Архив метки: GDPR

Daily Crunch: Apple adds new iPhone parental controls

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.
1. The iPhone’s new parental controls can limit who kids can call, text and FaceTime and when
With the release of iOS 13.3, parents will for the first time be able to set limits over who kids can talk to and text with during certain hours of the day. These limits will apply across phone calls, Messages and FaceTime.
In practice, this means parents could stop their child from texting friends late at night or during the school day. It also allows parents to manage the child’s iCloud contacts remotely.
2. Pear, whose seed-stage bets are followed closely, just raised $160 million for its third fund
That’s more than twice the $75 million that the firm raised for its second fund in 2016 and triple the $50 million it raised for its debut fund back in 2013.
3. Uber guarantees space for skis and snowboards with Uber Ski feature
Starting on December 17 in select cities, an Uber Ski icon will pop up on the app, allowing passengers to order a ride with confirmed extra space or a ski/snowboarding rack. Nundu Janakiram, Uber’s head of rider experience, said to expect more features like this.
4. Accel and Index back Tines, as the cybersecurity startup adds another $11M to its Series A
Founded in February 2018 by ex-eBay, PayPal and DocuSign security engineer Eoin Hinchy, Tines automates many of the repetitive manual tasks faced by security analysts so they can focus on other high-priority work.
5. How Station F is boosting the French tech ecosystem
Three years after unveiling Station F at Disrupt, its director, Roxanne Varza, came back to our stage to provide an update on the world’s biggest startup campus, where there are now 1,000 companies at work.
6. Hyperproof wants to make it easier to comply with GDPR and other regulations
As companies try to figure out how to comply with regulations like GDPR, ISO or Sarbanes Oxley, Hyperproof is launching a new product to workflows that will allow them to gain compliance in a more organized way.
7. Introducing ‘Dear Sophie,’ an advice column for US-bound immigrant employees
Dear Sophie is a collaborative forum hosted by Extra Crunch and curated by Sophie Alcorn, who is certified as a specialist attorney in immigration and nationality law by the State Bar of California Board of Legal Specialization.

Daily Crunch: Apple adds new iPhone parental controls

Twitter bug leaks phone number country codes

Twitter accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out in which countries accounts were based, which could have ramifications for whistleblowers or political dissidents.
The issue came through one of Twitter’s support forms for contacting the company, and the company found that a large number of inquiries through the form came from IP addresses located in China and Saudi Arabia. Twitter writes, “While we cannot confirm intent or attribution for certain, it is possible that some of these IP addresses may have ties to state-sponsored actors.” We’ve requested more info on why it’s suggesting that. Attribution in these situations can be murky, and naming specific countries or suggesting state actors could be involved carries heavy implications.
Twitter began working on the issue on November 15th and fixed it on November 16th. Twitter tells TechCrunch that it has notified the European Union’s Data Protection Commissioner, as EU citizens may have been impacted. However, as country codes aren’t necessarily considered sensitive personal information, the leak may not trigger any GDPR enforcement or fines. Twitter tells us it has also updated the FTC and other regulatory organizations about the issue, though we’ve asked when it informed these different regulators.

Tech giants offer empty apologies because users can’t quit

Twitter has directly contacted users impacted by the issue, and says full phone numbers were not leaked and users don’t have to do anything in response. Users can contact Twitter here for more info. We’ve asked how many accounts were impacted, but Twitter told us that it doesn’t have more data to share as its investigation continues.
A Twitter spokesperson pointed us to a previous statement:
It is clear that information operations and coordinated inauthentic behavior will not cease. These types of tactics have been around for far longer than Twitter has existed — they will adapt and change as the geopolitical terrain evolves worldwide and as new technologies emerge. For our part, we are committed to understanding how bad-faith actors use our services. We will continue to proactively combat nefarious attempts to undermine the integrity of Twitter, while partnering with civil society, government, our industry peers, and researchers to improve our collective understanding of coordinated attempts to interfere in the public conversation.
Sloppy security on the part of tech companies can make it dangerous for political dissidents or others at odds with their governments. Twitter explains that it locks accounts if it suspects they’ve been compromised by hackers or violate “Twitter’s Rules,” which includes “unlawful use” that depends greatly on what national governments deem illegal. What’s worrisome is that attackers with IP addresses in China or Saudi Arabia might have been able to use the exploit to confirm that certain accounts belonged to users in their countries and whether they’ve been locked. That information could be used to hunt down the people who own these accounts.
The company apologized, writing that “We recognize and appreciate the trust you place in us, and are committed to earning that trust every day. We are sorry this happened.” But that echoes other apologies from big tech companies that consistently ring hollow. Here, in particular, it fails to acknowledge how the leak could harm people and how it will prevent this kind of thing from happening again. With these companies judged quarterly by their user growth and business, they’re incentivized to cut corners on security, privacy and societal impact as they chase the favor of Wall Street.

