Facebook’s new policy Supreme Court could override Zuckerberg

A real check to Facebook CEO Mark Zuckerberg’s control is finally coming in the form of a 11- to 40-member Oversight Board that will review appeals to its policy decisions like content takedowns and make recommendations for changes. Today Facebook released the charter establishing the theoretically independent Oversight Board, with Zuckerberg explaining that when it takes a stance, “The board’s decision will be binding, even if I or anyone at Facebook disagrees with it.”

Slated to be staffed up with members this year who will be paid by a Facebook established trust (the biggest update to its January draft charter), the Oversight Board will begin judging cases in the first half of 2020. Given Zuckerberg’s overwhelming voting control of the company, and the fact that its board of directors contains many loyalists like COO Sheryl Sandberg and investor Peter Thiel who he’s made very rich, the Oversight Board could ensure the CEO doesn’t always have the final say in how Facebook works.

But in some ways, the committee could serve to shield Zuckerberg and Facebook from scrutiny and regulation much to their advantage. The Oversight Board could remove total culpability for policy blunders around censorship or political bias from Facebook’s executives. It also might serve as a talking point towards the FTC and other regulators investigating it for potential anti-trust violations and other malpractice, as the company could claim the Oversight Board means it’s not completely free to pursue profit over what’s fair for society.

One of the most important projects I've worked on over the past couple of years is establishing an independent Oversight…

Posted by Mark Zuckerberg on Tuesday, September 17, 2019

Finally, there remain serious concerns about how the Oversight Board is selected and the wiggle room the charter provides Facebook. Most glaringly, Facebook itself will choose the initial members and then work with them to select the rest of the board, and thereby could avoid adding overly incendiary figures. And it maintains that “Facebook will support the board to the extent that requests are technically and operationally feasible and consistent with a reasonable allocation of Facebook’s resources”, giving it the right to decide if it should apply the precedent of Oversight Board verdicts to similar cases or broadly implement its policy guidance.

How The Oversight Board Works

When a user disagrees with how Facebook enforces its policies, and with the result of an appeal to Facebook’s internal moderation team, they can request an appeal to the oversight board. Examples of potential cases include someone disagreeing with Facebook’s refusal to deem a piece of content as unacceptable hate speech or bullying, its choice to designate a Page as promoting terrorism and remove it, or the company’s decision to leave problematic content such as nudity up because its newsworthy. Facebook can also directly ask the Oversight Board to review policy decisions or specific cases, especially urgent ones with real-world consequences.

Facebook Oversight Board

After Zuckerberg initially laid out a blueprint for the Oversight Board a year ago, Facebook assigned a 100-person team to build out the plan for the board. It held 6 workshops and 22 round-tables plus case review simulations with 650 people from 88 countries.

The board will include a minimum of 11 members but Facebook is aiming for 40. They’ll serve three year terms and a maximum of three terms each as a part-time job, with appointments staggered so there isn’t a full change-over at any time. Facebook is looking for members with a broad range of knowledge, competencies, and expertise who lack conflicts of interest. They’re meant to be “experienced at deliberating thoughtfully and collegially”, “skilled at making and explaining decisions based on a set of policies”, “well-versed on matters relating to digital content and governance”, and “independent and impartial”. 

Facebook will appoint a set of trustees that will work with it to select initial co-chairs for the board, who will then assist with sourcing, vetting, interviewing, and orienting new members. The goal is “broad diversity of geographic, gender, political, social and religious representation”. The trust, funded by Facebook with an as yet undecided amount of capital, will set members’ compensation rate in the near future and oversee term renewals.

Facebook Oversight Board candidate review guide

What Cases Get Reviewed

The board will choose which cases to review based on their significance and difficulty. They’re looking for issues that are severe, large-scale and important for public discourse, while raising difficult questions about Facebook’s policy or enforcement that is disputed, uncertain, or represents tension or trade-offs between Facebook’s recently codified values of authenticity, safety, privacy, and dignity. The board will then create a sub-panel of five members to review a specific case.

The board will be able to question that request that Facebook provide information necessary to rule on the case with a mind to not violating user privacy. They’ll interpret Facebook’s Community Standards and policies and then decide whether Facebook should remove or restore a piece of content and whether it should change how that content was designated.

