Al Franken: "We are not [tech giants'] customers, we are their product."
November 9, 2017 5:32 AM   Subscribe

"Al Franken Just Gave the Speech Big Tech Has Been Dreading" [SL Wired]

"[R]evelations about how Russia used Facebook, Twitter, and Google to sow discord in the US ahead of the 2016 election [have] helped make concern about the power of tech giants more bipartisan. Franken quoted his Republican colleague Sen. John Kennedy, who struck a nerve in last week’s hearings when he pressed Facebook on collecting personal data and said the power of the platforms scared him. If voters share the same concerns, anti-tech messaging could become a populist issue in the 2018 election."
posted by CheesesOfBrazil (99 comments total) 53 users marked this as a favorite
 
My favorite is when they listen in on conversations, and report back keywords, like in Facebook Messenger and Alexa, ostensibly for targeted advertising but who knows what else. On some devices - it's a pretty clear pattern of A/B testing, and likely done this way to get more info on how to disguise what they're doing before rolling it out to the userbase entire.

Then maybe sell more than ad buys - I can think of a few governments who would like to know when their citizens are being disloyal and disrespectful, and who have deep pockets.
posted by Slap*Happy at 5:45 AM on November 9 [7 favorites]


Some related stuff in security guru Bruce Schneier's recent testimony before the House Energy and Commerce committee on the Equifax hack. Some choice snippets:
This was not a sophisticated attack. ... Equifax was notified by Apache, US CERT, and the Department of Homeland Security about the vulnerability, and was provided instructions to make the fix.

Two months later, Equifax had still failed to patch its systems. It eventually got around to it on July 29. .
and
Equifax is more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about us­ almost all of them companies you've never heard of and have no business relationship with.
and
The market cannot fix this because we are not the customers of data brokers.

The customers of these companies are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you'd be a profitable customer­everyone who wants to sell you something, even governments.
...

Worse, the financial markets reward bad security. Given the choice between increasing their cybersecurity budget by 5%, or saving that money and taking the chance, a rational CEO chooses to save the money. Wall Street rewards those whose balance sheets look good, not those who are secure. And if senior management gets unlucky and the a public breach happens, they end up okay. Equifax's CEO didn't get his $5.2 million severance pay, but he did keep his $18.4 million pension. Any company that spends more on security than absolutely necessary is immediately penalized by shareholders when its profits decrease.
The takeaway is mostly "this is bad, regular people don't know just how bad it is, it costs us money and even national security, the market simply cannot solve it, the regulatory bodies have dropped the ball and need to really step up to get back in the game".
posted by Harald74 at 5:47 AM on November 9 [116 favorites]


I’ll be a bit snarky here: anyone using any service for free should realize that there is no free lunch. You are the lunch.

I’m glad to hear the political class bring this to light, but as usual they are well behind the curve on this topic.
posted by tgrundke at 6:14 AM on November 9 [11 favorites]


"Anybody being taken advantage of deserves it for being an idiot," you mean? Sorry, I just can't get in board with that.
posted by showbiz_liz at 6:16 AM on November 9 [102 favorites]


Listen, if you’ve had your data collected and marketed by a third party you’ve never done business with and do not know about, exposing you to potentially devastating breaches in security, that’s just got to somehow be your fault.
posted by maxsparber at 6:32 AM on November 9 [122 favorites]


Sen. Franken did not, in my opinion, comport himself well at the 31 October Senate Judiciary Committee, Crime and Terrorism Subcommittee hearing on "Extremist Content and Russian Disinformation Online." Rubles! rubles!: Evidently he is unaware of common FX facilities operated by third-parties.

His knowledge and credulity, as well as several of his colleagues' at the hearing, of "information services" sector operating capacities and structure is nearly ridiculous --reminiscent of Sen. Ted Stevens' intertubes analogies or Sen. Schumer's ignorance revealed during the Baucus PPACA hearings-- and inexcusable. He does have "staff." They at least could have digested the Telecommunications Act for him.
posted by marycatherine at 6:50 AM on November 9 [1 favorite]


If you think Senator Franken’s intended audience was tech nerds, you know absolutely nothing about politics.
posted by schadenfrau at 6:58 AM on November 9 [54 favorites]


Rubles! rubles!: Evidently he is unaware of common FX facilities operated by third-parties.

This is exactly what the tech bros said, too, and it's seems to me a bad faith interpretation of his complaint. Of course he is aware that currency exchanges exist. I'm sure he's traveled through an international airport at some point in his life.

He wasn't saying a currency filter for political ads wouldn't be easy to get around. He was saying they didn't even do that incredibly basic, easy thing. Doing it wouldn't be a one-stop fix, but it WOULD be a no/low-cost first step to preventing foreign interference in American elections, at the very least from non-state actor Ivan Q Russian who's just getting his jollies by trolling the American electorate. And it would be a signal, both to us and to foreign powers, that they are aware of the law and are taking at the very least the most obvious steps to comply. Not doing this trivially easy thing is pretty damning evidence that they hadn't done anything at all to avoid being complicit in breaking American law.

Maybe investigating transactions that are brokered through those third-party FX facilities is step 2, but that can't happen in the absence of step 1.
posted by solotoro at 7:09 AM on November 9 [63 favorites]


I guess the Chinese really missed out on having its entire population's buying habits stored in a western database. Of course, if you're really up on your Chinese propaganda, you know by 2020, the government will run its own version of a credit rating that totally represses minds and stuff, and gets you deals on faster internet and stuff...

After the first debate, after I knew the perverse depths of a mighty pendulum swing could take office (I grew up in the south frickin' east), all my faith (the evidence of things not seen) was in Warren and Franken and, slowly... Their power in the Senate I know to be crucial versus a circus of any executive run... Warren, despite whip-smart moves and knowledge of policy just doesn't come across in camera or oratory and Franken...well, their combination could take it all. People forget McCain didn't choose Alaska until it was predicted H.Clinton had the nomination. That's how unprecedented a popular race involving gender is-- conservatives said: Fire with Fire! And Obama emerged from D.C.'s aether...I want Warren so bad because I don't care if the criticism is identity politics, the promise of my nation was an emerging liberty and too many perfectly qualified women have been passed over already...TOO FRICKIN' MANY...but her presentation? They're a great ticket and I just wish I didn't see her in the VP spot, but I do.
posted by lazycomputerkids at 7:10 AM on November 9 [1 favorite]


Of course he is aware that currency exchanges exist. I'm sure he's traveled through an international airport at some point in his life.

He's also saying that having massive numbers of political ads paid for by rubles should have been something somebody noticed and flagged. I mean, I've used third party vendors before as well, and I know when somebody buys something from Russia, and all I sell are, like, a few ebooks and self-produced CDs.
posted by maxsparber at 7:17 AM on November 9 [18 favorites]


Senator Franken pulled a Columbo, in a move befitting an intelligent politician. It's easy to underestimate politicians making chess moves when the President is barely able to play checkers, but his real point is to start developing the mindset that government should regulate Facebook and Google.

Every time someone points out that currency exchanges exist, I'm some what reminded me of the XKCD about the Crypto Nerd and the Wrench because I imagine Senator Franken is trying to figure out how to build a system like crypto side of the comic on the left, and the wrench on the right is "FX exchanges".

However, a hypothetical law isn't going to say "No using rubles to buy political ads" because, duh. The law's going to say "Companies accepting money from any international source (even if it's coming from a US bank account) for political advertising buys must now file SARs to FinCEN" or something equally broad, and make Google and Facebook, and anyone else involved in selling ad space follow a bunch more regulations. (For better or worse; clearly the industry has failed to self-regulate.)


