The Risks of Facebook Advertising and Racial Discrimination

There’s a rising controversy right now — I’ve received a couple of dozen queries about this in the last few days — regarding Facebook’s permitting advertisers to block particular ads from specific “ethnic affinity” groups, e.g. African American.

Facebook insists that these aren’t actually racial categories per se since they don’t directly ask users about their race. Rather, Facebook insists that they “merely” assign a kind of racial “score” to users based on user activities. 

That’s Facebook double-talk of course. Look at stuff that Facebook figures mainly interests whites, and Facebook sorts you into the white club. Look at materials that Facebook assumes mainly attract blacks, and Facebook relegates you to the black shack. Same idea for Hispanics, and so on.

These assumptions are naturally going to be wrong part of the time, but Facebook cares not, since they don’t make a point of explicitly telling you which racial categories — and that’s what these actually are, racial categories — that they’ve slotted you into.

But they do tell advertisers, at least to the extent that they permit advertisers to exclude different racial groups (or, excuse me, I mean “ethnic affinity” groups) from seeing particular ads or even knowing that those ads exist.

Facebook insists that their rules prohibit using these “racial control” facilities in illegal ways — such as to foster housing or job discrimination against particular racial groups.

But this issue hit the fan now when it was demonstrated how simple it is to get clearly racially discriminatory and illegal ads approved via Facebook’s advertising portal.

Facebook (which, despite having put these racial categories in their “demographics” section, seems to assert that they’re not really demographic!) tries to explain away these problems with the usual excuse — blame the users (or in this case, blame the advertisers). This despite the fact that it’s Facebook’s creation of these racial filters that practically begs racist advertisers to use them to exclude what those advertisers deem to be “undesirable” persons.

This kind of “hey, it’s not our fault!” excuse would never fly with newspaper ads or other traditional advertising, but has become common with Internet darlings, including firms like Uber and Airbnb, who are increasingly facing government actions pushing back on their cavalier attitudes in a range of contexts.

This is not to say that there’s anything wrong with targeted advertising as a whole. In fact, it helps avoid wasting users’ time with ads for products or services that they probably don’t care about.

But once you step into the fire of racial classification on the Net, you’re letting yourself in for a world of pain.

Just as a thought experiment, imagine if Google permitted YouTube uploaders to specify which racial groups would be permitted to find and view particular videos? Google would be rightly crucified in short order.

Obviously, Google would never do this. Yet what Facebook is actually doing is far worse than this imaginary example, and they’ve been doing it under the radar of most users. People writing to me are expressing outrage that Facebook didn’t clearly inform them that they were being secretly stuffed into racial boxes and being spoon-fed particular ads based on those racial classifications.

Ultimately, this sort of misbehavior by Facebook threatens to provide ammunition to politicians and their cronies who have long wished to impose draconian controls on users’ ability to post a wide range of completely legitimate materials on social media, video, and other sorts of sites. There’s nothing that these politicos would love more than to leverage racial discrimination into broad-based Internet censorship.

Facebook needs to clean up their act. Or the government is likely to clean it up for them, and in their overreaction do immense harm to everyone else in the process.

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.
– – –
The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

How to Protect Your Google Gmail from Russia’s Putin and WikiLeaks

Word is out from multiple intelligence sources and security researchers that Hillary Clinton campaign chairman John Podesta’s Gmail account was hacked by (you guessed it!) Russian hackers under the direction of the Russian government (aka Vladimir Putin), for public distribution of Podesta’s email messages via Putin’s propaganda publishing arm: Julian Assange’s WikiLeaks. All of this in furtherance of Putin’s “Get Ignorant Puppet Trump Elected U.S. President!” project.

Apparently Podesta fell victim to a typical “spear phishing” attack, typing his Google Gmail credentials into a convincing (but fake) Google login page.

People fall for this kind of thing every day.

But don’t blame Google, because Google already provides the means to make such attacks enormously more difficult — 2-Step (“2-Factor”) Verification.

