Category Archives: Google

Hey Android Users, How about that Bundled Permission Thing

Posted on by

A few members of congress did ask Mark Zuckerberg about bundled permissions and Zuckerberg played dumb on the question. Remember that thing when your phone asks for permission to post to Facebook? Well it goes across all your synchronized  devices. What? uh huh…read on.

  This screen in the Messenger application offers to conveniently track all your calls and messages. But Facebook was already doing this surreptitiously on some Android devices until October 2017, exploiting the way an older Android API handled permissions.

Better check and ask some harder questions…..

[Update, March 25, 2018, 20:24 Eastern Time]: Facebook has responded to this and other reports regarding the collection of call and SMS data with a blog post that denies Facebook collected call data surreptitiously. The company also writes that it never sells the data and that users are in control of the data uploaded to Facebook. This “fact check” contradicts several details Ars found in analysis of Facebook data downloads and testimony from users who provided the data. More on the Facebook response is appended to the end of the original article below.

This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.

This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us—my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.

In response to an email inquiry by Ars about this data gathering, a Facebook spokesperson replied, “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.

Facebook uses phone-contact data as part of its friend recommendation algorithm. And in recent versions of the Messenger application for Android and Facebook Lite devices, a more explicit request is made to users for access to call logs and SMS logs on Android and Facebook Lite devices. But even if users didn’t give that permission to Messenger, they may have given it inadvertently for years through Facebook’s mobile apps—because of the way Android has handled permissions for accessing call logs in the past. (For Facebook’s instructions on turning off continuous contact uploading, go here. )

If you granted permission to read contacts during Facebook’s installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. From Android 4.1 on, a single request from those applications would trigger two separate permission requests.

But until the “Marshmallow” version of Android, even with split permissions, all permissions could still be presented all at once, without users getting the option to decline them individually. So Facebook and other applications could continue to gain access to call and SMS data with a single request by specifying an earlier Android SDK version. Starting with Marshmallow, users could toggle these permissions separately themselves. But as many as half of Android users worldwide remain on older versions of the operating system because of carrier restrictions on updates or other issues.

Apple iOS has never allowed access to call log data by third-party apps, overt or silently, so this sort of data acquisition was never possible.

Facebook provides a way for users to purge collected contact data from their accounts, but it’s not clear if this deletes just contacts or if it also purges call and SMS metadata. After purging my contact data, my contacts and calls were still in the archive I downloaded the next day—likely because the archive was not regenerated for my new request. (Update: The cached archive was generated once and not updated on the second request. However, two days after a request to delete all contact data, the contacts were still listed by the contact management tool.)

As always, if you’re really concerned about privacy, you should not share address book and call-log data with any mobile application. And you may want to examine the rest of what can be found in the downloadable Facebook archive, as it includes all the advertisers that Facebook has shared your contact information with, among other things.

Update, March 25, 2018, continued:

Facebook responded to reports that it collected phone and SMS data without users’ knowledge in a “fact check” blog post on Sunday. In the response, a Facebook spokesperson stated:

Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provide you with a better experience across Facebook. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.

This contradicts the experience of several users who shared their data with Ars. Dylan McKay told Ars that he installed Messenger in 2015, but only allowed the app the permissions in the Android manifest that were required for installation. He says he removed and reinistalled the app several times over the course of the next few years, but never explicitly gave the app permission to read his SMS records and call history. McKay’s call and SMS data runs through July of 2017.

In my case, a review of my Google Play data confirms that Messenger was never installed on the Android devices I used. Facebook was  installed on a Nexus tablet I used and on the Blackphone 2 in 2015, and there was never an explicit message requesting access to phone call and SMS data. Yet there is call data from the end of 2015 until late 2016, when I reinstalled the operating system on the Blackphone 2 and wiped all applications.

While data collection was technically “opt-in,” in both these cases the opt-in was the default installation mode for Facebook’s application, not a separate notification of data collection. Facebook never explicitly revealed that the data was being collected, and it was only discovered as part of a review of the data associated with the accounts. The users we talked to only performed such reviews after the recent revelations about Cambridge Analytica’s use of Facebook data.

Facebook began explicitly asking permission from users of Messenger and Facebook Lite to access SMS and call data to “help friends find each other” after being publicly shamed in 2016 over the way it handled the “opt-in” for SMS services. That message mentioned nothing about retaining SMS and call data, but instead it offered an “OK” button to approve “keeping all of your SMS messages in one place.”

