Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.
Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits.
Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.
After this story was published, Facebook later told TechCrunch it will shut down the iOS version of its Research app in the wake of our report.
On Wednesday, an Apple spokesperson confirmed that Facebook violated its policies.
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization,” said a spokesperson. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
Facebook’s Research program will continue to run on Android.
We asked Guardian Mobile Firewall’s security expert Will Strafach to dig into the Facebook Research app, and he told us that “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” It’s unclear exactly what data Facebook is concerned with, but it gets nearly limitless access to a user’s device once they install the app.
The strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance — even at the risk of breaking the rules of Apple’s iOS platform on which it depends. Apple may have asked Facebook to discontinue distributing its Research app. A more stringent punishment would be to revoke Facebook’s permission to offer employee-only apps. The situation could further chill relations between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices. Facebook disobeying iOS policies to slurp up more information could become a new talking point.
“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” Strafach tells us. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”
Facebook’s surveillance app
Facebook first got into the data-sniffing business when it acquired Onavo for around $120 million in 2014. The VPN app helped users track and minimize their mobile data plan usage, but also gave Facebook deep analytics about what other apps they were using. Internal documents acquired by Charlie Warzel and Ryan Mac of BuzzFeed News reveal that Facebook was able to leverage Onavo to learn that WhatsApp was sending more than twice as many messages per day as Facebook Messenger. Onavo allowed Facebook to spot WhatsApp’s meteoric rise and justify paying $19 billion to buy the chat startup in 2014. WhatsApp has since tripled its user base, demonstrating the power of Onavo’s foresight.
Over the years since, Onavo clued Facebook in to what apps to copy, features to build and flops to avoid. By 2018, Facebook was promoting the Onavo app in a Protect bookmark of the main Facebook app in hopes of scoring more users to snoop on. Facebook also launched the Onavo Bolt app that let you lock apps behind a passcode or fingerprint while it surveils you, but Facebook shut down the app the day it was discovered following privacy criticism. Onavo’s main app remains available on Google Play and has been installed more than 10 million times.
The backlash heated up after security expert Strafach detailed in March how Onavo Protect was reporting to Facebook when a user’s screen was on or off, and its Wi-Fi and cellular data usage in bytes even when the VPN was turned off. In June, Apple updated its developer policies to ban collecting data about usage of other apps or data that’s not necessary for an app to function. Apple proceeded to inform Facebook in August that Onavo Protect violated those data collection policies and that the social network needed to remove it from the App Store, which it did, Deepa Seetharaman of the WSJ reported.
But that didn’t stop Facebook’s data collection.
TechCrunch recently received a tip that despite Onavo Protect being banished by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research moniker from outside of the App Store. We investigated, and learned Facebook was working with three app beta testing services to distribute the Facebook Research app: BetaBound, uTest and Applause. Facebook began distributing the Research VPN app in 2016. It has been referred to as Project Atlas since at least mid-2018, around when backlash to Onavo Protect magnified and Apple instituted its new rules that prohibited Onavo. Previously, a similar program was called Project Kodiak. Facebook didn’t want to stop collecting data on people’s phone usage and so the Research program continued, in disregard for Apple banning Onavo Protect.
Ads (shown below) for the program run by uTest on Instagram and Snapchat sought teens 13-17 years old for a “paid social media research study.” The sign-up page for the Facebook Research program administered by Applause doesn’t mention Facebook, but seeks users “Age: 13-35 (parental consent required for ages 13-17).” If minors try to sign-up, they’re asked to get their parents’ permission with a form that reveal’s Facebook’s involvement and says “There are no known risks associated with the project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of apps. You will be compensated by Applause for your child’s participation.” For kids short on cash, the payments could coerce them to sell their privacy to Facebook.
The Applause site explains what data could be collected by the Facebook Research app (emphasis mine):
“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”
Meanwhile, the BetaBound sign-up page with a URL ending in “Atlas” explains that “For $20 per month (via e-gift cards), you will install an app on your phone and let it run in the background.” It also offers $20 per friend you refer. That site also doesn’t initially mention Facebook, but the instruction manual for installing Facebook Research reveals the company’s involvement.
Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants. Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and “Trust” Facebook with root access to the data their phone transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.
Once installed, users just had to keep the VPN running and sending data to Facebook to get paid. The Applause-administered program requested that users screenshot their Amazon orders page. This data could potentially help Facebook tie browsing habits and usage of other apps with purchase preferences and behavior. That information could be harnessed to pinpoint ad targeting and understand which types of users buy what.
TechCrunch commissioned Strafach to analyze the Facebook Research app and find out where it was sending data. He confirmed that data is routed to “vpn-sjc1.v.facebook-program.com” that is associated with Onavo’s IP address, and that the facebook-program.com domain is registered to Facebook, according to MarkMonitor. The app can update itself without interacting with the App Store, and is linked to the email address PeopleJourney@fb.com. He also discovered that the Enterprise Certificate first acquired in 2016 indicates Facebook renewed it on June 27th, 2018 — weeks after Apple announced its new rules that prohibited the similar Onavo Protect app.
“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach explains. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”
“Flagrant defiance of Apple’s rules”
In response to TechCrunch’s inquiry, a Facebook spokesperson confirmed it’s running the program to learn how people use their phones and other services. The spokesperson told us “Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”
Facebook’s spokesperson claimed that the Facebook Research app was in line with Apple’s Enterprise Certificate program, but didn’t explain how in the face of evidence to the contrary. They said Facebook first launched its Research app program in 2016. They tried to liken the program to a focus group and said Nielsen and comScore run similar programs, yet neither of those ask people to install a VPN or provide root access to the network. The spokesperson confirmed the Facebook Research program does recruit teens but also other age groups from around the world. They claimed that Onavo and Facebook Research are separate programs, but admitted the same team supports both as an explanation for why their code was so similar.
However, Facebook’s claim that it doesn’t violate Apple’s Enterprise Certificate policy is directly contradicted by the terms of that policy. Those include that developers “Distribute Provisioning Profiles only to Your Employees and only in conjunction with Your Internal Use Applications for the purpose of developing and testing”. The policy also states that “You may not use, distribute or otherwise make Your Internal Use Applications available to Your Customers” unless under direct supervision of employees or on company premises. Given Facebook’s customers are using the Enterprise Certificate-powered app without supervision, it appears Facebook is in violation.
Seven hours after this report was first published, Facebook updated its position and told TechCrunch that it would shut down the iOS Research app. Facebook noted that the Research app was started in 2016 and was therefore not a replacement for Onavo Protect. However, they do share similar code and could be seen as twins running in parallel. A Facebook spokesperson also provided this additional statement:
“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”
Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.
Facebook disobeying Apple so directly and then pulling the app could hurt their relationship. “The code in this iOS app strongly indicates that it is simply a poorly re-branded build of the banned Onavo app, now using an Enterprise Certificate owned by Facebook in direct violation of Apple’s rules, allowing Facebook to distribute this app without Apple review to as many users as they want,” Strafach tells us. ONV prefixes and mentions of graph.onavo.com, “onavoApp://” and “onavoProtect://” custom URL schemes litter the app. “This is an egregious violation on many fronts, and I hope that Apple will act expeditiously in revoking the signing certificate to render the app inoperable.”
Facebook is particularly interested in what teens do on their phones as the demographic has increasingly abandoned the social network in favor of Snapchat, YouTube and Facebook’s acquisition Instagram. Insights into how popular with teens is Chinese video music app TikTok and meme sharing led Facebook to launch a clone called Lasso and begin developing a meme-browsing feature called LOL, TechCrunch first reported. But Facebook’s desire for data about teens riles critics at a time when the company has been battered in the press. Analysts on tomorrow’s Facebook earnings call should inquire about what other ways the company has to collect competitive intelligence now that it’s ceased to run the Research program on iOS.
Last year when Tim Cook was asked what he’d do in Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation . . . The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.” Zuckerberg told Ezra Klein that he felt Cook’s comment was “extremely glib.”
