facebook privacy

Auto Added by WPeMatico

Senator Warner calls on Zuckerberg to support market research consent rules

In response to TechCrunch’s investigation of Facebook paying teens and adults to install a VPN that lets it analyze all their phone’s traffic, Senator Mark Warner (D-VA) has sent a letter to Mark Zuckerberg. It admonishes Facebook for not spelling out exactly which data the Facebook Research app was collecting or giving users adequate information necessary to determine if they should accept payment in exchange for selling their privacy. Following our report, Apple banned Facebook’s Research app from iOS and shut down its internal employee-only workplace apps too as punishment, causing mayhem in Facebook’s office.

Warner wrote to Zuckerberg, “In both the case of Onavo and the Facebook Research project, I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection. Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me.”

Warner is working on writing new laws to govern data collection initiatives like Facebook Research. He asks Zuckerberg, “Will you commit to supporting legislation requiring individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users?”

Senator Blumenthal’s fierce statement

Meanwhile, Senator Richard Blumenthal (D-CT) provided TechCrunch with a fiery statement regarding our investigation. He calls Facebook anti-competitive, which could fuel calls to regulate or break up Facebook, says the FTC must address the issue and that he’s planning to work with congress to safeguard teens’ privacy:

“Wiretapping teens is not research, and it should never be permissible. This is yet another astonishing example of Facebook’s complete disregard for data privacy and eagerness to engage in anti-competitive behavior. Instead of learning its lesson when it was caught spying on consumers using the supposedly ‘private’ Onavo VPN app, Facebook rebranded the intrusive app and circumvented Apple’s attempts to protect iPhone users. Facebook continues to demonstrate its eagerness to look over everyone’s shoulder and watch everything they do in order to make money. 

Mark Zuckerberg’s empty promises are not enough. The FTC needs to step up to the plate, and the Onavo app should be part of its investigation. I will also be writing to Apple and Google on Facebook’s egregious behavior, and working in Congress to make sure that teens are protected from Big Tech’s privacy intrusions.”

Senator Markey says stop surveiling teens

And finally, Senator Edward J. Markey (D-MA) requests that Facebook stop recruiting teens for its Research program, and notes he’ll push his “Do Not Track Kids” act in Congress:

“It is inherently manipulative to offer teens money in exchange for their personal information when younger users don’t have a clear understanding how much data they’re handing over and how sensitive it is. I strongly urge Facebook to immediately cease its recruitment of teens for its Research Program and explicitly prohibit minors from participating. Congress also needs to pass legislation that updates children’s online privacy rules for the 21st century. I will be reintroducing my ‘Do Not Track Kids Act’ to update the Children’s Online Privacy Protection Act by instituting key privacy safeguards for teens. 

But my concerns also extend to adult users. I am alarmed by reports that Facebook is not providing participants with complete information about the extent of the information that the company can access through this program. Consumers deserve simple and clear explanations of what data is being collected and how it being used.”

The senators’ statements do go a bit overboard. Though Facebook Research was aggressively competitive and potentially misleading, Blumenthal calling it “anti-competitive” is a stretch. And Warner’s questioning on whether “any user reasonably understood that they were giving Facebook root device access through the enterprise certificate” or that it uses the data to track competitors oversteps the bounds. Surely some savvy technologists did, but the question is whether all the teens and everyone else understood.

Facebook isn’t the only one paying users to analyze all their phone data. TechCrunch found that Google had a similar program called Screenwise Meter. Though it was more upfront about it, Google also appears to have violated Apple’s employee-only Enterprise Certificate rules. We may be seeing the start to an industry-wide crack down on market research surveillance apps that dangle gift cards in front of users to get them to give up a massive amount of privacy.

Warner’s full letter to Zuckerberg can be found below:

Dear Mr. Zuckerberg: 

I write to express concerns about allegations of Facebook’s latest efforts to monitor user activity. On January 29th, TechCrunch revealed that under the auspices of partnerships with beta testing firms, Facebook had begun paying users aged 13 to 35 to install an enterprise certificate, allowing Facebook to intercept all internet traffic to and from user devices. According to subsequent reporting by TechCrunch, Facebook relied on intermediaries that often “did not disclose Facebook’s involvement until users had begun the signup process.” Moreover, the advertisements used to recruit participants and the “Project Disclosure” make no mention of Facebook or the commercial purposes to which this data was allegedly put.

This arrangement comes in the wake of revelations that Facebook had previously engaged in similar efforts through a virtual private network (VPN) app, Onavo, that it owned and operated. According to a series of articles by the Wall Street Journal, Facebook used Onavo to scout emerging competitors by monitoring user activity – acquiring competitors in order to neutralize them as competitive threats, and in cases when that did not work, monitor usage patterns to inform Facebook’s own efforts to copy the features and innovations driving adoption of competitors’ apps. In 2017, my staff contacted Facebook with questions about how Facebook was promoting Onavo through its Facebook app – in particular, framing the app as a VPN that would “protect” users while omitting any reference to the main purpose of the app: allowing Facebook to gather market data on competitors.

