Facebook bug exposed up to 6.8M users’ unposted photos to apps

Reset the “days since the last Facebook privacy scandal” counter, as a Facebook has just revealed a Photo API bug gave app developers too much access to the photos of up to 5.6 million users. The bug allowed apps users had approved to pull their timeline photos to also receive their Facebook Stories, Marketplace photos, and most worryingly, photos they’d uploaded to Facebook but never shared. Facebook says the bug ran for 12 days from September 13th to September 25th.

Facebook initially didn’t disclose when it discovered the bug, but in response to TechCrunch’s inquiry, a spokesperson says that it was discovered and fixed on September 25th. They say it took time for the company to investigate whch apps and people were impacted, and build and translate the warning notification it will send impacted users. The delay could put Facebook at risk of GDPR fines for not promptly disclosing the issue within 72 hours that can go up to 20 million pounds or 4 percent of annual global revenue.

Facebook provided merely a glib “We’re sorry this happened” in terms of an apology. It will provide tools next week for app developers to check if they were impacted and it will work with them to delete photos they shouldn’t have. The company plans to notify people it suspects may have been impacted by the bug via Facebook notification that will direct them to the Help Center where they’ll see if they used any apps impacted by the bug. It’s recommending users log into apps to check if they have wrongful photo access. Here’s a look at a mockup of warning notifcation users will see:

Facebook tells me the bug did not impact photos privately shared through Messenger. The bug wouldn’t have exposed photos users never uploaded to Facebook from their camera roll or computer. But photos users uploaded but either decided not to post, that got interrupted by connectivity issues, or that they otherwise never finished sharing could have winded up with app developers.

The privacy failure will further weaken confidence that Facebook is a reponsible steward for our private data. It follows Facebook’s massive security breach that allowed hackers to scrape 30 million people’s information back in September. There was also November’s bug allowing websites to read users’ Likes, October’s bug that mistakenly deleted people’s Live videos, and May’s bug that changed people’s status update composer privacy settings. It increasingly looks like the social network has gotten too big for the company to secure. Curiously, Facebook discovered the bug on September 25th, the same day as its 30 million user breach. Perhaps it kept a lid on the situation in hopes of not creating an even bigger scandal.

That it keeps photos you partially uploaded but never posted in the first place is creepy, but the fact that these could be exposed to third-party developers is truly unacceptable. And it seems Facebook is so tired of its failings that it couldn’t put forward even a seemingly heartfelt apology is telling. This company’s troubles are not only souring users on Facebook, but employees and the tech industry as large as well. CEO Mark Zuckerberg told Congress earlier this year that “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.” What does Facebook deserve at this point?


Source: https://techcrunch.com/2018/12/14/facebook-photo-bug/

Advertisements

Facebook Portal adds games and web browser amidst mediocre Amazon reviews

After receiving a flogging from privacy critics, Facebook is scrambling to make its smart display video chat screen Portal more attractive to buyers. Today Facebook is announcing the addition a of a web browser, plus some of Messenger’s Instant Games like Battleship, Draw Something, Sudoku, and Words With Friends. ABC News and CNN are adding content to Portal, which now also has a manual zoom mode for its auto-zooming smart camera so you can zero in on a particular thing in view. Facebook has also added new augmented reality Story Time tales, seasonal AR masks, in-call music sharing through iHeartRadio beyond Spotify and Pandora that already offer it, and nickname calling so you can say “Hey Portal, call Mom.”

But the question remains who’s buying? Facebook is already discounting the 10-inch screen Portal and 15-inch Portal+. Formerly $100 off if you buy two, Facebook is still offering $50 off just one until Christmas Eve as part of a suspiciously long Black Friday Sale. That doesn’t signal this thing is flying off the shelves. We don’t have sales figures, but Portal has a 3.4 rating on Amazon while Portal+ has a 3.6 — both trailing the 4.2 rating of Amazon’s own Echo Shows 2. Users are griping about the lack of Amazon Video support for Ring doorbells, not receiving calls, and of course the privacy implications.

Personally, I’ve found Portal+ to be competent in the five weeks since launch. The big screen is great as a smart photo frame and video calls look great. But Alexa and Facebook’s own voice assistant have a tough time dividing up functionality, and sometimes I can’t get either to play a specific song on Spotify, pause or change volume, or other activities my Google Home has no trouble with. Facebook said it was hoping to add Google Assistant to Portal but there’s no progress on that front yet.

The browser will be a welcome addition, and allow Facebook to sidestep some of the issues around its thin app platform. While it recently added a Smart TV version of YouTube, now users can access lots of services without those developers having to commit to building something for Portal given its uncertain future.

