Menu

Timesdelhi.com

June 25, 2019
Category archive

journalist

Even years later, Twitter doesn’t delete your direct messages

in api/Apps/Delhi/Europe/India/journalist/law/microblogging/operating systems/Politics/privacy/Security/Social/Technology/Twitter by

When does “delete” really mean delete? Not always, or even at all, if you’re Twitter .

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini.

Saini found years-old messages in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also reported a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts.

Saini told TechCrunch that he had “concerns” that the data was retained by Twitter for so long.

Direct messages once let users “unsend” messages from someone else’s inbox, simply by deleting it from their own. Twitter changed this years ago, and now only allows a user to delete messages from their account. “Others in the conversation will still be able to see direct messages or conversations that you have deleted,” Twitter says in a help page. Twitter also says in its privacy policy that anyone wanting to leave the service can have their account “deactivated and then deleted.” After a 30-day grace period, the account disappears, along with its data.

But, in our tests, we could recover direct messages from years ago — including old messages that had since been lost to suspended or deleted accounts. By downloading your account’s data, it’s possible to download all of the data Twitter stores on you.

A conversation, dated March 2016, with a suspended Twitter account was still retrievable today (Image: TechCrunch)

Saini says this is a “functional bug” rather than a security flaw, but argued that the bug allows anyone a “clear bypass” of Twitter mechanisms to prevent accessed to suspended or deactivated accounts.

But it’s also a privacy matter, and a reminder that “delete” doesn’t mean delete — especially with your direct messages. That can open up users, particularly high-risk accounts like journalist and activists, to government data demands that call for data from years earlier.

That’s despite Twitter’s claim that once an account has been deactivated, there is “a very brief period in which we may be able to access account information, including tweets,” to law enforcement.

A Twitter spokesperson said the company was “looking into this further to ensure we have considered the entire scope of the issue.”

Retaining direct messages for years may put the company in a legal grey area ground amid Europe’s new data protection laws, which allows users to demand that a company deletes their data.

Neil Brown, a telecoms, tech and internet lawyer at U.K. law firm Decoded Legal, said there’s “no formality at all” to how a user can ask for their data to be deleted. Any request from a user to delete their data that’s directly communicated to the company “is a valid exercise” of a user’s rights, he said.

Companies can be fined up to four percent of their annual turnover for violating GDPR rules.

“A delete button is perhaps a different matter, as it is not obvious that ‘delete’ means the same as ‘exercise my right of erasure’,” said Brown. Given that there’s no case law yet under the new General Data Protection Regulation regime, it will be up to the courts to decide, he said.

When asked if Twitter thinks that consent to retain direct messages is withdrawn when a message or account is deleted, Twitter’s spokesperson had “nothing further” to add.

Scooter startup Bird tried to silence a journalist. It did not go well.

in bank/blogs/Boing Boing/China/copyright law/cyberpunk/Delhi/digital media/electronic/India/Internet/journalist/lawsuit/online rights/Politics/reporter/Security/spokesperson/Startups/Transportation by

Cory Doctorow doesn’t like censorship. He especially doesn’t like his own work being censored.

Anyone who knows Doctorow knows his popular tech and culture blog Boing Boing, and anyone who reads Boing Boing knows Doctorow and his cohort of bloggers. The part-blogger, part special advisor at the online rights group Electronic Frontier Foundation, has written for years on topics of technology, hacking, security research, online digital rights, and censorship and its intersection with free speech and expression.

Yet, this week it looked like his own free speech and expression could have been under threat.

Doctorow revealed in a blog post on Friday that scooter startup Bird sent him a legal threat, accusing him of copyright infringement and that his blog post encourages “illegal conduct.”

In its letter to Doctorow, Bird demanded that he “immediately take[s] down this offensive blog.”

Doctorow declined, published the legal threat, and fired back with a rebuttal letter from the EFF accusing the scooter startup of making “baseless legal threats” in an attempt to “suppress coverage that it dislikes.”

The whole debacle started after Doctorow wrote about about how Bird’s many abandoned scooters can be easily converted into a “personal scooter” by swapping out its innards with a plug-and-play converter kit. Citing an initial write-up by Hackaday, these scooters can have “all recovery and payment components permanently disabled” using the converter kit, available for purchase from China on eBay for about $30.

