online platforms

Auto Added by WPeMatico

Google tightens UK policy on financial ads after watchdog pressure over scams

The U.K.’s more expansive, post-Brexit role in digital regulation continues to be felt today via a policy change by Google, which has announced that it will, in the near future, only run ads for financial products and services when the advertiser in question has been verified by the financial watchdog, the FCA.

The Google Ads Financial Products and Services policy will be updated from August 30, per Google, which specifies that it will start enforcing the new policy from September 6 — meaning that purveyors of online financial scams who’ve been relying on its ad network to net their next victim still have more than two months to harvest unsuspecting clicks before the party is over (well, in the U.K., anyway).

Google’s decision to allow only regulator-authorized financial entities to run ads for financial products and services follows warnings from the Financial Conduct Authority that it may take legal action if Google continued to accept unscreened financial ads, as the Guardian reported earlier.

The FCA told a parliamentary committee this month that it’s able to contemplate taking such action as a result of no longer being bound by European Union rules on financial adverts, which do not extend to online platforms, per the newspaper’s report.

Until gaining the power to go after Google itself, the FCA appears to have been trying to combat the scourge of online financial fraud by paying Google large amounts of U.K. taxpayer money to fight scams with anti-scam warnings.

According to the Register, the FCA paid Google more than £600,000 (~$830,000) in 2020 and 2021 to run “anti-scam” ads — with the regulator essentially engaged in a bidding war with scammers to pour enough money into Google’s coffers so that regulator warnings about financial scams might appear higher than the scams themselves.

The full-facepalm situation was presumably highly lucrative for Google. But the threat of legal action appears to have triggered a policy rethink.

Writing in its blog post, Ronan Harris, a VP and MD for Google UK and Ireland, said: “Financial services advertisers will be required to demonstrate that they are authorised by the UK Financial Conduct Authority or qualify for one of the limited exemptions described in the UK Financial Services verification page.”

“This new update builds on significant work in partnership with the FCA over the last 18 months to help tackle this issue,” he added. “Today’s announcement reflects significant progress in delivering a safer experience for users, publishers and advertisers. While we understand that this policy update will impact a range of advertisers in the financial services space, our utmost priority is to keep users safe on our platforms — particularly in an area so disproportionately targeted by fraudsters.”

The company’s blog also claims that it has pledged $5 million in advertising credits to support financial fraud public awareness campaigns in the U.K. So not $5 million in actual money then.

Per the Register, Google did offer to refund the FCA’s anti-scam ad spend — but, again, with advertising credits.

The U.K. parliament’s Treasury Committee was keen to know whether the tech giant would be refunding the spend in cash. But the FCA’s director of enforcement and market insight, Mark Steward, was unable to confirm what it would do, according to the Register’s report of the committee hearing.

We’ve reached out to the FCA for comment on Google’s policy change, and with questions about the refund situation, and will update this report with any response.

In recent years the financial watchdog has also been concerned about financial scam ads running on social media platforms.

Back in 2018, legal action by a well-known U.K. consumer advice personality, Martin Lewis — who filed a defamation suit against Facebook — led the social media giant to add a “report scam ad” button in the market as of July 2019.

However research by consumer group, Which?, earlier this year, suggested that neither Facebook nor Google had entirely purged financial scam ads — even when they’d been reported.

Per the BBC, Which?’s survey found that Google had failed to remove around a third (34%) of the scam adverts reported to it versus Facebook failing to remove well over a fifth (26%).

It’s almost like the incentives for online ad giants to act against lucrative online scam ads simply aren’t pressing enough.

More recently, Lewis has been pushing for scam ads to be included in the scope of the U.K.’s Online Safety Bill.

The sweeping piece of digital regulation aims to tackle a plethora of so-called “online harms” by focusing on regulating user generated content. However, Lewis makes the point that a scammer merely needs to pay an ad platform to promote their fraudulent content for it to escape the scope of the planned rules, telling the “Good Morning Britain” TV program today that the situation is “ludicrous” and “needs to change.”

