Some of Facebook’s Libra Members Look to Distance Themselves from Project

Some of Facebook’s Libra Members Look to Distance Themselves from Project

U.S. lawmakers have been skeptical about Facebook and the libra coin

and some of the Libra Association look to distance themselves from the project.Ever since its announcement in mid-June 2019, the libra coin has been dealing with pressure from the public and U.S. regulators. Facebook, the social media giant, has been prone to hacking risks that have led to the breach of information security.U.S. lawmakers have been skeptical about Facebook and the libra coin. Today, it seems like the pressure is no longer bearable, and some of the libra association members are opting out.

The Center of the problem

It all started in July 2nd when MaineWaters, a U.S. congress woman wrote to Libra Association requiring the team to cease any development on Libra coin. According to the letter, the Libra Association was supposed to pause any development until the financial service committee, and other associate subcommittees discuss the possible risks of libra coin on the global financial system. According to the reports reaching us, the libra association is under tension as some of its key members are opting out. A report released by the financial times on August 23rd, 2019 indicates that three firms, which were crucial shareholders, have resolved to back out due to pressure from regulators and the potential threat to the economy.

The Libra Association is comprised of 28 members, including Facebook and telecommunication giants such as visa and master card.  Each of the members was supposed to invest an amount not less than $ 10 million. Suddenly, the association is falling apart, two of the members backing out attributed it to regulatory pressure while the third linked the fall out to the public support of the project which could draw unnecessary attention of the overseers. “It’s going to be difficult for partners who want to comply with regulators policies to be out there declaring their support for the proposed digital coin,” said one of the members.

The fall out has not gone well with Facebook, and one of the members backing libra was quoted saying that, “Facebook is tired of being the only people putting their neck out.” Most cryptocurrency exchanges like Binance exchange have been experiencing challenges. We all remember of the recent cyber attack on Binance exchange that cost the company approximately 7,000 Bitcoins in a single transaction. The credibility and reliability of both the developers and exchange platforms are current issues affecting blockchain. These might be some of the reasons why the regulators are so keen on scrutinizing the system to determine its reliability to avoid some of the occurrences that have had paining cost on investors.

Just two days ago, reports circulating online indicated that the European Commission, which is the E.U.’s executive body was in a move to launch investigations on Libra coin. The reports we have received indicate that the libra project is being investigated of possible anti-competitive behavior. Moreover, six members of the Financial Service Committee in the American House of Representatives went to Switzerland to discuss cryptocurrency projects. It is evident that Libra has been peck in the eyes of the regulators; this could be attributed to the poor handling of data storage and misuse of consumer information by the social media giant. So, how is the public expected to trust such a company with questionable ethics?

Final take

Regulatory summons has not prevented the backing members from pursuing their interests. While the sauce is too hot for some members, some potential investors are willing to chow it hot. A cryptocurrency exchange based in Taiwan has expressed its interest to join libra with the hope of dominating the Asian-pacific region. Some crypto experts have indicated that libra has the potential of dominating the crypto market if the inherent issues are addressed on time. Others have it that the only threat facing libra is privacy issues associated with Facebook and digital identity. The cryptocurrency market is quite young, and new issues are emerging every day. Let’s wait and see how these issues will be managed to stabilize the dwindling cryptocurrency boat.

Article Produced By
Tanvir Zafar

Tanvir Zafar is a Cryptocurrency enthusiast by day, stand-up comedian by night. Having 4 years of experience in writing about Cryptocurrency, Big Data and Blockchain+AI related content. You can also find him featured on investing.com, e27.co, hackernoon.com and many other big Crypto publications

https://www.coinspeaker.com/libra-members-distance-from-project/

David https://markethive.com/david-ogden

Japan’s leading online brokerage applies to join Facebook’s Libra Association

Japan’s leading online brokerage applies to join Facebook’s Libra Association

                                 

At the FYE March 2020 Q1 results briefing held on July 26, Oki Matsumoto,

CEO of Monex Group, Japan’s leading online brokerage, which owns Coincheck, Japan’s largest cryptocurrency exchange, announced that it had applied to join the Libra Association, an association set up for the cryptocurrency Libra, to be issued by Facebook.

Monex Group has become the first Japanese company to do so. Strict conditions are set to join the Libra Association, including a market size of USD1 billion (approximately JPY110 billion) or more or a customer cash flow of USD500 million (approximately JPY55 billion) or more. A decision on the feasibility of joining the Libra Association is expected to be made by the end of September following the initial review, which will be completed by the end of August. In Monex Group’s financial results, the Crypto Asset Segment entered the black in line with the surge of Bitcoin.

The Company announced: “Cost reductions are being promoted while strengthening internal controls and cyber security. Coincheck has become profitable for the first time since joining our group, driven by rapid account growth, the offering of a new cryptocurrency, and favorable market activity throughout the quarter. Segment profit is JPY0.14 billion (approximately USD1.29 million).” It also reported that there have been some positive developments. Monex’s subsidiary Coincheck fully resumed services in FYE March 2020 Q1 (April-June), after they had been suspended due to a massive theft of cryptocurrencies last year. In addition, the price of Monacoin increased temporarily after the listing of Monacoin, Japan’s homegrown cryptocurrency, in June this year.

Article Produced By
Fisco

https://bitcoinwarrior.net/2019/08/japans-leading-online-brokerage-applies-to-join-facebooks-libra-association/

David https://markethive.com/david-ogden

Libra Accused of Stealing Structural Design from Another Coin

Libra Accused of Stealing Structural Design from Another Coin

                              

A Fellow at MIT claims that Facebook’s Libra currency is based on his ideas.

 Did Libra Take Its Structure from Another Coin?