Once a panel makes a draft decision, it’s circulated to the full board who can recommend a new panel review it if a majority take issue with the verdict. Once they’ve gone through a privacy review to protect the identities of those involved with the case, the decisions will be made public. Those decisions will be archived in a database, and are meant to act as precedent for future decisions. The idea is that the decisions of the board will be binding and implemented by Facebook as long as they don’t require it to violate the law.

Facebook Oversight Board Decisions

 

In a social media world, here’s what you need to know about UGC and privacy

In today’s brand landscape, consumers are rejecting traditional advertising in favor of transparent, personalized and most importantly, authentic communications. In fact, 86% of consumers say that authenticity is important when deciding which brands they support. Driven by this growing emphasis on brand sincerity, marketers are increasingly leveraging user-generated content (UGC) in their marketing and e-commerce strategies.

Correlated with the rise in the use of UGC is an increase in privacy-focused regulation such as the European Union’s industry-defining General Data Protection Regulation (GDPR), the along with others that will go into effect in the coming years, like the California Consumer Protection Act (CCPA), and several other state-specific laws. Quite naturally, brands are asking themselves two questions:

  • Is it worth the effort to incorporate UGC into our marketing strategy?
  • And if so, how do we do it within the rules, and more importantly, in adherence with the expectations of consumers?

Consumers seek to be active participants in their favorite companies’ brand identity journey, rather than passive recipients of brand-created messages. Consumers trust images by other consumers on social media seven times more than advertising.

Additionally, 56% are more likely to buy a product after seeing it featured in a positive or relatable user-generated image. The research and results clearly show that the average consumer perceives content from a peer to be more trustworthy than brand-driven content.

With that in mind, we must help brands leverage UGC with approaches that comply with privacy regulations while also engaging customers in an authentic way.

Influencer vs user: Navigating privacy considerations in an online world

What startup CSOs can learn from three enterprise security experts

How do you keep your startup secure?

That’s the big question we explored at TC Sessions: Enterprise earlier this month. No matter the size, every startup is an enterprise. Every startup will grow in size as it builds out. But as a company expands, that rapid growth can lead to a distraction from the foundational principle of any modern company — keeping it secure.

Security isn’t just a buzzword. As some of the largest companies in Silicon Valley have shown, security can be difficult. From storing passwords in plaintext to data breaches galore, how can startups learn from some of the biggest security lapses in the tech industry’s history?

Our panel consisted of three of the brightest minds in enterprise security: Wendy Nather, head of advisory CISOs at Duo Security, is an enterprise security expert; Martin Casado, general partner at Andreessen Horowitz, is a security and enterprise startup investor; and Emily Heath, United’s chief information security officer, oversees the security operations of the largest U.S. airlines.

This is what advice they had.

Security from the very start

Facebook rolls out new video tools, plus Instagram and IGTV scheduling feature

Facebook on Monday announced a number of updates aimed at video creators and publishers, during a session at the International Broadcasting Convention (IBC) taking place in Amsterdam. The updates involve changes to live video broadcasting, Facebook’s Watch Party, and Creator Studio, and they include enhancements to tools, expanded feature sets, and improved analytics, among other things.

The highlights include better ways to prep for and simulcast live broadcasts, ways to take better advantage of Watch Party events, new metrics to track video performance, and a much-anticipated option to schedule Instagram/IGTV content for up to six months’ in advance.

Live Video

facebook live studio

In terms of live video, Facebook says it listened to feedback from those who have been broadcasting live on its platform, and is now rolling out several highly-requested features to Facebook Pages (not Profiles.) The changes are an attempt to better accommodate professional broadcasters who want to use Facebook’s live broadcasting capabilities instead of or in addition to other platforms, like YouTube.

Through the Live API, publishers can now use a “rehearsal” feature to broadcast live only to Page admins and editors in order to test new production setups, interactive features, and show formats before going live to a full audience. QVC has tested this feature, as they broadcast live on Facebook for hundreds of hours per month, and have wanted to try out new workflows and formats.

Publishers will also be able to trim the beginning and end of a live video, and can live broadcast for as long as 8 hours — double the previous limit of 4 hours.

