Categories
Culture

When Facebook Turns Against You

Yesterday Facebook surfaced one of my aunts posts in which she alluded to a conspiracy theory that the COVID-19 death numbers are being fabricated. Normally my response to these sorts of posts on Facebook these days is to simply hit the “snooze for 30 days” button.

But this was my favourite aunt who I’ve respected since I was a child. She is not a “crazy aunt,” she is level-headed and well educated. Facebook has also never shown me a post of hers like this before, so I assumed she still had her wits about her.

I decided to spend some time with a thoughtful and researched reply. It was as follows.


There are a bunch of ways in which this statement doesn’t pass the smell test:

1. “We can’t know that the people who died, died from Covid19” I don’t think that the statement is true. I think we can know in the vast majority of cases. People are not randomly getting some a combination of symptoms similar to: kidney failure, pneumonia, meningitis, etc. Doctors know what the symptoms look like, they even have a test for the disease. If someone has the symptoms, they test postive for the disease and then subsequently die, it would be silly to say that they didn’t die of the disease.

2. “ANYONE who tested positive with COVID at the time of death has been marked as a COVID death.” I believe this is consistent with the way that causes of death are typically attributed. For example, if someone suffering from HIV/AIDS dies of a pneumonia, their cause of death will be recorded as “HIV/AIDS.” Same with people suffering from cancer. If someone with lung cancer dies of lung failure or pneumonia, their cause of death will be listed as “cancer.” Perhaps in an obituary it may be listed as “complications of cancer.” But in terms of statistics and epidemiology, deaths are attributed to the deadly diseases the victims were suffering from. So the statement “we can’t know that the people who died, died from Covid19” is not relevant because it’s consistent with the way that we normally attribute causes of death.

3. “…even if they died from any other cause.” If someone dies in a car crash what is their cause of death? Cars don’t have some sort of ability to suck our souls out of our bodies. A car crash will cause various injuries which will end our lives. Those injuries are the direct cause of our death, but the car crash is the reason we received the injury, so we say that the car crash was the cause of death. If an unwell person becomes infected with COVID and their body is unable to go living with the added stress of fighting off COVID, then COVID is the factor that tiped the scales of fate, so we would say that COVID caused their death.4. I think you might be alluding to this idea that non-COVID deaths are being attributed to COVID. Even if this were true, the numbers don’t add up. For example, the average number of deaths in New York City 145 per day. On April 7th, New York City reported 545 deaths. Even if every single death under normal circumstances was being reported as a COVID death in NYC, the numbers would only be around 145. Not 375% higher!

Now there’s no denying that the US media thrives on fomenting fear uncertainty and doubt. They make a living keeping the US public in fear and uncertain of the truth. But I can assure you that the Canadian media and media in most of the rest of the western world do not operate this way. The tone here is not one of fear, it’s one of solemn resignation to a fate beyond our control. It’s one of steadfast dedication to flattening the curve by doing our part.We’ve got this.


Her response was short and polite but I did not sway her opinion.

It’s becoming more clear every day, the USA is a failed state. We are witnessing the fall of an empire.


A friend of mine told me that he literally hits “snooze for 30 days” on every post that comes up in his feed.

It works rather well. The people you don’t care about, you only see monthly. For the people who you do care about, you get a monthly reminder to creep their profile

name redacted to preserve his privacy

I think I am going to give this a shot.

Categories
Culture

The case for Facebook… or something like it

I am about to write something that is extremely unpopular amongst my peers in 2019: I like Facebook and I think can can be part of a healthy and productive online diet.

Facebook has been getting high profile negative press almost daily, for what seem like a solid year. A lot of it is well warranted — Mark Zuckerberg seems to have a problematic view of privacy — and a lot of it may be FUD.

This post is not a defense of Facebook.

If you want to read a defense of Facebook, take a look at my post on Cambridge Analytica last year.

A year or two after its public launch Facebook was an objectively good product that added value to the world. It presented a set of online tools in a way that was easy to use by completely average internet users. The features everybody flocked to are still in existence in the Facebook of today, they’re just largely buried under piles of garbage.

Allow me to explain.

Connecting with long lost friends and distant relatives.

When I first joined Facebook it was a lot fun to connect with the kids I used to eat lunch with in the cafeteria every day in high school or that one guy you shared homeroom with in grade 7. At the time it was a novel way to connect with people, it felt groundbreaking and overwhelmingly, it felt good.

Over the years the novelty has worn off obviously. And Facebook’s emphasis on “News Feeds”, combined with people’s penchant for posting contentious content (or the algorithm’s encouragement of this content) has make these distant connections more tenuous. From what I’ve seen around me, I think Facebook can seem like a stereo-typically bad, never-ending, year round Thanksgiving Dinner. It can can feel bad.

But I really do think at it’s core, the ability to connect with your wife’s Grandma who lives in Edmonton could and should have a positive impact on the world.

Photo Sharing

Facebook was the first place that made it easy for me to share photos with a group of people. My extended family started to join Facebook right around when my kids were born, so I ended up using this feature quite a bit at the time.

