Microsoft, Facebook, trust and privacy

I’ve been reminded of this ancient history a lot in the last year or two as I’ve looked at news around abuse and hostile state activity on Facebook, YouTube and other social platforms, because much like the Microsoft macro viruses, the ‘bad actors’ on Facebook did things that were in the manual. They didn’t prise open a locked window at the back of the building – they knocked on the front door and walked in. They did things that you were supposed to be able to do, but combined them in an order and with malign intent that hadn’t really been anticipated.

It’s also interesting to compare the public discussion of Microsoft and of Facebook before these events. In the  1990s, Microsoft was the ‘evil empire’, and a lot of the narrative within tech focused on how it should be more open, make it easier for people to develop software that worked with the Office monopoly, and make it easier to move information in and out of its products. Microsoft was ‘evil’ if it did anything to make life harder for developers. Unfortunately, whatever you thought of this narrative, it pointed in the wrong direction when it came to this use case. Here, Microsoft was too open, not too closed.

Equally, in the last 10 years   – that is is too hard to get your information out and too hard for researchers to pull information from across the platform. People have argued that Facebook was too restrictive on how third party developers could use the platform. And people have objected to Facebook’s attempts to enforce the single real identities of accounts. As for Microsoft, there may well have been justice in all of these arguments, but also as for Microsoft, they pointed in the wrong direction when it came to this particular scenario. For the Internet Research Agency, it was too easy to develop for Facebook, too easy to get data out, and too easy to change your identity. The walled garden wasn’t walled enough.

.. Conceptually, this is almost exactly what Facebook has done: try to remove existing opportunities for abuse and avoid creating new ones, and scan for bad actors.

MicrosoftFacebook
Remove openings for abuseClose down APIs and look for vulnerabilitiesClose down APIs and look for vulnerabilities
Scan for bad behaviorVirus and malware scannersHuman moderation

(It’s worth noting that these steps were precisely what people had previously insisted was evil – Microsoft deciding what code you can run on your own computer and what APIs developers can use, and Facebook deciding (people demanding that Facebook decide) who and what it distributes.)

  • .. If there is no data stored on your computer then compromising the computer doesn’t get an attacker much.
  • An application can’t steal your data if it’s sandboxed and can’t read other applications’ data.
  • An application can’t run in the background and steal your passwords if applications can’t run in the background.
  • And you can’t trick a user into installing a bad app if there are no apps.

Of course, human ingenuity is infinite, and this change just led to the creation of new attack models, most obviously phishing, but either way, none of this had much to do with Microsoft. We ‘solved’ viruses by moving to new architectures that removed the mechanics that viruses need, and where Microsoft wasn’t present.

.. In other words, where Microsoft put better locks and a motion sensor on the windows, the world is moving to a model where the windows are 200 feet off the ground and don’t open.

.. Much like moving from Windows to cloud and ChromeOS, you could see this as an attempt to remove the problem rather than patch it.

  • Russians can’t go viral in your newsfeed if there is no newsfeed.
  • ‘Researchers’ can’t scrape your data if Facebook doesn’t have your data. You solve the problem by making it irrelevant.

This is one way to solve the problem by changing the core mechanics, but there are others. For example, Instagram does have a one-to-many feed but does not suggest content from people you don’t yourself follow in the main feed and does not allow you to repost into your friends’ feeds. There might be anti-vax content in your feed, but one of your actual friends has to have decided to share it with you. Meanwhile, problems such as the spread of dangerous rumours in India rely on messaging rather than sharing – messaging isn’t a panacea. 

Indeed, as it stands Mr Zuckerberg’s memo raises as many questions as it answers – most obviously, how does advertising work? Is there advertising in messaging, and if so, how is it targeted? Encryption means Facebook doesn’t know what you’re talking about, but the Facebook apps on your phone necessarily would know (before they encrypt it), so does targeting happen locally? Meanwhile, encryption in particular poses problems for tackling other kinds of abuse: how do you help law enforcement deal with child exploitation if you can’t read the exploiters’ messages (the memo explicitly talks about this as a challenge)? Where does Facebook’s Blockchain project sit in all of this?

There are lots of big questions, though of course there would also have been lots of questions if in 2002 you’d said that all enterprise software would go to the cloud. But the difference here is that Facebook is trying (or talking about trying) to do the judo move itself, and to make a fundamental architectural change that Microsoft could not.

India Wants Access to Encrypted WhatsApp Messages

Country makes a new attempt to constrain global tech giants

WhatsApp is facing pressure in India to let authorities trace and read the encrypted messages of its more than 200 million Indian users in a new attempt at constraining global tech giants.