Twitter bug leaks phone number country codes

Tech giants offer empty apologies because users can’t quit

A true apology consists of a sincere acknowledgement of wrong-doing, a show of empathic remorse for why you wronged and the harm it caused, and a promise of restitution by improving ones actions to make things right. Without the follow-through, saying sorry isn’t an apology, it’s a hollow ploy for forgiveness.
That’s the kind of “sorry” we’re getting from tech giants — an attempt to quell bad PR and placate the afflicted, often without the systemic change necessary to prevent repeated problems. Sometimes it’s delivered in a blog post. Sometimes it’s in an executive apology tour of media interviews. But rarely is it in the form of change to the underlying structures of a business that caused the issue.
Intractable Revenue
Unfortunately, tech company business models often conflict with the way we wish they would act. We want more privacy but they thrive on targeting and personalization data. We want control of our attention but they subsist on stealing as much of it as possible with distraction while showing us ads. We want safe, ethically built devices that don’t spy on us but they make their margins by manufacturing them wherever’s cheap with questionable standards of labor and oversight. We want groundbreaking technologies to be responsibly applied, but juicy government contracts and the allure of China’s enormous population compromise their morals. And we want to stick to what we need and what’s best for us, but they monetize our craving for the latest status symbol or content through planned obsolescence and locking us into their platforms.

The result is that even if their leaders earnestly wanted to impart meaningful change to provide restitution for their wrongs, their hands are tied by entrenched business models and the short-term focus of the quarterly earnings cycle. They apologize and go right back to problematic behavior. The Washington Post recently chronicled a dozen times Facebook CEO Mark Zuckerberg has apologized, yet the social network keeps experiencing fiasco after fiasco. Tech giants won’t improve enough on their own.
Addiction To Utility
The threat of us abandoning ship should theoretically hold the captains in line. But tech giants have evolved into fundamental utilities that many have a hard time imagining living without. How would you connect with friends? Find what you needed? Get work done? Spend your time? What hardware or software would you cuddle up with in the moments you feel lonely? We live our lives through tech, have become addicted to its utility, and fear the withdrawal.
If there were principled alternatives to switch to, perhaps we could hold the giants accountable. But the scalability, network effects, and aggregation of supply by distributors has led to near monopolies in these core utilities. The second-place solution is often distant. What’s the next best social network that serves as an identity and login platform that isn’t owned by Facebook? The next best premium mobile and PC maker behind Apple? The next best mobile operating system for the developing world beyond Google’s Android? The next best ecommerce hub that’s not Amazon? The next best search engine? Photo feed? Web hosting service? Global chat app? Spreadsheet?
Facebook is still growing in the US & Canada despite the backlash, proving that tech users aren’t voting with their feet. And if not for a calculation methodology change, it would have added 1 million users in Europe this quarter too.
One of the few tech backlashes that led to real flight was #DeleteUber. Workplace discrimination, shady business protocols, exploitative pricing and more combined to spur the movement to ditch the ridehailing app. But what was different here is that US Uber users did have a principled alternative to switch to without much hassle: Lyft. The result was that “Lyft benefitted tremendously from Uber’s troubles in 2018” eMarketer’s forecasting director Shelleen Shum told the USA Today in May. Uber missed eMarketer’s projections while Lyft exceeded them, narrowing the gap between the car services. And meanwhile, Uber’s CEO stepped down as it tried to overhaul its internal policies.
This is why we need regulation that promotes competition by preventing massive mergers and giving users the right to interoperable data portability so they can easily switch away from companies that treat them poorly
But in the absence of viable alternatives to the giants, leaving these mainstays is inconvenient. After all, they’re the ones that made us practically allergic to friction. Even after massive scandals, data breaches, toxic cultures, and unfair practices, we largely stick with them to avoid the uncertainty of life without them. Even Facebook added 1 million monthly users in the US and Canada last quarter despite seemingly every possible source of unrest. Tech users are not voting with their feet. We’ve proven we can harbor ill will towards the giants while begrudgingly buying and using their products. Our leverage to improve their behavior is vastly weakened by our loyalty.
Inadequate Oversight
Regulators have failed to adequately step up either. This year’s congressional hearings about Facebook and social media often devolved into inane and uninformed questioning like how does Facebook earn money if its doesn’t charge? “Senator, we run ads” Facebook CEO Mark Zuckerberg said with a smirk. Other times, politicians were so intent on scoring partisan points by grandstanding or advancing conspiracy theories about bias that they were unable to make any real progress. A recent survey commissioned by Axios found that “In the past year, there has been a 15-point spike in the number of people who fear the federal government won’t do enough to regulate big tech companies — with 55% now sharing this concern.”

