Jump to content

Facebook Has Been Paying Teens For Their Privacy, update - Apple blocks Facebook/Google from using internal iOS apps


Recommended Posts

In an incredible report on TechCrunch, it's revealed that since 2016 Facebook has been paying users ages 13-35 up to $20 per month to sell their privacy at an unprecedented level. The "Facebook Research" app was administered through third parties to largely hide Facebook's involvement. Through a tool intended for internal testing of enterprise apps, Facebook would gain access to everything on the user's device. It gives access to "private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” In some cases, the Facebook app would even have access to information that an app encrypts. For underage users, the app did require some kind of parental permission, though in some cases it may have been as little as a checkbox ensuring that you're over 18.

 

Using an enterprise certificate to access this level of data is clearly against Apple's terms of service. Since this revelation, Facebook said they would pull the app on iOS, but leave it in place on Android. In response, Apple has shut down all of Facebook's enterprise certificates on iOS, which, in addition to shutting down their "research app," will also prevent Facebook from internally testing new versions of their apps or apps Facebook has built for internal use.

 

 

Facebook claims this was all above board. They say that users knew what they were signing up for and the implications of it, and that only a small fraction of users were teens. Still, the fact that it was done in relative secret, included minors at all, and was in flagrant disregard of Apple's policies is all pretty damning. The fact that seven hours after the story broke they pulled the app from iOS, and that Apple took such severe measures also indicates that this is probably not something they should have been doing.

 

Honestly, I don't think it's a terrible thing for people to get paid for giving up their privacy. Most people are giving various companies most of the info that Facebook was collecting for free, they're just giving it to various service providers in exchange for free services. On the face of it, it doesn't seem much worse to give all that data to one more company in exchange for cash. However, if Facebook is going to make that offer, they should have been certain that the entire process was beyond reproach. Instead they did it as they do everything else: in the most underhanded, shady way possible, doing the least they can do to explain the extent of the agreement. Burn it down. Burn it all down.

Link to comment
Share on other sites

17 minutes ago, CitizenVectron said:

Was this for users in the EU, too? Can't wait until they get involved.

That's a very good question. I didn't see any location info in the reporting so far. I'd have to imagine this would run afoul of the GDPR at the very least if there are.

Link to comment
Share on other sites

32 minutes ago, SFLUFAN said:

 

That's not good. It doesn't seem quite as sketchy as Facebook, but using an enterprise certificate for data collection is not cool. I wouldn't be surprised if they suffer the same fate as Facebook.

 

It'll be interesting to see how long Apple keeps Facebook (and possibly Google) from having an enterprise certificate. They deserve to be punished for so clearly breaking the rules, and Apple has a reputation to uphold on the privacy front. Still, these are gigantic companies that have a very real need to test app updates, apps that iOS users rely on daily. Right now on my iPad Google has 4 of the top 10 free apps and 7 of the top 21. Facebook has two of the top 16. I imagine the case is similar on the iPhone. Apple doesn't want to hurt their own customers in the process of punishing Google and Facebook.

 

I would expect Apple to restore the certificate(s) shortly, once it's clear that these spy apps are disabled on the platform. Then they'll probably take some time developing some new rules that everyone will have to abide by. I wouldn't be surprised if Apple makes some significant changes to the whole enterprise certificate process, but it'll take time because these devices are now mission critical to so many companies.

Link to comment
Share on other sites

38 minutes ago, TwinIon said:

That's not good. It doesn't seem quite as sketchy as Facebook, but using an enterprise certificate for data collection is not cool. I wouldn't be surprised if they suffer the same fate as Facebook.

 

It'll be interesting to see how long Apple keeps Facebook (and possibly Google) from having an enterprise certificate. They deserve to be punished for so clearly breaking the rules, and Apple has a reputation to uphold on the privacy front. Still, these are gigantic companies that have a very real need to test app updates, apps that iOS users rely on daily. Right now on my iPad Google has 4 of the top 10 free apps and 7 of the top 21. Facebook has two of the top 16. I imagine the case is similar on the iPhone. Apple doesn't want to hurt their own customers in the process of punishing Google and Facebook.