Facebook says that the company keeps the data secure and does not sell it to third parties. But the post doesn’t address why it would be necessary to retain not just the numbers of contacts from phone calls and SMS messages, but the date, time, and length of those calls for years. Sean Gallagher Sean is Ars Technica’s IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.

Go Facebook Go and Take Android with You

Posted on by

Primer: Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Does this only apply to the Federal government or State government?

Humm read on….

The Mark Zuckerberg apology tour continues. There was the 87 million compromised accounts where privacy was ignored. Then there was the fact that Facebook employees track communications in the private message feature. But why would Facebook contact hospitals asking for patient information? Sheesh, really?

Facebook asked hospitals for anonymized data about their patients for a proposed research project, CNBC reported on Thursday.

The social media platform reportedly intended to compare the data, which included prescription information and illnesses, with its own data that it collected from users, in order to flag users that may need hospital care.

The proposal was paused after Facebook revealed that Cambridge Analytica improperly took data from 50 million of its users’ profiles, and reportedly never made it beyond initial planning stages.

“This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone’s data,” a Facebook spokesperson told CNBC.

The social media company discussed its plan with organizations including Stanford Medical School and American College of Cardiology.

The data the company would have collected would have been completely anonymous and only available for medical research, according to the report.

Cathleen Gates, the interim CEO of the American College of Cardiology, said in a statement provided to CNBC that Facebook’s proposed data project could help medical research.

“As part of its mission to transform cardiovascular care and improve heart health, the American College of Cardiology has been engaged in discussions with Facebook around the use of anonymized Facebook data, coupled with anonymized ACC data, to further scientific research on the ways social media can aid in the prevention and treatment of heart disease—the #1 cause of death in the world,” she said.

News of the proposed medical data collection comes amid scrutiny over how a British research firm hired by the Trump campaign, Cambridge Analytica, improperly took user data through Facebook.

Controversy over matter has sparked an outcry about Facebook’s data collection and privacy practices.

Lawmakers have been particularly vocal on the issue. Facebook CEO Mark Zuckerberg is set to testify before them on Capitol Hill in hearing on Tuesday and Wednesday during Senate and House hearings about data privacy.

*** Gonna be some interesting hearings on The Hill right? Perhaps Android should be included….

A software developer — who didn’t want to be identified — told News.com.au the social media giant should be the least of our worries, saying Android apps available on Google Play are often “saturated by spyware.”

“Google has given apps a wide open ‘side-door’ to collect personal info to all apps if users simply download and accept the listed permissions,” he said. “Of course, if you notice, the permissions are actually hard to find and Google downplays what they can do.”

He pointed to third-party keyboards as an example.

“Third-party keyboards not only have access to all dangerous permissions, but they also have access to all keystrokes — including account names and passwords,” he said.

We’ve already seen evidence of this blowing up in recent months.

In December, the popular virtual keyboard app AI.type leaked the personal data of over 31 million customers online.

Security researchers at the Kromtech Security Center said the server wasn’t password-protected, allowing anyone to access the company’s massive database.

The app stated that any text entered on its keyboard stays “encrypted and private.”

But researchers found users must allow “Full Access” to all of their data stored on the iPhone, including all keyboard data.

This meant the app would theoretically have access to all your secure usernames and passwords.

Top 10 Shooter Games For Android | Idea photo

“If you look at all the top Android keyboards and look at their requested permissions, it is alarming,” the developer said. “They often can run at start-up, prevent the device from sleeping, and have access to an extensive amount of a user’s personal data.

“They can send encrypted data anywhere in the world without scrutiny.”

A ZDNet investigation into AI.type found the company kept complete records on the device’s IMSI and IMEI number, the device’s make and model, its screen resolution, and the device’s specific Android version.

It also included the user’s phone number, the name of their mobile phone provider, and in some cases their IP address and internet provider.

As the app developer said, third-party keyboards can access the highest level of Android permissions, including personal data like passwords and credit card numbers.

According to ZDNet, one table contained more than 8.6 million entries of text that had been entered using the keyboard, which included phone numbers, email addresses and corresponding passwords, and web search terms.

It found that — for apps that contained a paid and free version, the latter was more concerning; a free version would be more likely to collect data than the paid, which the company would use to monetize with advertising.

“Other keyboards have also been found to have been collecting unsettling data, while none have been removed from Google Play,” he said.

Both the free and paid versions of AI.type are still available on Google Play.