The hope seems to be that mainstream users who aren’t glued to the tech press where Facebook is constantly skewered might be drawn in by these device’s flashy screens and the admittedly impressive auto-zooming camera. But to overcome the brand tax levied by all of Facebook’s privacy scandals, Portal must be near perfect. Without the native apps for popular video providers like Netflix and Hulu, consistent voice recognition, and more unique features missing from competing smart displays, the fear of Facebook’s surveillance may be outweighing people’s love for shiny new gadgets.

 


Source: https://techcrunch.com/2018/12/14/facebook-portal-browser/

Jack Dorsey and Twitter ignored opportunity to meet with civic group on Myanmar issues

Responding to criticism from his recent trip to Myanmar, Twitter CEO Jack Dorsey said he’s keen to learn about the country’s racial tension and human rights atrocities, but it has emerged that both he and Twitter’s public policy team ignored an opportunity to connect with a key civic group in the country.

A loose group of six companies in Myanmar has engaged with Facebook in a bid to help improve the situation around usage of its services in the country — often with frustrating results — and key members of that alliance, including Omidyar-backed accelerator firm Phandeeyar, contacted Dorsey via Twitter DM and emailed the company’s public policy contacts when they learned that the CEO was visiting Myanmar.

The plan was to arrange a forum to discuss the social media concerns in Myanmar to help Dorsey gain an understanding of life on the ground in one of the world’s fastest-growing internet markets.

“The Myanmar tech community was all excited, and wondering where he was going,” Jes Kaliebe Petersen, the Phandeeyar CEO, told TechCrunch in an interview. “We wondered: ‘Can we get him in a room, maybe at a public event, and talk about technology in Myanmar or social media, whatever he is happy with?’”

The DMs went unread. In a response to the email, a Twitter staff member told the group that Dorsey was visiting the country strictly on personal time with no plans for business. The Myanmar-based group responded with an offer to set up a remote, phone-based briefing for Twitter’s public policy team with the ultimate goal of getting information to Dorsey and key executives, but that email went unanswered.

When we contacted Twitter, a spokesperson initially pointed us to a tweet from Dorsey in which he said: “I had no conversations with the government or NGOs during my trip.”

https://platform.twitter.com/widgets.js

However, within two hours of our inquiry, a member of Twitter’s team responded to the group’s email in an effort to restart the conversation and set up a phone meeting in January.

“We’ve been in discussions with the group prior to your outreach,” a Twitter spokesperson told TechCrunch in a subsequent email exchange.

That statement is incorrect.

Still, on the bright side, it appears that the group may get an opportunity to brief Twitter on its concerns on social media usage in the country after all.

The micro-blogging service isn’t as well-used in Myanmar as Facebook, which has some 20 million monthly users and is practically the de facto internet, but there have been concerns in Myanmar. For one thing, there was been the development of a somewhat sinister bot army in Myanmar and other parts of Southeast Asia, while it remains a key platform for influencers and thought-leaders.

“[Dorsey is] the head of a social media company and, given the massive issues here in Myanmar, I think it’s irresponsible of him to not address that,” Petersen told TechCrunch.

“Twitter isn’t as widely used as Facebook but that doesn’t mean it doesn’t have concerns happening with it,” he added. “As we’d tell Facebook or any large tech company with a prominent presence in Myanmar, it’s important to spend time on the ground like they’d do in any other market where they have a substantial presence.”

The UN has concluded that Facebook plays a “determining” role in accelerating ethnic violence in Myanmar. While Facebook has tried to address the issues, it hasn’t committed to opening an office in the country and it released a key report on the situation on the eve of the U.S. mid-term elections, a strategy that appeared designed to deflect attention from the findings. All of which suggests that it isn’t really serious about Myanmar.


Source: https://techcrunch.com/2018/12/14/jack-dorsey-twitter-myanmar-civic-group/

3 Big Lessons from Interviewing John Mueller at SearchLove London – Whiteboard Friday

Posted by willcritchlow

When you’ve got one of Google’s most helpful and empathetic voices willing to answer your most pressing SEO questions, what do you ask? Will Critchlow recently had the honor of interviewing Google’s John Mueller at SearchLove London, and in this week’s edition of Whiteboard Friday he shares his best lessons from that session, covering the concept of Domain Authority, the great subdomain versus subfolder debate, and a view into the technical workings of noindex/nofollow.

https://fast.wistia.net/embed/iframe/dyzyhh500a?seo=false&videoFoam=true

https://fast.wistia.net/assets/external/E-v1.js

Click on the whiteboard image above to open a high-resolution version in a new tab!

