Tag Archives: Privacy

Zuckerberg Unbound

Philip Roth wrote a series of books in the late 1970’s and early 1980’s. The middle one is called Zuckerman Unbound and deals with the relationship between an author (Roth’s alter-ego Zuckerman) and his creations. It’s not a great relationship although it is a pretty good book. Roth’s character seems to express regret for the books his younger self brought into the world, and at one point he finds out that a book he wrote has caused his mother a great deal of pain and suffering.

English: Mark Zuckerberg, Founder & CEO of Fac...

(Photo credit: Wikipedia)

I thought about Zuckerman as I watched (and am watching as I write this) another Zuck – Mark Zuckerberg of Facebook – testify before Congress about how his creation, designed to bring people together, has morphed into something that has blown many people and institutions apart. I doubt any of you reading today’s screed touch billions of people every day the way Facebook does, but I think there are some lessons to be learned here.

One thing that rings hollow for me is the apology offered to the committees. I and many others have been writing about Facebook’s lack of privacy and transparency for years. This isn’t something new nor is it something about which Facebook was unaware. One might suppose that they, like so many others in business, were of the mindset that it’s better to beg for forgiveness than to ask for permission. Bad call, and they’ll be doing a lot of begging as the inevitable new regulations on the use of data are put into place. That’s lesson one.

My favorite moment of yesterday’s hearing came when one senator informed Mr. Zuckerberg that Facebook’s “user agreement sucks.” It does, but it’s far from alone. I’d also argue that any “simple” agreement that links out to a dozen other pages for further explanations of things not explained in the initial policy is far from simple. I doubt I could pass a quiz on what Facebook can and can’t do with my information and I’ve been on the platform since 2006. Anyone that generates data that you’ll use to benefit your business should understand what they’re giving you and why. Lesson two.

I do know that Facebook gives the user a lot of control over who sees what although it really doesn’t do so by default. I’m less clear as to what they gather although I’ve downloaded my data and gone through it. Some of what is in there comes from activities off of Facebook, probably either through my use of a Facebook ID to log in or via the Facebook Beacon. How many users understand that they might be tracked EVERYWHERE by Facebook and not just when they’re using the service? Facebook would argue that you’re using the service when you use your Facebook ID to log in elsewhere but I think that’s specious. Yet another lack of transparency, and lesson three.

I wonder where Facebook goes from here. As far back as 2010, it’s been under attack for its privacy failures. It’s a business founded by a man who called users “dumb f^&ks” for giving him their information. Maybe like Zuckerman, he’ll come to realize that he needs to be unbound, cut loose from everything that made him what he was and fix the problems in a way that fulfills the promise of connecting the world that he espouses. At the moment, it appears that others may step in and take steps that alter his world forever.

What’s your take?


Leave a comment

Filed under Uncategorized

Today We Say I Told You So

I was at a startup event last evening and of course, the topic of Facebook‘s data problem came up. I’m sure you’ve heard something about it but what you’ve heard might not be accurate since many of the reports I’ve watched on TV are pretty off the mark. Since I’ve written a lot of not nice things

Facebook logo Español: Logotipo de Facebook Fr...

(Photo credit: Wikipedia)

about Facebook here on the screed, let me add my two cents here. I also want to taunt you, politely, by reminding you that not of this should be a surprise. I won’t retell the story of what’s been going on but you can read it here if you’re not familiar.

First, the inaccuracies. This wasn’t a data breach nor a data hack. It isn’t a bug – it’s a feature. The whole point of Facebook’s business is to collect a lot of data from and about its users and sell that data along with ads to marketers. They’re not alone in this. If you use Google, they pretty much know what Facebook knows and a lot more. Like Louis in Casablanca, you might profess to be shocked by this but you knew about it all along, didn’t you? After all, you agreed to let it happen when you clicked through the app install or joined the service some other way. You didn’t realize that using a Facebook or Google sign in on other sites meant they could track you? Hmm…

What’s inaccurate is that many reports say Facebook was collecting voice calls and texts from Android phones. First, it’s not the actual calls or texts, it’s the metadata – who you called or texted. Second, that was a feature of some versions of Android that allowed that to happen and Facebook just scarfed up was available and THEN, only because YOU said ok when you installed Messenger. Please don’t be mad at them for doing what they said they were going to do and don’t be shocked the data is in your file.

