Category Archives: Google+

Manipulating an Indian politician’s tweets is worryingly easy to do

Here’s a concerning story from India, where the upcoming election is putting the use of social media in the spotlight.

While the Indian government is putting Facebook, Google and other companies under pressure to prevent their digital platforms from being used for election manipulation, a journalist has demonstrated just how easy it is to control the social media messages published by government ministers.

Pon Radhakrishnan, India’s minister of state for finance and shipping, published a series of puzzling tweets today after Pratik Sinha, a co-founder of fact-checking website Alt News, accessed a Google document of prepared statements and tinkered with the content.

Among the statements tweeted out, Radhakrishnan said Prime Minister Modi’s government had failed the middle classes and had not made development on improving the country’s general welfare. Sinha’s edits also led to the official BJP Assam Pradesh account proclaiming that the prime minister had destroyed all villages and made women slaves to cooking.

These are the opposite of the partisan messages that the accounts intended to send.

The messages were held in an unlocked Google document that contained a range of tweets compiled for the Twitter accounts. Sinha managed to access the document and doctor the messages into improbable statements — which he has done before — in order to show the shocking lack of security and processes behind the social media content.

Sinha said he made the edits “to demonstrate how dangerous this is from the security standpoint for this country.”

“I had fun but it could have disastrous consequences,” he told TechCrunch in a phone interview. “This is a massive security issue from the point of view of a democracy.”

Sinha said he was able to access the document — which was not restricted or locked to prevent changes — through a WhatsApp group that is run by members of the party. Declining to give specifics, he said he had managed to infiltrate the group and thus gain access to a flow of party and government information and, even more surprisingly, get right into the documents and edit them.

What’s equally as stunning is that, even with the message twisted 180 degrees, their content didn’t raise an alarm. The tweets were still loaded and published without any realization. It was only after Sinha went public with the results that Radhakrishnan and BJP Assam Pradesh account begin to delete them.

The Indian government is rightly grilling Facebook and Google to prevent its platform being abused around the election, as evidence suggested happened in the U.S. presidential election and the U.K.’s Brexit vote, but members of the government themselves should reflect on the security of their own systems, too. It would be too easy for these poor systems to be exploited.

Is Europe closing in on an antitrust fix for surveillance technologists?

The German Federal Cartel Office’s decision to order Facebook to change how it processes users’ personal data this week is a sign the antitrust tide could at last be turning against platform power.

One European Commission source we spoke to, who was commenting in a personal capacity, described it as “clearly pioneering” and “a big deal”, even without Facebook being fined a dime.

The FCO’s decision instead bans the social network from linking user data across different platforms it owns, unless it gains people’s consent (nor can it make use of its services contingent on such consent). Facebook is also prohibited from gathering and linking data on users from third party websites, such as via its tracking pixels and social plugins.

The order is not yet in force, and Facebook is appealing, but should it come into force the social network faces being de facto shrunk by having its platforms siloed at the data level.

To comply with the order Facebook would have to ask users to freely consent to being data-mined — which the company does not do at present.

Yes, Facebook could still manipulate the outcome it wants from users but doing so would open it to further challenge under EU data protection law, as its current approach to consent is already being challenged.

The EU’s updated privacy framework, GDPR, requires consent to be specific, informed and freely given. That standard supports challenges to Facebook’s (still fixed) entry ‘price’ to its social services. To play you still have to agree to hand over your personal data so it can sell your attention to advertisers. But legal experts contend that’s neither privacy by design nor default.

The only ‘alternative’ Facebook offers is to tell users they can delete their account. Not that doing so would stop the company from tracking you around the rest of the mainstream web anyway. Facebook’s tracking infrastructure is also embedded across the wider Internet so it profiles non-users too.

EU data protection regulators are still investigating a very large number of consent-related GDPR complaints.

But the German FCO, which said it liaised with privacy authorities during its investigation of Facebook’s data-gathering, has dubbed this type of behavior “exploitative abuse”, having also deemed the social service to hold a monopoly position in the German market.

So there are now two lines of legal attack — antitrust and privacy law — threatening Facebook (and indeed other adtech companies’) surveillance-based business model across Europe.

A year ago the German antitrust authority also announced a probe of the online advertising sector, responding to concerns about a lack of transparency in the market. Its work here is by no means done.

Data limits

The lack of a big flashy fine attached to the German FCO’s order against Facebook makes this week’s story less of a major headline than recent European Commission antitrust fines handed to Google — such as the record-breaking $5BN penalty issued last summer for anticompetitive behaviour linked to the Android mobile platform.

But the decision is arguably just as, if not more, significant, because of the structural remedies being ordered upon Facebook. These remedies have been likened to an internal break-up of the company — with enforced internal separation of its multiple platform products at the data level.

This of course runs counter to (ad) platform giants’ preferred trajectory, which has long been to tear modesty walls down; pool user data from multiple internal (and indeed external sources), in defiance of the notion of informed consent; and mine all that personal (and sensitive) stuff to build identity-linked profiles to train algorithms that predict (and, some contend, manipulate) individual behavior.

Because if you can predict what a person is going to do you can choose which advert to serve to increase the chance they’ll click. (Or as Mark Zuckerberg puts it: ‘Senator, we run ads.’)

This means that a regulatory intervention that interferes with an ad tech giant’s ability to pool and process personal data starts to look really interesting. Because a Facebook that can’t join data dots across its sprawling social empire — or indeed across the mainstream web — wouldn’t be such a massive giant in terms of data insights. And nor, therefore, surveillance oversight.

