Category Archives: Facebook

Senate Hearing to Explore Facebook’s Libra Project

Well, that didn’t take long! The U.S. Senate Committee on Banking, Housing, and Urban Affairs will hold a hearing about Facebook’s Libra project on July 16, 2019. Reuters reported that the hearing will explore the Libra project as well as any data privacy considerations it may raise.

This comes after Senate Banking Committee members wrote to Facebook asking for information on rumors about its cryptocurrency project in May of 2019. The Committee wanted to know how Facebook would protect consumer information.

Senator Sherrod Brown (Democrat – Ohio), ranking member of the Senate Committee on Banking, Housing, and Urban Affairs wrote “This new cryptocurrency will give Facebook competitive advantages with regard to collecting data about financial transactions, as well as control over fees and functionality”. He continued:

“Facebook is already too big and too powerful, and it has used that power to exploit users’ data without protecting their privacy. We cannot allow Facebook to run a risky new cryptocurrency out of a Swiss bank account without oversight. I’m calling on our financial watchdogs to scrutinize this closely to ensure users are protected.”

In addition, Representative Maxine Waters, (Democrat – California) Chairwoman of the U.S. House of Representatives Committee on Financial Services posted a statement about Facebook’s cryptocurrency. She wrote “I am requesting that Facebook agree to a moratorium on any movement forward on developing a cryptocurrency until Congress and regulators have the opportunity to examine these issues and take action. Facebook executives should also come before the Committee to provide testimony on these issues.”

My best guess is that Facebook failed to consider that creating its own cryptocurrency could result in questions from legislators. Either that, or Facebook decided it was better to ask forgiveness than permission with Libra.

Facebook Announced Libra Cryptocurrency and Calibra Wallet

Facebook announced Libra, its very own cryptocurrency powered by blockchain technology. It is also introducing Calibra, a digital wallet for Libra. The wallet will be available in Messenger, WhatsApp and as a standalone app. Facebook expects to launch these products in 2020.

For many people around the world, even basic financial services are still out of reach: almost half of the adults in the world don’t have an active bank account and those numbers are worse in developing countries and even worse for women. The cost of that exclusion is high – approximately 70% of small businesses in developing countries lack access to credit and $25 billion is lost by migrants every year through remittance fees.

I see a problem. People who don’t have bank accounts might not be able to afford a smartphone to access Calibra and the Libra cryptocurrency on. I suspect Facebook is aiming mostly at businesses and not-so-much on people who are poor.

Facebook says that Calibra will let you send Libra “to almost anyone with a smartphone, easily and instantly as you might send a message, and at low to no cost.” In time, Facebook hopes to offer additional services for people and businesses, such as paying bills with the push of a button, buying a cup of coffee with the scan of a code, or riding your local public transit without needing to carry cash or a metro pass.

According to Facebook, Calibra will use the same verification and anti-fraud processes that banks and credit cards use. There will be automated systems that proactively monitor activity to detect and prevent fraudulent behavior. If someone gains access to your account and you lose some Libra as a result, Facebook will offer you a refund.

What about privacy? Facebook says Calibra will not share account information or financial data with Facebook or any third party without consumer consent. Personally, I wonder exactly how that consent will be given. Will users have the choice to opt-in to giving consent? Or will Calibra require that consent before people can use it?

Facebook also says Calbra customers’ account information and financial data will not be used to improve ad targeting on the Facebook family of products. Given Facebook’s history, it would be wise to be skeptical of that claim.

Facebook Plans to Launch GlobalCoin in 2020

Facebook is planning to launch GlobalCoin, its very own form of cryptocurrency, in about a dozen countries in 2020. Facebook wants to start testing GlobalCoin by the end of 2019.

Facebook wants to create a digital currency that provides affordable and secure ways of making payments, regardless of whether users have a bank account. According to the BBC, Facebook will join forces with banks and brokers that will enable people to change dollars and other international currencies into GlobalCoin. Facebook is also talking with money transfer firms like Western Union.