In fact, Doctorow’s blog post was only two paragraphs long and, though didn’t link to the eBay listing directly, did cite the hacker who wrote about it in the first place — bringing interesting things to the masses in bitesize form in in true Boing Boing fashion.

Bird didn’t like this much, and senior counsel Linda Kwak sent the letter — which the EFF published today — claiming that Doctorow’s blog post was “promoting the sale/use of an illegal product that is solely designed to circumvent the copyright protections of Bird’s proprietary technology, as described in greater detail below, as well as promoting illegal activity in general by encouraging the vandalism and misappropriation of Bird property.” The letter also falsely stated that Doctorow’s blog post “provides links to a website where such Infringing Product may be purchased,” given that the post at no point links to the purchasable eBay converter kit.

EFF senior attorney Kit Walsh fired back. “Our client has no obligation to, and will not, comply with your request to remove the article,” she wrote. “Bird may not be pleased that the technology exists to modify the scooters that it deploys, but it should not make baseless legal threats to silence reporting on that technology.”

The three-page rebuttal says Bird used incorrectly cited legal statutes to substantiate its demands for Boing Boing to pull down the blog post. The letter added that unplugging and discarding a motherboard containing unwanted code within the scooter isn’t an act of circumventing as it doesn’t bypass or modify Bird’s code — which copyright law says is illegal.

As Doctorow himself put it in his blog post Friday: “If motherboard swaps were circumvention, then selling someone a screwdriver could be an offense punishable by a five year prison sentence and a $500,000 fine.”

In an email to TechCrunch, Doctorow said that legal threats “are no fun.”

AUSTIN, TX – MARCH 10: Journalist Cory Doctorow speaks onstage at “Snowden 2.0: A Field Report from the NSA Archives” during the 2014 SXSW Music, Film + Interactive Festival at Austin Convention Center on March 10, 2014 in Austin, Texas. (Photo by Travis P Ball/Getty Images for SXSW)

“We’re a small, shoestring operation, and even though this particular threat is one that we have very deep expertise on, it’s still chilling when a company with millions in the bank sends a threat — even a bogus one like this — to you,” he said.

The EFF’s response also said that Doctorow’s freedom of speech “does not in fact impinge on any of Bird’s rights,” adding that Bird should not send takedown notices to journalists using “meritless legal claims,” the letter said.

“So, in a sense, it doesn’t matter whether Bird is right or wrong when it claims that it’s illegal to convert a Bird scooter to a personal scooter,” said Walsh in a separate blog post. “Either way, Boing Boing was free to report on it,” she added.

What’s bizarre is why Bird targeted Doctorow and, apparently nobody else — so far.

TechCrunch reached out to several people who wrote about and were involved with blog posts and write-ups about the Bird converter kit kit. Of those who responded, all said that they had not received a legal demand from Bird.

We asked Bird why it sent the letter, and if this was a one-off letter or if Bird had sent similar legal demands to others. When reached, a Bird spokesperson did not comment on the record.

All too often, companies send legal threats and demands to try to silence work or findings that they find critical, often using misinterpreted, incorrect or vague legal statutes to get things pulled off from the internet. Some companies have been more successful than others, despite an increase in awareness and bug bounties, and a general willingness to fix security issues before they inevitably become public.

Now Bird becomes the latest in a long list of companies that have threatened reporters or security researchers, alongside companies like drone maker DJI, which in 2017 threatened a security researcher trying to report a bug in good faith, and spam operator River City, which sued a security researcher who found the spammer’s exposed servers and a reporter who wrote about it. Most recently, password manager maker Keeper sued a security reporter claiming allegedly defamatory remarks over a security flaw in one of its products. The case was eventually dropped but not before over 50 experts, advocates, and journalist (including this reporter) signed onto a letter calling for companies to stop using legal threats to stifle — and silence security researcher.

That effort resulted in several companies — notably LinkedIn and Tesla — to double down on their protection of security researchers by changing their vulnerability disclosure rules to promise that the companies will not seek to prosecute hackers acting in good-faith.

But some companies have bucked that trend and have taken a more hostile, aggressive — and regressive — approach to security researchers and reporters.

