Menu

Timesdelhi.com

June 16, 2019
Category archive

data portability

Friend portability is the must-have Facebook regulation

in Apps/Chris Hughes/data portability/Delhi/Facebook/Facebook Data Portability/Facebook Download Your Information/Facebook Policy/facebook privacy/Facebook Regulation/FTC/Government/India/Mark Zuckerberg/Opinion/Policy/Politics/privacy/Social/TC by

Choice for consumers compels fair treatment by corporations. When people can easily move to a competitor, it creates a natural market dynamic coercing a business to act right. When we can’t, other regulations just leave us trapped with a pig in a fresh coat of lipstick.

That’s why as the FTC considers how many billions to fine Facebook or which executives to stick with personal liability or whether to go full-tilt and break up the company, I implore it to consider the root of how Facebook gets away with abusing user privacy: there’s no simple way to switch to an alternative.

If Facebook users are fed up with the surveillance, security breaches, false news, or hatred, there’s no western general purpose social network with scale for them to join. Twitter is for short-form public content, Snapchat is for ephemeral communication. Tumblr is neglected. Google+ is dead. Instagram is owned by Facebook. And the rest are either Chinese, single-purpose, or tiny.

No, I don’t expect the FTC to launch its own “Fedbook” social network. But what it can do is pave an escape route from Facebook so worthy alternatives become viable options. That’s why the FTC must require Facebook offer truly interoperable data portability for the social graph.

In other words, the government should pass regulations forcing Facebook to let you export your friend list to other social networks in a privacy-safe way. This would allow you to connect with or follow those people elsewhere so you could leave Facebook without losing touch with your friends. The increased threat of people ditching Facebook for competitors would create a much stronger incentive to protect users and society.

The slate of potential regulations for Facebook currently being discussed by the FTC’s heads include a $3 billion to $5 billion fine or greater, holding Facebook CEO personally liable for violations of an FTC consent decree, creating new privacy and compliance positions including one held by executive that could be filled by Zuckerberg, creating an independent oversight committee to review privacy and product decisions, accordng to the New York Times and Washington Post. More extreme measures like restricting how Facebook collects and uses data for ad targeting, blocking future acquisitions, or breaking up the company are still possible but seemingly less likely.

Facebook co-founder Chris Hughes (right) recently wrote a scathing call to break up Facebook.

Breaking apart Facebook is a tantalizing punishment for the company’s wrongdoings. Still, I somewhat agree with Zuckerberg’s response to co-founder Chris Hughes’ call to split up the company, which he said “isn’t going to do anything to help” directly fix Facebook’s privacy or misinformation issues. Given Facebook likely wouldn’t try to make more acquisitions of big social networks under all this scrutiny, it’d benefit from voluntarily pledging not to attempt these buys for at least three to five years. Otherwise, regulators could impose that ban, which might be more politically attainable with fewer messy downstream effects,

Yet without this data portability regulation, Facebook can pay a fine and go back to business as usual. It can accept additional privacy oversight without fundamentally changing its product. It can become liable for upholding the bare minimum letter of the law while still breaking the spirit. And even if it was broken up, users still couldn’t switch from Facebook to Instagram, or from Instagram and WhatsApp to somewhere new.

Facebook Kills Competition With User Lock-In

When faced with competition in the past, Facebook has snapped into action improving itself. Fearing Google+ in 2011, Zuckerberg vowed “Carthage must be destroyed” and the company scrambled to launch Messenger, the Timeline profile, Graph Search, photo improvements and more. After realizing the importance of mobile in 2012, Facebook redesigned its app, reorganized its teams, and demanded employees carry Android phones for “dogfooding” testing. And when Snapchat was still rapidly growing into a rival, Facebook cloned its Stories and is now adopting the philosophy of ephemerality.

Mark Zuckerberg visualizes his social graph at a Facebook conference

Each time Facebook felt threatened, it was spurred to improve its product for consumers. But once it had defeated its competitors, muted their growth, or confined them to a niche purpose, Facebook’s privacy policies worsened. Anti-trust scholar Dina Srinivasan explains this in her summary of her paper “The Anti-Trust Case Against Facebook”:

“When dozens of companies competed in an attempt to win market share, and all competing products were priced at zero—privacy quickly emerged as a key differentiator. When Facebook entered the market it specifically promised users: “We do not and will not use cookies to collect private information from any user.” Competition didn’t only restrain Facebook’s ability to track users. It restrained every social network from trying to engage in this behavior . . .  the exit of competition greenlit a change in conduct by the sole surviving firm. By early 2014, dozens of rivals that initially competed with Facebook had effectively exited the market. In June of 2014, rival Google announced it would shut down its competitive social network, ceding the social network market to Facebook.

