Facebook can’t keep you safe

Another day, another announcement from Facebook that it has failed to protect your personal information. Were you one of the 50 million (and likely far more, given the company’s graduated disclosure style) users whose accounts were completely exposed by a coding error in play for more than a year? If not, don’t worry — you’ll get your turn being failed by Facebook . It’s incapable of keeping its users safe.

Facebook has proven over and over again that it prioritizes its own product agenda over the safety and privacy of its users. And even if it didn’t, the nature and scale of its operations make it nearly impossible to avoid major data breaches that expose highly personal data.

For one thing, the network has grown so large that its surface area is impossible to secure completely. That was certainly demonstrated Friday when it turned out that a feature rollout had let hackers essentially log in as millions of users and do who knows what. For more than a year.

This breach wasn’t a worst case scenario exactly, but it was close. To Facebook it would not have appeared that an account was behaving oddly — the hacker’s activity would have looked exactly like normal user activity. You wouldn’t have been notified via two-factor authentication, since it would be piggybacking on an existing login. Install some apps? Change some security settings? Export your personal data? All things a hacker could have done, and may very well have.

This happened because Facebook is so big and complicated that even the best software engineers in the world, many of whom do in fact work there, could not reasonably design and code well enough to avoid unforeseen consequences like the bugs in question.

I realize that sounds a bit hand-wavy, and I don’t mean simply that “tech is hard.” I mean that realistically speaking, Facebook has too many moving parts for the mere humans that run it to do so infallibly. It’s testament to their expertise that so few breaches have occurred; the big ones like Cambridge Analytica were failures of judgment, not code.

A failure is not just inevitable but highly incentivized in the hacking community. Facebook is by far the largest and most valuable collection of personal data in history. That makes it a natural target, and while it is far from an easy mark, these aren’t script kiddies trying to find sloppy scripts in their free time.

Facebook itself said that the bugs discovered Friday weren’t simple; it was a coordinated, sophisticated process to piece them together and produce the vulnerability. The people who did this were experts, and it seems likely that they have reaped enormous rewards for their work.

The consequences of failure are also huge. All your eggs are in the same basket. A single problem like this one could expose all the data you put on the platform, and potentially everything your friends make visible to you as well. Not only that, but even a tiny error, a highly specific combination of minor flaws in the code, will affect astronomical numbers of people.

Of course, a bit of social engineering or a badly configured website elsewhere could get someone your login and password as well. This wouldn’t be Facebook’s error, exactly, but it is a simple fact that because of the way Facebook has been designed — a centralized repository of all the personal data it can coax out of its users — a minor error could result in a total loss of privacy.

I’m not saying other social platforms could do much better. I’m saying this is just another situation in which Facebook has no way to keep you safe.

And if your data doesn’t get taken, Facebook will find a way to give it away. Because it’s the only thing of value that they have; the only thing anyone will pay for.

The Cambridge Analytica scandal, while it was the most visible, was only one of probably hundreds of operations that leveraged lax access controls into enormous data sets scraped with Facebook’s implicit permission. It was their job to keep that data safe, and they gave it to anyone who asked.

It’s worth noting here that not only does it only take one failure along the line to expose all your data, but failures beyond the first are in a way redundant. All that personal information you’ve put online can’t be magically sucked back in. In a situation where, for example, your credit card has been skimmed and duplicated, the risk of abuse is real, but it ends as soon as you get a new card. For personal data, once it’s out there, that’s it. Your privacy is irreversibly damaged. Facebook can’t change that.

Well, that’s not exactly right. It could, for example, sandbox all data older than three months and require verification to access it. That would limit breach damage considerably. It could also limit its advertising profiles to data from that period, so it isn’t building a sort of shadow profile of you based on analysis of years of data. It could even opt not to read everything you write and instead let you self-report categories for advertising. That would solve a lot of privacy issues right there. It won’t, though. No money in that.

One more thing Facebook can’t protect you from is the content on Facebook itself. The spam, bots, hate, echo chambers — all that is baked on in. The 20,000-strong moderation team they’ve put on the task is almost certainly totally inadequate, and of course the complexity of the global stage and all its cultures and laws ensures that there will always be conflict and unhappiness on this subject. At the very best it can remove the worst of it after it’s already been posted or streamed.

Again, it’s not really Facebook’s fault exactly that there are people abusing its platform. People are the worst, after all. But Facebook can’t save you from them. It can’t prevent the new category of harm that it has created.

What can you do about it? Nothing. It’s out of your hands. Even if you were to quit Facebook right now, your personal data may already have been leaked and no amount of quitting will stop it from propagating online forever. If it hasn’t already, it’s probably just a matter of time. There’s nothing you, or Facebook, can do about it. The sooner we, and Facebook, accept this as the new normal, the sooner we can get to work taking real measures toward our security and privacy.


