Category Archives: Google+

Pinterest gives advertisers a way to show promoted videos that take up the screen

Pinterest is continuing its push into video as a potential avenue for advertisers by today saying that it will offer advertisers a promoted video tool that takes up the width of the entire screen.

While Pinterest normally offers users a grid that they can flip through — compressing a lot of content into a small space — taking up the full width of the screen with a promoted video would offer advertisers considerable real estate if they’re looking to get the attention of users. Pinterest pitches itself to advertisers as a strong alternative to Facebook or Google, giving marketers a way to reach an audience that behaves a little more differently than when on those other platforms and coming to Pinterest to discover new things.

The company also said it’s hired Tina Pukonen as an entertainment strategist and Mike Chuthakieo as an industry sales lead. Pinterest says more than 42 million people in the U.S. come to Pinterest for entertainment ideas, and that potential tool offers an interesting niche opportunity for advertisers to capture the attention of a user for a product — say, a movie — that needs a lot of awareness marketing. Getting a user’s attention for just a few seconds can be more than enough time to at least plant the seed of potentially buying a product down the line.

It’s that argument that what gives Pinterest potential value for advertisers. The company offers an array of advertising products designed to target users at all phases of a potential buying cycle, whether that’s just clicking around on the platform looking for ideas down to actually saving an idea or buying it — through Pinterest or through a referral. Most of Pinterest’s content consists of images and other content from brands or businesses. That makes sense given that it’s a place where people tend to go to plan life events, whether that’s parties, or weddings, or home improvement — and those events center around products that they may in theory one day buy. All the while Pinterest is accumulating a lot of different plays at advertising products and an experienced level of senior hires, including hiring its first COO Françoise Brougher, who was the former VP of SMB global sales and operations at Google and business lead at Square.

Pinterest, interestingly, seems to have been a little more tolerant of making what might seem like small design changes but may have substantial user implications. The company added a tab for followers at the bottom of the app, shaking up what is often seen as a core navigation bar for any app. But the company continues to grow, crossing 200 million monthly active users in September last year.

Facebook, Google face first GDPR complaints over “forced consent”

After two years coming down the pipe at tech giants, Europe’s new privacy framework, the General Data Protection Regulation (GDPR), is now being applied — and long time Facebook privacy critic, Max Schrems, has wasted no time in filing four complaints relating to (certain) companies’ ‘take it or leave it’ stance when it comes to consent.

The complaints have been filed on behalf of (unnamed) individual users — with one filed against Facebook; one against Facebook-owned Instagram; one against Facebook-owned WhatsApp; and one against Google’s Android.

Schrems argues that the companies are using a strategy of “forced consent” to continue processing the individuals’ personal data — when in fact the law requires that users be given a free choice unless a consent is strictly necessary for provision of the service. (And, well, Facebook claims its core product is social networking — rather than farming people’s personal data for ad targeting.)

“It’s simple: Anything strictly necessary for a service does not need consent boxes anymore. For everything else users must have a real choice to say ‘yes’ or ‘no’,” Schrems writes in a statement.

“Facebook has even blocked accounts of users who have not given consent,” he adds. “In the end users only had the choice to delete the account or hit the “agree”-button — that’s not a free choice, it more reminds of a North Korean election process.”

We’ve reached out to all the companies involved for comment and will update this story with any response.

The European privacy campaigner most recently founded a not-for-profit digital rights organization to focus on strategic litigation around the bloc’s updated privacy framework, and the complaints have been filed via this crowdfunded NGO — which is called noyb (aka ‘none of your business’).

As we pointed out in our GDPR explainer, the provision in the regulation allowing for collective enforcement of individuals’ data rights in an important one, with the potential to strengthen the implementation of the law by enabling non-profit organizations such as noyb to file complaints on behalf of individuals — thereby helping to redress the imbalance between corporate giants and consumer rights.

That said, the GDPR’s collective redress provision is a component that Member States can choose to derogate from, which helps explain why the first four complaints have been filed with data protection agencies in Austria, Belgium, France and Hamburg in Germany — regions that also have data protection agencies with a strong record defending privacy rights.

Given that the Facebook companies involved in these complaints have their European headquarters in Ireland it’s likely the Irish data protection agency will get involved too. And it’s fair to say that, within Europe, Ireland does not have a strong reputation for defending data protection rights.

