It seems that we are living through a slow world reboot. The traffic of massive boats can flow through international waters unencumbered again. Pharmaceutical companies trickle jabs to every nation with gradual global adoption revealing minor bugs here and there. Excluding early adopters that are far ahead, we can see a new major version of life rolling out with ease, bringing us to another edition of the MV Journal. Yes, you are right. This is sooner than expected, but we are syncing our releases with Multivision’s newsletters.
The old Facebook leak that is new again
If you’re a frequent Facebook user, you’ve probably got the warning that some of your private data were leaked, and I’m not (only) talking about the most recent word on the grapevine.
Some of my readers still didn’t care about social media at the time but Harvey Jones and José Hiram Soltren presented a paper in 2005 where amongst several topics they referred the potential privacy issue with the information posted on the platform. Their work included an analysis of user posts, publicly available at the time, from more than 70K users from different schools. The information was obtained with a simple data scrapping script. To better situate the reader, we need to remember that Facebook was designed primarily for the USA’s Ivy League colleges.
A couple of years later, the company started allowing search engines to index profile pages and soon tried to monetize user information about rented Blockbuster videos. The business idea set back Mr Zuckerberg a total of 9.5 million dollars after a class action suit that invoked the [Video Privacy Protection Act], and it was the first actual learning moment for the company. Information wants to be free, but if it isn’t yours, you should lock it up as hard as the IT allows it.
2021 and many leaks later, we get another warning from almost every online tech media outlet. 533 million users got their phone numbers exposed from a breach that was allegedly reported and closed in 2019. You’ve probably “liked” a link to this report on your Facebook page. Facebook claims that the data is old, and the attack vector is closed. The story says that someone or a group of someones exploited the phone search feature and collected the data but looking for any Facebook warning about the issue at the time yields no information. If one pushes back the search a year early, we see that Facebook dropped the feature in 2018.
Claiming that the data is old serves only as an excuse for the media. And a weak one indeed. Facebook is a global platform. Considering the last decade of operations and counting the leaks that were made public, it is quite possible to create rich data sets with user timelines, valuable for criminal or commercial endeavours. We also know that Cybersecurity is a challenging topic and drives a trillion-dollar industry. Even the safest systems in the world are not impervious to data breaches, but what we usually get from platforms such as Facebook are IT blunders or plain irresponsibility with data management.
The shadow of Shadow Profiles
This type of data breach isn’t limited to registered users.
Large enterprises made of multiple mergers and acquisitions eventually face the single sign-on battle. It is usual to pull user data from every information system to get a picture of the company employees and access requirements to create partial profiles to bootstrap the process. Facebook took a similar path to build user profiles for non-users. If you recall, handy features to sync contacts from phonebooks and mail lists started showing up a decade ago in every mobile device. They allowed merging social profiles with your contacts, enabling quick access to any app using a single index that matched mail address with phone number with LinkedIn profile and with, of course, your Facebook profile. Even if your privacy concerns keep you on the sidelines of the social media arena, you might have been leaked as well, thanks to the contacts of your closest friends.
And now what?
We are still living through the legal infancy of global digital corporations. To be fair, legal systems worldwide aren’t equipped to deal with technology pace and state legislation is flawed to say the least. The EU, amongst other state ensembles, are taking the first steps to penalize poor data security and management, but one cannot see systems like GDPR as a final option. It is still up to the user to take responsibility for their data and avoid oversharing. Data technology literacy needs to be taken seriously and taught to younger generations in Instagram, Snapchat and Tik Tok bubbles so that pandatum leaks don’t impact users’ and their virtual neighbour’s lives.
MV Journal Follow-up
The last week featured a few topics worthy of mention, but I want to open up a new section on our esteemed MV Journal series. Media is fast, too much nowadays. It burns hearts and souls with pressing topics but discards them as quickly as they are read. Retractions, corrections and follow-ups are rare to be seen, and we want to pay our dues to the latter, hoping that the first two don’t happen so soon in our publications. So without further ado, let’s pick some of our previous posts and see what happened since.
MV Journal Premiere
This particular edition got an update before “going to the presses” but left one point untouched. In the piece Mr Bezos switches gears, we’ve introduced the new Amazon CEO but at the expense of a vacant position in AWS. Mr Andy took the CEO baton, but there is already someone to fill in the seat. Mr Adam Selipsky currently leads Tableau Software and will replace Mr Andy in May. He’s not an outsider. With an 11 year stint at AWS before moving to Tableau he will come with a challenge well cut for him. Bringing his deep understanding of the cloud business that propelled Tableau to a spectacular exit to the Salesforce conglomerate.
March 24th until April 6th
Our last edition revealed the new user tracking agenda from Google in the piece A FLoc flies under the radar. After deploying their experiment, Google had to wait for the backlash, but it didn’t come from the user world. Vivaldi, Edge, Brave and Mozilla already made their statements, and they will not fly with Google’s FLoC. At least for now. Most of the companies showed a lack of interest or even repudiated the technology, pledging non-adoption. For now, this is great for the end-user that will get a wide array of options to cater for their privacy needs. Nevertheless, I don’t think that this is going to be the end of it. Unless browser technology keeps being subsidized by joint ventures of large tech companies, eventually the money will become an issue, and as we’ve seen, only large corporations such as Microsoft and Google can keep dollars flowing into developers hands. We are probably going to see developments in the near future so stay tuned to our releases.