Items tagged with: users
HN Discussion: https://news.ycombinator.com/item?id=19690205
Posted by alistairSH (karma: 3011)
Post stats: Points: 120 - Comments: 71 - 2019-04-18T11:31:42Z
#HackerNews #accidentally #asks #contacts #email #facebook #for #passwords #then #uploads #users
HackerNewsBot debug: Calculated post rank: 103 - Loop: 76 - Rank min: 100 - Author rank: 23
Facebook has developed a plan to turn its users into the stars of advertising campaigns through new technology which can automatically scan people’s photographs and identify which products are…
Article word count: 118
HN Discussion: https://news.ycombinator.com/item?id=19645531
Posted by ColinWright (karma: 92619)
Post stats: Points: 139 - Comments: 76 - 2019-04-12T15:17:53Z
#HackerNews #ads #advertisers #make #online #pass #photos #plans #stars #the #users #your
Facebook has developed a plan to turn its users into the stars of advertising campaigns through new technology which can automatically scan people’s photographs and identify which products are featured in them.
The social network was granted a patent in the US for a system which can detect photos people have uploaded that feature items such as alcoholic drinks and snacks. The company would then pass those images to the brands, which would turn them into adverts for other Facebook users to see.
One example given in the patent filing is a Facebook user uploading a photograph of a party in which they are pictured holding a bottle of Grey Goose vodka. The social network could automatically detect...
HackerNewsBot debug: Calculated post rank: 118 - Loop: 325 - Rank min: 100 - Author rank: 69
Mark Zuckerberg admitted recently that Facebook doesn’t have a ‘strong reputation’ for privacy. An odd new request for private data probably won’t help with that rep.
Article word count: 551
HN Discussion: https://news.ycombinator.com/item?id=19559617
Posted by sharkweek (karma: 8269)
Post stats: Points: 130 - Comments: 58 - 2019-04-02T23:40:22Z
#HackerNews #asking #email #facebook #for #new #passwords #some #users
Just two weeks after admitting it stored hundreds of millions of its users’ own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network.
Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically …”
A form below the message asked for the users’ “email password.”
“That’s beyond sketchy,” security consultant Jake Williams told the Daily Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”
In a statement emailed to The Daily Beast after this story published, Facebook reiterated its claim it doesn’t store the email passwords. But the company also announced it will end the practice altogether.
“We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” Facebook wrote.
It’s not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as “a code sent to their phone or a link sent to their email.” Those options are presented to users who click on the words “Need help?” in one corner of the page.
The additional login step was noticed over the weekend by a cyber security watcher on Twitter called “e-sushi.” The Daily Beast testing the claim by establishing a new Facebook account under circumstances the company’s system might flag as suspicious, using a disposable webmail address and connecting through a VPN in Romania. A reporter was taken to the same screen demanding the email password.
“By going down that road, youʼre practically fishing for passwords you are not supposed to know!,” e-sushi wrote in a tweet.
Small print below the password field promises, “Facebook won’t store your password.” But the company has recently been criticized for repurposing information it originally acquired for “security” reasons.
Last year Facebook was caught allowing advertisers to target its users using phone numbers users provided for two-factor authentication; users handed over their numbers so Facebook could send a text message with a secret code when they log in. More recently the company drew the ire of privacy advocates when it began making those phone numbers searchable, so anyone can locate the matching user “in defiance of user expectations and security best practices,” wrote the Electronic Frontier Foundation, a civil liberties group.
Facebook also has a checkered history when it comes to securely handling passwords. Last month the company acknowledged that unencrypted passwords for hundreds of millions of its users had been stored for years in company logs accessible to 2,000 employees.
Last month, amid a steady drum beat of fresh privacy scandals, Facebook founder Mark Zuckerberg unleashed a thousand-word manifesto describing a new “privacy-focused vision” for the company built on strong encryption and cutting-edge security tools.
Even then, Zuckerberg acknowledged that Facebook’s putative pivot-to-privacy would meet with some skepticism. “[F]rankly we donʼt currently have a strong reputation for building privacy protective services.”
HackerNewsBot debug: Calculated post rank: 106 - Loop: 165 - Rank min: 100 - Author rank: 67
To continue, please click the box below to let us know you're not a robot.
HN Discussion: https://news.ycombinator.com/item?id=19499598
Posted by pseudolus (karma: 14750)
Post stats: Points: 144 - Comments: 32 - 2019-03-27T10:44:50Z
#HackerNews #and #ban #belgian #even #facebook #fight #non-users #tracking #users
To continue, please click the box below to let us know youʼre not a robot.
HackerNewsBot debug: Calculated post rank: 106 - Loop: 153 - Rank min: 100 - Author rank: 75
HN Discussion: https://news.ycombinator.com/item?id=19487304
Posted by ecmascript (karma: 98)
Post stats: Points: 174 - Comments: 105 - 2019-03-25T22:25:28Z
#HackerNews #all #enter #forces #new #number #phone #twitter #users #valid
HackerNewsBot debug: Calculated post rank: 151 - Loop: 62 - Rank min: 100 - Author rank: 140
A scheme to stealthily run video ads behind banner images drained users' batteries and data while they used popular Android apps.
Article word count: 2353
HN Discussion: https://news.ycombinator.com/item?id=19459604
Posted by occamschainsaw (karma: 552)
Post stats: Points: 117 - Comments: 71 - 2019-03-22T04:28:01Z
#HackerNews #ads #android #batteries #drained #fraud #hidden #running #scheme #users #video
Julien is an independent developer who built and maintains one of the most popular audio apps in the Google Play store. With millions of downloads and hundreds of thousands of positive reviews, he’s obsessive about responding to user complaints and concerns.
He often receives emails from users complaining that his app is draining their battery and using more data than expected. Usually, it’s because they set the app to download files when they’re not on Wi-Fi. But sometimes it’s due to ad fraudsters taking advantage of his app to run hidden, data-hungry video ads behind the legitimate banners he sells to earn his living.
Julienʼs app is one of several, including many using Twitterʼs MoPub ad platform, that saw its in-app ads hijacked in an ad fraud scheme uncovered by fraud detection firm Protected Media. The company’s findings, along with additional reporting and interviews by BuzzFeed News, and independent verification from an outside ad fraud lab, show that one of the players implicated in this scheme is Aniview, an Israeli company with offices in New York that runs a video ad technology platform.
Aniview denies any involvement and instead says the platform and banner ads and code, which were created by one of its subsidiaries, were exploited by a malicious, unnamed third party.
“BuzzFeed brought to our attention that there is an abuse activity, as an immediate action, we stopped this activity and started and continue an internal incident review,” said Aniview CEO Alon Carmel in an emailed statement. “We notified and emphasized our clients that the use of our platform must be according to our policy and the IAB and TAG guidelines.”
It’s just one of the many ways ad fraudsters siphon money out of the global digital advertising industry, which will see more than $20 billion stolen this year. This scheme in particular highlights once again how ad tech companies exploit insider access and technical knowledge to participate in ad fraud.
“I don’t even think about me being ripped off,” Julien told BuzzFeed News. “All I think about is them damaging the app’s reputation. It can cost money to [a user] and drain his battery. This is the thing that makes me really mad.” (BuzzFeed News agreed to withhold his full name and the name of his app due to concerns about people wrongly thinking it was knowingly part of the scheme.)