The problem is that despite Google’s constantly entreating users to avail themselves of this, most people don’t want to bother until after they’ve been hacked!

To be clear, I don’t know for an absolute fact that Podesta wasn’t using Google 2-Step Verification. But the sequence of events being reported would appear to make it extremely unlikely, because while 2-factor systems don’t make such attacks absolutely impossible to succeed, they do indeed make successful phishing attacks less likely by orders of magnitude.

And it’s not as if Google doesn’t provide plenty of choices when setting up this kind of protection.

It can be done by text messages, by automatic calls to voice phone numbers, and by authenticator apps that don’t need network access. It can even by done via high security USB-based crypto keys and printed emergency backup codes!

It’s too late for Podesta. But it’s not too late for you to protect yourself from Putin, Assange, and the more prosaic crooks who wander the Net.

If you use Gmail or other Google services, go turn on 2-Step Verification. If you use some other email system that offers 2-factor protections, go and enable them — now!

I published a write-up earlier this year explaining how to do this with Google. It’s at: Do I really need to bother with Google’s 2-Step Verification system?

Now you know — the answer is YES. It’s not a bother, it’s Google helping you to protect yourself against evil.

And that’s the truth.

Be seeing you.

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.
– – –
The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

Yahoo’s Email Spying Nightmare

[UPDATED BELOW]

Just when you’re thinking that the situation couldn’t get worse for once venerable Yahoo — the company has been sold at fire sale prices, they’ve announced historically enormous user account security breaches, and so on — comes word that Yahoo may have permitted mass scanning of users’ email contents by unnamed federal intelligence agencies. 

Unattributed, unsourced stories — particularly dramatic ones like this — must be viewed with extreme skepticism. Very often these days some nobody throws out a baseless rumor, it’s mirrored around the Web in minutes, and sometimes is even picked up by mainstream news sources without any sort of realistic fact checking. If every individual or firm subjected to this sort of abuse responded formally to every such unfounded attack, they often wouldn’t have time to do much else.

This Yahoo story is notably different however.

First, it actually originated with a reputable wire service — Reuters — and a reporter — Joseph Menn — who also is highly respected.

And Yahoo actually responded to these accusations by calling the story “misleading” in a very carefully worded, rather strange press release that leaves even more questions unanswered, including with the statement that: “the mail scanning described in the article does not exist on our systems.”

Hmm. Not precisely described? Not on their current systems at this time? 

What about closely described? What about on their systems in the past? What about data provided to some other entity for scanning?

Who (other than Yahoo) knows what they meant?

What they clearly didn’t do was issue a straightforward denial that such mass content scanning ever took place.

Google, Microsoft, and other firms quickly issued statements saying that they they had not received similar requests for scanning. Google said specifically that if they ever received such a request their response would be “No way.” (Indeed, knowing Googlers as I do, there’s no way in hell that they’d assent to such a request.)

This is a very big deal. Because if the accusations regarding Yahoo are true, this would be the first mass scanning incident of this kind, at least that we’ve ever learned about.

And it’s very important to keep in mind how this would differ from other surveillance situations here in the USA.

It’s one thing when a court gives permission to an agency to demand the records and other materials associated with specific users. While this kind of authority can be and has been abused, there are times when it can be justified.

The situation gets more problematic when we move into the realm of mass (as opposed to targeted to specific persons) collection of metadata — like phone numbers or message headers. Courts have ruled in different ways regarding the privacy protections due these classes of data, leading to the controversies over the NSA’s mass phone number collection efforts, for example.

But there’s no such confusion over the actual contents of communications, like what’s actually said in phone calls or written in the body of email messages.  

Communications contents are at the highest level of privacy protections, and mass, untargeted scanning of email messages’ contents would represent an egregious and (again, as far as we know) unprecedented violation of the individual privacy rights of innocent persons.

Frankly, I’m sincerely hoping that Reuters got this story wrong somehow, that the actual facts are not as dire as their report suggests.

But this is definitely not the time for Yahoo to be playing word games in their press releases, using language that leaves gaping holes obvious to all observers.

