Author: Josh Constine

Crypto-collectibles and Kitties marketplace Rare Bits raises $6M

Rare Bits wants to be eBay for the blockchain, where you buy, sell, and trade non-fungible crypto-goods. After CryptoKitties raised $12 million from Andreessen Horowitz last month for its digital collectibles game, there’s been an explosion of interest in the space. But without a popular marketplace, it’s hard to find the goods you want at the right price. Now a team of former Zynga staffers is building out its crypto-collectible auction and commerce site with a $6 million round led by Nabeel Hyatt at Spark Capital, and joined by First Round Capital, David Sacks’ Craft Ventures, and SVAngel.

Because of the Ethereum ledger, for the first time, users can truly own their digital items” says co-founder Amitt Mahajan. “Previously in mobile or social games, virtual items earned through play or by spending money were actually owned by the company operating the game. If they shut down their servers, the items would go away and users would be out of luck. We believe this new asset class represents a paradigm shift in digital property whereby centralized assets will be moved onto decentralized systems” For now, Rare Bits isn’t slapping any extra fees on its marketplace, compared to paying 1 percent to 4 percent on other marketplaces like Open Sea and Wyvern Exchange. Instead, if a crypto-item developer charges a fee on secondary sales, say 5 percent, they’ll split that with Rare Bits for arranging the transaction.

Users get the benefit of having all their crypto-collectibles in a single wallet. They can see historical pricing before they buy anything thanks to the transparency of the Ethereum ledger, whether they want to “Buy Now” or win an auction. They collectors can also see related items rather than transacting in a vacuum.

Rare Bits founders from left: Danny Lee, Payom Dousti, Dave Pekar, and Amitt Mahajan.

Mahajan, Danny Le, and Dave Pekar all met after selling their gaming startups to Zynga. [Disclosure: I know Pekar from college] Their fourth co-founder Payom Dousti worked at crypto VC fund 1/0 Capital and sold his sports analytics startup numberFire to FanDuel. With experience across the gaming, virtual good, and crypto space, Mahajan tells me “We thought long and hard about potentially building blockchain-based games ourselves but ultimately decided that there was a larger opportunity in focusing on crypto-based property as a whole.” The Rare Bits exchange launched in February and did over $100,000 in transactions in its first month.

With some CryptoKitties selling elsewhere for as much as $200,000, investors liked the idea of taking a cut of everyone’s transactions rather than just launching another digital trading card. That led Rare Bits to raise a $1 million seed from Macro Ventures and angels like Steve Jang and Robin Chan. As scaling issues threaten to prevent the Bitcoin and Ethereum blockchains from supporting micropayments and mainstream commerce, new use cases like crypto-collectibles are taking the spotlight.

Now with the $6 million Series A, Rare Bits is bringing in some heavyweight angels from the world of gaming. That includes Emmet Shear and Justin Kan, the co-founders of Twitch. Former Dropbox execs and married couple Ruchi Sanghvi and Aditya Agrawal are also in the round, alongside Greenoaks Captial MD Neil Mehta and Channel Factory CEO Tony Chen.

The team hopes the runway will help it secure partnerships with developers and creatives to publish new collectibles for the blockchain that have a home on Rare Bits. “While today most of these items are items from games and collectibles, we envision that we will see licenses, tickets, rights, even tokenized physical goods represented as digital assets” Mahajan tells us.

Rare Bits will have to deal with the inherent scaling troubles of the Ethereum blockchain it operates on. For now, it’s refunding users the “gas” it costs to execute purchases and sales on its marketplace in a timely manner. Thos range from a few cents to a few dollars depending on network congestion. But Rare Bits could be looking at a steep bill or be forced to push those fees onto users if it gets popular enough.

There’s always the danger that CryptoKitties and the like are just the new Beanie Babies — valued today, but worthless when the fad dies. Rare Bits benefits from getting to follow the trend to whatever crypto-collectible is in vogue, and just has to hope the whole concept doesn’t fade.

“Our ultimate goal is to convince millions of new people to begin owning and transacting crypto-based property” says Mahajan. But the founders will probably be okay regardless. “Like anyone crazy enough to start a crypto app company this early, we started buying and HODLing BTC and ETH years ago.”

Login With Facebook data hijacked by JavaScript trackers

Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data.