Now it’s clear that even after Apple’s warnings and the removal of Onavo Protect, Facebook was still aggressively collecting data on its competitors via Apple’s iOS platform. “I have never seen such open and flagrant defiance of Apple’s rules by an App Store developer,” Strafach concluded. Now that Facebook has ceased the program on iOS and its Android future is uncertain, it may either have to invent new ways to surveil our behavior amidst a climate of privacy scrutiny, or be left in the dark.
Nintendo is adding paid memberships to Animal Crossing: Pocket Camp
Nintendo plans to launch paid subscription memberships for its smartphone game Animal Crossing: Pocket Camp later this week, according to an in-game news update. The company says one plan lets you “appoint one lucky animal as your camp caretaker and get some extra help around the campsite,” while with another you’ll “receive fortune cookies and store your furniture and clothing items in warehouses.”
Nintendo released its latest mobile game, Mario Kart Tour, last month with a surprising optional subscription: a $4.99-a-month “Gold Pass” that unlocks a faster speed mode and gives users access to more in-game items. The company says it will reveal more information about the Animal Crossing memberships in videos that are due to be released on Wednesday.
Despite the hype surrounding Nintendo’s belated decision to start making smartphone games after years of pleas from investors, mobile remains a small part of the company’s overall business. Nintendo doesn’t break out specific mobile sales figures, but in its most recent earnings report said that first-half revenue for mobile and IP licensing totaled 19.9 billion yen. which is up 6.4 percent year-on-year but represents less than five percent of the company’s overall sales.
“[Mario Kart Tour] earnings are also off to a good start,” president Shuntaro Furakawa told investors at the financial results briefing after commenting on the game’s download figures. “In addition to randomized items, we have created opportunities to generate revenue such as the Gold Pass subscription to meet the various needs of consumers, allowing them to enjoy the game. By including these mechanics and multiplayer functionality, we want to make it an attractive application that will be enjoyed by consumers in the long-term.”
Nintendo’s mobile games have been hit and miss in terms of both their quality and their financial performance, but if subscriptions are a model that turns out to work, you can expect to see more of them in future titles.
By Sam Byford
Web & Domain Protection Software Market SWOT Analysis by Key Players: Leaseweb, Namecheap, SiteLock, Verisign, Sucuri
The Latest research study released by HTF MI “Global Web & Domain Protection Software Market” with 100+ pages of analysis on business Strategy taken up by key and emerging industry players and delivers know how of the current market development, landscape, technologies, drivers, opportunities, market viewpoint and status. The research study provides estimates for Global Web & Domain Protection Software market Forecasted till 2025*. Some of the Major Companies covered in this Research are ZeroFOX, Comodo, Domain.com, GoDaddy, Register.com, Leaseweb, Namecheap, SiteLock, Verisign, Sucuri, Cloudflare, Pointer Brand Protection, Sasahost, WebARX, AppRiver, Rebel.com
Click here for free sample + related graphs of the report @: https://www.htfmarketreport.com/sample-report/1585651-global-web-domain-protection-software-market
Browse market information, tables and figures extent in-depth TOC on “Web & Domain Protection Software Market by Application (Large Enterprises & Small and Medium-sized Enterprises (SMEs)), by Product Type (, Cloud-Based & On-Premise), Business scope, Manufacturing and Outlook – Estimate to 2025”.
At last, all parts of the Global Web & Domain Protection Software Market are quantitatively also subjectively valued to think about the Global just as regional market equally. This market study presents basic data and true figures about the market giving a general assessable analysis of this market based on market trends, market drivers, constraints and its future prospects. The report supplies the worldwide monetary challenge with the help of Porter’s Five Forces Analysis and SWOT Analysis.
On the basis of report- titled segments and sub-segment of the market are highlighted below:
Global Web & Domain Protection Software Market By Application/End-User (Value and Volume from 2019 to 2025) : Large Enterprises & Small and Medium-sized Enterprises (SMEs)
Market By Type (Value and Volume from 2019 to 2025) : , Cloud-Based & On-Premise
Global Web & Domain Protection Software Market by Key Players: ZeroFOX, Comodo, Domain.com, GoDaddy, Register.com, Leaseweb, Namecheap, SiteLock, Verisign, Sucuri, Cloudflare, Pointer Brand Protection, Sasahost, WebARX, AppRiver, Rebel.com
Geographically, this report is segmented into some key Regions, with manufacture, depletion, revenue (million USD), and market share and growth rate of Web & Domain Protection Software in these regions, from 2012 to 2022 (forecast), covering China, USA, Europe, Japan, Korea, India, Southeast Asia & South America and its Share (%) and CAGR for the forecasted period 2019 to 2025.