This latter capability has already been used by NASA, who broadcast an 8-hour long spacewalk, for example, and it also leaves room for broadcasting things like live sports, news events, and Twitch-like gaming broadcasts.

Most notably, perhaps, is that the company realizes live broadcasters need to serve their audiences outside of Facebook. Now, publishers will be able to use apps that let them stream to more than one streaming service at once, by simulcasting via the Live API.

Live video recently rolled out to Facebook Lite, as well, the company also noted.

watch party facebook

Watch Party

Facebook additionally announced a few new updates for its co-watching feature, Watch Party, which include the ability for Pages to schedule a party in advance to build anticipation, support for “replays” that will let others enjoy the video after airing, the ability to tag business partners in branded content, and new analytics.

As for the latter, two new metrics are being added to Creator Studio: Minutes Viewed and Unique 60s Viewers (total number of unique users that watched at least 60 seconds in a Watch Party.) These complement existing metrics like reach and engagement.

The Live Commenting feature, which allows a host to go live in a Watch Party to share their own commentary, is also now globally available.

Creator Studio

And wrapping all this up is an update to Creator Studio, which is what publishers use to post, manage, monetize and measure their content across both Facebook and Instagram.

Creator Studio Loyalty

The dashboard will soon add a new visualization layer in Loyalty Insights to help creators see which videos loyal fans want to see, by measuring which videos drive return viewers.

A new Distribution metric will score each video’s performance based on the Page’s historic average on a range of metrics, including: 1 Minute Views, Average Minutes Watched, and Retention. This feature, rolling out in the next few months, will offer an easy-to-read snapshot of a video’s performance.

Creator Studio Distribution

Creator Studio will also now support 13 more languages for auto-captioning: Arabic, Chinese, German, Hindi, Italian, Malay, Russian, Tagalog, Tamil, Thai, Turkish, Urdu, and Vietnamese. These are in addition to those languages already available, which included English, French, Portuguese and Spanish.

Instagram & IGTV Scheduling 

And finally, publishers and creators will be able to publish and schedule their Instagram Feed and IGTV content for up to 6 months. In a few more months, Instagram Feed and IGTV drafting and editing will also become available, the company says.

This feature was already spotted in the wild before today’s announcement, and sent the social media management and influencer community abuzz. It also follows an update to the Instagram API last year to allow scheduling by third-party applications. However, a native feature is not as limited as some of those other options.

The feature is now open to all creators and publishers with Facebook Pages, whereas before some were seeing it labeled only as “coming soon” or were not able to get it working. Story scheduling is not yet included here, but it wouldn’t be surprising to see it added further down the road.

 

 

Get popcorn for iOS 13’s privacy pop-ups of creepy Facebook data grabs

Privacy-minded changes to smartphone operating systems which foreground the background activity of third party apps are helping to spotlight more of the surveillance infrastructure deployed by adtech giants to track and profile human eyeballs for profit.

To wit: iOS 13, which will be generally released later this week, has already been spotted catching Facebook’s app trying to use Bluetooth to track nearby users.

facebook BT

Why might Facebook want to do this? Matching Bluetooth (and wif-fi) IDs that share physical location could allow it to supplement the social graph it gleans by data-mining user-to-user activity on its platform.

Such location tracking provides a physical confirm that individuals were (at very least) in close proximity.

Combined with personal data Facebook also holds on people, and contextual data on the nature of the location itself — a bar, say, or a house — there’s a clear path for the company to make inferences about the nature of the relationship between the people who it’s repurposed short range wireless tech to determine are in close contact.

For a company that makes money by serving targeted ads at humans there are clear commercial reasons for Facebook to seek to intimately understand people’s friend networks.

Facebook piggybacking on people’s use of Bluetooth for benign purposes like pairing devices so that its ad business can ‘pair’ people is the sneaky modus operandi that iOS 13 has caught in the act here.

Ads are Facebook’s business, as CEO Mark Zuckerberg famously told the senate last year. But it’s worth noting the social network giant recently sought to push into the dating space — giving it a fresh, product-based incentive to pry into where and with whom humans are spending their time.

Algorithmic matchmaking based on cold signals like shared interests (in basic Facebook currency this might mean stuff like liking the same pages and events) is of course nothing new.