The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That’s according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton’s Center For Information Technology Policy.

Meanwhile, concert site BandsInTown was found to be passing Login With Facebook user data to embedded scripts on sites that install its Amplified advertising product. An invisible BandsInTown iframe would load on these sites, pulling in user data that was then accessible to embedded scripts. That let any malicious site using BandsInTown learn the identity of visitors. BandsInTown has now fixed this vulnerability.

TechCrunch is still awaiting a formal statement from Facebook beyond “We will look into this and get back to you.” After TechCrunch brough the issue to MongoDB’s attention this morning, it investigated and just provided this statement “We were unaware that a third-party technology was using a tracking script that collects parts of Facebook user data. We have identified the source of the script and shut it down.” Fiverr and BandsInTown did not respond before press time.

 

The discovery of these data security flaws comes at a vulnerable time for Facebook. The company is trying to recover from the Cambridge Analytica scandal, CEO Mark Zuckerberg just testified before congress, and today it unveiled privacy updates to comply with Europe’s GDPR law. But Facebook’s recent API changes designed to safeguard user data didn’t prevent these exploits. And the situation shines more light on the little-understood ways Facebook users are tracked around the Internet, not just on its site.

“When a user grants a website access to their social media profile, they are not only trusting that website, but also third parties embedded on that site” writes Englehardt. This chart shows that what some trackers are pulling from users. Freedom To Tinker warned OnAudience about another security issue recently, leading it to stop collecting user info.

Facebook could have identified these trackers and prevented these exploits with sufficient API auditing. It’s currently ramping up API auditing as it hunts down other developers that might have improperly shared, sold, or used data like how Dr. Aleksandr Kogan’s app’s user data ended up in the hands of Cambridge Analytica. Facebook could also change its systems to prevent developers from taking an app-specific user ID and employing it to discover that person’s permanent overarching Facebook user ID.

Revelations like this are likely to beckon a bigger data backlash. Over the years, the public had became complacent about the ways their data was exploited without consent around the web. While it’s Facebook in the hot seat, other tech giants like Google rely on user data and operate developer platforms that can be tough to police. And news publishers, desperate to earn enough from ads to survive, often fall in with sketchy ad networks and trackers.

Zuckerberg makes an easy target because the Facebook founder is still the CEO, allowing critics and regulators to blame him for the social network’s failings. But any company playing fast and loose with user data should be sweating.

A flaw-by-flaw guide to Facebook’s new GDPR privacy changes

Facebook is about to start pushing European users to speed through giving consent for its new GDPR privacy law compliance changes. They ask users review how Facebook uses data around the web to target you with ads, sensitive profile info they share, and facial recognition But with a design the encourages rapidly hitting the “Agree” button, a lack of granular controls, a laughably cheatable parental consent request for teens, and an aesthetic overhaul of Download Your Information that doesn’t make it any easier to switch social networks, Facebook shows it’s still hungry for your data.

The new privacy change and terms of service consent flow will appear starting this week to European users, though they’ll be able to dismiss it for now, at least until the May 25th GDPR compliance deadline Facebook vowed to uphold in Europe. Meanwhile, Facebook says it will roll out the changes and consent flow globally over the coming weeks and months, though with some slight regional differences. And finally, all teens worldwide that share sensitive info will have to go through the weak new parental consent flow.

Facebook brought a group of reporters to the new Building 23 at its Menlo Park headquarters to preview the changes. But feedback was heavily critical as journalists grilled Facebook’s deput chief privacy officer Rob Sherman. Questions centered around how Facebook makes accepting the updates much easier than review or changing them, but Sherman stuck to talking points about how important it was to give users choice and information.

“Trust is really important and it’s clear that we have a lot of work to do to regain the trust of people on our service” he said, giving us deja vu about Mark Zuckerberg’s testimonies before congress. “We know that people won’t becomfortable using facebook if they don’t feel that their information is protected.”

Trouble At Each Step Of Facebook’s Privacy Consent Flow

There are a ton of small changes so we’ll lay out each with our criticisms.

Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. But with just an ‘X’ up top to back out, it’s already training users to speed through by hitting that big blue button at the bottom.