The Royal Society’s Open Science publication released a whitepaper in 2018. It was written by several members of MIT, one of which was Fellow Alex Lipton. In the paper, Lipton describes an “asset-backed, supra-national digital token.” This correlates with the goals and ideals of Libra, which will allegedly be backed by several forms of fiat and “short-term debt.” The cryptocurrency discussed in the whitepaper, known as Trade Coin, is also designed for streamlining cross-border and domestic payments, and providing financial means for underbanked populations. Lipton says these ideas were taken directly from his paper, explaining:

 Without being particularly obnoxious, I can tell you that the actual structure of Libra is pretty much lifted verbatim from the paper which Sandy Pentland and Thomas Hardjono and I published last year… The Libra people cannot really say that they have not read that, or if they have not read that, they probably shouldn’t be doing what they are doing in the first place.

Libra has been hit with mountains of controversy since it first arrived. Members of the American Congress, for example, have commented that there are too many unanswered questions as of late regarding the project’s main goals, and that Facebook is not to be trusted with people’s financial information following the Cambridge Analytica scandal. They have ultimately asked David Marcus – the head of Facebook’s blockchain division – and his team to hold off on developing Libra further until they can be assured that the cryptocurrency is safe. Marcus has said he will comply with the request.

This is also not the first time Libra has been accused of ripping off another person’s work. The cryptocurrency project is alleged to have taken its logo from Current, a banking firm in northern California that says the company ultimately stole its logo by using the same San Francisco-based design firm. Current’s logo involves a blue, purple and pink-tinted circle surrounding three wavy, purple lines. Libra has virtually the same logo with different coloring.

This Is Becoming a Pattern…

And, of course, there’s the original case involving Facebook itself, which was purportedly conceived originally by the Winklevoss Twins, the founders of New York’s Gemini Exchange. Both Cameron and Tyler Winklevoss allege they originally came up with the concept for Facebook back when they were students at Harvard. Fellow classmate Mark Zuckerberg – who later became the head executive for Facebook – was simply hired to perform coding duties for the platform, as detailed in the Oscar-winning film “The Social Network.” However, Zuckerberg ultimately brought the platform to existence through his own vision and efforts, leaving the Winklevoss Twins out of its development. This emerged in a massive lawsuit that the Twins and Zuckerberg settled out of court.

 

David https://markethive.com/david-ogden

Is Europe closing in on an antitrust fix for surveillance technologists?

Is Europe closing in on an antitrust fix for surveillance technologists?

               11303034873_8c5ee2b8c5_o

The German Federal Cartel Office’s decision to order Facebook

to change how it processes users’ personal data this week is a sign the antitrust tide could at last be turning against platform power. One European Commission source we spoke to, who was commenting in a personal capacity, described it as “clearly pioneering” and “a big deal”, even without Facebook being fined a dime.

The FCO’s decision instead bans the social network from linking user data across different platforms it owns, unless it gains people’s consent (nor can it make use of its services contingent on such consent). Facebook is also prohibited from gathering and linking data on users from third party websites, such as via its tracking pixels and social plugins. The order is not yet in force, and Facebook is appealing, but should it come into force the social network faces being de facto shrunk by having its platforms siloed at the data level.

To comply with the order Facebook would have to ask users to freely consent to being data-mined — which the company does not do at present. Yes, Facebook could still manipulate the outcome it wants from users but doing so would open it to further challenge under EU data protection law, as its current approach to consent is already being challenged. The EU’s updated privacy framework, GDPR, requires consent to be specific, informed and freely given. That standard supports challenges to Facebook’s (still fixed) entry ‘price’ to its social services. To play you still have to agree to hand over your personal data so it can sell your attention to advertisers. But legal experts contend that’s neither privacy by design nor default.

The only ‘alternative’ Facebook offers is to tell users they can delete their account. Not that doing so would stop the company from tracking you around the rest of the mainstream web anyway. Facebook’s tracking infrastructure is also embedded across the wider Internet so it profiles non-users too. EU data protection regulators are still investigating a very large number of consent-related GDPR complaints.

But the German FCO, which said it liaised with privacy authorities during its investigation of Facebook’s data-gathering, has dubbed this type of behavior “exploitative abuse”, having also deemed the social service to hold a monopoly position in the German market. So there are now two lines of legal attack — antitrust and privacy law — threatening Facebook (and indeed other adtech companies’) surveillance-based business model across Europe. A year ago the German antitrust authority also announced a probe of the online advertising sector, responding to concerns about a lack of transparency in the market. Its work here is by no means done.

Data limits

The lack of a big flashy fine attached to the German FCO’s order against Facebook makes this week’s story less of a major headline than recent European Commission antitrust fines handed to Google — such as the record-breaking $5BN penalty issued last summer for anticompetitive behaviour linked to the Android mobile platform. But the decision is arguably just as, if not more, significant, because of the structural remedies being ordered upon Facebook. These remedies have been likened to an internal break-up of the company — with enforced internal separation of its multiple platform products at the data level.

This of course runs counter to (ad) platform giants’ preferred trajectory, which has long been to tear modesty walls down; pool user data from multiple internal (and indeed external sources), in defiance of the notion of informed consent; and mine all that personal (and sensitive) stuff to build identity-linked profiles to train algorithms that predict (and, some contend, manipulate) individual behavior. Because if you can predict what a person is going to do you can choose which advert to serve to increase the chance they’ll click. (Or as Mark Zuckerberg puts it: ‘Senator, we run ads.’)

This means that a regulatory intervention that interferes with an ad tech giant’s ability to pool and process personal data starts to look really interesting. Because a Facebook that can’t join data dots across its sprawling social empire — or indeed across the mainstream web — wouldn’t be such a massive giant in terms of data insights. And nor, therefore, surveillance oversight. Each of its platforms would be forced to be a more discrete (and, well, discreet) kind of business. Competing against data-siloed platforms with a common owner — instead of a single interlinked mega-surveillance-network — also starts to sound almost possible. It suggests a playing field that’s reset, if not entirely levelled.

(Whereas, in the case of Android, the European Commission did not order any specific remedies — allowing Google to come up with ‘fixes’ itself; and so to shape the most self-serving ‘fix’ it can think of.) Meanwhile, just look at where Facebook is now aiming to get to: A technical unification of the backend of its different social products. Such a merger would collapse even more walls and fully enmesh platforms that started life as entirely separate products before were folded into Facebook’s empire (also, let’s not forget, via surveillance-informed acquisitions).

