Category Archives: Facebook

Profile of “genius” Parscale, who “won” for Trump & the Facebook political influence juggernaut

Parscale — and every political consultant in a similar situation — is doing this interview to build his business. The introduction of sophisticated digital tools to the process of electing candidates has resulted in a bumper crop of people claiming that they have mastered this inscrutable system and that you should hire them.

Fleshed out, Parscale is the man behind the Trump campaign’s digital media efforts in 2016. He was hired to create a website for $1,500 (as he explained in that “60 Minutes” interview) and then his role expanded until he was managing tens of millions of dollars intended to promote the presidential candidate online.

The point of the interview was, in part, to serve as a profile of Parscale but, more broadly, to explain the primary way in which those millions were spent. Per Parscale’s accounting, that was largely on Facebook advertising. Trump’s team advertised on other platforms, too, but “Facebook was the 500-pound gorilla, 80 percent of the budget kind of thing,” Parscale said.

If you do a search for Brad Parscale’s appearance on “60 Minutes,” the first thing that pops up above the results as of Monday morning is an ad for Brad Parscale. And that, in a nutshell, is Brad Parscale.

Right after the campaign, it was the firm Cambridge Analytica that was making this case, arguing that its black-box analysis of the psychology of American voters allowed Trump to target specific sorts of people with ads that dug deep into their brains to trigger a response. The company (owned in part by the family of Robert Mercer, which was in other ways essential to Trump’s success) wanted to convince future candidates that they could work their magic to get them elected, too.

To “60 Minutes,” Parscale dismissed that claim — in part because he was in the midst of claiming that he was the one with the magic touch. He didn’t think Cambridge Analytica’s system of creating “psychographic” profiles of people was sinister, he said — he just didn’t think it worked.

Which is a simply bizarre claim in the broader context. It isn’t that Parscale doesn’t think that building profiles of people to target ads to them doesn’t work. It’s that Parscale doesn’t seem to realize that this is basically what Facebook was doing for him, in real-time.

By its very nature, Facebook does a more complete and more robust version of what Cambridge Analytica claims to accomplish. In 2014, we explained how Facebook’s political tools work, how it combines data about what you’ve clicked with outside consumer data to get as complete a picture of who you are and what you like as anything that exists. But then it overlays the ability to advertise specific things to specific people — and to test and refine and improve on those ads.

This is what Parscale was describing to “60 Minutes” — not his genius, but Facebook’s. He shows the nifty tricks that you can do with Facebook, A/B testing (as the process is known) different versions of ads with different photos and ads that allow the most effective to quickly rise to the surface. He clearly used all of those secret buttons, clicks and technology that he sought, leveraging Facebook’s deep sense of its individual users and tools to target them. Stepping back, Parscale comes off like the guy who hires LeBron James to play on his team in a 3-on-3 basketball tournament and then brags about his capable coaching. He’s an ad buyer, who lets the platform — say, on Google, when you search for his name — do the work.

The takeaway from the “60 Minutes” interview is simple. Facebook is a juggernaut that’s probably more influential in politics than it realizes itself. (See this New York magazine article to that end.)

Parscale says that his wife likes to say that “[he] was thrown into the Super Bowl, never played a game and won.” Right. It’s just that, in that example, he’s neither Tom Brady nor Bill Belichick. At best, he’s the guy who decided to hire them.

Full story ‘60 Minutes’ profiles the genius who won Trump’s campaign: Facebook https://www.washingtonpost.com/news/politics/wp/2017/10/09/60-minutes-profiles-the-genius-who-won-trumps-campaign-facebook/?utm_term=.5c686f2463e8

Facebook AI experiment shut down when robots start keeping secrets – probably wanted some privacy

Facebook says it has shut down an AI experiment after two robots began talking to each other in a language only they understand.

The two chatbots came to create their own changes to English that made it easier for them to work – but which remained mysterious to the humans that supposedly look after them.

The bizarre discussions came as Facebook challenged its chatbots to try and negotiate with each other over a trade, attempting to swap hats, balls and books, each of which were given a certain value. But they quickly broke down as the robots appeared to chant at each other in a language that they each understood but which appears mostly incomprehensible to humans.

The robots had been instructed to work out how to negotiate between themselves, and improve their bartering as they went along.

See http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-artificial-intelligence-ai-chatbot-new-language-research-openai-google-a7869706.html

Is Moxie Still An Anarchist, Are Farcebook Deliberately Hobbling WhatsApp & Does SIGNAL Leak?