I downloaded my Facebook data, Other than seeing a few photos I don’t ever recall uploading to the service (which makes me wonder if they’re just grabbing stuff off my camera roll), I wasn’t surprised. No metadata from my phone because I never granted the permission for them to have it. No weird ad stuff because I go through my Facebook settings fairly regularly to clean out things I don’t want them to store. You should too. In fact, you should do that with ALL your digital stuff – check your Google activity, your ad profile, etc. Go through every app on your phone and check the permissions you’ve granted. Why would a game need access to your camera? Why does a barcode scanner need your location? You can probably revoke the permissions individually and if it breaks something in the app, turn it back on. Better safe than sorry. You want Facebook to know less? Delete the app and only use it from a desktop.

Now the “nyah nyah” part. I wrote a post in 2010 about Facebook and their privacy practices (or lack thereof). I wrote another one in 2012 about how Facebook might go the path of AOL or MySpace. I wrote then:

Like AOL long ago, there are some other underlying factors that might portend bad things.

  • Just 13 percent say they trust Facebook completely or a lot to keep their personal information private.

  • A large majority (59 percent) say they have little or no faith in the company to protect their privacy.

I think what’s happened over the last 10 days has me convinced that I was right then. Facebook are no angels but you shouldn’t be surprised at any of this. Unless and until each of us takes control over our privacy, which means understanding that data is currency and you wouldn’t just throw your currency around, this will happen over and over again. Make sense?

Leave a comment

Filed under Helpful Hints, Huh?

Watching You Watch

Welcome back, and I hope everyone had a restful and joyous holiday season.  I spent some of it watching TV and you probably did as well.  Of course, depending on what brand of TV you have or what apps you use, other people may have been watching you watch TV.  OK, maybe not exactly watching you, but they’re well aware of what you were watching as well as who you are.  The point today isn’t to make you more paranoid than you might already be.  It’s to  make you aware of where things are and are heading and to take a step back and ask you (and myself) if this is really where we ought to be taking our business activities. 

Let’ start with the TV.  If you own a number of brands of internet-connected TV (a smart TV), the TV is logging and reporting what you watch as well as your IP address.  That information can then have demography and purchasing information integrated from third-party databases because it isn’t hard to figure out who someone is from their IP address.  Once you connect your phone to that IP address (you do so when you attach to the home wi-fi), it’s possible to connect where you are as well as all of the other information a mobile device contains.  In other words, your purchase of, say, a Vizio TV makes you an extremely visible and valuable commodity: a consumer with known habits and an addressable means through which to access them.  I’m not hypothesizing.  If you own a Vizio and haven’t opted out, you’re being tracked.

It’s not just the TV’s themselves.  There is a lawsuit going on.  It was brought by Samba TV against its rival Alphonso. The two companies provide TV analytics and second-screen targeting capabilities.  What’s interesting to me is what it reveals about their methodologies, which involve targeting users on their mobile devices with relevant content based on their TV viewing.  How would they know what you’re watching?  One uses the set top box but the other uses the mic on your phone (who doesn’t have it with them these days) to listen to the TV.  That capability is in more than 5,000 apps, including some big ones.  You give the app permission to use your mic for some purpose (maybe to record a video) but once it has that permission, it can listen.

My question is this.  Do we really think consumers are aware of this?  If they’re not, aren’t we as an industry responsible for letting them know what’s going on?  After all, the two examples above are not part of the content value exchange we discuss sometimes (you give me your attention and I give you free content).  A consumer PAID for that TV and yet the manufacturer is continuing to monetize that customer without their knowledge.  The consumer might have an awareness that a free app is monetizing them but they presume it’s through advertising.  Do you think they know the app is listening to their TV watching and passing on a record of what’s being watched to a third party?