It’s possible that Yahoo is still under some sort of government order that prevents them from explaining precisely what went on — yet Yahoo’s current “non-denial” denial does not well serve Yahoo, its users, or the community at large.

We need to know the truth about what did or did not happen to users’ emails at Yahoo.

And we need to know now.

– – –

UPDATE

= = =

[New York Times]:

“Yahoo was ordered last year to search incoming emails for the digital “signature” of a communications method used by a state-sponsored, foreign terrorist organization, according to a government official familiar with the matter.

The Justice Department obtained the order from a judge of the Foreign Intelligence Surveillance Court.

To comply, Yahoo used a modified version of its existing systems that were scanning all incoming email traffic for spam, malware and images of child pornography. The system stored and made available to the Federal Bureau of Investigation a copy of any messages it found that contained the digital signature.

Yahoo was forbidden from disclosing the order and the collection is no longer taking place, the official said Wednesday.”

 = = =

If this additional information is correct, it represents an enormously dangerous slippery slope. The inclusion of arbitrary signatures” at the behest of the government into malware/spam/cporn (“PhotoDNA”) scanning systems is a dramatic departure from firms cooperating with each other, into the realm of secret government mandates.

– – –

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.
– – –
The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

The Importance of “Google Assistant” and “Google Home”

There was a lot of fascinating stuff in the Google presentation this morning, but for me the section of most immediate interest — and that may perhaps be the most important going forward for many persons — related to Google Assistant and in particular the Google Home device for accessing Google Assistant.

True, Amazon has had a similar looking pedestal device around for awhile, but the access device is only the gateway — it’s the cloud/AI/connectivity resources behind it that really matter. And on those scores, Google’s far ahead of everyone else, and is likely to continue evolving much faster as well.

This class of “full room” connectivity isn’t just important for the slick “Star Trek Computer” factor, but for the critical accessibility aids that it could provide for a vast number of people — visually impaired, mobility impaired, on and on.

And this is only the very beginning of this path. Incredibly important.

One last thing for now. A number of people have asked me if the Home device is sending everything they say in a room up to Google. I don’t have specific information regarding this device, but I’d very strongly assume [UPDATE: Confirmed to me by Google] that the same operational model is being used as for other Google speech recognition products, where the attention phrase “OK Google” is recognized locally on the device, and only then is audio sent up to the cloud for full analysis (and you have control over what happens to that voice data once it reaches Google as well).

Great work!

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.
– – –
The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

Google Launches a New Consolidated Blog [GOOD], with a New Unreadable Font [AWFUL]

Google has launched a new consolidated central blog called The Keyword to make it easier to track Google products, research, and other activities. It will reportedly ultimately replace many other Google blogs.

Because Google has long had a multiplicity of blogs to follow, this could well be a very positive move, depending on the details.

This assumes, however, that you can actually read their new blog.

As you can see in the comparison below, Google has once again failed users with aging or otherwise less than perfect vision.

With fonts sized approximately the same, on the left I have a shot from a very recent traditional Google blog posting, and on the right the new “Who needs contrast?” version from their new blog.

The difference in contrast is obvious, with the new version on the right positively painful for vast numbers of users to view.

This is unfortunately not the first time Google that has gone this route with various of their products, effectively devaluing significant segments of their user population.

If you talk to Google about this — and I have — they will assure you that their new designs meet visual accessibility standards and pass the associated test suites. The problem of course is that those standards are widely viewed (no pun intended) as inadequate, counterproductive, and worse.

Typical human vision begins to degrade in our early 20s. A rapidly growing segment of the Google user community is being directly disadvantaged by this trend toward low contrast fonts that are impossible for these persons to comfortably read, or in some cases even read at all.

Google can do far better.

–Lauren–
I have consulted to Google, but I am not currently doing so — my opinions expressed here are mine alone.
– – –
The correct term is “Internet” NOT “internet” — please don’t fall into the trap of using the latter. It’s just plain wrong!

selection_257