Your Privacy

March 9, 2019
axios.com
Axios AM Deep Dive: Mass invasion of your privacy

Personal data is one of our most valuable assets, but we’ve given it away to the world’s most powerful corporations.

  • This week, Axios’ Kim Hart, David McCabe, Sara Fischer, Kaveh Waddell and Joe Uchill dive into modern consumers’ vanishing privacy and the next act for our data.
1 big thing: Privacy unravels
Illustration of black and white photo broken up into pieces
Illustration: Sarah Grillo/Axios
The grand bargain of the digital age, in which consumers have traded their data for free services, is coming apart. And it may be too late to regain control of the personal data that’s been bought, sold and leaked all over the web for the past three decades, Kim Hart and Sara Fischer write.

Why it matters: If information is power, our lackadaisical approach to safeguarding details about our lives has made a handful of companies more powerful than we ever expected, and it’s made consumers more vulnerable than ever.

  • A majority of Americans (64%) say they have personally experienced a major data breach, according to Pew Research Center.
  • Americans listed privacy of data as the top priority companies should address, beating issues like poverty and gun violence, according to the Axios-Harris Poll 100.

Here’s what it’s come to:

The big picture: A reckoning is underway. Major tech companies have announced sweeping changes to their businesses, with privacy — or at least their own versions of privacy— in mind.

  • Just this week, Facebook CEO Mark Zuckerberg said the company will rebuild all its services and apps around several privacy-focused principles, a major departure from how the company has positioned itself for the past decade.
  • New online models that prioritize more data control are beginning to take shape, like innovative data storage and transfer mechanisms and new ways of thinking about data ownership and portability.

Yes, but: The reckoning will happen slowly, and few people have said they’d be willing to pay to access services.

  • The majority of respondents in an Axios/SurveyMonkey poll say they’re unlikely to pay for a company to not track their personal data.
  • Business models are cemented around the capture and trading of personal information, and consumers are still hooked on the free, real-time services they get in exchange for that data.
  • Surprisingly few consumers are taking meaningful action to restrict access to that data, or even read privacy policies. There’s also no clear way for consumers to see how their data is priced and bartered.

Be smart: Giving consumers more control of their data also means they’d have to take more responsibility for it and actively manage it, like managing financial accounts. And there’s going to be a lot more to manage over time.

What’s next: In 2025, each connected person will have at least one data interaction every 18 seconds — or nearly 5,000 times per day, according to a recent IDC white paper.

  • Somebody’s going to benefit from all that information.
2. Poll: Creeping toward crisis

Data: SurveyMonkey online poll conducted March 5-6, 2019 among 2,122 U.S. adults. Total margin of error is ±3.5 percentage points; Poll methodology; Chart: Chris Canipe/Axios

Most consumers (58%) think the threat to online privacy is a crisis, an uptick from last June when consumers were more evenly split.

Young people are more willing to accept things as they are, according to an Axios-SurveyMonkey poll.

  • 18–24-year-olds are most split with only 1 percentage point separating those who accept some risks (48%) and those who want to force change (47%).
  • But for those 65 and older, 62% say the current situation is a crisis.
3. How much is your Facebook data worth?
Illustration of black and white photo broken up into pieces
Illustration: Sarah Grillo/Axios
Consumer data has long been the core asset of the internet economy, but consumers have never been able to put a tangible price on the data they share, David McCabe and Kaveh Waddell write.

Scoop: Sen. Mark Warner (D-Va.) is drafting a bill that would require web platforms of a certain size, including Facebook and Google, to regularly tell users the value of their data, according to a person with direct knowledge of the proposal.

  • The proposal would also require platforms to tell the Securities and Exchange Commission how it obtained data that holds commercial value, as well as the total value of their data holdings.
  • Platforms would have to tell users what data had been gathered from them and how it’s used for commercial gain.

In California, Gov. Gavin Newsom is developing a “Data Dividend” to let residents be paid for access to their information so they can “share in the wealth that is created from their data.”