“What is most disturbing to me is that Google apparently blindly ignores this problem, and has built in this open ‘side door’ to facilitate their won apps that collect lots of data on us. If they shut this down, they would shut down their own intrusive apps.”

‘Trading privacy for profits’

Cybersecurity expert, professor Nigel Phair, from the University of Canberra in Australia, shared several of these concerns.

He said it’s surprisingly difficult to log out of a Google service, which explains how they can store your data consecutively over many years.

“What concerns me most is that we’re not making informed decisions,” he told News.com.au. “We get free email, free apps, free directions … but people aren’t consciously making informed consent. It’s not just Google. Apple [does] the same thing.”

But he said Android users were particularly at risk. “If you go into the Facebook app on your Android device and look at the permissions, it’s broader than that of Apple devices, and can include text messages and phone calls. Android is a completely uncurated, open-sourced platform.”

This explains why Android phones were the subject of Facebook’s recent phone-scraping scandal.

So how is it that apps logging your keyboard entries and other data haven’t been shut down yet?

Phair stressed that it comes down to the open permissions laid out in the terms and conditions — which, let’s face it, very few people read. The sheer impracticality of doing so may well be the apps’ strategy.

“There’s nothing illegal about collecting data,” said Phair. “Take Facebook. By signing up, you’re basically agreeing to the terms and conditions, which are basically ‘we can do whatever we want with your data.’ That’s the get-out-of-jail-free card. If you’re going to use our servers, we’re going to collect and sell your data to third-party affiliates.”

In a recent interview, Facebook chief executive Mark Zuckerberg said Facebook’s current problems were partly because the company was so focused on connecting people during its first decade and that it didn’t pay enough attention to potential consequences around privacy.

Last week, technical consultant and web developer Dylan Curran posted a thread on Google and Facebook’s data storing that quickly went viral.

Curran posted photos of the personal data collected by Google (which users are able to download). The file was 5.5 gigabytes — the equivalent of about three million Word documents.

He said it included “every email I’ve ever sent, that’s been sent to me, including the ones I deleted or were categorized as spam.”

“Every image I’ve ever searched for and saved, every location I’ve searched for or clicked on, every news article I’ve ever searched for or read, and EVERY SINGLE Google search I’ve made since 2009.”

He found Google was storing his location every time he turned on his phone, his search history (even if he deleted this), every app and extension he used, his YouTube history, calendar, hangout sessions and the music he listened to.

Spooky stuff.

INDEED!

What Should Congress Ask Facebook, Google and Twitter?

Posted on by

Okay, check this out. This is essentially a whole unique type of cyber war, this time it is the user vs. the tech companies.

That whole thing about presumed privacy and data protection is a myth…no it is a lie. Question is how long has this been going on and is it all explained in terms of service? Is privacy a human right? Nah, not when it comes to tech companies. Congress should also include Microsoft in this hearing. We just need facts to make independent decisions about how we interact on the internet and individuals must practice information hygiene when using a keyboard be it on a computer, a Mac or a smart phone. Facebook has already made some changes but are they real and effective?

Mobile Advertising Market: Google, Facebook, Twitter ...

Are you ready? This is all the data Facebook and Google have on you

The harvesting of our personal details goes far beyond what many of us could imagine. So I braced myself and had a look.

A slice of the data that Facebook keeps on the author: ‘This information has millions of nefarious uses.’
A slice of the data that Facebook keeps on the author: ‘This information has millions of nefarious uses.’ Photograph: Dylan Curran

Want to freak yourself out? I’m going to show just how much of your information the likes of Facebook and Google store about you without you even realising it.

Google knows where you’ve been

Google stores your location (if you have location tracking turned on) every time you turn on your phone. You can see a timeline of where you’ve been from the very first day you started using Google on your phone.

Click on this link to see your own data: google.com/maps/timeline?…

Here is every place I have been in the last 12 months in Ireland. You can see the time of day that I was in the location and how long it took me to get to that location from my previous one.

A Google map of every place I’ve been in Ireland this year.
Pinterest
‘A Google map of every place I’ve been in Ireland this year.’ Photograph: Dylan Curran

Google knows everything you’ve ever searched – and deleted

Google stores search history across all your devices. That can mean that, even if you delete your search history and phone history on one device, it may still have data saved from other devices.

Click on this link to see your own data: myactivity.google.com/myactivity

Google has an advertisement profile of you

Google creates an advertisement profile based on your information, including your location, gender, age, hobbies, career, interests, relationship status, possible weight (need to lose 10lb in one day?) and income.