(Frustratingly, it's not actually the "series of tubes" part where Senator Ted Stevens' analogy fell flat because, uh, it does look like a series of tubes. It's everything around where he fell flat.)
posted by fragmede at 7:41 AM on November 9 [17 favorites]


The organization that hosted Senator Franken’s speech, the Open Markets Institute, posted some Further Reading to accompany Mr. Franken’s speech.

Still looking to see if I can find a primary source of the speech itself.
posted by mrbeefy at 7:52 AM on November 9 [1 favorite]


"Applying net neutrality rules to Google or Facebook, for example, could make them obligated to distribute content from political extremists and even foreign propaganda under some circumstances."

Um. Well, yeah. But if they have to be neutral about it, they might have to disclose the source of funding. And it'd have a much different impact if the ad that says "radical Islamic terrorists are trying to take over America" is paid for by "Товарищи для Путина."

I like the idea of big tech/social media companies being told: Either you act like a public utility, and are subject to a lot of regulations in order to keep your access to pretty much everyone - OR you act like a normal business, and we start prosecuting you for mistakes that cause problems for other people AND for not watching out for illegal content (porn, violence) AND for not being careful to keep the under-13 crowd off your servers and out of your data farm.
posted by ErisLordFreedom at 7:53 AM on November 9 [14 favorites]


Ironically, I just needed to turn off content blockers in my browser to access the speech itself: http://openmarketsinstitute.org/. Senator Franken starts at the 15:00 minute mark.
posted by mrbeefy at 7:59 AM on November 9 [1 favorite]


Either you act like a public utility,...

Of those outcomes, which does your heart and mind tell you is most likely? Mine says regulation. Torts? OMG. Of the zillion facts about CrimsonFriendFinder that gall me? The number of people they employ compared to Google is quite small. It's a shell. It always was. Right place and right time to exploit a habituation and its moves into VR was like watching LawnMowerMan and a soap-opera at the same time.
posted by lazycomputerkids at 8:00 AM on November 9


I much prefer regulation. They won't like it, and I want it pushed that their alternative to putting up with regulation is an endless string of both torts and criminal prosecution cases - aiding and abetting for refusing to stop harassment after they've gotten reports, for example.
posted by ErisLordFreedom at 8:03 AM on November 9 [10 favorites]


"Anybody being taken advantage of deserves it for being an idiot," you mean? Sorry, I just can't get in board with that.

That's not what they said. They said people should be aware, and they should. That type of defensiveness enables these exploitative systems. People don't want to acknowledge their own culpability, so they react dismissively to criticism of the systems themselves.

People do need to make some effort to understand how these things work or it's just going to keep getting worse. The US is not going to get any new consumer protections any time soon, so it is on consumers to make some kind of effort to understand the systems and technologies they're opting into voluntarily in exchange for some usually trivial convenience.

People usually don't intentionally opt into providing information to credit reporting agencies like Equifax, but credit reporting agencies very likely buy lots of information from various data miners, which people do opt into, and they don't just collect information about the person agreeing to the terms, but about anyone they communicate with as well. I see people here on Metafilter recommending incredibly sleazy datamining apps all the time that comb through your contacts and transmit data about third parties to the people who run sites used by not only big organizations, but by identity thieves, stalkers, and doxxers.

Nobody deserves to exploited like that. But it's happening, and the best, maybe only, tool most of us currently have to combat it is an understanding of how these things work.

Because people aren't just being promiscuous with their own information, but with others' who didn't agree, even unintentionally, to having that information made public.

Learning how those things work and understanding their own culpability will probably make some people feel bad. It's understandable how it happens, but that doesn't mean it's OK or that you're blameless.

And that's not an excuse to be dismissive of those who point out that people need to get better informed about the products they're using that are contributing to these problems.
posted by ernielundquist at 8:05 AM on November 9 [4 favorites]


I love how Wired frames most of this article as if they totally concede how problematic things are and how right Franken is to point them out, but it has to end by leaving the reader with the thought of "meh meh meh Congress meh."
posted by scaryblackdeath at 8:16 AM on November 9 [5 favorites]


there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about us­ almost all of them companies you've never heard of and have no business relationship with.

If you have a closer look at the contracts you didn't read when you signed up for all those loyalty cards that are in your wallet right now, you might find that you do, in fact, have a business relationship with these companies.
posted by rocket88 at 8:24 AM on November 9 [6 favorites]


If you have a closer look at the contracts you didn't read when you signed up for all those loyalty cards

Contracts should be required to explain the intent of the thing in plain language. "We will sell your data" or whatever.
posted by pracowity at 8:27 AM on November 9 [7 favorites]


Franken is an expert at this kind of maneuvering. He's no "series of tubes" type with regard to technology. And, he's absolutely right that these behemoth companies are incredibly dangerous to people.
posted by odinsdream at 8:35 AM on November 9 [8 favorites]


LinkedIn started recommending people I had bought or sold stuff through craigslist. It was odd, because they were total strangers and being the wise data private person I am I never let LinkedIn into my email account. But I realized the other person did, and that's how they established a relationship between us.

Is it my fault that this information about me is out there now? What should I do to prevent this? Use disposable email addresses every time I talk to someone over craigslist and hope fakeemail47386@gmail.com isn't suspicious to them? Use a separate email address for LinkedIn and every service I use? Not sign up for LinkedIn at all?

You might as well tell folks they wouldn't have lead in their water if they weren't connected to the municipal water supply. Or tell a person who checks vending machine coin returns for change that they should give up their grocery store card discounts if they want privacy.

I don't think people here appreciate the immense asymmetry of the situation. I put the majority of the blame on the corporations who have the profit incentive, the lawyers to draft purposefully inscrutable language, the tech sophistication, the lack of oversight, the layers of bureaucracy to hide behind, and general amorality to pull this off.

Blaming the public is like blaming the public for not adopting PGP, and likely will be just as effective for furthering privacy.
posted by AlSweigart at 8:54 AM on November 9 [41 favorites]


I don't think people here appreciate the immense asymmetry of the situation.

This. We are at a very dangerous time when the government's attempts at regulation could be made totally irrelevant by malicious tech giant actors.
posted by odinsdream at 9:07 AM on November 9 [12 favorites]


>But I realized the other person did, and that's how they established a relationship between us.

This is what CrimsonFriendFinder first did and what I found startling...You want my password to Yahoo? And a generational habituation was underway. I'd come from AOL messenger rooms in which a/s/l was "a big deal", but I knew it would change, many did.

Relational databases, to my flawed and incomplete comprehension, can produce many meaningful discriminations and distinctions with anonymous information, but identifying an individual (something China's ratings will do by default) is a trickier business in the west when government is involved. Medical information has been relatively well protected and is the only example of which I know to engage the topic.

>Contracts should be required to explain the intent of the thing in plain language. "We will sell your data" or whatever.

Industry practices, their description and procedure is abstruse for many organic reasons and organic in character in that they rapidly amend and refine, all before proprietary/trade secret/licensing conventions are evolved. And why regulation, as breezy and over-arching and well-intended as it can sound, is legitimately lobbied.
posted by lazycomputerkids at 9:10 AM on November 9


Even house fires, which may be often directly attributable to an individual messing up in some way, are best prevented by universal structural solutions, such as mandating certain building standards and fire alarms. They are also most effectively treated with a universally accessible solution, paid for by taxes: ie: fire departments.