 

I would expect Apple to restore the certificate(s) shortly, once it's clear that these spy apps are disabled on the platform. Then they'll probably take some time developing some new rules that everyone will have to abide by. I wouldn't be surprised if Apple makes some significant changes to the whole enterprise certificate process, but it'll take time because these devices are now mission critical to so many companies.

 

Apple isn't going to keep Facebook from having an enterprise cert. They are very likely just going to reissue their cert thus killing off access to all the Facebook Research users. I doubt anything will happen to Google here as they've had their service running for years and have been pretty up front about it. I think the bigger issue Apple has with Facebook is that it sounds like Facebook was allowing minors to sign up for the program with a parental consent that may have just been a checkbox. Google only allows minors into the program if they're part of a family account and even then, any credits or giftcards don't go to the minor.

Link to comment
Share on other sites

2 minutes ago, Ghost_MH said:

Apple isn't going to keep Facebook from having an enterprise cert. They are very likely just going to reissue their cert thus killing off access to all the Facebook Research users. I doubt anything will happen to Google here as they've had their service running for years and have been pretty up front about it. I think the bigger issue Apple has with Facebook is that it sounds like Facebook was allowing minors to sign up for the program with a parental consent that may have just been a checkbox. Google only allows minors into the program if they're part of a family account and even then, any credits or giftcards don't go to the minor.

It doesn't seem like either program should be able to use an enterprise cert for this kind of thing since it's explicitly against Apple's TOS. I agree they won't prevent Facebook from issuing a new cert for long, but I wouldn't rule them canceling Google's as well.

Link to comment
Share on other sites

19 minutes ago, TwinIon said:

It doesn't seem like either program should be able to use an enterprise cert for this kind of thing since it's explicitly against Apple's TOS. I agree they won't prevent Facebook from issuing a new cert for long, but I wouldn't rule them canceling Google's as well.

 

I guess that would depend on whether or not Google got permission or whether or not they were using the same enterprise cert they were using for internal testing. It seems pretty clear to me here that Faebook got one enterprise cert from Apple and used it for EVERYTHING. We don't yet know if that was the case for Google. On the face of it, this does feel like something Facebook would do without asking first, where as Google seems like the type of company that would have gotten the clearance ahead of time. Facebook is very much an act now, asking for forgiveness later type of company.

 

EDIT: It also seems that Facebook let ANYBODY sign up.

In Google's case, it's an invitation only service.

Link to comment
Share on other sites

I doubt this 'Cold War' lasts.

 

Personal information about users for the ruling servers of today are what raw materials were for factories in the old days.

 

Most of the great servers of the postindustrial economy are in a kind of 'soft' or maybe 'automated' form of collusion with each other to ensure that their access to this personal information is as unfettered as possible.  Their infrastructure is set up to be mutually reinforcing--the very act of letting Facebook develop an app that works on Apple devices is meant to help Apple's servers use Facebook's servers to augment their information-gathering powers.

 

Though putatively 'competitors', Apple has little incentive to maintain a feud with Facebook that would reduce the breadth of its network.  I guess we'll see.

 

As for this being 'shady'...I suppose it is, but it's not much less shady than what most social media companies do everyday.   Giving up your privacy--usually via some impenetrable EULA that you don't read--is the 'original sin' of social media, the price of admission.  I have paid it, and so have you, and so has the ten year old who posted a Youtube video of himself doing magic tricks.  Or something.

 

Regardless, the question of how 'shady' the practice is, to me, misses the more interesting economic question, which is: oughtn't you to be compensated for all the money that you generate for these companies?  When Alphabet, Amazon, Apple, whoever, makes a mint off of information about you, aren't you due some of it, being the source of value that allowed them to make said mint?  Isn't there something slightly fraudulent in the fact that you never see a penny? Even if it's fraud that no one individual perpetrates, but is 'automated' in the sense that it is simply part of the way the system has been set up?