For Facebook, the network effects of more than a billion users on a closed-communications protocol further locked in the market in its favor. These circumstances—the exit of competition and the lock-in of consumers—finally allowed Facebook to get consumers to agree to something they had resisted from the beginning. Almost simultaneous with Google’s exit, Facebook announced (also in June of 2014) that it would begin to track users’ behavior on websites and apps across the Internet and use the data gleaned from such surveillance to target and influence consumers. Shortly thereafter, it started tracking non-users too. It uses the “like” buttons and other software licenses to do so.”

This is why the FTC must seek regulation that not only punishes Facebook for wrongdoings, but that lets consumers do the same. Users can punch holes in Facebook by leaving, both depriving it of ad revenue and reducing its network effect for others. Empowering them with the ability to take their friend list with them gives users a taller seat at the table. I’m calling for what University Of Chicago professors Luigi Zingales and Guy Rolnik termed a Social Data Portability Act.

Luckily, Facebook already has a framework for this data portability through a feature called Find Friends. You connect your Facebook account to another app, and you can find your Facebook friends who are already on that app.

But the problem is that in the past, Facebook has repeatedly blocked competitors from using Find Friends. That includes cutting off Twitter, Vine, Voxer, and MessageMe, while Phhhoto was blocked from letting you find your Instagram friends…six months before Instagram copied Phhhoto’s core back-and-forth GIF feature and named it Boomerang. Then there’s the issue that you need an active Facebook account to use Find Friends. That nullifies its utility as a way to bring your social graph with you when you leave Facebook.

Facebook’s “Find Friends” feature used to let Twitter users follow their Facebook friends, but Facebook later cut off access for competitors including Twitter and Vine seen here

The social network does offer a way to “Download Your Information” which is helpful for exporting photos, status updates, messages, and other data about you. Yet the friend list can only be exported as a text list of names in HTML or JSON format. Names aren’t linked to their corresponding Facebook profiles or any unique identifier, so there’s no way to find your friend John Smith amongst everyone with that name on another app. And less than 5 percent of my 2800 connections had used the little-known option to allow friends to export their email address. What about the big “Data Transfer Project” Facebook announced 10 months ago in partnership with Google, Twitter, and Microsoft to provide more portability? It’s released nothing so far, raising questions of whether it was vaporware designed to ward off regulators.

Essentially, this all means that Facebook provides zero portability for your friendships. That’s what regulators need to change. There’s already precedent for this. The Telecommunications Act of 1996 saw FCC require phone service carriers to allow customers to easily port their numbers to another carrier rather than having to be assigned a new number. If you think of a phone number as a method by which friends connect with you, it would be reasonable for regulators to declare that the modern equivalent — your social network friend connections — must be similarly portable.

How To Unchain Our Friendships

Facebook should be required to let you export a truly interoperable friend list that can be imported into other apps in a privacy-safe way.

To do that, Facebook should allow you to download a version of the list that feature hashed versions of the phone numbers and email addresses friends used to sign up. You wouldn’t be able to read that contact info or freely import and spam people. But Facebook could be required to share documentation teaching developers of other apps to build a feature that safely cross-checks the hashed numbers and email addresses against those of people who had signed up for their app. That developer wouldn’t be able to read the contact info from Facebook either, or store any useful data about people who hadn’t signed up for their app. But if the phone number or email address of someone in your exported Facebook friend list matched one of their users, they could offer to let you connect with or follow them.

This system would let you save your social graph, delete your Facebook account, and then find your friends on other apps without ever jeopardizing the privacy of their contact info. Users would no longer be locked into Facebook and could freely choose to move their friendships to whatever social network treats them best. And Facebook wouldn’t be able to block competitors from using it.

If the company wanted to go a step further, it could offer ways to makes News Feed content preferences or Facebook Groups connections portable, such as by making it easier for Group members to opt-in to joining a parallel email or text message mailing list. For researchers, Facebook could offer ways to export anonymized News Feed and activity data for study.

Portability would much more closely align the goals of users, Facebook, and the regulators. Facebook wouldn’t merely be responsible to the government for technically complying with new fines, oversight, or liability. It would finally have to compete to provide the best social app rather than relying on its network effect to handcuff users to its service.

This same model of data portability regulation could be expanded to any app with over 1 billion users, or even 100 million users to ensure YouTube, Twitter, Snapchat, or Reddit couldn’t lock down users either. By only applying the rule to apps with a sufficiently large user base, the regulation wouldn’t hinder new startup entrants to the market and accidentally create a moat around well-funded incumbents like Facebook that can afford the engineering chore. Data portability regulation combined with a fine, liability, oversight, and a ban on future acquisitions of social networks could set Facebook straight without breaking it up.