Video Transcription

Hi, Whiteboard Friday fans. I’m Will Critchlow from Distilled, and I found myself in Seattle, wanted to record another Whiteboard Friday video and talk through some things that I learned recently when I got to sit down with John Mueller from Google at our SearchLove London conference recently.

So I got to interview John on stage, and, as many of you may know, John is a webmaster relations guy at Google and really a point of contact for many of us in the industry when there are technical questions or questions about how Google is treating different things. If you followed some of the stuff that I’ve written and talked about in the past, you’ll know that I’ve always been a little bit suspicious of some of the official lines that come out of Google and felt like either we don’t get the full story or we haven’t been able to drill in deep enough and really figure out what’s going on.

I was under no illusions that I might be able to completely fix this this in one go, but I did want to grill John on a couple of specific things where I felt like we hadn’t maybe asked things clearly enough or got the full story. Today I wanted to run through a few things that I learned when John and I sat down together. A little side note, I found it really fascinating doing this kind of interview. I sat on stage in a kind of journalistic setting. I had never done this before. Maybe I’ll do a follow-up Whiteboard Friday one day on things I learned and how to run interviews.

1. Does Google have a “Domain Authority” concept?

But the first thing that I wanted to quiz John about was this domain authority idea. So here we are on Moz. Moz has a proprietary metric called domain authority, DA. I feel like when, as an industry, we’ve asked Google, and John in particular, about this kind of thing in the past, does Google have a concept of domain authority, it’s got bundled up with feeling like, oh, he’s had an easy way out of being able to answer and say, “No, no, that’s a proprietary Moz metric. We don’t have that.”

I felt like that had got a bit confusing, because our suspicion is that there is some kind of an authority or a trust metric that Google has and holds at a domain level. We think that’s true, but we felt like they had always been able to wriggle out of answering the question. So I said to John, “Okay, I am not asking you do you use Moz’s domain authority metric in your ranking factors. Like we know that isn’t the case. But do you have something a little bit like it?”

Yes, Google has metrics that map into similar things

John said yes. He said yes, they have metrics that, his exact quote was, “map into similar things.”My way of phrasing this was this is stuff that is at the domain level. It’s based on things like link authority, and it is something that is used to understand performance or to rank content across an entire domain. John said yes, they have something similar to that.

New content inherits those metrics

They use it in particular when they discover new content on an existing domain. New content, in some sense, can inherit some of the authority from the domain, and this is part of the reason why we figured they must have something like this, because we’ve seen identical content perform differently on different sites. We know that there’s something to this. So yes, John confirmed that until they have some of those metrics developed, when they’ve seen a bit of content for long enough, and it can have its own link metrics and usage metrics, in the intervening time up until that point it can inherit some of this stuff from the domain.

Not wholly link-based

He did also just confirm that it’s not just link-based. This is not just a domain-level PageRank type thing.

2. Subdomains versus subfolders

This led me into the second thing that I really wanted to get out of him, which was — and when I raised this, I got kind of an eye roll, “Are we really going down this rabbit hole” — the subdomain versus subfolder question. You might have seen me talk about this. You might have seen people like Rand talk about this, where we’ve seen cases and we have case studies of moving blog.example.com to example.com/blog and changing nothing else and getting an uplift.

We know something must be going on, and yet the official line out of Google has for a very long time been: “We don’t treat these things differently. There is nothing special about subfolders. We’re perfectly happy with subdomains. Do whatever is right for your business.” We’ve had this kind of back-and-forth a few times. The way I put it to John was I said, “We have seen these case studies. How would you explain this?”

They try to figure out what belongs to the site

To his credit, John said, “Yes, we’ve seen them as well.” So he said, yes, Google has also seen these things. He acknowledged this is true. He acknowledged that it happens. The way he explained it connects back into this Domain Authority thing in my mind, which is to say that the way they think about it is: Are these pages on this subdomain part of the same website as things on the main domain?

That’s kind of the main question. They try and figure out, as he put it, “what belongs to this site.” We all know of sites where subdomains are entirely different sites. If you think about a blogspot.com or a WordPress.com domain, subdomains might be owned and managed by entirely different people, and there would be no reason for that authority to pass across. But what Google is trying to do and is trying to say, “Is this subdomain part of this main site?”

Sometimes this includes subdomains and sometimes not

He said sometimes they determine that it is, and sometimes they determine that it is not. If it is part of the site, in their estimation, then they will treat it as equivalent to a subfolder. This, for me, pretty much closes this loop. I think we understand each other now, which is Google is saying, in these certain circumstances, they will be treated identically, but there are circumstances where it can be treated differently.