Facebook’s plan to unify its products on a single backend platform looks very much like an attempt to throw up technical barriers to antitrust hammers. It’s at least harder to imagine breaking up a company if its multiple, separate products are merged onto one unified backend which functions to cross and combine data streams. Set against Facebook’s sudden desire to technically unify its full-flush of dominant social networks (Facebook Messenger; Instagram; WhatsApp) is a rising drum-beat of calls for competition-based scrutiny of tech giants. This has been building for years, as the market power — and even democracy-denting potential — of surveillance capitalism’s data giants has telescoped into view.

Calls to break up tech giants no longer carry a suggestive punch. Regulators are routinely asked whether it’s time. As the European Commission’s competition chief, Margrethe Vestager, was when she handed down Google’s latest massive antitrust fine last summer. Her response then was that she wasn’t sure breaking Google up is the right answer — preferring to try remedies that might allow competitors to have a go, while also emphasizing the importance of legislating to ensure “transparency and fairness in the business to platform relationship”.

But it’s interesting that the idea of breaking up tech giants now plays so well as political theatre, suggesting that wildly successful consumer technology companies — which have long dined out on shiny convenience-based marketing claims, made ever so saccharine sweet via the lure of ‘free’ services — have lost a big chunk of their populist pull, dogged as they have been by so many scandals.

From terrorist content and hate speech, to election interference, child exploitation, bullying, abuse. There’s also the matter of how they arrange their tax affairs. The public perception of tech giants has matured as the ‘costs’ of their ‘free’ services have scaled into view. The upstarts have also become the establishment. People see not a new generation of ‘cuddly capitalists’ but another bunch of multinationals; highly polished but remote money-making machines that take rather more than they give back to the societies they feed off.

Google’s trick of naming each Android iteration after a different sweet treat makes for an interesting parallel to the (also now shifting) public perceptions around sugar, following closer attention to health concerns. What does its sickly sweetness mask? And after the sugar tax, we now have politicians calling for a social media levy.

Just this week the deputy leader of the main opposition party in the UK called for setting up a standalone Internet regulatory with the power to break up tech monopolies. Talking about breaking up well-oiled, wealth-concentration machines is being seen as a populist vote winner. And companies that political leaders used to flatter and seek out for PR opportunities find themselves treated as political punchbags; Called to attend awkward grilling by hard-grafting committees, or taken to vicious task verbally at the highest profile public podia. (Though some non-democratic heads of state are still keen to press tech giant flesh.)

In Europe, Facebook’s repeat snubs of the UK parliament’s requests last year for Zuckerberg to face policymakers’ questions certainly did not go unnoticed. Zuckerberg’s empty chair at the DCMS committee has become both a symbol of the company’s failure to accept wider societal responsibility for its products, and an indication of market failure; the CEO so powerful he doesn’t feel answerable to anyone; neither his most vulnerable users nor their elected representatives. Hence UK politicians on both sides of the aisle making political capital by talking about cutting tech giants down to size. The political fallout from the Cambridge Analytica scandal looks far from done.

Quite how a UK regulator could successfully swing a regulatory hammer to break up a global Internet giant such as Facebook which is headquartered in the U.S. is another matter. But policymakers have already crossed the rubicon of public opinion and are relishing talking up having a go. That represents a sea-change vs the neoliberal consensus that allowed competition regulators to sit on their hands for more than a decade as technology upstarts quietly hoovered up people’s data and bagged rivals, and basically went about transforming themselves from highly scalable startups into market-distorting giants with Internet-scale data-nets to snag users and buy or block competing ideas.

The political spirit looks willing to go there, and now the mechanism for breaking platforms’ distorting hold on markets may also be shaping up. The traditional antitrust remedy of breaking a company along its business lines still looks unwieldy when faced with the blistering pace of digital technology. The problem is delivering such a fix fast enough that the business hasn’t already reconfigured to route around the reset. Commission antitrust decisions on the tech beat have stepped up impressively in pace on Vestager’s watch. Yet it still feels like watching paper pushers wading through treacle to try and catch a sprinter. (And Europe hasn’t gone so far as trying to impose a platform break up.)  But the German FCO decision against Facebook hints at an alternative way forward for regulating the dominance of digital monopolies: Structural remedies that focus on controlling access to data which can be relatively swiftly configured and applied.

Vestager, whose term as EC competition chief may be coming to its end this year (even if other Commission roles remain in potential and tantalizing contention), has championed this idea herself. In an interview on BBC Radio 4’s Today program in December she poured cold water on the stock question about breaking tech giants up — saying instead the Commission could look at how larger firms got access to data and resources as a means of limiting their power. Which is exactly what the German FCO has done in its order to Facebook. 

At the same time, Europe’s updated data protection framework has gained the most attention for the size of the financial penalties that can be issued for major compliance breaches. But the regulation also gives data watchdogs the power to limit or ban processing. And that power could similarly be used to reshape a rights-eroding business model or snuff out such business entirely. The merging of privacy and antitrust concerns is really just a reflection of the complexity of the challenge regulators now face trying to rein in digital monopolies. But they’re tooling up to meet that challenge.

Speaking in an interview with TechCrunch last fall, Europe’s data protection supervisor, Giovanni Buttarelli, told us the bloc’s privacy regulators are moving towards more joint working with antitrust agencies to respond to platform power. “Europe would like to speak with one voice, not only within data protection but by approaching this issue of digital dividend, monopolies in a better way — not per sectors,” he said. “But first joint enforcement and better co-operation is key.” The German FCO’s decision represents tangible evidence of the kind of regulatory co-operation that could — finally — crack down on tech giants.

Blogging in support of the decision this week, Buttarelli asserted: “It is not necessary for competition authorities to enforce other areas of law; rather they need simply to identity where the most powerful undertakings are setting a bad example and damaging the interests of consumers.  Data protection authorities are able to assist in this assessment.” He also had a prediction of his own for surveillance technologists, warning: “This case is the tip of the iceberg — all companies in the digital information ecosystem that rely on tracking, profiling and targeting should be on notice.” So perhaps, at long last, the regulators have figured out how to move fast and break things.