Each of its platforms would be forced to be a more discrete (and, well, discreet) kind of business.

Competing against data-siloed platforms with a common owner — instead of a single interlinked mega-surveillance-network — also starts to sound almost possible. It suggests a playing field that’s reset, if not entirely levelled.

(Whereas, in the case of Android, the European Commission did not order any specific remedies — allowing Google to come up with ‘fixes’ itself; and so to shape the most self-serving ‘fix’ it can think of.)

Meanwhile, just look at where Facebook is now aiming to get to: A technical unification of the backend of its different social products.

Such a merger would collapse even more walls and fully enmesh platforms that started life as entirely separate products before were folded into Facebook’s empire (also, let’s not forget, via surveillance-informed acquisitions).

Facebook’s plan to unify its products on a single backend platform looks very much like an attempt to throw up technical barriers to antitrust hammers. It’s at least harder to imagine breaking up a company if its multiple, separate products are merged onto one unified backend which functions to cross and combine data streams.

Set against Facebook’s sudden desire to technically unify its full-flush of dominant social networks (Facebook Messenger; Instagram; WhatsApp) is a rising drum-beat of calls for competition-based scrutiny of tech giants.

This has been building for years, as the market power — and even democracy-denting potential — of surveillance capitalism’s data giants has telescoped into view.

Calls to break up tech giants no longer carry a suggestive punch. Regulators are routinely asked whether it’s time. As the European Commission’s competition chief, Margrethe Vestager, was when she handed down Google’s latest massive antitrust fine last summer.

Her response then was that she wasn’t sure breaking Google up is the right answer — preferring to try remedies that might allow competitors to have a go, while also emphasizing the importance of legislating to ensure “transparency and fairness in the business to platform relationship”.

But it’s interesting that the idea of breaking up tech giants now plays so well as political theatre, suggesting that wildly successful consumer technology companies — which have long dined out on shiny convenience-based marketing claims, made ever so saccharine sweet via the lure of ‘free’ services — have lost a big chunk of their populist pull, dogged as they have been by so many scandals.

From terrorist content and hate speech, to election interference, child exploitation, bullying, abuse. There’s also the matter of how they arrange their tax affairs.

The public perception of tech giants has matured as the ‘costs’ of their ‘free’ services have scaled into view. The upstarts have also become the establishment. People see not a new generation of ‘cuddly capitalists’ but another bunch of multinationals; highly polished but remote money-making machines that take rather more than they give back to the societies they feed off.

Google’s trick of naming each Android iteration after a different sweet treat makes for an interesting parallel to the (also now shifting) public perceptions around sugar, following closer attention to health concerns. What does its sickly sweetness mask? And after the sugar tax, we now have politicians calling for a social media levy.

Just this week the deputy leader of the main opposition party in the UK called for setting up a standalone Internet regulatory with the power to break up tech monopolies.

Talking about breaking up well-oiled, wealth-concentration machines is being seen as a populist vote winner. And companies that political leaders used to flatter and seek out for PR opportunities find themselves treated as political punchbags; Called to attend awkward grilling by hard-grafting committees, or taken to vicious task verbally at the highest profile public podia. (Though some non-democratic heads of state are still keen to press tech giant flesh.)

In Europe, Facebook’s repeat snubs of the UK parliament’s requests last year for Zuckerberg to face policymakers’ questions certainly did not go unnoticed.

Zuckerberg’s empty chair at the DCMS committee has become both a symbol of the company’s failure to accept wider societal responsibility for its products, and an indication of market failure; the CEO so powerful he doesn’t feel answerable to anyone; neither his most vulnerable users nor their elected representatives. Hence UK politicians on both sides of the aisle making political capital by talking about cutting tech giants down to size.

The political fallout from the Cambridge Analytica scandal looks far from done.

Quite how a UK regulator could successfully swing a regulatory hammer to break up a global Internet giant such as Facebook which is headquartered in the U.S. is another matter. But policymakers have already crossed the rubicon of public opinion and are relishing talking up having a go.

That represents a sea-change vs the neoliberal consensus that allowed competition regulators to sit on their hands for more than a decade as technology upstarts quietly hoovered up people’s data and bagged rivals, and basically went about transforming themselves from highly scalable startups into market-distorting giants with Internet-scale data-nets to snag users and buy or block competing ideas.

The political spirit looks willing to go there, and now the mechanism for breaking platforms’ distorting hold on markets may also be shaping up.

The traditional antitrust remedy of breaking a company along its business lines still looks unwieldy when faced with the blistering pace of digital technology. The problem is delivering such a fix fast enough that the business hasn’t already reconfigured to route around the reset. 

Commission antitrust decisions on the tech beat have stepped up impressively in pace on Vestager’s watch. Yet it still feels like watching paper pushers wading through treacle to try and catch a sprinter. (And Europe hasn’t gone so far as trying to impose a platform break up.) 

But the German FCO decision against Facebook hints at an alternative way forward for regulating the dominance of digital monopolies: Structural remedies that focus on controlling access to data which can be relatively swiftly configured and applied.

Vestager, whose term as EC competition chief may be coming to its end this year (even if other Commission roles remain in potential and tantalizing contention), has championed this idea herself.

In an interview on BBC Radio 4’s Today program in December she poured cold water on the stock question about breaking tech giants up — saying instead the Commission could look at how larger firms got access to data and resources as a means of limiting their power. Which is exactly what the German FCO has done in its order to Facebook. 