Informational Takeaways from the Market Study: The report Web & Domain Protection Software matches the completely examined and evaluated data of the noticeable companies and their situation in the market by plans for different clear tools. The measured tools including SWOT analysis, Porter’s five powers analysis, and assumption return debt were utilized while separating the improvement of the key players performing in the market.
Key Development’s in the Market: This segment of the Web & Domain Protection Software report fuses the major developments of the market that contains confirmations, composed endeavors, R&D, new thing dispatch, joint endeavours, and relationship of driving members working in the market.
To get this report buy full copy @: https://www.htfmarketreport.com/buy-now?format=1&report=1585651
Some of the important question for stakeholders and business professional for expanding their position in the Global Web & Domain Protection Software Market :
Q 1. Which Region offers the most rewarding open doors for the market in 2019?
Q 2. What are the business threats and variable scenario concerning the market?
Q 3. What are probably the most encouraging, high-development scenarios for Web & Domain Protection Software movement showcase by applications, types and regions?
Q 4.What segments grab most noteworthy attention in Web & Domain Protection Software Market in 2019 and beyond?
Q 5. Who are the significant players confronting and developing in Web & Domain Protection Software Market?
For More Information Read Table of Content @: https://www.htfmarketreport.com/reports/1585651-global-web-domain-protection-software-market
Key poles of the TOC:
Chapter 1 Global Web & Domain Protection Software Market Business Overview
Chapter 2 Major Breakdown by Type [, Cloud-Based & On-Premise]
Chapter 3 Major Application Wise Breakdown (Revenue & Volume)
Chapter 4 Manufacture Market Breakdown
Chapter 5 Sales & Estimates Market Study
Chapter 6 Key Manufacturers Production and Sales Market Comparison Breakdown
Chapter 8 Manufacturers, Deals and Closings Market Evaluation & Aggressiveness
Chapter 9 Key Companies Breakdown by Overall Market Size & Revenue by Type
Chapter 11 Business / Industry Chain (Value & Supply Chain Analysis)
Chapter 12 Conclusions & Appendix
Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia.
BY SYLVIA SANCHEZ
Social networks have been weaponized for the impeachment hearings
Impeachment hearings got underway in the House of Representatives this week, as you likely noticed from the wall-to-wall coverage. The process involves the sort of high-stakes, highly partisan events that naturally dominate social feeds. What television was to impeachment in the 1970s and 1990s, Facebook and Twitter — and YouTube and maybe TikTok — will be to impeachment in 2019.
The hearings on President Donald Trump’s apparent attempted bribery of Ukraine won’t be the first time a president has had to contend with, or benefit from, a hyper-partisan media. Conservative talk radio and Fox News were in full swing when Bill Clinton was impeached in 1998, even if their rhetoric looks quaint by today’s standard. But the World Wide Web was in its infancy, and the world was then still innocent of algorithmically sorted news feeds, partisan bot armies, and state-sponsored meme warfare.
Not anymore. If the first day of hearings is any indication, social networks promise to play a powerful role in shaping the way that impeachment hearings are understood by Americans. They are also playing a powerful role in shaping the hearings themselves.
As Ryan Broderick documented at BuzzFeed, Republican lawmakers used their time during Wednesday’s hearing to promote discredited conspiracy theories that are popular on right-wing message boards:
There is one America that believes what was in former FBI director Robert Mueller’s report, that there was coordinated Russian interference in the 2016 presidential election, which helped the Trump campaign. But there is a second America that believes that in the summer of 2016, the Democratic National Committee colluded with Ukrainian nationals to frame the Trump campaign for collusion with Russia, implicating a Ukrainian American DNC contractor, Alexandra Chalupa, in the collusion and the California-based cybersecurity firm CrowdStrike in the subsequent cover-up.