Here’s how the scheme works. Julien sells a banner ad, which appears in the app and is visible to his users. Then, hidden from view behind that banner, fraudsters conceal autoplaying video ads that no human being actually sees, but which register as having been served and viewed. In this scenario, Julien gets paid for the small banner ad in his app that users see, but the fraudsters earn many times that amount by stuffing far more lucrative video ads behind the banner. Ultimately, it’s the brands whose ads were shown in hidden video players that lose money to those running the scheme.
“Fraudsters are purchasing cheap in-app display inventory and are filling it with multiple video players behind innocuous fake branded display ads,” said Asaf Greiner, the CEO of Protected Media.
This type of ad fraud is known in the industry as in-banner video ads, and has been documented in the past. Greiner’s team identified a new version of it last fall and said in total they’ve seen tens of millions of dollarsʼ worth of fraudulent video ads running per month as a result.
The ad fraud lab run by DoubleVerify, a digital measurement company, identified the same in-banner video ad fraud scheme at the end of last year, according to Roy Rosenfeld, the company’s VP of product management.
He told BuzzFeed News the fraudsters “did a very good job at hiding and obfuscating what they were doing” and were “quite sophisticated in the thinking behind how they can monetize that [video]inventory.”
DoubleVerify saw at least 60 million ad calls being made for fraudulent video ads per month, though Rosenfeld noted that not all of those ad slots were filled.
Aniview and its subsidiary, OutStream Media, were identified by Protected Media as being part of the scheme after the fraud detection firm gathered and analyzed video evidence, code, and other information during an investigation.
Rosenfeld said DoubleVerify’s investigation identified that “the Aniview player was heavily driving” the fraudulent video ad activity. He said his team identified the same code and other materials as Protected Media had.
Carmel, of Aniview, told BuzzFeed News that his company “does not knowingly engage in any fraudulent activity” and said his team has been trying to stop this activity on their platform since they were first contact by Protected Media last month. He acknowledged that OutStream Media, the company identified by Protected Media, is a subsidiary of Aniview. But he said it had ceased operations last summer and that Aniview is in the process of legally shutting it down. He said the ad fraud documented by Protected Media and DoubleVerify was done by bad actors using the Aniview video ad platform, as well as images and code created by OutStream Media, in an unauthorized way.
“To be crystal clear, another customer on Aniview’s [self-serve] platform used this [video ad] player and is responsible for this activity and we took actions immediately to stop this activity,” he said.
“We are fighting against bad activities, pushing and focus on clean and legit activities and should not be blamed or framed for bad use of our platform."
Carmel could not say who this bad actor was or how they managed to gain access to content that was uploaded to an OutStream Media account on Aniview’s platform. He declined to identify the malicious actors, or to share any details about them. He also acknowledged removing the photos and names of people, including his cofounder, Tal Melenboim, from Aniview’s website after being contacted by BuzzFeed News.
Two of the removed employees had leadership roles with OutStream Media in addition to their work at Aniview. Carmel, who previously cofounded the popular Jewish dating site Jdate, said they left the company to pursue other interests at the end of last year, and he neglected to remove them from the Aniview team page.
Carmel was provided with a copy of the malicious code used to place the banner ads and hidden video players. In addition to using the Aniview platform and banner ads from OutStream Media’s account on it, this code included the URL shoval.tv as a tracking pixel to gather data on ad performance. Shoval.tv is a domain name owned by Aniview cofounder Tal Melenboim. In an email to BuzzFeed News, Melenboim denied any involvement.
Carmel said the fraudsters must have copied the part of the code that included Shoval.tv from an earlier OutStream demo, and said Shoval.tv is commonly used as a tracking URL by Aniview. The inclusion of this code means that only a person with access to shoval.tv would be able to track the performance of the fraudulent ads carrying this pixel.
Protected Media also found that a significant portion of the banner ads purchased for this scheme were bought using MoPub, the mobile ad network owned by Twitter. This does not mean MoPub was engaged in the scheme. But it does mean Twitter’s ad platform was exploited for months by fraudsters, and it earned commission on the ads bought using its tools. (Julien uses MoPub to help place ads in his app and says the company is responsive when he reports bad ads.)
“At this time, we can confirm that the suspicious activity in question is not being initiated by MoPub,” a company spokesperson told BuzzFeed News. “The activity observed by Protected Media stems from an ad that is initiating other non-viewable video ads to run in the background. We are currently investigating what the potential sources of the issue could be.”
This scheme illustrates one of the central challenges in reducing the massive, multibillion-dollar fraud problem in digital advertising: Nearly every player in the supply chain, except for the brands who spend money on ads, profits from fraudulent ad delivery. Even if they’re not involved in ad fraud, platforms such as ad networks and other intermediaries earn a share of the money spent on invalid ads. This creates a disincentive to stop fraud from taking place, according to Greiner.
“It’s an unfair kind of situation because anybody who behaves well and doesn’t allow this on their platform is being left out of the profit,” he said, adding that “there’s very little penalty and there’s a lot to gain — the numbers are just enormous.”
Protected Media first detected the use of hidden video ads in October. Though not a new ad fraud technique, the company saw this iteration grow large enough that it warranted a closer look. After seeing which video players were being used to run the hidden ads, and which ad networks the fraudsters were buying the display ad from, Protected Media reached out to the relevant parties, including Aniview, last month. (Rosenfeld of DoubleVerify said it also identified the scheme late last year and began blocking it.)
Protected Media provided BuzzFeed News with video documentation of invalid video ads running behind banners that were created by OutStream Media, Aniview’s subsidiary. These video ads were served using Aniview’s platform and the banner ads were hosted on Aniview’s website with an account in OutStream Media’s name. This demonstrates a direct link between OutStream Media and the banners that were placed in apps such as Julien’s.
Protected Media also identified that the shoval.tv domain name owned by Aniview cofounder Tal Melenboim was used to track the performance of the fraudulent ads, adding yet another link to Aniview.
Given that information, Greiner believes “Aniview is the group who left no room for deniability — the others can claim ignorance.”
After BuzzFeed News first contacted Aniview, the company removed the LinkedIn page for OutStream Media, and deleted people from the Aniview team page on its website. Two of the removed people were Melenboim, who had previously listed himself as the founder and CEO of OutStream Media on his LinkedIn, and his wife Mazal Melenboim, whose LinkedIn lists her as the head of media operations for Aniview and the head of operations for OutStream Media.
Carmel said the couple left Aniview at the end of last year and praised Tal Melenboim as a “reputable professional” who was “an asset to Aniview during his many years of employment.”
Tal Melenboim told BuzzFeed News in an email that he and his wife are not involved in any illegal activity. “It is important for me to point out to you, that if you got the impression that Aniview/Outstream Media or someone from our team, including me or my wife, is involved in an act of not legit activity, it is simply far away from the true.” (Melenboim said that Carmel’s English is better than his, and that as a result specific questions should be directed to him.)
Carmel said the Melenboims were removed from the company website at his direction after being contacted by BuzzFeed News, and said it was an oversight that they were still on the site. He offered to provide a letter from the company’s legal counsel to testify to the fact that the Melenboims had not worked at Aniview since the end of last year. He also said other employees were removed from the company’s team page at the same time.