Yet mix in hot-blooded signals gathered by watching who actually mingles with whom, where and when — by repurposing Bluetooth to harvest interpersonal interactions via tracking people’s physical movements — and Facebook can take its curtain-twitching surveillance of human behavior to the next level.

The path of least resistance to tracking people’s movements is if Facebook app users are opting in to location tracking on their devices. Which means users enabling Location Services — a location tracking feature on smartphones that covers GPS, Bluetooth and crowd-sources wi-fi hotspots and mobile cell towers.

Unsurprisingly, then Facebook Dating requires Location Services to be enabled to function. The company confirmed to us that the Facebook app prompts dating users to enable Location Services if they haven’t already. Facebook also told us it doesn’t use wi-fi or Bluetooth to determine a person’s precise location if a user has Location Services turned off.

It also made a point of emphasizing that users can switch Location Services off at any time. Just not if they wish to use, er, Facebook Dating…

As per usual the company is tangling separate purposes for data processing in a way that denies people a meaningful choice over protecting their privacy. Hence Facebook dating users get to ‘choose’ between being able to use the service; or being able to blanket-deny Facebook the ability to track their physical movements. Like it or lump it.

iOS 13’s new privacy pop-ups to call out background app activity are a clear response to such disingenuous methods by an industry Apple CEO Tim Cook has dubbed the data industrial complex — putting a degree of control back in the hands of the user, who gets a third choice of manually disallowing Bluetooth proximity tracking (in the above example).

Android 10 has also recently expanded the location tracking controls it offers users — with the ability to only share location data with apps while you use them. Though Google’s OS lags far behind what Apple is now offering with these granular pop-ups.

Facebook has responded to awkward (for it) privacy changes incoming at the smartphone OS level by putting out an update on location services last week — where it seeks to get ahead of the deluge of data-grab warnings that iOS users of the Facebook app are likely to experience as they update to iOS 13.

Here it tries to spin Apple’s pro-active foregrounding of apps’ background tracking tactics via push notifications as “reminders” — in just one amusing rebrand.

But in a truly shameless contradiction Facebook also goes on to claim that: “You’re in control of who sees your location on Facebook” (because it says users can make use of the Location Services setting on a phone or tablet to deny tracking) — before admitting that switching off Location Services doesn’t actually mean Facebook will not track your location.

Just because you’re signalling very clearly to Facebook that you don’t want your location to be collected by Facebook doesn’t mean Facebook is going to respect that. Hell no!

“We may still understand your location using things like check-ins, events and information about your internet connection,” it writes. (For a clearer understanding of Facebook’s use of the word “understand” in that sentence we suggest you try substituting the word “steal”.)

In a final shameless kicker — in which Facebook almost appears to be trying to claim credit for smartphone OSes building more privacy features in response to its data grabs — the company seeks to finish on a forward-gazing note, per its preferred crisis PR custom, writing: “We’ll continue to make it easier for you to control how and when you share your location.”

Facebook dishing out misleading qualifications (e.g. “easier”) that whitewash the extent of its rampant data grabs is nothing new. But how much longer it can hope to rely on such flimsy figleaves to cover its privacy sins as the winds of change come rattling through remains to be seen…

Get popcorn for iOS 13’s privacy pop-ups of creepy Facebook data grabs

Privacy-minded changes to smartphone operating systems which foreground the background activity of third party apps are helping to spotlight more of the surveillance infrastructure deployed by adtech giants to track and profile human eyeballs for profit.

To wit: iOS 13, which will be generally released later this week, has already been spotted catching Facebook’s app trying to use Bluetooth to track nearby users.

facebook BT

Why might Facebook want to do this? Matching Bluetooth (and wif-fi) IDs that share physical location could allow it to supplement the social graph it gleans by data-mining user-to-user activity on its platform.

Such location tracking provides a physical confirm that individuals were (at very least) in close proximity.

Combined with personal data Facebook also holds on people, and contextual data on the nature of the location itself — a bar, say, or a house — there’s a clear path for the company to make inferences about the nature of the relationship between the people who it’s repurposed short range wireless tech to determine are in close contact.

For a company that makes money by serving targeted ads at humans there are clear commercial reasons for Facebook to seek to intimately understand people’s friend networks.

