Connect with us

Technology

How Facebook let fake engagement distort global politics: a whistleblower’s account | Technology

Voice Of EU

Published

on

Shortly before Sophie Zhang lost access to Facebook’s systems, she published one final message on the company’s internal forum, a farewell tradition at Facebook known as a “badge post”.

“Officially, I’m a low-level [data scientist] who’s being fired today for poor performance,” the post began. “In practice, in the 2.5 years I’ve spent at Facebook, I’ve … found multiple blatant attempts by foreign national governments to abuse our platform on vast scales to mislead their own citizenry, and caused international news on multiple occasions.”

Over the course of 7,800 scathing words, Zhang outlined Facebook’s failure to combat political manipulation campaigns akin to what Russia had done in the 2016 US election. “We simply didn’t care enough to stop them,” she wrote. “I know that I have blood on my hands by now.”

Zhang knew that this was not a tale that Facebook wanted her to tell, so when she hit publish, she also launched a password-protected website with a copy of the memo and provided the link and password to Facebook employees. Not only did Facebook temporarily delete the post internally, the company also contacted Zhang’s hosting service and domain registrar and forced her website offline.

Now, with the US election over and a new president inaugurated, Zhang is coming forward to tell the whole story on the record. (Excerpts of her memo were first published in September by BuzzFeed News.) This article is based on extensive internal documentation seen by the Guardian.

“What we have seen is that multiple national presidents believe that this activity is sufficiently valuable for their autocratic ambitions that they feel the need to do it so blatantly that they aren’t even bothering to hide,” Zhang told the Guardian.

“I tried to fix this problem within Facebook … I spoke to my manager, my manager’s manager, different teams, and everyone up to a company vice-president in great detail. I repeatedly tried to get people to fix things… I offered to stay on for free after they fired me, and they said no. I hoped that when I made my departure post it might convince people to change things, but it hasn’t.”

She argues that Facebook is allowing its self-interest to interfere with its responsibility to protect democracy, and that the public and regulators need to know what is happening to provide oversight.

“The whole point of inauthentic activity is not to be found,” she said. “You can’t fix something unless you know that it exists.”

A Facebook spokesperson, Liz Bourgeois, said: “We fundamentally disagree with Ms Zhang’s characterization of our priorities and efforts to root out abuse on our platform.

“We aggressively go after abuse around the world and have specialized teams focused on this work. As a result, we’ve taken down more than 100 networks of coordinated inauthentic behavior. Around half of them were domestic networks that operated in countries around the world, including those in Latin America, the Middle East and North Africa, and in the Asia Pacific region. Combatting coordinated inauthentic behavior is our priority. We’re also addressing the problems of spam and fake engagement. We investigate each issue before taking action or making public claims about them.”

Facebook did not dispute Zhang’s factual assertions about her time at the company.


Ex-Facebook employee on the company’s dangerous loophole: ‘Autocrats don’t bother to hide’

BEHIND ‘COUNTERFEIT LIKES’

Zhang had been working for Facebook for about six months when she realized that Juan Orlando Hernández, the president of Honduras, was amassing large numbers of fake likes on the content he posted to his 500,000 followers on Facebook. Over one six-week period from June to July 2018, Hernández’s Facebook posts received likes from 59,100 users, more than 78% of which were not real people.

Hernández’s fake engagement stood out not just because of its volume, but because of an apparent innovation in how he acquired it. Most fake likes on Facebook come from fake or compromised user accounts, but Hernández was receiving thousands of likes from Facebook Pages – Facebook profiles for businesses, organizations or public figures – that had been set up to resemble user accounts, with names, profile pictures and job titles. One individual was the administrator for hundreds of those fake Pages, as well as for the official Pages of both Hernández and his late sister, who had served as communications minister.

Sitting behind a computer screen, the administrator could publish a post about how well Hernández was doing his job on the president’s Facebook Page, then use his hundreds of dummy Pages to make the post appear popular, the digital equivalent of bussing in a fake crowd for a speech.





sophie quote


Zhang had been hired that January to work on a relatively new team dedicated to combatting “fake engagement” – likes, comments, shares and reactions made by inauthentic or compromised accounts. In addition to distorting the public’s perception of how popular a piece of content is, fake engagement can influence how that content performs in the all-important news feed algorithm; it is a kind of counterfeit currency in Facebook’s attention marketplace.