 

And isn't that the question they don't want you to ask when they talk about the 'sharing economy'?:thinking:   

 

Link to comment
Share on other sites

11 minutes ago, Signifyin(g)Monkey said:

Most of the great servers of the postindustrial economy are in a kind of 'soft' or maybe 'automated' form of collusion with each other to ensure that their access to this personal information is as unfettered as possible.  Their infrastructure is set up to be mutually reinforcing--the very act of letting Facebook develop an app that works on Apple devices is meant to help Apple's servers use Facebook's servers to augment their information-gathering powers.

 

Though putatively 'competitors', Apple has little incentive to maintain a feud with Facebook that would reduce the breadth of its network.  I guess we'll see.

I would argue that this isn't the case at all, at least not with these particular companies, and not with many others either. Sure, Apple wants Facebook to build apps for their platform in order to make that platform more valuable, but Apple isn't piggybacking off of Facebook's network effect in order to build their own social graph, they just want to sell you more hardware (and services and hardware to support that hardware). Facebook wants to vacuum up all possible data, but Apple has staked a claim to being privacy minded, selling hardware and services on the basis that they're not collecting or selling your information. In this particular case, the only reason it's possible for Facebook to build this app is because of enterprise oriented low level accessibility, not functionality that was ever meant to be available for developers to utilize with consumers.

 

11 minutes ago, Signifyin(g)Monkey said:

Regardless, the question of how 'shady' the practice is, to me, misses the more interesting economic question, which is: oughtn't you to be compensated for all the money that you generate for these companies?  When Alphabet, Amazon, Apple, whoever, makes a mint off of information about you, aren't you due some of it, being the source of value that allowed them to make said mint?  Isn't there something slightly fraudulent in the fact that you never see a penny? Even if it's fraud that no one individual perpetrates, but is 'automated' in the sense that it is simply part of the way the system has been set up?

 

And isn't that the question they don't want you to ask when they talk about the 'sharing economy'?:thinking:   

 

As I mentioned in the OP, I'm mostly ok with companies directly compensating you for access to your data. I think people have a poor idea of what their data is worth to these companies, and if they understood better they might (rightfully) ask for a cut. I also think that people have a generally poor idea of what data we're talking about, and companies like Facebook and Google are incentivized to hide what and how much data is being collected and what purposes it's being used for. Just recently Facebook blocked Ad transparency tools. Still, if you're going to vacuum up people's information, I think it's reasonable to expect you be upfront about what you're collecting and what it's being used for. That's a lot of the gist behind the GDPR, and I think similar legislation is plausible in the US (eventually).

Link to comment
Share on other sites

42 minutes ago, TwinIon said:

I would argue that this isn't the case at all, at least not with these particular companies, and not with many others either. Sure, Apple wants Facebook to build apps for their platform in order to make that platform more valuable, but Apple isn't piggybacking off of Facebook's network effect in order to build their own social graph, they just want to sell you more hardware (and services and hardware to support that hardware). Facebook wants to vacuum up all possible data, but Apple has staked a claim to being privacy minded, selling hardware and services on the basis that they're not collecting or selling your information. In this particular case, the only reason it's possible for Facebook to build this app is because of enterprise oriented low level accessibility, not functionality that was ever meant to be available for developers to utilize with consumers.

Agree to disagree I guess.  Apple of course does not have direct access to the information on Facebook's servers--I'm not saying that--but I would argue it absolutely aims to tap into the network effects they generate in order to sell more hardware (by reaching a greater number of potential customers) and calibrate their advertising/sales strategies.  Indeed, this lets Facebook do a lot of the work 'for them'.  As a bonus, they get to play the 'good guy' in the arms race, even though they're fundamentally seeking the same thing as everyone else--informational supremacy--which simply can't be obtained without breaching the 'firewalls' of privacy.

 

Apple's 'privacy-minded' image, IMO, is just so much more empty PR.  I don't doubt that many people authentically believe that what this PR espouses is true, even at higher levels.  But IMO, at the end of the day, Apple is trying to do the same thing all the other leading members of postindustrial capital are trying to do--maximize the information asymmetry of digital networks in their favor.  This maximization can't be done without breaking down the barriers of privacy.