Regulation could protect Facebook, not punish it

When regulators do step in, their attempts can backfire. GDPR was supposed to help tamp down on the dominance of Google and Facebook by limiting how they could collect user data and making them more transparent. But the high cost of compliance simply hindered smaller players or drove them out of the market while the giants had ample cash to spend on jumping through government hoops. Google actually gained ad tech market share and Facebook saw the littlest loss while smaller ad tech firms lost 20 or 30 percent of their business.
Europe’s GDPR privacy regulations backfired, reinforcing Google and Facebook’s dominance. Chart via Ghostery, Cliqz, and WhoTracksMe.
Even the Honest Ads act, which was designed to bring political campaign transparency to internet platforms following election interference in 2016, has yet to be passed even despite support from Facebook and Twitter. There’s hasn’t been meaningful discussion of blocking social networks from acquiring their competitors in the future, let alone actually breaking Instagram and WhatsApp off of Facebook. Governments like the U.K. that just forcibly seized documents related to Facebook’s machinations surrounding the Cambridge Analytica debacle provide some indication of willpower. But clumsy regulation could deepen the moats of the incumbents, and prevent disruptors from gaining a foothold. We can’t depend on regulators to sufficiently protect us from tech giants right now.
Our Hope On The Inside
The best bet for change will come from the rank and file of these monolithic companies. With the war for talent raging, rock star employees able to have huge impact on products, and compensation costs to keep them around rising, tech giants are vulnerable to the opinions of their own staff. It’s simply too expensive and disjointing to have to recruit new high-skilled workers to replace those that flee.
Google declined to renew a contract with the government after 4000 employees petitioned and a few resigned over Project Maven’s artificial intelligence being used to target lethal drone strikes. Change can even flow across company lines. Many tech giants including Facebook and Airbnb have removed their forced arbitration rules for harassment disputes after Google did the same in response to 20,000 of its employees walking out in protest.
Thousands of Google employees protested the company’s handling of sexual harassment and misconduct allegations on Nov. 1.
Facebook is desperately pushing an internal communications campaign to reassure staffers it’s improving in the wake of damning press reports from the New York Times and others. TechCrunch published an internal memo from Facebook’s outgoing VP of communications Elliot Schrage in which he took the blame for recent issues, encouraged employees to avoid finger-pointing, and COO Sheryl Sandberg tried to reassure employees that “I know this has been a distraction at a time when you’re all working hard to close out the year — and I am sorry.” These internal apologizes could come with much more contrition and real change than those paraded for the public.
And so after years of us relying on these tech workers to build the product we use every day, we must now rely that will save us from them. It’s a weighty responsibility to move their talents where the impact is positive, or commit to standing up against the business imperatives of their employers. We as the public and media must in turn celebrate when they do what’s right for society, even when it reduces value for shareholders. If apps abuse us or unduly rob us of our attention, we need to stay off of them.
And we must accept that shaping the future for the collective good may be inconvenient for the individual. There’s an oppprtunity here not just to complain or wish, but to build a social movement that holds tech giants accountable for delivering the change they’ve promised over and over.

