The IT Nerd

First Donald Trump got his Twitter account back. And now Facebook and Instagram are doing the same thing:

Nick Clegg, president of global affairs at Meta, which owns Facebook and Instagram, said Trump’s accounts will be reinstated “in the coming weeks” and come with “new guardrails in place to deter repeat offenses.”

Those guardrails will include “heightened penalties for repeat offenses — penalties which will apply to other public figures whose accounts are reinstated from suspensions related to civil unrest under our updated protocol. In the event that Mr. Trump posts further violating content, the content will be removed and he will be suspended for between one month and two years, depending on the severity of the violation,” Clegg said on the company’s website.

A spokesperson for Trump did not immediately respond to a request for comment.

It will be interesting to see if whatever “guardrails” Meta has will actually moderate Trump’s behaviour. And that assumes that his agreement with his own social media platform Truth Social doesn’t get in the way of this. This might be interesting to watch and see how Trump plays this.

Meta is in trouble again and potentially having to cut a big cheque as a result. This time they got nailed by the EU for the following reasons:

A top European Union privacy regulator ruled that Meta Platforms Inc. can’t use its contracts with Facebook and Instagram users to justify sending them ads based on their online activity, delivering one of the bloc’s biggest blows yet to the digital advertising industry.

Meta, the parent of Instagram and Facebook, said it disagrees with the ruling and plans to appeal it. The ruling was announced Wednesday by Ireland’s Data Protection Commission.

The agency imposed fines of 390 million euros ($414 million) on Meta, saying that the company violated EU privacy laws by saying such ads are necessary to execute contracts with users.

Litigation could take years, but if the decisions are upheld, they could mean that Meta will have to allow users to opt out of ads that are based on how individual users interact with its own apps–something that could hurt one of its core businesses.

So why would Meta appeal this? Well it’s because ads are its business and anything that interferes with that is a 9-1-1 type of emergency. So they really have no choice. But this is the latest EU fine that Meta has been served with. You have to wonder how many more of these that Meta will get hit with before they alter how they do business. If they can actually alter how they do business.

Ireland’s Data Protection Commission (DPC) has fined Meta $265 million USD for a data breach that affected millions of Facebook users in 2021. This information from ‘scraped data’ included phone numbers, Facebook IDs, names, locations, DOBs and email addresses.

The DPC commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet. The scope of the inquiry concerned an examination and assessment of Facebook Search, Facebook Messenger Contact Importer and Instagram Contact Importer tools in relation to processing carried out by Meta Platforms Ireland Limited (‘MPIL’) during the period between 25 May 2018 and September 2019. The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default.  The DPC examined the implementation of technical and organisational measures pursuant to Article 25 GDPR (which deals with this concept).

John Stevenson, Product Director, Cyren had this to say:

“Every single one of the 533m Facebooks users whose information was published on hacking forums faced potential follow-up phishing scams exploiting their exposed PII in the pursuit of more valuable credentials. 

So, whilst the initial data leak was back in 2021, it’s nonetheless encouraging to see fines being issued retrospectively. Hopefully, the consequences here will encourage other enterprises to comply to cyber regulations and follow best practices to avoid a mercenary penalty in future, particularly given cyber insurers increasingly setting a higher bar for due diligence to avoid extortionate payouts like this one.”

Besides other enterprises complying with cyber regulation. I hope that this encourages Facebook to play by the rules for fear of being punished heavily. $265 million USD is a non-trivial amount of money, and I hope it gets their attention.

We were waiting for the axe to fall on Meta employees after rumours of thousands of job cuts surfaced. And now the axe has fallen:

Meta will lay off more than 11,000 employees, CEO Mark Zuckerberg told workers in a message on Wednesday. 

The layoffs will reduce the company’s workforce by about 13%, according to Meta, the parent company of Facebook, Instagram and WhatsApp. 