Revelations in 2017 and 2018 prompted Apple to remove Onavo from its App Store in 2018 after concluding that the app violated its terms of service prohibitions on monitoring activity of other apps on a user’s device, as well as a requirement to make clear what user data will be collected and how it will be used. In both the case of Onavo and the Facebook Research project, I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection.

Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me. As you recall, I wrote the Federal Trade Commission in 2014 in the wake of revelations that Facebook had undertaken a behavioral experiment on hundreds of thousands of users, without obtaining their informed consent. In submitted questions to your Chief Operating Officer, Sheryl Sandberg, I once again raised these concerns, asking if Facebook provided for “individualized, informed consent” in all research projects with human subjects – and whether users had the ability to opt out of such research. In response, we learned that Facebook does not rely on individualized, informed consent (noting that users consent under the terms of the general Data Policy) and that users have no opportunity to opt out of being enrolled in research studies of their activity. In large part for this reason, I am working on legislation to require individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users. 

Fair, robust competition serves as an impetus for innovation, product differentiation, and wider consumer choice. For these reasons, I request that you respond to the following questions: 

1. Do you think any user reasonably understood that they were giving Facebook root device access through the enterprise certificate? What specific steps did you take to ensure that users were properly informed of this access? 

2. Do you think any user reasonably understood that Facebook was using this data for commercial purposes, including to track competitors?

3. Will you release all participants from the confidentiality agreements Facebook made them sign?

4. As you know, I have begun working on legislation that would require large platforms such as Facebook to provide users, on a continual basis, with an estimate of the overall value of their data to the service provider. In this instance, Facebook seems to have developed valuations for at least some uses of the data that was collected (such as market research). This further emphasizes the need for users to understand fully what data is collected by Facebook, the full range of ways in which it is used, and how much it is worth to the company. Will you commit to supporting this legislation and exploring methods for valuing user data holistically?

5. Will you commit to supporting legislation requiring individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users?

I look forward to receiving your responses within the next two weeks. If you should have any questions or concerns, please contact my office at 202-224-2023.

Powered by WPeMatico

Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms. Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits, and it has no plans to stop.

Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.

We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.

The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple could seek to block Facebook from continuing to distribute its Research app, or even revoke it permission to offer employee-only apps, and the situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point. TechCrunch has spoken to Apple and it’s aware of the issue, but the company did not provide a statement before press time.

“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”

Facebook’s surveillance app

Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.

Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.

The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported.

But that didn’t stop Facebook’s data collection.

Project Atlas

TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.

Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.

The Applause site explains what data could be collected by the Facebook Research app (emphasis mine):

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”

Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.

 

Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to their phone plus much of the data it transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.

Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.

TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”

“Flagrant defiance of Apple’s rules”

In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”

Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.

However, Facebook claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.

Facebook disobeying Apple so directly could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”

Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence.

Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.”

Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook is still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. If Apple shuts the Research program down, Facebook will either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.

Additional reporting by Zack Whittaker.

Powered by WPeMatico

With trust destroyed, Facebook is haunted by old data deals

As Facebook colonized the rest of the web with its functionality in hopes of fueling user growth, it built aggressive integrations with partners that are coming under newfound scrutiny through a deeply reported New York Times investigationSome of what Facebook did was sloppy or unsettling, including forgetting to shut down APIs when it cancelled its Instant Personalization feature for other sites in 2014, and how it used contact syncing to power friend recommendations.

But other moves aren’t as bad as they sound. Facebook did provide Spotify and Netflix the ability to access users messages, but only so people could send friends songs or movies via Facebook messages without leaving those apps. And Facebook did let Yahoo and Blackberry access people’s News Feeds, but to let users browse those feeds within social hub features inside those apps. These partners could only access data when users logged in and connected their Facebook accounts, and were only approved to use this data to provide Facebook-related functionality. That means Spotify at least wasn’t supposed to be rifling through everyone’s messages to find out what bands they talk about so it could build better curation algorithms, and there’s no evidence yet that it did.

Thankfully Facebook has ditched most of these integrations, as the dominance of iOS and Android have allowed it to build fewer, more standardized, and better safeguarded access points to its data. And it’s battened down the hatches in some ways, forcing users to shortcut from Spotify into the real Facebook Messenger rather than giving third-parties any special access to offer Facebook Messaging themselves.

The most glaring allegation Facebook hasn’t adequately responded to yet is that it used data from Amazon, Yahoo, and Huawei to improve friend suggestions through People You May Know — perhaps its creepiest feature. The company needs to accept the loss of growth hacking trade secrets and become much more transparent about how it makes so uncannily accurate recommendations of who to friend request — as Gizmodo’s Kashmir Hill has documented.

In some cases, Facebook has admitted to missteps, with its Director of Developer Platforms and Programs Konstantinos Papamiltiadis writing “we shouldn’t have left the APIs in place after we shut down instant personalization.”

In others, we’ll have decide where to draw the line between what was actually dangerous and what gives us the chills at first glance. You don’t ask permission from friends to read an email from them on a certain browser or device, so should you worry if they saw your Facebook status update on a Blackberry social hub feature instead of the traditional Facebook app? Well that depends on how the access is monitored and meted out.