Economists ran a 2017 experiment to estimate the actual value of these free services. They asked participants in the Netherlands the least amount of money they would accept to leave an online service for a month. Their average answers:

  • About $115 to avoid giving up Facebook
  • A whopping $610 to give up WhatsApp
  • Under $1 in order to keep using Skype or Twitter

In an Axios-SurveyMonkey poll, 54% said they wouldn’t pay to avoid having their data tracked.

  • Of those who would consider paying, 21% would be willing to pay less than $1 at most, and 15% would be willing to pay less than $5 at most.
  • Young people aged 18–24 (45%) were more likely to be willing to pay than people aged 65 and older (25%).

Yes, but: Data is most valuable when it’s interacting with other data, like purchase history, location and communication patterns. That means the value of an individual’s data is worth less on its own than when it’s on a service like Facebook that has massive scale.

A MESSAGE FROM CHARTER COMMUNICATIONS

Empowering consumers to control their information online
Consumers deserve privacy protections no matter where they go online. Charter supports strong online privacy protections that give consumers meaningful control over how their data is used and shared.
4. The murky world of data brokers
Illustration of black and white photo broken up into pieces
Illustration: Sarah Grillo/Axios
The little-known companies that underpin millions of transactions on and off the internet probably know more about you than your closest relatives or friends, Sara Fischer writes.

Data brokers have been around for decades, but they’ve grown increasingly powerful in the internet era due to their ability to instantaneously capture information about people as they surf the web.

  • Most brokers buy and sell “third-party” data, meaning they collect user information, even though they don’t have a direct relationship with that user.
  • Big web publishers, like Facebook, Google or even popular news sites, often buy data from data brokers to sell better-targeted ads.

The big picture: Facebook’s Cambridge Analytica data privacy scandallast year shed light on just how murky those transactions can be, and how invasive it can feel to consumers who are largely unaware of the ways their data is being harvested.

  • A new Vermont law requires that data brokers register with the government, revealing 121 data brokers that mine everything from political affiliations to credit scores.

Yes, but: Despite increased scrutiny, data brokers are doing just fine.

  • Acxiom and Experian — two of the largest data brokers — have seen financial gains over the past year.
  • Equifax, a U.S.-based credit data company that experienced a massive breach in 2017, has largely recovered financially from the snafu, and Congress hasn’t meaningfully addressed the incident.
Share on Facebook Tweet this Story Post to LinkedIn Email this Story
5. “Anonymous” isn’t really anonymous
Illustration of black and white photo broken up into pieces
Illustration: Sarah Grillo/Axios
Most data brokers avoid scrutiny by saying the data they collect and sell is anonymized, or a summary of a lot of people’s information, rather than a single individual’s data.

Yes, but: That anonymous data can be used to pinpoint real people, or match that data to other supposedly anonymous profiles, Joe Uchill writes.

  • In 2006, AOL released search histories of 657,000 anonymous Americans, hoping the data could spur new research. But those searches contained things like locations, ages and genders — ultimately linkable back to specific people.
  • Researchers like Latanya Sweeney have discovered a variety of other ways to reverse more subtle forms of information. In fact, most Americans can be identified by birthday, gender and zip code, she discovered when she led Harvard’s Data Privacy Lab.
  • Last year, researchers noticed that hashing email addresses — thought to be an anonymizing mathematical function that would turn email addresses into gibberish — could be reversed by taking lists of leaked email addresses and performing trial and error searches.
“Once released, information is hard to control. Thus, over time, the more information and data can be linked and analyzed, the higher the likelihood of being able to make sensitive inferences from it for larger groups of people.”
— Alessandro Acquisti, a Carnegie Mellon Professor who has studied re-identification
Share on Facebook Tweet this Story Post to LinkedIn Email this Story
6. The mad dash to regulate
Illustration of black and white photo broken up into pieces
Illustration: Sarah Grillo/Axios
While Europe has taken the lead on imposing strict privacy rules, online platforms enjoy lighter oversight in the U.S., David McCabe writes.