When the vast majority of us have no meaningful choice but to enter into contractual agreements with companies who have no accountability to us, yet continuously cause us harm, that seems like the hallmark of a situation where government regulation and intervention is needed. What else is a government for?
posted by latkes at 9:15 AM on November 9 [52 favorites]


If you have a closer look at the contracts you didn't read when you signed up for all those loyalty cards that are in your wallet right now, you might find that you do, in fact, have a business relationship with these companies.

You mean the loyalty cards that allow you not to pay more for products? They're a form of mild extortion (how mild depends on your financial situation). If you're struggling for every dollar, are you going to care about your data or about the extra food you can buy for your family?

It's not like the public invented them. They were invented by retailers to gather data on us by making it more expensive for us not to give them data.

Blame the sharks, not their victims.
posted by emjaybee at 9:24 AM on November 9 [33 favorites]


They were invented by retailers to gather data on us by making it more expensive for us not to give them data.

"on us" is the tricky part. Observe how in their beginning, signing up for a loyalty card involved a pen and paper application with too much information, I agree, but after implementation, a cashier might provide a seemingly extraneous one, or not care that another customer in line use theirs. Understanding why is to understand a relational database and its value to inventories and distribution.
posted by lazycomputerkids at 9:30 AM on November 9


The "contracts" that consist of saying "We won't let you do this nice thing unless you sign away all your rights?" That leave you no other option besides not using it? Right.
posted by Peach at 9:30 AM on November 9 [4 favorites]


At some point in the last few decades, a lot of corporations shifted from "we'll give you a bonus for giving us some access to personal information" to "we will charge you extra, provide less support, offer fewer goods and services, and restrict your access to anything we can reach unless you hand over personal data."

I put a lot of the blame on the courts that have authorized clickthrough terms-of-service contracts. A lot on the legislatures who don't believe we have any rights to privacy. A lot on the law enforcement agencies who believe any internet activity is outside of their scope, regardless of whether it'd be a crime in a face-to-face setting.

It's not the end user's fault that they're being abused by large groups who treat them like exploitable resources instead of people.
posted by ErisLordFreedom at 9:33 AM on November 9 [17 favorites]


My favorite is when they listen in on conversations, and report back keywords, like in Facebook Messenger

This is a myth. Messenger doesn't listen in on your conversations.
posted by kprincehouse at 9:41 AM on November 9 [1 favorite]


Reply All did a story about Facebook Messenger supposedly listening in. Alex Goldman was pretty adamant that this was just the coincidence of Facebook buying a lot of data and then serving ads based on effective use of data, but, over the course of the episode, there were increasing number of things that couldn't be explained away so easily.
posted by maxsparber at 9:44 AM on November 9 [15 favorites]


Does FB read your Facebook Messenger text conversations and serve sponsored ads based on that? Similar to Gmail? I would have guessed that would be a legitimate privacy concern, not the more conspiratorial microphone idea.
posted by crazy with stars at 9:48 AM on November 9


Blaming the public is like blaming the public for not adopting PGP, and likely will be just as effective for furthering privacy.

Of COURSE that's the fault of the corporations, and they're intentionally obfuscating what they do. It is, however, also the fault of the people who naively go along with them, particularly when they go to great lengths to normalize their behaviors.

I've dealt with the same thing you have, and ended up having to make a fucking LinkedIn stub account to tell them to stop sending me 'invitations' from everyone I know who gave it my information. Similar thing with Facebook many years ago, and with other services. People give these shitty organizations information about me, and the companies try to extort even more information to get them to leave me alone. It sucks and I hate them.

Of course those organizations are to blame. Of course the ideal solution is corporate oversight. But we don't have that, and in the meantime, people should be putting in the minimal effort to check the permissions they're granting to various shitty little apps on their phone, and think twice about adopting invasive technologies such as always on listening devices. Especially when it's not just your information you're handing over.

Store cards are pretty creepy, and they gather a lot of information about you. But they really just about you. That's your choice, and I don't blame you for choosing it.

But if you don't check the permissions on the apps you install, and you're running contact scrapers that are feeding my personal information, including my unlisted number, my email address, multiple versions of my name, etc. to those sleazy stalker sites, yes, I blame you, and I don't care if that hurts your feelings. You could get people killed that way, and while you're not primarily responsible, you're not blameless and you should feel bad, and whatever else it takes to get to you devote ten minutes to learning how to stop doing that.
posted by ernielundquist at 9:49 AM on November 9 [1 favorite]


This is a myth. Messenger doesn't listen in on your conversations.

I can't help but notice that article was written by Facebook, and that it was written back in the golden days of summer 2016--before Facebook acknowledged Russians and others were harnessing the power of the platform for nefarious purposes.

I've tested this out, and whether or not it was Facebook, some damn thing was listening in and spit out FB ads at me: I said a phrase in my car I've likely never said before. Something like "wrench bottom." Sure enough, within an hour, I saw FB ads for "wrench bottom."

(I quit Facebook a month ago.)
posted by ImproviseOrDie at 9:51 AM on November 9 [22 favorites]


It's not the end user's fault that they're being abused by large groups who treat them like exploitable resources instead of people.

A philosophical algebra as calculus is applied; Such supposition is to abandon market competition. The behemoths, the giants, the need for their regulation is patent because their existence was not summoned or arranged...what commodity hardware achieves is disruptively novel. How people are "treated" and what defines "people" conflates motive and effect with more heart than experience.

>...over the course of the episode, there were increasing number of things that couldn't be explained away so easily.

You're goddamned right. Zuck cults are the worst cults. What goes on between so relatively few workers isn't transparent. It's a sick fiefdom of audacity and bro derring-do.

/end of line
posted by lazycomputerkids at 9:51 AM on November 9 [1 favorite]


"you're not blameless and you should feel bad, and whatever else it takes to get to you devote ten minutes to learning how to stop doing that"

It's not ten minutes, though. Even after a fundamental shift to a critical or hostile view of online or app interactions, there would need to be a continual education in how the scrapers are scraping this week.
posted by turkeybrain at 9:56 AM on November 9 [8 favorites]


Either you act like a public utility, and are subject to a lot of regulations in order to keep your access to pretty much everyone - OR you act like a normal business

Or you can go Full Koch Brothers: set up a superfund to elect politicians who will let you do whatever you want.
posted by tallmiddleagedgeek at 9:56 AM on November 9 [2 favorites]


"and whatever else it takes to get to you devote ten minutes to learning how to stop doing that."

You're wondering why millions of people don't safeguard their privacy since it only takes ten minutes. I'm wondering why you think it only takes ten minutes, given that millions of people haven't been able to do it.
posted by AlSweigart at 10:07 AM on November 9 [24 favorites]


kprincehouse: " Messenger doesn't listen in on your conversations. "

The Facebook-written text you link to doesn't actually say they don't listen, just that they do "not use your phone’s microphone to inform ads or to change what you see in News Feed.". They're very specific about what they don't do and very vague about what they do do.

They then say:

We only access your microphone if you have given our app permission and if you are actively using a specific feature that requires audio. This might include recording a video or using an optional feature we introduced two years ago to include music or other audio in your status updates.

It might include those things, or it might include many other things, by their wording.
posted by signal at 10:08 AM on November 9 [14 favorites]


ImproviseOrDie: I said a phrase in my car I've likely never said before. Something like "wrench bottom." Sure enough, within an hour, I saw FB ads for "wrench bottom."

I... I’m sorry, are you saying that your car is connected to Facebook?

Am I misunderstanding you?
posted by tzikeh at 10:08 AM on November 9 [3 favorites]


Well, Facebook says they don't listen to your messages and cultivate ads based on the text in those messages, but that's demonstrably incorrect. What else has facebook been lying about since 2016?
posted by Sphinx at 10:17 AM on November 9 [2 favorites]


I... I’m sorry, are you saying that your car is connected to Facebook?