Article Produced By
Natasha Lomas


Writer

Natasha is a senior reporter for TechCrunch, joining September 2012, based in Europe. She joined TC after a stint reviewing smartphones for CNET UK and, prior to that, more than five years covering business technology for silicon.com (now folded into TechRepublic), where she focused on mobile and wireless, telecoms & networking, and IT skills issues. She has also freelanced for organisations including The Guardian and the BBC. Natasha holds a First Class degree in English from Cambridge University, and an MA in journalism from Goldsmiths College, University of London.

https://techcrunch.com/2019/02/09/is-europe-closing-in-on-an-antitrust-fix-for-surveillance-technologists/

 

David https://markethive.com/david-ogden

Facebook is still trying to figure out what teens are interested in

Facebook is still trying to figure out what teens are interested in

Facebook is restructuring its “youth team,” shutting down its new teen meme app LOL, and doubling down on Messenger Kids.

        

Facebook is still trying to figure out what kind of apps

young people want to use. Meme apps? Not so much. Messaging apps for elementary school kids? Yes, apparently so. At least, that’s what we’ve deduced from Facebook’s decision to restructure its “youth team,” the organization of more than 100 employees specifically tasked with building products and features for young people.

The team was alerted late last week that multiple projects — including a meme app called LOL aimed at high school kids — will be shuttered, and many members of Facebook’s youth team will instead start working on Messenger Kids, according to two sources. Messenger Kids is Facebook’s year-old messaging app for children who are under 13 and therefore too young to sign up for Facebook’s regular service. LOL never got much traction. Facebook described it a few weeks back as a “small scale test,” and TechCrunch reported that it only had around 100 beta users. Also going away: An early version of a high school communities feature that would let teens find and connect with classmates, a nod to Facebook’s earliest days when it was a directory for colleges and universities.

The company’s “youth team,” though, is not going away, according to a Facebook spokesperson. The plan is to cut down on a number of smaller projects that the group is testing and instead focus on stuff that Facebook believes is more successful. Messenger Kids, despite all kinds of privacy concerns from outside organizations, appears to fall into that category. “The youth team has restructured in order to match top business priorities, including increasing our investment in Messenger Kids,” a Facebook spokesperson confirmed in a statement sent to Recode.

It’s always interesting to understand how Facebook is targeting teens — a valuable demographic with advertisers and a group generally lauded for identifying “the next big thing.” (Facebook, you’ll remember, started with college students. So did Snapchat.) Many believe that Facebook has lost touch with teens — data shows that teenage users are leaving Facebook for other services — which is why the company has more than 100 employees focused on building products exclusively for that demographic.

Facebook even made headlines last week for paying some users, including teenagers, as much as $20 per month to use an app that collected data on how they used their smartphone. Facebook called it “market research.” That data collection actually violated an agreement Facebook had with Apple and led to a chaotic day at Facebook’s Menlo Park headquarters after Apple blocked the special Facebook apps that are used by internal employees. The apps were restored less than 48 hours later. A Facebook spokesperson says the youth team restructuring is “unrelated” to the company’s “market research” project. Asked if the research app was a youth team project, the same spokesperson said, “No.”

Facebook’s youth team was created back in early 2016 and has seen a number of projects come and go since then. A Snapchat-style competitor called LifeStage, which was limited to teens, was a youth team project until it was pulled from the App Store in August 2017. Last July, Facebook also shut down TBH, another app for teens that let users anonymously answer questions about themselves and their friends. Facebook will continue to build other teen-focused products besides Messenger Kids, though it hasn’t yet shared those plans publicly. Other than Instagram, which it acquired, and Stories, which it copied from Snapchat, Facebook hasn’t had a breakout hit with teens since, well, Facebook.

Article Produced By
Kurt Wagner
Senior Editor, Social Media

Kurt Wagner has been a business and tech journalist since 2012 and was previously reporting for Mashable. He also covered general tech and Silicon Valley news in his first job as a tech reporter with Fortune magazine, based in San Francisco.
Originally from the Seattle area, Kurt graduated from Santa Clara University with a B.S. in communication and political science. He served as Editor-in-Chief of The Santa Clara, the university newspaper, for two years.

https://www.recode.net/2019/2/7/18215832/facebook-shutting-down-lol-restructure-messenger-kids

David https://markethive.com/david-ogden

Apple is punishing Facebook big-time for breaking its rules

Apple is punishing Facebook big-time for breaking its rules

Apple moved fast and broke Facebook.

               

Facebook is in crisis.

Stop us if you’ve heard that one before. That’s been the general state of the company for almost two years now, ever since it became clear that so-called fake news and Russian election meddling on the social network may have influenced the result of the 2016 presidential election. In that time, Facebook has dealt with unflattering press, security breaches, congressional testimonies, and government investigations. Each week seems to add a new chapter to the madness. This week was no different, but it also brought on a new enemy: Apple. And Apple, it turns out, may be as dangerous as anything else Facebook is up against right now.

The quick backstory: Facebook is part of one of Apple’s special enterprise developer programs that allows companies to publish apps specifically for their own employees; these apps don’t go through the public App Store. Facebook uses that program to share beta versions of its own apps with employees so it can test new features or new code. It also uses the program to create apps for in-house purposes, like Facebook’s shuttle bus schedules or lunch menus.

On Tuesday, TechCrunch reported that Facebook has been abusing its role in Apple’s enterprise program by using it to distribute an app to non-employees. The app, which Facebook says was for “market research,” was used to gather personal data about the phone habits of the users who downloaded it. (Facebook paid these people to download the app, TechCrunch says.) An app like that would have violated Apple’s App Store guidelines, but Apple doesn’t review apps that are part of the developer program. It looks as though Facebook took advantage of the program to distribute the app without Apple’s knowledge.