The vast majority of the fake engagement on Facebook appears on posts or Pages by individuals, businesses or brands and appears to be commercially motivated. But Zhang found that it was also being used on what Facebook called “civic” – ie political – targets. The most blatant example was Hernández, who was receiving 90% of all the known civic fake engagement in Honduras as of August 2018.

A rightwing nationalist who supported Honduras’s 2009 military coup, Hernández was elected president in 2013. His re-election in 2017 is widely viewed as fraudulent, and his second term has been marked by allegations of human rights abuses and rampant corruption. US federal prosecutors have named Hernández as a co-conspirator in multiple drug trafficking cases. He has not been charged with a crime and has denied any wrongdoing.

Hernández did not respond to queries sent to his press officer, attorney and minister of transparency.

The tactics boosting Hernández online were similar to what Russia’s Internet Research Agency had done during the 2016 US election, when it set up Facebook accounts purporting to be Americans and used them to manipulate individuals and influence political debates on Facebook. Facebook had come up with a name for this – “coordinated inauthentic behavior” (CIB) – in order to ban it.

But Facebook initially resisted calling the Honduran activity CIB – in part because the network’s use of Pages to create false personas and fake engagement fell into a serious loophole in the company’s rules. Facebook’s policies to ensure authenticity focus on accounts: users can only have one account and it must employ their “real” name. But Facebook has no such rule for Pages, which can perform many of the same engagements that accounts can, including liking, sharing and commenting.

Zhang assumed that once she alerted the right people to her discovery, the Honduras network would be investigated and the fake Pages loophole would be closed. But it quickly became clear that no one was interested in taking responsibility for policing the abuses of the president of a poor nation with just 4.5m Facebook users. The message she received from all corners – including from threat intelligence, the small and elite team of investigators responsible for uncovering CIB campaigns – was that the abuses were bad, but resources were tight, and, absent any external pressure, Honduras was simply not a priority.

“It’s not for threat intel to investigate fake engagement,” an investigator from that team told Zhang. Katie Harbath, Facebook’s then public policy director for global elections, expressed interest in a “scaled way to look for this and action on other politician Pages” but noted that it was unlikely the case would get much attention outside Honduras, and that she didn’t “feel super strongly” about it. Other executives and managers Zhang briefed included Samidh Chakrabarti, the then head of civic integrity; David Agranovich, the global threat disruption lead; and Rosen, the vice-president of integrity.

“I don’t think Honduras is big on people’s minds here,” a manager from the civic integrity team told Zhang in a chat.

Frustrated and impatient after months of inaction, Zhang took her concerns semi-public – within the confines of the company’s internal communication platform. In late March 2019, she published a post to a group for the company’s “election integrity core team” pointing out that Hernández was “the only national president to be directly, actively, and consistently abusing Facebook to exploit fake engagement for himself” and that the company had known of the problem for months without doing anything.





The Facebook headquarters in Menlo Park, California.



Facebook headquarters in Menlo Park, California. Photograph: Jason Henry/The Guardian

The post succeeded in attracting the concern of an investigator from the threat intelligence team, but a further delay occurred in April when management temporarily suspended investigations into CIB cases that did not involve interference by a foreign government. In June, the investigator began working on the case and quickly confirmed Zhang’s findings: there was a large CIB network in Honduras working to promote Hernández that was linked to the president himself.

“This campaign has persistently boosted a likely illegitimate president in an ARC [at-risk country],” the investigator wrote in a report highlighting its likely “IRL [in-real-life] impact”. The accounts and Pages involved had been established in 2016 and 2017, prior to Hernández’s disputed re-election, the investigator noted.

On 25 July 2019, nearly one year after Zhang had reported the network to Facebook, the company announced that it was taking down 181 accounts and 1,488 Pages involved in “domestic-focused coordinated inauthentic activity in Honduras”. The campaign was “linked to individuals managing social media for the government of Honduras” and had spent more than $23,000 on Facebook ads, Facebook said.

Agranovich, the global threat disruption lead, praised Zhang for her role in the takedown, writing in an official feedback channel: “These disruptions removed networks on Facebook that used our services to suppress democratic expression, target innocent users on our platform, and enable clandestine geopolitical conflict. This is among the most important work at Facebook, and we could not have done any of these takedowns without your contributions.”

Privately, he added: “The Honduras case would never have happened without your continued advocacy … It means we’ve created a precedent that the Pages-as-Profiles archetype is inauthentic behavior.”