Click on this link to see your own data: google.com/settings/ads/

Google knows all the apps you use

Google stores information on every app and extension you use. They know how often you use them, where you use them, and who you use them to interact with. That means they know who you talk to on Facebook, what countries are you speaking with, what time you go to sleep.

Click on this link to see your own data: security.google.com/settings/secur…

Google has all of your YouTube history

Google stores all of your YouTube history, so they probably know whether you’re going to be a parent soon, if you’re a conservative, if you’re a progressive, if you’re Jewish, Christian, or Muslim, if you’re feeling depressed or suicidal, if you’re anorexic …

Click on this link to see your own data: youtube.com/feed/history/s…

The data Google has on you can fill millions of Word documents

Google offers an option to download all of the data it stores about you. I’ve requested to download it and the file is 5.5GB big, which is roughly 3m Word documents.

This link includes your bookmarks, emails, contacts, your Google Drive files, all of the above information, your YouTube videos, the photos you’ve taken on your phone, the businesses you’ve bought from, the products you’ve bought through Google …

They also have data from your calendar, your Google hangout sessions, your location history, the music you listen to, the Google books you’ve purchased, the Google groups you’re in, the websites you’ve created, the phones you’ve owned, the pages you’ve shared, how many steps you walk in a day …

Click on this link to see your own data: google.com/takeout

Facebook has reams and reams of data on you, too

Facebook offers a similar option to download all your information. Mine was roughly 600MB, which is roughly 400,000 Word documents.

This includes every message you’ve ever sent or been sent, every file you’ve ever sent or been sent, all the contacts in your phone, and all the audio messages you’ve ever sent or been sent.

Click here to see your data: https://www.facebook.com/help/131112897028467

A snapshot of the data Facebook has saved on me.
Pinterest
‘A snapshot of the data Facebook has saved on me.’ Photograph: Dylan Curran

Facebook stores everything from your stickers to your login location

Facebook also stores what it thinks you might be interested in based off the things you’ve liked and what you and your friends talk about (I apparently like the topic “girl”).

Somewhat pointlessly, they also store all the stickers you’ve ever sent on Facebook (I have no idea why they do this. It’s just a joke at this stage).

They also store every time you log in to Facebook, where you logged in from, what time, and from what device.

And they store all the applications you’ve ever had connected to your Facebook account, so they can guess I’m interested in politics and web and graphic design, that I was single between X and Y period with the installation of Tinder, and I got a HTC phone in November.

(Side note, if you have Windows 10 installed, this is a picture of just the privacy options with 16 different sub-menus, which have all of the options enabled by default when you install Windows 10)

Privacy options in Facebook.
Pinterest
Privacy options in Facebook. Photograph: Dylan Curran

They can access your webcam and microphone

The data they collect includes tracking where you are, what applications you have installed, when you use them, what you use them for, access to your webcam and microphone at any time, your contacts, your emails, your calendar, your call history, the messages you send and receive, the files you download, the games you play, your photos and videos, your music, your search history, your browsing history, even what radio stations you listen to.

Here are some of the different ways Google gets your data

I got the Google Takeout document with all my information, and this is a breakdown of all the different ways they get your information.

My Google Takeout document.
Pinterest
‘My Google Takeout document.’ Photograph: Dylan Curran

Here’s the search history document, which has 90,000 different entries, even showing the images I downloaded and the websites I accessed (I showed the Pirate Bay section to show how much damage this information can do).

data
Pinterest
‘My search history document has 90,000 different entries.’ Photograph: Dylan Curran

Google knows which events you attended, and when

Here’s my Google Calendar broken down, showing all the events I’ve ever added, whether I actually attended them, and what time I attended them at (this part is when I went for an interview for a marketing job, and what time I arrived).

data
Pinterest
‘Here is my Google calendar showing a job interview I attended.’ Photograph: Dylan Curran

And Google has information you deleted

This is my Google Drive, which includes files I explicitly deleted including my résumé, my monthly budget, and all the code, files and websites I’ve ever made, and even my PGP private key, which I deleted, that I use to encrypt emails.

data
Pinterest

Google can know your workout routine

This is my Google Fit, which shows all of the steps I’ve ever taken, any time I walked anywhere, and all the times I’ve recorded any meditation/yoga/workouts I’ve done (I deleted this information and revoked Google Fit’s permissions).

data
Pinterest

And they have years’ worth of photos

This is all the photos ever taken with my phone, broken down by year, and includes metadata of when and where I took the photos

data
Pinterest

Google has every email you ever sent

Every email I’ve ever sent, that’s been sent to me, including the ones I deleted or were categorised as spam.

data
Pinterest

And there is more

I’ll just do a short summary of what’s in the thousands of files I received under my Google Activity.

