adapt its search to evolving circumstances. But why was the site not already searchable by phone number? Hunt explains:

“I’d never planned to make phone numbers searchable and indeed this User Voice idea sat there for over 5 and a half years without action. My position on this was that it didn’t make sense for a bunch of reasons:

1. Phone numbers appear far less frequently than email addresses
2. They’re much harder to parse out of most data sets (i.e. I can’t just regex them out like email addresses)
3. They very often don’t adhere to a consistent format across breaches and countries of origin

Plus, when the whole modus operandi of HIBP is to literally answer that question – Have I Been Pwned? – so long as there are email addresses that can be searched, phone numbers don’t add a whole lot of additional value. The Facebook data changed all that.”

Indeed. While more than 500 million phone numbers were stolen, only a few million addresses went along for the ride. Until Hunt changed the search, he writes, over 99% of the many people checking on his site received a false negative. He was able to easily parse most phone numbers from well-formatted files in the breached data and normalize their format with a country code. The caveat—this fix only applies to this breach, unless or until a similar batch of phone numbers is harvested. See the post for the technical reasons that making phone-number searches standard is unworkable for the free resource.

Cynthia Murrell, April 29, 2021

Facebook Skewing Job Hunters? Is Skew the Right Word?

April 14, 2021

I read “Study Reveals Gender Bias in How Facebook Directs Employment Ads.”

Here’s the quote I noted from the article:

“Facebook’s ad delivery can result in skew of job ad delivery by gender beyond what can be legally justified by possible differences in qualifications,” the study said. The finding strengthens the argument that Facebook’s algorithms may be in violation of U.S. anti-discrimination laws, it added.

The write up omits details about the study. The idea that Facebook does something that disadvantages users of its free service is ludicrous. The article continues to suggest that Facebook is not the knight riding to the rescue of those in economic distress; to wit:

Facebook spokesman Joe Osborne said the company accounts for “many signals to try and serve people ads they will be most interested in, but we understand the concerns raised in the report.”

Facebook cares about signals. Facebook understands.

That’s super. Do the job hunters and advertisers?

Stephen E Arnold, April 14, 2021

Facebook Security: Fodder for Testimony?

April 9, 2021

Who knows if this is true? “533 Million Facebook Users’ Phone Numbers Leaked on Hacker Forum.” The write up states:

The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. The stolen data first surfaced on a hacking community in June 2020 when a member began selling the Facebook data to other members.

If true, the revelation is a nice complement to a series of outstanding achievements by the centralized, big tech, really smart managers at super important companies. Examples include:

  • Twitter’s senior manager spoofing elected officials
  • Microsoft’s Exchange Server misstep when Windows Defender was on the job sort of
  • Amazon’s brilliant Twitter campaign about workers’ inexplicable need to take breaks
  • Google’s staunch defense of employees who grouse with assurances of continued employment.

Now Mr. Zuckerberg’s digital nation and its outstanding security.

How did this happen? The write up asserts:

According to Alon Gal, CTO of cybercrime intelligence firm Hudson Rock, it is believed that threat actors exploited in 2019 a now-patched vulnerability in Facebook’s “Add Friend” feature that allowed them to gain access to member’s phone numbers.

I envision Mr. Zuckerberg answering this question under oath in an upcoming Congressional hearing:

Senator X: Mr. Zuckerberg, what the heck happened? I have a teen age grand daughter. Are you protecting her?

Mr. Zuckerberg: Senator, thank you for that question. At Facebook, we take every possible precaution to guard our user’s identify. I will look into this matter and provide a report written by an Amazon PR person whom we just hired, and assign the former head of Microsoft security also a new hire to investigate this matter. Early reports suggest that the 1,000 criminals attacking Microsoft were supplemented with an additional 2,000 bad actors to breach our highly secure system.

Plus, the loss of data affected a mere 533 million users. Trivial. It is old news too.

Stephen E Arnold, April 9, 2021

Facebook and Microsoft: Communing with the Spirit of Security

April 7, 2021

Two apparently unrelated actions by bad actors. Two paragons of user security. Two. Count ‘em.

The first incident is summarized in “Huge Facebook Leak That Contains Information about 500 Million People Came from Abuse of Contacts Tool, Company Says.” The main point is that flawed software and bad actors were responsible. But 500 million. Where is Alex Stamos when Facebook needs guru-grade security to zoom into a challenge?

The second incident is explained in “Half a Billion LinkedIn Users Have Scraped Data Sold Online.” Microsoft, the creator of the super useful Defender security system, owns LinkedIn. (How is that migration to Azure coming along?) Microsoft has been a very minor character in the great works of 2021. These are, of course, The Taming of SolarWinds and The Rape of Exchange Server.

Now what’s my point. I think when one adds 500 million and 500 million the result is a lot of people. Assume 25 percent overlap. Well, that’s still a lot of people’s information which has taken wing.

Indifference? Carelessness? Cluelessness? A lack of governance? I would suggest that a combination of charming personal characteristics makes those responsible individuals one can trust with sensitive information.