‘NO ONE CAN AGREE ON WHAT TO DO’

Zhang was invigorated by her success with the Honduras takedown and believed that the “precedent” Agranovich spoke of would clear the way for quicker takedowns in the future.

The next day, she filed an escalation within Facebook’s task management system to alert the threat intelligence team to a network of fake accounts supporting a political leader in Albania. In August, she discovered and filed escalations for suspicious networks in Azerbaijan, Mexico, Argentina and Italy. Throughout the autumn and winter she added networks in the Philippines, Afghanistan, South Korea, Bolivia, Ecuador, Iraq, Tunisia, Turkey, Taiwan, Paraguay, El Salvador, India, the Dominican Republic, Indonesia, Ukraine, Poland, and Mongolia.

Source link

Technology

Web ad firms scrape email addresses before you know it • The Register

Voice Of EU

Published

on

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Some of these firms are said to have also inadvertently grabbed passwords from these forms.

In a research paper scheduled to appear at the Usenix ’22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.

The boffins created their own software to measure email and password data gathering from web forms – structured web input boxes through which site visitors can enter data and submit it to a local or remote application.

Providing information through a web form by pressing the submit button generally indicates the user has consented to provide that information for a specific purpose. But web pages, because they run JavaScript code, can be programmed to respond to events prior to a user pressing a form’s submit button.

And many companies involved in data gathering and advertising appear to believe that they’re entitled to grab the information website visitors enter into forms with scripts before the submit button has been pressed.

“Our analyses show that users’ email addresses are exfiltrated to tracking, marketing and analytics domains before form submission and without giving consent on 1,844 websites in the EU crawl and 2,950 websites in the US crawl,” the researchers state in their paper, noting that the addresses may be unencoded, encoded, compressed, or hashed depending on the vendor involved.

Most of the email addresses grabbed were sent to known tracking domains, though the boffins say they identified 41 tracking domains that are not found on any of the popular blocklists.

“Furthermore, we find incidental password collection on 52 websites by third-party session replay scripts,” the researchers say.

Replay scripts are designed to record keystrokes, mouse movements, scrolling behavior, other forms of interaction, and webpage contents in order to send that data to marketing firms for analysis. In an adversarial context, they’d be called keyloggers or malware; but in the context of advertising, somehow it’s just session-replay scripts.

Gunes Acar, one of the report co-authors, was also the co-author of a similar research project in 2017 that looked at data gathering by session-replay companies Yandex, FullStory, Hotjar, UserReplay, Smartlook, Clicktale, and SessionCam.

Evidently, not much has changed since then, except perhaps that email addresses have become more desirable as unique identifiers now that privacy-oriented browsers like Brave, Firefox, and Safari are taking more steps to block cookies and tracking scripts.

Email addresses, the researchers observe, represent a cookie replacement because they’re unique, persistent, and can be used to track people across applications, platforms, and even offline interactions that may be tied to an email address like loyalty card transactions.

The website categories with the most leaking forms include: Fashion/Beauty (11.1 per cent, EU; 19 per cent US); Online Shopping (9.4 per cent EU; 15.1 per cent US); and General News (6.6 per cent EU; 10.2 per cent US).

Websites categorized as Pornography had the best privacy when it comes to surreptitious form data harvesting.

“A somehow surprising result was the following: despite filling email fields on hundreds of websites categorized as Pornography, we have not a single email leak,” the researchers say, noting that previous studies of adult-oriented websites have relatively fewer third-party trackers than similarly popular general interest websites.

Those pesky regulations

The report authors say that EU websites practicing email exfiltration may be in violation of at least three GDPR requirements: transparency, purpose limitation, and prior consent. Firms found to be violating these rules can be fined up to $20m euros or 4 per cent of annual revenue, per Article 83(5).

The US doesn’t have a federal data privacy law, though it’s conceivable one of the handful of US states with applicable privacy rules could take action against pre-submission form harvesting. But given the toothlessness of US privacy regulation over the past decade, don’t expect much.

The authors say they attempted to contact 58 first-parties and 28 third-parties with GDPR requests. They report receiving 30 responses from the first-parties, which varied from surprise and remediation to justifications of one sort or another.

“fivethirtyeight.com (via Walt Disney’s DPO), trello.com (Atlassian), lever.co, branch.io and cision.com were among the websites that said they had not been aware of the email collection prior to form submission on their websites and removed the behavior,” the report says.

