Rebranding

Study calls out ‘dark patterns’ in Facebook and Google that push users toward less privacy

More scrutiny than ever is in place on the tech industry, and while high-profile cases like Mark Zuckerberg’s appearance in front of lawmakers garner headlines, there are subtler forces at work. This study from a Norway watchdog group eloquently and painstakingly describes the ways that companies like Facebook and Google push their users towards making choices that negatively affect their own privacy.

It was spurred, like many other new inquiries, by Europe’s GDPR, which has caused no small amount of consternation among companies for whom collecting and leveraging user data is their main source of income.

The report (PDF) goes into detail on exactly how these companies create an illusion of control over your data while simultaneously nudging you towards making choices that limit that control.

Although the companies and their products will be quick to point out that they are in compliance with the requirements of the GDPR, there are still plenty of ways in which they can be consumer-unfriendly.

In going through a set of privacy popups put out in May by Facebook, Google, and Microsoft, the researchers found that the first two especially feature “dark patterns, techniques and features of interface design mean to manipulate users…used to nudge users towards privacy intrusive options.”

Flowchart illustrating the Facebook privacy options process – the green boxes are the “easy” route.

It’s not big obvious things — in fact, that’s the point of these “dark patterns”: that they are small and subtle yet effective ways of guiding people towards the outcome preferred by the designers.

For instance, in Facebook and Google’s privacy settings process, the more private options are simply disabled by default, and users not paying close attention will not know that there was a choice to begin with. You’re always opting out of things, not in. To enable these options is also a considerably longer process: 13 clicks or taps versus 4 in Facebook’s case.

That’s especially troubling when the companies are also forcing this action to take place at a time of their choosing, not yours. And Facebook added a cherry on top, almost literally, with the fake red dots that appeared behind the privacy popup, suggesting users had messages and notifications waiting for them even if that wasn’t the case.

When choosing the privacy-enhancing option, such as disabling face recognition, users are presented with a tailored set of consequences: “we won’t be able to use this technology if a stranger uses your photo to impersonate you,” for instance, to scare the user into enabling it. But nothing is said about what you will be opting into, such as how your likeness could be used in ad targeting or automatically matched to photos taken by others.

Disabling ad targeting on Google, meanwhile, warns you that you will not be able to mute some ads going forward. People who don’t understand the mechanism of muting being referred to here will be scared of the possibility — what if an ad pops up at work or during a show and I can’t mute it? So they agree to share their data.

Before you make a choice, you have to hear Facebook’s case.

In this way users are punished for choosing privacy over sharing, and are always presented only with a carefully curated set of pros and cons intended to cue the user to decide in favor of sharing. “You’re in control,” the user is constantly told, though those controls are deliberately designed to undermine what control you do have and exert.

Microsoft, while guilty of the biased phrasing, received much better marks in the report. Its privacy setup process put the less and more private options right next to each other, presenting them as equally valid choices rather than some tedious configuration tool that might break something if you’re not careful. Subtle cues do push users towards sharing more data or enabling voice recognition, but users aren’t punished or deceived the way they are elsewhere.

You may already have been aware of some of these tactics, as I was, but it makes for interesting reading nevertheless. We tend to discount these things when it’s just one screen here or there, but seeing them all together along with a calm explanation of why they are the way they are makes it rather obvious that there’s something insidious at play here.


Social – TechCrunch

Tinder bolsters its security to ward off hacks and blackmail

This week, Tinder responded to a letter from Oregon Senator Ron Wyden calling for the company to seal up security loopholes in its app that could lead to blackmail and other privacy incursions.

In a letter to Sen. Wyden, Match Group General Counsel Jared Sine describes recent changes to the app, noting that as of June 19, “swipe data has been padded such that all actions are now the same size.” Sine added that images on the mobile app are fully encrypted as of February 6, while images on the web version of Tinder were already encrypted.

The Tinder issues were first called out in a report by a research team at Checkmarx describing the app’s “disturbing vulnerabilities” and their propensity for blackmail:

The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising or other type of malicious content (as demonstrated in the research).

While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.

In February, Wyden called for Tinder to address the vulnerability by encrypting all data that moves between its servers and the app and by padding data to obscure it from hackers. In a statement to TechCrunch at the time, Tinder indicated that it heard Sen. Wyden’s concerns and had recently implemented encryption for profile photos in the interest of moving toward deepening its privacy practices.

“Like every technology company, we are constantly working to improve our defenses in the battle against malicious hackers and cyber criminals,” Sine said in the letter. “… Our goal is to have protocols and systems that not only meet, but exceed industry best practices.”


Social – TechCrunch

Benchmark’s Mitch Lasky will reportedly step down from Snap’s board of directors

Benchmark partner Mitch Lasky, who has served on Snap’s board of directors since December 2012, is not expected to stand for re-election to Snap’s board of directors and will thus be stepping down, according to a report by The Information.

Early investors stepping down from the board of directors — or at least not seeking re-election — isn’t that uncommon as once-private companies grow into larger public ones. Benchmark partner Peter Fenton did not seek re-election for Twitter’s board of directors in April last year. As Snap continues to navigate its future, especially as it has declined precipitously since going public and now sits at a valuation of around $ 16.5 billion. Partners with an expertise in the early-stage and later-stage startup life cycle may end up seeing themselves more useful taking a back seat and focusing on other investments. The voting process for board member re-election happens during the company’s annual meeting, so we’ll get more information when an additional proxy filing comes out ahead of the meeting later this year.

Benchmark is, or at least was at the time of going public last year, one of Snap’s biggest shareholders. According to the company’s 424B filing prior to going public in March last year, Benchmark held ownership of 23.1% of Snap’s Class B common stock and 8.2% of Snap’s Class A common stock. Lasky has been with Benchmark since April 2007, and also serves on the boards of a number of gaming companies like Riot Games and thatgamecompany, the creators of PlayStation titles flower and Journey. At the time, Snap said in its filing that Lasky was “qualified to serve as a member of our board of directors due to his extensive experience with social media and technology companies, as well as his experience as a venture capitalist investing in technology companies.”

The timing could be totally coincidental, but an earlier Recode report suggested Lasky had been talking about stepping down in future funds for Benchmark. The firm only recently wrapped up a very public battle with Uber, which ended up with Benchmark selling a significant stake in the company and a new CEO coming in to replace co-founder Travis Kalanick. Benchmark hired its first female general partner, Sarah Tavel, earlier this year.

We’ve reached out to both Snap and a representative from Benchmark for comment and will update the story when we hear back.


Social – TechCrunch

Instagram tests questions in Stories

Instagram has been incredibly busy of late, announcing IGTV, Instagram Lite and a slate of features including Stories Soundtracks. But the Facebook-owned photo-sharing service doesn’t show any signs of letting up.

Android Police today noted that Instagram is testing a feature that would allow users to post questions to their followers and receive answers.

Instagram already offers the ability to publish polls to followers with multiple-choice options for answering. But this test seems to point toward the option to offer lengthier responses to users’ questions.

One user in Indonesia sent to Android Police a screencap of the feature(pictured above), and a user in Spain also spotted the feature. That said, we still have very little information on just how this might work.

Right now, when a user posts to their Story, their followers can respond via DM. With more open-ended questions and responses, it’s unclear if responses will still come in via DM or be bundled together as part of the story.

The latter seems more in keeping with Instagram’s push to make Stories as interactive as possible. The open-ended question could serve as a jumping off point for a collaborative story comprised of everyone’s responses.

That said, this feature hasn’t been confirmed by Instagram, though we’ve reached out and will update the post when we learn more.


Social – TechCrunch

Instagram’s Do Not Disturb and ‘Caught Up’ deter overgramming

Instagram is turning the Time Well Spent philosophy into features to help users avoid endless scrolling and distraction by notifications. Today, Instagram is rolling out its “You’re All Caught Up – You’ve seen all new posts from the past 2 days” warning in the feed, which TechCrunch broke the news about in May. Past that notice will only be posts that iOS and Android users have already seen or that were posted more than 48 hours ago. This will help Instagram’s 1 billion monthly users stop fiendishly scrolling in search of new posts scattered by the algorithm. While sorting the feed has made it much better at displaying the most interesting posts, it also can make people worry they’ve missed something. This warning should give them peace of mind.

Meanwhile, TechCrunch has learned that both Facebook and Instagram are prototyping Do Not Disturb features that let users shut off notifications from the apps for 30 minutes, one hour, two hours, eight hours, one day or until they’re turned back on manually. WhatsApp Beta and Matt Navarra spotted the Instagram and Facebook Do Not Disturb features. Facebook is also considering allowing users to turn off sound or vibration on its notifications. Both apps have these Do Not Disturb features buried in their code and may have begun testing them.

Both Facebook and Instagram declined to comment on building new Do Not Disturb features. “You’re All Caught Up” could prevent extra scrolling that doesn’t provide much value that could make Instagram show up atop your list of biggest time sinks. And an in-app Do Not Disturb mode with multiple temporary options could keep you from permanently disabling Instagram or Facebook.