My recommendation stays what it’s always been, which is 100% if you’re starting from the outset, put it on a subfolder. There’s no upside to the subdomain. Why would you risk the fact that Google might treat it as a separate site? If it is currently on a subdomain, then it’s a little trickier to make that case. I would personally be arguing for the integration and for making that move.

If it’s treated as part of the site, a subdomain is equivalent to a subfolder

But unfortunately, but somewhat predictably, I couldn’t tie John down to any particular way of telling if this is the case. If your content is currently on a subdomain, there isn’t really any way of telling if Google is treating it differently, which is a shame, but it’s somewhat predictable. But at least we understand each other now, and I think we’ve kind of got to the root of the confusion. These case studies are real. This is a real thing. Certainly in certain circumstances moving from the subdomain to the subfolder can improve performance.

3. Noindex’s impact on nofollow

The third thing that I want to talk about is a little bit more geeked out and technical, and also, in some sense, it leads to some bigger picture lessons and thinking. A little while ago John kind of caught us out by talking about how if you have a page that you no index and keep it that way for a long time, that Google will eventually treat that equivalently to a no index, no follow.

In the long-run, a noindex page’s links effectively become nofollow

In other words, the links off that page, even if you’ve got it as a no index, follow, the links off that page will be effectively no followed. We found that a little bit confusing and surprising. I mean I certainly felt like I had assumed it didn’t work that way simply because they have the no index, follow directive, and the fact that that’s a thing seems to suggest that it ought to work that way.

It’s been this way for a long time

It wasn’t really so much about the specifics of this, but more the like: How did we not know this? How did this come about and so forth? John talked about how, firstly, it has been this way for a long time. I think he was making the point none of you all noticed, so how big a deal can this really be? I put it back to him that this is kind of a subtle thing and very hard to test, very hard to extract out the different confounding factors that might be going on.

I’m not surprised that, as an industry, we missed it. But the point being it’s been this way for a long time, and Google’s view and certainly John’s view was that this hadn’t been hidden from us so much as the people who knew this hadn’t realized that they needed to tell anyone. The actual engineers working on the search algorithm, they had a curse of knowledge.

The curse of knowledge: engineers didn’t realize webmasters had the wrong idea

They knew it worked this way, and they had never realized that webmasters didn’t know that or thought any differently. This was one of the things that I was kind of trying to push to John a little more was kind of saying, “More of this, please. Give us more access to the engineers. Give us more insight into their way of thinking. Get them to answer more questions, because then out of that we’ll spot the stuff that we can be like, ‘Oh, hey, that thing there, that was something I didn’t know.’ Then we can drill deeper into that.”

That led us into a little bit of a conversation about how John operates when he doesn’t know the answer, and so there were some bits and pieces that were new to me at least about how this works. John said he himself is generally not attending search quality meetings. The way he works is largely off his knowledge and knowledge base type of content, but he has access to engineers.

They’re not dedicated to the webmaster relations operation. He’s just going around the organization, finding individual Google engineers to answer these questions. It was somewhat interesting to me at least to find that out. I think hopefully, over time, we can generally push and say, “Let’s look for those engineers. John, bring them to the front whenever they want to be visible, because they’re able to answer these kinds of questions that might just be that curse of knowledge that they knew this all along and we as marketers hadn’t figured out this was how things worked.”

That was my quick run-through of some of the things that I learned when I interviewed John. We’ll link over to more resources and transcripts and so forth. But it’s been a blast. Take care.

Video transcription by Speechpad.com

Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!


Source: https://moz.com/blog/interview-searchlove

Facebook Watch is finally growing as payouts get spread thin

Both Facebook Watch and Instagram’s IGTV have yet to become superstar video platforms, leaving Facebook at risk as more people seek streaming entertainment instead of status updates. So today Facebook is trying to build some buzz for Watch with new stats and rollouts. The free video hub that combines original content, sports, and cult favorite TV shows like Firefly now has 400 million users watching at least one minute per month. That’s not a ton of engagement amongst a wide audience. But on the brighter side there are 75 million users watching at least one minute per day with a much more promising average of 20 minutes per day.

Though that’s just 5 percent of Facebook’s 1.5 billion daily users, it indicates that if Facebook can get people hooked on its ad-supported shows, it could squeeze serious viewing time out of them. Just four months ago, Facebook was saying that only 50 million people spent at least 1 minute per month on Watch, so it’s making strong progress.

Watch is now available worldwide on desktop and Facebook Lite as well as the main Facebook app. And it’s rolling out ad breaks to 40 countries after an initial launch in 5 in August. It’s also renewing four shows for a second season: Huda BossFive PointsSacred Lies & Sorry For Your Loss.