Facebook piggybacking on people’s use of Bluetooth for benign purposes like pairing devices so that its ad business can ‘pair’ people is the sneaky modus operandi that iOS 13 has caught in the act here.

Ads are Facebook’s business, as CEO Mark Zuckerberg famously told the senate last year. But it’s worth noting the social network giant recently sought to push into the dating space — giving it a fresh, product-based incentive to pry into where and with whom humans are spending their time.

Algorithmic matchmaking based on cold signals like shared interests (in basic Facebook currency this might mean stuff like liking the same pages and events) is of course nothing new.

Yet mix in hot-blooded signals gathered by watching who actually mingles with whom, where and when — by repurposing Bluetooth to harvest interpersonal interactions via tracking people’s physical movements — and Facebook can take its curtain-twitching surveillance of human behavior to the next level.

The path of least resistance to tracking people’s movements is if Facebook app users are opting in to location tracking on their devices. Which means users enabling Location Services — a location tracking feature on smartphones that covers GPS, Bluetooth and crowd-sources wi-fi hotspots and mobile cell towers.

Unsurprisingly, then Facebook Dating requires Location Services to be enabled to function. The company confirmed to us that the Facebook app prompts dating users to enable Location Services if they haven’t already. Facebook also told us it doesn’t use wi-fi or Bluetooth to determine a person’s precise location if a user has Location Services turned off.

It also made a point of emphasizing that users can switch Location Services off at any time. Just not if they wish to use, er, Facebook Dating…

As per usual the company is tangling separate purposes for data processing in a way that denies people a meaningful choice over protecting their privacy. Hence Facebook dating users get to ‘choose’ between being able to use the service; or being able to blanket-deny Facebook the ability to track their physical movements. Like it or lump it.

iOS 13’s new privacy pop-ups to call out background app activity are a clear response to such disingenuous methods by an industry Apple CEO Tim Cook has dubbed the data industrial complex — putting a degree of control back in the hands of the user, who gets a third choice of manually disallowing Bluetooth proximity tracking (in the above example).

Android 10 has also recently expanded the location tracking controls it offers users — with the ability to only share location data with apps while you use them. Though Google’s OS lags far behind what Apple is now offering with these granular pop-ups.

Facebook has responded to awkward (for it) privacy changes incoming at the smartphone OS level by putting out an update on location services last week — where it seeks to get ahead of the deluge of data-grab warnings that iOS users of the Facebook app are likely to experience as they update to iOS 13.

Here it tries to spin Apple’s pro-active foregrounding of apps’ background tracking tactics via push notifications as “reminders” — in just one amusing rebrand.

But in a truly shameless contradiction Facebook also goes on to claim that: “You’re in control of who sees your location on Facebook” (because it says users can make use of the Location Services setting on a phone or tablet to deny tracking) — before admitting that switching off Location Services doesn’t actually mean Facebook will not track your location.

Just because you’re signalling very clearly to Facebook that you don’t want your location to be collected by Facebook doesn’t mean Facebook is going to respect that. Hell no!

“We may still understand your location using things like check-ins, events and information about your internet connection,” it writes. (For a clearer understanding of Facebook’s use of the word “understand” in that sentence we suggest you try substituting the word “steal”.)

In a final shameless kicker — in which Facebook almost appears to be trying to claim credit for smartphone OSes building more privacy features in response to its data grabs — the company seeks to finish on a forward-gazing note, per its preferred crisis PR custom, writing: “We’ll continue to make it easier for you to control how and when you share your location.”

Facebook dishing out misleading qualifications (e.g. “easier”) that whitewash the extent of its rampant data grabs is nothing new. But how much longer it can hope to rely on such flimsy figleaves to cover its privacy sins as the winds of change come rattling through remains to be seen…

How to get people to open your emails

We’ve aggregated the world’s best growth marketers into one community. Twice a month, we ask them to share their most effective growth tactics, and we compile them into this Growth Report.

This is how you’re going stay up-to-date on growth marketing tactics — with advice you can’t get elsewhere.

Our community consists of 600 startup founders paired with VP’s of growth from later-stage companies. We have 300 YC founders plus senior marketers from companies including Medium, Docker, Invision, Intuit, Pinterest, Discord, Webflow, Lambda School, Perfect Keto, Typeform, Modern Fertility, Segment, Udemy, Puma, Cameo, and Ritual .