The underlying question is whether we trust that Facebook and these other big tech companies actually abided by rules to oversee and not to overuse data. Facebook has done plenty wrong, and after repeatedly failing to be transparent or live up to its apologies, it doesn’t deserve the benefit of the doubt. For that reason, I don’t want it giving any developer — even ones I normally trust like Spotify — access to sensitive data protected merely by their promise of good behavior despite financial incentives for misuse.

Facebook’s former chief security officer Alex Stamos tweeted that “allowing for 3rd party clients is the kind of pro-competition move we want to see from dominant platforms. For ex, making Gmail only accessible to Android and the Gmail app would be horrible. For the NY Times to try to scandalize this kind of integration is wrong.” But countered that by noting that “integrations that are sneaky or send secret data to servers controlled by others really is wrong.”

Even if Spotify and Netflix didn’t abuse the access Facebook provided, there’s always eventually a Cambridge Analytica. Tech companies have proven their word can’t necessarily be trusted. The best way to protect users is to properly lock down the platforms with ample vetting, limits, and oversight so there won’t be gray areas that require us to put our faith in the kindness of businesses.

Powered by WPeMatico

Facebook staff discussed selling API access to apps in 2012-2014

Following a flopped IPO in 2012, Facebook desperately brainstormed new ways to earn money. An employee of unknown rank sent an internal email suggesting Facebook charge developers $250,000 per year for access to its platform APIs for making apps that can ask users for access to their data. Employees also discussed offering Tinder extended access to users’ friends’ data that was being removed from the platform in exchange for Tinder’s trademark on “Moments,” which Facebook wanted to use for a photo-sharing app it later launched. Facebook decided against selling access to the API, and did not strike a deal with Tinder or other companies, including Amazon and Royal Bank of Canada mentioned in employee emails.

The discussions were reported by The Wall Street Journal as being part of a sealed court document its reporters had reviewed from a lawsuit by bikini-photo-finding app developer Six4Three against Facebook alleging anti-competitive practices in how it changed the platform in 2014 to restrict access to friends’ data through the platform.

The biggest question remaining is how high in rank the employees who discussed these ideas were. If the ideas were seriously considered by high-ranking executives, especially CEO Mark Zuckerberg, the revelation could contradict the company’s long-running philosophy on not selling data access. Zuckerberg told congress in April that “I can’t be clearer on this topic: We don’t sell data.” If the discussion was between low-level employees, it may have been little more than an off-hand suggestion as Facebook was throwing ideas against the wall, and may have been rejected or ignored by higher-ups. But either way, now that the discussion has leaked, it could validate the public’s biggest fears about Facebook and whether it’s a worthy steward of our personal data.

An employee emailed others about the possibility of removing platform API access “in one-go to all apps that don’t spend… at least $250k a year to maintain access to the data,” the document shows. Facebook clarified to TechCrunch that these discussions were regarding API access, and not selling data directly to businesses. The fact that the discussions were specifically about API access, which Facebook continues to give away for free to developers, had not been previously reported.

Facebook provided this full statement to TechCrunch:

As we’ve said many times, the documents Six4Three gathered for this baseless case are only part of the story and are presented in a way that is very misleading without additional context. Evidence has been sealed by a California court so we are not able to disprove every false accusation. That said, we stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers. Any short-term extensions granted during this platform transition were to prevent the changes from breaking user experience. To be clear, Facebook has never sold anyone’s data. Our APIs have always been free of charge and we have never required developers to pay for using them, either directly or by buying advertising.

A half decade-later, with the world’s will turned against Facebook, the discussions of selling data access couldn’t come at a worse time for the company. Even if quickly aborted, the idea could now stoke concerns that Facebook has too much power and too much of our personal information. While the company eventually found other money-makers and became highly profitable, the discussions illuminate how Facebook could potentially exploit people’s data more aggressively if it deemed it necessary.

Powered by WPeMatico

Tech giants offer empty apologies because users can’t quit

A true apology consists of a sincere acknowledgement of wrong-doing, a show of empathic remorse for why you wronged and the harm it caused, and a promise of restitution by improving ones actions to make things right. Without the follow-through, saying sorry isn’t an apology, it’s a hollow ploy for forgiveness.

That’s the kind of “sorry” we’re getting from tech giants — an attempt to quell bad PR and placate the afflicted, often without the systemic change necessary to prevent repeated problems. Sometimes it’s delivered in a blog post. Sometimes it’s in an executive apology tour of media interviews. But rarely is it in the form of change to the underlying structures of a business that caused the issue.

Intractable Revenue

Unfortunately, tech company business models often conflict with the way we wish they would act. We want more privacy but they thrive on targeting and personalization data. We want control of our attention but they subsist on stealing as much of it as possible with distraction while showing us ads. We want safe, ethically built devices that don’t spy on us but they make their margins by manufacturing them wherever’s cheap with questionable standards of labor and oversight. We want groundbreaking technologies to be responsibly applied, but juicy government contracts and the allure of China’s enormous population compromise their morals. And we want to stick to what we need and what’s best for us, but they monetize our craving for the latest status symbol or content through planned obsolescence and locking us into their platforms.