Yep, trust and credibility. Important.

Stephen E Arnold, April 7, 2021

Facebook: The Polarization Position

March 17, 2021

I find Silicon Valley “real” news amusing. I like the publications themselves; for example, Buzzfeed. I like the stories themselves; for example, “Polarization Is Good For America, Actually, Says Facebook Executive.”

How much of the Google method has diffused into Facebook? From my point of view, a magnetic influence exists. The cited article points out:

Facebook has created a ”playbook” to help its employees rebut criticism that the company’s products fuel political polarization and social division.

The idea is that employees comprise a team. The team runs plays in order to score. The playbook also directs and informs team members on their roles.

Trapped Priors As a Basic Problem of Rationality” explains how feedback loops lead to a reinforcement of ideas, data, and rationality otherwise not noticed.

Buzzfeed references this Facebook research document:

In the [Facebook] paper, titled “What We Know About Polarization,” Cox and Raychodhury [Facebook experts] call polarization “an albatross public narrative for the company.” “The implicit argument is that Facebook is contributing to a social problem of driving societies into contexts where they can’t trust each other, can’t share common ground, can’t have conversation about issues, and can’t share a common view on reality,” they write, adding that “the media narrative in this case is generally not supported by the research.” While denying that Facebook meaningfully contributes to polarization, Pablo Barberá, a research scientist at the company, also suggested political polarization could be a good thing during Thursday’s presentation. “If we look back at history, a lot of the major social movements and major transformations, for example, the extension of civil rights or voting rights in this country have been the result of increasing polarization,” he told employees.

The value of polarization and a game plan to make explicit a particular business method are high. The fact that the trappings of research are required to justify the game plan is interesting. But those trapped priors are going to channel Facebook’s behavior into easy-to-follow grooves.

Scrutiny, legal action, and “more of the same” will allow pot holes to form. Some will be deep. Others will be no big deal.

Stephen E Arnold, March 17, 2021

Facebook WhatsApp, No Code Ecommerce, and Google: What Could Go Wrong?

March 5, 2021

The Dark Web continues to capture the attention of some individuals. The little secret few pursue is that much of the Dark Web action has shifted to encrypted messaging applications. Even Signal gets coverage in pot boiler novels. Why? Encrypted messaging apps are quite robust convenience stores? Why go to Ikea when one can scoot into a lightweight, mobile app and do “business.” How hard is it to set up a store, make its products like malware or other questionable items available in WhatsApp, and start gathering customers? Not hard at all. In fact, there is a no code wrapper available. With a few mouse clicks, a handful of images, and a product or service to sell, one can be in business. The developer – an outfit called Wati – provides exactly when the enterprising marketer requires. None of that Tor stuff. None of the Amazon police chasing down knock off products from the world’s most prolific manufacturers. New territory, so what could go wrong. If you are interested in using WhatsApp as an ecommerce vehicle, you can point your browser to this Google Workspace Marketplace. You will need both a Google account and a WhatsApp account. Then you can us “a simple and powerful Google Sheet add-on to launch an online store from Google Sheets and take orders on WhatsApp.” How much does this service cost? The developer asserts, “It’s free forever.” There is even a video explaining what one does to become a WhatsApp merchant. Are there legitimate uses for this Google Sheets add on? Sure. Will bad actors give this type of service a whirl? Sure. Will Google police the service? Sure. Will Facebook provide oversight? Sure. That’s a lot of sures. Why not be optimistic? For me, the Wati wrapper is a flashing yellow light that a challenge to law enforcement is moving from the Dark Web to apps which are equally opaque. Progress? Nope.

Stephen E Arnold, March 5, 2021

Facebook Found Lax in Enforcement of Own Privacy Rules. Surprised?

March 4, 2021

Facebook is refining its filtering AI for app data after investigators at New York’s Department of Financial Services found the company was receiving sensitive information it should not have received. The Jakarta Post reports, “Facebook Blocks Medical Data Shared by Apps.” Facebook regularly accepts app-user information and feeds it to an analysis tool that helps developers improve their apps. It never really wanted responsibility for safeguarding medical and other sensitive data, but did little to block it until now. The write-up quotes state financial services superintendent Linda Lacewell:

“Facebook instructed app developers and websites not to share medical, financial, and other sensitive personal consumer data but took no steps to police this rule. By continuing to do business with app developers that broke the rule, Facebook put itself in a position to profit from sensitive data that it was never supposed to receive in the first place.”

Facebook is now stepping up its efforts to block sensitive information from reaching its databases. We learn:

“Facebook created a list of terms blocked by its systems and has been refining artificial intelligence to more adaptively filter sensitive data not welcomed in the analytics tool, according to the report. The block list contains more than 70,000 terms, including diseases, bodily functions, medical conditions, and real-world locations such as mental health centers, the report said.”

A spokesperson says the company is also “doing more to educate advertisers on how to set-up and use our business tools.” We shall see whether these efforts will be enough to satisfy investigators next time around.

Cynthia Murrell, March 4, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta