The Russian communications regulator has told Facebook that it needs to begin storing data on Russian users in the country or face a ban, something which happened to LinkedIn last year. The relevant law was passed back in 2015 but it seems the Russian government has given specific tech companies some time to comply because of the investment necessary to make it happen, though it’s not setting a deadline of next year for compliance. This is the kind of thing that could quickly get expensive for Facebook if more companies jump on board – there have certainly been rumblings about data storage in a number of European countries already. My guess is that Facebook will choose to comply given that it likely has many users in the country and won’t want to lose them, but it will also worry about setting a precedent. Facebook’s ad targeting tool suggests a potential reach of 160 million for the country, whereas the official population is just 144 million, so it’s hard to know exactly how many users Facebook has there, but it’s likely in the tens of millions at least.
Wired reports on a third party study which claims that Apple’s approach to differential privacy – the method Apple says it uses to obfuscate individuals’ data when uploading it to the cloud – is inadequate to really protect those users’ privacy. That study dug into Apple’s code and on that basis makes claims about the degree to which Apple has added noise to the data, that degree being the single biggest factor in determining how obscured the individual’s private information is. The authors claim that Apple’s differential privacy approach adds far too little noise to data to preserve privacy, while Apple has pushed back, saying that the approach used assumed that it treats all data the same way and that aggregating data across multiple categories would reveal more about users than looking at single data points, assertions Apple disputes.
One of the most telling lines in the article has one of the researchers saying that the DP approach is based on the assumption that companies will always behave badly, something Apple would clearly dispute too – it prides itself on protecting users’ privacy, generally doesn’t use business models which require it to collate data about users to target advertising, and requires users to opt in to any of this data gathering in the first place. As such, some of the assumptions being made by the researchers may be reasonable in general but not as applicable to Apple as to other companies. The fundamental issue here, though, is that Apple isn’t transparent about its approach, something I would guess it would attribute to competitive sensitivity, but which – like all company claims about privacy – requires users to take many of their privacy claims on trust. Whether you’re OK with Apple’s approach should therefore depend less on claims like those made by these third party researchers and more on whether you trust Apple overall when it comes to privacy. Surveys I’ve been involved with have generally shown high levels of trust on that point among Apple users and the population in general.
Toyota, Ericsson, Intel, NTT, and other companies have formed a consortium to figure out ways to manage the massive explosion of data that will be generated by cars over the coming years. As cars become more autonomous, they will need to gather enormously more data from cameras, radar, LIDAR, and other sensors and transmit at least a subset of that data over networks to central repositories for processing and analysis. That, in turn, is going to require some big decisions about which data to process locally, what needs to be sent over the air, and how much and which data to store on an ongoing basis in both locations. Since carmakers like Toyota don’t really have much experience with that kind of thing, network infrastructure vendor Ericsson and chip vendor Intel among others are going to work together with them to figure some of this stuff out, and have left the door open for others to join their effort in future. Notably absent from this initiative are other big automotive chip vendors like Nvidia, any cloud service companies beyond Japan’s NTT, or mapping companies like HERE, and given the strong roles they’re playing or likely to play in this area, the consortium does need to add additional members (including ones who compete with the founding members) if it’s to make real headway here.
iRobot CEO Backtracks on Roomba Data Sale Comments (Jul 28, 2017)
Roomba Owner iRobot Talks About Selling Home Mapping Data (Jul 24, 2017)
Apple’s App Store Gets a Makeover – Bloomberg (Mar 21, 2017)
The headline makes it sound like there are changes coming to the App Store, but this story is really about all the changes that have already happened on the App Store since Phil Schiller took it over from Eddy Cue a little over a year ago. One of the notable things in the story is the impact that better analytics have had, and how that’s made it easier for more dynamic developers to update their apps more frequently in response to user behavior. More generally, though, the article suggests that big strides have been made in the way the App Store runs from a developer perspective, which is a story that hasn’t been told much. It’s been subtle, and if you’re just a user you might not be aware of most of these changes, but better experiences for developers make for better end user experiences too. I know there are still lots of developers, especially Mac-centric developers, who have complaints they feel have gone unheeded, but Apple has at least made some progress in fixing big pain points on the iOS side.