 

We referenced Instagram Do Not Disturb in our scoop about Instagram building a Usage Insights dashboard detailing how much time you spent on the app. Both Facebook and Instagram are preparing these screens that show you how much time you’ve spent on their apps per day, in average over the past week and that let you set a daily limit after which you’ll get a notification reminding you to look up from your screen.

When we first reported on Usage Insights, Instagram CEO Kevin Systrom tweeted a link to the article, confirming that Instagram was getting behind the Time Well Spent movement. “It’s true . . . We’re building tools that will help the IG community know more about the time they spend on Instagram – any time should be positive and intentional . . . Understanding how time online impacts people is important, and it’s the responsibility of all companies to be honest about this. We want to be part of the solution. I take that responsibility seriously.”

Now we’re seeing this perspective manifest itself in Instagram’s product. Instagram’s interest conveniently comes just as Apple and Google are releasing screen time and digital well-being tools as part of the next versions of their mobile operating systems. These will show you which apps you’re spending the most time in, and set limits on their use. By self-policing now, Instagram and Facebook could avoid being outed by iOS and Android as the enemies of your attention.

In other recent Instagram news:


Social – TechCrunch

Facebook is shutting down Hello, Moves and the anonymous teen app tbh due to ‘low usage’

Facebook, the world’s largest social network with 2.2 billion users, is all about capitalizing on scale, and so today it announced that it would be sunsetting three apps in its stable that simply weren’t keeping up. After failing to gain traction, Hello, Moves and tbh will all be depreciated in the coming weeks, the company announced today. The three apps are being shut down at varying times we’re noting below. Facebook says that all user data from all three of these apps will be deleted within 90 days.

“We regularly review our apps to assess which ones people value most. Sometimes this means closing an app and its accompanying APIs,” said Facebook. “We know some people are still using these apps and will be disappointed — and we’d like to take this opportunity to thank them for their support. But we need to prioritize our work so we don’t spread ourselves too thin. And it’s only by trial and error that we’ll create great social experiences for people.”

But “low usage” is a pretty wide range, it turns out. Sensor Tower notes that Hello had only 570,000 installs — that is, total downloads — but tbh had 6.4 million and Moves 13 million. Still, these numbers are all just blips in comparison to billions of downloads and users of Facebook and the other popular apps that it owns: Instagram, WhatsApp and Messenger.

The three getting sunset are all examples of the different angles that Facebook has explored over the years to evolve its business into newer areas — not all of which have panned out.

Moves came to Facebook by way of an acquisition four years ago of the fitness and tracking app. At the time, Facebook appeared to be interested in exploring more about how people might use their Facebook social graphs to share more data about their own fitness regimes, and to possibly use Facebook not just as a place to share but to track progress. With its acquisition of Moves, it might have been the case that Facebook believed that it could take a more direct role in that process.

Early on, there was promise: Moves already had amassed four million downloads before the acquisition. However, things simply did not continue to bulk up much after that point, either because Facebook saw that there wasn’t a large enough critical mass of people interested in making fitness social, or because its own spin on how to do that wasn’t where the market has moved. (You could argue that there has always been a huge social element in exercise — gyms and exercise classes being two obvious examples — but these are more about people in physical spaces doing things together.)

In the end, Moves the app hasn’t been updated in more than a year, and it languishes at around 616 in the fitness category today. It will be shut down in the coming weeks, Facebook said.

Hello, launched in 2015, was part of Facebook’s wider strategy to build more communications services to bridge the gap with users, targeting those specifically in emerging markets.

In the case of Hello, the app was Android-only and worked in the U.S., Nigeria and Brazil. The app is a bit like TrueCaller: people could link up their Facebook accounts to a dialer, which would then show you the Facebook identity of a caller so you could decide whether or not you would like to take the call.

As with Moves, Hello came amid a time when many thought Facebook had big plans for communications, with rumors abounding of Facebook phones and Facebook wanting to take on carriers with its own voice services. Hello, however, never expanded — neither in geography nor features — and so now we say goodbye. The Hello app and its API are both getting depreciated on July 31. The app was actually removed from the Android store on June 26, when it had a ranking of 509.

Lastly, tbh is the youngest of the apps to be getting the chop — in more ways than one. The “anonymous compliment” app was made specifically for teens, a relatively new category for Facebook, and the company was only acquired by the social network in October 2017. Indeed, tbh was young and hardly ubiquitous when Facebook snapped it up, and although the company seemed interested in letting it run its course, to be honest, it’s no surprise to see it also go away.

