Cynthia Lee | Vox

Your Facebook friends could be leaving you vulnerable to major privacy invasions

2018-04-18T20:15:36-04:00

Moving fast — and vacuuming up your data. | Justin Sullivan/Getty Images

Facebook finally released a tool last week allowing users to check if their personal data was compromised by Cambridge Analytica, the shady British firm that used such data to “psychologically profile” potential voters. I took a deep breath, clicked, and was greeted with good news: “Based on our available records, neither you nor your friends logged in to ‘This Is Your Digital Life’” — the app that the company used to lure Facebook users into revealing personal data. So my data was not compromised.

There’s an aside in that message that ought to alarm every Facebook user: the phrase “neither you nor your friends.” And indeed, many Facebook users who checked their status were greeted by a different message: “You don’t appear to have logged into ‘This Is Your Digital Life’ … [h]owever, a friend of yours did.” That means their data was collected, although they (wisely) had not personally enabled the app.

That’s because even a user with stringent privacy control practices, but who has friends who were less careful, could have ended up with Cambridge Analytica collecting private information like their phone number, who their family members are, all the places they’ve “checked in,” and which groups they’ve joined — including those whose very names and subjects might reveal private information, such as support groups for health conditions.

And really, who can trust that none of their hundreds of friends is careless? All of us have that one uncle who responds to “Nigerian prince” emails, or the high school friend who has never met a personality quiz they didn’t take. Unfortunately, the way Facebook’s privacy controls were set up prior to 2014 made it effectively impossible for even the most conscientious Facebook user to protect themselves against the data leakage one friend could cause.

And despite many rounds of revisions and overhauls over the years, Facebook privacy controls still leave many things outside users’ control. Too many users still don’t realize just how vulnerable their data is to their friends’ third-party apps.

Mark Zuckerberg was scheduled to meet this week with the European Commission vice president in charge of digital issues, Andrus Ansip. Here’s some of the problematic history — and continuing problematic behavior — that Ansip, not to mention US regulators, might want to zero in on:

Facebook opened the privacy floodgates with apps

Remember how annoying the days of unfettered apps on Facebook were? Farmville and other games sent a deluge of notifications to friends of players (“Sally Smith sent you a sheep on Farmville!”). Apps incentivized players to grant the app access to their friends’ information by restricting play unless they did so, or by letting the players score higher in the game if they did. But the problem went much deeper than annoyance.

When a player granted an app permission to access their friends, it was all or nothing: The app didn’t just get access to a list of people; it could see everything the player could see — friends’ birthdays, phone numbers, posts, check-ins, groups, and more.

Facebook likes to emphasize the role of user choice in control of privacy settings, but app users may not have realized what they were agreeing to when granting access, and app users’ friends were, of course, not consulted at all.

As a computer scientist, I knew it was foolish to grant that kind of access to dubious quizzes, games, and the like, but I watched in exasperation as my friends eagerly installed them, revealing my information without my consent. I even considered unfriending certain especially app-promiscuous friends, but, realizing this task was Sisyphean, I resigned myself to unwanted and unapproved data leaks.

Facebook might retort that even friends of app users retained some control over their data: If they opted not to let their friends see their birthday or phone number, or even status updates, apps couldn’t see those things either! But many users are on Facebook because they enjoy small pleasures like having their friends send them birthday wishes. Should they have to choose between that pleasure and losing their privacy to third-party developers?

And what is the point of updating a Facebook status if your friends are blocked from seeing it? Yet this was the “choice” that privacy-minded Facebook users confronted at that time.

Since then — in 2014, to be specific — Facebook has decoupled some of these privacy settings: Now you can show your friends your birthday but hide it from your friends’ apps. The screenshot below shows what the controls look like today. I’ve turned off all access, but the default setting is that every piece of data you see listed here is something that your friends’ apps learn about you:

Whether or not you’re comfortable with Facebook having all this data about you, you should definitely not trust third-party app developers with it. Facebook does a cursory check of apps to make sure they meet requirements like not crashing, but there is essentially no vetting of the individuals behind the apps to ensure that they are trustworthy, or even know what they’re doing.

