All posts by JenThorpe

Google’s FLoC is Unpopular with Other Browser Creators



Google introduced a new piece of technology called “Federated Learning Cohorts” (FLoC). According to Google, FLoC “protects your privacy” because it “allows you to remain anonymous as you browse across websites and also improves privacy by allowing publishers to present relevant ads to large groups (called Cohorts)”.

EFF has launched “Am I FloCed?” It is a new site that will tell you whether your Chrome browser has been “turned into a guinea pig for Federated Learning of Cohorts or FLoC, Google’s latest targeted advertising experiment.”

Google’s FloC is unpopular with other browser creators. Brave posted a blog titled: “Why Brave Disables FLoC”:

“Brave opposes FloC, along with any other feature designed to share information about you and your interests without your fully informed consent. To protect Brave users, Brave has removed FLoC in the Nightly version of both Brave for desktop and Android. The privacy-affecting aspects of FLoC have never been enabled in Brave releases; the additional implementation details of FLoC will be removed from all Brave releases with this week’s stable release. Brave is also disabling FLoC on our websites, to protect Chrome users learning about Brave.”

Vivaldi posted a blog post titled: “No, Google! Vivaldi users will not get FLoC’ed.” In the blog post, Vivaldi makes it clear it does not support FLoC, which they call “a privacy-invasive tracking technology”. From the blog post:

“The FLoC experiment does not work in Vivaldi. It relies on some hidden settings that are not enabled in Vivaldi… Although Vivaldi uses the Chromium engine, we modify the engine in many ways to keep the good parts but make it safe for users; we do not allow Vivaldi to make that sort of call to Google.”

DuckDuckGo posted a blog in which it points out that you can use the DuckDuckGo Chrome extension to block FLoC’s tracking.

Mozilla gave The Verge a statement that included: “We are currently evaluating many of the privacy preserving advertising proposals, including those put forward by Google, but have no current plans to implement any of them at this time. We don’t buy into the assumption that the industry needs billions of data points about people, that are collected and shared without their understanding, to serve relevant advertising.”

Opera gave The Verge a statement that included: “While we and other browsers are discussing new and better privacy-preserving advertising alternatives to cookies including FLoC, we have no current plans to enable features like this in the Opera browsers in their current form”.

The fact that so many browser creators have decided against enabling Google’s FLoC is significant. It means that FLoC is really bad for users, and that Google should not impose it upon people who use Chrome.


Facebook’s Oversight Board Delays Decision on Trump Suspension



Twitter permanently suspended Trump’s account in January 2021, days after the riot at the U.S. Capitol. At the time, Twitter stated that the reason for the permanent suspension was “due to the risk of further incitement of violence.”.

Facebook suspended Trump’s account for the same reasons. The difference between Facebook and Twitter is that Facebook’s ban was not permanent. At the time, CEO of Facebook, Mark Zuckerberg, said that the platform would extend the block on Trump indefinitely, and for at least two weeks, until “the peaceful transition of power is complete.”

The transition from the Trump-Pence administration to the Biden-Harris administration happened in January of 2021. This puts Facebook into the difficult decision of deciding whether or not to allow Trump to return to the platform. No matter what decision is made, one thing is certain – it will make a lot of people angry.

According to TechCrunch, Facebook has a self-styled and handpicked “Oversight Board” who has the task of deciding whether or not to overturn Trump’s indefinite suspension.

On April 16, 2021, Facebook’s Oversight Board posted a short thread on Twitter. The first tweet said: “(1/2): The Board will announce its decision on the case concerning US President Trump’s indefinite suspension from Facebook and Instagram in the coming weeks. We extended the public comments deadline for this case, receiving 9,000+ responses.”

That second tweet in the thread said: “(2/2): The Board’s commitment to carefully reviewing all comments has extended the case timeline, in line with the Board’s bylaws. We will share more information soon.”

The Hill reported: Facebook requested the board’s recommendation on suspensions when the user is a political leader, meaning the board’s decision on Trump could influence how Facebook handles bans on future leaders in the U.S. and around the world.

Personally, I think that if a public leader has been suspended from a social media platform, there is likely a good reason for it. Trump no longer holds any political office. I think Facebook’s Oversight Board should use the rules that regular people would be held to if they had their Facebook account suspended and asked for the ban to be lifted.


Australian Court Finds Google “Partially” Misled Consumers



The Australian Competition & Consumer Commission (ACCC) has found that Google misled customers about personal location data collected through Android mobile devices between January 2017 and December 2018, in a world-first enforcement action brought by the ACCC.