Users have a lot of complaints about Facebook that go beyond strictly privacy. But their recourse is always limited because for many functions there’s nowhere else to go, and it’s too hard to go there. By fixing the latter, the FTC could stimulate the rise of Facebook alternatives so that users rather regulators can play king-maker.

Privacy campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR data access complaints

in Amazon/Apple/data portability/data protection/DAZN/Delhi/Europe/flimmit/General Data Protection Regulation/India/law/Max Schrems/Netflix/Politics/privacy/soundcloud/Spotify/TC/WhatsApp/YouTube by

European privacy campaigner Max Schrems has filed a fresh batch of strategic complaints at tech giants, including Amazon, Apple, Netflix, Spotify and YouTube.

The complaints, filed via his non-profit privacy and digital rights organization, noyb, relate to how the services respond to data access requests, per regional data protection rules.

Article 15 of Europe’s General Data Protection Regulation (GDPR) provides for a right of access by the data subject to information held on them.

The complaints contend tech firms are structurally violating this right — having built automated systems to respond to data access requests which, after being tested by noyb, failed to provide the user with all the relevant information they are legally entitled to.

noyb tested eight companies in all, in eight different countries in Europe, and says it found none of the services provided a satisfactory response. It’s filed formal complaints with the Austrian Data Protection Authority against the eight, which also include music and podcast platform SoundCloud; sports streaming service DAZN; and video on-demand platform Flimmit .

The complaints have been filed on behalf of ten users, per Article 80 of the GDPR which enables data subjects to be represented by a non-profit association such as noyb.

Here’s its breakdown of the responses its tests received — including the maximum potential penalty each could be on the hook for if the complaints are stood up:

Two of the companies, DAZN and SoundCloud, failed to respond at all, according to noyb. While the rest responded with only partial data.

noyb points out that in addition to getting raw data users have the right to know the sources, recipients and purposes for which their information is being processed. But only Flimmit and Netflix provided any background information (though again still not full data) in response to the test requests.

“Many services set up automated systems to respond to access requests, but they often don’t even remotely provide the data that every user has a right to,” said Schrems in a statement. “In most cases, users only got the raw data, but, for example, no information about who this data was shared with. This leads to structural violations of users’ rights, as these systems are built to withhold the relevant information.”

We’ve reached out to the companies for comment on the complaints.

Last May, immediately after Europe’s new privacy regulation came into force, noyb lodged its first series of strategic complaints — targeted at what it dubbed “forced consent”, arguing that Facebook, Instagram, WhatsApp and Google’s Android OS do not give users a free choice to consent to processing their data for ad targeting, as consenting is required to use the service.

Investigations by a number of data protection authorities into those complaints remain ongoing.

LinkedIn cuts off email address exports with new privacy setting

in Apps/data portability/Delhi/Enterprise/India/LinkedIn/Policy/Politics/Social/TC by

A win for privacy on LinkedIn could be a big loss for businesses, recruiters, and anyone else expecting to be able to export the email addresses of their connections. LinkedIn just quietly introduced a new privacy setting that defaults to blocking other users from exporting your email address. That could prevent some spam, and protect users who didn’t realize anyone who they’re connected to could download their email address into a giant spreadsheet. But the launch of this new setting without warning or even a formal announcement could piss off users who’d invested tons of time into the professional networking site in hopes of contacting their connections outside of it.

TechCrunch was tipped off by a reader that emails were no longer coming through as part of LinkedIn’s Archive tool for exporting your data. Now LinkedIn confirms to TechCrunch that “This is a new setting that gives our members even more control their email address on LinkedIn. If you take a look at the setting titled “Who can download your email”, you’ll see we’ve added a more detailed setting that defaults to the strongest privacy option. Members can choose to change that setting based on their preference. This gives our members control over who can download their email address via a data export.”

That new option can be found under Settings & Privacy -> Privacy -> Who Can See My Email Address? This “Allow your connections to download your email [address of user] in their data export?” toggle defaults to ‘No’. Most users don’t know it exists since LinkedIn didn’t announce it, there’s merely been a folded up section added to the Help center on email visibility, and few might voluntarily change it to ‘Yes’ since there’s no explanation of why you’d want to. That means nearly no one’s email addresses will appear in LinkedIn Archive exports any more. Your connections will still be able to see your email address if they navigate to your profile, but they can’t grab those from their whole graph.

Facebook came to the same conclusion about restricting email exports back when it was in a data portability fight with Google in 2010. Facebook had been encouraging users to import their Gmail contacts, but refused to let users export their Friends’ email addresses. It argued that users own their own email addresses, but not those of their Friends, so they couldn’t be downloaded — though that stance conveniently prevented any other app from bootstrapping a competing social graph by importing your Facebook friend list in any usable way. I’ve argued that Facebook needs to make friend lists interoperable to give users choice about what apps they use, both because it’s the right thing to do but also because it could deter regulation.