Marriott, meanwhile, said the information collected by digital analytics firm Glassbox helps with customer care, technical support, and fraud prevention.

Third-parties Taboola, Zoominfo, and ActiveProspect defended their data collection practices.

Facebook, aka Meta, is among the third-parties involved in this. The researchers say that email addresses or their hashes were spotted being sent to facebook.com from 21 different websites in the EU.

“On 17 of these, Facebook Pixel’s Automatic Advanced Matching feature was responsible for sending the SHA-256 of the email address in a SubscribedButtonClick event, despite not clicking any submit button,” the report says.

Advanced Matching – called out recently for harvesting student loan data – is designed to collect hashed customer data, such as email addresses, phone numbers, and names from checkout, sign-in, and registration forms. The researchers speculate that on these sites, Facebook’s script treats clicks on non-submit buttons as a click event for the submit button.

Facebook did not respond to a request for comment.

The report concludes that browser vendors, regulators, and privacy tool makers need to deal with this issue because it isn’t going away. “Based on our findings, users should assume that the personal information they enter into web forms may be collected by trackers – even if the form is never submitted,” the report concludes. ®

Source link

Continue Reading

Technology

VC funding in Ireland rose in Q1, but not for deals under €10m

Voice Of EU

Published

on

A William Fry-commissioned report has found that funding deals under €10m have taken a big hit in the first three months of 2022.

Venture capital funding into Irish tech businesses was up by more than 50pc in the first quarter of this year, but there’s an unfortunate and potentially troubling caveat to that.

The Irish Venture Capital Association (IVCA) has published today (15 May) its latest report on VC funding into tech start-ups and SMEs in Ireland, which found that the investments increased by 52pc to €379.7m in the first three months of 2022, compared to the same period last year.

Future Human

But the report, commissioned by Dublin law firm William Fry, also found that VC funding in deals valued less than €10m have taken a hit.

IVCA chair Nicola McClafferty said that the headline figure of a funding boost conceals a “potentially worrying fall” of 30 to 50pc across all categories of deals under €10m – including seed funding.

“All the growth came from eight deals worth over €10m each, including three over €30m. While the momentum carried over from last year has continued for more established companies raising large rounds, some of that impetus seems to have stalled for earlier stage companies.”

Even the total number of deals overall fell by almost a third to 50 from 74 in the same period last year.

McClafferty said that this could be related to international trends affecting the business world right now, such as Russia’s invasion of Ukraine.

“While challenging market conditions may continue, we also know that many great companies are started and built in times of downturn, so we await with interest the data in the coming quarters,” she added.

Deals in the €5m to €10m range fell in value by more than half, while those in the €1m to €5m range also halved from €70.3m last year to €34.5m in Q1 2022. The value of deals below €1m dropped by 31pc to €8.9m.

Seed funding also took a hit, falling by nearly 40pc to €22.3m from €36.5m last year.

Nearly four-fifths of all funding came from overseas sources, according to IVCA director-general Sarah-Jane Larkin.

“While this is to be welcomed and emphasises the quality of Irish tech firms and their appeal to international investors, we have expressed concern before about where any shortfall would be made up if the global economy contracts,” she said.

Wayflyer, Ireland’s latest tech unicorn, led the way in terms of total value of funding received with a $150m in Series B funding valuing the start-up at $1.6bn. Flipdish, another Irish tech start-up that became a unicorn this year, raised $100m reaching a $1.25bn valuation.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Technology

Taking his advice was like ‘chewing broken glass’: the short life of dating guru Kevin Samuels | Relationships

Voice Of EU

Published

on

As a source of dating advice, Kevin Samuels would seem a last resort for America’s Black women. On his YouTube show and podcasts, Samuels criticized Black women for being old and out of shape, and for having children out of wedlock. He sneered at “modern women” who flaunted their multiple college degrees and boasted of their independence. He dropped these bombs in the softest voice, in a tailored suit, and bathed in mood lighting with a funky kinetic energy sculpture on his desk.

Yet many women not only tuned in to Samuels in droves, they cued up to Zoom into his show – some in hopes of putting the self-made image consultant turned relationship expert in his place. When Samuels suddenly died last Thursday in Atlanta at 57, as his star was still rising (the Fulton county medical examiners office has not yet revealed a cause of death), his many detractors reacted like Munchkins at the feet of the Wicked Witch of the East. The overwhelming lack of sympathy for Samuels – whose mother reportedly found out about his death as speculation raged online – comes down to his profiting from dismissing single Black women over 35 as “leftovers” whose unrealistic desire for “high-value men” would doom them to a lonely death.

