A flaw-by-flaw guide to Facebook’s new GDPR privacy changes

A flaw-by-flaw guide to Facebook’s new GDPR privacy changes

Facebook is about to start pushing European users to speed through giving consent for its new GDPR privacy law compliance changes. It will ask people to review how Facebook applies data from web to target them with ads, and surface the sensitive profile info they share. Facebook will also allow European and Canadian users to turn on facial recognition after six years of the feature being blocked there. But with a design that encourages rapidly hitting the “Agree” button, a lack of granular controls, a laughably cheatable parental consent request for teens, and an aesthetic overhaul of Download Your Information that doesn’t make it any easier to switch social networks, Facebook shows it’s still hungry for your data.

The new privacy change and terms of service consent flow will appear starting this week to European users, though they’ll be able to dismiss it for now, though the May 25th GDPR compliance deadline Facebook vowed to uphold in Europe is looming. Meanwhile, Facebook says it will roll out the changes and consent flow globally over the coming weeks and months with some slight regional differences. And finally, all teens worldwide that share sensitive info will have to go through the weak new parental consent flow.

Facebook brought a group of reporters to the new Building 23 at its Menlo Park headquarters to preview the changes today. But feedback was heavily critical as journalists grilled Facebook’s deputy chief privacy officer Rob Sherman. Questions centered around how Facebook makes accepting the updates much easier than reviewing or changing them, but Sherman stuck to talking points about how important it was to give users choice and information.

“Trust is really important and it’s clear that we have a lot of work to do to regain the trust of people on our service” he said, giving us deja vu about Mark Zuckerberg’s testimonies before congress. “We know that people won’t be comfortable using facebook if they don’t feel that their information is protected.”

Trouble At Each Step Of Facebook’s Privacy Consent Flow

There are a ton of small changes so we’ll lay out each with our criticisms.

Facebook’s consent flow starts well enough with the screen above offering a solid overview of why it’s making changes for GDPR and what you’ll be reviewing. But with just an ‘X’ up top to back out, it’s already training users to speed through by hitting that big blue button at the bottom.

Sensitive Info

First up is control of your sensitive profile information, specifically your sexual preference, religious views, and political views. As you’ll see at each step, you can hit the pretty blue “Accept And Continue” button regardless of whether you’ve scrolled through the information. If you hit the ugly grey “Manage Settings” button, you have to go through an interstitial where Facebook makes it’s argument trying to deter you from removing the info before letting you make and save your choice. It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes.

Facebook doesn’t let advertisers target you based on this sensitive info, which is good. The only exception is that in the US, political views alongside political Pages and Events you interact with impact your overarching personality categories that can be targeted with ads. You can opt out of being targeted by those too. But your only option here is either to remove any info you’ve shared in these categories so friends can’t see it, or allow Facebook to use it to personalize the site. There’s no option to keep this stuff on your profile but not let Facebook use it.

Facial Recognition

Facebook is bringing facial recognition back to Europe and Canada. The Irish Data Protection commissioner who oversees the EU banned it there in 2012. Users in these countries will get a chance to turn it on, which is the default if they speed through. It’s a useful feature that can make sure people know about the photos of them floating around. But here the lack of granularity is concerning. Users might want to see warnings about possible impersonators using their face in their profile pics, but not be suggested as someone to tag in their friends’ photos. Unfortunately, it’s all or nothing. While Facebook is right to make it simple to turn on or off completely, granular controls that unfold for those that want them would be much more empowering.

[Update: This article has been update to reflect that Facebook indeed can offer facial recognition in Europe and Canada.]

Data Collection Across The Web

A major concern that’s arisen in the wake of Zuckerberg’s testimonies is how Facebook uses data collected about you from around the web to target users with ads and optimize its service. While Sherman echoed Zuckerberg in saying that users tell the company they prefer relevant ads, and that this data can help thwart hackers and scrapers, many users are unsettled by the offsite collection practices. Here, Facebook lets you block it from targeting you with ads based on data about your browsing behavior on sites that show its Like and share buttons, conversion Pixel, or Audience Network ads. The issue is that there’s no way to stop Facebook from using that data from personalizing your News Feed or optimizing other parts of its service.