The result is that even if their leaders earnestly wanted to impart meaningful change to provide restitution for their wrongs, their hands are tied by entrenched business models and the short-term focus of the quarterly earnings cycle. They apologize and go right back to problematic behavior. The Washington Post recently chronicled a dozen times Facebook CEO Mark Zuckerberg has apologized, yet the social network keeps experiencing fiasco after fiasco. Tech giants won’t improve enough on their own.

Addiction To Utility

The threat of us abandoning ship should theoretically hold the captains in line. But tech giants have evolved into fundamental utilities that many have a hard time imagining living without. How would you connect with friends? Find what you needed? Get work done? Spend your time? What hardware or software would you cuddle up with in the moments you feel lonely? We live our lives through tech, have become addicted to its utility, and fear the withdrawal.

If there were principled alternatives to switch to, perhaps we could hold the giants accountable. But the scalability, network effects, and aggregation of supply by distributors has led to near monopolies in these core utilities. The second-place solution is often distant. What’s the next best social network that serves as an identity and login platform that isn’t owned by Facebook? The next best premium mobile and PC maker behind Apple? The next best mobile operating system for the developing world beyond Google’s Android? The next best ecommerce hub that’s not Amazon? The next best search engine? Photo feed? Web hosting service? Global chat app? Spreadsheet?

Facebook is still growing in the US & Canada despite the backlash, proving that tech users aren’t voting with their feet. And if not for a calculation methodology change, it would have added 1 million users in Europe this quarter too.

One of the few tech backlashes that led to real flight was #DeleteUber. Workplace discrimination, shady business protocols, exploitative pricing and more combined to spur the movement to ditch the ridehailing app. But what was different here is that US Uber users did have a principled alternative to switch to without much hassle: Lyft. The result was that “Lyft benefitted tremendously from Uber’s troubles in 2018” eMarketer’s forecasting director Shelleen Shum told the USA Today in May. Uber missed eMarketer’s projections while Lyft exceeded them, narrowing the gap between the car services. And meanwhile, Uber’s CEO stepped down as it tried to overhaul its internal policies.

This is why we need regulation that promotes competition by preventing massive mergers and giving users the right to interoperable data portability so they can easily switch away from companies that treat them poorly

But in the absence of viable alternatives to the giants, leaving these mainstays is inconvenient. After all, they’re the ones that made us practically allergic to friction. Even after massive scandals, data breaches, toxic cultures, and unfair practices, we largely stick with them to avoid the uncertainty of life without them. Even Facebook added 1 million monthly users in the US and Canada last quarter despite seemingly every possible source of unrest. Tech users are not voting with their feet. We’ve proven we can harbor ill will towards the giants while begrudgingly buying and using their products. Our leverage to improve their behavior is vastly weakened by our loyalty.

Inadequate Oversight

Regulators have failed to adequately step up either. This year’s congressional hearings about Facebook and social media often devolved into inane and uninformed questioning like how does Facebook earn money if its doesn’t charge? “Senator, we run ads” Facebook CEO Mark Zuckerberg said with a smirk. Other times, politicians were so intent on scoring partisan points by grandstanding or advancing conspiracy theories about bias that they were unable to make any real progress. A recent survey commissioned by Axios found that “In the past year, there has been a 15-point spike in the number of people who fear the federal government won’t do enough to regulate big tech companies — with 55% now sharing this concern.”

When regulators do step in, their attempts can backfire. GDPR was supposed to help tamp down on the dominance of Google and Facebook by limiting how they could collect user data and making them more transparent. But the high cost of compliance simply hindered smaller players or drove them out of the market while the giants had ample cash to spend on jumping through government hoops. Google actually gained ad tech market share and Facebook saw the littlest loss while smaller ad tech firms lost 20 or 30 percent of their business.

Europe’s GDPR privacy regulations backfired, reinforcing Google and Facebook’s dominance. Chart via Ghostery, Cliqz, and WhoTracksMe.

Even the Honest Ads act, which was designed to bring political campaign transparency to internet platforms following election interference in 2016, has yet to be passed even despite support from Facebook and Twitter. There’s hasn’t been meaningful discussion of blocking social networks from acquiring their competitors in the future, let alone actually breaking Instagram and WhatsApp off of Facebook. Governments like the U.K. that just forcibly seized documents related to Facebook’s machinations surrounding the Cambridge Analytica debacle provide some indication of willpower. But clumsy regulation could deepen the moats of the incumbents, and prevent disruptors from gaining a foothold. We can’t depend on regulators to sufficiently protect us from tech giants right now.

Our Hope On The Inside

The best bet for change will come from the rank and file of these monolithic companies. With the war for talent raging, rock star employees able to have huge impact on products, and compensation costs to keep them around rising, tech giants are vulnerable to the opinions of their own staff. It’s simply too expensive and disjointing to have to recruit new high-skilled workers to replace those that flee.

Google declined to renew a contract with the government after 4000 employees petitioned and a few resigned over Project Maven’s artificial intelligence being used to target lethal drone strikes. Change can even flow across company lines. Many tech giants including Facebook and Airbnb have removed their forced arbitration rules for harassment disputes after Google did the same in response to 20,000 of its employees walking out in protest.