It’s certainly a confusing carve-out, as we reported at the time the bill was presented. Nor is it the only confusing component of the planned legislation. However on the financial fraud point the government may believe the FCA has the necessary powers to tackle the problem.

We’ve contacted the Department for Digital, Media, Culture and Sport for comment.

Update: A government spokesperson said:

We have brought user-generated fraud into the scope of our new online laws to increase people’s protection from the devastating impact of scams. The move is just one part of our plan to tackle fraud in all its forms. We continue to pursue fraudsters and close down the vulnerabilities they exploit, are helping people spot and report scams, and we will shortly be considering whether tougher regulation on online advertising is also needed.

The government also noted that the Home Office is developing a Fraud Action Plan, which is slated to be published after the 2021 spending review; and pointed to the Online Advertising Programme that it said will consider the extent to which the current regulatory regime is equipped to tackle the challenges posed by the rapid technological developments seen in online advertising — including via a consultation and review of online advertising it plans to launch later this year.

Powered by WPeMatico

Loot boxes in games are gambling and should be banned for kids, say UK MPs

UK MPs have called for the government to regulate the games industry’s use of loot boxes under current gambling legislation — urging a blanket ban on the sale of loot boxes to players who are children.

Kids should instead be able to earn in-game credits to unlock look boxes, MPs have suggested in a recommendation that won’t be music to the games industry’s ears.

Loot boxes refer to virtual items in games that can be bought with real-world money and do not reveal their contents in advance. The MPs argue the mechanic should be considered games of chance played for money’s worth and regulated by the UK Gambling Act.

The Department for Digital, Culture, Media and Sport’s (DCMS) parliamentary committee makes the recommendations in a report published today following an enquiry into immersive and addictive technologies that saw it take evidence from a number of tech companies including Fortnite maker Epic Games; Facebook-owned Instagram; and Snapchap.

The committee said it found representatives from the games industry to be “wilfully obtuse” in answering questions about typical patterns of play — data the report emphasizes is necessary for proper understanding of how players are engaging with games — as well as calling out some games and social media company representatives for demonstrating “a lack of honesty and transparency”, leading it to question what the companies have to hide.

“The potential harms outlined in this report can be considered the direct result of the way in which the ‘attention economy’ is driven by the objective of maximising user engagement,” the committee writes in a summary of the report which it says explores “how data-rich immersive technologies are driven by business models that combine people’s data with design practices to have powerful psychological effects”.

As well as trying to pry information about of games companies, MPs also took evidence from gamers during the course of the enquiry.

In one instance the committee heard that a gamer spent up to £1,000 per year on loot box mechanics in Electronic Arts’s Fifa series.

A member of the public also reported that their adult son had built up debts of more than £50,000 through spending on microtransactions in online game RuneScape. The maker of that game, Jagex, told the committee that players “can potentially spend up to £1,000 a week or £5,000 a month”.

In addition to calling for gambling law to be applied to the industry’s lucrative loot box mechanic, the report calls on games makers to face up to responsibilities to protect players from potential harms, saying research into possible negative psychosocial harms has been hampered by the industry’s unwillingness to share play data.

“Data on how long people play games for is essential to understand what normal and healthy — and, conversely, abnormal and potentially unhealthy — engagement with gaming looks like. Games companies collect this information for their own marketing and design purposes; however, in evidence to us, representatives from the games industry were wilfully obtuse in answering our questions about typical patterns of play,” it writes.

“Although the vast majority of people who play games find it a positive experience, the minority who struggle to maintain control over how much they are playing experience serious consequences for them and their loved ones. At present, the games industry has not sufficiently accepted responsibility for either understanding or preventing this harm. Moreover, both policy-making and potential industry interventions are being hindered by a lack of robust evidence, which in part stems from companies’ unwillingness to share data about patterns of play.”

