Facebook shuts down custom feed-sharing prompts and 12 other APIs

Facebook shuts down custom feed-sharing prompts and 12 other APIs

Facebook is making good on Mark Zuckerberg’s promise to prioritize user safety and data privacy over its developer platform. Today Facebook and Instagram announced a slew of API shutdowns and changes designed to stop developers from being able to pull your data or your friends’ data without express permission, drag in public content or trick you into sharing. Some changes go into effect today, and others roll out on August 1 so developers have more than 90 days to fix their apps. They follow the big changes announced two weeks ago.

Most notably, app developers will have to start using the standardized Facebook sharing dialog to request the ability to publish to the News Feed on a user’s behalf. They’ll no longer be able to use the publish_actions API that let them design a custom sharing prompt. A Facebook spokesperson says this change was planned for the future because the consistency helps users feel in control, but the company moved the deadline up to August 1 as part of today’s updates because it didn’t want to have to make multiple separate announcements of app-breaking changes.

Facebook app developers will now have to use this standard Facebook sharing prompt since the publish_action API for creating custom prompts is shutting down

One significant Instagram Graph API change is going into effect today, which removes the ability to pull the name and bio of users who leave comments on your content, though commenters’ usernames and comment text is still available.

Facebook’s willingness to put user safety over platform utility indicates a maturation of the company’s “Hacker Way” that played fast-and-loose with people’s data in order to attract developers to its platform who would in turn create functionality that soaked up more attention.

For more on Facebook’s API changes, check out our breakdown of the major updates:

Source: Mobile – Techcruch

A flaw-by-flaw guide to Facebook’s new GDPR privacy changes

A flaw-by-flaw guide to Facebook’s new GDPR privacy changes

Facebook is about to start pushing European users to speed through giving consent for its new GDPR privacy law compliance changes. It will ask people to review how Facebook applies data from web to target them with ads, and surface the sensitive profile info they share. Facebook will also allow European and Canadian users to turn on facial recognition after six years of the feature being blocked there. But with a design that encourages rapidly hitting the “Agree” button, a lack of granular controls, a laughably cheatable parental consent request for teens, and an aesthetic overhaul of Download Your Information that doesn’t make it any easier to switch social networks, Facebook shows it’s still hungry for your data.

The new privacy change and terms of service consent flow will appear starting this week to European users, though they’ll be able to dismiss it for now, though the May 25th GDPR compliance deadline Facebook vowed to uphold in Europe is looming. Meanwhile, Facebook says it will roll out the changes and consent flow globally over the coming weeks and months with some slight regional differences. And finally, all teens worldwide that share sensitive info will have to go through the weak new parental consent flow.

Facebook brought a group of reporters to the new Building 23 at its Menlo Park headquarters to preview the changes today. But feedback was heavily critical as journalists grilled Facebook’s deputy chief privacy officer Rob Sherman. Questions centered around how Facebook makes accepting the updates much easier than reviewing or changing them, but Sherman stuck to talking points about how important it was to give users choice and information.

“Trust is really important and it’s clear that we have a lot of work to do to regain the trust of people on our service” he said, giving us deja vu about Mark Zuckerberg’s testimonies before congress. “We know that people won’t be comfortable using facebook if they don’t feel that their information is protected.”

Trouble At Each Step Of Facebook’s Privacy Consent Flow

There are a ton of small changes so we’ll lay out each with our criticisms.

Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. But with just an ‘X’ up top to back out, it’s already training users to speed through by hitting that big blue button at the bottom.

Sensitive Info

First up is control of your sensitive profile information, specifically your sexual preference, religious views, and political views. As you’ll see at each step, you can hit the pretty blue “Accept And Continue” button regardless of whether you’ve scrolled through the information. If you hit the ugly grey “Manage Settings” button, you have to go through an interstitial where Facebook makes it’s argument trying to deter you from removing the info before letting you make and save your choice. It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes.

Facebook doesn’t let advertisers target you based on this sensitive info, which is good. The only exception is that in the US, political views alongside political Pages and Events you interact with impact your overarching personality categories that can be targeted with ads. You can opt out of being targeted by those too. But your only option here is either to remove any info you’ve shared in these categories so friends can’t see it, or allow Facebook to use it to personalize the site. There’s no option to keep this stuff on your profile but not let Facebook use it.