Thousands of Google employees protested the company’s handling of sexual harassment and misconduct allegations on Nov. 1.

Facebook is desperately pushing an internal communications campaign to reassure staffers it’s improving in the wake of damning press reports from the New York Times and others. TechCrunch published an internal memo from Facebook’s outgoing VP of communications Elliot Schrage in which he took the blame for recent issues, encouraged employees to avoid finger-pointing, and COO Sheryl Sandberg tried to reassure employees that “I know this has been a distraction at a time when you’re all working hard to close out the year — and I am sorry.” These internal apologizes could come with much more contrition and real change than those paraded for the public.

And so after years of us relying on these tech workers to build the product we use every day, we must now rely that will save us from them. It’s a weighty responsibility to move their talents where the impact is positive, or commit to standing up against the business imperatives of their employers. We as the public and media must in turn celebrate when they do what’s right for society, even when it reduces value for shareholders. If apps abuse us or unduly rob us of our attention, we need to stay off of them.

And we must accept that shaping the future for the collective good may be inconvenient for the individual. There’s an oppprtunity here not just to complain or wish, but to build a social movement that holds tech giants accountable for delivering the change they’ve promised over and over.

For more on this topic:

Powered by WPeMatico

Facebook loses $120 billion in market cap after awful Q2 earnings

Facebook’s share price fell over 20 percent in after-hours trading today after the company announced its slowest-ever user growth rate and a scary warning that its revenue growth would rapidly decelerate. Before today’s brutal Q2 earnings, Facebook’s share price closed today at $217.50 – a record high — but fell to around $172 after the earnings call. That’s a market cap drop of roughly $123 billion. In two hours, Facebook lost more value than most startups and even public companies are ever worth.

Here’s the full story on Facebook’s disastrous Q2 2018 earnings:

So why did Facebook’s share price sink like a stone? There are five big reasons:

Slowest-Ever User Growth Rate – Facebook’s monthly user count grew just 1.54, compared to 3.14 last quarter. Daily active users grew even slower at 1.44 percent, compared to 3.42 percent last quarter. For reference, 2.18 percent was its previous slowest DAU growth rate back in Q4 2017. Suddenly hitting this wall could limit Facebook’s total user count over the long-run, and its revenue with it. Facebook tried to distract from these facts by announcing a new “family of apps audience” metric of 2.5 billion people using at least one of its apps, which will hide the shift of users from Facebook to Instagram and WhatsApp.

User Count Shrank In Europe, Flat In US & Canada – Facebook saw its first-ever decline in monthly user count in Europe, from 377 million to 376 million. It got stuck at 241 million in the US & Canada after similarly pausing at 239 million in Q4 2017. Those are Facebook’s two most lucrative markets, with it earning $25.91 per user in North America and $8.76 in Europe. If those markets stall, even swift growth in the Rest Of World region where it earns just $1.91 per user won’t save it.

Decelerating Revenue Growth – Facebook’s revenue grew a remarkable 42 percent year-over-year this quarter. But CFO David Wehner warned that metric would decelerate by high single-digit percentage per quarter over the coming quarters. Wehner said a combination of currency headwinds, new privacy controls, and new experiences like Stories will contribute to the deceleration. This news is what caused Facebook’s share price to drop from -7 percent to `-20 percent.

Privacy And Well-Being – Q2 saw the debut of Europe’s GDPR that forced Facebook to change its privacy policies and get users to agree to how it collects data about them. Wehner blamed GDPR for Facebook loss of users in Europe. That law and Facebook’s Cambridge Analytica scandal led the company to have to improve its privacy controls. These could make it tougher for Facebook to target people with ads or show their content to more people.

Meanwhile, Facebook has continued to adopt the “Time Well Spent” philosophy, removing click-bait news and crappy viral videos that lead to passive internet content consumption that studies say is unhealthy. Instead, Facebook is pushing features like Watch Party where users actively interact with each other. Those might not produce as much time on site and subsequent ad views, but CEO Mark Zuckerberg said the changes are “positive and we’re going to continue in this direction.”

The Shift To Stories – Facebook estimates that by in 2019, sharing via ephemeral vertical Stories slideshows will surpass sharing via feeds. The problem is that advertisers may be slower than users to make that shift. “Will this monetize at the same rate as News Feed? We honestly don’t know” COO Sheryl Sandberg said. Stories ads might be full-screen and more immersive, but they don’t show off links to online stores as well, nor are they as well optimized from decades of banner ad experience by the industry.

Luckily, even though Snapchat invented the Stories format, Facebook has far more people using it each day, with 150 million Stories users on Facebook, 70 million on Messenger, 400 million on Instagram, and 450 million on WhatsApp . If Facebook does manage to figure out Stories ads, it could dominate, but it could take years for its advertiser count and ad prices to rise to offset the shift away from feeds.

Powered by WPeMatico

Facebook mistakenly leaked developer analytics reports to testers

Set the “days without a Facebook privacy problem” counter to zero. This week, an alarmed developer contacted TechCrunch, informing us that their Facebook App Analytics weekly summary email had been delivered to someone outside their company. It contains sensitive business information, including weekly average users, page views and new users.