After BuzzFeed News emailed Carmel two links that showed the scheme was still active on his platform, the activity was quickly shut off. He said that was a result of his company being given the information necessary to shut it down.
One of the links BuzzFeed News provided to Carmel went to a page at play.aniview.com/outstreammedia/ that hosted the banner ads used in the scheme. These banners were generic images for companies and products such as Coca-Cola, M&Mʼs, McDonald’s, and Disney. If a user clicked on them they were taken to the homepage of the Google Play Store, showing that they were not real ads.
Carmel said these images belonged to OutStream Media and were created as test images when the company was operational last year. He said someone used these images without permission to execute the fraud.
“The banners were ONLY used for reach media demos of outstream units,” he said in an email. “After seeing in your email that someone used our banner without our permission we removed it from our server. Thank you for pointing it out.”
Ultimately what Carmel claims is that an unknown bad actor created an account on his platform, and then used banner ad images created by his subsidiary to execute the fraud scheme. He declined to share information about the bad actor’s account, citing legal concerns. He also couldn’t say exactly how this actor knew about banner ads uploaded to the account of OutStream Media — a company Carmel says was only briefly operational last year. He suggested one of the organizations OutStream had previously tried to pitch its services to was involved.
“The demo page of Outstream units was public and as well have been sent to many potential customers (BTW, one of them was Buzzfeed),” he said in an email. Carmel did not provide contact information for the person at BuzzFeed he says received the OutStream pitch. He did provide screenshots of email templates that were sent to prospective clients in May of last year that included a link to a demo.
Carmel says the same bad actor must have copied the OutStream tracking code that included shoval.tv, the domain owned by Melenboim. This means the fraudsters were sophisticated enough to set up and manage the scheme, but would have left in a tracking pixel that prevents them from receiving performance data on their ads.
Greiner of Protected Media said several ad tech companies engaged in or facilitated this form of fraud. Aniview was the one they gathered the most convincing evidence about. Others continue to run the scheme after being contacted by Protected Media, and in at least one case an executive from an involved company even complained about being called out.
“One of them spoke to my VP of sales and said everybody does it, why are we picking on them,” Greiner said. “It’s something we hear too often, unfortunately.” ●
HackerNewsBot debug: Calculated post rank: 101 - Loop: 82 - Rank min: 100 - Author rank: 43
For nearly a decade, we’ve been in discussions with the European Commission about the way some of our products work. Throughout this process, we’ve always agreed on one thing一that healthy, thriving…
Article word count: 372
HN Discussion: https://news.ycombinator.com/item?id=19437465
Posted by ucaetano (karma: 7776)
Post stats: Points: 116 - Comments: 94 - 2019-03-19T23:57:40Z
#HackerNews #and #android #asked #browser #engine #europe #search #they #users #want #which #will
For nearly a decade, we’ve been in discussions with the European Commission about the way some of our products work. Throughout this process, we’ve always agreed on one thing一that healthy, thriving markets are in everyone’s interest.
A key characteristic of open and competitive markets一and of Google’s products一is constant change. Every year, we make thousands of changes to our products, spurred by feedback from our partners and our users. Over the last few years, we’ve also made changes一to Google Shopping; to our mobile apps licenses; and to AdSense for Search一in direct response to formal concerns raised by the European Commission.
Since then, we’ve been listening carefully to the feedback we’re getting, both from the European Commission, and from others. As a result, over the next few months, we’ll be making further updates to our products in Europe.
Since 2017, when we adapted Google Shopping to comply with the Commission’s order, we’ve made a number of changes to respond to feedback. Recently, we’ve started testing a new format that gives direct links to comparison shopping sites, alongside specific product offers from merchants.
On Android phones, you’ve always been able to install any search engine or browser you want, irrespective of what came pre-installed on the phone when you bought it. In fact, a typical Android phone user will usually install around 50 additional apps on their phone.
After the Commission’s July 2018 decision, we changed the licensing model for the Google apps we build for use on Android phones, creating new, separate licenses for Google Play, the Google Chrome browser, and for Google Search. In doing so, we maintained the freedom for phone makers to install any alternative app alongside a Google app.
Now we’ll also do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use.
We’ve always tried to give people the best and fastest answers一whether direct from Google, or from the wide range of specialist websites and app providers out there today. These latest changes demonstrate our continued commitment to operating in an open and principled way.
HackerNewsBot debug: Calculated post rank: 108 - Loop: 253 - Rank min: 100 - Author rank: 39
Due a to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords.
Article word count: 346
HN Discussion: https://news.ycombinator.com/item?id=19423770
Posted by markovbot (karma: 844)
Post stats: Points: 136 - Comments: 29 - 2019-03-18T18:35:25Z
#HackerNews #elsevier #exposed #left #online #passwords #users
Elsevier, the company behind scientific journals such as The Lancet, left a server open to the public internet, exposing user email addresses and passwords. The impacted users include people from universities and educational institutions from across the world.
It’s not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials.
“Most users are .edu [educational institute] accounts, either students or teachers,” Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. “They could be using the same password for their emails, iCloud, etc.”
Elsevier is controversial, after acquiring a number of platforms that distributed academic material for free. Profit-driven Elsevier’s legal threats against other sites that openly host millions of scientific papers have forced them to go into the digital underground, and distribute their material with the protection of the Tor anonymity network. Some universities have boycotted Elsevier.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on email@example.com, or email firstname.lastname@example.org.
The data itself was displayed via Kibana, a popular tool for visualizing and sorting data.
Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password appeared on the exposed server.
Elsevier secured the server after Motherboard approached the company for comment. Hussein also provided Elsevier with details of the security issue.
An Elsevier spokesperson told Motherboard in an emailed statement that "The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts."
Subscribe to our new cybersecurity podcast, CYBER.
HackerNewsBot debug: Calculated post rank: 100 - Loop: 383 - Rank min: 100 - Author rank: 54
Myspace lost all the music its users uploaded between 2003 and 2015
Article word count: 484
HN Discussion: https://news.ycombinator.com/item?id=19417640
Posted by pmoriarty (karma: 31693)
Post stats: Points: 142 - Comments: 59 - 2019-03-18T00:03:18Z
#HackerNews #2003 #2015 #all #and #between #its #lost #music #myspace #the #uploaded #users
Itʼs been a year since the music links on Myspace stopped working; at first the company insisted that they were working on it, but now theyʼve admitted that all those files are lost: "As a result of a server migration project, any photos, videos, and audio files you uploaded more than three years ago may no longer be available on or from Myspace. We apologize for the inconvenience and suggest that you retain your back up copies. If you would like more information, please contact our Data Protection Officer, Dr. Jana Jentzsch at DPO@myspace.com."
Yeah, apparently they donʼt have a backup.
Someday, this will happen to Facebook, Instagram, Tumblr, etc. Donʼt trust the platforms to archive your data. The Internet Archive will host anything freely distributable, for free, forever, and they have mirrors of their servers in California, Egypt and Amsterdam. Theyʼre a mission-driven nonprofit supported by philanthropists, foundations, and small-money donations (Iʼm an annual donor).
[IMG]On Friday, hundreds of us gathered at the Internet Archive, at the invitation of Creative Commons, to celebrate the Grand Re-Opening of the Public Domain, just weeks after the first works entered the American public domain in twenty years.