Ha! Uh, no, not saying that. (Although...)

I suppose I could have given some more info for actual context. I tested it out in my car (parked, not running) because I knew there would be no other noise a microphone could pick up.
posted by ImproviseOrDie at 10:22 AM on November 9 [5 favorites]


Yes, it obviously takes more than ten minutes to fully safeguard your own privacy, as evidenced by the fact that every few months or so, I have to devote hours and hours to trying to extricate personal information I did not provide from public databases that sell it, and I can never get it all off.

There are plenty of fancy tricks that companies are currently using to get and model data about people, and they're not required to tell us what they all are. So yeah, you can't avoid it all.

Most apps, though, use pretty standard methods for grabbing basic information. And It does take ten minutes or less to look through the app permissions on your phone to see what's accessing your contacts and your microphone, and disallow or delete the ones that don't have a very good reason AND a solid privacy policy describing in detail what they do with the information.

And it takes negative amounts of time to just not install those apps or adopt other invasive technologies you don't understand.

These things are relatively easy, and there is no good excuse for not doing them.
posted by ernielundquist at 10:22 AM on November 9


Sphinx: "Well, Facebook says they don't listen to your messages and cultivate ads based on the text in those messages,"

Facebook says they don't listen *through the microphone to you talking out loud.* I haven't seen any concrete denial that they aren't reading the context of your text-based messages, though.
posted by crazy with stars at 10:22 AM on November 9


ImproviseOrDie: I suppose I could have given some more info for actual context. I tested it out in my car (parked, not running) because I knew there would be no other noise a microphone could pick up.

Again, you seem to be saying that your car is communicating with Facebook. Do you mean you were on your phone in the car?
posted by tzikeh at 10:31 AM on November 9 [1 favorite]


Again, you seem to be saying that your car is communicating with Facebook. Do you mean you were on your phone in the car?

Seriously? Maybe this helps you:

'I've tested this out [with my phone], and whether or not it was Facebook, some damn thing [in/on my phone] was listening in and spit out FB ads at me: I said a phrase [while in possession of my phone] in my car I've likely never said before. Something like "wrench bottom." Sure enough, within an hour, I saw FB ads [in the Facebook app on my phone] for "wrench bottom." '
posted by ImproviseOrDie at 10:37 AM on November 9 [14 favorites]


Hey, this sounds familiar!
posted by Hamusutaa at 10:45 AM on November 9 [2 favorites]


It would really help if the tech giants could lead the way with unequivocal, strong privacy statements. I actually trust Google and Facebook more with my data than I trust most companies. Not because they're more ethical, but because keeping my data secret gives them a proprietary advantage over other advertising platforms. When I see a Facebook ad, I know that Facebook itself is serving that ad to me. The advertisers have paid for the service of "show this ad to people who match query Q", but the advertisers don't get to run that query themselves and inspect the results.

On the other hand, the data brokers let anyone with a few bucks run that query. I find that a lot more disconcerting, and I think we'll see it weaponized in new and interesting ways in years to come.
posted by qxntpqbbbqxl at 10:48 AM on November 9 [4 favorites]




As an example of the weaponization of data: An anti-immigrant hate group in Burien, WA* has been circulating a flyer containing addresses and names of alleged criminal immigrants. They presumably pieced this together from a collection of public databases. It's totally possible that it will get someone killed if a Pizzagate-style idiot decides to take vigilante action.

* That curiously gets a lot of funding by out-of-state donors
posted by qxntpqbbbqxl at 10:57 AM on November 9 [6 favorites]


"These things are relatively easy, and there is no good excuse for not doing them."

Hey so I hear where you're coming from —people should take ownership of their data and lock down the services they sign up for/devices they use, etc.—and I agree that they should do whatever is in their power.

That said, shouldn't we require Facebook, Google, Apple, etc. to make it very damned clear how this works to consumers? They can translate technical details (megapixels! 4G LTE data!) for laypeople to make them buy, so they should do that for privacy options, too.

But even then, there are many users of these services/devices who are just hopeless when it comes to the slightest tweaking of preferences or settings and they need to have their hand held. They experience real fear of messing things up and avoid the settings window at all costs. They click through warnings without reading them. Do we tell these people they can't have smartphones? Or Facebook? They just want to keep in touch with their loved ones, navigate using a maps app, and read the news on the train, but to do that they have to sign up to have their entire lives surveiled, commoditized, and fed into algorithms that determine their creditworthiness, actuarial risk, and what media they'll be fed.

In the highly technical realm of finance, where people's savings are at stake, we require reams and reams of disclosure from companies offering their stock to the public in order to protect unsophisticated mom-and-pop investors (assessments of how effective this is will be left for another time). We flatly prohibit certain kinds of offerings to be marketed to the general public. Google, Facebook, et al. have truly astounding wealth and resources; it should be they who are made to bear the costs of their business model and not individual consumers. There is no good excuse for not regulating the market for profile data.
posted by Grimp0teuthis at 11:01 AM on November 9 [14 favorites]


Franken is right to put the burden on tech giants, because safeguarding your privacy in the modern age is not obvious (even if you're like me and you have a C.S. degree). You only have to slip up once for your information to be out there, forever.

To prove this, I'll present you with this Faustian bargain: Here are links for where you (if you're American) can opt-out from six large data brokers. The links come from a page on the Facebook website (it has links outside the US too).

Acxiom

Epsilon

Experian

Oracle Data Cloud

TransUnion

WPP

Great way to safeguard your private information, right? Well, in order to opt-out your information you have to give them your information so they can find your file (full name, home address, phone number, your Facebook account, etc.)

Are you being smart for taking ten minutes to opt-out from these pages? Or are you being a naive fool for handing out your information directly to data brokers? If they didn't have your info before, well they do now.

Bonus: Did you notice that the Experian link doesn't use https?
posted by AlSweigart at 11:01 AM on November 9 [25 favorites]


Any plan for success that requires "enlightenment of the masses" is doomed to failure. You can argue over what specific type of enlightenment it would need to work, but that's not actually going to happen.

The majority of people follow the path of least resistance, almost all the time - we're damn near hard-wired to do so; it saves on energy that we desperately need for survival.

Sure, we could all stand to be more aware of what's happening to our data. Sure, opting out of tracking is usually good, and sometimes doesn't cause problems. But calling that the solution to tech-company manipulations is victim-blaming.

I should, dammit, be able to share my address and phone with my local pizza place without worrying that I'll be bombarded with ads from businesses on the other side of the continent.
posted by ErisLordFreedom at 11:20 AM on November 9 [7 favorites]


The "Herf derf, n00bs!" approach to Big Tech's irresponsible handling of consumer data is not helping, especially when there are already successful data privacy laws in Europe that can be used as an example.
posted by jonp72 at 11:47 AM on November 9 [12 favorites]


That said, shouldn't we require Facebook, Google, Apple, etc. to make it very damned clear how this works to consumers? They can translate technical details (megapixels! 4G LTE data!) for laypeople to make them buy, so they should do that for privacy options, too.

Is there some sort of tipping point where if I say it enough times, or in a large enough font with enough caps and exclamation points, that people will stop arguing to me that the companies collecting the data are responsible and should be held accountable, as though I didn't say that myself a million times already? Do I have to use those obnoxious clapping hand emojis between all the words maybe?

Because OF COURSE they're responsible. OF COURSE they should be held accountable. Clapping hands emoji. Fourteen exclamation points.

Are you expecting this to happen during the Trump administration? Does that really seem like the direction things are heading right now?