For more on this topic:

Internal Facebook memo sees outgoing VP of comms Schrage take blame for hiring Definers

The real threat to Facebook is the Kool-Aid turning sour

Google walkout organizers aren’t satisfied with CEO’s response

Facebook and the endless string of worst-case scenarios

Tech giants offer empty apologies because users can’t quit

Facebook beats in Q1 and boosts daily user growth to 1.45B amidst backlash

Amongst massive criticism over data privacy, Facebook showed the resiliency of its advertising machine by beating Wall Street’s $11.41 billion revenue estimate in its Q1 2018 earnings report by raking in $11.97 billion in revenue with $1.69 EPS compared to the $1.35 estimate.
Facebook added 48 million daily active users to hit 1.449 billion, up 3.42 percent to revive Facebook’s growth after slower 2.18 percent growth last quarter. But Facebook only added 70 million monthly active users to reach 2.196 billion, a 3.14 percent growth rate that was a little slower than last quarter’s 3.39 percent growth. Both daily and monthly users are up 13 percent year-over-year, showing Facebook’s troubles haven’t paralyzed its growth.
This was perhaps the most tumultuous quarter since Facebook went public. Facebook faced intense criticism regarding the Cambridge Analytica scandal and its data privacy practices, leading a massive pull-back of developer capabilities as Zuckerberg headed to testify before Congress. Last quarter saw Facebook’s first-ever decline in users in a market, with a 700,000 user drop in the U.S. & Canada market following changes to promote well-being that reduced the prevalence of viral videos.

Facebook was able to revive its U.S. & Canada user growth this quarter, perking back up to 185 million, from 184 million last quarter — though that’s just a return to where it was in Q3 2017. Monthly active user count in the market went from 239 to 241 million. That shows that while people might disagree with Facebook’s approach to privacy, they aren’t about to give up their News Feeds.
Demonstrating Facebook’s declining web presence, mobile made up $10.7 billion, or 91 percent of all ad revenue, up from 89 percent last quarter. Facebook reached $4.98 billion in profit, up from a weak $4.26 billion last quarter. Average Revenue Per User reached $5.53, up 30 percent year-over-year thanks to strong gains this quarter in Europe and Asia-Pacific. Facebook’s headcount has swelled 48 percent year-over-year as it’s now half-way to its promise of doubling its security and content moderation staff from 10,000 to 20,000 in 2018.

The recent scandals have put a lot of downward pressure on its share price, but apparently the company thinks it’s a good buy. It’s increased the amount authorized under a share repurchase program by an additional $9 billion, on top of an original $6 billion plan, of which it’s spent $4 billion. It’s partly to offset big stock distributions for employees, but CFO David Wehner also said it was “opportunistic,” aka related to Facebook perceiving its price as too low. Wall Street apparently liked the earnings report as shares are up over 4.38 percent to $166.68 in after-hours trading.
The question is whether the new ads transparency requirements, developer platform crackdown and Facebook’s quest to make using it healthier will show up in next quarter’s earnings. These changes could deter advertisers, give users less functionality to play with and remove low-quality viral content that might make users feel bad but keeps them scrolling.
CEO Mark Zuckerberg wrote that, “Despite facing important challenges, our community and business are off to a strong start in 2018. We are taking a broader view of our responsibility and investing to make sure our services are used for good. But we also need to keep building new tools to help people connect, strengthen our communities, and bring the world closer together.” We’ll get to hear more from him at 2pm Pacific during the earnings call, so stay tuned here.
Updates from the earnings call:
Zuckerberg said that Internet.org has now helped almost 100 million people connect to the internet, up from 40 million in November 2016.
Zuckerberg said 200 million people are now in “meaningful Groups,” up from 100 million last year, though Facebook has a long way to its 1 billion goal.
WhatsApp Status has pulled away as the most popular of Facebook’s Snapchat Stories clones. It was at 300 million daily users, equal to Instagram Stories, last time Facebook provided a stat.
Since users are moving from feed reading to Stories watching, Facebook says it needs to make Stories ads as good as feed ads to protect its core revenue stream.
Facebook CFO David Wehner warned that GDPR may cause Facebook’s European user count to be flat or shrink in Q2, and that it may have a minor impact on ad revenue.
Zuckerberg says one of his biggest regrets is that Facebook didn’t get to shape the mobile ecosystem because the company was still small when iOS and Android launched. That’s why Zuckerberg is adamant about Facebook having a major role in the future of virtual reality and augmented reality, which he sees as computing platforms of the future.