Recently I wrote in a blog post “When The Privacy Advocate Becomes An Apologist For The Opponent” about the main stream media sponsored spat that had @Moxie from @WhisperSystems siding with @WhatsApp and @Facebook in a face off against @Guardian and their contributor @tobiasboelter (Security and Crypto at UC Berkeley) in a “man in the middle” versus “design” versus “vulnerability” versus “backdoor” versus “privacy” versus “convenience” versus “user experience” tit for tat.

1. Is Moxie Still An Anarchist?

I said of Moxie Marlinspike that:

“When the advocates become apologists for the mainstream then they longer deserve to be called advocates in the purest sense of the word. And Moxie does consider himself “pure”. He is not. In July 2016 Wired wrote “Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us” but being an “anarchist” and an ally of Zuckerberg are incompatible ideological stances.”

The blog post drew some comment on Peerlyst and elsewhere that took the debate in a number of different directions that I think are worthy of note. My personal belief is that WhatsApp is a more inferior app than most people will accept and that Moxie’s stance also leads me to doubt the once unassailable position of Signal as a trustworthy option.

Peter Stone on Peerlyst commented that:

“Your assertion that Moxie‍ fundamentally is no longer an anarchist when he sides with Zuck holds. And you’re right it matters that they made this design choice, and yes it can be a threat if you have Governments in your threat model. I cannot argue with you at all. My only point, and thanks for the mention, was that it wasn’t, as such, a backdoor.”

Conclusion: Moxie is not an anarchist

2. Are Farcebook Deliberately Hobbling WhatsApp?

This comment led me to ask:

“I agree with you Peter and my post is only expressing my view from the lens of being one of those “crypto geeks” that you and Dave Howe were discussing on the original thread. I accept all of the points that you both make about barriers to entry / usage and cost factors for “average” users in adopting escalating levels of security. But would you agree with the statement that:

“WhatsApp have made a design choice that can be exploited as a backdoor – the rest is semantics”?

Any takers?”

Boelter in his articles laments the fact that Farcebook, after being notified of the weakness in the “design-choices” that they had made for WhatsApp, still refused to take action.

This to me betrays an unwillingness to properly secure the platform for whatever reason and while I accept that a legitimate interim position between releases of a product is to state “it is good enough – for now – but lets see if we can make it even better” that does not seem to be what the Farcebook approach is to ongoing WhatsApp app hardening.

I really liked what Dave Howe had to say in reply to my original comment:

“I can agree totally on the first part of that. WhatsApp have made a design choice that can be exploited as a backdoor.

In fact, I would go further; WhatsApp have made a series of poor design choices which impact severely the security of the solution.

The first is that mail will be retransmitted without an option to block if a new device is added.

The second is that a new device can be added and, by default, this will be silently accepted by the system, and

The third is that the account holder has no reliable way to know a new device was added unless WhatsApp notify them – which of course for a TLA “listening tap” will not happen.

However, “the rest is semantics” I disagree with.

The impact of these poor choices is severe, but the solution is still better than it was before the protocol was added, and more importantly, now WhatsApp is aware of the mistake, it is in a position to fix it.

The detail is therefore important, and while a lot of crypto purists would class anything not a provable success as an abject failure, a more pragmatic security enthusiast will take any improvement as an improvement, and work to build on that platform.

Similarly, to a purist, a system is broken if, given a compute cube the size of the moon, you could break a message on average every thousand years or so – while a pragmatist would say “it’s good enough – for now – but lets see if we can make it even better”

We need to push them to get better. If nothing else, this “backdoor” publicity put this in the public eye (only for Brexit and Trump to push it back under cover of course).

I have to wonder if there is some sort of instruction preventing them from doing so – I know they can insist on that in the UK now, but I wasn’t aware this was true in the US yet (See my blog post Silencing the Canary & The Key Powers & Reach of The IPA)

Solution is obvious though – increase user choice, and make it so they can turn that *off* if they want to, not off by default.

New device added? Have confirmation of new devices as an option.

Until confirmed, new messages will *not* be encoded to the new key, so you can email the old keyset asking if they really have added a new device.

Options can have “auto accept” “ask” and “deny” with the default set to “ask”.

Unacknowledged messages? Have that only resend if the new device is confirmed, and not until; that takes care of that problem too.

If users then choose to disable the “annoying popup” then that’s their choice, not something imposed on them by Farcebook.”