App owners agree to terms of service that prohibit them from, for example, taking every “friends only” post you’ve ever written and posting it publicly. But the apps have this data, and in practice, Facebook has no way to ensure they don’t abuse it. Facebook doesn’t even have a good way to punish violators after the fact, except to ban their apps from collecting new data on Facebook users in the future.

Once the app-makers have the data, Facebook doesn’t have an effective way to get it back. Imagine that 30 years from now an amateur author of an obscure, long-defunct Facebook third-party app dusts off their server and remembers they still have the private data of a million people. Now imagine they use the names and phone numbers — along with years of recorded photos and memories — to defraud now-elderly people by convincingly pretending to be a long-lost acquaintance.

Zuckerberg told senators last week, “It’s not enough to give people control of their information, we have to make sure developers they’ve given it to are protecting it too.” So far, he hasn’t come close to achieving either goal.

Facebook tracks you even if you’re not on Facebook

Over the past few weeks, there have been many stories about people who have decided to reduce their activity on Facebook, or even delete their account altogether. But this is not enough to ensure that Facebook doesn’t continue to collect personal data about you. Here are some examples of ways Facebook gathers data on users — and non-users — that are less obvious than just warehousing what you write and do on the site:

Off-Facebook browsing data: Through use of web browser cookies and tracking “pixels” — tiny images, too small to see, tucked away in a corner of many webpages — Facebook can track your browsing habits even when you are on websites that are not owned or operated by Facebook. For example, NYTimes.com, Huffington Post, Drudge Report, and, yes, Vox all have embedded pixels or social sharing buttons that track which articles you read. This provides websites and their advertisers critical information about audience demographics, size, and whether the ads lead to purchases, but it also provides Facebook with this tracking data.
Non-users’ browser data: Facebook may not know the names of non-users, but using pixels and browser tracking, they can still accumulate a demographic profile based on their use of other websites — like news and shopping — that Facebook sees their device repeatedly visit. Facebook can then suggest ads that appear on those other sites that are tailored to the person’s interests, all without that person ever having visited Facebook or created an account.
Non-users’ friend networks: Facebook not only knows what non-users read and buy online, but the company may also have a pretty good idea who their friends are. That’s because someone using Facebook’s “Find Friends” feature uploads all their contacts, without those friends’ permission. (This is not unlike the pre-2014 app problem.) Each time someone who isn’t on Facebook is listed among those contacts, Facebook learns more about their social and business ties.
Facial recognition: If your face has appeared in group photos that have been posted to Facebook, the website learns to recognize you with biometric facial analysis. Facebook can then track who you spend time with by analyzing photos, whether or not you’ve been tagged in them. And if those photos have GPS tags attached, they’ll have your location data as well.

Given the near monopoly Facebook enjoys on what is now a key piece of infrastructure in our global society, protecting our data is essential. I’ve heard many friends tell me that recent revelations about privacy problems have made them feel ashamed of their social media use, or ashamed that they find the idea of quitting to be overwhelmingly difficult, or ashamed that their attempt at giving up Facebook for Lent fell apart only a few days in.

I don’t think anyone should feel ashamed of wanting to be connected to their friends and family. A better answer than disconnecting from each other is to ensure that those who connect us do so safely and responsibly.

Cynthia Lee is a lecturer in the computer science department at Stanford. She founded the website Peer Instruction for Computer Science to support educators in flipping their computer science classrooms using peer instruction. She has a PhD in high-performance computing.

The Big Idea is Vox’s home for smart discussion of the most important issues and ideas in politics, science, and culture — typically by outside contributors. If you have an idea for a piece, pitch us at thebigidea@vox.com.

James Damore has sued Google. His infamous memo on women in tech is still nonsense.

2018-01-08T16:50:04-05:00

James Damore, the man fired by Google last year after he wrote a memo arguing that there may be biological reasons why women are underrepresented at Google and other tech companies, has sued his former employer. The suit alleges that Google systematically discriminates against conservative white men, The Verge reports. In August, Cynthia Lee rebutted the memo that made Damore a cause célèbre in some corners of the right:

I’m a lecturer in computer science at Stanford. I’ve taught at least four different programming languages, including assembly. I’ve had a single-digit employee number in a startup. Yes, I’m a woman in tech.