Unfortunately, photo sharing has really fallen by the wayside. I don’t use this feature any more and have even gone so far as to migrate photos from Facebook to Google Photos.

Even so, I know my mom and others would still prefer the simplicity of sharing photos inside Facebook, rather than installing yet another app.

Messenger

Facebook Messenger is a decent, cross-platform instant messaging client. It’s almost my defacto Messaging app (especially now that I switched to Android). However, I do think there are some legitimate privacy concerns, so I actually don’t like using this one.

Facebook Connect

When it launched, Facebook Connect was groundbreaking. The ability to enable account signup/creation on other sites/apps without needing to enter a password or any other account information was amazing. It was a real move forward for online security.

It still performs that function well, I’m just a little wary of how Facebook is using these connections.

Groups

I don’t use groups much personally. But they actually seem like a decent way to keep up to speed on a given niche or a local community. My wife always seems to know what’s happening at our school and in our neighbourhood, immediately. This feels good. This feels like the thing the internet was built for.

Sure groups contain a fair bit of random gossip, the occasional spammer, asshole and that sort of thing. But I think that fact that groups are self-moderated goes a long way into keeping these communities sane.

Groups feels like something Facebook should be focusing on more.

So What?

The media has been proclaiming Facebook’s death since the day after it launched. I first commented on people quitting Facebook 9 years ago. Maybe it’s more real this time, it’s hard to say. If I was more conspiracy minded, I might suggest that some nefarious puppet-master is leading a concerted effort to bring down Facebook. Or maybe just push down the stock price for a big short.

As it stands, I feel trapped. There are absolutely no alternative to the type of “friends and family” community Facebook enables. There aren’t even any up-and-coming social networks in development that I’m aware of.

At the same time, continuing to use Facebook seems like a mistake. If the dubious advertising and privacy practices aren’t enough to keep me away. Most of the posts that find there way to the top of my page are upsetting and I find myself hitting “mute” a lot.

IMHO Facebook could do well to focus on those core features that brought people to the platform in the first place.

So what now? Thoughts?



BTW I’ve written a lot about Facebook in the past. I’ve linked some of my favourite posts above. But I think the full 12 year archive is pretty interesting. Check it out.

Categories
Culture

DIY Internet: More on personal VPNs

A few followup thoughts regarding Monday’s post about setting up a personal VPN.

Self-Sufficient, DIY Internet

All the Facebook Cambridge Analytica nonsense has really emphasized how dependent we have become on third party services and social networks.

As I thought about it, the idea of being self-sufficient online has really started to appeal to me. I mean this blog has always been independent, fully controlled by me. As a web developer with fully-stack devops ninja experience, I have all the skill and experience I need to set up any sort of web service I want.

So when I thought about the reasons for using a VPN regularly and the likelihood that I’d have to pay for a decent service, I wanted to see if i could do it myself. On severs I own.

I think there are more opportunities to DIY online, to rely less on dubious third parties.

Peace of Mind

As I alluded to in my first post, the real world security threats associated with public wifi are only a minor concern. I’m not generally too concerned, most of the time.

That said this little icon next to my WiFi connection gives me such a massive sense of security and piece of mind. The fact that it auto-connects without me having to take an action is just the icing on the cake.

Censorship

Streissand is an anti-censorship tool designed to bypass draconian government censorship like China’s Greatfirewall. You don’t live in China, do you really need do worry about censorship? Probably — and if you hang around the right subreddits — increasingly so.

Canada’s telcos are presently lobbying for a censorship regime. Perhaps the first draft targets content most of us would agree is “bad,” but who knows what the next version will look like.

Even if you’re less paranoid, there’s a good chance your workplace or school is filtering some content. Maybe it’s not content you bump in to very often. But if even if they are not filtering traffic, they’re almost certainly collecting your web traffic. That’s something I’ve never been too comfortable with.

A VPN allows you to take back your online freedom whenever you’re using a work, school or any other network that distrusts you.

Bypassing Geographic Restrictions

In case you missed, VPNs allow you to bypass geographic content restrictions. When you use a VPN, you traffic originates from the IP address of the VPN server. And since cloud providers host servers in many physical locations, you can easily bypass any geo restrictions based on IP address.


If you missed Monday’s post you can read it here:

How to: Set Up A Personal VPN

Categories
Culture Websites

My Thoughts on Facebook and Cambridge Analytica

It has been almost a month since the massive Cambridge Analytica x Facebook improper-user-data-ex-filtration mess (don’t call it a data breach) came to light. The news is settling down despite the real numbers coming out of Facebook and a possible 600,000 Canadians possibly affected.

I’ve been mulling over how I feel about it and I’ve finally come to a conclusion.

As much as I’d like to see this as a catalyst for people to start finding (and building) alternatives to Facebook’s walled garden of exploitation, I don’t think they did anything wrong.