Forty-three hours after we contacted Facebook about the issue, the social network now confirms to TechCrunch that 3 percent of apps using Facebook Analytics had their weekly summary reports sent to their app’s testers, instead of only the app’s developers, admins and analysts.

Testers are often people outside of a developer’s company. If the leaked info got to an app’s competitors, it could provide them an advantage. At least they weren’t allowed to click through to view more extensive historical analytics data on Facebook’s site.

Facebook tells us it has fixed the problem and no personally identifiable information or contact info was improperly disclosed. It plans to notify all impacted developers about the leak today and has already begun.

TechCrunch was provided with this statement from a Facebook spokesperson:

“Due to an error in our email delivery system, weekly business performance summaries we send to developers about their account were also sent to a small group of those developer’s app testers. No personal information about people on Facebook was shared. We’re sorry for the error and have updated our system to prevent it from happening again.”

Below you can find the email the company is sending:

Subject line: We recently resolved an error with your weekly summary email

We wanted to let you know about a recent error where a summary e-mail from Facebook Analytics about your app was sent to testers of your app ‘[APP NAME WILL BE DYNAMICALLY INSERTED HERE]’. As you know, we send weekly summary emails to keep you up to date with some of your top-level metrics — these emails go to people you’ve identified as Admins, Analysts and Developers. You can also add Testers to your account, people designated by you to help test your apps when they’re in development.

We mistakenly sent the last weekly email summary to your Testers, in addition to the usual group of Admins, Analysts and Developers who get updates. Testers were only able to see the high-level summary information in the email, and were not able to access any other account information; if they clicked “View Dashboard” they did not have access to any of your Facebook Analytics information.

We apologize for the error and have made updates to prevent this from happening again.

One affected developer told TechCrunch “Not sure why it would ever be appropriate to send business metrics to an app user. When I created my app (in beta) I added dozens of people as testers as it only meant they could login to the app…not access info!” They’re still waiting for the disclosure from Facebook.

Facebook wouldn’t disclose a ballpark number of apps impacted by the error. Last year it announced 1 million apps, sites and bots were on Facebook Analytics. However, this issue only affected apps, and only 3 percent of them.

The mistake comes just weeks after a bug caused 14 million users’ Facebook status update composers to change their default privacy setting to public. And Facebook has had problems with misdelivering business information before. In 2014, Facebook accidentally sent advertisers receipts for other business’ ad campaigns, causing significant confusion. The company has also misreported metrics about Page reach and more on several occasions. Though user data didn’t leak and today’s issue isn’t as severe as others Facebook has dealt with, developers still consider their business metrics to be private, making this a breach of that privacy.

While Facebook has been working diligently to patch app platform privacy holes since the Cambridge Analytica scandal, removing access to many APIs and strengthening human reviews of apps, issues like today’s make it hard to believe Facebook has a proper handle on the data of its 2 billion users.

Powered by WPeMatico

Facebook demands advertisers have consent for email/phone targeting

Facebook is hoping to avoid another privacy scandal by adding new accountability and transparency requirements for businesses that use its Custom Audiences too to target you with ads based on your email address or phone number. Starting July 2nd, advertisers will have to declare whether contact info uploaded for ad targeting was collected with proper user consent by them, one of their partners or both. Users will be able to see this info if they opt to block future ads from that business.

Companies can only share Custom Audiences info with partners like ad agencies if they’re formally connected through Facebook’s business manager tool. And Facebook will start to show advertisers reminders that they need consent for contact info ad targeting and force all users connected to an ad account to confirm these terms.

The new consent tool launch confirms TechCrunch’s scoop from March that Facebook would crack down on Custom Audiences targeting without consent. Facebook has always technically required consent, but it hasn’t necessarily done much to enforce those rules. That same approach to API rules produced the Cambridge Analytica debacle. Facebook began to safeguard Custom Audiences a few months ago when it blocked third-party data brokers like Datalogix and Acxiom from work with Facebook to upload data sets as Partner Categories that advertisers could target. But that still let businesses just upload the same data themselves.

[Update: Two days after the March announcement, Facebook also announced it would be shutting down Managed Custom Audiences, which let data brokers upload data sets on behalf of marketers. But in doing so, Facebook also formalized its policy that advertisers could still buy these data sets from data brokers and upload them themselves.]

Custom Audiences is one of Facebook’s most valuable revenue generators because it allows businesses to hit up their former customers to buy more. A scandal surrounding the targeting mechanism could be seriously detrimental to the social network’s business in a way that the rest of its recent public image problems haven’t, judging by the recovery of Facebook’s share price.

Since 2012, Facebook has offered Custom Audiences as a way for businesses to upload privacy-safe hashed lists of customer contact info. Facebook matches that against its users’ info to show them the business’ ads, rather than companies having to pay to try to reach those people through demographic targeting. That way, a company that already sold you a car and got your email signup could target you a few years later with ads to trade in and buy a new vehicle. Businesses can also use Facebook’s lookalikes targeting to reach people with similar characteristics to their existing customers.