I have known, worked for, and taught countless men who could have written the now-infamous Google “manifesto” — or who are on some level persuaded by it. Given these facts, I’d like to treat it — and them — with some degree of charity and try to explain why it generated so much outrage.

At the outset, it must be conceded that, despite what some of the commentary has implied, the manifesto is not an unhinged rant. Its quasi-professional tone is a big part of what makes it so beguiling (to some) and also so dangerous. Many defenders seem genuinely baffled that a document that works so hard to appear dispassionate and reasonable could provoke such an emotional response. (Of course, some see that apparent disconnect not as baffling, but as a reason to have contempt for women, who in their eyes are confirming the charge that they are more emotional and less quantitative in their thinking.)

The memo, for instance, begins by listing “biases” of people on both the “left” (“compassion for the weak”) and “right” (“respect for the strong/authority”).

And, indeed, the concerns the manifesto articulates about imbalance in political leanings at Google are easy enough to nod along to. (“Alienating conservatives is both non-inclusive and generally bad business.”) Much of the science it cites, too, has at least some grounding in peer-reviewed research, even if the author’s conclusions are not justified by the findings, failing to adequately account for sociological and other factors.

The author, James Damore, even precedes his now-notorious list of biologically driven “personality differences” with this caveat: “[Y]ou can’t say anything about an individual given these population level differences.”

But then he continues: “Women generally … have a stronger interest in people rather than things, relative to men”; and that this may “in part explain why women relatively prefer jobs in social or artistic areas.” He suggests that female extraversion tends to be “expressed as gregariousness rather than assertiveness,” which helps explain why women have a harder time “asking for raises, speaking up, and leading.”

Why do women report higher levels of anxiety at Google, according to the manifesto? Because of their gender’s higher levels of “neuroticism.” The stress of being a minority demographic in a sometimes-hostile environment is not acknowledged as a contributor.

“Note that these are just average differences,” the manifesto reiterates, soothingly, “and there’s overlap between men and women.” Here again, this studious dispassion and showy air of reasonableness create cover for the memo’s defenders. They have been vociferously arguing online that women at Google are not “average” and so they should not be offended by the manifesto’s litany of citations to studies of the “average” woman’s deficiencies.

So why all the outrage? A few reasons:

1) Fatigue

It’s important to appreciate the background of endless skepticism that every woman in tech faces, and the resulting exhaustion we feel as the legitimacy of our presence is constantly questioned. I could fill a memoir with examples just from my own life, but the manifesto led to a few more instances. After one man on Twitter repeated that it was irrational for any one woman to take offense at a discussion of women’s characteristics “on average,” I responded:

View Link

That tweet captures a lifetime of being a woman in tech. (A subsequent tweeter said that, my CV notwithstanding, the “jury’s still out” on whether I’m qualified.)

To be a woman in tech is to know the thrill of participating in one of the most transformative revolutions humankind has known, to experience the crystalline satisfaction of finding an elegant solution to an algorithmic challenge, to want to throw the monitor out the window in frustration with a bug and, later, to do a happy dance in a chair while finally fixing it. To be a woman in tech is also to always and forever be faced with skepticism that I do and feel all those things authentically enough to truly belong. There is always a jury, and it’s always still out.

When men in tech listen to the experiences of women in tech, they can come to understand how this manifesto was throwing a match into dry brush in fire season.

2) Women’s resistance to the “divide and conquer” strategy

The manifesto’s sleight-of-hand delineation between “women, on average” and the actual living, breathing women who have had to work alongside this guy failed to reassure many of those women — and failed to reassure me. That’s because the manifesto’s author overestimated the extent to which women are willing to be turned against their own gender.

Speaking for myself, it doesn’t matter to me how soothingly a man coos that I’m not like most women, when those coos are accompanied by misogyny against most women. I am a woman. I do not stop being one during the parts of the day when I am practicing my craft. There can be no realistic chance of individual comfort for me in an environment where others in my demographic categories (or, really, any protected demographic categories) are subjected to skepticism and condescension.

3) The author cites science about “averages.” But Google isn’t average.