This unfounded theory has been propped up by a 2017 Politico story; reporting from right-wing political commentator John Solomon published earlier this year in the Hill; Attorney General Bill Barr’s summer travels; the yearlong personal investigation into Ukraine conducted by Rudy Giuliani, a lawyer working for Trump; and coverage from Fox News and conservative news sites. All of that came into play during Wednesday’s hearing, sometimes implicitly and sometimes explicitly.
After Republican members of Congress promoted these various smokescreens, right-wing media universally dismissed the hearing — either as an absurd exercise led by clowns, or as an outrageous abuse of power. Brian Stelter described the atmosphere on cable news:
Here’s what else I heard: Wednesday’s hearing was a bust. It was all just hearsay. It was a “disaster” for the Democrats and a “great day” for the Republicans. Impeachment is “stupid.” Impeachment is “fake.” There’s nothing impeachable here. There’s no reason to hold hearings. This inquiry needs to stop right now.
The message was one-sided and overwhelming. Every host and practically every guest said the Republican tribe is winning and the Democrat tribe is losing. I’m sure the president loved watching every minute of it. That’s one of the reasons why this right-wing rhetoric matters so much — because it is reassuring and emboldening Trump.
Meanwhile, if you’re reading the New York Times or watching CNN, you’re getting the sense that the case against Trump is a slam dunk, with multiple people having heard the president directly pressure his ambassador to the European Union to pursue a bribery plot. As Ezra Klein wrote recently, this impeachment is “the easiest possible test case for can our system hold a president accountable.” And yet with something like 40 percent of the country living in an alternate media universe, the basic, actual facts of the case may never penetrate into their reality.
Of course, that fear was one of the best reasons for Democrats to initiate impeachment proceedings in the first place: Show people real witnesses answering important questions over a long enough period of time — train everyone’s eyes on the same set of facts — and maybe a greater consensus will emerge.
Time will tell if they succeed. In the meantime, impeachment has proven to be big business on Facebook — where politicians are taking out highly partisan ads consistent with their respective worldviews. Emily Stewart and Rani Molla have a thorough walkthrough of how impeachment is playing out on Facebook, with Trump and Sen. Elizabeth Warren using ads to fire up their base and build their donor rolls; Tom Steyer using impeachment as a signature issue to promote his presidential candidacy; and a spice company buying tens of thousands of dollars worth of pro-impeachment advertising because they spread farther on Facebook than non-impeachment ads, resulting in a better return on investment.
Much of the debate about whether Facebook should allow political advertising noted that it represents a small fraction of the company’s business. But as the Vox writers note, that doesn’t mean it’s an insignificant business:
Facebook itself has grown into a formidable political platform in recent years, with campaigns and outside groups spending $284 million on the platform during the midterm elections, according to a report by Tech for Campaigns, a nonprofit that helps political campaigns with digital tools. While that’s just a small share of Facebook’s overall ad revenue, it’s a growing chunk of what campaigns are spending to reach constituents.
As impeachment hearings intensify, it seems likely politicians’ spending on Facebook ads will increase. And a good number of those ads, like so much about impeachment in 2019, will seem to have been created in a parallel world. In many ways, they were.
read more theverge.com
By Casey Newton
Nintendo is adding paid memberships to Animal Crossing: Pocket Camp
Lyft Is Another Step Closer to Driverless Ridesharing
Three separate homicides across city this weekend under investigation
Entertainment2 years ago
Entertainment2 years ago
The New York Times best-seller list
MTA News2 years ago
LIRR Weekend Parking Guide
MTA News10 months ago
Advocates: MTA Board Must Get Moving On Congestion Pricing Details
Uncategorized2 years ago
MTA launches new site and Mymta app, looking for feedback
MTA News2 years ago
Access-a-Ride needs access to bus lanes
Entertainment2 years ago
Transportation Alternatives bike month sponsored by Kiwi Energy
MTA News2 years ago
Man hit by falling debris at Brooklyn subway station