At the same time, Europe’s updated data protection framework has gained the most attention for the size of the financial penalties that can be issued for major compliance breaches. But the regulation also gives data watchdogs the power to limit or ban processing. And that power could similarly be used to reshape a rights-eroding business model or snuff out such business entirely.

The merging of privacy and antitrust concerns is really just a reflection of the complexity of the challenge regulators now face trying to rein in digital monopolies. But they’re tooling up to meet that challenge.

Speaking in an interview with TechCrunch last fall, Europe’s data protection supervisor, Giovanni Buttarelli, told us the bloc’s privacy regulators are moving towards more joint working with antitrust agencies to respond to platform power. “Europe would like to speak with one voice, not only within data protection but by approaching this issue of digital dividend, monopolies in a better way — not per sectors,” he said. “But first joint enforcement and better co-operation is key.”

The German FCO’s decision represents tangible evidence of the kind of regulatory co-operation that could — finally — crack down on tech giants.

Blogging in support of the decision this week, Buttarelli asserted: “It is not necessary for competition authorities to enforce other areas of law; rather they need simply to identity where the most powerful undertakings are setting a bad example and damaging the interests of consumers.  Data protection authorities are able to assist in this assessment.”

He also had a prediction of his own for surveillance technologists, warning: “This case is the tip of the iceberg — all companies in the digital information ecosystem that rely on tracking, profiling and targeting should be on notice.”

So perhaps, at long last, the regulators have figured out how to move fast and break things.

I joined Google+ to escape Facebook. It didn’t work.

After my college boyfriend and I broke up in the winter of 2011 (my senior year in college), I began to suspect he had a new flame, in large part because of the photos that started to appear on Facebook. 

"That was taken from the perspective of his bed," I remember thinking about one. "What would *she* be doing on his bed?"

These investigations caused occasional bouts of anger, or acceptance, or acting out on my side of the net. As others have chronicled before me, social media makes letting go of a relationship even harder.

More about Facebook, Relationships, Social Media, Google Plus, and Google

Apple reactivates Facebook’s employee apps after punishment for Research spying

After TechCrunch caught Facebook violating Apple’s employee-only app distribution policy to pay people for all their phone data, Apple invalidated the social network’s Enterprise Certificate as punishment. That deactivated not only this Facebook Research app VPN, but also all of Facebook’s internal iOS apps for workplace collaboration, beta testing and even getting the company lunch or bus schedule. That threw Facebook’s offices into chaos yesterday morning. Now after nearly two work days, Apple has ended Facebook’s time-out and restored its Enterprise Certification. That means employees can once again access all their office tools, pre-launch test versions of Facebook and Instagram… and the lunch menu.

A Facebook spokesperson issued this statement to TechCrunch: “We have had our Enterprise Certification, which enables our internal employee applications, restored. We are in the process of getting our internal apps up and running. To be clear, this didn’t have an impact on our consumer-facing services.”

Meanwhile, TechCrunch’s follow-up report found that Google was also violating the Enterprise Certificate program with its own “market research” VPN app called Screenwise Meter that paid people to snoop on their phone activity. After we informed Google and Apple yesterday, Google quickly apologized and took down the app. But apparently in service of consistency, this morning Apple invalidated Google’s Enterprise Certificate too, breaking its employee-only iOS apps.

Google’s internal apps are still broken. Unlike Facebook that has tons of employees on iOS, Google at least employs plenty of users of its own Android platform, so the disruption may have caused fewer problems in Mountain View than Menlo park. “We’re working with Apple to fix a temporary disruption to some of our corporate iOS apps, which we expect will be resolved soon,” said a Google spokesperson. A spokesperson for Apple said: “We are working together with Google to help them reinstate their enterprise certificates very quickly.”

TechCrunch’s investigation found that the Facebook Research app not only installed an Enterprise Certificate on users’ phones and a VPN that could collect their data, but also demanded root network access that allows Facebook to man-in-the-middle their traffic and even deencrypt secure transmissions. It paid users age 13 to 35 $10 to $20 per month to run the app so it could collect competitive intelligence on who to buy or copy. The Facebook Research app contained numerous code references to Onavo Protect, the app Apple banned and pushed Facebook to remove last August, yet Facebook kept on operating the Research data collection program.

When we first contacted Facebook, it claimed the Research app and its Enterprise Certificate distribution that sidestepped Apple’s oversight was in line with Apple’s policy. Seven hours later, Facebook announced it would shut down the Research app on iOS (though it’s still running on Android, which has fewer rules). Facebook also claimed that “there was nothing ‘secret’ about this,” challenging the characterization of our reporting. However, TechCrunch has since reviewed communications proving that the Facebook Research program threatened legal action if its users spoke publicly about the app. That sounds pretty “secret” to us.

Then we learned yesterday morning that Facebook hadn’t voluntarily pulled the app, as Apple had actually already invalidated Facebook’s Enterprise Certificate, thereby breaking the Research app and the social network’s employee tools. Apple provided this brutal statement, which it in turn applied to Google today:

We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.

Apple is being likened to a vigilante privacy regulator overseeing Facebook and Google by The Verge’s Casey Newton and The New York Times’ Kevin Roose, perhaps with too much power, given they’re all competitors. But in this case, both Facebook and Google blatantly violated Apple’s policies to collect the maximum amount of data about iOS users, including teenagers. That means Apple was fully within its right to shut down their market research apps. Breaking their employee apps too could be seen as just collateral damage since they all use the same Enterprise Certification, or as additional punishment for violating the rules. This only becomes a real problem if Apple steps beyond the boundaries of its policies. But now, all eyes are on how it enforces its rules, whether to benefit its users or beat up on its rivals.

