My Thoughts on Facebook and Cambridge Analytica

It has been almost a month since the massive Cambridge Analytica x Facebook improper-user-data-ex-filtration mess (don’t call it a data breach) came to light. The news is settling down despite the real numbers coming out of Facebook and a possible 600,000 Canadians possibly affected.

I’ve been mulling over how I feel about it and I’ve finally come to a conclusion.

As much as I’d like to see this as a catalyst for people to start finding (and building) alternatives to Facebook’s walled garden of exploitation, I don’t think they did anything wrong.

The basic narrative of the Cambridge Analytica story seems to be that Facebook tricked average Americans opting to share all their facebook data with some benign looking app (like a quiz); which in turn gave the app maker further access to the victim’s friends data. Without the victim’s friends’ permission. In other words, if your friends fell for this ploy, Facebook’s API gave the app maker access to your data without your permission.

I don’t believe there is any truth do this assumption. Facebook’s API never granted access to this level of data about friends (let alone friends-of-friends). They are not that stupid.

I was involved in building Facebook app integration during the time that Cambridge Analytica gathered their data, I read Facebook’s Open Graph API documentation numerous times. Unfortunately that version of the API no longer seems to be available online, but I was able to find some old how-to videos referencing it.

As far as I can piece together, the only data about your friends that Facebook ever provided via the API was their full name and user id. Any data about your likes, political affiliation, family connections, marital status, or anything else that could be used for “psychographic” modelling was never available via your friends.

However!

These personal details were available to anyone and everyone via your public profile! Assuming that you hadn’t opted out of sharing this info (and I really doubt most user were giving their privacy details much thought before they learned the name Cambridge Analytica).

In order for Cambridge Analytica and others to mine this data they would have had to write bots to scrape data directly from your public facing profile. In the past, it was very easy to gain access to these profiles in a programmatic way. Anybody could simply load http://facebook.com/profile.php?id= with your ID to see your public profile. Even a non-programmer can see how easy it would be to generate a list of targets for a bot to crawl.

At some point, Facebook started closing this “profile.php” access point as they rolled out username (I’m ohryanca). Once that was locked down, it became more complicated to scrape content and the bad actors became more clever.

I’m pretty sure I’m right

In a blog post yesterday Facebook announced an enormous array of restrictions to their APIs (which are undoubtedly pissing off a lot of sketchy developers). Regarding account recovery, they mentioned the following:

…malicious actors have also abused [account recovery] features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.

Conclusion

As much as I hate to say it, I don’t think Facebook did anything wrong. Their APIs never fed this data to any and every app developer who wanted. Cambridge Analytica and friends had jump through additional hoops. They took actions that were outside of the normal/approved methods Facebook expected and allowed app makers to access our data.

Facebook simply built a reasonable public profile feature meant to allow you to use Facebook as a home on the web. A URL to share outside the platform.

They built a reasonable account recovery feature, that allowed users to recover their logins in standard non-controversial ways.

There is no evidence that Facebook’s APIs allowed access to the type of data Cambridge Analytica took advantage of. They were just outplayed by an opponent who thought of clever ways to get what it needed.

PS

In case the mainstream media has lulled you in to a false sense of whatever; the democrats have this data too (and then some).

Here is footage of Carol Davidsen (VP of political technology at Rentrak) at a conference in 2015 gleefully explaining how the Obama campaign mapped THE ENTIRE SOCIAL GRAPH OF THE UNITED STATES who were on Facebook at the time of the 2012 election. The techniques she describes are strikingly similar to what Cambridge Analytica is accused of.

All your emo are belong to Russia

Remember Livejournal? All your angst posts about poignant Vagrant Records band lyrics? Selfies (before we called them that) of your pixie cut? Or crucial fades? Stupid surveys… It’s safe to say that it played a major role in my social life as young adult years and I have most fond memories of that place.

I’d always known that Livejournal became super popular in Russia sometime after I stopped frequenting the site regularly. I sort of left it at that, assuming it was one of those quirky Russian internet things. Turns out it might be a lot more sinister.

The latest episode of – the excellent podcast – ReplyAll tells an interesting story of what happened with Livejournal and Russia.

Spoiler alert: nearly 10 years after its purchase by a Russian company, Livejournal’s servers finally relocated to Russian soil. It’s not much of a stretch to assume that the FSB and friends have direct access to any of your old content that might still be living there….

On Winnipeg Free Press’ Pay-Per-Article Paywall

Last week, the editor of the Winnipeg Free Press wrote an article making a (rather poor) case for their upcoming “innovative” paywall experience. Harvard’s Neiman Journalism Labs even picked it up and wrote a great article breaking down the nitty gritty. Simply put the Winnipeg Free Press plans to charge every single reader $0.27/article (billed monthly). Nobody in North America is doing this and nobody in the world has tried anything quite like this, so in that regard, it truly is an innovative idea.

However, there is a fine line between an innovative and a bad idea.