 

In a way, Apple doesn't have a choice--that is simply the name of the game.  Just as  maximizing control of geographic and material resources and the number, breadth and efficacy of your factories was back in the age of industrial manufacturing.  You either play the game or go home.  The rub is that, in choosing to play it, you perpetuate it, too.

 

That's how I see it, though--you may see things differently.  Which is fine; I don't expect everyone to share my perspective.

Link to comment
Share on other sites

1 hour ago, TwinIon said:

I would argue that this isn't the case at all, at least not with these particular companies, and not with many others either. Sure, Apple wants Facebook to build apps for their platform in order to make that platform more valuable, but Apple isn't piggybacking off of Facebook's network effect in order to build their own social graph, they just want to sell you more hardware (and services and hardware to support that hardware). Facebook wants to vacuum up all possible data, but Apple has staked a claim to being privacy minded, selling hardware and services on the basis that they're not collecting or selling your information. In this particular case, the only reason it's possible for Facebook to build this app is because of enterprise oriented low level accessibility, not functionality that was ever meant to be available for developers to utilize with consumers.

 

As I mentioned in the OP, I'm mostly ok with companies directly compensating you for access to your data. I think people have a poor idea of what their data is worth to these companies, and if they understood better they might (rightfully) ask for a cut. I also think that people have a generally poor idea of what data we're talking about, and companies like Facebook and Google are incentivized to hide what and how much data is being collected and what purposes it's being used for. Just recently Facebook blocked Ad transparency tools. Still, if you're going to vacuum up people's information, I think it's reasonable to expect you be upfront about what you're collecting and what it's being used for. That's a lot of the gist behind the GDPR, and I think similar legislation is plausible in the US (eventually).

 

If you want to know how much your info is worth, look at the payouts to programs like Google Opinions Rewards. You get questions like, "Did you shop at Target? How did you pay?" Google values that answer at around twenty-five cents. They obviously are making something else in top of it, so it's certainly worth more than a quarter to them in aggregate. Most people have no idea how much all this data is worth.

Link to comment
Share on other sites

21 hours ago, Signifyin(g)Monkey said:

Agree to disagree I guess.  Apple of course does not have direct access to the information on Facebook's servers--I'm not saying that--but I would argue it absolutely aims to tap into the network effects they generate in order to sell more hardware (by reaching a greater number of potential customers) and calibrate their advertising/sales strategies.  Indeed, this lets Facebook do a lot of the work 'for them'.  As a bonus, they get to play the 'good guy' in the arms race, even though they're fundamentally seeking the same thing as everyone else--informational supremacy--which simply can't be obtained without breaching the 'firewalls' of privacy.

 

Apple's 'privacy-minded' image, IMO, is just so much more empty PR.  I don't doubt that many people authentically believe that what this PR espouses is true, even at higher levels.  But IMO, at the end of the day, Apple is trying to do the same thing all the other leading members of postindustrial capital are trying to do--maximize the information asymmetry of digital networks in their favor.  This maximization can't be done without breaking down the barriers of privacy.

 

In a way, Apple doesn't have a choice--that is simply the name of the game.  Just as  maximizing control of geographic and material resources and the number, breadth and efficacy of your factories was back in the age of industrial manufacturing.  You either play the game or go home.  The rub is that, in choosing to play it, you perpetuate it, too.

 

That's how I see it, though--you may see things differently.  Which is fine; I don't expect everyone to share my perspective.

I don't entirely disagree with you, mostly because we're seeing Apple change and start to fall behind.

 

I think that Apple's privacy commitments were taken very seriously for a very long time. They built iOS in such a way as to greatly enhance security and privacy. Their messenger is end-to-end encrypted such that Apple doesn't have access to those messages. They've publicly pushed for privacy even when it meant very bad PR.

 

That said, they are starting to change. A little over a year ago they started harvesting more data, claiming that they were doing so with privacy in mind. Apple is pushing really hard to get their services income up as they run out of people to sell phones to, and their services are arguably well behind because of their focus on privacy. Still, I do think that their motivations have historically been honestly pro-privacy. Their purity in that regard is long since spoiled, but I still think they're generally far better.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...