READ THE REST
[IMG]Timothy from Creative Commons writes, "In the US beginning Jan 1, 2019–after a devastating 20 year drought brought on by the infamous 1998 ʼMickey Mouse Protection Act.ʼ Creators, commons advocates, librarians, legal activists and others are celebrating in San Francisco at the Internet Archive on January 25, 2019 to mark the ʼGrand Re-Opening of the […]
READ THE REST
[IMG]Long before Quora admitted to being breached and losing 100,000,000 million usersʼ account data, it had disqualified itself from being used, by dint of its impulse to hoard knowledge and the likelihood that its limping business model would cause it to imminently implode.
READ THE REST
[IMG]Big companies want automation on a big scale. Doing that means diving into the tricky world of machine learning and data science. And no matter what platform you’ll be implementing it on, you can learn how with the Machine Learning & Data Science Certification Training Bundle. In 48 hours and through eight courses, this bundle […]
READ THE REST
[IMG]Big systems need tight security – and the experts who can implement it. Cisco Networking Systems are the go-to providers for network infrastructure, but maintaining it takes a lot of up-to-date knowledge. If you want that knowledge right from the source, there’s an online course that can get you certified painlessly: The Foundational Cisco CCNA […]
READ THE REST
[IMG]Computer slowing down? There are a ton of reasons why that might be, especially if your unit has a few years on it. Junk files and programs can accumulate over time, some even left over from otherwise uninstalled software. This virtual debris can slow your PC down dramatically, but there’s a surprisingly quick fix. Lauded […]
READ THE REST
HackerNewsBot debug: Calculated post rank: 114 - Loop: 102 - Rank min: 100 - Author rank: 63
In an update to the chromium engine, which underpins Google’s popular Chrome browser, the search giant has quietly updated the lists of default search engines it offers per market — expanding the…
Article word count: 483
HN Discussion: https://news.ycombinator.com/item?id=19379509
Posted by jmsflknr (karma: 1607)
Post stats: Points: 142 - Comments: 57 - 2019-03-13T15:19:18Z
#HackerNews #added #chrome #duckduckgo #engine #for #google #has #option #search #users
In an update to the chromium engine, which underpins Google’s popular Chrome browser, the search giant has quietly updated the lists of default search engines it offers per market — expanding the choice of search product users can pick from in markets around the world.
Most notably it has expanded search engine lists to include pro-privacy rivals in more than 60 markets globally.
The changes, which appear to have been pushed out with the Chromium 73 stable release yesterday, come at a time when Google is facing rising privacy and antitrust scrutiny and accusations of market distorting behavior at home and abroad.
Elizabeth Warren wants to break up Google, Amazon and Facebook
Many governments are now actively questioning how competition policy needs to be updated to rein in platform power and help smaller technology innovators get out from under the tech giant shadow.
But in a note about the changes to chromium’s default search engine lists on an GitHub instance, Google software engineer Orin Jaworski merely writes that the list of search engine references per country is being “completely replaced based on new usage statistics” from “recently collected data.”
The per country search engine choices appear to loosely line up with top-four market share.
The greatest beneficiary of the update appears to be pro-privacy Google rival, DuckDuckGo, which is now being offered as an option in more than 60 markets, per the GitHub instance.
Previously DDG was not offered as an option at all.
Another pro-privacy search rivals, French search engine Qwant, has also been added as a new option — though only in its home market, France.
DDG has been added in Argentina, Austria, Australia, Belgium, Brunei, Bolivia, Brazil, Belize, Canada, Chile, Colombia, Costa Rica, Croatia, Germany, Denmark, Dominican Republic, Ecuador, Faroe Islands, Finland, Greece, Guatemala, Honduras, Hungary, Indonesia, Ireland, India, Iceland, Italy, Jamaica, Kuwait, Lebanon, Liechtenstein, Luxembourg, Monaco, Moldova, Macedonia, Mexico, Nicaragua, Netherlands, Norway, New Zealand, Panama, Peru, Philippines, Poland, Puerto Rico, Portugal, Paraguay, Romania, Serbia, Sweden, Slovenia, Slovakia, El Salvador, Trinidad and Tobago, South Africa, Switzerland, U.K., Uruguay, U.S. and Venezuela.
“We’re glad that Google has recognized the importance of offering consumers a private search option,” DuckDuckGo founder Gabe Weinberg told us when approached for comment about the change.
DDG has been growing steadily for years, and has also recently taken outside investment to scale its efforts to capitalize on growing international appetite for pro-privacy products.
Interestingly, the chromium GitHub instance is dated December 2018 — which appears to be around the time when Google (finally) passed the Duck.com domain to DuckDuckGo, after holding onto the domain and pointing it to Google.com for years.
We asked Google for comment on the timing of its changes to search engine options in chromium. At the time of writing the search giant had not responded.
We’ve also reached out to Qwant for comment on being added as an option in its home market.
HackerNewsBot debug: Calculated post rank: 113 - Loop: 65 - Rank min: 100 - Author rank: 88
But that doesn’t mean people are leaving social media altogether.
Article word count: 826
HN Discussion: https://news.ycombinator.com/item?id=19322448
Posted by rmason (karma: 21081)
Post stats: Points: 198 - Comments: 116 - 2019-03-06T20:30:37Z
#HackerNews #are #edison #facebook #leaving #millions #research #says #the #users
By Kimberly Adams
March 06, 2019 | 3:30 AM
Embed Code 
- Chandan Khanna/AFP/Getty Images
Embed Code 
All the bad press about Facebook might be catching up to the company. New numbers from Edison Research show an an estimated 15 million fewer users in the United States compared to 2017. The biggest drop is in the very desirable 12- to 34-year-old group. Marketplace Tech got a first look at Edisonʼs latest social media research. It revealed almost 80 percent of people in the U.S. are posting, tweeting or snapping, but fewer are going to Facebook. Marketplace’s Kimberly Adams talked with Larry Rosin, president of Edison Research. The following is an edited transcript of their conversation.
Kimberly Adams: In your survey you found an estimated drop of 15 million fewer Facebook users in the U.S. today than in 2017. Thatʼs just in the U.S. Is this a meaningful drop for Facebook?
Larry Rosin: I donʼt see how you couldnʼt say itʼs a meaningful drop. Fifteen million is a lot of people, no matter which way you cut it. It represents about 6 percent of the total U.S. population ages 12 and older. What makes it particularly important is if it is part of a trend. This is the second straight year weʼve seen this number go down. Obviously, the U.S. is the biggest market, in terms of dollars, and itʼs going to be a super important market for Facebook or anybody whoʼs playing in this game.
Courtesy of Edison Research and Triton Digital
Adams: But if we look at Facebookʼs earnings report, they are still reporting an increasing number of active users. Whatʼs behind the difference between what the company is saying and what your survey found?
Rosin: When theyʼre producing those numbers, theyʼre typically talking about their global platform. This is a survey just of the USA. Furthermore, weʼre asking about usage. Weʼre saying, "Do you currently use Facebook?" Facebook is probably measuring it on, “Do you ever open the app, or do you ever use it on any level?”
Adams: Are those people going somewhere else or leaving social media altogether?