Sensitive Info

First up is control of your sensitive profile information, specifically your sexual preference, religious views, and political views. As you’ll see at each step, you can either hit the pretty blue “Accept And Continue” button regardless of whether you’ve scrolled through the information. But if you hit the ugly grey “Manage Settings” button, you have to go through an interstitial where Facebook makes it’s argument trying to deter you from moving the info before letting you make and save your choice. It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes.

Facebook doesn’t let advertisers target you based on this sensitive info, which is good. The only exception is that in the US, political views alongside political Pages and Events you interact with inform your overarching personality categories that can be targeted with ads. But your only option here is either to remove any info you’ve shared in these categories so friends can’t see it, or allow Facebook to use it to personalize the site. There’s no option to keep this stuff on your profile but not let Facebook use it.

Facial Recognition

The Face Recognition step won’t actually give users in the European Union a choice, as the government has banned the feature. But everyone else will get to choose whether to leave their existing setting, which defaults to on, or turn off the feature. Here the lack of granularity is concerning. Users might want to see warnings about possible impersonators using their face in their profile pics, but not be suggested as someone to tag in their friends’ photos. Unfortunately, it’s all or nothing. While Facebook is right to make it simple to turn on or off completely, granular controls that unfold for those that want them would be much more empowering.

Data Collection Across The Web

A major concern that’s arisen in the wake of Zuckerberg’s testimonies is how Facebook uses data collected about you from around the web to target users with ads and optimize its service. While Facebook deputer chief privacy officer Rob Sherman echoed Zuckerberg in saying that users tell the company they prefer relevant ads, and that this data can help thwart hackers and scrapers, many users are unsettled by the offsite collection practices. Here, Facebook lets you block it from targeting you wih ads based on data about your browsing behavior on sites that show its Like and share buttons, conversion Pixel, or Audience Network ads. Here the issue is that there’s no way to stop Facebook from using that data from personalizing your News Feed or optimizing other parts of its service.

New Terms Of Service

Facebook recently rewrote its Terms Of Service and Data Use Policy to be more explicit and easy to read. It didn’t make any significant changes other than noting the policy now applies to its subsidiaries like Instagram, WhatsApp, and Oculus. That’s all clearly explained here, which is nice. But the fact that the button to reject the new Terms Of Service isn’t even a button, it’s a tiny ‘see your options’ hyperlink shows how badly Facebook wants to avoid you closing your account. When Facebook’s product designer for the GDPR flow was asked if she thought this hyperlink was the best way to present the alternative to the big ‘I Accept’ button, she disingenuously said yes, eliciting scoffs from the room of reporters. It seems obvious that Facebook is trying to minimize the visibility of the path to account deletion rather than making it an obvious course of action if you don’t agree to its terms.

I requested Facebook actually show us what was on the other side of the that tine ‘see my options’ link and this is what we got. First, Facebook doesn’t mention its temporary deactivation option, just the scary permanent delete option. Facebook recommends downloading your data before deleting your account, which you should. But the fact that you’ll have to wait (often a few hours) before you can download your data could push users to delay deletion and perhaps never resume. And only if you keep scrolling do you get to another tiny “I’m ready to delete my account” hyperlink instead of a real button.

Parental Consent

GDPR also implements new regulation about how teens are treated, specifically users between the ages of 13 (the minimum age required to sign up for Facebook) and 15. If users in this age range have shared their religious views, political views, or sexual preference, Facebook requires them to either remove it or get parental consent to keep it. But the system for attaining and verifying that parental consent is a joke.

Users merely select one of their Facebook friends or enter an email address, and that person is asked to give consent for their ‘child’ to share sensitive info. But Facebook blindly trusts that they’ve actually selected their parent or guardian, even though it has a feature for users to designate who their family is, and the kid could put anyone in the email field, including an alternate address they control. Sherman says Facebook is “not seeking to collect additional information” to verify parental consent, so it seems Facebook is happy to let teens easily bypass the checkup.

Privacy Shortcuts

To keep all users abreast of their privacy settings, Facebook has redesigned its Privacy Shortcuts in a colorful format that sticks out from the rest of the site. No complaints here.

Download Your Information

Facebook has completely redesigned its Download Your Information tool after keeping it basically the same for the past 8 years. You can now view your content and data in different categories without downloading it, which alongside the new privacy shortcuts is perhaps the only unequivocally positive and unproblematic change amidst today’s announcements.