Fans remember Google+ as April 2 shutdown date is announced

   

   

   

    

      

    

   

    

    

   

   

   

  

   

   

     

   

   

   

   

   

    

WATCH: 6 tech myths that live on in 2019

Read more...

More about Tech, Google, Social Media, Google, and Big Tech Companies

Google+ for consumers will shut down on April 2nd

It’s no secret that Google planned to pull life support from the consumer version of Google+, its failure of a social network, in April. Until now, though, we didn’t know the exact date. That date, Google announced today, is April 2.

On that date, Google will start deleting all content, including Google+ pages, photos and videos, and everything else on the site. If you were one of the last few Google+ users — or you just feel nostalgic about the stuff you posted there — now is the time to download all of that data.

If your company uses Google+ (and there must be some companies that do), then rest assured you will still be able to use it for the foreseeable future. Google is only shutting down the consumer version, as well as all Google+ APIs. Indeed, those APIs, which turned out to be major security liabilities, will shut down on March 7.

And there you have it. That’s the curtain call for Google+, the social network that could’ve been, from an era when Google desperately tried to catch up with Facebook and Twitter and integrated Google+ into every conceivable product. It even went so far as changing its sacred search results based on social signals (which really didn’t work all that well). The result was a bit of a disaster for Google and it took a while to right the ship.

Facebook agrees to do more to tackle scam ads after celebrity defamation lawsuit

Facebook has agreed to plough more resource into combating the use of its advertising platform by scammers, saying it will do more to tackle scam ads that use well-known public figures to try to trick consumers.

It plans to launch a dedicated scam ad report button in the UK, slated to go live in around three months’ time, as well as set up a specialist, locally-based team to monitor ad reports, keep an eye on scammer trends and generally work on getting celebrity-exploiting scam ads taken down more quickly than its current AI-aided ad review systems have been doing.

The new measures were announced in a joint press conference with UK consumer advice personality, Martin Lewis, who launched a defamation lawsuit against Facebook in April, saying the social network giant had failed to stop scammers using his image on scores of ads that aimed to swindle consumers, thereby damaging his reputation.

Some of the ads had tried to use Lewis’ image to promote crypto scams.

Lewis filed suit after becoming frustrated by the scale of scam ads bearing his image and Facebook’s tepid response to the problem its platform has created — telling the Guardian last year: “What is particularly pernicious about Facebook is that it says the onus is on me, so I have spent time and effort and stress repeatedly to have them taken down.”

He confirmed today that he’s dropped the lawsuit after Facebook agreed to make changes.

“There were over 1,000 on Facebook in a year. And the way that the company acted then wasn’t good enough, so I had to resort to [taking legal action],” he said during the press conference, adding that he had wanted to see “tangible real change to the number of scam ads on the platform”, so was happy to drop the lawsuit because he believes the new report button will do that.

Facebook has also agreed to provide funding to help get a citizens scam advice service up and running in partnership with UK consumer advice charity, Citizens Advice. Lewis said he was delighted with that outcome.

The social network giant, which took in $13.73BN in revenue last quarter, said it will donate cash and Facebook ad credits to the value of £3 million over the next three years to help set up the new scam advice bureau within the charity.

This will be called ‘Citizens Advice scams action project’ (aka Casa), and the pair said it will aim to provide information and support to consumers who are concerned they are being targeted by or have fallen victim to a scam.

Facebook’s support for Casa breaks down into £2.5M in cash over the next two years, and £500,000’s worth of ad credit coupons for ads on its own platform, which it said will be distributed in tranches over the next three years.

There was little detail on exactly how Casa will operate at this nascent stage but given the ad credit donation its work will presumably include running scam awareness ads on Facebook — funded (initially) by Facebook itself. Ergo, part of the company’s donation will be ploughed straight back into its own ad business.

Pressed on whether its approach with an ad report button still puts too much onus on consumers to have to protect themselves from scams being spread on Facebook’s platform, its regional director for Northern Europe, Steve Hatch, claimed it does already take down “huge amounts of these ads” but admitted its ad review systems are “not perfect” — hence the company seeing value in introducing a button for direct user reports of dodgy ads.

For his part Lewis said he had never wanted to have to go to court but said his intention had rather been to draw attention to the problem and pressure Facebook to do more. He said he was therefore pleased it had agreed to do more to tackle scam ads.

“This button is only in the UK. This is not Facebook worldwide. This is unique to the United Kingdom that has not been done anywhere else and it is a direct result of this scam ads campaign. And I’m actually very grateful to Steve and his team here in the UK for pushing this on what is normally a global organization that works in a global way,” he said.

Albeit, to be clear, Facebook is not accepting legal liability for scam ads. And there’s no suggestion that any existing victims of the scam ads which bore Lewis’ image are going to be in line for any direct compensation from Facebook for their losses.

Asked directly about the compensation point, Hatch sidestepped the question, saying Facebook is focusing on what more it can do to stop scammers from defrauding people in the first place.

Also pressed on why it had taken a lawsuit by a celebrity consumer champion to get it to do more, he said: “This is an area we’ve focused on for a very, very long time. But what [Lewis] has really pushed us towards is this specific focus about the use of public images and celebrity.”

While the new measures are UK only for now, Hatch suggested Facebook might look to expand the approach elsewhere if it proves successful.

“We’ve started in the UK,” he said in response to another question. “Like any system if we find it works — and we sincerely hope that it does, we think we’ve got the right amount of focus, we think we’ve got the right amount of investment behind it — it’s very imaginable that we would take this out to other markets. But what we want to make sure is we’re getting this right.”