“Bird Scooters and other dockless transport are hugely controversial right now, thanks in large part to a ‘move-fast, break-things’ approach to regulation, and it’s not surprising that they would want to control the debate,” said Doctorow.

“But to my mind, this kind of bullying speaks volumes about the overall character of the company,” he said.

Indonesia e-commerce leader Tokopedia raises $1.1B from Alibaba and SoftBank’s Vision Fund

in alibaba/alibaba group/analyst/Asia/Business/Central Intelligence Agency/chairman/China/Delhi/e-commerce/eCommerce/Economy/financial services/funding/Fundings & Exits/India/Indonesia/Jamal Khashoggi/journalist/Lazada Group/Masayoshi Son/Mohammed Bin Salman/online marketplaces/Politics/Prince/Saudi Arabia/Sequoia/SoftBank/SoftBank Group/softbank ventures korea/Southeast Asia/taobao/TC/Tencent/Trump administration/Vision Fund by

Indonesia-based e-commerce firm Tokopedia is the latest startup to enter the Vision Fund after it raised $1.1 billion Series G round led by the SoftBank megafund and Alibaba.

SoftBank and Alibaba are existing investors in the business — the Chinese e-commerce giant led a $1.1 billion round last year, while SoftBank recently transitioned its shareholding in Tokopedia to the Vision Fund. That latter detail is what held up this deal which had been agreed in principle back in October, TechCrunch understands.

Tokopedia didn’t comment on its valuation, but TechCrunch understands from a source that the deal values the company at $7 billion. SoftBank Ventures Korea and other investors — including Sequoia India — also took part in the deal. It has now raised $2.4 billion from investors to date.

The deal comes weeks after SoftBank made a $2 billion investment in Coupang, Korea’s leading e-commerce firm, at a valuation of $9 billion. Like Tokopedia, Coupang countered SoftBank as an investor before its stake transitioned to the Vision Fund.

Founded nine years ago, Tokopedia is often compared to Taobao, Alibaba’s hugely successful e-commerce marketplace in China, and the company recently hit four million merchants. Tokopedia said it has increased its GMV four-fold, although it did not provide a figure. Logistics are a huge issue in Indonesia, which is spread across some 17,000 islands. Right now, it claims to serve an impressive 93 percent of the country, while it said that one-quarter of its customers are eligible for same-day delivery on products. That’s also notable given that it operates a marketplace, which makes coordinating logistics more challenging.

The firm plans to use this new capital to develop its technology to enable more SMEs and independent retailers to come aboard its platform. On the consumer side, it is developing financial services and products that go beyond core e-commerce and increase its captive audience of consumers.

Indonesia’s super app

Despite this new round, CEO and co-founder William Tanuwijaya told TechCrunch that there are no plans to expand beyond Indonesia, which is Southeast Asia’s largest economy and the world’s fourth most populous country with a population of over 260 million.

“We do not have plans to expand beyond Indonesia at this moment. We will double down on the Indonesia market to reach every corner of our beautiful 17,000-island archipelago,” Tanuwijaya said via an emailed response to questions. (Tokopedia declined a request for an interview over the phone.)

William Tanuwijaya, co-founder and chief executive officer of PT Tokopedia, gestures as he speaks during a panel session on the closing day of the World Economic Forum (WEF) in Davos, Switzerland, on Friday, Jan. 26, 2018. World leaders, influential executives, bankers and policy makers attend the 48th annual meeting of the World Economic Forum in Davos from Jan. 23 – 26. Photographer: Jason Alden/Bloomberg

That Indonesia-only approach is in contrast to Go-Jek, the Indonesia-based ride-hailing firm which is rapidly expanding across Southeast Asia. Go-Jek has already moved into Vietnam, Singapore and Thailand with doubtless more plans in 2019.

But Go-Jek and Tokopedia do share similarities in that they have both expanded beyond their central business.

Go-Jek has pushed into on-demand services, payments and more. In recent times, Tokopedia has moved into payments, including mobile top-up, and financial services, and Tanuwijaya hinted that it will continue its strategy to become a ‘super app.’