Personally, I can see plenty of problems with Facebook creating its own cryptocurrency. Facebook doesn’t have a good record of protecting people’s privacy or their data. If someone buys GlobalCoin, and their data or GlobalCoin account is hacked, I doubt Facebook is going to do anything about it. This whole things

feels like even more of a gamble than other types of cryptocurrency are.

What happens if a Facebook user buys GlobalCoin and then Facebook suspends that user’s account for breaking Facebook’s Terms and Policies? Does that person lose the GlobalCoin they paid for? If not, how would that user be able to access it without a Facebook account?

I’m not the only one with concerns. The U.S. Senate Committee on Banking, Housing, and Urban Affairs sent Mark Zuckerberg a letter with a bunch of questions about Facebook’s cryptocurrency.

Here are a few of the Committee’s questions:

  • What privacy and consumer protections would users have under the new payment system?
  • What consumer financial information does Facebook have that it has received from a financial company?
  • Does Facebook share or sell any consumer information (or information derived from consumer information) with any unaffiliated third parties?

Another huge problem for Facebook is that it will have to navigate the legislation that a multitude of countries have put in place regarding financial transactions. This is not going to be easy to do.

Facebook Banned “Dangerous Individuals and Organizations”

Several websites have reported that Facebook has banned a group of people who have broken the company’s Community Standards. More specifically, those recently banned have broken the “Dangerous Individuals and Organizations” portion of Facebook’s and Instagram’s Community Standards.

The “Dangerous Individuals and Organizations” policy states: “In an effort to prevent and disrupt real-world harm, we do not allow any organizations or individuals that proclaim a violent mission or are engaged in violence, from having a presence on Facebook. This includes organizations or individuals involved in the following: terrorist activity, organized hate, mass or serial murder, human trafficking, organized violence or criminal activity.

The policy also says: “We also remove content that expresses support or praise for groups, leaders, or individuals involved in these activities.”

Buzzfeed News got a statement from a Facebook spokesperson who said: “We’ve always banned individuals or organizations that promote or engage in violence and hate, regardless of ideology. The process for evaluating potential violators is extensive and it is what led us to our decision to remove these accounts today.”

BuzzFeed News reported that the ban will affect both Facebook and Instagram.

Here is a list of those who have been banned: Milo Yiannopoulos, Alex Jones (and his Infowars site), Laura Loomer, Louis Farrakhan, Paul Joseph Watson, and Paul Nehlen. Some of the people who were banned from Facebook and Instagram have been previously banned from other platforms. I’ll leave you to read the BuzzFeed News article if you would like more details.

The First Amendment of the U.S. Constitution says: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Facebook (and Instagram) are not part of Congress. They are private companies.

Facebook Says “The Future is Private”

At F8 2019, Mark Zuckerberg and other Facebook executives repeated a version of the phrase “the future is private”. Personally, that particular phrase is not one I would expect to hear from Facebook, given their multitude of privacy issues that somehow seem to keep happening.

Facebook Newsroom has information about some upcoming “privacy-focused” changes to Facebook’s products.

Mark Zuckerberg opened the two-day event with a keynote on how we’re building a more privacy-focused social platform – giving people spaces where they can express themselves freely and feel connected to the people and communities that matter most. He shared how this is a fundamental shift in how we build products and run our company.

Here are some key points:

Messenger will have a “dedicated space where you can discover Stories and messages with your closest friends and family.” Users will be able to choose exactly who sees what they post. This sounds good!

Messenger will also have something that makes “it even easier for businesses to connect with potential customers by adding lead generation templates to Ad Manager.” It will allow business to make ads with a “simple Q&A” that allows the business to learn more about their customers. This does not sound like it is privacy-focused.

WhatsApp is getting a Business Catalog that allows users to chat with businesses and for businesses to showcase their goods. This doesn’t sound privacy-focused.

Facebook is putting Groups first by making it easier for people to find Groups and participate in them. Some of the other changes sound to me like Facebook wants to make Groups more like what Discord already offers. If I remember correctly, there were some politically motivated shenanigans happening in Groups before the 2016 election. I expect the updated Groups will be manipulated the same way.