He also said it would be important for Facebook to find the right partner to work with in other markets, as it’s doing with Citizens Advice in the UK.

While Lewis sounded happy to end his publicity focused legal battle against Facebook, having won some tangible concessions from the company, he warned that unchecked scam ads persist on other platforms, and said he is “not ruling out another lawsuit if things don’t improve”– namechecking Google and Yahoo as two of the other platforms now in his sights.

“Over the last few weeks I have again been plagued by scam adverts. A few of them have been on Facebook and when we’ve told Facebook they’ve taken them down very quickly. I can’t expect more. I accept that the technology isn’t perfect. What I want is proactive response, good team set up and them being taken down quickly. But that’s not the case with Google,” he said, adding that the problem is even more difficult to combat where Google is concerned given it’s more difficult to know where the ads are being served, as they can be served across even more touchpoints.

“I believe they’re not even giving us a direct contact at the moment,” he added, discussing Google’s response to complaints his team has filed about scam ads bearing his image. “We’re just having to go through the normal reporting channels, that everything goes through, even though I’m a major target of scam ads. By the nature of what I do, by both being on television and the subjects that I talk about — and being relatively trusted on that subject — means that my click through rate, apparently, for scam ads is really good!”

We reached out to Google and Yahoo for a response to Lewis’ comments. (Disclosure: TechCrunch’s parent, Verizon Media Group/Oath, is also the parent company of Yahoo.)

A Google spokesperson told us:

Because we want the ads people see on Google to be useful and relevant, we take immediate action to prevent fake and inappropriate ads. We have a tool where anyone can report these ads and these complaints are reviewed manually by our team. In 2017, we removed 3.2 billion bad ads and we’re constantly updating our policies as we see new threats emerge.”

“The big problem that we face is that [online advertising] is a Wild West,” Lewis continued, saying the problems he’s faced extend to “many other online advertising tools”.

“This is an absolute Wild West with people sitting all over the world, and with very little regulation, no criminal enforcement — because frankly the Met Police are not going to go to whatever these country these people are in and arrest them, and that’s the problem with online advertising. Hence why I’ve targeted the platform to say the only thing we can do… is deny them the oxygen of publicity and deny them access to the individuals.”

“I want online advertisers to see this as a warning shot across their bows,” he also said, calling on Google and the online advertising industry as a whole “to start to take responsibility”, adding: “Real people are seeing their livelihood taken away, their life savings taken away. People are losing money that they need to live on by irresponsible advertising protocols. It’s about time other firms stood up, took responsibility, improved their reporting protocols and started to give money to Citizens Advice scam action.

“Scam adverts make people distrust advertising. So this isn’t just an issue for the people who put the adverts out there but any company who does advertising in the UK legitimately, trying to get their message across, this is diluting what you are doing. So the advertising industry as a whole — not just the platforms — need to try and make sure this stops. Otherwise you’ll get close to the point where someone like me says never trust an advert online.”

The issue of direct compensation for consumers scammed via online platforms is a matter for policy makers and regulators to work on, he added.

LinkedIn now requires phone number verification for all users in China

LinkedIn’s China site looks and functions just like LinkedIn everywhere else, except now it asks users in the country to verify their identities through phone numbers.

The American company is requiring both new and existing users with a Chinese IP address to link mobile phone numbers to their accounts, TechCrunch noticed this week. LinkedIn had for months told its China-based users to provide mobile number details before sending them to the main page, but it had mercifully kept a little “Skip” button that let users avoid the fuss until at least last week.

“The real-name verification process for our LinkedIn China members is a legal requirement, which will also help improve the authenticity and credibility of online accounts,” a LinkedIn China spokesperson wrote back to TechCrunch in an email without addressing whether the process is new.

The spokesperson also links the policy to China’s burgeoning mobile industry: “Considering the growing popularity of mobile devices and mobile Internet, Chinese Internet users are adapted to registration with mobile phone numbers instead of email addresses. Almost all apps in the Chinese market are applying this trend to follow users’ habits.”

LinkedIn users with a Chinese IP address are greeted with an identity check tied to phone numbers. Screenshot: TechCrunch

In a note visible to China-based users only, LinkedIn explains that its identity check is a response to local regulations:

In some countries, local laws require that we confirm your identity before letting you engage with our Services. You must provide a mobile number and confirm receipt of our text. This phone number will be associated with your account and is accessible from your settings. If you choose to change or delete your confirmed mobile number your ability to access our Services in certain countries (e.g. China) will be blocked until you once again confirm your identity.

The California-based social network for professionals is a rare existence in China, where most mainstream global tech services like Facebook and Google have long remained blocked. Exceptions happen when foreign players bend to local rules. Microsoft’s Bing is accessible in China by censoring search results. Google also reportedly mulled a censored search service to re-enter China, an attempt that outraged its staff, politicians and speech advocates.

LinkedIn, which launched in China back in 2014, also hires so-called “information auditors” to keep close tabs on what users say and share in its China realm, according to a job post the firm listed on a local recruiting site. Like Google, LinkedIn caught flack for censoring content.

Real identity

Digital anonymity came to an end in China — at least in theory — when the sweeping Cyberspace Law took effect in 2017. The rules, which are meant to police information on the web, ordered websites to verify users’ real identities before letting them comment or use other tools, though users can still post with their screen names.

