ashkan soltani
@ashk4n 2 months, 2 weeks ago 2350 views

BREAKING: @CommonsCMS @DamianCollins just released previously sealed #Six4Three @Facebook documents:

Some random interesting tidbits:

1) Zuck approves shutting down platform API access for Twitter's when Vine is released #competition
2) Facebook engineered ways to access user's call history w/o alerting users:

Team considered access to call history considered 'high PR risk' but 'growth team will charge ahead'. @Facebook created upgrade path to access data w/o subjecting users to Android permissions dialogue.
3) The above also confirms @kashhill and other's suspicion that call history was used to improve PYMK (People You May Know) suggestions and newsfeed rankings.
4) Docs also shed more light into @dseetharaman's story on @Facebook monitoring users' @Onavo VPN activity to determine what competitors to mimic or acquire in 2013.

https://t.co/PwiRIL3v9x
5) Interesting contrast regarding "never selling users' data"
6) OK well at least Facebook developers were self aware of their public image (re: bluetooth beacons and call-logs): "Facebook uses new Android update to pry into your private life in ever more terrifying ways - reading your call logs, tracking you in businesses with beacons,etc"
7) @FTC consent decree required that @Facebook get 1A) affirmative consent before the collection of covered info 4A) create a privacy program to address privacy risks

However, docs show lead of privacy program was actively working to evade user consent https://t.co/mcXhDnSg2i
8) Another study in contrasts

@Facebook statements re: Android SMS and Call Log History
1) internal discussion Feb 4 2015
2) public 'clarifying' statement Mar 25 2018
9) Anti-competitive practices can consist of selectively blocking access to the ad network, not just user data:

@Facebook's director of platform offered to 'unblock @Tinder's monetization possibilities' if @Tinder permitted use of 'Moments' trademark:
https://t.co/VkJGD4hp5E
10) 2015 exchange re: whitelisted apps with @Lyft

Q: Are there any contracts or other steps besides whitelisting to launch a feature using the APls?

A: You don't need to worry about any contracts for the api. This is a product we are testing and will be rolling out slowly.
11) Facebook rep discusses removal of 'all friends-list in V2 of Facebook API as an indirect way to drive mobile ad adoption
(NEKO is an acronym used to describe mobile app-install ads)
12) Here is the key 'pay for access' evidence that @DamianCollins hinted at in @CommonsCMS: Apps need to spend at least $250K/yr on @Facebook ads (NEKO) in order to maintain access to data. Apps that don't will have data permissions will be revoked. #antitrust #sellingdata
13) In 2012, Vine and Path were the two fastest growing social networking app competitors to Facebook. #wherearetheynow #competition
14) If you read anything, it should be the email from @Zuck on P49 laying out his vision for platform monetization and growth (echoed by Sandberg).

It most clearly lays out the strategy of the company with regards to platform API and user data:
15) "The fundamental principle that governs Platform usage: reciprocity-an equable value exchange between a 3rd party developer and Facebook" (excluding competitors)

Developers provide: or direct payment/rev sharing
FB provides: access to platform (userdata/friends)
16) Finally, some might recall this exchange between @Zuck and friend from a *slightly* older leak (2004) which illustrates that the issue of bartering access to users' information isn't a new one -- it's @Facebook's primary motivation:

https://t.co/0oh1dGIDvd (ht @EuanDBriggs)

More from Tech

Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇

It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details):
https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha

I've read it so you needn't!

Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.

The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.

Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.

You May Also Like

THREAD: 12 Things Everyone Should Know About IQ

1. IQ is one of the most heritable psychological traits – that is, individual differences in IQ are strongly associated with individual differences in genes (at least in fairly typical modern environments). https://t.co/3XxzW9bxLE


2. The heritability of IQ *increases* from childhood to adulthood. Meanwhile, the effect of the shared environment largely fades away. In other words, when it comes to IQ, nature becomes more important as we get older, nurture less.
https://t.co/UqtS1lpw3n


3. IQ scores have been increasing for the last century or so, a phenomenon known as the Flynn effect. https://t.co/sCZvCst3hw (N ≈ 4 million)

(Note that the Flynn effect shows that IQ isn't 100% genetic; it doesn't show that it's 100% environmental.)


4. IQ predicts many important real world outcomes.

For example, though far from perfect, IQ is the single-best predictor of job performance we have – much better than Emotional Intelligence, the Big Five, Grit, etc. https://t.co/rKUgKDAAVx https://t.co/DWbVI8QSU3


5. Higher IQ is associated with a lower risk of death from most causes, including cardiovascular disease, respiratory disease, most forms of cancer, homicide, suicide, and accident. https://t.co/PJjGNyeQRA (N = 728,160)
Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇

It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details):
https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha

I've read it so you needn't!

Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.

The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.

Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
The entire discussion around Facebook’s disclosures of what happened in 2016 is very frustrating. No exec stopped any investigations, but there were a lot of heated discussions about what to publish and when.


In the spring and summer of 2016, as reported by the Times, activity we traced to GRU was reported to the FBI. This was the standard model of interaction companies used for nation-state attacks against likely US targeted.

In the Spring of 2017, after a deep dive into the Fake News phenomena, the security team wanted to publish an update that covered what we had learned. At this point, we didn’t have any advertising content or the big IRA cluster, but we did know about the GRU model.

This report when through dozens of edits as different equities were represented. I did not have any meetings with Sheryl on the paper, but I can’t speak to whether she was in the loop with my higher-ups.

In the end, the difficult question of attribution was settled by us pointing to the DNI report instead of saying Russia or GRU directly. In my pre-briefs with members of Congress, I made it clear that we believed this action was GRU.