“I want to take accountability for these decisions and for how we got here,” Zuckerberg told employees. “I know this is tough for everyone, and I’m especially sorry to those impacted.” 

Zuckerberg said the development follows his decision to “significantly increase our investments” at the start of the pandemic. He told employees he made that decision based on the belief that e-commerce would continue to grow and provide a strong source of revenue post-pandemic — a prediction that turned out to be wrong, he said.

This is still a developing story so I will be interested to see where these cuts hit. For example, will this affect his Metaverse project? Or is that a sacred elephant that won’t be touched? Knowing details like that will give insight into where Meta is as a company, and what is important to them.

Stay tuned for more details as the come.

The word on the street is that Meta who owns Facebook is planning to lay off thousands this week. This story has the details as we know them:

Meta is thought to be considering making thousands of employees redundant with an announcement planned as soon as Wednesday, the Journal reports.

Sources told the outlet that employees had been instructed to cancel all nonessential travel beginning this week.

At the end of September, Meta reported that it had a total of 87,000 employees.

Meta declined The Independent’s request for comment.

The company’s shares fell off a cliff as they had a weak quarter. Thus this isn’t all that surprising. It will be interesting to see what parts of Meta get affected as that will give a lot of insight into what Mark Zuckerberg thinks is important, and what he thinks he can dispose of.

I’ll be watching closely.

Earlier this week, I told you about Meta sending notifications to roughly a million people that they Facebook accounts were compromised by account login stealing malware that are in the Google Play Store and Apple App Store. Well, Meta has filed a lawsuit against several Chinese developers doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and deploying this malware starting May 2022. You can read the full details of the lawsuit here. But here are the highlights. According to Meta:

• The threat actors created this malware and posted them on their own website, as well as the Google Play Store and other Android app download sites.
• Once the apps were downloaded and installed, the users were prompted to enter their WhatsApp user credentials and authenticate their WhatsApp access on these applications.
• The credentials were then sent to the threat actors.
• Meta worked with Google to take out these apps.
• Meta is suing the developers for breaching WhatsApp’s terms of use and Meta’s developer agreement.

Now I seriously doubt that Meta will get a cent from these developers as it is highly unlikely the Chinese government will assist a US court in holding its citizens responsible for something like this. But that’s not the point of this lawsuit. It’s meant to send a message that Meta will come after anyone who does anything to harm the company or its users. And I for one hope that this is the first of many lawsuits filed to go after threat actors like these as it will place pressure on the Chinese government to deal with these threat actors or risk losing respect in the international community.

Meta/Facebook has put out a security warning to around one million users that their login credentials may have been stolen by scam apps. That’s a bad look for Facebook. But it’s a worse look for Google and Apple where there’s apps have been hosted. Here’s the details:

Meta is warning 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Google’s stores. In a new report, the company’s security researchers say that in the last year they’ve identified more than 400 scammy apps designed to hijack users’ Facebook account credentials.

According to the company, the apps are disguised as “fun or useful” services, like photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools. The apps often require users to “Log In with Facebook” before they can access the promised features. But these login features are merely a means of stealing Facebook users’ account info. And Meta’s Director of Threat Disruption, David Agranovich, noted that many of the apps Meta identified were barely functional.

“Many of the apps provided little to no functionality before you logged in, and most provided no functionality even after a person agreed to login,” Agranovich said during a briefing with reporters.

And if you’re wondering how Facebook is addressing this, here’s how:

Agranovich said that Meta shared its findings with both Apple and Google, but that it was ultimately up to the stores to ensure the apps are removed. In the meantime, Facebook is pushing warnings to 1 million people who may have used the apps. The notifications inform users their account info may have been compromised by an app — it doesn’t name which one — and recommends resetting their passwords.

Thus if you get a warning like this, don’t ignore it. But Apple and Google who let these apps on their respective app stores need to get their act together to stop this sort of thing from happening. Specifically Apple as the company has always argued that the App Store is a safe place. But this incident proves otherwise. And I am sure some people on Capitol Hill will want to get answers about that sooner rather than later.