And Facebook now lets you select certain categories of data, date ranges, JSON or HTML format, and image quality to download. That could make it quicker and easier if you just need a copy of a certain type of content but don’t need to export all your photos and videos for example. Thankfully, Facebook says you’ll be able to now export your media in a higher resolution than the old tool allowed.

But the big problem here was the subject of my feature piece about Facebook’s lack of data portability. The Download Your Information tool is supposed to let you take your data and go to a different social network. But it only exports your social graph aka your friends as a text list of names. There are no links, usernames, or other unique identifiers unless friends opt into let you export their email or phone number, so good luck finding the right John Smith on another app. The new version of Download Your Information works exactly the same, rather than offering any interoperable format that would let you find your friends elsewhere.

A Higher Standard

Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. Sure, privacy is boring to a lot of people. Too little info and they feel confused and scared. Too many choices and screens and they feel overwhelmed and annoyed. Facebook struck the right balance in some places here. But the subtly pushy designs seem intended to push people away from changing their defaults in ways that could hamper Facebook’s mission and business.

Making the choices even in visible weight, rather than burying the ways to make changes in grayed-out buttons and tiny links, would have been more fair. And it would have shown that Facebook has faith in the value it provides, such that users would stick around and leave features enabled if they truly wanted to.

When questioned about this, Sherman pointed the finger at other tech companies, saying he thought Facebook was more upfront with users. Asked to clarify if he thought Facebook’s approach was “better”, he said “I think that’s right”. But Facebook isn’t being judged by the industry standard because it’s not a standard company. It’s built its purpose and its business on top of our private data, and touted itself as a boon to the world. But when asked to clear a higher bar for privacy, Facebook delved into design tricks to keep from losing our data

Facebook points finger at Google and Twitter for data collection

“Other companies suck in your data too,” Facebook explained in many, many words today with a blog post detailing how it gathers information about you from around the web.

Facebook product management director David Baser wrote, “Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features. These companies — and many others — also offer advertising services. In fact, most websites and apps send the same information to multiple companies each time you visit them.” Describing how Facebook receives cookies, IP address, and browser info about users from other sites, he noted, “when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.”

It seems Facebook is tired of being singled-out. The tacked on “them too!” statements at the end of its descriptions of opaque data collection practices might have been trying to normalize the behavior, but comes off feeling a bit petty.

The blog post also fails to answer one of the biggest lines of questioning from CEO Mark Zuckerberg’s testimonies before Congress last week. Zuckerberg was asked by Representative Ben Lujan about whether Facebook constructs “shadow profiles” of ad targeting data about non-users.

Today’s blog post merely notes that “When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook. Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them.”

Facebook has a lot more questions to answer about this practice, since most of its privacy and data controls are only accessible to users who’ve signed up.

The data privacy double-standard

That said, other tech companies have gotten off light. Whether it’s because Apple and Google aren’t CEO’d by their founders any more, or we’ve grown to see iOS and Android as such underlying platforms that they aren’t responsible for what third-party developers do, scrutiny has focused on Zuckerberg and Facebook.

The Cambridge Analytica scandal emerged from Facebook being unable to enforce its policies that prohibit developers from sharing or selling data they pull from Facebook users. Yet it’s unclear whether Apple and Google do a better job at this policing. And while Facebook let users give their friends’ names and interests to Dr. Aleksandr Kogan, who sold it to Cambridge Analytica, iOS and Android apps routinely ask you to give them your friends’ phone numbers, and we don’t see mass backlash about that.

At least not yet.

The psychological impact of an $11 Facebook subscription

Would being asked to pay Facebook to remove ads make you appreciate their value or resent them even more? As Facebook considers offering an ad-free subscription option, there are deeper questions than how much money it could earn. Facebook has the opportunity to let us decide how we compensate it for social networking. But choice doesn’t always make people happy.