  • States are stepping up to fill the void. Silicon Valley is most panicked about California’s privacy law that takes effect next year. Washington state, New York and others are drafting their own rules.

Tech giants have made it clear that their top priority is persuading Congress to pass legislation that overrules, or “pre-empts,” state laws.

  • Democrats on Capitol Hill see an opening to impose some tough requirements — like giving the Federal Trade Commission more authority or making web platforms more liable for data leaks — as part of that bargain.

The clock is ticking: This year is the most likely window for bipartisan legislation, as passing laws during the 2020 election year will be tough.

Share on Facebook Tweet this Story Post to LinkedIn Email this Story
7. China’s data boom

Data: International Data Corporation; Chart: Chris Canipe

The world’s data is estimated to balloon to 5 times its size between 2018 and 2025, a result of companies’ increasingly frantic data collection for marketing, personalization and training AI systems.

  • China’s data trove is growing particularly fast — 3% faster than the global average, Kaveh Waddell writes.
  • This is an enormous asset for Chinese AI companies, which can use it to train more accurate facial recognition algorithms, or develop a nationwide “social credit” scoring system.
Share on Facebook Tweet this Story Post to LinkedIn Email this Story
8. The new data-guzzler: AI
Illustration of black and white photo broken up into pieces
Illustration: Sarah Grillo/Axios
AI may seem untethered from humans, but it actually hinges on data produced by people — and gathered by companies, Kaveh Waddell reports.

Why it matters: Information about who you are, what you own and how you behave will only become more coveted in the coming years, because they are the chief drivers of decision-making algorithms, voice assistants and self-driving cars.

What’s going on: If a machine is to act like a human, it must first learn how humans act. For that, it needs countless examples of how people would respond to various situations.

  • This process, known as “supervised learning,” is how AI systems have become capable of identifying certain problems in medical scans more accurately than human doctors, or of driving a car without human input.
  • When you use Amazon’s Alexa voice assistant, Facebook’s News Feed or Tesla’s Autopilot, the companies are watching your every move, and using your behavior to keep training their products.

Who trains AI systems? Sometimes, it’s grad students in a research lab; frequently, it’s workers on crowdsourcing sites or in cubicles in Malaysia or China, paid mere cents for every new datapoint they create.

  • But often, it’s you — and you’re working for free.
“The data-driven world will be always on, always tracking, always monitoring, always listening and always watching — because it will be always learning.”
— IDC white paper, “The Digitization of the World.”
Share on Facebook Tweet this Story Post to LinkedIn Email this Story

A MESSAGE FROM CHARTER COMMUNICATIONS

Consumers need strong uniform online privacy protections
Charter is calling for a national privacy framework based on an opt-in approach – enabling consumers to control their personal data, while allowing companies to innovate. Learn more.

Source

January 2, 2019
axios.com
What Facebook knows about you

On Facebook’s map of humanity, the node for “you” often includes vast awareness of your movements online and a surprising amount of info about what you do offline, too.

The big picture: Even when you’re cautious about sharing, Facebook’s dossier on you will be hefty. Facebook tackles its mission of “bringing the world closer together” by creating a map of humanity, and each of us represents a tiny node on this “social graph.”

Show less

Assembling your profile: This is where your Facebook presence begins.

  • When you create an account, Facebook asks for your name and birthdate, along with either a phone number or e-mail.
  • Then there’s all the information you give Facebook as you fill out your profile, potentially including schools, current and past occupations, relationship status, hometown and current city, as well as your physical address, birth name, website, and other social links.
  • All of this forms the core of the profile Facebook uses to serve you ads. It’s why you see offers for clever T-shirts based on your college or job.

Following what you do on Facebook: The company has near-total awareness of every move you make on its website or in its apps, including:

  • When you log in, how long you spend online and where you are logging in from — hence it can welcome you to new cities and suggest places to visit and eat (and also serve up local ads).
  • Places you check in.
  • The pages, accounts and hashtags you connect with on Facebook — and not just who you are connected with, but how often you interact and for how long.
  • Your contacts, if you choose to upload your phone book or call history.
  • Things you buy directly from or through Facebook, but also things you may not think about, like the metadata from photos you upload.
  • Your friends can tag you in posts and photos, which gives Facebook additional information. (You can choose to have this displayed publicly or not via privacy settings.)