But The Information reports that news media executives feel that while some shows are getting satisfactory viewership, ad revenue has been underwhelming. Six months ago, Facebook commissioned news programs from outlets like CNN and Buzzfeed. Facebook reportedly now plans to pay news video content producers less per show as it seeks to spread the same $90 million budget across more programs, potentially with a greater focus on international markets. That cut-back could make producing some shows tough, but at least the execs believe Facebook understands it must prioritize monetization for its content partners.

To the end, Facebook plans to offer more options for advertisers like more targeting capabilities, and expanding its In-Stream Reserve premium ad inventory inside the top quality Watch shows. For individual video creators, Ad Breaks will become more widely available including within game streams from eSports stars. Facebook is also planning to expand its Brand Collabs Manager to additional countries so creators can get hooked up with sponsorship deals, and let more creators sign up fans for Patreon-style subscription payments.

The viewing stats have likely been bolstered by the addition of all episodes of Joss Whedon’s old TV shows Buffy The Vampire Slayer, Angel, and Firefly that users can binge watch for hours on end. 12 million Watch Party group video sessions have been launched to date, helping shows go viral. Facebook is now testing live picture-in-picture commentating that could let actors host viewing parties that feel like you’re sitting in the living room beside them. Facebook’s VP of video Fidji Simo writes that “With Facebook Watch, we set out to demonstrate what it looks like to build deep bonds through watching online video, instead of just having a passive viewing experience.”

Simo also notes that “People can find videos on Facebook in a number of different places — Watch, News Feed, Search, Pages and more — and all of these can feel different. We want to make the experience of watching video feel immersive no matter where you discovered it. As part of this effort, we’ll be testing a few things in the coming months, like creating a darker background whenever you immerse yourself into a video on mobile.”

Facebook has yet to concentrate its funding on a blockbuster tentpole video series — its Game Of Thrones or House Of Cards. The closest thing it has is the Elizabeth Olsen show Sorry For Your Loss, though viewership has been somewhat weak. Next year Facebook Watch will debut a revived and social media-infused web version of MTV’s Real World. But tapping its deep pockets to pay for one must-see original scripted series could help wedge Watch into people’s lives.


Source: https://techcrunch.com/2018/12/13/facebook-watch-is-finally-growing-as-payouts-get-spread-thin/

Facebook redesigns Life Events feature with animated photos, videos and more

Facebook today announced a redesign of its “Life Events” feature, which allows people to share significant milestones in their life, like an engagement, graduation, a new job, a move to a new city, and more. The feature has existed since the launch of Timeline, but has to date offered a fairly nondescript type of post. Today, that’s changing, Facebook says. Now, users will be able to add animated photos or videos, photos from the people or Page you’ve tagged (like those of your partner or your new workplace), or you you can pick an image from Facebook’s own art collection, if you don’t have your own.

The photos and videos you post will also have subtle animations, like slowly zooming in, to give the post more attention. And you can still pick an icon to represent the life event, as before.

The idea behind the redesign is to give these sorts of posts a better way to stand out from other posts, the company explains

 

Of course, Facebook likely wants to increase the feature’s adoption, too, as it’s a straightforward way to collect profile data on an individual that they may not have otherwise filled out – like where they live, where they work, or their alma mater, for example.

Facebook will also now alert your friends directly when you’ve shared some life events, it says.

For certain types of life events – like changes in your current city, work, education, and relationship status – your friends may receive a notification to let them know about the news. This ensures they won’t miss the update if they were just casually scrolling their News Feed. And it’s a way to make sure the event gets seen by your broader network of Facebook friends – including those acquaintances whose updates don’t regularly show in your News Feed, as Facebook’s algorithms have determined you aren’t close.

In addition, when you react to a life event someone else posted with a like, wow, heart, etc., Facebook now shows all the other reactions from friends alongside your own.

Perhaps most importantly, is that Facebook is finally giving life events a place of importance on users’ profiles.

While the feature for years has been touted as a way to remember significant events, it’s actually been fairly difficult to relocate your older life event posts from years ago. With the update, however, life events will have their own dedicated section on user profiles. (You can opt to hide a life event here by tapping the “…” button then selecting “Hide from Timeline,” if you choose).

This will give people visiting your profile for the first time a way to get to know you, by way of the most important moments you’ve shared through this feature. That may not be something everyone is comfortable with, though, so you’ll want to check to see if there are any older life event posts you need to hide or delete.

The updated life events are rolling out worldwide on iOS, Android and desktop beginning today, and completing in the days ahead.


Source: https://techcrunch.com/2018/12/12/facebook-redesigns-life-events-feature-with-animated-photos-videos-and-more/