In February I explored the idea of how Facebook could disarm data privacy backlash and boost well-being by letting us pay a monthly subscription fee instead of selling our attention to advertisers. The big takeaways were:

  • Mark Zuckerberg insists that Facebook will remain free to everyone, including those who can’t afford a monthly fee, so subscriptions would be an opt-in alternative to ads rather than a replacement that forces everyone to pay
  • Partially decoupling the business model from maximizing your total time spent on Facebook could let it actually prioritize time well spent because it wouldn’t have to sacrifice ad revenue
  • The monthly subscription price would need to offset Facebook’s ad earnings. In the US & Canada Facebook earned $19.9 billion in 2017 from 239 million users. That means the average user there would have to pay $7 per month

However, my analysis neglected some of the psychological fallout of telling people they only get to ditch ads if they can afford it, the loss of ubiquitous reach for advertisers, and the reality of which users would cough up the cash. Though on the other hand, I also neglected the epiphany a price tag could produce for users angry about targeted advertising.

What’s Best For Everyone

This conversation is relevant because Zuckerberg was asked twice by congress about Facebook potentially offering subscriptions. Zuckerberg endorsed the merits of ad-supported apps, but never ruled out letting users buy a premium version. “We don’t offer an option today for people to pay to not show ads” Zuckerberg said, later elaborating that “Overall, I think that the ads experience is going to be the best one. I think in general, people like not having to pay for a service. A lot of people can’t afford to pay for a service around the world, and this aligns with our mission the best.”

But that word ‘today’ gave a glimmer of hope that we might be able to pay in the future.

Facebook CEO and founder Mark Zuckerberg testifies during a US House Committee on Energy and Commerce hearing about Facebook on Capitol Hill in Washington, DC, April 11, 2018. (Photo: SAUL LOEB/AFP/Getty Images)

What would we be paying for beyond removing ads, though?. Facebook already lets users concerned about their privacy opt out of some ad targeting, just not seeing ads as a whole. Zuckerberg’s stumping for free Internet services make it seem unlikely that Facebook would build valuable features and reserve them for subscribers

Spotify only lets paid users play any song they want on-demand, while ad-supported users are stuck on shuffle. LinkedIn only lets paid users message anyone they want and appear as a ‘featured applicant’ to hirers, while ad-supported users can only message their connections. Netflix only lets paid users…use it at all.

But Facebook views social networking as a human right, and would likely want to give all users any extra features it developed like News Feed filters to weed out politics or baby pics. Facebook also probably wouldn’t sell features that break privacy like how LinkedIn subscribers can see who visited their profiles. In fact, I wouldn’t bet on Facebook offering any significant premium-only features beyond removing ads. That could make it a tough sell.

Meanwhile, advertisers trying to reach every member of a demographic might not want a way for people to pay to opt-out of ads. If they’re trying to promote a new movie, a restaurant chain, or an election campaign, they’d want as strong of penetration amongst their target audience as they can get. A subscription model punches holes in the ubiquity of Facebook ads that drive businesses to the app.

Resentment Vs Appreciation

But the biggest issue is that Facebook is just really good at monetizing with ads. For never charging users, it earns a ton of money. $40 billion in 2017. Convincing people to pay more with their wallets than their eyeballs may be difficult. And the ones who want to pay are probably worth much more than the average.

Let’s look at the US & Canada market where Facebook earns the most per user because they’re wealthier and have more disposable income than people in other parts of the world, and therefore command higher ad rates. On average US and Canada users earn Facebook $7 per month from ads. But those willing and able to pay are probably richer than the average user, so luxury businesses pay more to advertise to them, and probably spend more time browsing Facebook than the average user, so they see more of those ads.

Brace for sticker shock, because for Facebook to offset the ad revenue of these rich hardcore users, it might have to charge more like $11 to $14 per month.

With no bonus features, that price for something they can get for free could seem way too high. Many who could afford it still wouldn’t justify it, regardless of how much time they spend on Facebook compared to other media subscriptions they shell out for. Those who truly can’t afford it might suddenly feel more resentment towards the Facebook ads they’ve been scrolling past unperturbed for years. Each one would be a reminder that they don’t have the cash to escape Facebook’s data mines.

But perhaps it’s just as likely that people would feel the exact opposite — that having to see those ads really isn’t so bad when faced with the alternative of a steep subscription price.

People often don’t see worth in what they get for free. Being confronted with a price tag could make them more cognizant of the value exchange they’re voluntarily entering. Social networking costs money to operate, and they have to pay somehow. Seeing ads keeps Facebook’s lights on, its labs full of future products, and its investors happy.