New Terms Of Service

Facebook recently rewrote its Terms Of Service and Data Use Policy to be more explicit and easy to read. It didn’t make any significant changes other than noting the policy now applies to its subsidiaries like Instagram and Messenger. [Correction: But WhatsApp and Oculus have their own data policies.] That’s all clearly explained here, which is nice.

But the fact that the button to reject the new Terms Of Service isn’t even a button, it’s a tiny ‘see your options’ hyperlink shows how badly Facebook wants to avoid you closing your account. When Facebook’s product designer for the GDPR flow was asked if she thought this hyperlink was the best way to present the alternative to the big ‘I Accept’ button, she disingenuously said yes, eliciting scoffs from the room of reporters. It seems obvious that Facebook is trying to minimize the visibility of the path to account deletion rather than making it an obvious course of action if you don’t agree to its terms.

I requested Facebook actually show us what was on the other side of that tiny ‘see my options’ link and this is what we got. First, Facebook doesn’t mention its temporary deactivation option, just the scary permanent delete option. Facebook recommends downloading your data before deleting your account, which you should. But the fact that you’ll have to wait (often a few hours) before you can download your data could push users to delay deletion and perhaps never resume. And only if you keep scrolling do you get to another tiny “I’m ready to delete my account” hyperlink instead of a real button.

Parental Consent

GDPR also implements new regulation about how teens are treated, specifically users between the ages of 13 (the minimum age required to sign up for Facebook) and 15. If users in this age range have shared their religious views, political views, or sexual preference, Facebook requires them to either remove it or get parental consent to keep it. They also need permission to be targeted with ads based on data from Facebook’s partners. Without that permission, they’ll see a less personalized version of Facebook. But the system for attaining and verifying that parental consent is a joke.

Users merely select one of their Facebook friends or enter an email address, and that person is asked to give consent for their ‘child’ to share sensitive info. But Facebook blindly trusts that they’ve actually selected their parent or guardian, even though it has a feature for users to designate who their family is, and the kid could put anyone in the email field, including an alternate address they control. Sherman says Facebook is “not seeking to collect additional information” to verify parental consent, so it seems Facebook is happy to let teens easily bypass the checkup.

Privacy Shortcuts

To keep all users abreast of their privacy settings, Facebook has redesigned its Privacy Shortcuts in a colorful format that sticks out from the rest of the site. No complaints here.

Download Your Information

Facebook has completely redesigned its Download Your Information tool after keeping it basically the same for the past 8 years. You can now view your content and data in different categories without downloading it, which alongside the new privacy shortcuts is perhaps the only unequivocally positive and unproblematic change amidst today’s announcements.

And Facebook now lets you select certain categories of data, date ranges, JSON or HTML format, and image quality to download. That could make it quicker and easier if you just need a copy of a certain type of content but don’t need to export all your photos and videos for example. Thankfully, Facebook says you’ll now be able to download your media in a higher resolution than the old tool allowed.

But the big problem here was the subject of my feature piece this week about Facebook’s lack of data portability. The Download Your Information tool is supposed to let you take your data and go to a different social network. But it only exports your social graph aka your friends as a text list of names. There are no links, usernames, or other unique identifiers unless friends opt into let you export their email or phone number (only 4% of my friends do), so good luck finding the right John Smith on another app. The new version of Download Your Information exports the same old list of names, rather than offering any interoperable format that would let you find your friends elsewhere.

A Higher Standard

Overall, it seems like Facebook is complying with the letter of GDPR law, but with questionable spirit. Sure, privacy is boring to a lot of people. Too little info and they feel confused and scared. Too many choices and screens and they feel overwhelmed and annoyed. Facebook struck the right balance in some places here. But the subtly pushy designs seem intended to steer people away from changing their defaults in ways that could hamper Facebook’s mission and business.

Making the choices equal in visible weight, rather than burying the ways to make changes in grayed-out buttons and tiny links, would have been more fair. And it would have shown that Facebook has faith in the value it provides, such that users would stick around and leave features enabled if they truly wanted to.