Here is the first of my 2016 predictions: this stuff will stop or some laws will be passed to make it stop.  Transparency of data gathering and usage will expand a lot as consumer backlash heats up.  What do you think?

Leave a comment

Filed under digital media, Huh?

A $24 Billion Secret

If you use any sort of connected device – a computer, a tablet, or a cell phone – you’re probably (hopefully, anyway) aware that someone is watching.  Maybe that’s a bit of an overstatement, but it’s accurate.  Everything you do, and everywhere you go if it’s a mobile device, is logged, along with some sort of device identifier.  It’s not hard to link a device with a person and that person with behaviors.  That’s really what the targeted advertising business is about.  

In that context, this article from Ad Age shouldn’t come as a real shock, but it’s always a little disconcerting to get a glimpse inside the factory where they make the sausage:

Under the radar, Verizon, Sprint, Telefonica and other carriers have partnered with firms including SAP, IBM, HP and AirSage to manage, package and sell various levels of data to marketers and other clients. It’s all part of a push by the world’s largest phone operators to counteract diminishing subscriber growth through new business ventures that tap into the data that showers from consumers’ mobile web surfing, text messaging and phone calls.

That’s why Verizon bought AOL and some ad tech companies, paying over $4.5 Billion for them.  Think that’s a wise investment?  Well, the global market for telco data as a service is potentially worth $24.1 billion this year, so it seems like it might be to me.  What’s less wise is that most consumers have no clue that all of this information about them – their surfing habits, their travel habits, potentially numbers they’re constantly texting, etc – are being packaged and sold without their consent.  Oh sure – when you sign the contract to use any of the carriers there is a lengthy terms of service agreement you probably clicked right through, and it contained language that said your data may be anonymized and aggregated and sold.  I’m not sure most people understand what that means in real terms.  Try getting phone service without agreeing.

Unlike most apps, which are opt-in, you really have no choice about this.  Are there benefits to the consumer?  Maybe.  In theory, you don’t see ads for things in which you have no interest, and you don’t get information about companies and services that aren’t in your area.   There is a huge downside, however, aside from the creepy factor.  Hackers can steal information that might allow them to know when your home is vacant on a daily basis, for example.  In fact, this sort of thing doesn’t go on in the E.U. countries because of the strict data protections those countries enforce.

The “tell” I see is that the phone companies don’t want to discuss this data business and the revenues they make from selling off our data.  If there wasn’t something nefarious going on, why isn’t it more out in the open?  Maybe if we all knew what was being gathered (300 cellphone events per day per subscriber by some counts), we’d be more curious?  Maybe we’d take steps, as some of us do with tracking blockers on the web, to maintain control of our own data?  What do you think?

Leave a comment

Filed under Huh?

Idiotic Injecting

No one that I know enjoys going to the doctor and getting an injection. Whether it’s as simple as a flu shot or something more complex such as a regimen of allergy shots, it’s not a particularly enjoyable experience. 

Today’s topic is an injection of another sort, but the experience isn’t enjoyable either. It turns out that AT&T has jumped on the “no free lunch” bandwagon with respect to offering wireless hotspots to its customers. A Stanford computer scientist and lawyer was travelling and discovered that the AT&T hotspot to which he had connected was serving ads over web pages he was accessing. When he went to Stanford’s home page, for instance (a page that has zero ads on it), he saw a pop-up ad for jewelry and AT&T itself, and the ads persisted for several seconds until he could close them.

He discovered that the ISP was tampering with HTTP traffic – that’s what serves web pages. It is using a service from a third party to inject the ads and to monetize the traffic. AT&T is far from the first “free” service to do this – Comcast and Marriott are just two others. But as the professor wrote:

AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service. And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements.

In other words, while you might have accepted that as your ISP the folks at AT&T will see and record everything that you’re doing, you might be concerned about an outside company doing so.  Moreover, as a publisher, your beautiful content environment is now sullied by ads from which you derive zero revenue.