Source: Tech Crunch

Meet Adam Mosseri, the new head of Instagram

Former Facebook VP of News Feed and recently appointed Instagram VP of Product Adam Mosseri has been named the new head of Instagram following the resignation of Instagram’s founders Kevin Systrom and Mike Krieger last week.. “We are thrilled to hand over the reins to a product leader with a strong design background and a focus on craft and simplicity — as well as a deep understanding of the importance of community” the founders wrote. “These are the values and principles that have been essential to us at Instagram since the day we started, and we’re excited for Adam to carry them forward.”

Systrom will recruit a new executive team including heads of product, operations, and engineering to replace himself, Instagram COO Marne Levine who went back to lead Facebook partnerships last month, and engineering leader James Everingham who moved to Facebook’s blockchain team in May before finishing at Instagram in July. Instagram’s product director Robby Stein is a strong candidate for the product head decision, as he’s been overseeing Stories, feed, Live, direct messaging, camera and profile.

Instagram’s founders announced last week that they were leaving the Facebook corporation after sources told TechCrunch the pair had dealt with dwindling autonomy from Facebook and rising tensions with its CEO Mark Zuckerberg. The smiling photo above seems meant to show peace has been restored to Instaland, and counter the increasing perception that Facebook breaks its promises to acquired founders. TechCrunch has previously reported Mosseri was first in line for the role according to sources, and The Information later wrote that some inside the company saw him as a lock.

Mosseri’s experience dealing with the unintended consequences of the News Feed such as fake news in the wake of the 2016 election could help him predict how Instagram’s growth will affect culture, politics, and user well-being. Over the years of interviewing him, Mosseri has always come across as sharp, serious, and empathetic. He comes across as a true believer that Facebook and its family of apps can make a positive impact in the world, but congniscent of the hard work and complex choices required to keep them from being misused.

Born and raised in New York, Mosseri started his own design consultancy while attending NYU’s Gallatin School Of Interdisciplinary Study to learn about media and information design. Mosseri joined Facebook in 2008 after briefly working at a startup called TokBox. Tasked with helping Facebook embrace mobile as design director, he’s since become part of Zuckerberg’s inner circle of friends and lieutenants. Mosseri later moved into product management and oversaw Facebook’s News Feed, turn it into the world’s most popular social technology and the driver of billions in profit from advertising. However, amidst his successes, Mosseri also oversaw Facebook Home, the flopped mobile operating system, and the was the officer on duty when fake news and Russian election attackers proliferated.

After going on parental leave this year, Mosseri returned to take over the role of Instagram VP of Product Kevin Weil as he move to Facebook’s blockchain team. A source tells TechCrunch he was well-received and productive since joining Instagram, and has gotten along well with Systrom. Mosseri now lives in San Francisco, close enough to work from both Instagram’s city office and South Bay headquarters. He’ll report to Facebook’s chief product officer Chris Cox as he did at Facebook. Cox wrote “Kevin and Mike, we will never fill your shoes. But we will work hard to uphold the craft, simplicity, elegance, and the incredible community of Instagram: both the team and the product you’ve built.”

“The impact of their work over the past eight years has been incredible. They built a product people love that brings joy and connection to so many lives” Mosseri wrote about Instagram’s founders in an…Instagram post. I’m humbled and excited about the opportunity to now lead the Instagram team. I want to thank them for trusting me to carry forward the values that they have established. I will do my best to make them, the team, and the Instagram community proud.”

Mosseri will be tasked with balancing the needs of Instagram such as headcount, engineering resources, and growth with the priorities of its parent company Facebook, such as cross-promotion to Instagram’s younger audience and revenue to contribute to the corporation’s earnings reports. Some see Mosseri as more sympathetic to Facebook’s desire than Instagram’s founders, given his long-stint at the parent company and his close relationship with Zuckerberg. Interestingly, Zuckerberg wasn’t mentioned or pictured in the transition announcement and hasn’t posted anything congratulating Mosseri as is common in Facebook’s employee culture. Zuckerberg may be seeking to reduce the appearance that he’s playing puppet master and instead does actually let Instagram run independently.

The question now is whether users will end up seeing more notifications and shortcuts linking back to Facebook, or more ads in the Stories and feed. Instagram hasn’t highlighted the ability to syndicate your Stories to Facebook, which could be boon for that parallel product. Instagram Stories now has 400 million daily users compared to Facebook Stories and Messenger Stories’ combined 150 million users. Tying them more closely could seem more content flow into Facebook, but it might also make users second guess whether what they’re sharing is appropriate for all of their Facebook friends, which might include family or professional colleagues.

Mosseri’s most pressing responsibility will be reassurring users that the culture of Instagram and its app won’t be assimilated into Facebook now that he’s running things instead of the founders. He’ll also need to snap into action to protect Instagram from being used as a pawn for election interference in the run-up to the 2018 US mid-terms. While he’ll never have the same mandate and faith from employees that the founders did, Mosseri is the experienced leader Instagram needs to grapple with its scaled-up influence.


Source: Tech Crunch