The Guardian provided a good explanation of what happened. The Court found that Google continued to collect “Location History” and “Web & App Activity” on some Android and Pixel phones, even for customers who ticked “No” or “Do not collect” on their settings.

If a customer said no to “Location History”, but left “Web & App Activity” switched on, Google continued to collect location data, the ACCC said.

The ACCC also stated:

The Court ruled that when consumers created a new Google Account during the initial set-up process of their Android device, Google misrepresented that the ‘Location History’ setting was the only Google Account setting that affected whether Google collected, kept, or used personally identifiable data about their location. In fact, another Google Account setting titled ‘Web & App Activity’ also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.

In addition, the ACCC wrote: The Court found that when consumers later accessed the ‘Location History’ setting on their Android device during the same time period to turn that setting off, they were also misled because Google did not inform them that by leaving the ‘Web & App Activity’ setting switched on, Google would continue to collect, store and use their personally identifiable data.

According to The Guardian, a judgment published by Justin Thomas Thawley said that Google’s behavior was “partially misleading” He felt that some consumers would have been misled, and reasonably believed that this data would not be collected, and others would not have.

The ACCC is seeking declarations, pecuniary penalties, publications orders, and compliance orders. These will be determined at a later date. In addition to penalties, the ACCC is seeking an order for Google to publish a notice to Australian consumers to better explain Google’s location data settings in the future.

Personally, I think its very sneaky of Google to try and trick people into giving Google their location data. Anybody else remember when Google’s motto was “Don’t be evil”?


Clubhouse’s Database of User Records was Scraped



Clubhouse has had an SQL database containing 1.3 million user records scraped and linked for free on a “popular hacker forum”, CyberNews reported. Clubhouse claims that this is false, and that it has not been breached. The situation appears to have led to some speculation on Twitter.

According to CyberNews, the leaked database contains a variety of user-related information from Clubhouse profiles including: user ID, name, photo URL, username, Twitter handle, Instagram handle, number of followers, number of people followed by the users, account creation date, and invited by user profile name.

CyberNews speculates that the leaked data could be used by threat actors against Clubhouse. It could be used to carry out targeted phishing or other types of social engineering attacks. CyberNews reported that they did not find sensitive data like credit card details or legal documents in the archive that was posted online.

Business Insider also reported about the leak of the personal data of Clubhouse users. It is not the only social media platform that has had this problem. Business Insider said that LinkedIn confirmed that about two-thirds of the platform’s userbase was scraped and posted publicly online. Previous to that, Facebook had a data leak that included the full names, location, email addresses, and other sensitive pieces of information of 533 million Facebook users. That data was posted in a forum.

Clubhouse responded to the situation by quote-tweeting a tweet from Techmeme about the CyberNews article that reported the scraping of Clubhouse’s user data. Clubhouse tweeted: “This is misleading and false. Clubhouse has not been breached or hacked. The data referred to is all public profile information from our app, which anyone can access via the app or our API.”

I do not use Clubhouse, mostly because I personally feel that it lacks proper support for user privacy. There has been at least one situation in which a Clubhouse user recorded a Clubhouse chat and streamed it online. At the time Clubhouse stated that they permanently banned the user and installed new “safeguards”. It is unclear what those “safeguards” are.

Personally, I feel that Clubhouse’s tweet, insisting that the app had not been breached or hacked, is not enough to convince me Clubhouse will protect user’s information. Clubhouse stated that the data obtained is all public profile information, which anyone who has access to the app can see. Just because the profile is public doesn’t mean people are happy to have that information posted online outside of the Clubhouse app.


The Battle Between Epic Games and Apple Continues



Today, 9To5Mac reported a significant update to the legal battle between Apple and Epic Games – “Project Liberty”.

According to Apple, Epic Games hired PR firms in 2019 to work on a media strategy called “Project Liberty” aimed at portraying Apple “as the bad guy.” In October 2020, Judge Yvonne Rogers had concerns that Epic knew exactly what they were doing with the controversial Fortnite update, so this doesn’t come as a surprise.

Here is a quote from Apple:

Epic’s monopoly maintenance claim is premised on the notion that the antitrust laws preclude Apple from imposing conditions on the licensed use of its intellectual property, and impose on Apple a duty to deal with Epic on the terms preferred by Epic – to the detriment of other developers and consumers alike. But Apple has no obligation to license its intellectual property, aside from a limited exception not applicable here, businesses are free to choose the parties with whom they will deal, as well as the prices, terms and conditions of that dealing.

CNBC provided a summary of what Apple, and Epic, will argue in court. The case could be heard on May 3, 2021, (but the date could change due to the pandemic).