As far as I can tell based on the information they’ve released, Freep’s plan falls on the bad side of that line. Whatever committee makes these decisions at The Free Press seem to be misunderstanding some fairly basic principles about how the web works.

User Experience

For starters, any sort of road block that requires a user to create an account before getting to content is a significant barrier to entry. As usability pioneers Neilsen Norman Group put it “Login walls do not belong in the initial experience.” If a user clicks through to a news article from social media and is presented with a login wall, that user will just leave, period. I have a hard time believing that the Free Press’ research would show otherwise. The news market in Winnipeg has a lot of viable free/ad-supported content. Three daily newspapers, a vibrant sub-reddit and blogging scene. If someone wants to find out about something on the internet, they are going to visit the first site that actually displays information without making them jump through hoops.

There is a reason that successful paywalls like the NYT’s show users X number of free articles before ever asking them to sign up or pay. It’s not because these papers don’t need to maximize their online revenues. Precisely the opposite, they understand that presenting a paywall to every; single; drive-by visitor is going to do more harm than good.

Micro Payments

$0.27/article is hardly a “micro” payment.

$0.27/article is outrageous, maybe even just plain greedy!

Anybody who’s dealt with online advertising can come to this conclusion fairly quickly. The revenue earned by a individual webpage (ie. the cost to advertise) is calculated in CPM (cost per thousand views), $0.27/article works out to $270CPM. The going rate for the an ad on a highly popular website with a good audience in a desired demographic $70 – $100CPM, possibly upwards of $150 – $200CPM for a large takeover type ad. When The North Face advertises on wired.com, they’re looking at advertising budgets in that ballpark. On the other hand, an ad on Facebook or Google AdSense will cost an advertiser $0.50 – $5.00.

If I had to guess, the rates for advertising on winnipegfreepress.com are likely in the $50CPM range. So from that perspective the Winnipeg Free Press is attempting to charge their readers 2-5x as much as they charge their advertisers!

When compared to other media/entertainment the Free Press’ pricing model doesn’t make a lot of sense either. In the article, the editor writes “If you are a Winnipeg Jets fan, then you can assemble a month’s worth of game stories and Gary Lawless analysis that will cost you as little as $8.00.”

One month’s worth of hockey analysis costs as just shy of a Netflix or Rdio subscription. The pricing is totally out of whack.

Ad-Support. You’re the Product.

When a business is based on an ad-supported model, the reader is not the customer. The readership is the product, the advertisers are the customers. When you read an ad-supported website, you may not be handing over any money, but not getting the content for free either. Every time you load a page you are handing over valuable demographic information. I think most people understand this by now, but it’s worth reiterating.

Normally, when an industry experiences increased production costs, they pass those costs on to the customer. When the price of fuel goes up, airlines increase the costs of fares, grocery stores increase the cost of produce.

If a business is losing revenue, will try to present their customers with new and innovative products. Charging readers for access is doing nothing to create a more innovative product for the Free Press’ real customers, the advertisers. If anything, it’ll turn potential readers aways, decreasing the Free Press’ ad inventory.

Obviously I realize that newspapers and magazines have always cost money for as long as they’ve existed. But I had always thought that those costs were covering the cost of printing and distribution. In the past, newspaper ads paid the larger fixes costs of producing news, running a large company and lining the pockets of their investors. At least until Craig’s List came along and killed classifieds.

I understand that quality news-gathering costs money. If the Winnipeg Free Press’ cost are anywhere near as high as the exorbitant per-article rates they are rolling out, then they really are in trouble. And that’s too bad.

I wish them luck.

Newsworthy Turns One

One year ago this week, the Newsworthy.ca bot started ingesting Canada’s local news. In celebration of the site’s one year anniversary, I added two new features: continuous scroll – you can keep reading the news forever; default edition – you can now set your default city.

Out of curiosity pulled some stats from the database.

Since September 2012, Canadian online media have posted over 140,000 news items.
The busiest news day was July 21, 2013 which was the second day of mandatory evacuation during the Calgary Flood.
The second busiest day was May 2, 2013 Toronto posted over 860 stories that day, most important story was the Ontario 2013 provincial budget.

If you’ve never been to the site and you love news, check it out: Newsworthy.ca. Follow the site on Twitter @newsworthyca.

Google Reader is Dead. NewsWorthy.ca to the rescue!

NewsWorthy.ca is a project I’ve been working on for the past few months. In a nutshell, it’s a better way to get all the latest local news in one place. Sites like Reddit and Google News are a good way to get the “best” or “most important” stories of the day. But they sometimes fail at surfacing up to date, breaking news. If you’re a news hound like me, I think you’ll find NewsWorthy quite useful.

With Google announcing their intentions to shut down Google Reader, today seemed like the perfect day to pull off the “alpha” wrapper and release it to the wild!

At the moment, NewsWorthy only supports Winnipeg, Toronto and Montreal. I’m looking for the best¹ news source in every Canadian city. If you’d like to recommend sources in your city, feel free to email me.

“best” means, updated frequently and intensely focused on local news [↩]