The basic narrative of the Cambridge Analytica story seems to be that Facebook tricked average Americans opting to share all their facebook data with some benign looking app (like a quiz); which in turn gave the app maker further access to the victim’s friends data. Without the victim’s friends’ permission. In other words, if your friends fell for this ploy, Facebook’s API gave the app maker access to your data without your permission.

I don’t believe there is any truth do this assumption. Facebook’s API never granted access to this level of data about friends (let alone friends-of-friends). They are not that stupid.

I was involved in building Facebook app integration during the time that Cambridge Analytica gathered their data, I read Facebook’s Open Graph API documentation numerous times. Unfortunately that version of the API no longer seems to be available online, but I was able to find some old how-to videos referencing it.

As far as I can piece together, the only data about your friends that Facebook ever provided via the API was their full name and user id. Any data about your likes, political affiliation, family connections, marital status, or anything else that could be used for “psychographic” modelling was never available via your friends.

However!

These personal details were available to anyone and everyone via your public profile! Assuming that you hadn’t opted out of sharing this info (and I really doubt most user were giving their privacy details much thought before they learned the name Cambridge Analytica).

In order for Cambridge Analytica and others to mine this data they would have had to write bots to scrape data directly from your public facing profile. In the past, it was very easy to gain access to these profiles in a programmatic way. Anybody could simply load http://facebook.com/profile.php?id= with your ID to see your public profile. Even a non-programmer can see how easy it would be to generate a list of targets for a bot to crawl.

At some point, Facebook started closing this “profile.php” access point as they rolled out username (I’m ohryanca). Once that was locked down, it became more complicated to scrape content and the bad actors became more clever.

I’m pretty sure I’m right

In a blog post yesterday Facebook announced an enormous array of restrictions to their APIs (which are undoubtedly pissing off a lot of sketchy developers). Regarding account recovery, they mentioned the following:

…malicious actors have also abused [account recovery] features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature. We’re also making changes to account recovery to reduce the risk of scraping as well.

Conclusion

As much as I hate to say it, I don’t think Facebook did anything wrong. Their APIs never fed this data to any and every app developer who wanted. Cambridge Analytica and friends had jump through additional hoops. They took actions that were outside of the normal/approved methods Facebook expected and allowed app makers to access our data.

Facebook simply built a reasonable public profile feature meant to allow you to use Facebook as a home on the web. A URL to share outside the platform.

They built a reasonable account recovery feature, that allowed users to recover their logins in standard non-controversial ways.

There is no evidence that Facebook’s APIs allowed access to the type of data Cambridge Analytica took advantage of. They were just outplayed by an opponent who thought of clever ways to get what it needed.

PS

In case the mainstream media has lulled you in to a false sense of whatever; the democrats have this data too (and then some).

Here is footage of Carol Davidsen (VP of political technology at Rentrak) at a conference in 2015 gleefully explaining how the Obama campaign mapped THE ENTIRE SOCIAL GRAPH OF THE UNITED STATES who were on Facebook at the time of the 2012 election. The techniques she describes are strikingly similar to what Cambridge Analytica is accused of.

Click here to display content from YouTube.

Learn more in YouTube’s privacy policy.


Categories
Culture

Facebook’s History of Spying

Reading Wikipedia this morning, I came across an interesting tidbit from the days when facebook was still thefacebook.com. As seen in The Social Network, after launching the site Mark Zuckerberg was under investigation for potentially stealing the idea from the Winklevoss brothers.

Not covered in the movie though, while this investigation was going on Zuckerberg did a little investigating of his own, by accessing the email accounts of the investigators:

Zuckerberg knew about the investigation so he used TheFacebook.com to find members in the site who identified themselves as members of the Crimson. He examined a history of failed logins to see if any of the Crimson members have ever entered an incorrect password into TheFacebook.com. In the cases in which they had failed to login, Mark tried to use them to access the Crimson members’ Harvard email accounts, and he was successful in accessing two of them. In the end, three Crimson members filed a lawsuit against Zuckerberg which was later settled.

~ The History of Facebook, Wikipedia

The way I read this, thefacebook.com was logging failed passwords! Meaning, when you entered an incorrect password on thefacebook.com’s login page, the website would save the text you entered. Obviously websites have to have a record of your password in order to authenticate you. Passwords are normally encrypted in such a way that developers cannot access the password. The wikipedia article doesn’t say whether or not regular passwords were encrypted.

However, if you were intending to use a website you created to log into email accounts of the site’s users, collecting  passwords that failed would give you more passwords to try when logging in to those user’s third party email accounts.

Zuckerberg was caught breaking in to 2 accounts, but one has to wonder how many other accounts he broke in to. Remember, in 2004 (prior to gmail), email accounts did not have 2-factor authentication, they did not detect suspicious login activity, they did not have the security features we’ve come to take for granted. Anybody could log into any body else’s email accounts undetected.

Password security is the most basic of implicit trust between a website and its users. A site that is logging passwords and password attempts cannot be trusted, period.

Who knows if or how the culture at Facebook has changed. Nevertheless, if the company’s CEO was willing to exploit users for personal gain in the early days, what sort of things are they willing to do when governments or other powerful entities pressure them?