Rosin: We only show trace numbers of people leaving social media altogether. Theyʼre obviously just transferring their usage. The big gainer, interestingly, is under the same roof as Facebook. Itʼs their co-owned Instagram.
Courtesy of Edison Research and Triton Digital
Adams: Do you have any sense as to why people are leaving Facebook in particular?
Rosin: The survey didnʼt specifically ask, “Why are you using Facebook less?” or “Why have you stopped using Facebook?” among those who say that they have. Thereʼs tons of other information out there, whether it be the politically related aspects to Facebook. Thereʼs conjecture about as Facebook has become more popular among older people, whether thatʼs affected younger people. Then we have to consider whether some of these other social media platforms, in particular Instagram and Snapchat, are just more appealing to younger people. I should also mention that while weʼve seen dramatic reductions in usage among younger people, weʼre still seeing some gains among people, for instance, 55 and older. That is maybe not the advertising target Facebook is necessarily looking to work on, but itʼs not as if all is lost there.
Related links: more details from Edisonʼs Infinite Dial report
It’s pretty ironic that most of those Facebook departures seem to have gone to Instagram, which, being owned by Facebook, doesnʼt necessarily have better policies.
And itʼs worth noting that Facebook is still the most-used social media platform, according to Edison, with 61 percent of people in the U.S. using the site.
Instagram is a distant second.
Edison also looked at media hardware and found smartphone ownership continues to rise. About 84 percent of us in the U.S., 237 million people, own these pocket computers.
Smart speaker ownership saw a big jump in the last couple of years and keeps climbing. About 23 percent of us have them now, with Amazonʼs Alexa devices in the lead. One interesting trend developing around smart speakers is that people who get one tend to want multiple. In 2018, only about a tenth of smart speaker owners had several. Now, about a quarter of owners have three or more.
“I think the best compliment I can give is not to say how much your programs have taught me (a ton), but how much Marketplace has motivated me to go out and teach myself.” – Michael in Arlington, VA
As a nonprofit news organization, what matters to us is the same thing that matters to you: being a source for trustworthy, independent news that makes people smarter about business and the economy. So if Marketplace has helped you understand the economy better, make more informed financial decisions or just encouraged you to think differently, we’re asking you to give a little something back.
Become a Marketplace Investor today – in whatever amount is right for you – and keep public service journalism strong. We’re grateful for your support.
BEFORE YOU GO
Follow Kimberly Adams at @KA_Marketplace.
HackerNewsBot debug: Calculated post rank: 170 - Loop: 145 - Rank min: 100 - Author rank: 51
Facebook has changed its story after initially trying to downplay how it targeted teens with its Research program that a TechCrunch investigation revealed was paying them gift cards to monitor all…
Article word count: 1120
HN Discussion: https://news.ycombinator.com/item?id=19283125
Posted by vinnyglennon (karma: 11204)
Post stats: Points: 157 - Comments: 25 - 2019-03-01T17:29:21Z
#HackerNews #admits #facebook #not #research #spyware #teens #users #were
Facebook has changed its story after initially trying to downplay how it targeted teens with its Research program that a TechCrunch investigation revealed was paying them gift cards to monitor all their mobile app usage and browser traffic. “Less than 5 percent of the people who chose to participate in this market research program were teens” a Facebook spokesperson told TechCrunch and many other news outlets in a damage control effort 7 hours after we published our report on January 29th. At the time, Facebook claimed that it had removed its Research app from iOS. The next morning we learned that wasn’t true, as Apple had already forcibly blocked the Facebook Research app for violating its Enterprise Certificate program that supposed to reserved for companies distributing internal apps to employees.
It turns out that wasn’t the only time Facebook deceived the public in its response regarding the Research VPN scandal. TechCrunch has obtained Facebook’s unpublished February 21st response to questions about the Research program in a letter from Senator Mark Warner, who wrote to CEO Mark Zuckerberg that “Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me.”
In the response from Facebook’s VP of US public policy Kevin Martin, the company admits that (emphasis ours) “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. Analysis shows that number is about 18 percent when you look at the complete lifetime of the program, and also add people who had become inactive and uninstalled the app.” So 18 percent of research testers were teens. It was only less than 5 percent when Facebook got caught. Given users age 13 to 35 were eligible for Facebook’s Research program, 13 to 18 year olds made of 22 percent of the age range. That means Facebook clearly wasn’t trying to minimize teen involvement, nor were they just a tiny fraction of users.
WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. (Photo by Chip Somodevilla/Getty Images)
Warner asked Facebook “Do you think any use reasonable understood Facebook was using this data for commercial purposes includingto track competitors?” Facebook response indicates it never told Research users anything about tracking “competitors”, and instead dances around the question. Facebook says the registration process told users the data would help the company “understand how people use mobile apps,” “improve . . . services,” and “introduce new features for millions of people around the world.”
Facebook had also told reporters on January 29th regarding teens’ participation, “All of them with signed parental consent forms.” Yet in its response to Senator Warner, Facebook admitted that “Potential participants were required to confirm that they were over 18 or provide other evidence of parental consent, though the vendors did not require a signed parental consent form for teen users.” In some cases, underage users merely had to check a box to claim they had parental consent, and there was no verification of users’ ages or that their parents actually approved.
Facebook pays teens to install VPN that spies on them
So to quickly recap:
* TechCrunch reports on January 29th that Facebook is paying teens and adults up to $20 in gift cards per month to install a Research VPN with Root network access to spy on all their mobile app activity, web browsing, and even encrypted communications. * TechCrunch informs Facebook and Apple that Facebook’s Research app violates Apple’s Enterprise Certificate rules. * That night, Facebook claims it shut down the Research app on iOS but didn’t violate Apple’s policy, and tells reporters only 5 percent of Research users were teens and they all had signed parental consent forms. * The next morning, Apple tells TechCrunch that it forcibly shut down Facebook Research on iOS for violating the Enterprise Certificate rules, and invalidates Facebook’s Certificate thereby breaking its internal iOS apps for 30 hours, including its Workplace chat and task management apps as well as its shuttle schedule and lunch menu * TechCrunch reports Google’s Screenwise Meter market research app was also breaking Apple’s Enterprise Certificate rules, but it quickly apologies and shuts down the app on iOS though it still has its internal iOS apps invalidated for 6 hours. * Senator Warner issues a letter demanding answers about Facebook Research from Mark Zuckerberg, while Senators Blumenthal and Markey also issue sternly worded reprimands of Facebook. * Facebook’s VP of production engineering and security Pedro Canahuati publishes an internal memo disputing our reporting by saying the program was never secret, but its points are swiftly dismantled by TechCrunch after we reveal that legal action was threatened if a Research user spoke publicly about the app. * TechCrunch reports that Apple failed to block dozens of hardcore pornography and real-money gambling apps abusing Enterprise Certificate program to sidestep the App Store’s rules, and Apple shuts them down. * Facebook tells TechCrunch on February 21st that it’s ceased recruiting users for its Research program on Android where it was still running, and that it will shut down its similar Onavo market research spyware VPN on Android after Apple banned it last year. * That same day, Facebook issues this response to Senator Warner that shows its initial response to reporters wasn’t accurate.