Apple was upset. On Wednesday, the company announced that it was forcing Facebook to stop distributing the research app, calling it a “clear breach of their agreement with Apple.” But that wasn’t all: Apple also appears to have stopped Facebook from distributing all apps associated with its enterprise developer program, according to a source. This means the special versions of Facebook, Instagram, Messenger, and WhatsApp that Facebook employees use aren’t working on iPhones. It also means that other internal Facebook apps aren’t working in iOS, including Facebook’s Slack competitor, Workplace.

Essentially, Apple forced Facebook employees to download the public version of all of these apps, given that most of the company’s employees use iPhones. A Facebook spokesperson confirmed that its internal apps have been impacted by Apple’s decision to revoke its publishing abilities and that it is working with Apple to resolve the issue. It’s hard to overstate how big an issue this could be for Facebook. Not only does it completely disrupt all kinds of productivity, but if Facebook’s product teams can’t ship internal beta versions of its apps, it could seriously hinder Facebook’s product development. Don’t forget: This is a company that spent its first decade preaching the mantra, “Move fast, break things.”

Apple has shown that it isn’t just capable of stopping Facebook from moving fast — it might be capable of stopping Facebook altogether, at least temporarily. It’s unclear how long Apple will restrict Facebook from pushing updates, but it’s not the kind of enemy Facebook needs right now. The two companies have developed a bit of a rivalry. Apple CEO Tim Cook said last year that Facebook’s privacy issues could have been solved with “self-regulation,” but Facebook missed its chance. When asked what he would do in Facebook’s shoes, Cook replied pointedly, “I wouldn’t be in this situation.”

Facebook CEO Mark Zuckerberg later called the criticism “extremely glib.”

Facebook seems to have picked up in 2019 right where it left off in 2018. This Apple drama comes less than two weeks after a report in the Washington Post said that the Federal Trade Commission, which is investigating Facebook, is considering slapping Facebook with a “record-setting” fine for privacy violations.

Article Produced By
Kurt Wagner
Senior Editor, Social Media

Kurt Wagner has been a business and tech journalist since 2012 and was previously reporting for Mashable. He also covered general tech and Silicon Valley news in his first job as a tech reporter with Fortune magazine, based in San Francisco.
Originally from the Seattle area, Kurt graduated from Santa Clara University with a B.S. in communication and political science. He served as Editor-in-Chief of The Santa Clara, the university newspaper, for two years.

https://www.recode.net/2019/1/30/18204001/facebook-apple-punishment-internal-apps-not-working

David https://markethive.com/david-ogden

Everything you need to know about Facebook, Google’s app scandal

Everything you need to know about Facebook, Google’s app scandal

              

Facebook and Google landed in hot water with Apple this week

after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a day of downtime at the two tech giants. Confused about what happened? Here’s everything you need to know.

How did all this start, and what happened?

On Monday, we revealed that Facebook was misusing an Apple-issued enterprise certificate that is only meant for companies to use to distribute internal, employee-only apps without having to go through the Apple App Store. But the social media giant used that certificate to sign an app that Facebook distributed outside the company, violating Apple’s rules. The app, known simply as “Research,” allowed Facebook unparalleled access to all of the data flowing out of a device. This included access to some of the users’ most sensitive network data. Facebook paid users — including teenagers — $20 per month to install the app. But it wasn’t clear exactly what kind of data was being vacuumed up, or for what reason.

It turns out that the app was a repackaged app that was effectively banned from Apple’s App Store last year for collecting too much data on users. Apple was angry that Facebook was misusing its special-issue enterprise certificates to push an app it already banned, and revoked it — rendering the app unable to open. But Facebook was using that same certificate to sign its other employee-only apps, effectively knocking them offline until Apple re-issued the certificate. Then, it turned out Google was doing almost exactly the same thing with its Screenwise app, and Apple’s ban-hammer fell again.

What’s the controversy over these enterprise certificates and what can they do?

If you want to develop Apple apps, you have to abide by its rules — and Apple expressly makes companies agree to its terms. A key rule is that Apple doesn’t allow app developers to bypass the App Store, where every app is vetted to ensure it’s as secure as it can be. It does, however, grant exceptions for enterprise developers, such as to companies that want to build apps that are only used internally by employees. Facebook and Google in this case signed up to be enterprise developers and agreed to Apple’s developer terms. Each Apple-issued certificate grants companies permission to distribute apps they develop internally — including pre-release versions of the apps they make, for testing purposes. But these certificates aren’t allowed to be used for ordinary consumers, as they have to download apps through the App Store.

What’s a “root” certificate, and why is its access a big deal?

Because Facebook’s Research and Google’s Screenwise apps were distributed outside of Apple’s App Store, it required users to manually install the app — known as sideloading. That requires users to go through a convoluted few steps of downloading the app itself, and opening and trusting either Facebook or Google’s enterprise developer code-signing certificate, which is what allows the app to run. Both companies required users after the app installed to agree to an additional configuration step — known as a VPN configuration profile — allowing all of the data flowing out of that user’s phone to funnel down a special tunnel that directs it all to either Facebook or Google, depending on which app you installed.

This is where the Facebook and Google cases differ.

Google’s app collected data and sent it off to Google for research purposes, but couldn’t access encrypted data — such as the content of any network traffic protected by HTTPS, as most apps in the App Store and internet websites are. Facebook, however, went far further. Its users were asked to go through an additional step to trust an additional type of certificate at the “root” level of the phone.

Trusting this Facebook Research root certificate authority allowed the social media giant to look at all of the encrypted traffic flowing out of the device — essentially what we call a “man-in-the-middle” attack. That allowed Facebook to sift through your messages, your emails and any other bit of data that leaves your phone. Only apps that use certificate pinning — which reject any certificate that isn’t its own — were protected, such as iMessage, Signal and additionally any other end-to-end encrypted solutions.Facebook’s Research app requires Root Certificate access, which Facebook gather almost any piece of data transmitted by youone.Google’s app might not have been able to look at encrypted traffic, but the company still flouted the rules — and had its separate enterprise developer code-signing certificate revoked anyway.

What data did Facebook have access to on iOS?