You can participate in our community by joining Demand Curve’s marketing webinars, Slack group, or marketing training program. See past growth reports here and here.

Without further ado, onto the advice.


How can you send email campaigns that get opened by 100% of your mailing list?

Based on insights from Nick Selman, Fletcher Richman of Halp, and Wes Wagner.

  • First, a few obvious pieces of advice for avoiding low open rates:
    • Avoid spam filters by avoiding keywords commonly used in spam emails.
    • Consider using email subjects (1) that are clearly descriptive and (2) look like they were written by a friend. Then A/B your top choices.
    • Include the recipient’s name in your email body. This signals to spam filters that you do in fact know the recipient.
  • Now, for the real advice: Let’s say 60% of your audience opens your mailing, how can you get the remaining 40% to open and read it too?
    • First, wait 2 weeks to give everyone a chance to open the initial email.
    • Next, export a list of those who haven’t opened. Mailchimp lets you do this.
    • Important note: The reason many recipients don’t open your email is because it was sent to Spam, it was buried in Promotions, or it was insta-deleted because it looked like spam (but wasn’t). The goal here is to resuscitate these people. You have two options for doing so:
    • (1) Duplicate the initial email then selectively re-send it to non-openers. This time, use a new subject (try a new hook) and downgrade the email to plain text: remove images and link tracking. De-enriching the email in this way can help bypass spam filters and the Promotions tab.
    • (2) Alternatively, export your list of non-openers to a third-party email tool like Mailshake (or Mixmax).
      • First, connect Mailshake to a new Gmail account on your company domain.
      • Next, configure Mailshake to automatically dole out small batches of emails on a daily schedule. Let it churn through non-openers slowly so that Gmail doesn’t flag your account as a spammer.
      • Emails sent through Mailshake are more likely to get opened than emails sent through Mailchimp. Why? Mailshake sends emails through your Gmail account, and Gmail-to-Gmail emails have a greater chance of bypassing Spam and Promotions folders, particularly if the sender doesn’t have a history of its emails being marked as spam.

How to get your ads working, and whether PR is worth it

We’ve aggregated the world’s best growth marketers into one community. Twice a month, we ask them to share their most effective growth tactics, and we compile them into this Growth Report.

This is how you’re going stay up-to-date on growth marketing tactics — with advice you can’t get elsewhere.

Our community consists of 600 startup founders paired with VP’s of growth from later-stage companies. We have 300 YC founders plus senior marketers from companies including Medium, Docker, Invision, Intuit, Pinterest, Discord, Webflow, Lambda School, Perfect Keto, Typeform, Modern Fertility, Segment, Udemy, Puma, Cameo, and Ritual.

You can participate in our community by joining Demand Curve’s marketing webinars, Slack group, or marketing training programSee past growth reports here.

Without further ado, onto the advice.


How to get customer testimonials from hard-to-reach executives

Based on insights from Guillaume Cabane.

A customer testimonial from a well-known executive may be the social proof that improves conversion rates on your landing pages or in sales collateral. But executives of reputable companies are generally busy and difficult to reach.

Here’s how to get the testimonial:

  • Contract with a freelance journalist who’s written for a reputable publication like the New York Times.
  • Reach out to your executive customers with something like “Hey, we have a journalist who has previously written for NYT who’s interested in speaking to a few of our customers for a piece. Do you have 15 minutes for a quick call?”
  • For $200 in freelancer time, you get a testimonial you can use (in the words you want) from a reputable executive. Be sure to figure out some way to make it worth the executive’s time.

Tech startups want to destigmatize sex

Sex, despite being one of the most fundamental human experiences, is still one of those businesses that some advertisers reject, banks are hesitant to financially support and some investors don’t want to fund.

Given how sex is such a huge part of our lives, it’s no surprise founders are looking to capitalize on the space. But the idea of pleasure versus function, plus the stigma still associated with all-things sex, is at the root of the barriers some startup founders face.

Just last month, Samsung was forced to apologize to sextech startup Lioness after it wrongfully asked the company to take down its booth at an event it was co-hosting. Lioness is a smart vibrator that aims to improve orgasms through biofeedback data.