Apple will argue:

  • Its 30% commission is essentially the same as other online software stores like Google Play or stores for video game consoles and Apple’s fee has decreased over time.
  • It faces competition both for iPhones as well as other platforms to play games.
  • Its App Store policies have led to a boom in the software industry and result in greater safety and security for users.
  • The App Store is a core, integrated feature of the iPhone, and that using Apple payments for digital purchases is a key feature.

Epic will argue:

  • Apple forces consumers to bear high switching costs to stop using Apple products, locking them in.
  • As Apple has accumulated more customers and locked them in, the importance of selling software to Apple customers has grown.
  • Apple controls the only way to install software on an iPhone through the App Store.
  • Apple uses its App Review process, which manually screens individual apps, for anti-competitive purposes, removing apps for business reasons under the pretext of security.
  • Because some developers have chosen to raise iPhone software prices because of Apple’s 30% fee, it causes consumers to pay more, and Fortnite is an example.

Discord Banned More than 2,000 Extremist Groups



Discord is a group-chat app that is often used by people who enjoy playing video games with their friends who live far away. I use Discord to play Dungeons & Dragons with my friends, and have used it to talk to people while playing Diablo III. Unfortunately, it appears that a lot of terrible people had been using Discord for nefarious reasons. Discord has rightfully banned them.

Discord provided a lot of information in their Transparency Report which covers July through December of 2020. There is a pie chart that shows user reports by category. Harassment was the largest category, with 132,817 reports. This was followed by Cybercrime (42,588) and NSFW (33,106).

NPR reported that Discord removed more than 2,000 communities dedicated to extremism and other violent content in the second half of last year. NPR noted that the enforcement actions by Discord come at a time when Microsoft is (reportedly) in talks to acquire Discord for $10 billion.

Discord’s transparency report points out that it has invested in resources that enable it to proactively detect and remove the highest-harm groups from their platform. This includes many categories including: Exploitative Content, and Violent Extremist groups.

We also worked in the second half of 2020 to take action against militarized movements like the “Boogaloo Boys” and dangerous conspiratorial groups like QAnon. We continue to believe there is no place on Discord for groups organizing around hate, violence, or extremist ideologies.

Discord’s Trust & Safety team removed 1,504 servers for Violent Extremism in the second half of 2020. That is nearly a 93% increase from the first half of the year. According to Discord, the increase can be attributed to the expansion of their anti-extremism efforts as well as growing trends in the online extremism space.

One of the online trends Discord observed in that period of time was the growth of QAnon. Discord adjusted their efforts to address that movement and removed 334 QAnon-related servers.

Personally, I’m happy that Discord has been making efforts to remove violent extremism and conspiracy theories. Some of the Discords that I am connected to, and participate in, are open to anyone who wants to join. Knowing that Discord has been actively removing bad actors from its service makes me feel safer using it.


Clubhouse Introduces Payments



Clubhouse, a new social media thing that allows people to have live audio-chats with friends and strangers, has introduced “Payments”. This does not mean that people who use Clubhouse will have to pay a fee in order to keep using it. Instead, it gives users the ability to send money to someone else through Clubhouse.

Today, we’re thrilled to begin rolling out Payments – our first monetization feature for creators on Clubhouse. All users will be able to send payments today, and we’ll be rolling out the ability to receive payments in waves, starting with a small test group today. Our hope is to collect feedback, fine-tune the feature, and roll it out to everyone soon.


Here is how Clubhouse payments will work:

  • To send a payment in Clubhouse, just tap the profile of a creator (who has the feature enabled) and tap “Send Money.”
  • Enter the amount you would like to send them. The first time you do this, you’ll be asked to register a credit card or debit card.
  • 100% of the payment will go to the creator. The person sending the money will also be charged a small card processing fee, which will go directly to our payment processing partner, Stripe. Clubhouse will take nothing.

Clubhouse makes it clear that this is the “first of many features that allow creators to get paid directly on Clubhouse”. In other words, if this works, Clubhouse might add more payment features. What will people pay for? I suppose Clubhouse is hoping to find that out.

Stripe is a well known payment provider. Creators who post their work on Medium, and make money from doing so, are paid through Stripe. Substack also uses it. I have no problem with Clubhouse’s choice of payment provider.

My concern is that Clubhouse has a history of not respecting user’s privacy. Users are pushed to upload their entire contact list from their phone.

Doing so gives Clubhouse information about who you are connected to. It will use that information to try and connect you to your contacts that are on Clubhouse. Will Ormus pointed out on Medium that if you have an ex or harasser, who has you in their contacts, Clubhouse will know you are connected to that person and make recommendations on that basis.

What will Clubhouse do with your credit card information? Users will be giving it to Stripe – but they have to go through Clubhouse to do that.