Facebook warns GDPR could flatten or reduce European user count

Facebook’s Internet.org has connected almost 100M to the “Internet”

Facebook beats in Q1 and boosts daily user growth to 1.45B amidst backlash

Highlights and audio from Zuckerberg’s emotional Q&A on scandals

“This is going to be a never-ending battle” said Mark Zuckerberg . He just gave the most candid look yet into his thoughts about Cambridge Analytica, data privacy, and Facebook’s sweeping developer platform changes today during a conference call with reporters. Sounding alternately vulnerable about his past negligence and confident about Facebook’s strategy going forward, Zuckerberg took nearly an hour of tough questions.
You can listen to the entire on-the-record call here, which I recorded with Facebook’s consent:

The CEO started the call by giving his condolences to those affected by the shooting at YouTube yesterday. He then delivered this mea culpa on privacy:
We’re an idealistic and optimistic company . . . but it’s clear now that we didn’t do enough. We didn’t focus enough on preventing abuse and thinking through how people could use these tools to do harm as well . . . We didn’t take a broad enough view of what our responsibility is and that was a huge mistake. That was my mistake.
It’s not enough to just connect people. We have to make sure those connections are positive and that they’re bringing people together.  It’s not enough just to give people a voice, we have to make sure that people are not using that voice to hurt people or spread misinformation. And it’s not enough to give people tools to sign into apps, we have to make sure that all those developers protect people’s information too.
It’s not enough to have rules requiring that they protect the information. It’s not enough to believe them when they’re telling us they’re protecting information. We actually have to ensure that everyone in our ecosystem protects people’s information.”
This is Zuckerberg’s strongest statement yet about his and Facebook’s failure to anticipate worst-case scenarios, which has led to a string of scandals that are now decimating the company’s morale. Spelling out how policy means nothing without enforcement, and pairing that with a massive reduction in how much data app developers can request from users makes it seem like Facebook is ready to turn over a new leaf.
Here are the highlights from the rest of the call:
On Zuckerberg calling fake news’ influence “crazy”: “I clearly made a mistake by just dismissing fake news as crazy — as having an impact . . . it was too flippant. I never should have referred to it as crazy.

Facebook and the endless string of worst-case scenarios

On deleting Russian trolls: Not only did Facebook delete 135 Facebook and Instagram accounts belonging to Russian government-connected election interference troll farm the Internet Research Agency, as Facebook announced yesterday. Zuckerberg said Facebook removed “a Russian news organization that we determined was controlled and operated by the IRA”.
On the 87 million number: Regarding today’s disclosure that up to 87 million people had their data improperly access by Cambridge Analytica, “it very well could be less but we wanted to put out the maximum that we felt it could be as soon as we had that analysis.” Zuckerberg also referred to The New York Times’ report, noting that “We never put out the 50 million number, that was other parties.”