On a recent episode of the Fox Soul streaming show Cocktails with Queens, the actor Vivica A Fox called Samuels’ death karma payback. “This man was a hypocrite, in my honest opinion,” she said. “He insulted African American women on a consistent basis.” In a Mother’s Day sermon, the preacher-influencer Jamal Bryant indirectly singled out this “high-powered man” for allegedly needing “a GoFundMe for his funeral”. The many women in Bryant’s congregation ate this up.

Still, just as many Black celebrities have rushed to defend Samuels. “Love him or hate him,” said the actor Marlon Wayans, “he spoke his truth. If you hated [him] why tune in?” The rapper turned comedian TI scorned the gleeful reactions to his death as a “fucking travesty” while branding Samuels’ haters as “despicable” and “bullies”. “Whatever he did, he did it, and [he’s] gone,” said the Why You Wanna emcee. “He got away with it.”

Besides his mother and daughter, Samuels is survived by his legion followers in the online community known as the “manosphere”, a sort of digital bathhouse for naked pushback against feminist ideology and the reprisal of traditional gender norms.

Casually drawing on relationship and income statistics, Samuels delighted in playing the role of market adjuster and scolding “average” Black women for pursuing Black men in the Talented Tenth – good-looking men with minimum six-figure incomes, no kids, no priors, and no hangups in bed. According to Samuels, guys mainly wanted women who were “fit, feminine, friendly, cooperative and submissive”. He barely had patience for callers who defied that description, and regularly played those clashes with them for laughs. And this was against the backdrop of Black women having a tough enough time being taken seriously online, let alone settling down.

More than 30,000 people signed an online petition calling on YouTube and Instagram to de-platform Samuels, believing he had “galvanised a community of men of all races and nationalities in the outspoken hatred of women”. To many, Samuel’s polished and bespectacled presentation was little more than a pseudo-intellectual cover for misogynoir. “I think he has had an outsized impact on poisoning the social discourse between Black men and Black women around matters of love, dating and intimacy,” the Rutgers women’s studies professor Brittney Cooper wrote in a recent Facebook post, after Samuels used a clip of her talking about racism and fatphobia as an example of a low-value woman. “I hope that the Black women who liked Kevin’s work stop letting the latest brother with relationship advice exploit your pain.”

Samuels’ public persona wasn’t always such a troll. A chemical engineering major who segued into a career in marketing, Samuels established himself on social media as a self-improvement coach and tastemaker (“the godfather of style”, he called himself), hipping men to the coolest clothes, watches and fragrances.

But Samuels eventually saw the bigger audience for relationship content, and quickly distinguished himself by doubling down on the “negging” techniques that undergirded the pickup artist craze of the early aughts. It’s a blueprint that launched the mainstream success of Steve Harvey. Before he was widely known as the avuncular host of Family Feud and the Miss Universe pageant, Harvey was writing plainspoken relationship manuals for Black women and spinning them into the box-office topping Think Like a Man franchise.

After one video sizing up a woman as “average at best” drew millions of views, Samuels was essentially rebooted as a relationship expert. In another oft-shared video he writes off a proudly curvy Black female caller as “running back-sized.” Before his death, Samuels had amassed more than 1.4 million YouTube subscribers and more than 1.2 million Instagram followers. Mainstream renown wasn’t much farther off.

Already, Samuels was a fixture of the Black gossip blogs for his viral put-downs and for his interviews with Nicki Minaj, Future, and the social media influencer Brittany Renner. Those same blogs were quick to hypothesise about the chaotic circumstances of Samuels’ death and echo reports that the ultimate high-value man died broke.

But his village of YouTube peers have rallied to debunk those rumours and rebuff what they characterise as efforts to defame Samuels in death. Mostly, they claim he was a tireless worker and shrewd businessman who could be harsh, but all in the interest of uplifting the community overall. In a YouTube eulogy, Melanie King, a Samuels protege who credits him for helping her rebuild from an agonising divorce, likened taking advice from him to “chewing broken glass”.

“We needed that shock,” said King, who thought of Samuels more like a tough dad. “Because, let’s be honest, if he had not been so shocking to so many people, would you even know about him?”

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!