The report recommends the government require games makers share aggregated player data with researchers, with the committee calling for a new regulator to oversee a levy on the industry to fund independent academic research — including into ‘Gaming disorder‘, an addictive condition formally designated by the World Health Organization — and to ensure that “the relevant data is made available from the industry to enable it to be effective”.

“Social media platforms and online games makers are locked in a relentless battle to capture ever more of people’s attention, time and money. Their business models are built on this, but it’s time for them to be more responsible in dealing with the harms these technologies can cause for some users,” said DCMS committee chair, Damian Collins, in a statement.

“Loot boxes are particularly lucrative for games companies but come at a high cost, particularly for problem gamblers, while exposing children to potential harm. Buying a loot box is playing a game of chance and it is high time the gambling laws caught up. We challenge the Government to explain why loot boxes should be exempt from the Gambling Act.

“Gaming contributes to a global industry that generates billions in revenue. It is unacceptable that some companies with millions of users and children among them should be so ill-equipped to talk to us about the potential harm of their products. Gaming disorder based on excessive and addictive game play has been recognised by the World Health Organisation. It’s time for games companies to use the huge quantities of data they gather about their players, to do more to proactively identify vulnerable gamers.”

The committee wants independent research to inform the development of a behavioural design code of practice for online services. “This should be developed within an adequate timeframe to inform the future online harms regulator’s work around ‘designed addiction’ and ‘excessive screen time’,” it writes, citing the government’s plan for a new Internet regulator for online harms.

MPs are also concerned about the lack of robust age verification to keep children off age-restricted platforms and games.

The report identifies inconsistencies in the games industry’s ‘age-ratings’ stemming from self-regulation around the distribution of games (such as online games not being subject to a legally enforceable age-rating system, meaning voluntary ratings are used instead).

“Games companies should not assume that the responsibility to enforce age-ratings applies exclusively to the main delivery platforms: All companies and platforms that are making games available online should uphold the highest standards of enforcing age-ratings,” the committee writes on that.

“Both games companies and the social media platforms need to establish effective age verification tools. They currently do not exist on any of the major platforms which rely on self-certification from children and adults,” Collins adds.

During the enquiry it emerged that the UK government is working with tech companies including Snap to try to devise a centralized system for age verification for online platforms.

A section of the report on Effective Age Verification cites testimony from deputy information commissioner Steve Wood raising concerns about any move towards “wide-spread age verification [by] collecting hard identifiers from people, like scans of passports”.

Wood instead pointed the committee towards technological alternatives, such as age estimation, which he said uses “algorithms running behind the scenes using different types of data linked to the self-declaration of the age to work out whether this person is the age they say they are when they are on the platform”.

Snapchat’s Will Scougal also told the committee that its platform is able to monitor user signals to ensure users are the appropriate age — by tracking behavior and activity; location; and connections between users to flag a user as potentially underage. 

The report also makes a recommendation on deepfake content, with the committee saying that malicious creation and distribution of deepfake videos should be regarded as harmful content.

“The release of content like this could try to influence the outcome of elections and undermine people’s public reputation,” it warns. “Social media platforms should have clear policies in place for the removal of deepfakes. In the UK, the Government should include action against deepfakes as part of the duty of care social media companies should exercise in the interests of their users, as set out in the Online Harms White Paper.”

“Social media firms need to take action against known deepfake films, particularly when they have been designed to distort the appearance of people in an attempt to maliciously damage their public reputation, as was seen with the recent film of the Speaker of the US House of Representatives, Nancy Pelosi,” adds Collins.

Powered by WPeMatico

UK law review eyes abusive trends like deepfaked porn and cyber flashing

The UK government has announced the next phase of a review of the law around the making and sharing of non-consensual intimate images, with ministers saying they want to ensure it keeps pace with evolving digital tech trends.

The review is being initiated in response to concerns that abusive and offensive communications are on the rise, as a result of it becoming easier to create and distribute sexual images of people online without their permission.