“We will go deeper and serve Indonesians better – from the moment they wake up in the morning until they fall asleep at night; from the moment a person is born, until she or he grows old. We will invest and build technology infrastructure-as-a-services, in logistics and fulfillment, payments and financial services, to empower businesses both online and offline,” Tanuwijaya added.

Vision Fund controversy

But, with the Vision Fund comes controversy.

A recent CIA report concluded that Saudi Crown Prince Mohammed bin Salman ordered the murder of journalist Jamal Khashoggi. The prince manages Saudi Arabia’s PIF sovereign fund, the gargantuan investment vehicle that anchored the Vision Fund through a $45 billion investment.

SoftBank chairman Masayoshi Son has condemned the killing as an “act against humanity” but, in an analyst presentation, he added that SoftBank has a “responsibility” to Saudi Arabia to deploy the capital and continue the Vision Fund.

“We are deeply concerned by the reported events and alongside SoftBank are monitoring the situation closely until the full facts are known,” Tanuwijaya told us via email, although it remains unclear exactly what Tokopedia could (or would) do even in the worst case scenario.

Given that the Trump administration seems focused on continuing the status quo with Saudi Arabia as a key ally, the situation remains in flux although there’s been plenty of discussion around whether the Saudi link makes the Vision Fund tainted money for founders.

Son himself said recently that he hadn’t heard of any cases of startups refusing an investment from the Vision Fund, but he did admit that there “may be some impact” in the future.

Tanuwijaya didn’t directly address our question on whether he anticipates a backlash from this investment. The Vision Fund’s recent deal with Coupang doesn’t appear to have generated a negative reaction.

Even the involvement of Alibaba throws up other questions, given that it owns Lazada — which is arguably Southeast Asia’s most prominent e-commerce service.

Unlike Tokopedia, Lazada covers six markets in Southeast Asia, it is focused on retail brands and it maintains close links to Alibaba’s Taobao service, giving merchants a channel to reach into the region. According to sources who spoke to TechCrunch earlier this year, Tokopedia’s management was originally keen to take money from Alibaba’s rival Tencent, but an intervention from SoftBank forced it to bring Alibaba on instead.

Tanuwijaya somewhat diplomatically played down the rivalry and any rift, insisting that there is no impact on its business.

“Tokopedia is an independent company with a diversified cap table,” he said via email. “No single shareholder owns the majority of the company. We work closely with our shareholders’ portfolio companies and tap into available synergies.”

“For example, Tokopedia works closely with both Grab — a SoftBank portfolio — and Gojek — a Sequoia portfolio. We see Lazada having a different business model than us: Lazada is a hybrid of retail and marketplace model, whereas Tokopedia is a pure marketplace. Lazada is [a] regional player, we are a national player in Indonesia,” he added.

Tokopedia has many similarities to Alibaba’s hugely successful Taobao marketplace in China

“How can we be less excited about this moment?”

At nearly a decade old, Tokopedia was one of the earliest startups to emerge in Indonesia. Famously, Tanuwijaya and fellow co-founder Leontinus Alpha Edison famously saw nearly a dozen pitches for venture capital rejected by VCs before they struck out and raised money.

Compared to now — and entry to the Vision Fund for “proven champions,” as Son calls it — that’s a huge transition, and that’s not even including the business itself which has broadened into financial products and more. But that doesn’t always sit easily with every founder. Privately, many will often concede that the ‘best’ days are early times during intense scaling and all-hands-to-the-pump moments. Indeed, Traveloka — a fellow Indonesia-based unicorn — recently lost its CTO to burnout.

Is the same likely to happen to Tanuwijaya, Edison and their C-level peers in the business?

Tanuwijaya compared the journey of his business to scaling a mountain.

“Leon and I are very excited entering our tenth year. When we first started Tokopedia, it was like seeing the tip of a mountain that is very far from where we stand. We promised ourselves that we were going to climb to the top of the mountain one day,” he told TechCrunch.

“The top of the mountain is our company mission: to democratize commerce through technology. Today, we have arrived at the base of the mountain. We can finally touch the mountain and we can start to climb it. With this additional capital, we have the tools and supplies to achieve our mission at a faster rate. Should we think whether we are burned-out and go home to rest, or should we climb our mountain? How can we be less excited about this moment?” he added.