On a social network like Facebook, barring email exports makes more sense. But on LinkedIn’s professional network where people are purposefully connecting with those they don’t know, and where exporting has always been allowed, making the change silently seems surreptitious. Perhaps LinkedIn didn’t want to bring attention to the fact it was allowing your email address to be slurped up by anyone you’re connected with given the current media climate of intense scrutiny regarding privacy in social tech. But trying to hide a change that’s massively impactful to businesses that rely on LinkedIn could erode the trust of its core users.

Facebook, Google and more unite to let you transfer data between apps

in Apps/data portability/Delhi/Developer/Facebook/Facebook Data Portability/Google/India/Media/Microsoft/mobile/Policy/Politics/Social/TC/Twitter by

The Data Transfer Project is a new team-up between tech giants to let you move your content, contacts, and more across apps. Founded by Facebook, Google, Twitter, and Microsoft, the DTP today revealed its plans for an open source data portability platform any online service can join. While many companies already let you download your information, that’s not very helpful if you can’t easily upload and use it elsewhere — whether you want to evacuate a social network you hate, back up your data somewhere different, or bring your digital identity along when you try a new app. The DTP’s tool isn’t ready for use yet, but the group today laid out a white paper for how it will work.

Creating an industry standard for data portability could force companies to compete on utility instead of being protected by data lock-in that traps users because it’s tough to switch services. The DTP could potentially offer a solution to a major problem with social networks I detailed in April: you can’t find your friends from one app on another. We’ve asked Facebook for details on if and how you’ll be able to transfer your social connections and friends’ contact info which it’s historically hoarded.

From porting playlists in music streaming services to health data from fitness trackers to our reams of photos and videos, the DTP could be a boon for startups. Incumbent tech giants maintain a huge advantage in popularizing new functionality because they instantly interoperate with a user’s existing data rather than making them start from scratch. Even if a social networking startup builds a better location sharing feature, personalized avatar, or payment system, it might be a lot easier to use Facebook’s clone of it because that’s where your profile, friends, and photos live.

If the DTP gains industry-wide momentum and its founding partners cooperate in good faith rather than at some bare minimum level of involvement, it could lower the barrier for people to experiment with new apps. Meanwhile, the tech giants could argue that the government shouldn’t step in to regulate them or break them up because DTP means users are free to choose whichever app best competes for their data and attention.

Instagram launches “Data Download” tool to let you leave

in Apps/data portability/Delhi/Facebook Data Portability/India/instagram/mobile/Politics/Social/TC by

Two weeks ago TechCrunch called on Instagram to build an equivalent to Facebook’s “Download Your Information feature so if you wanted to leave for another photo sharing network, you could. The next day it announced this tool would be coming and now TechCrunch has spotted it rolling out to users. Instagram’s “Data Download” feature can be accessed here or through the app’s privacy settings. It lets users export their photos, videos, Stories, profile, info, comments, and messages, though it can take a few hours to days for your download to be ready.

An Instagram spokesperson now confirms to TechCrunch that “the Data Download tool is currently accessible to everyone on the web, but access via iOS and Android is still rolling out.” We’ll have more details on exactly what’s inside once my download is ready.

The tool’s launch is necessary for Instagram to comply with the data portability rule in European Union’s GDPR privacy law that goes into effect on May 25th. But it’s also a reasonable concession. Instagram has become the dominant image sharing social network with over 800 million users. It shouldn’t need to lock up users’ data in order to keep them around.

Instagram hasn’t been afraid to attack competitors and fight dirty. Most famously, it copied Snapchat’s Stories in August 2016, which now has over 300 million daily users — eclipsing the original. But it also cut off GIF-making app Phhhoto from its Find Friends feature, then swiftly cloned its core feature to launch Instagram Boomerang. Within a few years, Phhhoto had shut down its app.

If Instagram is going to ruthlessly clone and box out its competitors, it should also let users choose which they want to use. That’s tough if all your photos and videos are trapped inside another app. The tool could create a more level playing field for competition amongst photo apps.

It could also deter users from using sketchy third-party apps to scrape all their Instagram content. Since they typically require you to log in with your Instagram credentials, these put users at risk of being hacked or having their images used elsewhere without their consent. Considering Facebook launched its DYI tool in 2010, six years after the site launched, the fact that it took Instagram 8 years from launch to build this means it’s long overdue.

But with such strong network effect and its willingness to clone any popular potential rival, it may still take a miracle or a massive shift to a new computing platform for any app to dethrone Instagram.

Go to Top