First, every Google Ad I’ve ever viewed or clicked on, every app I’ve ever launched or used and when I did it, every website I’ve ever visited and what time I did it at, and every app I’ve ever installed or searched for.

data
Pinterest
‘They have every single Google search I’ve made since 2009.’

They also have every image I’ve ever searched for and saved, every location I’ve ever searched for or clicked on, every news article I’ve ever searched for or read, and every single Google search I’ve made since 2009. And then finally, every YouTube video I’ve ever searched for or viewed, since 2008.

This information has millions of nefarious uses. You say you’re not a terrorist. Then how come you were googling Isis? Work at Google and you’re suspicious of your wife? Perfect, just look up her location and search history for the last 10 years. Manage to gain access to someone’s Google account? Perfect, you have a chronological diary of everything that person has done for the last 10 years.

This is one of the craziest things about the modern age. We would never let the government or a corporation put cameras/microphones in our homes or location trackers on us. But we just went ahead and did it ourselves because – to hell with it! – I want to watch cute dog videos.

  • Dylan Curran is a data consultant and web developer, who does extensive research into spreading technical awareness and improving digital etiquette

Lawsuits Against Facebook Growing

Posted on by

Lauren Price has been on Facebook (FB) for eight years and claims she frequently saw political ads on the social network during the 2016 election. She is suing the companies on behalf of other US Facebook members whose information was also collected by Cambridge Analytica, a data firm that worked with the Trump campaign.

The proposed class-action lawsuit was filed Tuesday at the US District Court in San Jose, California. Price is seeking unspecified damages.

This is the first lawsuit brought by a Facebook user over the Cambridge Analytica news, but others are likely to follow. The lawsuit is part of a growing backlash against both companies.

On Tuesday, Facebook (FB) investor Fan Yuan filed a lawsuit against the company in federal court on behalf of other investors. The suit claims Facebook made “misleading statements” and neglected to disclose details about third-party access to data, which caused the company’s stock price to fall significantly.

Price’s complaint adds that the companies have violated the privacy of million of people in the U.S. alone, and that users now have a higher risk of identity theft as a result.

“There’s going to be a lot of litigation flowing from this,” said attorney Jay Edelson of Edelson PC in Chicago. He is not involved with either case, but his firm does plan on filing related lawsuits in the near future.

“The most direct liability is against Cambridge Analytica. We believe they have violated a host of city, state, and federal laws,” said Edelson. “The case against Facebook is less direct. On the surface, many believe that Facebook acted, perhaps, negligently. We believe we will be able to provide more context to how Cambridge Analytica fits Facebook’s overall business model.” More here from CNN.

*** Facebook Hit with Lawsuit Alleging Privacy Wrongs | PCWorld photo

SAN FRANCISCO

Civil rights groups filed a federal lawsuit Tuesday against Facebook for enabling housing discrimination.

The housing rights activists, led by the National Fair Housing Alliance (NFHA), alleged that Facebook’s ad practices allow landlords and real estate agents to avoid serving housing ads to certain groups of people. The NFHA said landlords are able to avoid showing housing ads to women and families, for example.

“Amid growing public concern in the past weeks that Facebook has mishandled users’ data, our investigation shows that Facebook also allows and even encourages its paid advertisers to discriminate using its vast trove of personal data,” Lisa Rice, NFHA’s president and CEO, said in a statement.

“Facebook’s use and abuse of user data for discriminatory purposes needs to stop. It is already a challenge for women, families with children, people with disabilities and other under-served groups to find housing.”

Earlier this month, it was revealed that a political consultancy group was able to exploit Facebook user data on behalf of the 2016 presidential campaign for Donald Trump. Facebook chief executive Mark Zuckerberg personally apologized, but the social media giant has remained mired in controversy regarding how third parties can access user data.

Shares of Facebook dropped another 4.9 percent Tuesday to close at $152.22. Since the data breach was widely publicized on March 17, the stock has plummeted 18 percent.