Facebook is not giving a date for its disappearance: the app is still live at the moment. App Annie, however, notes that its ranking currently in the U.S. is 205 in social networking.

Facebook is no stranger to spring cleaning and clearing out unpopular apps, as well as a wide swathe of other services such as APIs that are no longer core to what it’s working on. Other dead app efforts have included M, the personal assistant app, its Snapchat clone Lifestage and its Groups app. And just today, it issued a notice of several APIs that would be shut down to better reign in how its user data is tapped by third parties.


Social – TechCrunch

Facebook makes Stories another Like contest with emoji reactions

Ready to scrounge for Likes on your Stories too? Facebook Stories can feel like a ghost town even though it has 150 million daily users. So Facebook is trying to get more people who view your ephemeral content on its Snapchat clone to speak up so you keep posting. Today Facebook is bringing its Like, Haha, Wow, Sad, Angry and Love “Reactions” from News Feed to Stories, replacing the generic emoji quick replies it previously offered. It’s also adding two “interactive stickers” — a flame and a laughing smile — you can add to your own Stories that when tapped by a friend, shimmer and notify you. 

To the same effect, Facebook is letting people start a group reply to your Story with multiple friends that launches a group thread on Messenger. And when you tap to see who’s viewed your Facebook Story, the viewer list will highlight people who sent reactions or Messenger replies.

Combined, these four new ways to give feedback on Stories should make it feel less like you’re posting into a black hole. Facebook has found great success with its Like button and other Reactions for News Feed posts and Instagram’s Heart button. They both trigger a dopamine hit of self-satisfaction that encourages you to continue sharing that’s more visceral than just knowing someone watched your Story.

I wonder if a Like button will come to Instagram Stories, especially after former Facebook VP of News Feed Adam Mosseri was recently named VP of product for Instagram.

Oh, and just in case Stories wasn’t turning into a vanity contest already, according to Mari Smith via Matt Navarra, Facebook is now testing a Selfie mode in the Stories camera with a Soft Focus option similar to the recent Instagram Focus launch.

 

When Snapchat invented the Stories format, it purposefully left out a Like button because it would make sharing into a competition where users craved the binary feedback and posted whatever was most popular.

In fact, when I interviewed Instagram CEO Kevin Systrom in 2016 around the launch of Instagram Stories he told me, “We definitely asked ourselves what if we removed Likes from Instagram? What would happen? … If you have Likes … you get certain behaviors, and the behavior we wanted was for you to be able to share as much as you wanted. And the lack of Likes in this space lets you let down your guard.”

Now Facebook is changing that fundamental principle of Stories, which could give us a whole new quantified measure of our worth to turn into an addiction and coerce us to share not what’s authentic but what’s Likeable.


Social – TechCrunch

LinkedIn adds Microsoft-powered translations and QR codes to connect more of its users faster

LinkedIn — the social network with more than 560 million members who connect around work-related topics and job-seeking — continues to add more features, integrating technology from its new owner Microsoft, both to improve engagement on LinkedIn as well as to create deeper data ties between the two businesses.

Today, the company announced two more: users can now instantly view translations of content on the site when it appears in a language that is not the one set as a default; and they can now use QR codes to quickly swap contact details with other LinkedIn members.

In both cases, the features are likely overdue. The lingua franca of LinkedIn seems to be English, but the platform has a large global reach, and as it continues to try to expand to a wider range of later adopters and different categories of users, having a translation feature seems to be a no-brainer. It would also put it in closer line with the likes of Twitter and Facebook, which have had translation options for years.

The QR code generator, meanwhile, has become a key way for people to swap their details when they are not already connected on a network. And with LinkedIn this makes a lot of sense: there are so many people with the same name and it can be a challenge figuring out which “Mark Smith” you might want to connect with after coming across him at an event. And given that LinkedIn has been looking for more ways of making its app useful in in-person situations, this is an obvious way to enable that.

Translations are coming by way of the Microsoft Text Analytics API, the same Azure Cognitive Service  that powers translations on Bing, Skype and Office (as well as third-party services like Twitter). It will be available in more than 60 languages, with more coming soon, LinkedIn says, to a “majority” of members using either the desktop or mobile web versions of LinkedIn.

The company says that it will be coming to LinkedIn’s iOS and Android apps in due course, as well. Users will get the “see translation” link based on a number of signals you’re providing to LinkedIn that include your language setting on the platform, the country where you are accessing content and the language you have used in your profile.