Among the issues the Law Commission will consider are so-called ‘revenge porn’, where intimate images of a person are shared without their consent; deepfaked porn, which refers to superimposing a real photograph of a person’s face onto a pornographic image or video without their consent; and cyber flashing, the unpleasant practice of sending unsolicited sexual images to a person’s phone by exploiting technologies such as Bluetooth that allow for proximity-based file sharing.

On the latter practice, the screengrab below is of one of two unsolicited messages I received as pop-ups on my phone in the space of a few seconds while waiting at a UK airport gate — and before I’d had a chance to locate the iOS master setting that actually nixes Bluetooth.

On iOS, even without accepting the AirDrop the cyberflasher is still able to send an unsolicited placeholder image with their request.

Safe to say, this example is at the tamer end of what tends to be involved. More often it’s actual dick pics fired at people’s phones, not a parrot-friendly silicone substitute…

cyber flashing

A patchwork of UK laws already covers at least some of the offensive and abusive communications in question, such as the offence of voyeurism under the Sexual Offences Act 2003, which criminalises certain non-consensual photography taken for sexual gratification — and carries a two-year maximum prison sentence (with the possibility that a perpetrator may be required to be listed on the sexual offender register); while revenge porn was made a criminal offence under section 33 of the Criminal Justice and Courts Act 2015.

But the government says that while it feels the law in this area is “robust”, it is keen not to be seen as complacent — hence continuing to keep it under review.

It will also hold a public consultation to help assess whether changes in the law are required.

The Law Commission published Phase 1 of their review of Abusive and Offensive Online Communications on November 1 last year — a scoping report setting out the current criminal law which applies.

The second phase, announced today, will consider the non-consensual taking and sharing of intimate images specifically — and look at possible recommendations for reform. Though it will not report for two years so any changes to the law are likely to take several years to make it onto the statute books.

Among specific issues the Law Commission will consider is whether anonymity should automatically be granted to victims of revenge porn.

Commenting in a statement, justice minister Paul Maynard said: “No one should have to suffer the immense distress of having intimate images taken or shared without consent. We are acting to make sure our laws keep pace with emerging technology and trends in these disturbing and humiliating crimes.”

Maynard added that the review builds on recent changes to toughen UK laws around revenge porn and to outlaw ‘upskirting’ in English law; aka the degrading practice of taking intimate photographs of others without consent.

“Too many young people are falling victim to co-ordinated abuse online or the trauma of having their private sexual images shared. That’s not the online world I want our children to grow up in,” added the secretary of state for digital issues, Jeremy Wright, in another supporting statement.

“We’ve already set out world-leading plans to put a new duty of care on online platforms towards their users, overseen by an independent regulator with teeth. This Review will ensure that the current law is fit for purpose as we deliver our commitment to make the UK the safest place to be online.”

The Law Commission review will begin on July 1, 2019 and report back to the government in summer 2021.

Terms of Reference will be published on the Law Commission’s website in due course.

Powered by WPeMatico

FanAI buys Waypoint Media to better track fan engagement for streaming monetization

FanAI, an audience analysis platform for esports and streaming, is buying New York-based Waypoint Media to improve its analytics tools for esports players and streamers.

The deal means that Waypoint’s Twitch Middleware API and the “Raven” tracking and URL shortener will be added to FanAI’s product portfolio. The middleware tech has the ability to track every unique registered Twitch viewer so streamers can monitor average watch time, median watch time and channel engagement.

Financial terms were not disclosed, but a person with knowledge of the deal called the acquisition a significant all-cash transaction. That likely means a nice outcome for Waypoint’s backers, the New York-based investment firm Grand Central Tech.

FanAI founder and CEO Johannes Waldstein said of the acquisition, “The way they are able to turn billions of data points into workable information is like nothing else available on the market. We will be able to provide a deeper look at audiences with the new tools and having someone like Kevin join us will cement the FanAI services at the top of the industry.”