Facial Recognition

Facebook is bringing facial recognition back to Europe and Canada. The Irish Data Protection commissioner who oversees the EU banned it there in 2012. Users in these countries will get a chance to turn it on, which is the default if they speed through. It’s a useful feature that can make sure people know about the photos of them floating around. But here the lack of granularity is concerning. Users might want to see warnings about possible impersonators using their face in their profile pics, but not be suggested as someone to tag in their friends’ photos. Unfortunately, it’s all or nothing. While Facebook is right to make it simple to turn on or off completely, granular controls that unfold for those that want them would be much more empowering.

[Update: This article has been update to reflect that Facebook indeed can offer facial recognition in Europe and Canada.]

Data Collection Across The Web

A major concern that’s arisen in the wake of Zuckerberg’s testimonies is how Facebook uses data collected about you from around the web to target users with ads and optimize its service. While Sherman echoed Zuckerberg in saying that users tell the company they prefer relevant ads, and that this data can help thwart hackers and scrapers, many users are unsettled by the offsite collection practices. Here, Facebook lets you block it from targeting you with ads based on data about your browsing behavior on sites that show its Like and share buttons, conversion Pixel, or Audience Network ads. The issue is that there’s no way to stop Facebook from using that data from personalizing your News Feed or optimizing other parts of its service.

New Terms Of Service

Facebook recently rewrote its Terms Of Service and Data Use Policy to be more explicit and easy to read. It didn’t make any significant changes other than noting the policy now applies to its subsidiaries like Instagram and Messenger. [Correction: But WhatsApp and Oculus have their own data policies.] That’s all clearly explained here, which is nice.

But the fact that the button to reject the new Terms Of Service isn’t even a button, it’s a tiny ‘see your options’ hyperlink shows how badly Facebook wants to avoid you closing your account. When Facebook’s product designer for the GDPR flow was asked if she thought this hyperlink was the best way to present the alternative to the big ‘I Accept’ button, she disingenuously said yes, eliciting scoffs from the room of reporters. It seems obvious that Facebook is trying to minimize the visibility of the path to account deletion rather than making it an obvious course of action if you don’t agree to its terms.

I requested Facebook actually show us what was on the other side of that tiny ‘see my options’ link and this is what we got. First, Facebook doesn’t mention its temporary deactivation option, just the scary permanent delete option. Facebook recommends downloading your data before deleting your account, which you should. But the fact that you’ll have to wait (often a few hours) before you can download your data could push users to delay deletion and perhaps never resume. And only if you keep scrolling do you get to another tiny “I’m ready to delete my account” hyperlink instead of a real button.

Parental Consent

GDPR also implements new regulation about how teens are treated, specifically users between the ages of 13 (the minimum age required to sign up for Facebook) and 15. If users in this age range have shared their religious views, political views, or sexual preference, Facebook requires them to either remove it or get parental consent to keep it. They also need permission to be targeted with ads based on data from Facebook’s partners. Without that permission, they’ll see a less personalized version of Facebook. But the system for attaining and verifying that parental consent is a joke.

Users merely select one of their Facebook friends or enter an email address, and that person is asked to give consent for their ‘child’ to share sensitive info. But Facebook blindly trusts that they’ve actually selected their parent or guardian, even though it has a feature for users to designate who their family is, and the kid could put anyone in the email field, including an alternate address they control. Sherman says Facebook is “not seeking to collect additional information” to verify parental consent, so it seems Facebook is happy to let teens easily bypass the checkup.

Privacy Shortcuts

To keep all users abreast of their privacy settings, Facebook has redesigned its Privacy Shortcuts in a colorful format that sticks out from the rest of the site. No complaints here.

Download Your Information

Facebook has completely redesigned its Download Your Information tool after keeping it basically the same for the past 8 years. You can now view your content and data in different categories without downloading it, which alongside the new privacy shortcuts is perhaps the only unequivocally positive and unproblematic change amidst today’s announcements.

And Facebook now lets you select certain categories of data, date ranges, JSON or HTML format, and image quality to download. That could make it quicker and easier if you just need a copy of a certain type of content but don’t need to export all your photos and videos for example. Thankfully, Facebook says you’ll now be able to download your media in a higher resolution than the old tool allowed.

But the big problem here was the subject of my feature piece this week about Facebook’s lack of data portability. The Download Your Information tool is supposed to let you take your data and go to a different social network. But it only exports your social graph aka your friends as a text list of names. There are no links, usernames, or other unique identifiers unless friends opt into let you export their email or phone number (only 4% of my friends do), so good luck finding the right John Smith on another app. The new version of Download Your Information exports the same old list of names, rather than offering any interoperable format that would let you find your friends elsewhere.