It’s hard to know for sure, but it definitely had access to more data than Google. Facebook said its app was to help it “understand how people use their mobile devices.” In reality, at root traffic level, Facebook could have accessed any kind of data that left your phone.

Will Strafach, a security expert with whom we spoke for our story, said: “If Facebook makes full use of the level of access they are given by asking users to install the certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” Remember: this isn’t “root” access to your phone, like jailbreaking, but root access to the network traffic.

How does this compare to the technical ways other market research programs work?

In fairness, these aren’t market research apps unique to Facebook or Google. Several other companies, like Nielsen and comScore, run similar programs, but neither ask users to install a VPN or provide root access to the network. In any case, Facebook already has a lot of your data — as does Google. Even if the companies only wanted to look at your data in aggregate with other people, it can still hone in on who you talk to, when, for how long and, in some cases, what about. It might not have been such an explosive scandal had Facebook not spent the last year cleaning up after several security and privacy breaches.

Can they capture the data of people the phone owner interacts with?

In both cases, yes. In Google’s case, any unencrypted data that involves another person’s data could have been collected. In Facebook’s case, it goes far further — any data of yours that interacts with another person, such as an email or a message, could have been collected by Facebook’s app.

How many people did this affect?

It’s hard to know for sure. Neither Google nor Facebook have said how many users they have. Between them, it’s believed to be in the thousands. As for the employees affected by the app outages, Facebook has more than 35,000 employees and Google has more than 94,000 employees.

Why did internal apps at Facebook and Google break after Apple revoked the certificates?

You might own your Apple device, but Apple still gets to control what goes on it. Apple can’t control Facebook’s root certificates, but it can control the enterprise certificates it issues. After Facebook was caught out, Apple said: “Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

That meant any app that relied on Facebook’s enterprise certificate — including inside the company — would fail to load. That’s not just pre-release builds of Facebook, Instagram and WhatsApp that staff were working on, but reportedly the company’s travel and collaboration apps were down. In Google’s case, even its catering and lunch menu apps were down. Facebook’s internal apps were down for about a day, while Google’s internal apps were down for a few hours. None of Facebook or Google’s consumer services were affected, however.

How are people viewing Apple in all this?

Nobody seems thrilled with Facebook or Google at the moment, but not many are happy with Apple, either. Even though Apple sells hardware and doesn’t use your data to profile you or serve you ads — like Facebook and Google do — some are uncomfortable with how much power Apple has over the customers — and enterprises — that use its devices. In revoking Facebook and Google’s enterprise certificates and causing downtime, it has a knock-on effect internally.

Is this legal in the U.S.? What about in Europe with GDPR?

Well, it’s not illegal — at least in the U.S. Facebook says it gained consent from its users. The company even said its teenage users must obtain parental consent, even though it was easily skippable and no verification checks were made. It wasn’t even explicitly clear that the children who “consented” really understood how much privacy they were really handing over.

That could lead to major regulatory headaches down the line. “If it turns out that European teens have been participating in the research effort Facebook could face another barrage of complaints under the bloc’s General Data Protection Regulation (GDPR) — and the prospect of substantial fines if any local agencies determine it failed to live up to consent and ‘privacy by design’ requirements baked into the bloc’s privacy regime,” wrote TechCrunch’s Natasha Lomas.

Who else has been misusing certificates?

Don’t think that Facebook and Google are alone in this. It turns out that a lot of companies might be flouting the rules, too.According to many finding companies on social media, Sonos uses enterprise certificates for its beta program, as does finance app Binance, as well as DoorDash for its fleet of contractors. It’s not known if Apple will also revoke their enterprise certificates.

What next?

It’s anybody’s guess, but don’t expect this situation to die down any time soon. Facebook may face repercussions with Europe, as well as at home. Two U.S. senators, Mark Warner and Richard Blumenthal, have already called for action, accusing Facebook of “wiretapping teens.” The Federal Trade Commission may also investigate, if Blumenthal gets his way.

Article Produced By
Zack Whittaker


Security editor

Zack Whittaker is the security editor at TechCrunch.

https://techcrunch.com/2019/02/01/facebook-google-scandal/

David https://markethive.com/david-ogden

Facebook pays teens to install VPN that spies on them

Facebook pays teens to install VPN that spies on them

             

Desperate for data on its competitors,

Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

Seven hours after this story was published, Facebook told TechCrunch it would shut down the iOS version of its Research app in the wake of our report. But on Wednesday morning, an Apple spokesperson confirmed that Facebook violated its policies, and it had blocked Facebook’s Research app on Tuesday before the social network seemingly pulled it voluntarily (without mentioning it was forced to do so). You can read our full report on the development here. An Apple spokesperson provided this statement. “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

Facebook’s Research app requires users to ‘Trust’ it with extensive access to their dataWe asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple may have asked Facebook to discontinue distributing its Research app.

A more stringent punishment would be to revoke Facebook’s permission to offer employee-only apps. The situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point. “The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”

Facebook’s surveillance app

Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.

Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.

The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported. But that didn’t stop Facebook’s data collection.

Project Atlas

TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Previously, a similar program was called Project Kodiak. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.

Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”

Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.

Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to the data their phone transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule. Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.

TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate first acquired in 2016 indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”

“Flagrant defiance of Apple’s rules”

In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”

Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access to the network. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.

However, Facebook’s claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.

Seven hours after this report was first published, Facebook updated its position and told TechCrunch that it would shut down the iOS Research app. Facebook noted that the Research app was started in 2016 and was therefore not a replacement for Onavo Protect. However, they do share similar code and could be seen as twins running in parallel. A Facebook spokesperson also provided this additional statement:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

Facebook disobeying Apple so directly and then pulling the app could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”

Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence now that it’s ceased to run the Research program on iOS.

Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.” Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook was still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. Now that Facebook has ceased the program on iOS and its Android future is uncertain, it may either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.