That’s why it might not matter if Facebook can only get 4 percent, or 1 percent, or 0.1 percent of users to pay. It could be worth it for Facebook to build out a subscription option to empower users with a sense of choice and provide perspective on the value they already receive for free.

For more big news about Facebook, check out our recent coverage:

Facebook shouldn’t block you from finding friends on competitors

Twitter, Vine, Voxer, MessageMe. Facebook has repeatedly cut off competitors from its feature for finding your Facebook friends on their apps… after jumpstarting its own social graph by convincing people to upload their Gmail contacts. Meanwhile, Facebook’s Download Your Information tool merely exports a text list of friends’ names you can’t use elsewhere.

As Congress considers potential regulation following Mark Zuckerberg’s testimonies, it should prioritize leveling the playing field for aspiring alternatives to Facebook and letting consumers choose where to social network. And as a show of good faith and argument against it abusing its monopoly, Facebook should make our friend list truly portable.

It’s time to free the social graph — to treat it as a fundamental digital possession, the way the Telecommunications Act of 1996 protects your right to bring your phone number with you to a new network.

The two most powerful ways to do this would be for Facebook to stop, or Congress to stop it from, blocking friend finding on competitors like it’s done in the past to Twitter and more. And Facebook should change its Download Your Information tool to export our friend list in a truly interoperable format. When you friend someone on Facebook, they’re not just a name. They’re someone specific amongst often many with the same name, and Facebook should be open to us getting connected with them elsewhere.

Facebook takes data it won’t give

While it continues til this day, back in 2010 Facebook goaded users to import their Gmail address books so they could add them as Facebook friends. But it refused to let users export the email addresses of their friends to use elsewhere. That led Google to change its policy and require data portability reciprocity from any app using its Contacts API.

So did Facebook back off? No. It built a workaround, giving users a deep link to download their Gmail contacts from Google’s honorable export tool. Facebook then painstakingly explained to users how to upload that file so it could suggest they friend all those contacts.

Google didn’t want to stop users from legitimately exporting their contacts, so it just put up a strongly worded warning to Gmail users: “Trap my contacts now: Hold on a second. Are you super sure you want to import your contact information for your friends into a service that won’t let you get it out? . . . Although we strongly disagree with this data protectionism, the choice is yours. Because, after all, you should have control over your data.” And Google offered to let you “Register a complaint over data protectionism.”

Eight years later, Facebook has grown from a scrappy upstart chasing Google to become one of the biggest, most powerful players on the internet. And it’s still teaching users how to snatch their Gmail contacts’ email addresses while only letting you export the names of your friends — unless they opt-in through an obscure setting, because it considers contact info they’ve shared as their data, not yours. Whether you should be allowed to upload other people’s contact info to a social network is a bigger question. But it is blatant data portability hypocrisy for Facebook to encourage users to import that data from other apps but not export it.

In some respects, it’s good that you can’t mass-export the email addresses of all your Facebook friends. That could enable spamming, which probably isn’t what someone had in mind when they added you as friend on Facebook. They could always block, unfriend or mute you, but they can’t get their email address back. Facebook is already enduring criticism about how it handled data privacy in the wake of the Cambridge Analytica scandal.

Yet the idea that you could find your Facebook friends on other apps is a legitimate reason for the platform to exist. It’s one of the things that’s made Facebook Login so useful and popular. Facebook’s API lets certain apps check to see if your Facebook friends have already signed up, so you can easily follow them or send them a connection request. But Facebook has rescinded that option when it senses true competition.

Data protectionism

Twitter is the biggest example. Facebook didn’t and still doesn’t let you see which of your Facebook friends are on Twitter, even though it has seven times as many users. Twitter co-founder Ev Williams, frustrated in 2010, said that “They see their social graph as their core asset, and they want to make sure there’s a win-win relationship with anybody who accesses it.”

Facebook went on to establish a formal policy that said that apps that wanted to use its Find Friends tool had to abide by these rules:

  •  If you use any Facebook APIs to build personalized or social experiences, you must also enable people to easily share their experiences back with people on Facebook.

  • You may not use Facebook Platform to promote, or to export user data to, a product or service that replicates a core Facebook product or service without our permission.