The federal lawsuit filed by NFHA alleged that the way Facebook’s ad service is built allows for discrimination when it comes to housing. Landlords can choose not to show ads to certain groups of people based on gender, family status and a series of other qualities.

“Facebook’s platform that excludes these consumers from ever seeing certain ads to rent or buy housing must be changed immediately,” Rice continued.

“Facebook ought to be opening doors to housing opportunities instead of closing them.”

Facebook has not released any comments on the NFHA lawsuit.

Congress Calls for Hearing with Facebook, Twitter and Google

Posted on by

While Cambridge Analytica has a proven shady history as noted below, Facebook has already admitted guilt and offered apologies when it comes to safeguarding private user information and interactions. So, when it comes to social media Facebook, Google and Twitter hold the power. Instagram and SnapChat are quite popular but do not hold the volume of data in comparison.

Now the FTC comes knocking at the door of Facebook.

FTC is investigating Facebook over privacy practices ... photo

***

The stuff you share and the inferences Facebook makes about you are packaged together with similar people’s data, stripped of names and sold to companies. That allows businesses to put ads in front of people they’re certain they can influence.

On Facebook, you are the product. Advertisers are the customer.

Facebook’s not alone. Most advertiser-supported networks sell some of your information to third parties. Google, Microsoft, Yahoo, AOL, Amazon, Twitter and Yelp do the same.

Giving up our privacy is the price we pay for getting to use Facebook for free. Most of the time, that tradeoff works: People take advantage of free services by posting, searching and sharing. Most companies that collect our data use it for legitimate purposes and within the bounds that companies like Facebook permit.

That arrangement has turned Facebook (FB) and Google (GOOGL) into online advertising juggernauts. They have built massive audiences of billions of customers, and advertisers flock to them. Facebook and Google control three-quarters of the $83 billion digital advertising market in the United States, according to eMarketer.

But the customer-is-the-product deal doesn’t always work to the user’s advantage. This weekend, the public learned data company Cambridge Analytica improperly accessed 50 million Facebook users’ personal information to influence the 2016 election.

Internet companies have a financial disincentive to give users more control over their data. If people share less, social networks will earn less money. More here.

In part from Bloomberg:

Fake News

Bell Pottinger’s tactics included producing phony television news reports as well as fake terrorist propaganda videos containing computer code that allowed Western intelligence agencies to track anyone who watched, according to a 2016 report from the London-based Bureau of Investigative Journalism, a not-for-profit reporting organization.

The man who awarded Turnbull’s Bell Pottinger unit its first Iraq contract was Ian Tunnicliffe, then a British colonel who was running strategic communications for the U.K. defense ministry. Tunnicliffe, now retired, has been a member of SCL’s advisory board. He didn’t respond to emails seeking comment.

SCL also stoked ethnic tensions in Eastern Europe and sprayed fake graffiti in the Caribbean, according to the firm’s own sales documents. Its defense business claims in pitch documents to have worked for clients as wide-ranging as the Libyan National Transitional Council, NATO and the U.K. Foreign Office. It says it worked in Pakistan for the U.S. Department of Defense and the U.S. Pacific Command in India on countering radicalization.

SCL recently signed a contract with the U.S. State Department for market research and public-opinion polling, according to a federal procurement database. The one-year contract, signed last week, is worth $496,232, according to the database.

Deep Ties

The firm also has deep ties to the British defense establishment and Conservative Party. Its first chairman was Geoffrey Pattie, a defense minister under Margaret Thatcher. In addition to Tunnicliffe, the advisory board has included retired Rear Admiral John Tolhurst and Ivar Mountbatten, the great-nephew of Louis Mountbatten, the military hero and Queen Elizabeth’s cousin. Jonathan Marland, a former Conservative Party treasurer who served as a minister for business under former Prime Minister David Cameron, is a shareholder.

Marland told the Guardian newspaper he hadn’t had a role in running SCL following his initial investment and had refused requests to introduce the firm to Conservative Party officials.

Roger Gabb, a former British Army officer who later made his fortune as a wine distributor and wholesaler, is also a major SCL shareholder. A founding director who, with his family, still controls about 25 percent of the firm’s shares, Gabb has also been active in the Conservative Party and the campaign for the U.K. to leave the European Union. He donated 500,000 pounds ($705,300) to the party in 2006. In 2016, he was fined 1,000 pounds by the U.K.’s Electoral Commission for failing to disclose that he had helped purchase local newspaper advertisements supporting the leave side in the Brexit referendum. More here.