Now at least Facebook will show this “Original Data Source” field asking who collected the uploaded phone numbers or emails. Users can check out this info if they click the “Why Am I Seeing This Ad?” button in the drop-down. However, Facebook stops short of scanning the lists for suspicious info, such as blocks of contact info that match hacked or purchased data sets.

That means Facebook is trusting advertisers to tell the truth about consent for targeting… despite them having a massive financial incentive to bend or break those rules. Today’s update will give Facebook more plausible deniability in the event of a scandal, and it might deter misuse. But Facebook is stopping short of doing anything to actually prevent non-consensual ad targeting.

Powered by WPeMatico

Facebook retracted Zuckerberg’s messages from recipients’ inboxes

You can’t remove Facebook messages from the inboxes of people you sent them to, but Facebook did that for Mark Zuckerberg and other executives. Three sources confirm to TechCrunch that old Facebook messages they received from Zuckerberg have disappeared from their Facebook inboxes, while their own replies to him conspicuously remain. An email receipt of a Facebook message from 2010 reviewed by TechCrunch proves Zuckerberg sent people messages that no longer appear in their Facebook chat logs or in the files available from Facebook’s Download Your Information tool.

When asked by TechCrunch about the situation, Facebook claimed in this statement it was done for corporate security:

“After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications. These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages.”

However, Facebook never publicly disclosed the removal of messages from users’ inboxes, nor privately informed the recipients. That raises the question of whether this was a breach of user trust. When asked that question directly over Messenger, Zuckerberg declined to provide a statement.

Tampering with users’ inboxes

A Facebook spokesperson confirmed to TechCrunch that users can only delete messages from their own inboxes, and that they would still show up in the recipient’s thread. There appears to be no “retention period” for normal users’ messages, as my inbox shows messages from as early as 2005. That indicates Zuckerberg and other executives received special treatment in being able to pull back previously sent messages.

[Update 4/6/2018: Facebook now says that it plans to launch an “unsend” feature for Facebook messages to all users in the next several months, and won’t let Mark Zuckerberg use that feature any more until it launches for everyone. One option Facebook is considering for the Unsend feature is an expiration timer users could set. But it’s alarming that Facebook didn’t disclose the retractions or plans for a Unsend button until forced, and scrambling to give everyone the feature seems like an effort to quiet users’ anger over the situation.]

Facebook chats sent by Zuckerberg from several years ago or older were missing from the inboxes of both former employees and non-employees. What’s left makes it look like the recipients were talking to themselves, as only their side of back-and-forth conversations with Zuckerberg still appear. Three sources asked to remain anonymous out of fear of angering Zuckerberg or burning bridges with the company.

[Update: Recent messages from Zuckerberg remain in users’ inboxes. Old messages from before 2014 still appear to some users, indicating the retraction did not apply to all chats the CEO sent. But more sources have come forward since publication, saying theirs disappeared, as well.]

None of Facebook’s terms of service appear to give it the right to remove content from users’ accounts unless it violates the company’s community standards. While it’s somewhat standard for corporations to have data retention policies that see them delete emails or other messages from their own accounts that were sent by employees, they typically can’t remove the messages from the accounts of recipients outside the company. It’s rare that these companies own the communication channel itself and therefore host both sides of messages as Facebook does in this case, which potentially warrants a different course of action with more transparency than quietly retracting the messages.

Facebook’s power to tamper with users’ private message threads could alarm some. The issue is amplified by the fact that Facebook Messenger now has 1.3 billion users, making it one of the most popular communication utilities in the world.

Zuckerberg is known to have a team that helps him run his Facebook profile, with some special abilities for managing his 105 million followers and constant requests for his attention. For example, Zuckerberg’s profile doesn’t show a button to add him as a friend on desktop, and the button is grayed out and disabled on mobile. But the ability to change the messaging inboxes of other users is far more concerning.

Facebook may have sought to prevent leaks of sensitive corporate communications. Following the Sony hack, emails of Sony’s president Michael Lynton, who sat on Snap Inc.’s board, were exposed, revealing secret acquisitions and strategy.

Mark Zuckerberg during the early days of Facebook

However, Facebook also may have looked to thwart the publication of potentially embarrassing personal messages sent by Zuckerberg or other executives. In 2010, Silicon Alley Insider aka Business Insider published now-infamous instant messages from a 19-year-old Zuckerberg to a friend shortly after starting The Facebook in 2004. “yea so if you ever need info about anyone at harvard . . . just ask . . . i have over 4000 emails, pictures, addresses, sns” Zuckerberg wrote to a friend. “what!? how’d you manage that one?” they asked. “people just submitted it . .  i don’t know why . . . they ‘trust me’ . . . dumb fucks” Zuckerberg explained.

The New Yorker later confirmed the messages with Zuckerberg, who told the publication he “absolutely” regretted them. “If you’re going to go on to build a service that is influential and that a lot of people rely on, then you need to be mature, right? I think I’ve grown and learned a lot,” said Zuckerberg.

If the goal of Facebook’s security team was to keep a hacker from accessing the accounts of executives and therefore all of their messages, they could have merely been deleted on their side the way any Facebook user is free to do, without them disappearing from the various recipients’ inboxes. If Facebook believed it needed to remove the messages entirely from its servers in case the company’s backend systems we breached, a disclosure of some kind seems reasonable.