Following what you say on Facebook Messenger: Facebook does scan your chat messages, but it isn’t exactly reading them — it runs an automated scan for child pornography and other banned content.

  • Messenger can collect information on who you talk to, how often and for how long, as well as phone history if users opt in. But the company says it isn’t serving ads based on the content of users’ messages.
  • It also has an option for users to encrypt their messages, but this is turned off by default.

Following you outside Facebook: Facebook sees you less thoroughly outside its own digital turf, but it still sees a lot. This data comes from two places: partner services and third-party information brokers.

  • Facebook has tools that partner websites use to integrate with Facebook, including the inclusion of “Like” and “Share” buttons, as well as a tracking cookie known as Facebook Pixel.
  • Thanks to an inquiry from Britain’s Parliament, we have a sense of how prevalent these methods are. According to Facebook, between April 9 and April 16 of 2018 there were 2.2 million Facebook Pixels, 8.4 million pages with a Like button and 931,000 pages with a button to Share on Facebook.
  • Facebook knows your location, even if you haven’t directly given it permission to access your phone’s GPS, by tracking the IP address of the phones, computers and other devices you use to access its servers.
  • Facebook also reserves the right to enhance its data trove by adding information from outside providersthough it has ended one program that mixed Facebook and third-party data for advertisersFrom its policy page: “We also receive information about your online and offline actions and purchases from third-party data providers who have the rights to provide us with your information.”

Following you across your apps: Many apps are connected to Facebook, including through its popular Facebook Login feature, which uses your Facebook account as a shortcut for you to sign in.

  • Developers can also use this system to get your permission to access Facebook data. In addition to iOS and Android, it also works across the web and on some smart TVs.
  • Integrating Facebook was once a way for outside apps to get a lot of info about you, but Facebook has tightened that up considerably, setting rules and instituting a review process for apps that want anything beyond basic identity information.

Following you at home and around town: Facebook’s new Portal video chat system is basically a camera that lives in your home.

What Facebook does with all this data: Facebook says, emphatically, that it doesn’t sell your information.

  • It does use the data to sell you to advertisers who set criteria for people they want to target. The more the company knows about you, the more valuable those advertisements can be.
  • It also uses the information to enhance its social graph, which it uses to build new features and products, and to power its suggestions of “People you may know.”

What Facebook doesn’t know about you: Facebook insists it doesn’t monitor your phone calls or secretly record you via microphone, despite long-running suspicions to the contrary.

The bottom line: Facebook’s privacy policies reinforce the message that “you have control over who sees what you share on Facebook.” But if you use Facebook at all, you don’t have much control over what Facebook itself sees about you.  Source

December 19, 2018
axios.com
Facebook shared users’ data with abandon

A fresh report from the New York Times on Tuesday night suggests that Facebook gave its partners even wider access to more user data (including private messages) for a longer time than previously known.

Why it matters: Silicon Valley insiders have a pretty thick skin when it comes to how much tech companies know about their users and how much they share with partners. Even still, Tuesday’s revelations were a shock.

The Times report found that, among other things:

  • Netflix and Spotify had access to users’ private messages (Netflix says it never asked for or used the access). It was granted presumably to allow sharing of what media they were consuming, but the access could have allowed far more.
  • Microsoft had access, unbeknownst to Facebook users, to see the names of all a user’s friends.
  • Even as Facebook stopped broadly sharing certain user data with partners, it maintains it allowed expanded access to not only hardware makers, but also to companies like Yahoo and Amazon.
  • As recently as 2017, Facebook was sharing user data with Yandex, the Russian search service. (Ukraine has accused it of feeding info to the Kremlin.)