Essentially, apps that piggybacked on Facebook’s social graph had to let you share back to Facebook, and couldn’t compete with it. It’s a bit ironic, given Facebook’s overarching strategy for years has been “replicate core functionality.” From cloning Twitter’s asymmetrical follow and Trending Topics to Snapchat’s Stories and augmented reality filters, all the way back to cribbing FriendFeed’s News Feed and Facebook’s start as a rip-off of the Winklevii’s HarvardConnection.

Restrictions against replicating core functionality aren’t unheard of in tech. Apple’s iOS won’t let you run an App Store from inside an app, for example. But Facebook’s selective enforcement of the policy is troubling. It simply ignores competing apps that never get popular. Yet if they start to grow into potential rivals, Facebook has swiftly enforced this policy and removed their Find Friends access, often inhibiting further growth and engagement.

Here are few of examples of times Facebook has cut off competitors from its graph:

  • Voxer was one of the hottest messaging apps of 2012, climbing the charts and raising a $30 million round with its walkie-talkie-style functionality. In early January 2013, Facebook copied Voxer by adding voice messaging into Messenger. Two weeks later, Facebook cut off Voxer’s Find Friends access. Voxer CEO Tom Katis told me at the time that Facebook stated his app with tens of millions of users was a “competitive social network” and wasn’t sharing content back to Facebook. Katis told us he thought that was hypocritical. By June, Voxer had pivoted toward business communications, tumbling down the app charts and leaving Facebook Messenger to thrive.
  • MessageMe had a well-built chat app that was growing quickly after launching in 2013, posing a threat to Facebook Messenger. Shortly before reaching 1 million users, Facebook cut off MessageMe‘s Find Friends access. The app ended up selling for a paltry double-digit millions price tag to Yahoo before disintegrating.
  • Phhhoto and its fate show how Facebook’s data protectionism encompasses Instagram. Phhhoto’s app that let you shoot animated GIFs was growing popular. But soon after it hit 1 million users, it got cut off from Instagram’s social graph in April 2015. Six months later, Instagram launched Boomerang, a blatant clone of Phhhoto. Within two years, Phhhoto shut down its app, blaming Facebook and Instagram. “We watched [Instagram CEO Kevin] Systrom and his product team quietly using PHHHOTO almost a year before Boomerang was released. So it wasn’t a surprise at all . . . I’m not sure Instagram has a creative bone in their entire body.”
  • Vine had a real shot at being the future of short-form video. The day the Twitter-owned app launched, though, Facebook shut off Vine’s Find Friends access. Vine let you share back to Facebook, and its six-second loops you shot in the app were a far cry from Facebook’s heavyweight video file uploader. Still, Facebook cut it off, and by late 2016, Twitter announced it was shutting down Vine.

As I wrote in 2013, “Enforcement of these policies could create a moat around Facebook. It creates a barrier to engagement, retention, and growth for competing companies.” But in 2018, amongst whispers of anti-trust action, Facebook restricting access to its social graph to protect the dominance of its News Feed seems egregiously anti-competitive.

That’s why Facebook should pledge to stop banning competitors from using its Find Friends tool. If not, congress should tell Facebook that this kind of behavior could lead to more stringent regulation.

Friends aren’t just names

When Senator John Neely Kennedy asked Zuckerberg this week, “are you willing to give me the right to take my data on Facebook and move it to another social media platform?”, Zuckerberg claimed that “Senator, you can already do that. We have a Download Your Information tool where you can go get a file of all the content there, and then do whatever you want with it.”

But that’s not exactly true. You can export your photos that can be easily uploaded elsewhere. But your social graph — all those confirmed friend requests — gets reduced to a useless string of text. Download Your Information spits out merely a list of your friends’ names and the dates on which you got connected. There’s no unique username. No link to their Facebook profile. Nothing you can use to find them on another social network beyond manually typing in their names.

That’s especially problematic if your friends have common names. There are tons of John Smiths on Facebook, so finding him on another social network with just a name will require a lot of sleuthing, or guess-work. Depending on where you live, locating a particular Garcia, Smirnov or Lee could be quite difficult. Facebook even built a short-lived feature called Friendshake to help you friend someone nearby amongst everyone in their overlapping name space.