But even then, there are many users of these services/devices who are just hopeless when it comes to the slightest tweaking of preferences or settings and they need to have their hand held. They experience real fear of messing things up and avoid the settings window at all costs. They click through warnings without reading them. Do we tell these people they can't have smartphones? Or Facebook? They just want to keep in touch with their loved ones, navigate using a maps app, and read the news on the train, but to do that they have to sign up to have their entire lives surveiled, commoditized, and fed into algorithms that determine their creditworthiness, actuarial risk, and what media they'll be fed.

Yeah, no shit people don't understand how things work, and no shit they don't read or understand the terms. It's not like I think people are doing this shit on purpose. Most people are not that intentionally malicious and would not knowingly do such vile things to their friends and family.

But most people are not so clueless that they're incapable. They're just lazy and selfish, and they get really defensive when you point out to them how they've been culpable in violating the privacy and safety of others. Most people are perfectly capable of opening the settings on their phones and looking at the permissions. And the people who really are true, dyed in the wool technophobes usually have some friend or family member who helps them out and does things like explains common scams to them. Those people should be helping them with this too, rather than normalizing the idea of downloading shady apps that promise trivial conveniences.

And you know what? If someone is truly clueless, has no means to evaluate the tools they use, and can't follow a few simple guidelines for protecting if not their information, at least other people's, maybe they should avoid using smartphones and Facebook. That does suck, but it sucks a lot less than having them out there repeatedly handing over people's private personal information to any shady app that requests it, including many that feed information directly to those sites that stalkers use to track down their victims.
posted by ernielundquist at 11:49 AM on November 9 [4 favorites]




I thought everyone knows it is nigh-impossible to actually get off these lists (or actually do anything on a web site that does not result in your credit-card being charged) -- here's Elizabeth Warren trying to freeze her Equifax account.
posted by phliar at 11:56 AM on November 9 [3 favorites]


Are you expecting this to happen during the Trump administration? Does that really seem like the direction things are heading right now?

Under what presidential administration would this have happened? Joe Exotic's presidency?

Think of all the caselaw and state/fed rules that prevent the change. And while I'm aware of a state law that says you can rescind your electronic signature/the need to be able to obtain a copy of the e-contract and it is 10+ years old, I can find no caselaw about that law. And I know I've been presented e-contracts with no way to save/print a contract copy.
posted by rough ashlar at 12:59 PM on November 9


Reading this thread it seems obvious that we need to require that people pass a test before they are allowed to participate in modern society. Never mind that they get to spawn and vote without any intelligence whatsoever - this is important!

Or as an alternative, those who are frustrated by the personal impact of their friends' failure to adequately protect their data could just stay offline where it's safe, at least until such time as Our Benevolent Corporate Masters bow to public and legislative pressure and put a halt to these immoral practices.

Yeah, right.
posted by mkhall at 1:01 PM on November 9 [5 favorites]


The article is about how tech companies are gigantic unregulated influencers who need to be controlled, not about how individual people are "lazy and selfish" with their data. It's nice that you pay lip service to "these companies suck", but when you spend the majority of your comments focusing on the individuals in the system, on a post that isn't about them, then you are victim-blaming, and perhaps you should stop.
posted by XtinaS at 1:10 PM on November 9 [7 favorites]


We need to drastically limit our own corporations' knowledge about us in part to prevent the very real dystopian threats :

We're building a dystopia just to make people click on ads

Why China’s AI push is worrying
posted by jeffburdges at 1:38 PM on November 9 [5 favorites]


Data point about how Facebook definitely reads/scans Messenger content (apart from all the weird 'why am I seeing this ad about something I mentioned once over chat to a friend?' type of coincidences): in discussing the Charlottesville riot with a friend, I asked him, "Have you seen the Vice video?" Within an hour, the message had been deleted from both of our logs, replaced with "This message has been deleted due to harmful or abusive content." My wording might be slightly off, but regardless, the message was innocuous and neither of us reported it. I submitted a report to Facebook asking how this had happened and why, though they never responded to it.

Like an above poster, not long after, I permanently deleted my Facebook account.
posted by nonmerci at 1:56 PM on November 9 [5 favorites]


but his real point is to start developing the mindset that government should regulate Facebook and Google

But not Equifax or Transunion or Fair Issac or Acxiom or Alliance Data or CoreLogic or a thousand other companies that aren't part of the "Big Tech"-related Two Minutes Hate?
posted by MikeKD at 1:56 PM on November 9 [4 favorites]


I am not on Facebook.
I have never been on Facebook.
I run NoScript and Ghostery and multiple ad blockers.

I am sure Facebook still knows a shit ton of stuff about me. Probably almost as much as they'd know if I had joined.

Because what are my friends and relatives doing? They're putting up pictures of groups at parties, and identifying the people in them. They're talking about things we did together, with the other people I know. They are letting Facebook scrape their contact list. I'm sure Facebook is collating all that and is ready and waiting for me to join. They'll already have enough info to (correctly!) suggest huge numbers of friends to me, and to advertise to me, and send me the news stories for my particular political bubble, before I ever even click "Like" for the first time. I am sure it will be instantly cozy there.

They know us all, whether we join or not.
posted by elizilla at 1:58 PM on November 9 [17 favorites]


Oh and the credit bureaus are the same. They know all about me whether or not I interact directly. Google and Amazon know me too though in their cases I do directly interact with them.
posted by elizilla at 2:32 PM on November 9 [1 favorite]


Facebook keeps tagging me in photos as my mother, so there's hope for us yet. Right? RIGHT?
posted by Stewriffic at 2:40 PM on November 9


Or as an alternative, those who are frustrated by the personal impact of their friends' failure to adequately protect their data could just stay offline where it's safe, at least until such time as Our Benevolent Corporate Masters bow to public and legislative pressure and put a halt to these immoral practices.

Yes, I suppose that people who are being stalked, harassed, and doxxed can just stay "offline" entirely, including not having a phone at all and not letting anyone know where they live, because you can't be bothered to stop literally handing other people's private information over to the companies that profit from it.

Just so we're 100% clear what you're saying here. You are telling people who have been victimized that it's asking too much, and they should just wait for legislative solutions.
posted by ernielundquist at 2:52 PM on November 9 [2 favorites]


In looking at my advertising settings on Facebook, I discovered that Facebook has determined that I'm African American. So they definitely do get stuff wrong (I'm white). I haven't noticed that affecting the ads I'm getting.
posted by grae at 2:53 PM on November 9


Big Tech needs to be more responsible. But let's not forget who is bottom line responsible for manipulating these big dumb advertising engines...the Republican Party hand in hand with the Russian oligarchs.
posted by Abehammerb Lincoln at 3:50 PM on November 9


Equifax needs to be dissolved, their data erased, and their remaining assets sold to pay off class action suits.

I think the W3C shares some of the blame here. We saw the despicable corporate stooges they became recently with their standardizing of EME, but obviously they could've actually contemplated security sooner.

As for Google, Facebook, etc., we could make Ad Blockers standard for all browsers and make attempting to circumvent them punishable, ala CFAA, DMCA, etc.
posted by jeffburdges at 4:14 PM on November 9 [2 favorites]


This is a myth. Messenger doesn't listen in on your conversations.

When anecdotal evidence becomes actual data. Happened to me, happened to more than one other person in the thread. Google, Amazon and Facebook are straight up lying when they claim they're not listening in on your everyday convos while pretending to be idle, and absolutely taking action on what they heard.

"Wrench bottom" is a good one. Mine I won't share, but it was similarly unique, and the intimate nature of it... fuck.