Now as Facebook encounters increased scrutiny regarding how it treats users’ data in the wake of the Cambridge Analytica scandal, the retractions could become a bigger issue. Zuckerberg is slated to speak in front of the U.S. Senate Judiciary and Commerce committees on April 10, as well as the House Energy and Commerce Committee on April 11. They could request more information about Facebook removing messages or other data from users’ accounts without their consent. While Facebook is trying to convey that it understands its responsibilities, the black mark left on public opinion by past behavior may prove permanent.

If you have more info on this situation, including evidence of messages from other Facebook executives disappearing, please contact this article’s author, Josh Constine, via open Twitter DMs, josh@techcrunch.com, or encrypted Signal chat at (585)750-5674.

For more on Facebook’s recent troubles, read our feature pieces:

 

Powered by WPeMatico

Instagram suddenly chokes off developers as Facebook chases privacy

Without warning, Instagram has broken many of the unofficial apps built on its platform. This weekend it surprised developers with a massive reduction in how much data they can pull from the Instagram API, shrinking the API limit from 5,000 to 200 calls per user per hour. Apps that help people figure out if their followers follow them back or interact with them, analyze their audiences or find relevant hashtags are now quickly running into their API limits, leading to broken functionality and pissed off users.

Two sources confirmed the new limits to TechCrunch, and developers are complaining about the situation on StackOverflow.

In a puzzling move, Instagram is refusing to comment on what’s happening while its developer rate limits documentation site 404s. All it would confirm is that Instagram has stopped accepting submissions of new apps, just as Facebook announced it would last week following backlash over Cambridge Analytica. Developers tell me they feel left in the dark and angry that the change wasn’t scheduled or even officially announced, preventing them from rebuilding their apps to require fewer API calls.

Third-party Instagram platform apps like Reports+ provide users analytics on their audiences, but are breaking due to the new API limits

Some developers suspect the change is part of Instagram parent company Facebook’s scramble to improve data privacy in the wake of its non-stop string of data scandals. In the past week, Facebook announced it was shutting down Partner Categories ad targeting based on third-party data brokers. TechCrunch reported that Facebook also plans to require businesses to pledge that they have consumers’ consent to attain their email addresses, which they use for ad targeting through Custom Audiences.

Most public backlash has focused on #DeleteFacebook and ignored its subsidiaries like Instagram and WhatsApp. But Instagram may hope to prevent the virus of distrust from infecting its app too by cutting the API call limit to 1/25th of its previous volume.

Causing this kind of platform whiplash could push developers away from the Instagram ecosystem, not that the company was too keen on some of these apps. For example, Reports+ charges $3.99 per month to give people analytics about their Instagram followers. Sensor Tower tells TechCrunch that Reports+ has grossed more than $18 million worldwide since October 2016 on the App Store and Google Play, and made more than $1.2 million last month alone.

Instagram might have understandably seen these apps as parasitic, charging users for unofficial functionality or encouraging audience growth hacking that can lead to spam. In January, Instagram announced it would shut down the old API over the next two years, starting with removing the ability to pull a user’s follower list and follow/unfollow people on their behalf on July 31st. Instagram has been slowly trying to clean up its platform for years, having previously threatened legal actions against derivative apps with “Insta” or “Gram” in their names in 2013, and shut down its feed API in 2015 that allowed for unofficial Instagram feed-reading apps.

Instagram is now pushing developers on a much more restrictive platform that only lets approved partners post at users’ behest, and that can only pull mentions of and analytics about business accounts. These changes were slated to kill many of the apps broken by this weekend’s API limit reductions.

But at least developers were given fair warning about the July 31st deadline. The problem is exacerbated by the fact that Facebook put a pause on reviewing any new applications last Monday as it tries to shore up data privacy safeguards in the wake of Cambridge Analytica . Instagram confirms to TechCrunch that the moratorium on app submissions extends to Instagram’s new Graph API, but wouldn’t explain anything about the API limits. So Instagram is breaking old apps while not allowing developers to submit new, compliant ones.

“Instagram’s lack of communication is frustrating to me because now I’m scrambling to update my apps and dealing with loads of unhappy customers,” a developer told me on the condition of anonymity. “If I had had a month to prep for this, I could’ve tweaked things so that limit was harder to reach. I’d be more frugal with my requests. What happened is all of a sudden, I’m getting dozens of emails, DMs on Instagram, with people saying the app’s not working.”

While Facebook is wise to scrutinize apps pulling in lots of user data, doing so without warning or even an announcement is how Facebook hurt its relationships with developers circa 2009 as it tried to rapidly reign in spammy virality. Facebook is enduring a crisis of conscience regarding whether its apps can be misused as weapons by those trying to interfere with elections or just exploit our data for profit.

But as the owner of some of the world’s most popular developer platforms, it’s worrying to see it flail and thrash this way. If Facebook and Instagram can’t even communicate changes to its policies with proper procedure and transparency, it’s hard to imagine it’s composed enough to firmly and fairly enforce them.

For more on Facebook and Instagram’s troubles, check out our feature pieces:

 

Powered by WPeMatico