When questioned about this, Sherman pointed the finger at other tech companies, saying he thought Facebook was more upfront with users. Asked to clarify if he thought Facebook’s approach was “better”, he said “I think that’s right”. But Facebook isn’t being judged by the industry standard because it’s not a standard company. It’s built its purpose and its business on top of our private data, and touted itself as a boon to the world. But when asked to clear a higher bar for privacy, Facebook delved into design tricks to keep from losing our data.

Source: Mobile – Techcruch

Facebook shouldn’t block you from finding friends on competitors

Facebook shouldn’t block you from finding friends on competitors

Twitter, Vine, Voxer, MessageMe. Facebook has repeatedly cut off competitors from its feature for finding your Facebook friends on their apps… after jumpstarting its own social graph by convincing people to upload their Gmail contacts. Meanwhile, Facebook’s Download Your Information tool merely exports a text list of friends’ names you can’t use elsewhere.

As Congress considers potential regulation following Mark Zuckerberg’s testimonies, it should prioritize leveling the playing field for aspiring alternatives to Facebook and letting consumers choose where to social network. And as a show of good faith and argument against it abusing its monopoly, Facebook should make our friend list truly portable.

It’s time to free the social graph — to treat it as a fundamental digital possession, the way the Telecommunications Act of 1996 protects your right to bring your phone number with you to a new network.

The two most powerful ways to do this would be for Facebook to stop, or Congress to stop it from, blocking friend finding on competitors like it’s done in the past to Twitter and more. And Facebook should change its Download Your Information tool to export our friend list in a truly interoperable format. When you friend someone on Facebook, they’re not just a name. They’re someone specific amongst often many with the same name, and Facebook should be open to us getting connected with them elsewhere.

Facebook takes data it won’t give

While it continues til this day, back in 2010 Facebook goaded users to import their Gmail address books so they could add them as Facebook friends. But it refused to let users export the email addresses of their friends to use elsewhere. That led Google to change its policy and require data portability reciprocity from any app using its Contacts API.

So did Facebook back off? No. It built a workaround, giving users a deep link to download their Gmail contacts from Google’s honorable export tool. Facebook then painstakingly explained to users how to upload that file so it could suggest they friend all those contacts.

Google didn’t want to stop users from legitimately exporting their contacts, so it just put up a strongly worded warning to Gmail users: “Trap my contacts now: Hold on a second. Are you super sure you want to import your contact information for your friends into a service that won’t let you get it out? . . . Although we strongly disagree with this data protectionism, the choice is yours. Because, after all, you should have control over your data.” And Google offered to let you “Register a complaint over data protectionism.”

Eight years later, Facebook has grown from a scrappy upstart chasing Google to become one of the biggest, most powerful players on the internet. And it’s still teaching users how to snatch their Gmail contacts’ email addresses while only letting you export the names of your friends — unless they opt-in through an obscure setting, because it considers contact info they’ve shared as their data, not yours. Whether you should be allowed to upload other people’s contact info to a social network is a bigger question. But it is blatant data portability hypocrisy for Facebook to encourage users to import that data from other apps but not export it.

In some respects, it’s good that you can’t mass-export the email addresses of all your Facebook friends. That could enable spamming, which probably isn’t what someone had in mind when they added you as friend on Facebook. They could always block, unfriend or mute you, but they can’t get their email address back. Facebook is already enduring criticism about how it handled data privacy in the wake of the Cambridge Analytica scandal.

Yet the idea that you could find your Facebook friends on other apps is a legitimate reason for the platform to exist. It’s one of the things that’s made Facebook Login so useful and popular. Facebook’s API lets certain apps check to see if your Facebook friends have already signed up, so you can easily follow them or send them a connection request. But Facebook has rescinded that option when it senses true competition.

Data protectionism

Twitter is the biggest example. Facebook didn’t and still doesn’t let you see which of your Facebook friends are on Twitter, even though it has seven times as many users. Twitter co-founder Ev Williams, frustrated in 2010, said that “They see their social graph as their core asset, and they want to make sure there’s a win-win relationship with anybody who accesses it.”

Facebook went on to establish a formal policy that said that apps that wanted to use its Find Friends tool had to abide by these rules:

  •  If you use any Facebook APIs to build personalized or social experiences, you must also enable people to easily share their experiences back with people on Facebook.