Goddamn. I'm a no-kidding network security expert. CISSP, advance certs from the big edge network appliance vendors and cloud security vendors.

This is a huge fucking deal and paid professionals have no idea how to counter it. We're mostly pretending it doesn't exist, and if it does exist, it doesn't affect us, and if it does affect us, it's not so bad.

Fffffffffuck.
posted by Slap*Happy at 6:02 PM on November 9 [9 favorites]


> Reply All did a story about Facebook Messenger supposedly listening in. Alex Goldman was pretty adamant that this was just the coincidence of Facebook buying a lot of data and then serving ads based on effective use of data, but, over the course of the episode, there were increasing number of things that couldn't be explained away so easily.

I think the "Facebook is listening through your phone!" meme persists as an attempt to grapple with the not-at-all-intuitive reality of how ad targeting works. We can understand the phone as a little corporate eavesdropper who listens to us in real time; it's much weirder to think that we see a given advertisement because six months ago we happened to click URL A with params B when we were logged into account C (we weren't even on C's website!) and just six weeks ago our friend X took action Y which toggled potential purchaser flag Z for everyone in their social graph who was bucketed in segment EFG based on five years of personal info that got dumped into some black-box middleman who sells custom social media audiences.

We think of things in real time, in the moment, processed by other humans. Facebook listening right now, in this moment is easier to understand than the weird years of information scribbled down about us for machines endlessly cross-reference and digest.

Not that I don't think Facebook would listen if they could, it's just that making reasonable sense of always-on natural language processing seems way, way harder than social graphs and activity histories.
posted by postcommunism at 6:23 PM on November 9 [1 favorite]


It's not my fault, society made me do it.
posted by some loser at 6:28 PM on November 9 [1 favorite]


A couple of weeks ago, my co-worker and I went to get coffee. We each had our phones and were discussing a particular appliance; I mentioned a particular store I had seen an ad in that day's newspaper (dead tree edition). When we got back to our desks, she navigated to a news site and got an ad for that particular appliance; I opened Instagram and there was an ad for the store I had mentioned. Someone was listening.
posted by mogget at 6:33 PM on November 9 [3 favorites]


I kind of...don’t understand people’s skepticism.

Can these companies listen in on your conversations if they want?

Is anything stopping them?

If yes and no, then of course they are.

I mean...What in the history of this capitalist century leaves you to believe they wouldn’t do it if they could? Or try to find a way to monetize the ability?
posted by schadenfrau at 6:37 PM on November 9 [11 favorites]


I think the "Facebook is listening through your phone!" meme persists as an attempt to grapple with the not-at-all-intuitive reality of how ad targeting works.

Bader-Meinhoff. Or, if you're a counter-culture slacker like me, Plate of Shrimp. There's a weird or unusual phrase, so it sticks in your medium-term memory, and the mental mechanics that make deja vu happen go into effect, get it. Happens. Especially if you're looking for it, it's fun.

This is different. This is not it.

Wrench bottom. The freak-Slap-*-Happy-the-hell-out phrase. The fucking algorithm is weighting for uniqueness.

You may have been sold a spiel on how targeted ads work, and they probably still do, but this is new and real and not that.
posted by Slap*Happy at 6:52 PM on November 9 [3 favorites]


I'm not on Facebook, Instagram or Pinterest, and my Twitter is moribund. I have most ad tracking turned off. Google thinks I'm a senior-citizen guy. (They keep offering me seniors' dating sites and shaving equipment.)
posted by ErisLordFreedom at 9:01 PM on November 9


Hey, this sounds familiar!

Paging blue_beetle.
posted by bendy at 10:11 PM on November 9


There's potentially a bit of a cat among the pigeons moment coming for all of this. There's already a significant gap between US and EU privacy laws and the first major overhaul of European-wide laws for twenty years comes into force next May, the engagingly-titled 'Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)', or GDPR for short (Wikipedia).

This comes into force overnight and applies to any organisation that does anything with the personal data of any EU resident.

The pieces of the regulation which will grab the most headlines are the really beefed up enforcement powers - fines of up to €20 million or 4% of global turnover. In reality sanctions at that scale aren't going to be dished out but a side effect of the scramble for businesses to be compliant ahead of the date will be greatly increased awareness among individuals of their rights, which are already quite extensive. This will lead to more subject access requests (any organisation that holds information on me has to give me a copy of that information, correct any mistakes etc.) and more people discovering they have relationships with an extremely surprising amount of data brokers they've never heard of.

The consent basis is being sharpened up considerably. In order for any organisation to collect and use my data I must have given my explicit consent. That consent must include a clear explanation of what purposes the data will be used for. I must be able to withdraw that consent at any time.

So it's going to be very interesting to see how that pans out for organisations who have acquired personal information without freely-given consent, as this applies to all data and not just that collected after the regulation comes into force.
posted by o seasons o castles at 2:10 AM on November 10 [5 favorites]


A way to poke Facebook off its uncontested perch - "Luigi Zingales and Guy Rolnik of the University of Chicago have proposed an intriguing idea. They build on the concept of “number portability”, the principle that you own your own phone number, and you can take your number with you to a different phone provider. The idea has promise in retail banking.Zingales and Rolnik suggest an analogy: social graph portability."

Right to an API Key - "One might argue that there could be competition between marketplaces, but due to network effects there are likely to only be a couple of big ones that matter. There is a simple and universal regulatory change that would dramatically shift the bargaining power: an individual right to an API Key. By this I mean a key that would give an enduser *full* read/write access to the system including every action or screen the enduser can take or see on the web site or application."
posted by kliuless at 6:07 AM on November 10 [6 favorites]


It's Getting Harder for Tech Companies To Deny Responsibility for Content - "[Senator Dianne Feinstein:] 'You bear this responsibility. You created these platforms, and now they're being misused. And you have to be the ones who do something about it, or we will'... So far, the talk about a crackdown on Big Tech is just talk. But Feinstein was knowingly hinting at one of the tech industry's most prized laws -- Section 230 of the 1996 Communications Decency Act, known as CDA 230. The law precludes companies from being held legally liable for the content their users post on their websites."
posted by kliuless at 6:14 AM on November 10 [4 favorites]


They know us all, whether we join or not.

Find a picture of me online.

Go ahead.

I'll wait.
posted by flabdablet at 7:22 AM on November 10 [1 favorite]


"what problem? I am very good at internet privacy!" is the new "if you don't like being groped by the TSA just don't fly anywhere..."
posted by odinsdream at 10:26 AM on November 10 [1 favorite]


Pictures are relatively easy to control. Not perfect of course. You probably couldn't find a picture of me, either, although there probably are some somewhere. But what use are pictures, anyway, compared to some of the other information out there? Pictures aren't the ultimate personally identifying information or anything.

In the US, there are virtually no privacy protections for regular citizens. The laws we do have are ridiculously narrow in both scope and applicability. HIPAA, for example, only applies to HIPAA compliant institutions. Anyone else who discovers personal health information about you is free to disseminate it, and there are a lot of organizations doing just that right now--gathering, predicting, and selling private and often very sensitive health information on the open market, and there is nothing we can do to stop them at this point.

Companies like Facebook and Google, similarly, are allowed to do pretty much anything they like with the vast quantities of information they gather about Americans, often without any sort of consent at all. The only thing that keeps that information from being similarly sold is that that information is more valuable to them if it's proprietary. Stop and think about that: Your personal, private information is their closely guarded intellectual property. It consists of both hard data as well as speculative data based on predictive models. You can see the tip of this sometimes if you find lists of "ad preferences" or "interests" or something on various services, and people usually take comfort in the fact that some of the information they see is inaccurate, but 1) sometimes, I suspect they inject inaccuracy into their customer facing reports to give people the impression their techniques are less effective than they are, and 2) the effect of these is mostly significant statistically. Statistics get less accurate as the group gets smaller, so they're always going to have a fair number of flaws with a group of one.