When I asked about this, Facebook told me that users can opt-in to having their email or phone number included in the Download Your Information export. But this privacy setting is buried and little-known. Just 4 percent of my friends, centered around tech savvy San Francisco, had enabled it.

As I criticized way back in 2010 when Download Your Information launched, “The data can be used as a diary, or to replace other information from a hard drive crash or stolen computer — but not necessarily to switch to a different social network.”

Given Facebook’s iron grip on the Find Friends API, users deserve decentralized data portability — a way to take their friends with them that Facebook can’t take back. That’s what Download Your Information should offer, but doesn’t.

Social graph portability

This is why I’m calling on Facebook to improve the data portability of your friend connections. Give us the same consumer protections that make phone numbers portable.

At the very least Facebook should include your friends’ unique Facebook username and URL. But true portability would mean you could upload the list to another social network to find your friends there.

One option would be for Facebook’s export to include a privacy-safe, hashed version of your friends’ email address that they signed up with and share with you. Facebook could build a hashed email lookup tool so that if you uploaded these nonsensical strings of characters to another app, they could cross-reference them against Facebook’s database of your friends. If there’s a match, the app could surface that person as someone with whom you might want to reconnect. Effectively, this would let you find friends elsewhere via email address without Facebook ever giving you or other apps a human-readable list of their contact info.

If you can’t take your social graph with you, there’s little chance for a viable alternative to Facebook to arise. It doesn’t matter if a better social network emerges, or if Facebook disrespects your privacy, because there’s nowhere to go. Opening up the social graph would require Facebook to compete on the merit of its product and policies. Trying to force the company’s hand with a variety of privacy regulations won’t solve the core issue. But the prospect of users actually being able to leave would let the market compel Facebook to treat us better.

For more on Facebook’s challenges with data privacy, check out TechCrunch’s feature stories:

Facebook Stories adds funky AR drawing and Instagram’s Boomerang

You’ll soon be able to draw on the world around you and shoot back-and-forth Instagram Boomerang GIFs with the Facebook Camera. Bringing additional creative tools to the Facebook Camera could make it a more popular place to shoot content and help the company compete with Snapchat.

“We wanted to give people an easy way to create with augmented reality and draw in the world around them” says John Barnett, a Facebook Camera Product Manager about the feature it calls “3D drawing”. It’s rolling out to users over the coming weeks. Matt Navarra first spotted the features.

With AR drawing, you can scribble on the world around you, then move your camera and see the markings stay in place. It’s a fun way to add graffiti that only exists inside your screen. You can add the drawings before or while you’re recording, allowing you to draw on something out of frame, then pan or unzoom to reveal it. Facebook will eventually add more brushes beyond the pastel gradient colors seen here.

Facebook tells me the technology understands the corners and objects in the room to create a 3D spec. Facebook could that use that to detect surfaces like walls and tables to wrap the drawing onto them. Currently, it only does that when it’s confident about the object recognition, such as in optimal light conditions.

Since drawing is a universal language, the feature could make AR easy to use for younger users and Internet novices. Facebook launched its AR effects at F8 last April, and has recently added AR tracker target experiences that are triggered by real-world posters or QR codes. It all started with the company acquiring fledgling AR masks startup MSQRD in 2016.

Facebook added looping GIF creation to the Facebook Camera a year ago, but those can feel a bit jarring since they start back at the beginning once they end. Some users no longer have that GIF option, so it’s potentially being replaced by Boomerang’s established brand and more silky back-and-forth animated video clips. Facebook confirms that this feature is now rolling out to the Facebook Camera.

As we reported last week, Facebook is determined to make Stories work. Despite the criticism of it being a rip-off of Snapchat and redundant given Instagram Stories, Facebook is trying new ways to make Stories more popular an accessible. That includes tests of Stories as the default destination for content shot with the Facebook Camera, showing bigger tiles with previews of Stories atop the News Feed, and showing a camera and camera roll preview window when you open the status composer. Those, combined with these new features, could give Facebook Stories a boost in utility and visibility.

Facebook believes social media is on an inevitable journey from text to photos to videos to Stories equipped with augmented reality. Since Snapchat refused its acquisition offers, Facebook is now on a quest to evolve into an AR company rather than having to buy a big one. It remains to be seen whether users think AR is a novelty or a core utility, but Facebook won’t wait to find out.