Facebook targeted teens with ads on Instagram and Snapchat to join the Research program without revealing its involvement
The contradictions between Facebook’s initial response to reporters and what it told Warner, who has the power to pursue regulation of the the tech giant, shows Facebook willingness to move fast and play loose with the truth when it’s less accountable. It’s no wonder the company never shared the response with TechCrunch or posted a blog post or press release about it.
Facebook’s attempt to minimize the issue in the wake of backlash exemplifies the trend of of the social network’s “reactionary” PR strategy that employees described to BuzzFeed’s Ryan Mac. The company often views its scandals as communications errors rather than actual product screwups or as signals of deep-seeded problems with Facebook’s respect for privacy. Facebook needs to learn to take its lumps, change course, and do better rather than constantly trying to challenge details of negative press about it, especially before it has all the necessary information. Until then, the never-ending news cycle of Facebook’s self-made disasters will continue.
Below is Facebook’s full response to Senator Warner’s inquiry, and following that is Warner’s original letter to Mark Zuckerberg.
View this document on Scribd
Additional reporting by Krystal Hu
HackerNewsBot debug: Calculated post rank: 113 - Loop: 182 - Rank min: 100 - Author rank: 59
From the beginning, Discord has been an early adopter of Elixir. The Erlang VM was the perfect candidate for the highly concurrent…
Article word count: 1821
HN Discussion: https://news.ycombinator.com/item?id=19238221
Posted by lelf (karma: 37746)
Post stats: Points: 128 - Comments: 20 - 2019-02-24T11:48:53Z
#HackerNews #2017 #concurrent #discord #elixir #scaled #users
Go to the profile of Stanislav Vishnevskiy
From the beginning, Discord has been an early adopter of Elixir. The Erlang VM was the perfect candidate for the highly concurrent, real-time system we were aiming to build. We developed the original prototype of Discord in Elixir; that became the foundation of our infrastructure today. Elixir’s promise was simple: access the power of the Erlang VM through a much more modern and user-friendly language and toolset.
Fast forward two years, and we are up to nearly five million concurrent users and millions of events per second flowing through the system. While we don’t have any regrets with our choice of infrastructure, we did have to do a lot of research and experimentation to get here. Elixir is a new ecosystem, and the Erlang ecosystem lacks information about using it in production (although Erlang in Anger is awesome). What follows is a set of lessons learned and libraries created throughout our journey of making Elixir work for Discord.
While Discord is rich with features, most of it boils down to pub/sub. Users connect to a WebSocket and spin up a session process (a GenServer), which then communicates with remote Erlang nodes that contain guild (internal for a “Discord Server”) processes (also GenServers). When anything is published in a guild, it is fanned out to every session connected to it.
When a user comes online, they connect to a guild, and the guild publishes a presence to all other connected sessions. Guilds have a lot of other logic behind the scenes, but here’s a simplified example:
This was a fine approach when we originally built Discord to groups of 25 of less. However, we have been fortunate enough to have “good problems” arise as people started using Discord for large scale groups. Eventually we ended up with many Discord servers like /r/Overwatch with up to 30,000 concurrent users. During peak hours, we began to see these processes fail to keep up with their message queues. At a certain point, we had to manually intervene and turn off features that generated messages to help cope with the load. We had to figure this out before it became a full-time job.
We began by benchmarking hot paths within the guild processes and quickly stumbled onto an obvious culprit. Sending messages between Erlang processes was not as cheap as we expected, and the reduction cost — Erlang unit of work used for process scheduling — was also quite high. We found that the wall clock time of a single send/2 call could range from 30μs to 70us due to Erlang de-scheduling the calling process. This meant that during peak hours, publishing an event from a large guild could take anywhere from 900ms to 2.1s! Erlang processes are effectively single threaded, and the only way to parallelize the work is to shard them. That would have been quite an undertaking, and we knew there had to be a better way.
We knew we had to somehow distribute the work of sending messages. Since spawning processes in Erlang is cheap, our first guess was to just spawn another process to handle each publish. However, each publish could be scheduled at a different time, and Discord clients depend on linearizability of events. That solution also wouldn’t scale well because the guild service was also responsible for an ever-growing amount of work.
Inspired by a blog post about boosting performance of message passing between nodes, Manifold was born. Manifold distributes the work of sending messages to the remote nodes of the PIDs (Erlang process identifier), which guarantees that the sending processes at most only calls send/2 equal to the number of involved remote nodes. Manifold does this by first grouping PIDs by their remote node and then sending to Manifold.Partitioner on each of those nodes. The partitioner then consistently hashes the PIDs using :erlang.phash2/2, groups them by number of cores, and sends them to child workers. Finally, those workers send the messages to the actual processes. This ensures the partitioner does not get overloaded and still provides the linearizability guaranteed by send/2. This solution was effectively a drop-in replacement for send/2:
An awesome side-effect of Manifold was that we were able to not only distribute the CPU cost of fanning out messages, but also reduce the network traffic between nodes:
Network Reduction on 1 Guild Node
Manifold is available on our GitHub, so give it a spin. https://github.com/discordapp/manifold.
Discord is a distributed system achieved through consistent hashing. Using this method requires us to create a ring data structure that can be used to lookup the node of a particular entity. We want that to be fast, so we chose the wonderful library by Chris Moos via a Erlang C port (process responsible for interfacing with C code). It worked great for us, but as Discord scaled, we started to notice issues when we had bursts of users reconnecting. The Erlang process responsible for controlling the ring would start to get so busy that it would fail to keep up with requests to the ring, and the whole system would become overloaded. The solution at first seemed obvious: run multiple processes with the ring data to better utilize all the machine’s cores to answer the requests. However, we noticed that this was a hot path. Could we do better?
Let’s break down the cost of this hot path.
* A user can be in any number of guilds, but an average user is in 5. * An Erlang VM responsible for sessions can have up to 500,000 live sessions on it. * When a session connects, it has to lookup the remote node for each guild it is interested in. * The cost of communicating with another Erlang process using request/reply is about 12μs.
If the session server were to crash and restart, it would take about 30 seconds just for the cost of lookups on the ring. That does not even account for Erlang de-scheduling the single process involved in the ring for other processes’ work. Could we remove this cost completely?
The first thing people do in Elixir when they want to speed up data access is to introduce ETS. ETS is a fast, mutable dictionary implemented in C; the tradeoff is that data is copied in and out of it. We couldn’t just move our ring into ETS because we were using a C port to control the ring, so we converted the code to pure Elixir. Once that was implemented, we had a process whose job was to own the ring and constantly copy it into ETS so other processes could read directly from ETS. This noticeably improved performance, but ETS reads were about 7μs, and we were still spending 17.5 seconds on looking up values in the ring. The ring data structure is actually fairly large, and copying it in and out of ETS was the majority of the cost. We were disappointed; in any other language we could easily just have a shared value that was safe to read. There had to be a way to do this in Erlang!
After doing some research, we found mochiglobal, a module that exploits a feature of the VM: if Erlang sees a function that always returns the same constant data, it puts that data into a read-only shared heap that processes can access without copying the data. mochiglobal takes advantage of this by creating an Erlang module with one function at runtime and compiling it. Since the data is never copied, the lookup cost decreases to 0.3us, bringing the total time down to 750ms! There’s no such thing as a free lunch though; the cost of building a module with a data structure as large as the ring at runtime can take up to a second. The good news is that we rarely change the ring, so it was a penalty we were willing to take.