But the GDPR allows for DPAs in different jurisdictions to work together in instances where they have joint concerns and where a service crosses borders — so noyb’s action looks intended to test this element of the new framework too.

Under the penalty structure of GDPR, major violations of the law can attract fines as large as 4% of a company’s global revenue which, in the case of Facebook or Google, implies they could be on the hook for more than a billion euros apiece — if they are deemed to have violated the law, as the complaints argue.

That said, given how freshly fixed in place the rules are, some EU regulators may well tread softly on the enforcement front — at least in the first instances, to give companies some benefit of the doubt and/or a chance to make amends to come into compliance if they are deemed to be falling short of the new standards.

However, in instances where companies themselves appear to be attempting to deform the law with a willfully self-serving interpretation of the rules, regulators may feel they need to act swiftly to nip any disingenuousness in the bud.

“We probably will not immediately have billions of penalty payments, but the corporations have intentionally violated the GDPR, so we expect a corresponding penalty under GDPR,” writes Schrems.

Only yesterday, for example, Facebook founder Mark Zuckerberg — speaking in an on stage interview at the VivaTech conference in Paris — claimed his company hasn’t had to make any radical changes to comply with GDPR, and further claimed that a “vast majority” of Facebook users are willingly opting in to targeted advertising via its new consent flow.

“We’ve been rolling out the GDPR flows for a number of weeks now in order to make sure that we were doing this in a good way and that we could take into account everyone’s feedback before the May 25 deadline. And one of the things that I’ve found interesting is that the vast majority of people choose to opt in to make it so that we can use the data from other apps and websites that they’re using to make ads better. Because the reality is if you’re willing to see ads in a service you want them to be relevant and good ads,” said Zuckerberg.

He did not mention that the dominant social network does not offer people a free choice on accepting or declining targeted advertising. The new consent flow Facebook revealed ahead of GDPR only offers the ‘choice’ of quitting Facebook entirely if a person does not want to accept targeting advertising. Which, well, isn’t much of a choice given how powerful the network is. (Additionally, it’s worth pointing out that Facebook continues tracking non-users — so even deleting a Facebook account does not guarantee that Facebook will stop processing your personal data.)

Asked about how Facebook’s business model will be affected by the new rules, Zuckerberg essentially claimed nothing significant will change — “because giving people control of how their data is used has been a core principle of Facebook since the beginning”.

“The GDPR adds some new controls and then there’s some areas that we need to comply with but overall it isn’t such a massive departure from how we’ve approached this in the past,” he claimed. “I mean I don’t want to downplay it — there are strong new rules that we’ve needed to put a bunch of work into into making sure that we complied with — but as a whole the philosophy behind this is not completely different from how we’ve approached things.

“In order to be able to give people the tools to connect in all the ways they want and build committee a lot of philosophy that is encoded in a regulation like GDPR is really how we’ve thought about all this stuff for a long time. So I don’t want to understate the areas where there are new rules that we’ve had to go and implement but I also don’t want to make it seem like this is a massive departure in how we’ve thought about this stuff.”

Zuckerberg faced a range of tough questions on these points from the EU parliament earlier this week. But he avoided answering them in any meaningful detail.

So EU regulators are essentially facing a first test of their mettle — i.e. whether they are willing to step up and defend the line of the law against big tech’s attempts to reshape it in their business model’s image.

Privacy laws are nothing new in Europe but robust enforcement of them would certainly be a breath of fresh air. And now at least, thanks to GDPR, there’s a penalties structure in place to provide incentives as well as teeth, and spin up a market around strategic litigation — with Schrems and noyb in the vanguard.

Schrems also makes the point that small startups and local companies are less likely to be able to use the kind of strong-arm ‘take it or leave it’ tactics on users that big tech is able to use to extract consent on account of the reach and power of their platforms — arguing there’s a competition concern that GDPR should also help to redress.

“The fight against forced consent ensures that the corporations cannot force users to consent,” he writes. “This is especially important so that monopolies have no advantage over small businesses.”