Facebook admits Cambridge Analytica hijacked data on up to 87M users

On users having their public info scraped: Facebook announced this morning that “we believe most people on Facebook could have had their public profile scraped” via its search by phone number or email address feature and account recovery system. Scammers abused these to punch in one piece of info and then pair it to someone’s name and photo . Zuckerberg said search features are useful in languages where it’s hard to type or a lot of people have the same names. But “the methods of react limiting this weren’t able to prevent malicious actors who cycled through hundreds of thousands of IP addresses and did a relatively small number of queries for each one, so given that and what we know to day it just makes sense to shut that down.”
On when Facebook learned about the scraping and why it didn’t inform the public sooner: This was my question, and Zuckerberg dodged, merely saying Facebook had looked more closely at it in the last few days.”
On implementing GDPR worldwide: Zuckerberg refuted a Reuters story from yesterday saying that Facebook wouldn’t bring GDPR privacy protections to the U.S. and elsewhere. Instead he says, “we’re going to make all the same controls and settings available everywhere, not just in Europe.”

Zuckerberg says Facebook will offer GDPR privacy controls everywhere

On if board has discussed him stepping down as chairman: “Not that I’m aware of” Zuckerberg said happily.
On if he still thinks he’s the best person to run Facebook: “Yes. Life is about learning from the mistakes and figuring out what you need to do to move forward . . . I think what people should evaluate us on is learning from our mistakes . . .and if we’re building things people like and that make their lives better . . . there are billions of people who love the products we’re building.”
On the Boz memo and prioritizing business over safety: “The things that makes our product challenging to manage and operate are not the tradeoffs between people and the business. I actually think those are quite easy because over the long-term, the business will be better if you serve people. I think it would be near-sighted to focus on short-term revenue over people, and I don’t think we’re that short-sighted. All the hard decisions we have to make are tradeoffs between people. Different people who use Facebook have different needs. Some people want to share political speech that they think is valid, and other people feel like it’s hate speech . . . we don’t always get them right.”

The real threat to Facebook is the Kool-Aid turning sour

On whether Facebook can audit all app developers: “We’re not going to be able to go out and necessarily find every bad use of data” Zuckerberg said, but confidently said “I actually do think we’re going to be be able to cover a large amount of that activity.
On whether Facebook will sue Cambridge Analytica: “We have stood down temporarily to let the [UK government] do their investigation and their audit. Once that’s done we’ll resume ours … and ultimately to make sure none of the data persists or is being used improperly. And at that point if it makes sense we will take legal action if we need to do that to get people’s information.”

Cambridge Analytica denies accessing data on 87M Facebook users…claims 30M

On how Facebook will measure its impact on fixing privacy: Zuckerberg wants to be able to measure “the prevalence of different categories of bad content like fake news, hate speech, bullying, terrorism. . . That’s going to end up being the way we should be held accountable and measured by the public . . .  My hope is that over time the playbook and scorecard we put out will also be followed by other internet platforms so that way there can be a standard measure across the industry.”
On whether Facebook should try to earn less money by using less data for targeting “People tell us if they’re going to see ads they want the ads to be good . . . that the ads are actually relevant to what they care about . . On the one hand people want relevant experiences, and on the other hand I do think there’s some discomfort with how data is used in systems like ads. But I think the feedback is overwhelmingly on the side of wanting a better experience. Maybe it’s 95-5.”

Facebook rewrites Terms of Service, clarifying device data collection

On whether #DeleteFacebook has had an impact on usage or ad revenue: “I don’t think there’s been any meaningful impact that we’ve observed…but it’s not good.”
On the timeline for fixing data privacy: “This is going to be a never-ending battle. You never fully solve security. It’s an arms race” Zuckerberg said early in the call. Then to close Q&A, he said “I think this is a multi-year effort. My hope is that by the end of this year we’ll have turned the corner on a lot of these issues and that people will see that things are getting a lot better.”
Overall, this was the moment of humility, candor, and contrition Facebook desperately needed. Users, developers, regulators, and the company’s own employees have felt in the dark this last month, but Zuckerberg did his best to lay out a clear path forward for Facebook. His willingness to endure this question was admirable, even if he deserved the grilling.
The company’s problems won’t disappear, and its past transgressions can’t be apologized away. But Facebook and its leader have finally matured past the incredulous dismissals and paralysis that characterized its response to past scandals. It’s ready to get to work.

Highlights and audio from Zuckerberg’s emotional Q&A on scandals