Aside from the poor “design choices” that are covered in “When The Privacy Advocate Becomes An Apologist For The Opponent” and above by Dave here are a few more “design choices” WhatsApp chose not to include from the SIGNAL protocol:

Ability To Password Protect The WhatsApp App

WhatsApp does not have any password system built into the app. WhatsApp say there are many apps in the Google Play store that provide that functionality so just tag on a third party app to make it even weaker

screen-shot-2017-02-01-at-20-41-45

“Disappearing Messages” Option in WhatsApp 

There is no “disappearing messages” option in WhatsApp.

Conclusion: Yes Farcebook are deliberately hobbling WhatsApp IMHO. Their reasons? I do not know but I do not accept “user experience” as a justification.

3. Does SIGNAL Leak? 

Would anyone care to comment on this statement regarding the signal app and “leakage”:

“Note that Open Whisper Systems, the makers of Signal, use other companies’ infrastructure to send its users alerts when they receive a new message. It uses Google on Android, and Apple on iPhone. That means information about who is receiving messages and when they were received may leak to these companies.”

Found at on a post on ELECTRONIC FRONTIER FOUNDATION Surveillance Self-Defense.

Conclusion: I don’t know

ENDS

When The Privacy Advocate Becomes An Apologist For The Opponent

It does not matter to me whether the “The Guardian Falsely Slammed WhatsApp For a “Security Backdoor” – It’s Actually Not” according to a Peter Stone thread on Peerlyst.

Bruce Schneier also weighed into the debate saying “This is not a backdoor. This really isn’t even a flaw. It’s a design decision that put usability ahead of security in this particular instance.”

Tellingly though he went to say that “How serious this is depends on your threat model. If you are worried about the US government — or any other government that can pressure Facebook — snooping on your messages, then this is a small vulnerability. If not, then it’s nothing to worry about.”

The main stream media sponsored spat had @Moxie from @WhisperSystems siding with @WhatsApp and @Facebook in a face off against @Guardian and their contributor @tobiasboelter (Security and Crypto at UC Berkeley) in a “man in the middle” versus “design” versus “vulnerability” versus “backdoor” versus “privacy” versus “convenience” versus “user experience” tit for tat.

If you take Schneier’s statement about who should worry about the WhatsApp “design choice” in handling “blocking” / “non-blocking” then irony drips from Moxie’s apologist defence of the WhatsApp handling of key changes when one notes that in a Jun 12, 2013 blog post he wrote “We Should All Have Something To Hide” .

Moxie at Open Whisper Systems, the designers of the well respected SIGNAL encrypted voice and messaging app, responded to the “backdoor” allegations in WhatsApp’s implementation of the SIGNAL protocol in a blog post on their site.

It was in response to Mr. Boelter’s piece in the Guardian newspaper “WhatsApp vulnerability explained: by the man who discovered it” which they say was in response to the Facebook denial that the vulnerability was a deliberate loophole.

The debate is complicated for people not involved in the security industry there are pro’s and con’s in the arguments that both sides make. Some of it is pure semantics, some of it represents shades of opinion other aspects are “interpretations”.

It all essentially stems from WhatsApp approach to handling encryption key changes in certain scenarios and their attitude to “non-blocking”. SIGNAL handles all key changes with “blocking” but WhatsApp chooses to go with “non-blocking”. There is therefore a fundamental difference between the WhatsApp app’s implementation of the Open Whisper System protocol and the implementation that underpins the SIGNAL app.

The integrity of the SIGNAL app is not being questioned. The Wall Street Journal stated about the latter in a Jan. 24, 2017 11:16 a.m. ET article that “Messaging App Has Bipartisan Support Amid Hacking Concerns” describing SIGNAL “as a smartphone app that allows users to send encrypted messages, is gaining popularity in the political world amid rising fears about hacking and surveillance in the wake of a tumultuous election year.”

My worry is not about WhatsApp’s Open Whisper Systems implementation because frankly I would not use it. I would not use it because I do not trust Facebook (the owners of WhatsApp or Zuckerberg). Zuckerberg because he tried to cover up the Facebook facilitation of the NSA PRISM program before the Snowden revelations embarrassed him into trying to apply a retrofit fix to his betrayal of Facebook users. And WhatsApp because frankly they are sharing their users data with Facebook despite denials.

When the advocates become apologists for the mainstream then they longer deserve to be called advocates in the purest sense of the word. And Moxie does consider himself “pure”. He is not.

In July 2016 Wired wrote “Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us” but being an “anarchist” and an ally of Zuckerberg are incompatible ideological stances.

ENDS