Image credit: noyb.eu

Tech watchdogs call on Facebook and Google for transparency around censored content

If a company like Facebook can’t even understand why its moderation tools work the way they do, then its users certainly don’t have a fighting shot. Anyway, that’s the idea behind what a coalition of digital rights groups are calling The Santa Clara Principles (PDF), “a set of minimum standards” aimed at Facebook, Google, Twitter and other tech companies that moderate the content published on their platforms.

The suggested guidelines grew out of a set of events addressing “Content Moderation and Removal at Scale,” the second of which is taking place today in Washington, D.C. The group participating in these conversations shared the goal of coming up with a suggested ruleset for how major tech companies should disclose which content is being censored, why it is being censored and how much speech is censored overall.

“Users deserve more transparency and greater accountability from platforms that play an outsized role — in Myanmar, Australia, Europe, and China, as well as in marginalized communities in the U.S. and elsewhere — in deciding what can be said on the internet,” Electronic Frontier Foundation (EFF) Director for International Freedom of Expression Jillian C. York said.

As the Center for Democracy and Technology explains, The Santa Clara principles (PDF) ask tech companies to disclose three categories of information:

  • Numbers (of posts removed, accounts suspended);
  • Notice (to users about content removals and account suspensions); and
  • Appeals (for users impacted by content removals or account suspensions).

“The Santa Clara Principles are the product of years of effort by privacy advocates to push tech companies to provide users with more disclosure and a better understanding of how content policing works,” EFF Senior Staff Attorney Nate Cardozo added.

“Facebook and Google have taken some steps recently to improve transparency, and we applaud that. But it’s not enough. We hope to see the companies embrace The Santa Clara Principles and move the bar on transparency and accountability even higher.”

Participants in drafting The Santa Clara Principles include the ACLU Foundation of Northern California, Center for Democracy and Technology, Electronic Frontier Foundation, New America’s Open Technology Institute and a handful of scholars from departments studying ethics and communications.

Here’s why you’re getting all those terms of service update emails

Get the feeling you're suddenly being bombarded with emails from companies about updated terms of service policies?

You are. And there's a good reason: the European Union's forthcoming efforts to protect our personal data.

In April 2016, the EU announced it would soon be adopting the General Data Protection Regulation — a law that will more thoroughly govern the personal information and private data that companies and online social media platforms are able to access. Basically, the GDPR aims to ensure all your information is being used by companies responsibly. Read more...

More about Tech, Facebook, Google, Email, and Data

Google confirms some of its own services are now getting blocked in Russia over the Telegram ban

A shower of paper airplanes darted through the skies of Moscow and other towns in Russia today, as users answered the call of entrepreneur Pavel Durov to send the blank missives out of their windows at a pre-appointed time in support of Telegram, a messaging app he founded that was blocked last week by Russian regulator Roskomnadzor (RKN) that uses a paper airplane icon. RKN believes the service is violating national laws by failing to provide it with encryption keys to access messages on the service (Telegram has refused to comply).

The paper plane send-off was a small, flashmob turn in a “Digital Resistance” — Durov’s preferred term — that has otherwise largely been played out online: currently, nearly 18 million IP addresses are knocked out. And in the latest development, Google has now confirmed to us that its own services are now also being impacted.

From what we understand, Google Search, Gmail and push notifications for Android apps are among the products being affected.

“We are aware of reports that some users in Russia are unable to access some Google products, and are investigating those reports,” said a Google spokesperson in an emailed response. We’ve been trying to contact Google all week about the Telegram blockade, and this is the first time that the company has both replied and acknowledged something related to it.

(Amazon has acknowledged our messages but has yet to reply to them.)

Google’s comments come on the heels of RKN itself also announcing today that it had expanded its IP blocks to Google’s services. At its peak, RKN had blocked nearly 19 million IP addresses, with dozens of third-party services that also use Google Cloud and Amazon’s AWS, such as Twitch and Spotify, also getting caught in the crossfire,

Russia is among the countries in the world that has enforced a kind of digital firewall, blocking periodically or permanently certain online content. Some turn to VPNs to access that content anyway, but it turns out that Telegram hasn’t needed to rely on that workaround to get used.