Tokopedia has certainly become a mountain in itself. The startup is the third highest valued private tech company, behind only Grab and Go-Jek, at $11 billion and (reportedly) $9 billion, respectively, and the fairytale story is likely to inspire future founders in Indonesia and beyond to take the startup route. What happens to the Vision Fund and its PIF connection by then is less certain.

Payment service Toss becomes Korea’s newest unicorn after raising $80M

in altos ventures/Amazon/Ant Financial/Apps/Asia/Bessemer Venture Partners/Coupang/Credit Karma/Delhi/e-commerce/Economy/Finance/financial services/funding/Fundings & Exits/goodwater capital/hyundai/India/journalist/Kleiner Perkins/korea/LG/mobile payments/money/novel/PayPal/Politics/Qualcomm Ventures/Ribbit Capital/Samsung/Seoul/smartphone/SoftBank/Softbank Vision Fund/Tencent/toss/Venmo/viva republica by

South Korea has got its third unicorn startup after Viva Republica, the company beyond popular payment app Toss, announced it has raised an $80 million round at a valuation of $1.2 billion.

This new round is led by U.S. firms Kleiner Perkins and Ribbit Capital, both of which cut their first checks for Korea with this deal. Others participating include existing investors Altos Ventures, Bessemer Venture Partners, Goodwater Capital, KTB Network, Novel, PayPal and Qualcomm Ventures. The deal comes just six months after Viva Republica raised $40 million to accelerate growth, and it takes the company to nearly $200 million raised from investors to date.

Toss was started in 2013 by former dentist SG Lee who grew frustrated by the cumbersome way online payments worked in Korea. Despite the fact that the country has one of the highest smartphone penetrations rates in the world and is a top user of credit cards, the process required more than a dozen steps and came with limits.

“Before Toss, users required five passwords and around 37 clicks to transfer $10. With Toss users need just one password and three steps to transfer up to KRW 500,000 ($430),” Lee said in a past statement.

Working with traditional finance

Today, Viva Republica claims to have 10 million registered users for Toss — that’s 20 percent of Korea’s 50 million population — while it says that it is “on track” to reach a $18 billion run-rate for transactions in 2018.

The app began as Venmo -style payments, but in recent years it has added more advanced features focused around financial products. Toss users can now access and manage credit, loans, insurance, investment and more from 25 financial service providers, including banks.

Fintech startups are ‘rip it out and start again’ in the West –such as Europe’s challenger banks — but, in Asia, the approach is more collaborative and assistive. A numbe of startups have found a sweet spot in between banks and consumers, helping to match the two selectively and intelligently. In Toss’s case, essentially it acts as a funnel to help traditional banks find and vet customers for services. Thus, Toss is graduating from a peer-to-peer payment service into a banking gateway.

“Korea is a top 10 global economy, but no there’s no Mint or Credit Karma to help people save and spend money smartly,” Lee told TechCrunch in an interview. “We saw the same deep problems we need to solve [as the U.S.] so we’re just digging in.”

“We want to help financial institutions to build on top of Toss… we’re kind of building an Amazon for the financial services industry,” he added. “We try to aggregate all those activities, covering saving accounts, loan products, insurance etc.”

Former dentist SG Lee started Toss in 2013.

Lee said the plan for the new money is to go deeper in Korea by advancing the tech beyond Toss, adding more users and — on the supply side — partnering with more companies to offer financial products.

There’s plenty of competition. Startups like PeopleFund focus squarely on financial products, while Kakao, Korea’s largest messaging platform, has a dedicated fintech division — KakaoPay — which rivals Toss on both payment and financial services. It also counts the mighty Alibaba in its corner courtesy of a $200 million investment from its Ant Financial affiliate.

Alibaba and Tencent tend to move in pairs as opposites, with one naturally gravitating to the rivals of the other’s investees as recently happened in the Philippines. It’s tricky in Korea, though. Tencent is caught in limbo since it is a long-standing Kakao backer. But might the Ant Financial deal spur Tencent into working with Toss?

Lee said his company has a “good relationship” with Tencent, including the occasional home/away visits, but there’s nothing more to it right now. That’s intriguing.

Overseas expansion plans

Also of interest is future plans for the business now that it is taking on significantly more capital from investors who, even with the most patient money out there, eventually need a return on their investment.