The other side: Facebook classified most of these partnerships as “service providers” and maintained the relationships were therefore exempt from rules designed to prevent unauthorized data sharing that Facebook accepted as part of a consent decree with the Federal Trade Commission in 2011. The FTC isn’t commenting.

Facebook responded in a blog post last night.

  • It said that all the sharing reported by the Times was authorized by individual users who linked apps to Facebook or opted in to its personalization services.

The takeaway: It’s not clear that any of the partners misused the data. In many cases, it’s not even clear they wanted the broad access they received. Rather, Facebook appears so focused on growth that it didn’t make the effort to create tools that limited access to specifically what the partners needed.

The big picture: Users have spent much of 2018 trying to weigh whether the benefits of social media — chiefly, maintaining connections with friends — outweigh the privacy cost. But each day fresh evidence piles up in the cost column even as the benefits have held steady.

Yes, but: The saving grace for Facebook remains that there’s really no credible alternative with the same scale. The choice is to use Facebook and accept the risks, or miss out on the benefits entirely.

  • This need not be the equation forever. At this point, it’s not a question of whether many Facebook users wouldn’t leap at — and even pay for — an alternative, but rather whether anyone can replicate Facebook’s scale and reach.

Our thought bubble: Facebook’s FTC settlement was in 2011. That’s seven years during which the company was on legal and public notice to watch its step when it comes to protecting user data.

  • Everything in this story (on top of all the other issues/stories 2018 has brought us about Facebook’s cavalier approach to user data) suggests that Facebook simply did not prioritize protecting users’ information over cementing business relationships.   Source

December 18, 2018
axios.com
The Russian social media disease spread beyond Facebook and Google

The Russian propaganda campaign to disrupt our elections and divide Americans went far beyond Google and Facebook, infiltrating and infecting everything from Pinterest to PayPal.

Driving the news: New reports out Monday about Russia’s online disinformation efforts suggest that all of the major social media platforms, ranging from Facebook and Google’s empires to Reddit and Tumblr, were weaponized over the past two years. Facebook-owned Instagram was particularly “underestimated.”

Show less

Why it matters: Policymakers have been public about efforts to understand how big platforms can be weaponized, but they’ve failed to address how widespread these campaigns are on other platforms, as well as the systemic problems fueling them.

Details:

  • The rise of Instagram: A report from the nonprofit think tank New Knowledge found that in 2017, the Russian troll farm known as the Internet Research Agency (IRA) moved the bulk of its misinformation efforts to less-policed platforms, primarily Instagram, after more surveillance practices took hold on Facebook and Twitter.
  • Offline manipulation: It also suggests that the Russians used other platforms, like fake websites and PayPal accounts, to manipulate users to participate in hyper-political behavior offline, like protests or marches.
  • Luring “assets”: The report details how the IRA tried to lure people into doing tasks for them, like soliciting videos or legal requests, by using information against people with personal struggles around things like their sexuality.
  • Selling merchandise: They also set up accounts to promote socially divisive merchandise, like “LGBT-positive sex toys” on Instagram and Facebook.

Be smart: These findings demonstrate how quickly and easily bad actors are able to move manipulation efforts to new platforms when one site clamps down on malicious behavior. They also suggest how severely some features on these platforms, like messaging, can be abused by actors with bad intentions.

Between the lines: Some of the most eye-opening findings from the new reports are the ones that show how Russians exploited existing divisions around key moments or movements in the U.S. without being fully noticed at the time.

  • Political events: A study from Oxford University’s Computational Propaganda Project and network analysis firm Graphika shows that Russians exploited existing divisions between Americans by targeting them at key political moments online, like during the 2016 party conventions.
  • Disenfranchised voters: The Oxford study also points out that the IRA tried to campaign for black voters to boycott elections or follow the wrong voting procedures in 2016. In a statement, the Congressional Black Caucus says this is particularly concerning because “black voter turnout declined in 2016 — for the first time in 20 years.”
  • Racial tensions: The New Knowledge report shows that the IRA focused much of its attention on sowing discord among black audiences, particularly around the height of the Black Lives Matter movement in 2016 and the NFL national anthem controversy in 2017.