“RKN is embarrassingly bad at blocking Telegram, so most people keep using it without any intermediaries,” said Ilya Andreev, COO and co-founder of Vee Security, which has been providing a proxy service to bypass the ban. Currently, it is supporting up to 2 million users simultaneously, although this is a relatively small proportion considering Telegram has around 14 million users in the country (and, likely, more considering all the free publicity it’s been getting).

As we described earlier this week, the reason so many IP addresses are getting blocked is because Telegram has been using a technique that allows it to “hop” to a new IP address when the one that it’s using is blocked from getting accessed by RKN. It’s a technique that a much smaller app, Zello, had also resorted to using for nearly a year when the RKN announced its own ban.

Zello ceased its activities when RKN got wise to Zello’s ways and chose to start blocking entire subnetworks of IP addresses to avoid so many hops, and Amazon’s AWS and Google Cloud kindly asked Zello to stop as other services also started to get blocked. So, when Telegram started the same kind of hopping, RKN, in effect, knew just what to do to turn the screws.

So far Telegram’s cloud partners have held strong and have not taken the same route, although getting its own services blocked could see Google’s resolve tested at a new level.

Some believe that one outcome could be the regulator playing out an elaborate game of chicken with Telegram and the rest of the internet companies that are in some way aiding and abetting it, spurred in part by Russia’s larger profile and how such blocks would appear to international audiences.

“Russia can’t keep blocking random things on the Internet,” Andreev said. “Russia is working hard to make its image more alluring to foreigners in preparation for the World Cup,” which is taking place this June and July. “They can’t have tourists coming and realising Google doesn’t work in Russia.”

 

We’ll update this post and continue to write on further developments as we learn more.

Can data science save social media?

The unfettered internet is too often used for malicious purposes and is frequently woefully inaccurate. Social media — especially Facebook — has failed miserably at protecting user privacy and blocking miscreants from sowing discord.

That’s why CEO Mark Zuckerberg was just forced to testify about user privacy before both houses of Congress. And now governmental regulation of Facebook and other social media appears to be a fait accompli.

At this key juncture, the crucial question is whether regulation — in concert with Facebook’s promises to aggressively mitigate its weaknesses — will correct the privacy abuses and continue to fulfill Facebook’s goal of giving people the power to build transparent communities, bringing the world closer together?

The answer is maybe.

What has not been said is that Facebook must embrace data science methodologies initially created in the bowels of the federal government to help protect its two billion users. Simultaneously, Facebook must still enable advertisers — its sole source of revenue — to get the user data required to justify their expenditures.

Specifically, Facebook must promulgate and embrace what is known in high-level security circles as homomorphic encryption (HE), often considered the “Holy Grail” of cryptography, and data provenance (DP). HE would enable Facebook, for example, to generate aggregated reports about its user psychographic profiles so that advertisers could still accurately target groups of prospective customers without knowing their actual identities.

Meanwhile, data provenance — the process of tracing and recording true identities and the origins of data and its movement between databases — could unearth the true identities of Russian perpetrators and other malefactors, or at least identify unknown provenance, adding much-needed transparency in cyberspace.

Both methodologies are extraordinarily complex. IBM and Microsoft, in addition to the National Security Agency, have been working on HE for years, but the technology has suffered from significant performance challenges. Progress is being made, however. IBM, for example, has been granted a patent on a particular HE method — a strong hint it’s seeking a practical solution — and last month proudly announced that its rewritten HE encryption library now works up to 75 times faster. Maryland-based ENVEIL, a startup staffed by the former NSA HE team, has broken the performance barriers required to produce a commercially viable version of HE, benchmarking millions of times faster than IBM in tested use cases.

How homomorphic encryption would help Facebook

HE is a technique used to operate on and draw useful conclusions from encrypted data without decrypting it, simultaneously protecting the source of the information. It is useful to Facebook because its massive inventory of personally identifiable information is the foundation of the economics underlying its business model. The more comprehensive the data sets about individuals, the more precisely advertising can be targeted.

HE could keep Facebook information safe from hackers and inappropriate disclosure, but still extract the essence of what the data tells advertisers. It would convert encrypted data into strings of numbers, do math with these strings, then decrypt the results to get the same answer it would if the data wasn’t encrypted at all.

A particularly promising sign for HE emerged last year, when Google revealed a new marketing measurement tool that relies on this technology to allow advertisers to see whether their online ads result in in-store purchases.