Facebook Dating is going to have a feature called “Secret Crush”. Users can add up to nine friends that they want to express interest in. Those friends will get a notification saying someone has a crush on them. If a user’s crush adds them to their Secret Crush list – they make a match and it appears both will be notified of that. Is this really privacy-focused if Facebook still has all the data? What if that leaks?

Instagram is getting features that appear to be primarily designed to make it easier for creators to sell products to other Instagram users. Not sure why this is considered privacy-focused by Facebook. To me, this sounds like its more about sales than privacy.

Fancy new features can make Facebook’s products more interesting (at least, for a little while). But, it’s one thing to say that the company will be privacy-focused, and quite another to actually take actions that truly do improve the privacy of users – and their data. Will Facebook make significant, meaningful, changes? Or is this just a bunch of hype?

Regulators are Investigating Facebook’s Privacy Practices

Regulators, from several countries, are investigating Facebook’s privacy practices. This comes after Facebook has done numerous sketchy things with user’s personal information, passwords, and data. It seems to me that at least one of these investigations will result in meaningful consequences and/or penalties for Facebook.

In the United States, New York Attorney General Letitia James announced an investigation into Facebook’s unauthorized collection of 1.5 million Facebook users’ email contact databases.

“It is time Facebook is held accountable for how it handles consumers’ personal information,” said Attorney General Letitia James. “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data. Facebook’s announcement that it harvested 1.5 million users’ email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting personal information.”

Ireland’s Data Protection Commission has commenced a statutory inquiry in relation to Facebook’s storing of the passwords of hundreds of millions of Facebook, Facebook Lite and Instagram users in plain text on Facebook’s internal servers. The inquiry will determine whether Facebook has complied with its obligations under relevant provisions of the GDPR.

The Office of the Privacy Commissioner of Canada did a joint investigation of Facebook with the Information and Privacy Commissioner for British Columbia. It focused on the TYDL App. (“thisisyourdigitallife). A summary of the investigation found:

  • Facebook failed to obtain valid and meaningful consent of installing users.
  • Facebook also failed to obtain meaningful consent from friends of installing users.
  • Facebook had inadequate safeguards to protect user information.
  • Facebook failed to be accountable for user information under its control.

In February of 2019, Germany’s Bundeskartellmant prohibited Facebook from combining user data from different sources. Also in February, the House of Commons Digital, Media, and Sport Committee in the UK released a report in which it called Facebook “digital gangsters”. The Committee concluded that Facebook broke privacy and competition law and should be subject to statutory regulation.

Facebook Stored Millions of Unencrypted Instagram Passwords

In March of this year, as you may recall, Facebook announced that it stored hundreds of millions of user passwords in plain text. At the time, Facebook said it would notify “hundreds of millions of Facebook lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users” about this.

On April 18, 2019, Facebook made an update to their original Facebook Newsroom post titled “Keeping Passwords Secure” (which was originally posted on March 21, 2019).

Here is what was added:

Since this post was published, we discovered additional logs of Instagram passwords being stored in readable format. We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others. Our investigation determined that these stored passwords were not internally abused or improperly accessed.

Personally, I’m wondering just what is going on at Facebook (and Instagram) that is causing it to collect and store user’s passwords in plain text. That’s an obvious safety concern. The number of unencrypted Instagram passwords has jumped from tens of thousands to millions. It is disturbing that Facebook misreported that number.

Not all passwords were stored unencrypted, but millions of passwords were. Why is that happening? To me, it sounds like passwords are not automatically being stored in plain text. If that were the case, then all user’s passwords would have been stored unencrypted. Something, or someone, appears to be selecting certain passwords to store improperly.

Ironically, the original blog post (before Facebook added an update) recommends that users affected by this security issue change their passwords, and to pick strong and complex passwords. That is good advice in general, but I don’t think doing so will protect users from having their unencrypted passwords stored on Facebook’s and Instagram’s servers.