Large platforms like messenger WeChat and Twitter -like Weibo reacted swiftly by running real-name checks on users. The staple practice is to collect mobile phone numbers, which became a form of ID after China introduced a policy in 2010 requiring all buyers, foreign or Chinese, to show a piece of identification when they obtain their 11-digit identifiers. Google’s rumored search engine for China also asked for users’ phone numbers, according to The Intercept, which would make it easier for the government to monitor people’s queries.

LinkedIn’s China office in Beijing. Photo: LinkedIn China via Weibo

LinkedIn had been able to avoid the inevitable process for months. Perhaps the government had gone after the biggies first. After all, LinkedIn is only a fraction the size of its main rival in China. As of November, LinkedIn had 13 million monthly installs while its local peer Maimai had 95 monthly installs, data from iResearch shows. Both are dwarfed by WeChat’s more than 1 billion monthly active users.

As with other fledgling industries, laws often lag behind technological development, not to mention the enforcement thereof when the odds are against enterprises. Take ride-hailing for example. Unlicensed drivers and vehicles were still running on the roads two years after China legalized the sector. When the government steps up oversight recently, the market is hit by a shortage of drivers.

Clamping down

TechCrunch has come to understand that LinkedIn’s identity enforcement is linked to the latest wave of government crackdowns. “Slowly, the Chinese Communist Party has been pushing their collective thumbs down on, not only foreign internet companies but all internet companies. It just so happens that the recent political atmosphere is causing more scrutiny,” a source with insights into the matter told TechCrunch, asking not to be named.

Other websites are also indeed tightening controls over users. Many apps that previously allowed third-party logins from platforms like WeChat and Weibo also recently started collecting users’ phone numbers, several people who experienced the changes told TechCrunch.

Users can still get around LinkedIn’s real-name verification by switching on their virtual private network, known as VPN, that lets people surf the net from an overseas IP address and circumvent the Great Firewall, China’s internet censoring machinery. But the practice is becoming more challenging and the stakes are growing. By law, only government-approved providers can set up VPNs. In response to regulatory oversight, Apple pulled hundreds of VPN apps from its China App Store in 2017.

More recently, China’s telecoms regulator slapped a 1,000 yuan (around $146) fine on a man for accessing the “international net” through “illegal channels.” The case is one of the few known instances where individuals are punished for using VPNs, sending worrying signs to those jumping the Wall to surf the unfiltered world wide web.

Facebook is not equipped to stop the spread of authoritarianism

After the driver of a speeding bus ran over and killed two college students in Dhaka in July, student protesters took to the streets. They forced the ordinarily disorganized local traffic to drive in strict lanes and stopped vehicles to inspect license and registration papers. They even halted the vehicle of the Chief of Bangladesh Police Bureau of Investigation and found that his license was expired. And they posted videos and information about the protests on Facebook.

The fatal road accident that led to these protests was hardly an isolated incident. Dhaka, Bangladesh’s capital, which was ranked the second least livable city in the world in the Economist Intelligence Unit’s 2018 global liveability index, scored 26.8 out of 100 in the infrastructure category included in the rating. But the regional government chose to stifle the highway safety protests anyway. It went so far as raids of residential areas adjacent to universities to check social media activity, leading to the arrest of 20 students. Although there were many images of Bangladesh Chhatra League, or BCL men, committing acts of violence on students, none of them were arrested. (The BCL is the student wing of the ruling Awami League, one of the major political parties of Bangladesh.)

Students were forced to log into their Facebook profiles and were arrested or beaten for their posts, photographs, and videos. In one instance, BCL men called three students into the dorm’s guestroom, quizzed them over Facebook posts, beat them, and then handed them over to police. They were reportedly tortured in custody.

A pregnant school teacher was arrested and jailed for just over two weeks for “spreading rumors” due to sharing a Facebook post about student protests. A photographer and social justice activist spent more than 100 days in jail for describing police violence during these protests; he told reporters he was beaten in custody. And a university professor was jailed for 37 days for his Facebook posts.

A Dhaka resident who spoke on the condition of anonymity out of fear for their safety said that the crackdown on social media posts essentially silenced student protesters, many of which removed photos, videos, and status updates about the protests from their profiles entirely. While the person thought that students were continuing to be arrested, they said, “nobody is talking about it anymore — at least in my network — because everyone kind of ‘got the memo’ if you know what I mean.”

This isn’t the first time Bangladeshi citizens have been arrested for Facebook posts. As just one example, in April 2017, a rubber plantation worker in southern Bangladesh was arrested and detained for three months for liking and sharing a Facebook post that criticized the prime minister’s visit to India, according to Human Rights Watch.

Bangladesh is far from alone. Government harassment to silence dissent on social media has occurred across the region and in other regions as well — and it often comes hand-in-hand with governments filing takedown requests with Facebook and requesting data on users.

Facebook has removed posts critical of the prime minister in Cambodia and reportedly “agreed to coordinate in the monitoring and removal of content” in Vietnam. Facebook was criticized for not stopping the repression of Rohingya Muslims in Myanmar, where military personnel created fake accounts to spread propaganda which human rights groups say fueled violence and forced displacement. Facebook has since undertaken a human rights impact assessment in Myanmar, and it has also taken down coordinated inauthentic accounts in the country.

UNITED STATES – APRIL 10: Facebook CEO Mark Zuckerberg testifies during the Senate Commerce, Science and Transportation Committee and Senate Judiciary Committee joint hearing on “Facebook, Social Media Privacy, and the Use and Abuse of Data”on Tuesday, April 10, 2018. (Photo By Bill Clark/CQ Roll Call)

Protesters scrubbing Facebook data for fears of repercussions isn’t uncommon. Over and over again, authoritarian-leaning regimes have utilized low-tech strategies to quell dissent. And aside from providing resources related to online privacy and security, Facebook still has little in place to protect its most vulnerable users from these pernicious efforts. As various countries pass laws calling for a local presence and increased regulation, it is possible that the social media conglomerate doesn’t always even want to.