If you’re on an AT&T hotspot, you’re already an AT&T customer.  I don’t believe you can log on if you’re not and you’re probably paying them handsomely each month (I know I am).  This sort of nickel and diming might help revenues (I wonder how much in the scheme of things) but it doesn’t help with customer satisfaction. That’s a point from which any business can learn.  Idiotic injection from my perspective.  Yours?

Leave a comment

Filed under digital media, Huh?

The Real DNT Question

The good folks at the Electronic Frontier Foundation released their own definition of “do not track” the other day.  You might wonder why there needs to be more than one definition of such an easy to understand concept.  After all, what could be more clear than “do not track?”  As it turns out, marketers and others seem to misunderstand the term, at least then they are wearing their business hats.  They’re also hiding behind those hats in order not to address the real issue.

Here is where the EFF is coming from:

We think using the Web—including viewing online advertisements—shouldn’t come at the cost of privacy.  Whether their business is analytics, advertising, or social networking, companies dealing with data must be persuaded to respect a universal opt-out from tracking and collecting personal data without consent.

Pretty clear, I think.  You can read the policy they’re promoting here.  DNT Means Do Not Collect…And Do Not Retain…Except Where Required…Necessary to Complete a Transaction… Or With the Clear Consent of the User.  That seems very clear and yet even though this discussion has been going on for years, there is still no effective implementation.  As MediaPost said:

One reason why do-not-track never gained broad support is that the ad industry and privacy advocates couldn’t agree on how the signals should be interpreted. Some privacy advocates argued that people who say they don’t want to be “tracked” don’t want any information about their Web-surfing history compiled. But ad industry representatives said they were willing to stop serving targeted ads to people who turned on do-not-track, but wanted to continue to be able to collect data for purposes like market research and product development.

In other words, we’ll tell you what you mean.  Opting-out is never as good in my mind as opting in.  While advertisers and publishers aren’t exactly holding people against their will in their ad universe, they are forcing users to ask to leave as opposed to inviting them in.  Opting out has been made hard on purpose.  But we’re avoiding the real issue.  We are very focused on finding a good and technologically persistent way to respect users’ privacy and to opt them out.  What we really ought to be focused on is how can we  keep users engaged and opted in while maintaining their trust in how we’re using their information.

How do you see it?

Leave a comment

Filed under Huh?, What's Going On

An Extra Serving Of Data

I hope everyone had a lovely Thanksgiving. While you were cooking or trying to fight the traffic and weather to get to Aunt Sally’s, Twitter was busy deciding to help themselves to your data. I kid you not. This was how they put it:

twitter fail image

(Photo credit: Wikipedia)

To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in. If you’re not interested in a tailored experience you can adjust your preferences at any time (read below). Additionally, if you have previously opted out of interest-based ads by turning on “Limit Ad Tracking” on your iOS device or by adjusting your Android device settings to “Opt out of interest-based ads,” we will not collect your apps unless you adjust your device settings.

Generally, Twitter has been pretty good about explaining how they invade your privacy.  When you think about it you probably realize that Twitter analyzes your tweets, retweets, location, and the people you follow to figure out which “Promoted Tweets” (a.k.a. ads) to show you.  Hopefully you know that all those little “tweet this” buttons around the web gather information about you as well.  OK, maybe it’s not exactly personally identifiable information, but I think we all know it’s not critically important for ad targeting to have your name.  Knowing that you are you (a unique identifier) across devices and services means someone knows a hell of a lot more about you than you might want them to know.  Adding one more bit of data – your name – is not difficult.

For example.  Do you want Twitter knowing you installed a dating app?  Do you want them serving ads on your timeline based on the dating app?  How about ads on your phone or computer outside of the Twitter environment?  It’s coming.  Just as Facebook, which gathers the same data (oh, you didn’t know?) is getting to the same place.

To Twitter’s credit, the page I linked above explains how to opt out of this data theft.  But why not make it opt-in?  I realize that a personalized web and mobile ad experience can be better for some folks and delivers much better results for the marketer, but someone needs to take a step back before they help themselves to another serving of my personal data.  It makes me sad and uncomfortable that we’re still having this discussion.  You?

Leave a comment

Filed under digital media, Huh?