In the US, there is very little we can do to keep our private information private once it's been exposed. Pictures are the least of the problem.
posted by ernielundquist at 10:58 AM on November 10 [1 favorite]


Find a picture of me online.

I'm not going to do that because I am not a total privacy invading shit. I have no idea who you are and don't plan to try to find out.

I know a guy who makes a huge, dramatic, socially awkward fuss to prevent people from taking his picture. Maybe you are like him. Heck, maybe you ARE him! Despite the fuss, I doubt that he has successfully avoided ever being photographed. He has IRL friends and acquaintances, and he goes out into public spaces. I bet Facebook has pictures of him. And that acquaintances have tagged them. Not maliciously. Just that the number of people who don't think twice about doing that, vastly outnumbers those who do think twice. And the world is full of heavily used cameras.
posted by elizilla at 11:20 AM on November 10 [1 favorite]


TSA Plans to Use Face Recognition to Track Americans Through Airports
while Facebook and Google plan to track them everywhere else.
posted by jeffburdges at 11:54 AM on November 10


It's horrifying and kind of repulsive, really, how many people are gleefully endorsing violating people's personal boundaries, and even mocking them for having boundaries in the first place. (Oh, but WHY don't you want [pick literally anything else]? Everyone does it, and you know, sometimes it's an accident! Why are you trying to make everything awkward? Anyway, we're just going to keep doing it to you because we think you're just being dramatic.)

And that's why these big behemoths that traffic in people's private information will never really be held accountable. They've normalized the idea of disrespecting people's privacy to a point that would have been horrifying to most as little as ten or twenty years ago, to the point that many people are downright hostile toward anyone who just wants to keep their own private life private.

These norms changed incredibly quickly, with very little public discourse, and virtually no oversight, and the loudest voices are the ones who are personally invested in the data collectors' business models, financially or emotionally.

So we'll faff around, probably, maybe congress will manage to get a promise from Facebook to stop running obviously foreign funded political ads, then down the road, maybe there'll be a kerfuffle about frauds targeting vulnerable populations, and we'll squeeze some little concession out of them for that, then domestic violence, child exploitation, etc., and they'll get some little concessions in the form of nice words without accountability attached, and maybe they'll fine them some pocket change here and there.

But as far as any real, clear, systemic solution to the underlying problem, that'll never happen as long as we have this narrative that people who care about privacy are crazy and they should be ignored.
posted by ernielundquist at 2:43 PM on November 10 [2 favorites]


Just that the number of people who don't think twice about doing that, vastly outnumbers those who do think twice.

I suppose this is the litmus test for determining if something is alright or not?
posted by some loser at 3:08 PM on November 10 [1 favorite]


When I was younger I worked for a startup that extracted LTE baseband diagnostic data and sent it to a big data back end to extract various high value metrics. We then sold that data to various carriers (think Sprint). It was worth in excess of $200M a year, which is small potatoes.

For the less knowledgable reader, your cell phone's baseband is the part that is always running so that you can receive phone calls/messages when you phone otherwise appears to be off. It has full access to the power subsystem and depending on the design of the processor, full access to the SoC memory bus and hence to all data on the phone. Also, all SMS and pics are sent unencrypted through the baseband. It controls the PMIC and hence can activate the microphone, speakers, flash parts, etc. without any visible change to the user. This is not some evil plot, it is the way that all mobile phones work.

The data endpoints at the carrier level, both ingress and egress, are examined with deep packet inspection. Which is to say that the system knew the destination off all data that you sent and the source of all data that you received. For all data that crossed their network. Which is all of your data, plus a lot of everybody else's data. Again, no evil here, it is the way that big carriers work.

The carriers typically have ownership or data sharing agreements with media companies and financial data clearing houses. The system took their inputs as well. Not evil, this is the way that billing, cross licensing, zero costing agreements, and etc. work.

The upshot of all this is that a carrier like Verizon knows your location to GPS accuracy aided by tower lateration, who you are talking to, what media you are consuming, what you are buying, and who you are nearby (via their mobile phones). Again, this is not evil. It is the way that the system works.

The carrier that I helped sell this particular system to used their customer agreements to make sure that their users agreed to allow the above. So, all of the above is completely legal, not evil, and commonly accepted practice.

I wonder if the people on this thread who are all "the customer should know better", "you'll never find me on the net", "I deleted my FB account", do they know how thoroughly they have been pantsed? Do they know that if they have a mobile phone, pay for a mobile phone, are around a mobile phone, watch Netflix, etc. buy things with a credit card, that they are in the system? I worry that they may be speaking from a profound level of ignorance. Someone should tell them.
posted by pdoege at 7:11 PM on November 10 [6 favorites]


as far as any real, clear, systemic solution to the underlying problem, that'll never happen as long as we have this narrative that people who care about privacy are crazy and they should be ignored.

rms looks a little more like Cassandra every single year.
posted by flabdablet at 10:28 PM on November 10 [1 favorite]


It controls the PMIC and hence can activate the microphone, speakers, flash parts, etc. without any visible change to the user. This is not some evil plot, it is the way that all mobile phones work.

Any sufficiently advanced stupidity is indistinguishable from malice.
posted by flabdablet at 10:30 PM on November 10 [4 favorites]


These norms changed incredibly quickly, with very little public discourse, and virtually no oversight

They did indeed.

Their fundamental technological basis - ubiquitous cameras in phones - has been a thing for only about half a generation.
posted by flabdablet at 3:35 AM on November 12


I wonder if the people on this thread who are all "the customer should know better", "you'll never find me on the net", "I deleted my FB account", do they know how thoroughly they have been pantsed? Do they know that if they have a mobile phone, pay for a mobile phone, are around a mobile phone, watch Netflix, etc. buy things with a credit card, that they are in the system? I worry that they may be speaking from a profound level of ignorance. Someone should tell them.

What gave you the idea that people didn't know they were in "the system"? I haven't seen any indication that people don't know that they are being tracked. The Equifax hack was like ten minutes ago, so pretty much anyone who wasn't aware already became aware then.

And what's your point, anyway? All your base are belong to us already, so NBD? May as well just forget about it?
posted by ernielundquist at 9:07 AM on November 12 [1 favorite]


If you think Senator Franken’s intended audience was tech nerds, you know absolutely nothing about politics.

Sen. Franken's intended audience was (1) his allies in the Democratic Party and (2) the US press corpse; its function is to digest and "augment" proceedings of yet another committee hearing that many Americans will never listen to, so to produce "manufactured consensus."

The issues engrossed by so-called investigation of advertising purchased by one foreign buyer --Russian agents-- does not require technical knowledge of IP protocols and telecommunication devices than understanding that a data server is not a cloud. More important though to deliberating the pretext of "meddling and interference" in "democracy", interlocutors should possess minimal familiarity with current "best practices" of digital marketing industry in which they AND the witnesses participate. They do not.