Unearthing this information requires analyzing data sets belonging to separate organizations, notwithstanding the fact that these organizations pledge to protect the privacy and personal information of the data subjects. HE skirts this by generating aggregated, non-specific reports about the comparisons between these data sets.

In pilot tests, HE enabled Google to successfully analyze encrypted data about who clicked on an advertisement in combination with another encrypted multi-company data set that recorded credit card purchase records. With this data in hand, Google was able to provide reports to advertisers summarizing the relationship between the two databases to conclude, for example, that five percent of the people who clicked on an ad wound up purchasing in a store.

Data provenance

Data provenance has a markedly different core principle. It’s based on the fact that digital information is atomized into 1s and 0s with no intrinsic truth. The dual digits exist only to disseminate information, whether accurate or widely fabricated. A well-crafted lie can easily be indistinguishable from the truth and distributed across the internet. What counts is the source of these 1s and 0s. In short, is it legitimate? What is the history of the 1s and 0s?

The art market, as an example, deploys DP to combat fakes and forgeries of the world’s greatest paintings, drawings and sculptures. It uses DP techniques to create a verifiable, chain-of-custody for each piece of the artwork, preserving the integrity of the market.

Much the same thing can be done in the online world. For example, a Facebook post referencing a formal statement by a politician, with an accompanying photo, would have provenance records directly linking the post to the politician’s press release and even the specifics of the photographer’s camera. The goal — again — is ensuring that data content is legitimate.

Companies such as Walmart, Kroger, British-based Tesco and Swedish-based H&M, an international clothing retailer, are using or experimenting with new technologies to provide provenance data to the marketplace.

Let’s hope that Facebook and its social media brethren begin studying HE and DP thoroughly and implement it as soon as feasible. Other strong measures — such as the upcoming implementation of the European Union’s General Data Protection Regulation, which will use a big stick to secure personally identifiable information — essentially should be cloned in the U.S. What is best, however, are multiple avenues to enhance user privacy and security, while hopefully preventing breaches in the first place. Nothing less than the long-term viability of social media giants is at stake.

Facebook points finger at Google and Twitter for data collection

“Other companies suck in your data too,” Facebook explained in many, many words today with a blog post detailing how it gathers information about you from around the web.

Facebook product management director David Baser wrote, “Twitter, Pinterest and LinkedIn all have similar Like and Share buttons to help people share things on their services. Google has a popular analytics service. And Amazon, Google and Twitter all offer login features. These companies — and many others — also offer advertising services. In fact, most websites and apps send the same information to multiple companies each time you visit them.” Describing how Facebook receives cookies, IP address, and browser info about users from other sites, he noted, “when you see a YouTube video on a site that’s not YouTube, it tells your browser to request the video from YouTube. YouTube then sends it to you.”

It seems Facebook is tired of being singled-out. The tacked on “them too!” statements at the end of its descriptions of opaque data collection practices might have been trying to normalize the behavior, but comes off feeling a bit petty.

The blog post also fails to answer one of the biggest lines of questioning from CEO Mark Zuckerberg’s testimonies before Congress last week. Zuckerberg was asked by Representative Ben Lujan about whether Facebook constructs “shadow profiles” of ad targeting data about non-users.

Today’s blog post merely notes that “When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook. Many companies offer these types of services and, like Facebook, they also get information from the apps and sites that use them.”

Facebook has a lot more questions to answer about this practice, since most of its privacy and data controls are only accessible to users who’ve signed up.

The data privacy double-standard

That said, other tech companies have gotten off light. Whether it’s because Apple and Google aren’t CEO’d by their founders any more, or we’ve grown to see iOS and Android as such underlying platforms that they aren’t responsible for what third-party developers do, scrutiny has focused on Zuckerberg and Facebook.

The Cambridge Analytica scandal emerged from Facebook being unable to enforce its policies that prohibit developers from sharing or selling data they pull from Facebook users. Yet it’s unclear whether Apple and Google do a better job at this policing. And while Facebook let users give their friends’ names and interests to Dr. Aleksandr Kogan, who sold it to Cambridge Analytica, iOS and Android apps routinely ask you to give them your friends’ phone numbers, and we don’t see mass backlash about that.

At least not yet.