Content covered by the option to translate will include the main feed, the activity section on a person’s profile and posts if you click on them in the feed or share it.

Meanwhile, with QR codes, you trigger the ability to capture one by clicking in the search box on the iOS or Android app. Through that window, you can also pick up your own code to share with others.

LinkedIn suggests that the QR code can effectively become the replacement for the business card for people when they are at in-person events. But another option is that you can use this now in any place where you might want to provide a shortcut to your profile.


Social – TechCrunch

The FBI, FTC and SEC are joining the Justice Department’s inquiries into Facebook’s Cambridge Analytica disclosures

An alphabet soup of federal agencies are now poring over Facebook’s disclosures and the company’s statements about its response to the improper use of its user information by the political consultancy Cambridge Analytica.

The Federal Bureau of Investigation, the Federal Trade Commission and the Securities and Exchange Commission have joined the Justice Department in examining how the personal information of 71 million Americans was distributed by Facebook and used by Cambridge Analytica, according to a Washington Post report released Monday.

According to the Post, the emphasis of the investigation has been on what Facebook disclosed about its information sharing with Cambridge Analytica and whether those disclosures correlate to the timeline that’s being established by government investigators. The fear, for Facebook, is that the government may decide that the company didn’t reveal enough to either investors or the public about the extent of the misallocation of user data. Another concern is whether the Cambridge Analytica decision violated the terms of an earlier settlement Facebook made with the Federal Trade Commission.

The redoubled efforts of so many divisions could potentially ensnare Facebook chief executive Mark Zuckerberg, who was brought before Congress with other Facebook officials to testify about the breaches. People familiar with the investigation told the Post that the officials’ testimony was being scrutinized.

In a statement, Facebook noted it had received questions from different agencies and that it was cooperating.

The Federal Trade Commission first confirmed that it was investigating Facebook in March.

Acting director Tom Pahl said at the time:

The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.

The multiple investigations by U.S. and U.K. agencies into the ways in which Cambridge Analytica accessed and exploited data on social media users in political campaigns have already pushed the political consulting firm into bankruptcy.

It’s unlikely (read impossible) that Facebook would suffer anything like the same fate, and the company’s stock price has already recovered from whatever negative impact the scandal wrought on the social network’s market capitalization. Rather, the lingering investigations show the potential for government regulators (and lawmakers) to involve themselves in the company’s operations.

As with everything else in Washington, it’s always the cover up — never the crime.


Social – TechCrunch

Facebook rolls out more API restrictions and shutdowns

Following the Cambridge Analytica data misuse scandal and the more recent discovery of a Facebook app that had been leaking data on 120 million users, Facebook is today announcing a number of API changes aimed at better protecting user information. The changes will impact multiple developer-facing APIs, including those used to create social experiences on the site, as well as those for media partners, and more.

Some of the APIs are being shuttered for low adoption, while others will require app reviews going forward, Facebook said.

The company said the following API restrictions were now being put into place:

  • Graph API Explorer App: Facebook will deprecate its test app today. Developers will need to use their own apps’ access tokens to test their queries on the Graph API Explorer going forward.
  • Profile Expression Kit: This let developers build apps that allowed people to jazz up their profile photos or create profile videos. This one seems to be lumped in the group of shutdowns not because of misuse potential, but because it had low adoption. It will shut down October 1.
  • Media Solutions APIs: On August 1, Facebook is shutting down Topic Search, Topic Insights and Topic Feed and Public Figure APIs due to low usage. It already deprecated the Trending API and Signal tool for journalists, the Trending Topics product and the Hashtag Voting for interactive TV experiences. Going forward, Facebook says public content discovery APIs will be limited to page content and public posts on certain verified profiles.
  • Pages API: Developers can search using the Pages API again, but will need feature permissions to Page Public Content Access, which can only be obtained through the app review process.
  • Marketing API: Developers will have to go through an app review before they can use this API.
  • Leads Ads Retrieval: Facebook is introducing new app review permissions for this, too.
  • Live Video APIs: Will also have new app review permissions.

The changes were detailed in a post published in the Facebook Newsroom, which hinted they would not be the last.

The company has been auditing its app ecosystem in an effort to find other apps that may have been leaking data. Related to this effort, it previously announced a series of other API changes aimed at getting a better handle on how Facebook apps can access and use people’s information.

This latest batch of API changes doesn’t include some of the higher-profile APIs — like when Facebook made changes to Facebook Login, Groups, Events and other APIs back in April. However, it does indicate that the developer platform review process is still underway, and more APIs will likely still be addressed in the future.


Social – TechCrunch