  • You may not use Facebook Platform to promote, or to export user data to, a product or service that replicates a core Facebook product or service without our permission.

Essentially, apps that piggybacked on Facebook’s social graph had to let you share back to Facebook, and couldn’t compete with it. It’s a bit ironic, given Facebook’s overarching strategy for years has been “replicate core functionality.” From cloning Twitter’s asymmetrical follow and Trending Topics to Snapchat’s Stories and augmented reality filters, all the way back to cribbing FriendFeed’s News Feed and Facebook’s start as a rip-off of the Winklevii’s HarvardConnection.

Restrictions against replicating core functionality aren’t unheard of in tech. Apple’s iOS won’t let you run an App Store from inside an app, for example. But Facebook’s selective enforcement of the policy is troubling. It simply ignores competing apps that never get popular. Yet if they start to grow into potential rivals, Facebook has swiftly enforced this policy and removed their Find Friends access, often inhibiting further growth and engagement.

Here are few of examples of times Facebook has cut off competitors from its graph:

  • Voxer was one of the hottest messaging apps of 2012, climbing the charts and raising a $30 million round with its walkie-talkie-style functionality. In early January 2013, Facebook copied Voxer by adding voice messaging into Messenger. Two weeks later, Facebook cut off Voxer’s Find Friends access. Voxer CEO Tom Katis told me at the time that Facebook stated his app with tens of millions of users was a “competitive social network” and wasn’t sharing content back to Facebook. Katis told us he thought that was hypocritical. By June, Voxer had pivoted toward business communications, tumbling down the app charts and leaving Facebook Messenger to thrive.
  • MessageMe had a well-built chat app that was growing quickly after launching in 2013, posing a threat to Facebook Messenger. Shortly before reaching 1 million users, Facebook cut off MessageMe‘s Find Friends access. The app ended up selling for a paltry double-digit millions price tag to Yahoo before disintegrating.
  • Phhhoto and its fate show how Facebook’s data protectionism encompasses Instagram. Phhhoto’s app that let you shoot animated GIFs was growing popular. But soon after it hit 1 million users, it got cut off from Instagram’s social graph in April 2015. Six months later, Instagram launched Boomerang, a blatant clone of Phhhoto. Within two years, Phhhoto shut down its app, blaming Facebook and Instagram. “We watched [Instagram CEO Kevin] Systrom and his product team quietly using PHHHOTO almost a year before Boomerang was released. So it wasn’t a surprise at all . . . I’m not sure Instagram has a creative bone in their entire body.”
  • Vine had a real shot at being the future of short-form video. The day the Twitter-owned app launched, though, Facebook shut off Vine’s Find Friends access. Vine let you share back to Facebook, and its six-second loops you shot in the app were a far cry from Facebook’s heavyweight video file uploader. Still, Facebook cut it off, and by late 2016, Twitter announced it was shutting down Vine.

As I wrote in 2013, “Enforcement of these policies could create a moat around Facebook. It creates a barrier to engagement, retention, and growth for competing companies.” But in 2018, amongst whispers of anti-trust action, Facebook restricting access to its social graph to protect the dominance of its News Feed seems egregiously anti-competitive.

That’s why Facebook should pledge to stop banning competitors from using its Find Friends tool. If not, congress should tell Facebook that this kind of behavior could lead to more stringent regulation.

Friends aren’t just names

When Senator John Neely Kennedy asked Zuckerberg this week, “are you willing to give me the right to take my data on Facebook and move it to another social media platform?”, Zuckerberg claimed that “Senator, you can already do that. We have a Download Your Information tool where you can go get a file of all the content there, and then do whatever you want with it.”

But that’s not exactly true. You can export your photos that can be easily uploaded elsewhere. But your social graph — all those confirmed friend requests — gets reduced to a useless string of text. Download Your Information spits out merely a list of your friends’ names and the dates on which you got connected. There’s no unique username. No link to their Facebook profile. Nothing you can use to find them on another social network beyond manually typing in their names.

That’s especially problematic if your friends have common names. There are tons of John Smiths on Facebook, so finding him on another social network with just a name will require a lot of sleuthing, or guess-work. Depending on where you live, locating a particular Garcia, Smirnov or Lee could be quite difficult. Facebook even built a short-lived feature called Friendshake to help you friend someone nearby amongst everyone in their overlapping name space.