For example, @ 00:53:32
FEINSTEIN: A quick one for Twitter. Twitter produced images from tweets that contain false voting information, example, telling voters they could vote by sending a text message, all targeting likely Clinton voters just before the election. Twitter initially responded to complaints saying Twitter had, quote, determined that it was not in violation of our rules . Twitter has said that there was no obvious Russian origin. The posts were removed only after Twitter's CEO was directly notified by a Twitter user That's the facts as I understand them. Why was this false content allowed to remain in place?
EDGETT: My understanding is, once we had user reports of the content we began to remove it as a illegal voter suppression And the interesting thing about the text-to-vote tweets that we shared with your staff was uh there was a small amount of tweets relative to the size of the platform. But impressions of tweets calling out those things as fake were eight time as large. We had ten times the number of re-tweets calling out those things as fake.
FEINSTEIN: Could you say that again? Impressions? I don't quite understand.
EDGETT: Okay. Thank you. Thank you for your question so we're all on the same page. Impressions is a metric we use to determine whether a tweet has been in view on our product so potentially seen by a user. But the interesting thing about the text-to-vote tweets were that we saw the complete counter-narrative around them. The Twitter community coming together and seizing on them to let everyone know that they were, that they were fake. But Twitter did action those tweets and remove them from the platform.
Over all, interrogation of the witnesses sought their agreement as publishers ("platforms") to execute censorship of "user content" that the US government may not attempt in risking violation of 1st Amendment protections. For example, 00:32:00-00:38:16
SEN. SHELDON WHITEHOUSE: Thank you, Chairman. So I take it we can all agree that the Russians did in fact interfere and meddle in the 2016 elections. Your observations on that are consistent with what our intelligence community reports. Is that correct? Mr. Stretch?
STRETCH: That's correct, senator.
WHITEHOUSE: Mr. Edgett?
EDGETT: That's correct.
WHITEHOUSE: Mr. Salgado?
SALGADO: That's true.
WHITEHOUSE: Okay. And I gather that all of your companies have moved beyond any notion that your job is only to provide a platform, and whatever goes across it is not your affair?
STRETCH: Senator, I, our commitment to addressing this problem is unwavering. We take this very seriously are committed to investing as is necessary to prevent this from happening again. Absolutely.
posted by marycatherine at 9:14 AM on November 12


This is exactly what the tech bros said, too

No. It was not. I listened to three hours of testimony in its entirety. Franken is the only one who could be construed to have alluded to payment processing, much less international clearing houses. Even in this regard the witnesses' responses hewed to quantitative and qualitative defenses of "user experience," common techniques employed to eliminate content identified by users as objectionable.

Maybe investigating transactions that are brokered through those third-party FX facilities is step 2, but that can't happen in the absence of step 1.

Am I to understand that "step 1" is to instantiate the US "intelligence community" assessment that Russian agents meddled and interfered in US citizens' electioneering? If so, am I then to understand that "step 2" necessarily justifies senators' expectation that "platforms" must be able to certify the origin of all advertisers? For example, @ 00:39:00
WHITEHOUSE: You are all also corporations have I believe headquarters and significant operations in the state of California. California has a state law regarding disclosure. Presumably you comply with that state law with regard to customers in California ah Are there lessons and recommendations that you would have for us in evaluating the effectiveness of the California disclosure law? [PAUSE] And given the short amount of time I have, I suppose, give me just a very very brief do you follow that law and, and very brief response to it, and then we can flesh out any question for the record how much of a model that might be for this committee to look at.
STRETCH: So, Senator, we comply with all applicable law. In terms of disclosure going forward we made an announcement last week that we drew on some of the ideas from the ah Honest Ads Act which Senator Klobachar had introduced ah intended to ah bring ads' transparency um really into the political realm, creating a repository of searchable ads, providing innovative ways to for advertisers to meet their disclosure requirements, and requiring documentation and information so that we can ensure that advertisers are not running political ads on Facebook in violation of federal election law.
WHITEHOUSE: So let me ask what will probably be my last question of this round anyway which is that you are all prepared as I understand it to undertake to make sure that you can trace content that goes across your platform that qualifies for concern in this area back to a legitimate source. So you know if it's a Russian who's actually running it, so if you know it's an imaginary entity that's actually running it. How do you deal with the problem of a legitimate and lawful but phony American shell corporation? One that calls itself, say, Americans for Puppies and Prosperity has a dropbox as its address and a fifty million dollar check in its bank book that it's using to spend to manipulate election outcomes?
posted by marycatherine at 9:25 AM on November 12


This is exactly what the tech bros said, too

No. It was not. I listened to three hours of testimony in its entirety. Franken is the only one who could be construed to have alluded to payment processing, much less international clearing houses.


I did too, and I was sure they said something. Happily, the internet has a better memory than my vague handwaving: “The reason I’m hesitating on foreign currency is it’s relatively easy for bad actors to switch currencies,” Mr. Stretch said. “So it’s a signal, but not enough.”.

Am I to understand that "step 1" is to instantiate the US "intelligence community" assessment that Russian agents meddled and interfered in US citizens' electioneering?

I guess I could have been more clear. Step 1 is to either disallow, or flag for further review, or put in place more stringent identification measures, in the case of the use of foreign funds for the paid placement of electioneering communications, an easy first step to avoid running afoul of 52 U.S. Code § 30121 (a)(1)(C), regardless of any specific recent assessment by the intelligence community (why the scare quotes?). As someone who has lived abroad for many years and likely will again in the near future, I'm sensitive to the issue of not disenfranchising the voice of Americans abroad, so I could see there being a lot of discussion around the right compromise position, but they. did. nothing.

I worry the following may get lost in your reference to the intelligence community assessment as if that is all we have to go on: let's not forget that Facebook and Twitter THEMSELVES disclosed that at least 126 million Americans saw content paid for by the Internet Research Agency during the election cycle. That at least one known actor for the Kremlin waged a large scale disinformation campaign on social media platforms during the election is simply not a question up for debate.

If so, am I then to understand that "step 2" necessarily justifies senators' expectation that "platforms" must be able to certify the origin of all advertisers?

Step 2 is .... SOMETHING. ANYTHING. I don't necessarily know what will be best, but again, they. did. nothing, and nothing didn't work. I'm surprised at your aggressively interrogating the idea that there should be something beyond investigating foreign funding for political ads, since you started out by saying that wouldn't get much on its own. What did I miss?
posted by solotoro at 2:15 PM on November 13


Step 2 is .... SOMETHING. ANYTHING. I don't necessarily know what will be best, but again, they. did. nothing, and nothing didn't work.

Just because sometimes I think we lose sight of this, it's not your (or our) job to fix their business model. They fucked things up really really bad, and if they can't figure out a way to accurately and consistently vet their ads to ensure it never happens again, they should stop selling advertising until they do. And if they can't figure out a way to continue doing business without ad sales, oh well. They should have tried not sucking or something. I dunno. Not my problem.

The US government and people are not obligated to provide them with free consulting services to fix their problems. Every last one of them is expendable.
posted by ernielundquist at 3:49 PM on November 13 [2 favorites]


The upshot of all this is that a carrier like Verizon knows your location to GPS accuracy aided by tower lateration, who you are talking to, what media you are consuming, what you are buying, and who you are nearby (via their mobile phones).

Also! Alsoalsoalsoalso - if you have Bluetooth and WiFi turned on? If you go into the store of a major retailer, they know what aisles you're shopping, what displays you're lingering near. They can correlate it to all of your social networking and cloud services accounts! ALL OF THEM. In return, the social networking and cloud services will now correlate your anonymous alts with actual you. You're welcome!

Again, this is not evil. It is the way that the system works.

Maybe, perhaps, the system is evil at its core? Kinda designed that way? Shocker, I know, completely unexpected plot twist but...
posted by Slap*Happy at 7:31 PM on November 13 [5 favorites]




« Older Piano Quintets   |   July 26, 1965--A Love Supreme Live Newer »


You are not currently logged in. Log in or create a new account to post comments.