Lee is adamant that he won’t sell, despite Viva Republica increasingly looking like an ideal entry point for a payment or finance company that has missed the Korean market and wants in now.

He said that there are plans to do an IPO “at some point,” but a more immediate focus is the opportunity to expand overseas.

When Toss raised a PayPal-led $48 million Series C 18 months ago, Lee told TechCrunch that he was beginning to cast his eyes on opportunities in Southeast Asia, the region of over 650 million consumers, and that’s likely to see definitive action next year. The Viva Republica CEO said that Vietnam could be a first overseas launchpad for Toss.

“We’re thinking seriously about going beyond Korea because sooner or later we will hire saturation point,” Lee said. “We think Vietnam is quite promising. We’ve talked to potential partners and are currently articulating ideas and strategy materialized next year.

“We already have a very successful playbook, we know how to scale among users,” Lee added.

While the plan is still being put together, Lee suggested that Viva Republica would take its time expanding across Southeast Asia, where six distinct countries account for the majority of the region’s population. So, rather than rapidly expanding Toss across those markets, he indicated that a more deliberate, country-by-country launch could be the strategy with Vietnam kicking things off in 2019.

The Toss team at HQ in Seoul, Korea

Korea rising

Toss’s entry into the unicorn club — a vaunted collection of private tech companies valued at $1 billion or more — comes weeks after Coupang, Korea’s top e-commerce company, raised $2 billion at a valuation of $9 billion.

While that Coupang round came from the SoftBank Vision Fund — a source of capital that is threatening to become tainted given its links to the murder of journalist Jamal Khashoggi — it does represent the first time that a Korea-based company has joined the $100 billion mega-fund’s portfolio.

Some milestones can be dismissed as frivolous, but these two coming so close together are a signal of increased awareness of the potential of Korea as a startup destination by investors outside of the country.

While Lee admitted that the unicorn valuation “doesn’t change a lot” in daily terms for his business, he did admit that he has seen the landscape shift for Korea’s startup ecosystem — which has only two other privately-held unicorns: Coupang and Yello Mobile.

“More and more global VCs are aware that South Korea is a really good opportunity to do a startup. It is getting easier for our fellow entrepreneurs to pitch and get access to global funds,” he said, adding that Korea’s top 25 cities have a cumulative population (25 million) that matches America’s top 25.

Despite that potential, Korea has tended to focus on its ‘chaebol’ giants like Samsung — which accounts for a double-digital percentage of the national economy — LG, Hyundai and SK. That means a lot of potential startup talent, both founders and employees, is locked up in secure corporate jobs. Throw in the conservative tradition of family expectations, which can make it hard for children to justify leaving the safety of a big company, and it is perhaps no wonder that Korea has relatively fewer startups compared to other economies of comparable size.

But that is changing.

Coupang has been one of the highest profile examples to follow, alongside the (now public) Kakao business. But with Viva Republica, Toss and a charismatic dentist-turned-founder, another startup story is being written and that could just inspire a future generation of entrepreneurs to rise up and be counted in South Korea.

Bots Distorted the 2016 Election. Will the Midterms Be a Sequel?

in botnet/bots/california/Column/computing/Delhi/digital media/Facebook/Governor/India/internet research agency/Jamal Khashoggi/jerry brown/journalist/National Football League/nfl/Pew Research Center/Politics/president/presidential election/Saudi Arabia/social media/social media platforms/Software/the wall street journal/Trump/Twitter/United Kingdom/United States/wall-street-journal by

The fact that Russian-linked bots penetrated social media to influence the 2016 U.S. presidential election has been well documented and the details of the deception are still trickling out.

In fact, on Oct. 17 Twitter disclosed that foreign interference dating back to 2016 involved 4,611 accounts — most affiliated with the Internet Research Agency, a Russian troll farm. There were more than 10 million suspicious tweets and more than 2 million GIFs, videos and Periscope broadcasts.

In this season of another landmark election — a recent poll showed that about 62 percent of Americans believe the 2018 midterm elections are the most important midterms in their lifetime – it is natural to wonder if the public and private sectors have learned any lessons from the 2016 fiasco. And about what is being done to better protect against this malfeasance by nation-state actors.