CTIA, which is the industry association that represents the largest US wireless carriers, is arguing before the FCC that it shouldn’t be subjected to new rules on sharing data it collects on its users. The carriers have argued that Google and other online service providers aren’t subject to the same rules (those companies are regulated primarily by the FTC rather than the FCC) and so for consistency’s sake the carriers should be treated the same way. This is really about a technical definition of the word “sensitive” – clearly the kind of data being talked about here is indeed enormously sensitive, but the real question is how disclosure of that data is regulated. This matters because, for example, AT&T as a fiber broadband carrier in certain parts of the country has offered a service discount for customers who consent to tracking of their web browsing history and so on, something which it argues Google does all the time without explicitly asking for users’ permission to do. What the carriers are arguing here is that it should be allowed to continue to do this kind of thing without having to ask users to opt in first. The carriers look likely to win given the current hands-off policy stance of the FCC, which means more erosion of user privacy for users, but the proper approach would be for the FTC and FCC to work together to craft a set of consistent rules that would apply to all players that get access to similar data, rather than each regulating in a vacuum.
via Ars Technica
There are some interesting numbers here – not all of them are new, but the collection of them all into one place is, and some are pretty striking. Some of the key points: time spent on YouTube is rising rapidly – doubling from 2015 to 2016 among all adults, but tripling among users 55+; YouTube reaches 95% of online adults over 35 in a month; YouTube users skew slightly female and are more likely to have a college degree than the general population. To my mind, the takeaways are that YouTube has massive scale, probably broader than any other video platform or service in the US, and that it’s reaching that stage of its maturity where its growth is stronger among newer groups of users, notably older users, which mirrors what’s happened with Facebook in recent years. This is a massive scale, mature platform – the challenge is monetizing it effectively and generating a profit, something Google has seemed increasingly focused on in the last couple of years.
Your real-world purchases will soon determine what ads you see on Snapchat – Mashable (Jan 19, 2017)
Here’s further evidence that Snap is evolving Snapchat’s advertising targeting capabilities, something it badly needs to do to ramp up ad spending ahead of a potential IPO. But that also means going back on some of the commitments Evan Spiegel has made in the past to avoid “creepy” targeting. The reality is that Snapchat has captured a nice little share of ad spending purely on the basis of having a great target market for a certain generation at a general level, but if it wants to capture more targeted advertising, it needs to provide the tools that Facebook, Google, and others already provide. That means buying in data from Oracle (as in this deal, and further to a previous deal with Oracle for measuring ROI) or other data collection houses (as Facebook already does) in order both to target advertising and to capture information about subsequent purchases to prove an ROI. Though Snapchat’s target market is generally more open to ad-based business models and the attendant privacy implications, there’s a point at which even millennials will balk, and Snap has to be careful not to cross that line.
This is an interesting take on the repeated Yahoo breaches and the implications, and it goes along with my gut sense that people have very short memories when it comes to security and privacy breaches. There’s lots of outrage in the short term, but it blows over very quickly, as any Google Trends search relating to a major breach will tell you. The hits keep coming with Yahoo, but ultimately I expect Verizon’s acquisition will still go through.
The headline doesn’t do the focus of the article justice – the point the article makes is that Facebook buys in offline data sources to supplement the data it collects itself, to create a fuller picture of its users when it comes to targeting ads. It isn’t transparent with its users about this, however, which some consumer advocacy groups find bothersome. The fact is, this data is gathered and used pervasively throughout the consumer marketing industry, but it’s a different flavor of data gathering and targeting from what we’re used to with Facebook.
Amazon Echo and the Hot Tub Murder — The Information (Dec 27, 2016)
This is one of those nightmare stories that appears to validate lots of people’s concerns about having always-listening devices in the home. As always, the real story is less concerning – Amazon’s Echo doesn’t store everything it hears, just what follows the Alexa prompt. More broadly, however, home automation gear and the data it creates has been used in this case, and will be used in others – a good reminder that if you use services that create and store data, that data may become available to others too, whether hackers or law enforcement.
Uber explains why app appears to continue tracking your location; other apps affected too | 9to5Mac (Dec 23, 2016)
There was something of a fuss when Uber was found to have changed its location settings in its iOS app to always share the user’s location. It now appears the explanation is benign – it’s the app’s Maps extension that’s to blame. But the fact that the issue blew up at all is an indication of skepticism about Uber’s privacy protections, especially given repeated stories about employees accessing user data in illegitimate ways.
Government requests for Facebook user data up 27 percent in first half of 2016 | TechCrunch (Dec 22, 2016)
As more and more communication takes place on online platforms, law enforcement agencies will inevitably shift their data gathering to those platforms too, and we’re seeing this play out here. The more data these platforms have on us, of course, the more meaningful that is, and Facebook is a treasure trove.