Sextech companies that relate to the ability to reproduce or, the ability to not reproduce, don’t always face the same problems when it comes to everything from social acceptance to advertising to raising venture funding. It seems to come down to the distinction between pleasure and function, stigma and the patriarchy. 

This is where the trajectories for sextech startups can diverge. Some startups have raised hundreds of millions from traditional investors in Silicon Valley while others have struggled to raise any funding at all. As one startup founder tells me, “Sand Hill Road was a big no.”

A market worth billions or trillions?

Web feature developers told to dial up attention on privacy and security

Web feature developers are being warned to step up attention to privacy and security as they design contributions.

Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy Interest Group (PING) set out a series of revisions to the W3C’s Security and Privacy Questionnaire for web feature developers.

The questionnaire itself is not new. But the latest updates place greater emphasis on the need for contributors to assess and mitigate privacy impacts, with developers warned that “features may not be implemented if risks are found impossible or unsatisfactorily mitigated”.

In the blog post, independent researcher Lukasz Olejnik, currently serving as an invited expert at the W3C TAG; and Apple’s Jason Novak, representing the PING, write that the intent with the update is to make it “clear that feature developers should consider security and privacy early in the feature’s lifecycle” [emphasis theirs].

“The TAG will be carefully considering the security and privacy of a feature in their design reviews,” they further warn, adding: “A security and privacy considerations section of a specification is more than answers to the questionnaire.”

The revisions to the questionnaire include updates to the threat model and specific threats a specification author should consider — including a new high level type of threat dubbed “legitimate misuse“, where the document stipulates that: “When designing a specification with security and privacy in mind, all both use and misuse cases should be in scope.”

“Including this threat into the Security and Privacy Questionnaire is meant to highlight that just because a feature is possible does not mean that the feature should necessarily be developed, particularly if the benefitting audience is outnumbered by the adversely impacted audience, especially in the long term,” they write. “As a result, one mitigation for the privacy impact of a feature is for a user agent to drop the feature (or not implement it).”

Features should be secure and private by default and issues mitigated in their design,” they further emphasize. “User agents should not be afraid of undermining their users’ privacy by implementing new web standards or need to resort to breaking specifications in implementation to preserve user privacy.”

The pair also urge specification authors to avoid blanket treatment of first and third parties, suggesting: “Specification authors may want to consider first and third parties separately in their feature to protect user security and privacy.”

The revisions to the questionnaire come at a time when browser makers are dialling up their response to privacy threats — encouraged by rising public awareness of the risks posed by data leaks, as well as increased regulatory action on data protection.

Last month the open source WebKit browser engine (which underpins Apple’s Safari browser) announced a new tracking prevention policy that takes the strictest line yet on background and cross-site tracking, saying it would treat attempts to circumvent the policy as akin to hacking — essentially putting privacy protection on a par with security.

Earlier this month Mozilla also pushed out an update to its Firefox browser that enables an anti-tracking cookie feature across the board, for existing users too — demoting third party cookies to default junk.

Even Google’s Chrome browser has made some tentative steps towards enhancing privacy — announcing changes to how it handles cookies earlier this year. Though the adtech giant has studiously avoided flipping on privacy by default in Chrome where third party tracking cookies are concerned, leading to accusations that the move is mostly privacy-washing.

More recently Google announced a long term plan to involve its Chromium browser engine in developing a new open standard for privacy — sparking concerns it’s trying to both kick the can on privacy protection and muddy the waters by shaping and pushing self-interested definitions which align with its core data-mining business interests.

There’s more activity to consider too. Earlier this year another data-mining adtech giant, Facebook, made its first major API contribution to Google’s Chrome browser — which it also brought to the W3C Performance Working Group.

Facebook does not have its own browser, of course. Which means that authoring contributions to web technologies offers the company an alternative conduit to try to influence Internet architecture in its favor.

The W3C TAG’s latest move to focus minds on privacy and security by default is timely.

It chimes with a wider industry shift towards pro-actively defending user data, and should rule out any rubberstamping of tech giants contributions to Internet architecture which is obviously a good thing. Scrutiny remains the best defence against self-interest.