There is good news and bad news here. Let’s start with the bad.

Two years after the 2016 election, social media still sometimes looks like a reality show called “Propagandists Gone Wild.” Hardly a major geopolitical event takes place in the world without automated bots generating or amplifying content that exaggerates the prevalence of a particular point of view.

In mid-October, Twitter suspended hundreds of accounts that simultaneously tweeted and retweeted pro-Saudi Arabia talking points about the disappearance of journalist Jamal Khashoggi.

On Oct. 22, the Wall Street Journal reported that Russian bots helped inflame the controversy over NFL players kneeling during the national anthem. Researchers from Clemson University told the newspaper that 491 accounts affiliated with the Internet Research Agency posted more 12,000 tweets on the issue, with activity peaking soon after a Sept. 22, 2017 speech by President Trump in which he said team owners should fire players for taking a knee during the anthem.

The problem hasn’t persisted only in the United States. Two years after bots were blamed for helping sway the 2016 Brexit vote in Britain, Twitter bots supporting the anti-immigration Sweden Democrats increased significantly this spring and summer in the leadup to that country’s elections.

These and other examples of continuing misinformation-by-bot are troubling, but it’s not all doom and gloom.  I see positive developments too.

Photo courtesy of Shutterstock/Nemanja Cosovic

First, awareness must be the first step in solving any problem, and cognizance of bot meddling has soared in the last two years amid all the disturbing headlines.

About two-thirds of Americans have heard of social media bots, and the vast majority of those people are worried bots are being used maliciously, according to a Pew Research Center survey of 4,500 U.S. adults conducted this summer. (It’s concerning, however, that much fewer of the respondents said they’re confident that can actually recognize when accounts are fake.)

Second, lawmakers are starting to take action. When California Gov. Jerry Brown on Sept. 28 signed legislation making it illegal as of July 1, 2019 to use bots – to try to influence voter opinion or for any other purpose — without divulging the source’s artificial nature, it followed anti-ticketing-bot laws nationally and in New York State as the first bot-fighting statutes in the United States.

While I support the increase in awareness and focused interest by legislators, I do feel the California law has some holes. The measure is difficult to enforce because it’s often very hard to identify who is behind a bot network, the law’s penalties aren’t clear, and an individual state is inherently limited it what it can do to attack a national and global issue. However, the law is a good start and shows that governments are starting to take the problem seriously.

Third, the social media platforms — which have faced congressional scrutiny over their failure to address bot activity in 2016 – have become more aggressive in pinpointing and eliminating bad bots.

It’s important to remember that while they have some responsibility, Twitter and Facebook are victims here too, taken for a ride by bad actors who have hijacked these commercial platforms for their own political and ideological agendas.

While it can be argued that Twitter and Facebook should have done more sooner to differentiate the human from the non-human fakes in its user rolls, it bears remembering that bots are a newly acknowledged cybersecurity challenge. The traditional paradigm of a security breach has been a hacker exploiting a software vulnerability. Bots don’t do that – they attack online business processes and thus are difficult to detect though customary vulnerability scanning methods.

I thought there was admirable transparency in Twitter’s Oct. 17 blog accompanying its release of information about the extent of misinformation operations since 2016. “It is clear that information operations and coordinated inauthentic behavior will not cease,” the company said. “These types of tactics have been around for far longer than Twitter has existed — they will adapt and change as the geopolitical terrain evolves worldwide and as new technologies emerge.”

Which leads to the fourth reason I’m optimistic: technological advances.

In the earlier days of the internet, in the late ‘90s and early 00’s, networks were extremely susceptible to worms, viruses and other attacks because protective technology was in its early stages of development. Intrusions still happen, obviously, but security technology has grown much more sophisticated and many attacks occur due to human error rather than failure of the defense systems themselves.

Bot detection and mitigation technology keeps improving, and I think we’ll get to a state where it becomes as automatic and effective as email spam filters are today. Security capabilities that too often are siloed within networks will integrate more and more into holistic platforms better able to detect and ward off bot threats.

So while we should still worry about bots in 2018, and the world continues to wrap its arms around the problem, we’re seeing significant action that should bode well for the future.

The health of democracy and companies’ ability to conduct business online may depend on it.

Go to Top