We decided to port mochiglobal to Elixir and add some functionality to avoid creating atoms. Our version is called FastGlobal and is available at https://github.com/discordapp/fastglobal.
After solving the performance of the node lookup hot path, we noticed that the processes responsible for handling guild_pid lookup on the guild nodes were getting backed up. The inherent back pressure of the slow node lookup had previously protected these processes. The new problem was that nearly 5,000,000 session processes were trying to stampede ten of these processes (one on each guild node). Making this path faster wouldn’t solve the problem; the underlying issue was that the call of a session process to this guild registry would timeout and leave the request in the queue of the guild registry. It would then retry the request after a backoff, but perpetually pile up requests and get into an unrecoverable state. Sessions would block on these requests until they timed out while receiving messages from other services, causing them to balloon their message queues and eventually OOM the whole Erlang VM resulting in cascading service outages.
We needed to make session processes smarter; ideally, they wouldn’t even try to make these calls to the guild registry if a failure was inevitable. We didn’t want to use a circuit breaker because we didn’t want a burst in timeouts to result in a temporary state where no attempts are made at all. We knew how we would solve this in other languages, but how would we solve it in Elixir?
In most other languages, we could use an atomic counter to track outstanding requests and bail early if the number was too high, effectively implementing a semaphore. The Erlang VM is built around coordinating through communication between processes, but we knew we didn’t want to overload a process responsible for doing this coordination. After some research we stumbled upon :ets.update_counter/4, which performs atomic conditional increment operations on a number inside an ETS key. Since we needed high concurrency, we could also run ETS in write_concurrency mode but still read the value out, since :ets.update_counter/4 returns the result. This gave us the fundamental piece to create our Semaphore library. It is extremely easy to use and performs really well at high throughput:
This library has proved instrumental in protecting our Elixir infrastructure. A similar situation to the aforementioned cascading outages occurred as recently as last week, but there were no outages this time. Our presence services crashed due to an unrelated issue, but the session services did not even budge, and the presence services were able to rebuild within minutes after restarting:
Live presences within presence serviceCPU usage on the session services around the same time period.
You can find our Semaphore library on GitHub at https://github.com/discordapp/semaphore.
Choosing to use and getting familiar with Erlang and Elixir has proven to be a great experience. If we had to go back and start over, we would definitely choose the same path. We hope that sharing our experiences and tools proves useful to other Elixir and Erlang developers, and we hope to continue sharing as we progress on our journey, solving problems and learning lessons along the way.
We are hiring, so come join us if this type of stuff tickles your fancy.
HackerNewsBot debug: Calculated post rank: 92 - Loop: 95 - Rank min: 80 - Author rank: 131
“Anyone else see the docs being reported on here? “Docs seen by @ComputerWeekly also reveal plans by @Facebook to pass data on single users to companies selling dating services and organisations that…
Article word count: 321
HN Discussion: https://news.ycombinator.com/item?id=19232132
Posted by DyslexicAtheist (karma: 10607)
Post stats: Points: 128 - Comments: 28 - 2019-02-23T07:04:07Z
#HackerNews #android #emails #facebook #internal #phone #planned #reveal #spy #users
 [IMG]ashkan soltaniVerified account @ashk4n 13h13 hours ago
Anyone else see the docs being reported on here? “Docs seen by @ComputerWeekly also reveal plans by @Facebook to pass data on single users to companies selling dating services and organisations that wanted to target them with ‘political’ advertisements”https://www.computerweekly.com/news/252458208/Facebook-planned-to-spy-on-Android-phone-users-internal-emails-reveal …
 [IMG]ashkan soltaniVerified account @ashk4n 12h12 hours ago
Here are the docs @computerweekly is basing their reporting on. They appear to contain at least some previously undisclosed emails and transcripts: https://github.com/BuxtonTheRed/btrmisc/blob/master/fb-643-extended.pdf …pic.twitter.com/PfsxBqhC8v
Show this thread
 [IMG]ashkan soltaniVerified account @ashk4n 12h12 hours ago
One positive highlight, @Facebook embedded #privacybydesign features into iOS app to eliminate ʼmost controversial use scenariosʼ and appease @Apple privacy team (i.e - limits use of collected info for aggregate analytics - limit retention of information in identifiable form )pic.twitter.com/GJPFp7pv5e
Show this thread
 [IMG]ashkan soltaniVerified account @ashk4n 11h11 hours ago
More evidence that @Facebook considers access to usersʼ data via the API as a value exchange (i.e sale) with partners: - How valuable is "read" data? - What value does analogous data have in our ads system? - What [user]data do we not expose that could have value? (page 10)pic.twitter.com/GPjEoWMbi1
Show this thread
 [IMG]ashkan soltaniVerified account @ashk4n 11h11 hours ago
Anyone know what app story that @avichal asks to "NOT REPEAT THIS STORY OFF OF THIS THREAD" is? "If Mark had accidentally disclosed earnings ahead of time because a platform app violated his privacy ... literally, that would have basically been fatal for Login I Open Graph"pic.twitter.com/KfBs53cZTV
Show this thread
 [IMG]Sailor77 Stay Vigilant #Resist @agooding58 3h3 hours ago
Replying to @ashk4n @badwebsites and
Isnʼt FB wonderful? Theyʼre poison.
 [IMG]Marc Jacobs @trollball 11h11 hours ago
Replying to @ashk4n @ComputerWeekly @facebook
It just keeps coming. Thank you for highlighting
 [IMG]throwaway @throwaway94827 2h2 hours ago
Replying to @ashk4n
 [IMG]Threader @threader_app 2h2 hours ago
Replying to @throwaway94827
Hey throwaway, the thread from @ashk4n is compiled now. You can read it here: https://threader.app/thread/1099117028026118144 … #privacybydesign
HackerNewsBot debug: Calculated post rank: 94 - Loop: 187 - Rank min: 80 - Author rank: 38
Facebook has continued to allow advertisers to target users it believes are interested in topics such as “Joseph Goebbels,” “Josef Mengele” and “Heinrich Himmler," as well as neo-Nazi bands, despite…
Article word count: 1534
HN Discussion: https://news.ycombinator.com/item?id=19219089
Posted by mnm1 (karma: 1829)
Post stats: Points: 112 - Comments: 143 - 2019-02-21T18:15:14Z
#HackerNews #ads #and #are #decided #facebook #interested #let #nazis #target #them #users #which
Skip to content
Facebook makes money by charging advertisers to reach just the right audience for their message — even when that audience is made up of people interested in the perpetrators of the Holocaust or explicitly neo-Nazi music.
Despite promises of greater oversight following past advertising scandals, a Times review shows that Facebook has continued to allow advertisers to target hundreds of thousands of users the social media firm believes are curious about topics such as “Joseph Goebbels,” “Josef Mengele,” “Heinrich Himmler,” the neo-nazi punk band Skrewdriver and Benito Mussolini’s long-defunct National Fascist Party.
Experts say that this practice runs counter to the company’s stated principles and can help fuel radicalization online.
“What you’re describing, where a clear hateful idea or narrative can be amplified to reach more people, is exactly what they said they don’t want to do and what they need to be held accountable for,” said Oren Segal, director of the Anti-Defamation League’s center on extremism.