“In many situations, the platforms are under pressure,” said Raman Jit Singh Chima, policy director at Access Now. “Tech companies are being directly sent takedown orders, user data requests. The danger of that is that companies will potentially be overcomplying or responding far too quickly to government demands when they are able to push back on those requests,” he said.

Elections are often a critical moment for oppressive behavior from governments — Uganda, Chad, and Vietnam have specifically targeted citizens — and candidates — during election time. Facebook announced just last Thursday that it had taken down nine Facebook pages and six Facebook accounts for engaging in coordinated inauthentic behavior in Bangladesh. These pages, which Facebook believes were linked to people associated with the Bangladesh government, were “designed to look like independent news outlets and posted pro-government and anti-opposition content.” The sites masqueraded as news outlets, including fake BBC Bengali, BDSNews24, and Bangla Tribune and news pages with photoshopped blue checkmarks, according to the Atlantic Council’s Digital Forensic Research Lab.

Still, the imminent election in Bangladesh doesn’t bode well for anyone who might wish to express dissent. In October, a digital security bill that regulates some types of controversial speech was passed in the country, signaling to companies that as the regulatory environment tightens, they too could become targets.

More restrictive regulation is part of a greater trend around the world, said Naman M. Aggarwal, Asia policy associate at Access Now. Some countries, like Brazil and India, have passed “fake news” laws. (A similar law was proposed in Malaysia, but it was blocked in the Senate.) These types of laws are frequently followed by content takedowns. (In Bangladesh, the government warned broadcasters not to air footage that could create panic or disorder, essentially halting news programming on the protests.)

Other governments in the Middle East and North Africa — such as Egypt, Algeria, United Arab Emirates, Saudi Arabia, and Bahrain — clamp down on free expression on social media under the threat of fines or prison time. And countries like Vietnam have passed laws requiring social media companies to localize their storage and have a presence in the country — typically an indication of greater content regulation and pressure on the companies from local governments. In India, WhatsApp and other financial tech services were told to open offices in the country.

And crackdowns on posts about protests on social media come hand-in-hand with government requests for data. Facebook’s biannual transparency report provides detail on the percentage of government requests the company complies within each country, but most people don’t know until long after the fact. Between January and June, the company received 134 emergency requests and 18 legal processes from Bangladeshi authorities for 205 users or accounts. Facebook turned over at least some data in 61 percent of emergency requests and 28 percent of legal processes.

Facebook said in a statement that it “believes people deserve to have a voice, and that everyone has the right to express themselves in a safe environment,” and that it handles requests for user data “extremely carefully.'”

The company pointed to its Facebook for Journalists resources and said it is “saddened by governments using broad and vague regulation or other practices to silence, criminalize or imprison journalists, activists, and others who speak out against them,” but the company said it also helps journalists, activists, and other people around the world to “tell their stories in more innovative ways, reach global audiences, and connect directly with people.”

But there are policies that Facebook could enact that would help people in these vulnerable positions, like allowing users to post anonymously.

“Facebook’s real names policy doesn’t exactly protect anonymity, and has created issues for people in countries like Vietnam,” said Aggarwal. “If platforms provide leeway, or enough space for anonymous posting, and anonymous interactions, that is really helpful to people on ground.”

BERLIN, GERMANY – SEPTEMBER 12: A visitor uses a mobile phone in front of the Facebook logo at the #CDUdigital conference on September 12, 2015 in Berlin, Germany. (Photo by Adam Berry/Getty Images)

A German court found the policy illegal under its decade-old privacy law in February. Facebook said it plans to appeal the decision.

“I’m not sure if Facebook even has an effective strategy or understanding of strategy in the long term,’ said Sean O’Brien, lead researcher at Yale Privacy Lab. “In some cases, Facebook is taking a very proactive role… but in other cases, it won’t.” In any case, these decisions require a nuanced understanding of the population, culture, and political spectrum in various regions — something it’s not clear Facebook has.

Facebook isn’t responsible for government decisions to clamp down on free expression. But the question remains: How can companies stop assisting authoritarian governments, inadvertently or otherwise?

“If Facebook knows about this kind of repression, they should probably have… some sort of mechanism to at the very least heavily try to convince people not to post things publicly that they think they could get in trouble for,” said O’Brien. “It would have a chilling effect on speech, of course, which is a whole other issue, but at least it would allow people to make that decision for themselves.”

This could be an opt-in feature, but O’Brien acknowledges that it could create legal liabilities for Facebook, leading the social media giant to create lists of “dangerous speech” or profiles on “dissidents,” and could theoretically shut them down or report them to the police. Still, Facebook could consider rolling a “speech alert” feature to an entire city or country if that area becomes volatile politically and dangerous for speech, he said.

O’Brien says that social media companies could consider responding to situations where a person is being detained illegally and potentially coerced into giving their passwords in a way that could protect them, perhaps by triggering a temporary account reset or freeze to prevent anyone from accessing the account without proper legal process. Some actions that might trigger the reset or freeze could be news about an individual’s arrest — if Facebook is alerted to it, contact from the authorities, or contact from friends and loved ones, as evaluated by humans. There could even be a “panic button” type trigger, like Guardian Project’s PanicKit, but for Facebook — allowing users to wipe or freeze their own accounts or posts tagged preemptively with a codeword only the owner knows.