I called the manifesto’s citations to findings about “average” women a “sleight of hand” for a very specific reason: While he dutifully includes that limiting language when making the citations, the policies he goes on to advance in the memo have no mathematically rigorous connection to those averages. He is deploying these dispassionate facts to argue for ending Google’s attempts at creating a fair and broadly welcoming working environment.

(I cannot judge what the author’s motives might be in adopting this rhetorical strategy: It could be cynical and strategic, or, as I suspect, the author may simply be very, very naïve.)

The author was not simply listing various items of scientific news at random, for the reader’s information only. He was building a case for ending specific, real programs that affect very real people. If his proposals were adopted, it wouldn’t be some abstract concept of “average” that doesn’t get a scholarship, it would be an actual individual woman. It would be an actual female Googler who doesn’t get to attend the Grace Hopper Conference, which provides many women with their first experience of being in a majority-women tech conference space.

If, as the manifesto’s defenders claim, the population averages do not have anything to say about individual Googlers, who are all exceptional, then why is Google the subject of the manifesto’s arguments at all? What do averages have to do with hiring practices at a company that famously hires fewer than one percent of applicants? In the name of the rational empiricism and quantitative rigor that the manifesto holds so dear, shouldn’t we insist that it only cite studies that specifically speak to the tails of the distribution — to the actual pool of women Google draws from?

For example, we could look to the percentage of women majoring in computer science at highly selective colleges and universities. Women currently make up about 30 percent of the computer science majors at Stanford University, one key source of Google’s elite workforce. Harvey Mudd College, another elite program, has seen its numbers grow steadily for many years, and is currently at about 50 percent women in their computer science department.

Yet Google’s workforce is just 19 percent female. So even if we imagine for a moment that the manifesto is correct and there is some biological ceiling on the percentage of women who will be suited to work at Google — less than 50 percent of their workforce — isn’t it the case that Google, and tech generally, is almost certainly not yet hitting that ceiling?

In other words, it is clear that we are still operating in an environment where it is much more likely that women who are biologically able to work in tech are chased away from tech by sociological and other factors, than that biologically unsuited women are somehow brought in by overzealous diversity programs.

4) Race

It is striking to me that the manifesto author repeatedly lists race alongside gender when listing programs and preferences he thinks should be done away with, but, unlike gender, he never purports to have any scientific backing for this. The omission is telling. Would defenders of the memo still be comfortable if the author had casually summarized race and IQ studies to argue that purported biological differences — not discrimination or unequal access to education — explained Google’s shortage of African-American programmers?

5) The author says he’s open to diversity, yet no real-world diversity-enhancing program meets his standards

Many defenders of the manifesto have eagerly, and, as far as I can tell, earnestly, pointed me to the manifesto writer’s frequent claims to support diversity in the abstract, as if these are supposed to be reassuring. (“I value diversity and inclusion, am not denying that sexism exists. …”) They are not reassuring. The object of his memo is to end programs at Google that were designed, with input from a great many people who are educated and focused on this issue, to improve diversity. If those programs are killed, absent a commensurate effort to create replacement programs that have plausible ability to be at least as effective, the result is to harm diversity at Google.

He does make some recommendations, but they range from impotent (“Make tech and leadership less stressful”) to hopelessly vague (“Allow those exhibiting cooperative behavior to thrive”) to outright hostile (“De-emphasize empathy”).

In the end, focusing the conversation on the minutiae of the scientific claims in the manifesto is a red herring. Regardless of whether biological differences exist, there is no shortage of glaring evidence, in individual stories and in scientific studies, that women in tech experience bias and a general lack of a welcoming environment, as do underrepresented minorities. Until these problems are resolved, our focus should be on remedying that injustice. After that work is complete, we can reassess whether small effect size biological components have anything to do with lingering imbalances.

For today — given what women in tech have had to deal with over the past week — try pouring a cup of coffee for a female coder in your office, and asking her about the most interesting bug she’s seen lately.

Cynthia Lee is a lecturer in the computer science department at Stanford. She founded peerinstruction4cs.org to support educators in flipping their computer science classrooms using peer instruction. She has a PhD in high-performance computing.