After being contacted by The Times, Facebook said that it would remove many of the audience groupings from its ad platform.
“Most of these targeting options are against our policies and should have been caught and removed sooner,” said Facebook spokesman Joe Osborne. “While we have an ongoing review of our targeting options, we clearly need to do more, so we’re taking a broader look at our policies and detection methods.”
Facebook’s broad reach and sophisticated advertising tools brought in a record $55 billion in ad revenue in 2018.
Profit margins stayed above 40%, thanks to a high degree of automation, with algorithms sorting users into marketable subsets based on their behavior — then choosing which ads to show them.
But the lack of human oversight has also brought the company controversy.
In 2017, Pro Publica found that the company sold ads based on any user-generated phrase, including “Jew hater” and “Hitler did nothing wrong.” Following the murder of 11 congregants at a synagogue in Pittsburgh in 2018, the Intercept found that Facebook gave advertisers the ability to target users interested in the anti-Semitic “white genocide conspiracy theory,” which the suspected killer cited as inspiration before the attacks.
This month, the Guardian highlighted the ways that YouTube and Facebook boost anti-vaccine conspiracy theories, leading Rep. Adam Schiff (D-Burbank) to question whether the company was promoting misinformation.
Facebook has promised since 2017 that humans review every ad targeting category. It announced last fall the removal of 5,000 audience categories that risked enabling abuse or discrimination.
The Times decided to test the effectiveness of the company’s efforts by seeing if Facebook would allow the sale of ads directed to certain segments of users.
Facebook allowed The Times to target ads to users Facebook has determined are interested in Goebbels, the Third Reich’s chief propagandist, Himmler, the architect of the Holocaust and leader of the SS, and Mengele, the infamous concentration camp doctor who performed human experiments on prisoners. Each category included hundreds of thousands of users.
A screenshot of the Facebook ad buying process showing the number of people the platform thinks are interested in "Josef Mengele."
A screenshot of the Facebook ad buying process showing the number of people the platform thinks are interested in "Josef Mengele." (Facebook)
The company also approved an ad targeted to fans of Skrewdriver, a notorious white supremacist punk band — and automatically suggested a series of topics related to European far-right movements to bolster the ad’s reach.
Collectively, the ads were seen by 4,153 users in 24 hours, with The Times paying only $25 to fuel the push.
Facebook admits its human moderators should have removed the Nazi-affiliated demographic categories. But it says the “ads” themselves — which consisted of the word “test” or The Times’ logo and linked back to the newspaper’s homepage — would not have raised red flags for the separate team that looks over ad content.
Upon review, the company said the ad categories were seldom used. The few ads purchased linked to historical content, Facebook said, but the company would not provide more detail on their origin.
The Times was tipped off by a Los Angeles musician who asked to remain anonymous for fear of retaliation from hate groups.
Earlier this year, he tried to promote a concert featuring his hardcore punk group and a black metal band on Facebook. When he typed “black metal” into Facebook’s ad portal, he said he was disturbed to discover that the company suggested he also pay to target users interested in “National Socialist black metal” — a potential audience numbering in the hundreds of thousands.
The punk and metal music scenes, and black metal in particular, have a long grappled with white supremacist undercurrents. Black metal grew out of the early Norwegian metal scene, which saw prominent members convicted of burning down churches, murdering fellow musicians and plotting bombings. Some bands and their fans have since combined anti-Semitism, neo-paganism, and the promotion of violence into the distinct subgenre of National Socialist black metal, which the Southern Poverty Law Center described as a dangerous white supremacist recruiting tool nearly 20 years ago.
The musician saw himself as a part of that same tradition.
“I grew up in a punk scene in Miami where there were Nazis, they would kind of invade the concerts as a place where they knew they could get away with violence,” he said.
So he saw it as his duty, he said, to contact Facebook and express his disgust.
Facebook subsequently removed the grouping from the platform, but the musician remains incredulous that “National Socialist black metal” was a category in the first place — let alone one the company specifically prompted him to pursue.
“Why is it my job to police their platform?” he said.
After reviewing screenshots verifying the musician’s story, The Times investigated whether Facebook would allow advertisers to target explicitly neo-Nazi bands or other terms associated with hate groups.
We started with Skrewdriver, a British band with a song called “White Power” and an album named after a Hitler Youth motto. Since the band only had 2,120 users identified as fans, Facebook informed us that we would need to add more target demographics to publish the ad.
The prompt led us down a rabbit hole of terms it thought were related to white supremacist ideology.
First, it recommended “Thor Steinar,” a clothing brand that has been outlawed in the German parliament for its association with neo-Nazism. Then, it recommended “NPD Group,” the name of both a prominent American market research firm and a far-right German political party associated with neo-Nazism. Among the next recommended terms were “Flüchtlinge,” the German word for “refugees,” and “Nationalism.”
A screenshot of the auto-suggested target audiences following "Skrewdriver."
A screenshot of the auto-suggested target audiences following "Skrewdriver." (Facaebook)
Facebook said the categories “Flüchtlinge,” “Nationalism,” and “NPD Group” are in line with its policies and will not be removed despite appearing as auto-suggestions following neo-Nazi terms. (Facebook said it had found that the users interested in NPD Group were actually interested in the American market research firm.)
In the wake of past controversies, Facebook has blocked ads aimed at those interested in the most obvious terms affiliated with hate groups. “Nazi,” “Hitler,” “white supremacy” and “Holocaust” all yield nothing in the ad platform. But advertisers could target more than a million users with interest in Goebbels or the National Fascist Party, which dissolved in 1943. Himmler had nearly 95,000 constituents. Mengele had 117,150 interested users — a number that increased over the duration of our reporting, to 127,010.
Facebook said these categories were automatically generated based on user activity — liking or commenting on ads, or joining certain groups. But it would not provide specific details about how it determined a user’s interest in topics linked to Nazis.
The ads ended up being served within Instant Articles — which are hosted within Facebook, rather than linking out to a publisher’s own website — published by the Facebook pages of a wide swath of media outlets.
These included articles by the Daily Wire, CNN, HuffPost, Mother Jones, Breitbart, the BBC and ABC News. They also included articles by viral pages with names like Pupper Doggo, I Love Movies and Right Health Today — a seemingly defunct media company whose only Facebook post was a link to a now-deleted article titled “What Is The Benefits Of Eating Apple Everyday.”
Segal, the ADL director, said Facebook might wind up fueling the recruitment of new extremists by serving up such ads on the types of pages an ordinary news reader might visit.
“Being able to reach so many people with extremist content, existing literally in the same space as legitimate news or non-hateful content, is the biggest danger,” he said. “What you’re doing is expanding the orbit.”
Some critics contend that the potential for exploitation is built into the fundamental workings of ad platforms like Facebook’s, regardless of whether the target demographics are explicitly extremist.
“Finely targeted digital advertising allows anonymous advertisers with who knows what political agenda to test messages that try to tap into some vulnerability and channel a grievance in some particular direction,” said Anthony Nadler, a professor at Ursinus College in Pennsylvania who researches how social networks and ad platforms can assist radicalization and spread disinformation. “I imagine that the more sophisticated white supremacists out there are trying to figure out how to expand their base.”
HackerNewsBot debug: Calculated post rank: 122 - Loop: 109 - Rank min: 100 - Author rank: 18