Article Produced By
Josh Constine

Editor-At-Large

Josh Constine is a technology journalist who specializes in deep analysis of social products. He is currently an Editor-At-Large for TechCrunch and is available for speaking engagements. Previously, Constine was the Lead Writer of Inside Facebook through its acquisition by WebMediaBrands, covering everything about the social network. Constine graduated from Stanford University in 2009 with a Master's degree in Cybersociology, examining the influence of technology on social interaction. He researched the impact of privacy controls on the socialization of children, meme popularity cycles, and what influences the click through rate of links posted to Twitter. Constine also received a Bachelor of Arts degree with honors from Stanford University in 2007, with a concentration in Social Psychology & Interpersonal Processes.

Josh Constine is an experienced public speaker, and has moderated over 120 on-stage interviews in 15 countries with leaders including Facebook CEO Mark Zuckerberg, whistleblower Edward Snowden (via on-stage video conference), and U.S. Senator Cory Booker. He is available to moderate panels and fireside chats, deliver keynotes, and judge hackathon and pitch competitions. Constine has been quoted by The Wall Street Journal, CNN Money, The Atlantic, BBC World Magazine, Slate, and more, plus has been featured on television on Good Morning, America, The Today Show, China Central Television, and Fox News. Constine is ranked as the #1 most cited tech journalist on prestigious news aggregator Techmeme.

[Disclosures: Josh Constine temporarily advised a college friend's social location-sharing startup codenamed 'Signal' that was based in San Francisco before dissolving in 2015. This advising role was cleared with AOL and TechCrunch's editors and has concluded. Constine's fiancée Andee Gardiner co-founded startup accelerator Founders Embassy. Constine's cousin Darren Lachtman is the founder of influencer advertising startup Niche that was acquired by Twitter, and he's since left and founded teen content studio Brat. Constine does not write about Founders Embassy or Brat. Constine has personal acquaintances stemming from college housing circa 2007 with founders at Skybox Imaging (now Terra Bella), Hustle, Snapchat, and Robinhood, but does not maintain close social ties with them nor does that influence his writing. Constine occasionally does paid speaking engagements at conferences, but only those funded by companies he does not cover. Constine owns a small position in Ethereum and Bitcoin cryptocurrencies, does not day-trade, and discloses his positions directly in articles where appropriate. Constine does not do consulting, angel investing, or public stock trading beyond public stock invesments by his parents' estate that he has no role in managing or advising.]

https://techcrunch.com/2019/01/29/facebook-project-at las/

David https://markethive.com/david-ogden

Apple bans Facebook’s Research app that paid users for data

Apple bans Facebook’s Research app that paid users for data

  

In the wake of TechCrunch’s investigation yesterday,

Apple blocked Facebook’s Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store.

TechCrunch had reported that Facebook was breaking Apple’s policy that the Enterprise system is only for distributing internal corporate apps to employees, not paid external testers. That was actually before Facebook released a statement last night saying that it had shut down the iOS version of the Research program without mentioning that it was forced by Apple to do so.

TechCrunch’s investigation discovered that Facebook has been quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. It recruited 13 to 35 year olds, 5 percent of which were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install Facebook’s Research app, the included VPN app that routes traffic to Facebook, and to ‘Trust’ the company with root network access to their phone. That lets Facebook pull in a user’s web browsing activity, what apps are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to screenshot and submit their Amazon order history. Facebook uses all this data to track competitors, assess trends, and plan its product roadmap.

Facebook was forced to remove its similar Onavo Protect app in August last year after Apple changed its policies to prohibit the VPN app’s data collection practices. But Facebook never shut down the Research app with the same functionality it was running in parallel. In fact, TechCrunch commissioned security expert Will Strafach to dig into the Facebook Research app, and we found that it featured tons of similar code and references to Onavo Protect. That means Facebook was purposefully disobeying the spirit of Apple’s 2018 privacy policy change while also abusing the Enterprise Certificate program.

Sources tell us that Apple revoking Facebook’s Enterprise Certificate has broken all of the company’s legitimate employee-only apps. Those include pre-launch internal-testing versions of Facebook and Instagram, as well as the employee apps for coordinating office collaboration, commutes, seeing the day’s lunch schedule, and more. That’s causing mayhem at Facebook, disrupting their daily work flow and ability to do product development. We predicted yesterday that Apple could take this drastic step to punish Facebook much harder than just removing its Research app. The disruption will translate into a huge loss of productivity for Facebook’s 33,000 employees.

For reference, Facebook’s main iOS app still functions normally. Also, you can’t get paid for installing Onavo Protect on Android, only for the Facebook Research app. And Facebook isn’t the only one violating Apple’s Enterprise Certificate policy, as TechCrunch discovered Google’s Screenwise Meter surveillance app breaks the rules too. This morning, Apple informed us it had banned Facebook’s Research app yesterday before the social network seemingly pulled it voluntarily. Apple provided us with this strongly worded statement condemning the social network’s behavior:

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

That comes in direct contradiction to Facebook’s initial response to our investigation. Facebook claimed it was in alignment with Apple’s Enterprise Certificate policy and that the program was no different than a focus group. Seven hours later, a Facebook spokesperson said it was pulling its Research program from iOS without mentioning that Apple forced it to do so, and issued this statement disputing the characterization of our story:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

We refute those accusations by Facebook. As we wrote yesterday night, Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

Senator Mark Warner has since called on Facebook CEO Mark Zuckerberg to support legislation requiring individual informed consent for market research initiatives like Facebook Research. Meanwhile, Senator Richard Blumenthal issued a fierce statement that “Wiretapping teens is not research, and it should never be permissible.”

The situation will surely worsen the relationship between Facebook and Apple after years of mounting animosity between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices, and Zuckerberg has countered that it offers products for free for everyone rather than making products few can afford like Apple. Flared tensions could see Facebook receive less promotion in the App Store, fewer integrations into iOS, and more jabs from Cook. Meanwhile, the world sees Facebook as having been caught red-handed threatening user privacy and breaking Apple policy.