The big picture: The studies commissioned by the Senate come on the heels of other reports about ways other repressive regimes, in places like Iran and Myanmar, also use social media to exploit existing divisions within vulnerable populations.

  • Political referendums, in particular, tend to be a hot target. Reports over the past year also suggest that Russian actors sought to rile up citizens around referendums in places like SpainBritain and Macedonia.

The bottom line: One of the reasons social media platforms continue to be exploited is because the opacity of algorithms being used make many of these fictitious posts or misleading campaigns go viral.

  • There have been calls for greater transparency into the algorithms of social platforms after reports have found that on platforms like YouTube, viewers that watch one sensationalist video are then prompted to watch more, furthering radicalization.
  • But tech giants worry that exposing such information makes their platforms more open to abuse. Instead, they have been urging law enforcement officials to work more closely with them to address the intentions of bad actors before they blow up on their platforms.  Source

October 10, 2017
axios.com
How the Russians operated under our radar

Russia ran a disinformation campaign that was intentionally hard to track. As new evidence emerges of the Russians’ paid and organic digital media tactics, we’re starting to see that Russian operatives intentionally used many small, segregated campaigns across many automated platforms that often aren’t monitored by people, making it harder to get caught in the moment, if at all.

Why it matters: It will take a whole lot of investigative reporting to understand the extent of the Russian disinformation campaign that was used to meddle in the election and cause division, but we now have a good amount of context that can help us understand smart places to look.

Show less

How it worked: These were similar tactics used by spammers trying to traffic web pages to sell ads against them. Outlets like BuzzFeed News and The Daily Beast have done a particularly good job of looking in the right places:

  • Advertising on automated platforms, where the currency comes from Russia and the ads are micro-targeted to social and political groups.
  • Fake social media accounts and pages that spur divisive messaging from people who seem to have false identities or fake/bot accounts.
  • Insidious messaging around key social, political news events, like Black Lives Matter or the Muslim ban.

We weren’t prepared: The government’s lack of awareness, and thus regulation of social media technology, leaves tech platforms to monitor themselves — which didn’t provide much incentive for them to keep close tabs on how their platforms were being used for electoral manipulation.

For context, the United States has no governing body that’s responsible for regulating the Internet, other than false commercialization (handled by the FTC) and illegal content, like pornography (handled by the FCC). (Fake news is not illegal, although we are seeing now that it can be weaponized.)

If you look at the paid numbers, a lot of the revelations don’t find that Russians had tremendous paid budgets on separate platforms/products, but collectively it’s starting to add up. Of course, we don’t know if there’s more that was spent on these platforms that hasn’t been reported, and we don’t know if Russians spent money on other ad networks:

  • Google: “Tens of thousands” of ad dollars were spent across Google platforms, and were bought by a different group than the one that bought ads on Facebook.
  • Facebook: $100,000: Facebook says $100,000 of ads were purchased by Russian-backed groups on the platform and used targeting technology to reach certain people.
  • Twitter: $270,000+: Twitter said it sold more than $270,000 of ads to Russia-linked accounts during the 2016 election
  • By comparison: We’ve publicly uncovered less than a half million in paid spending by Russians groups so far. The Trump and Clinton campaigns collectively spent an estimated $800 million on Google and Facebook alone. Right now, the scale is not there on the paid side, but there’s probably more to come.

If you look at the organic numbers, reporting shows that Russians had extraordinary reach, but used hundreds of separate accounts to achieve it:

  • Jonathan Albright, research director of the Tow Center for Digital Journalism at Columbia University, has been tracking Russian Facebook and ad tech use for months. His latest report looks at the organic tactics used by Russian-controlled pages, links and engagements that he estimates could have reached or influenced hundreds of millions, if not billions of people.
  • Facebook shared 450 accounts as a part of their congressional review. Twitter said it found 22 accounts it shared with Facebook and an additional 179 related or linked accounts.  Source

11total visits,1visits today