“One of the issues with computer interfaces is that when people log into a site, they get a false sense of privacy even when the things they’re posting in that site are widely available to the public,” said O’Brien. Case in point: this year, women anonymously shared their experiences of abusive coworkers in a shared Google Doc — the so-called “Shitty Media Men” list, likely without realizing that a lawsuit could unmask them. That’s exactly what is happening.

Instead, activists and journalists often need to tap into resources and gain assistance from groups like Access Now, which runs a digital security helpline, and the Committee to Protect Journalists. These organizations can provide personal advice tailored to their specific country and situation. They can access Facebook over the Tor anonymity network. Then can use VPNs, and end-to-end encrypted messaging tools, and non-phone-based two-factor authentication methods. But many may not realize what the threat is until it’s too late.

The violent crackdown on free speech in Bangladesh accompanied government-imposed Internet restrictions, including the throttling of Internet access around the country. Users at home with a broadband connection did not feel the effects of this, but “it was the students on the streets who couldn’t go live or publish any photos of what was going on,” the Dhaka resident said.

Elections will take place in Bangladesh on December 30.

In the few months leading up to the election, Access Now says it’s noticed an increase in Bangladeshi residents expressing concern that their data has been compromised and seeking assistance from the Digital Security hotline.

Other rights groups have also found an uptick in malicious activity.

Meenakshi Ganguly, South Asia director at Human Rights Watch, said in an email that the organization is “extremely concerned about the ongoing crackdown on the political opposition and on freedom of expression, which has created a climate of fear ahead of national elections.”

Ganguly cited politically motivated cases against thousands of opposition supporters, many of which have been arrested, as well as candidates that have been attacked.

Human Rights Watch issued a statement about the situation, warning that the Rapid Action Battalion, a “paramilitary force implicated in serious human rights violations including extrajudicial killings and enforced disappearances,” and has been “tasked with monitoring social media for ‘anti-state propaganda, rumors, fake news, and provocations.'” This is in addition to a nine-member monitoring cell and around 100 police teams dedicated to quashing so-called “rumors” on social media, amid the looming threat of news website shutdowns.

“The security forces continue to arrest people for any criticism of the government, including on social media,” Ganguly said. “We hope that the international community will urge the Awami League government to create conditions that will uphold the rights of all Bangladeshis to participate in a free and fair vote.”

Facebook’s got 99 problems but Trump’s latest “bias” tweet ain’t one

By any measure Facebook hasn’t had the best of years in 2018.

But while toxic problems keep piling up and, well, raining acidly down on the social networking giant — from election interference, to fake accounts, faulty metrics, security flaws, ethics failuresprivacy outrages and much more besides — the silver lining of having a core business now widely perceived as hostile to democratic processes and civilized sentiment, and the tool of choice for shitposters agitating for hate and societal division, well, everywhere in the world, is that Facebook has frankly far more important things to worry about than the latest anti-tech-industry salvo from President Trump.

In an early morning tweet today, Trump (again) attacked what he dubbed anti-conservative “bias” in the digital social sphere — hitting out at not just Facebook but tech’s holy trinity of social giants, with a claim that “Facebook, Twitter and Google are so biased towards the Dems it is ridiculous!”

Time was when Facebook was so sensitive to accusations of internal anti-conservative bias that it fired a bunch of journalists it had contracted and replaced them with algorithms — which almost immediately pumped up a bunch of fake news. RIP irony.

Not today, though.

When asked if it had a response to Trump’s accusation of bias a Facebook spokesperson told us: “We don’t have anything to add here.”

The brevity and alacrity of the response suggested the spokesperson had a really cheerful expression on their face when they typed it.

The relief of Facebook not having to give a shit this time was kinda palpable, even in pixel form.

It was also a far cry from the screeds the company routinely dispenses these days to try to muffle journalistic — and indeed political — enquiry.

Trump evidently doesn’t factor ‘bigly’ on Facebook’s oversubscribed risk-list.

Even though Facebook was the first name on the president’s (non-alphabetical) tech giant hit-list.

Still, Twitter appeared to have irked Trump more, as his tweet singled out the short-form platform — with an accusation that Twitter has made it “much more difficult for people to join [sic] @realDonaldTrump”. (We think by “join” he means follow. But we’re speculating wildly.)

This is perhaps why Twitter felt moved to provide a response to the claim of bias, albeit also without wasting a lot of words.

Here’s its statement:

Our focus is on the health of the service, and that includes work to remove fake accounts to prevent malicious behavior. Many prominent accounts have seen follower counts drop, but the result is higher confidence that the followers they have are real, engaged people.

Presumably the president failed to read our report, from July, when we trailed Twitter’s forthcoming spam purge, warning it would result in users with lots of followers taking a noticeable hit in the coming days. In a word: Sad.

Of course we also asked Google for a response to Trump’s bias claim. But just got radio silence.

In similar “bias” tweets from August the company got a bigger Trump-lashing. And in a response statement then it told us: “We never rank search results to manipulate political sentiment.”

Google CEO Sundar Pichai has also just had to sit through some three hours of questions from Republicans in Congress on this very theme.

So the company probably feels it’s exhausted the political bias canard.

Even while, as the claims drone on and on, it might truly come to understand what it feels like to be stuck inside a filter bubble.

In any case there are far more pressing things to accuse Google’s algorithms of than being ‘anti-Trump’.

So it’s just as well it didn’t waste time on another presidential sideshow intended to distract from problems of Trump’s own making.