A Higher Standard

Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. Sure, privacy is boring to a lot of people. Too little info and they feel confused and scared. Too many choices and screens and they feel overwhelmed and annoyed. Facebook struck the right balance in some places here. But the subtly pushy designs seem intended to steer people away from changing their defaults in ways that could hamper Facebook’s mission and business.

Making the choices equal in visible weight, rather than burying the ways to make changes in grayed-out buttons and tiny links, would have been more fair. And it would have shown that Facebook has faith in the value it provides, such that users would stick around and leave features enabled if they truly wanted to.

When questioned about this, Sherman pointed the finger at other tech companies, saying he thought Facebook was more upfront with users. Asked to clarify if he thought Facebook’s approach was “better”, he said “I think that’s right”. But Facebook isn’t being judged by the industry standard because it’s not a standard company. It’s built its purpose and its business on top of our private data, and touted itself as a boon to the world. But when asked to clear a higher bar for privacy, Facebook delved into design tricks to keep from losing our data.

Source: Mobile – Techcruch

Zuckerberg’s boring testimony is a big win for Facebook

Zuckerberg’s boring testimony is a big win for Facebook

Mark Zuckerberg ran his apology scripts, trotted out his lists of policy fixes and generally dulled the Senate into submission. And that constitutes success for Facebook.

Zuckerberg testified before the joint Senate judiciary and commerce committee today, capitalizing on the lack of knowledge of the politicians and their surface-level questions. Half the time, Zuckerberg got to simply paraphrase blog posts and statements he’d already released. Much of the other half, he merely explained how basic Facebook functionality works.

The senators hadn’t done their homework, but he had. All that training with D.C. image consultants paid off.

Facebook CEO Mark Zuckerberg arrives to testify before a joint hearing of the US Senate Commerce, Science and Transportation Committee and Senate Judiciary Committee on Capitol Hill, April 10, 2018 in Washington, DC. (Photo: JIM WATSON/AFP/Getty Images)

Sidestepping any gotcha questions or meme-worthy sound bites, Zuckerberg’s repetitive answers gave the impression that there’s little left to uncover, whether or not that’s true. He made a convincing argument that Facebook is atoning for its sins, is cognizant of its responsibility and has a concrete plan in place to improve data privacy.

With just five minutes per senator, and them each with a queue of questions to get through, few focused on the tougher queries, and even fewer had time for follow-ups to dig for real answers.

Did Facebook cover up the Cambridge Analytica scandal or decide against adding privacy protections earlier to protect its developer platform? Is it a breach of trust for Zuckerberg and other executives to have deleted their Facebook messages out of recipients’ inboxes? How has Facebook used a lack of data portability to inhibit the rise of competitors? Why doesn’t Instagram let users export their data the way they can from Facebook?

The public didn’t get answers to any of those questions today. Just Mark’s steady voice regurgitating Facebook’s talking points. Investors rewarded Facebook for its monotony with a 4.5 percent share price boost.

That’s not to say today’s hearing wasn’t effective. It’s just that the impact was felt before Zuckerberg waded through a hundred photographers to take his seat in the Senate office.

Facebook knew this day was coming, and worked to build Zuckerberg a fortress of facts he could point to no matter what he got asked:

  • Was Facebook asleep at the wheel during the 2016 election? Yesterday it revealed it had deleted the accounts of Russian GRU intelligence operatives in June 2016.
  • How will Facebook prevent this from happening again? Last week it announced plans to require identity and location verification for any political advertiser or popular Facebook Page, and significantly restricted its developer platform.
  • Is Facebook taking this seriously? Zuckerberg wrote in his prepared testimony for today that Facebook is doubling its security and content moderation team from 10,000 to 20,000, and that “protecting our community is more important than maximizing our profits.”
  • Is Facebook sorry? “We didn’t take a broad enough view of what our responsibility is and that was a huge mistake. That was my mistake,” Zuckerberg has said, over and over.

Facebook may never have made such sweeping changes and apologies had it not had today and tomorrow’s testimony on the horizon. But this defensive strategy also led to few meaningful disclosures, to the detriment of the understanding of the public and the Senate — and to the benefit of Facebook.

WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. Zuckerberg, 33, was called to testify after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

We did learn that Facebook is working with Special Counsel Robert Mueller on his investigation into election interference. We learned that Zuckerberg thinks it was a mistake not to suspend the advertising account of Cambridge Analytica when Facebook learned it had bought user data from Dr. Aleksandr Kogan. And we learned that the senate will “haul in” Cambridge Analytica for a future hearing about data privacy.

None of those are earth-shaking.

Perhaps the only fireworks during the testimony came when Senator Ted Cruz laid into Zuckerberg over the Gizmodo report citing that Facebook’s trending topics curators suppressed conservative news trends. Cruz badgered Zuckerberg about whether he believes Facebook is politically neutral, whether Facebook has ever taken down Pages from liberal groups like Planned Parenthood or MoveOn.org, if he knows the political leanings of Facebook’s content moderators and whether Facebook fired Oculus co-founder Palmer Luckey over his [radical conservative] political views.

Zuckerberg maintained that he and Facebook are neutral, but that last question was the only one of the day that seemed to visibly perturb him. “That is a specific personnel matter than seems like it would be inappropriate…” Zuckerberg said before Cruz interrupted, pushing the CEO to exasperatedly respond, “Well then I can confirm that it was not because of a political view.” It should be noted that Cruz has received numerous campaign donations from Luckey.

This was the only time Zuckerberg seemed flapped, because he knows the stakes of the public perception of Facebook’s political leanings. Zuckerberg, many Facebook employees and Facebook’s home state of California are all known to lean left. But if the company itself is seen that way, conservative users could flee, shattering Facebook’s network effect. Yet again, Zuckerberg nimbly avoided getting cornered here, and was aided by the bell signaling the end of Cruz’s time. He never noticeably raised his voice, lashed back at the senators or got off message.

By the conclusion of the five hours of questioning, the senators themselves were admitting they hadn’t watched the day’s full testimony. Viewers at home had likely returned to their lives. Even the press corps’ eyes were glazing over. But Zuckerberg was prepared for the marathon. He maintained pace through the finish line. And he made it clear why marathons aren’t TV spectator sports.

The question is no longer what revelations would come from Mr. Zuckerberg going to Washington. Tomorrow’s testimony is likely to go similarly. It’s whether Facebook can coherently execute on the data privacy promises it made leading up to today. This will be a “never-ending battle” as Zuckerberg said, dragging out over many years. And again, that’s in Facebook’s interest. Because in the meantime, everyone’s going back to scrolling their feeds.

Source: Mobile – Techcruch

Zuckerberg admits it was a mistake not to ban Cambridge Analytica’s ads

Zuckerberg admits it was a mistake not to ban Cambridge Analytica’s ads

Facebook didn’t ban Cambridge Analytica when it found out in 2015 that it had received user data from Dr. Aleksandr Kogan, and Zuckerberg called that a mistake during his testimony before the Senate. Cambridge Analytica has since been banned.

Zuckerberg explained that “I want to correct one thing that I said earlier in response to a question from Senator Leahy. He had asked why we didn’t ban Cambridge Analytica at the time when we learned of them in 2015. And I answered that what my understanding was was that they were not on the platform, were not an app developer or advertiser. When I went back and met with my team afterwards, they let me know that Cambridge Analytica actually did start as an advertiser later in 2015, so we could have in theory banned them back then, and made a mistake by not doing so.”

NEW YORK, NY – SEPTEMBER 19: CEO of Cambridge Analytica Alexander Nix speaks at the 2016 Concordia Summit – Day 1 at Grand Hyatt New York on September 19, 2016 in New York City. (Photo by Bryan Bedder/Getty Images for Concordia Summit)

When the Guardian informed Facebook about Kogan sharing user data to Cambridge Analytica, Facebook banned Kogan, and required Cambridge Analytica to formally certify that it had deleted all the improperly attained user data. Cambridge Analytica did so, Zuckerberg confirmed in his prepared testimony for today. But Facebook then stopped short of blocking Cambridge Analytica from buying ads on its platform. The company went on to work with the Trump campaign to help it optimize political messaging and ad targeting.

Had Facebook banned Cambridge Analytica at the time, it wouldn’t have been able to buy ads directly on behalf of political campaigns with which it worked. However, the company might still have been able to help these campaigns to optimize their ads, so a 2015 ban wouldn’t have necessarily prevented second-hand use of improperly attained data.

Source: Mobile – Techcruch