Article Produced By
Josh Constine

Editor-At-Large

Josh Constine is a technology journalist who specializes in deep analysis of social products. He is currently an Editor-At-Large for TechCrunch and is available for speaking engagements. Previously, Constine was the Lead Writer of Inside Facebook through its acquisition by WebMediaBrands, covering everything about the social network. Constine graduated from Stanford University in 2009 with a Master's degree in Cybersociology, examining the influence of technology on social interaction. He researched the impact of privacy controls on the socialization of children, meme popularity cycles, and what influences the click through rate of links posted to Twitter.

Constine also received a Bachelor of Arts degree with honors from Stanford University in 2007, with a concentration in Social Psychology & Interpersonal Processes. Josh Constine is an experienced public speaker, and has moderated over 120 on-stage interviews in 15 countries with leaders including Facebook CEO Mark Zuckerberg, whistleblower Edward Snowden (via on-stage video conference), and U.S. Senator Cory Booker. He is available to moderate panels and fireside chats, deliver keynotes, and judge hackathon and pitch competitions. Constine has been quoted by The Wall Street Journal, CNN Money, The Atlantic, BBC World Magazine, Slate, and more, plus has been featured on television on Good Morning, America, The Today Show, China Central Television, and Fox News. Constine is ranked as the #1 most cited tech journalist on prestigious news aggregator Techmeme.

[Disclosures: Josh Constine temporarily advised a college friend's social location-sharing startup codenamed 'Signal' that was based in San Francisco before dissolving in 2015. This advising role was cleared with AOL and TechCrunch's editors and has concluded. Constine's fiancée Andee Gardiner co-founded startup accelerator Founders Embassy. Constine's cousin Darren Lachtman is the founder of influencer advertising startup Niche that was acquired by Twitter, and he's since left and founded teen content studio Brat. Constine does not write about Founders Embassy or Brat. Constine has personal acquaintances stemming from college housing circa 2007 with founders at Skybox Imaging (now Terra Bella), Hustle, Snapchat, and Robinhood, but does not maintain close social ties with them nor does that influence his writing. Constine occasionally does paid speaking engagements at conferences, but only those funded by companies he does not cover. Constine owns a small position in Ethereum and Bitcoin cryptocurrencies, does not day-trade, and discloses his positions directly in articles where appropriate. Constine does not do consulting, angel investing, or public stock trading beyond public stock invesments by his parents' estate that he has no role in managing or advising.]

https://techcrunch.com/2019/01/30/apple-bans-facebook-vpn/

David https://markethive.com/david-ogden

Facebook may proactively close Pages and Groups before they’re in violation of policy

Facebook may proactively close Pages and Groups before they’re in violation of policy

Facebook today announced changes

to the way it handles the removal of content from Facebook Pages that’s in violation of the social network’s Community Standards, as well as when the Page has posted items that are rated false by a third-party fact-checking service. It says it will also make it harder for those whose Pages have been shut down for violations to return with new Pages featuring the same, duplicated content by proactively banned other Pages and Groups, in some cases.

To address the first two issues, Facebook says it’s introducing a new tab on Facebook Pages — the “Page Quality” tab — which will inform those who manage the Page which content has been removed for violating standards and what was rated “fake news.” The section will explain if content was removed for being “hate speech, graphic violence, harassment and bullying, and regulated goods, nudity or sexual activity,” or being “support or praise” of people and events that are not allowed to be on Facebook, the company explained today in a blog post detailing the upcoming changes.

The “people or events” not allowed on Facebook are those associated with real-world harm. This could include people associated with hate groups, terrorist activity, mass or serial murder, human trafficking or organized crime or violence. Facebook also removes any content that expresses praise or support for those involved in such activities. The tab will also inform Page managers which content may have been demoted by Facebook algorithms, if not removed entirely. This includes content that has been found to be false news by independent fact-checking organizations. Facebook began taking action against clickbait several years ago, then later began to flag and down-rank fake news, as that essentially became the new clickbait.

But those who distributed fake news headlines weren’t necessarily aware that their content’s distribution was being reduced as a result. This tab will now inform them. Facebook says it will identify several types of down-ranked news items, including content recently rated “False,” “Mixture” or “False Headline” by third-party fact-checkers. However, it won’t actually show those items it deemed “clickbait,” or those that it removed for being spam or due to an IP violation.

In other words, the new Page Quality tab isn’t a full window into everything being removed or down-ranked, only those areas that are today of utmost importance to Facebook to get under control. (Facebook disputes this characterization: “There’s not necessarily a direct connection between what we can currently share in the tab and overall harm/priority,” it tells us. “All of our policies within our Community Standards are important to us in our efforts to keep our community safe.” The company also says that it will add more policy violation types to this area in time.)

“We hope this will give people the information they need to police bad behavior from fellow Page managers, better understand our Community Standards, and, let us know if we’ve made an incorrect decision on content they posted,” the company explained in its announcement.

Proactive bans

Related to this, Facebook says it’s seen an increase in people using their existing Pages to duplicate the content that had been pulled down from Pages that were banned for violating Facebook’s Community Standards. While it had policies that prohibited people from creating new Pages (or groups, events, accounts, etc.) for this purpose, it hadn’t been proactively policing the use of existing Pages — and that, effectively, became a loophole for the violators to abuse. Now, Facebook says when it removes a Page or Group for policy violations, it may also remove other Pages and Groups — even if the other Pages and Groups haven’t “met the threshold to be unpublished on its own.”

In other words, if Facebook believes the other Pages and Groups will be used as the new home for the content found to be in violation, it will proactively remove them… before they actually do so. (That’s likely to cause some debate.) Facebook says it will make this determination based on a broad range of factors — like if the other Pages or Groups have the same admins or a use similar name, for example. The new “Page Quality” tab will launch tomorrow, while the proactive removals will begin in the weeks ahead.

Article Produced By
Sarah Perez

Writer

Sarah currently works as a writer for TechCrunch, after having previously spent over three years at ReadWriteWeb. Prior to her work as a reporter, Sarah worked in I.T. across a number of industries, including banking, retail and software.

https://techcrunch.com/2019/01/23/facebook-may-proactively-close-pages-and-groups-before-theyre-in-violation-of-policy/

David https://markethive.com/david-ogden