Using the Raven URL shortener, FanAI customers can follow the ways in which users browse on online platforms, the company said in a statement.

As part of the acquisition, Waypoint’s chief product officer Kevin Hsu joins FanAI as head of Engineering, the company said.

“Combining forces with FanAI is a perfect fit; we work with the same client base and have complementary solutions to the same problem. Traditionally, FanAI has focused on more static information including social and purchasing data, while Waypoint worked to gather digital movements of the audience. Combined, we can provide the best service by giving access to even more detailed and actionable data for clients,” said Hsu, in a statement.

Powered by WPeMatico

Security, privacy experts weigh in on the ICE doxxing

In what appears to be the latest salvo in a new, wired form of protest, developer Sam Lavigne posted code that scrapes LinkedIn to find Immigration and Customs Enforcement employee accounts. His code, which basically a Python-based tool that scans LinkedIn for keywords, is gone from Github and Gitlab and Medium took down his original post. The CSV of the data is still available here and here and WikiLeaks has posted a mirror.

“I find it helpful to remember that as much as internet companies use data to spy on and exploit their users, we can at times reverse the story, and leverage those very same online platforms as a means to investigate or even undermine entrenched power structures. It’s a strange side effect of our reliance on private companies and semi-public platforms to mediate nearly all aspects of our lives. We don’t necessarily need to wait for the next Snowden-style revelation to scrutinize the powerful — so much is already hiding in plain sight,” said Lavigne.

Doxxing is the process of using publicly available information to target someone online for abuse. Because we can now find out anything on anyone for a few dollars – a search for “background check” brings up dozens of paid services that can get you names and addresses in a second – scraping public data on LinkedIn seems far easier and innocuous. That doesn’t make it legal.

“Recent efforts to outlaw doxxing at the national level (like the Online Safety Modernization Act of 2017) have stalled in committee, so it’s not strictly illegal,” said James Slaby, Security Expert at Acronis. “But LinkedIn and other social networks usually consider it a violation of their terms of service to scrape their data for personal use. The question of fairness is trickier: doxxing is often justified as a rare tool that the powerless can use against the powerful to call attention to perceived injustices.”

“The problem is that doxxing is a crude tool. The torrent of online ridicule, abuse and threats that can be heaped on doxxed targets by their political or ideological opponents can also rain down on unintended and undeserving targets: family members, friends, people with similar names or appearances,” he said.

The tool itself isn’t to blame. No one would fault a job seeker or salesperson who scraped LinkedIn for targeted employees of a specific company. That said, scraping and publicly shaming employees walks a thin line.

“In my opinion, the professor who developed this scraper tool isn’t breaking the law, as it’s perfectly legal to search the web for publicly available information,” said David Kennedy, CEO of TrustedSec. “This is known in the security space as ‘open source intelligence’ collection, and scrapers are just one way to do it. That said, it is concerning to see ICE agents doxxed in this way. I understand emotions are running high on both sides of this debate, but we don’t want to increase the physical security risks to our law enforcement officers.”

“The decision by Twitter, Github and Medium to block the dissemination of this information and tracking tool makes sense – in fact, law enforcement agents’ personal information is often protected. This isn’t going to go away anytime soon, it’s only going to become more aggressive, particularly as more people grow comfortable with using the darknet and the many available hacking tools for sale in these underground forums. Law enforcement agents need to take note of this, and be much more careful about what (and how often) they post online.”

Ultimately, doxxing is problematic. Because we place our information on public forums there should be nothing to stop anyone from finding and posting it. However, the expectation that people will use our information for good and not evil is swiftly eroding. Today, wrote one security researcher, David Kavanaugh, doxxing is becoming dangerous.

“Going after the people on the ground is like shooting the messenger. Decisions are made by leadership and those are the people we should be going after. Doxxing is akin to a personal attack. Change policy, don’t ruin more lives,” he said.

Powered by WPeMatico