Patterns has published a peer-reviewed study on data from digital tools related to health being tracked and used on Facebook for ad purposes. The following digital health tools used third-party ad trackers to follow patients online and market to them based on their activity:

• Color Genomics
• Myriad Genetics
• Invitae
• Health Union
• Ciitizen

Yaric Shivek, VP of Product for Neosec had this comment:

     “There is always a balance between the requirement to market a product to prospects and the security of personal data. And in certain industries, like finance and healthcare this balance is governed by compliance and the requirement to protect personal data is paramount. Ad tracking is where this balance is problematic. Most of us wouldn’t install a piece of adware on our laptop, and yet it seems that ad trackers are installed on sensitive healthcare websites, giving advertisers visibility into our transactions on these websites. This seems to circumvent HIPAA compliance. You’d hope that security permissions are more orderly in the world of APIs, but while electronic health records (EHR) companies take protecting your sensitive healthcare data seriously, this data is often being insecurely disseminated by 3rd-party aggregators and apps, whose vulnerable APIs can be easily exploited. This connected world of APIs and apps is only as strong as the weakest link. What good is a bank safe, if your courier gets robbed the minute they walk out of the bank with your cash?”

Chris Olson, CEO of The Media Trust adds this comment:

     “Data privacy violations are one of many risks associated with unsupervised third-party code like ad trackers, content recommendation algorithms, shopping cart plugins, and more. Today, up to 90% of the code across consumer-facing websites is provided by third parties – even privacy-conscious companies are often unaware of their activities which can lead to data breaches, phishing attacks and worse.

Complacency is no longer an option – in the face of emerging data privacy legislation and rising cyber risk, organizations need to commit to the digital safety of their customers by taking control of their online domains and carefully vetting third-party vendors for risky activity. This is especially true for companies that collect sensitive and personally identifiable information (PII) like health data.”

Somehow I am not shocked that Facebook is in the middle of this as you are the product when you use Facebook. And it proves that more needs to be done to rein in Facebook’s activities so that everyone’s privacy is protected.

Facebook continues to hit new lows with their behaviour. And today’s new low is this paywalled Washington Post story (Non paywalled source here) that details how Facebook used the services of a firm linked to the Republican Party to trash TikTok:

Employees with the firm, Targeted Victory, worked to undermine TikTok through a nationwide media and lobbying campaign portraying the fast-growing app, owned by the Beijing-based company ByteDance, as a danger to American children and society, according to internal emails shared with The Washington Post.

Targeted Victory needs to “get the message out that while Meta is the current punching bag, TikTok is the real threat especially as a foreign owned app that is #1 in sharing data that young teens are using,” a director for the firm wrote in a February email.

Campaign operatives were also encouraged to use TikTok’s prominence as a way to deflect from Meta’s own privacy and antitrust concerns.

“Bonus point if we can fit this into a broader message that the current bills/proposals aren’t where [state attorneys general] or members of Congress should be focused,” a Targeted Victory staffer wrote.

The emails, which have not been previously reported, show the extent to which Meta and its partners will use opposition-research tactics on the Chinese-owned, multibillion-dollar rival that has become one of the most downloaded apps in the world, often outranking even Meta’s popular Facebook and Instagram apps. In an internal report last year leaked by the whistleblower Frances Haugen, Facebook researchers said teens were spending “2-3X more time” on TikTok than Instagram, and that Facebook’s popularity among young people had plummeted.

So, because Facebook was losing teens to TikTok, Facebook decided to use very underhanded tactics to fight back rather than improve their product so that it would be more appealing to teens. That illustrates what sort of company Facebook is. It also underlines why people should #DeleteFacebook. Clearly they are not any sort of company that has ethics, decency, or any sort of moral compass. Though at this point, everyone should know that.