When I asked about this, Facebook told me that users can opt-in to having their email or phone number included in the Download Your Information export. But this privacy setting is buried and little-known. Just 4 percent of my friends, centered around tech savvy San Francisco, had enabled it.

As I criticized way back in 2010 when Download Your Information launched, “The data can be used as a diary, or to replace other information from a hard drive crash or stolen computer — but not necessarily to switch to a different social network.”

Given Facebook’s iron grip on the Find Friends API, users deserve decentralized data portability — a way to take their friends with them that Facebook can’t take back. That’s what Download Your Information should offer, but doesn’t.

Social graph portability

This is why I’m calling on Facebook to improve the data portability of your friend connections. Give us the same consumer protections that make phone numbers portable.

At the very least Facebook should include your friends’ unique Facebook username and URL. But true portability would mean you could upload the list to another social network to find your friends there.

One option would be for Facebook’s export to include a privacy-safe, hashed version of your friends’ email address that they signed up with and share with you. Facebook could build a hashed email lookup tool so that if you uploaded these nonsensical strings of characters to another app, they could cross-reference them against Facebook’s database of your friends. If there’s a match, the app could surface that person as someone with whom you might want to reconnect. Effectively, this would let you find friends elsewhere via email address without Facebook ever giving you or other apps a human-readable list of their contact info.

If you can’t take your social graph with you, there’s little chance for a viable alternative to Facebook to arise. It doesn’t matter if a better social network emerges, or if Facebook disrespects your privacy, because there’s nowhere to go. Opening up the social graph would require Facebook to compete on the merit of its product and policies. Trying to force the company’s hand with a variety of privacy regulations won’t solve the core issue. But the prospect of users actually being able to leave would let the market compel Facebook to treat us better.

For more on Facebook’s challenges with data privacy, check out TechCrunch’s feature stories:

Source: Mobile – Techcruch

Instagram will let you download your content after criticism about portability

Instagram will let you download your content after criticism about portability

Yesterday we reported that Instagram lacked data portability, knocking the app for the absence of an equivalent to Facebook’s Download Your Information too. Now an Instagram spokesperson tells me “We are building a new data portability tool. You’ll soon be able to download a copy of what you’ve shared on Instagram, including your photos, videos and messages.”

This tool could make it much easier for users to leave Instagram and go to a competing image social network. And as long as it launches before May 25th, it will help Instagram to comply with upcoming European GDPR privacy law that requires data portability.

Instagram has historically made it very difficult to export your data. You can’t drag, or tap and hold on images to save them. And you can’t download images you’ve already posted. That’s despite Instagram now being almost 8 years old and having over 800 million users. For comparison, Facebook launched its Download Your Information tool in 2010, just six years after launch.

We’re awaiting more info on whether you’ll only be able to download your photos, videos, and messages; or if you’ll also be able to export your following and follower lists, Likes, comments, Stories, and the captions you share with posts. It’s also unclear whether photos and videos will export in the full fidelity that they’re uploaded or displayed in, or whether they’ll be compressed. Instagram told me “we’ll share more details very soon when we actually launch the tool. But at a high level it allows you to download and export what you have shared on Instagram” so we’ll have to wait for more clarity.

If Instagram does offer uncompressed downloads of the same image quality as it shows on its app, the Download Your Information tool could make unofficial third-party export apps like InstaPort obsolete. That would be a win for users since these apps are sometimes run by unscrupulous developers who could misuse your content or the Instagram login credentials you need to use them.

Portability could facilitate the rise of legitimate competitors to Instagram, or at least let users back up their content on an image storage app or their own computer. But still, it’s Instagram’s social graph and the data it’s gathered about your interests that help it tune its algorithm to show you the most relevant posts. This personalization moat can leave rivals with similar features unable to provide a similar level of service.

If Instagram wanted to truly level the playing field, it would let you export your social graph in a privacy-safe format that would let users find and follow those same people on a different app. But the announcement of this data portability tool is a much-needed first step to unlocking Instagram’s content vault.

Source: Mobile – Techcruch