India’s telecommunications regulator has asked for feedback on new rules that—in the name of national security—could force “over the top” services such as WhatsApp, which use mobile operators’ infrastructure, to allow the government access to users’ messages.

At the same time India’s Information Technology Ministry has proposed new intermediary guidelines that would force WhatsApp and others to trace messages and remove objectionable content within 24 hours.

WhatsApp—which has more users in India than in any other country—has “pushed back on government attempts to ban or weaken end-to-end encryption and will continue to do so,” said a person familiar with the company’s thinking.

.. Technology companies argue that they are obligated to protect their customers’ privacy and that demands from investigators would be impossible to satisfy. They say the protection of communication platforms is key for freedom of speech and has helped the global internet to flourish by enabling commerce and communications.

.. “It’s entirely aimed at WhatsApp,” Neha Dharia, director of strategy at London-based research and consulting firm DMMI, said of the government’s moves. “They are the largest messaging service in the country, and growing.”

WhatsApp, which Facebook acquired in 2014 for $22 billion, has been increasing its efforts to produce revenue. India is where the company introduced its first mobile-payments feature, which it hopes to roll out beyond the test phase.

Legions of Indians have flocked to WhatsApp’s service because it allows easy smartphone messaging without a complicated sign-up process. Its popularity has put it squarely in the sights of regulators and critics who say it is being used to spread rumors that can spark violence. More than 20 people were killed last year on the back of rumors spread through WhatsApp. In response, the company introduced restrictions on the number of groups to which messages can be forwarded.

.. The U.S. Congress has rejected a push by the Federal Bureau of Investigation and U.S. Department of Justice to require tech companies to create a back door, circumventing devices’ encryption. But Australia passed tough new encryption laws last month, giving police access to data.
In Vietnam, a new cybersecurity law which went into effect this year requires internet companies to quickly comply with government demands to remove content it doesn’t like.

Debunking 5 Viral Rumors About Christine Blasey Ford, Kavanaugh’s Accuser

Dr. Blasey has been the target of widespread social media disinformation since she came forward with accusations of sexual assault against Judge Brett M. Kavanaugh, the Supreme Court nominee.

This viral rumor is based on a case of mistaken identity. The RateMyProfessors.com page on which these negative reviews were found is about Christine A. Ford, a professor of human services at California State University Fullerton. Christine Blasey Ford, Judge Kavanaugh’s accuser, teaches at Palo Alto University.

Internet sleuths quickly zoomed in on a 22-year-old civil court case involving Judge Kavanaugh’s mother, Martha Kavanaugh, a district court judge in Maryland, in which Dr. Blasey’s parents, Ralph and Paula Blasey, were the defendants. Judge Kavanaugh, some said, had ruled against the Blaseys, costing them their house and creating a revenge motive for Dr. Blasey.

This claim seems to have originated with a Twitter user, Josh Cornett, who appears to have a history of amplifying right-wing misinformation. (The user’s account has tweeted messages of support for QAnon, a sprawling pro-Trump conspiracy theory.)

 

Some critics of Dr. Blasey quickly painted her as a devoted left-wing activist and donor with an ax to grind.

They have claimed that she wrote on Facebook in 2016 that “Scalia types must be banned from law.” Another variant of this claim also has her writing that “Scalia types must be banned from courts.”

Neither phrase appears in a search of public Facebook posts in 2016. It’s possible that the phrases appeared in posts that have since been deleted from Dr. Blasey’s accounts. But these claims don’t contain links to old posts, or any other form of attribution. The account of the Twitter user who appeared to originate the claim, @LodgeNixon, has since been deleted, and no evidence of the purported Facebook post has emerged.

.. It is no secret that Dr. Blasey is a registered Democrat who has given money to progressive organizations and campaigns — these facts were reported by the The Washington Post in the original story naming her as Mr. Kavanaugh’s accuser. But she appears to be far from a big-money donor. According to data from the Federal Election Commission, her donations to Democratic committees and campaigns from 2013 to 2017 total less than $100.

In a news release, Liberty Counsel, a conservative legal group, said that Dr. Blasey was an unreliable accuser because of her family ties to the special counsel investigation into Russian interference in the 2016 election..

.. And according to his LinkedIn profile, Mr. Blasey left the firm in 2004, more than a decade before any investigation into Russian collusion began.

 

Review: In ‘SPQR: A History of Ancient Rome,’ Mary Beard Tackles Myths and More

About Caligula, for example, she writes: “The idea of some modern scholars that his dinner parties came close to orgies, with his sisters ‘underneath’ him and his wife ‘on top,’ rests simply on a mistranslation of the words of Suetonius, who is referring to the place settings — ‘above’ and ‘below’ — at a Roman dining table.” Yes, this is how rumors start.