Leaked document indicates Facebook has little insight into how user data is handled

Facebook is reportedly unable to account for much of the personal user data under its ownership, including what it is being used for and where it’s located, according to an internal report leaked to Motherboard.

Privacy engineers on Facebook’s Ad and Business Product team wrote the report last year, intending it to be read by the company’s leadership. It detailed how Facebook could address a growing number of data usage regulations, including new privacy laws in India, South Africa and elsewhere. The report’s authors described a platform often in the dark about the personal data of its estimated 1.9 billion users.

The engineers warned that Facebook would have difficulty making promises to countries on how it would treat the data of its citizens. “We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose,’” wrote the report’s authors. “And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.”

Facebook’s main obstacle to tracking down user data appears to be the company’s lack of “closed-form” systems, the report states. In other words, the company’s data systems have “open borders” that mix together first-party user data, third-party user data and sensitive data. To describe how difficult it is to track down specific Facebook’s data, the report’s authors came up with the metaphor of pouring a bottle of ink into a lake… and then trying to get it back in the bottle:

“This bottle of ink is a mixture of all kinds of user data (3PD, 1PD, SCD, Europe, etc.) You pour that ink into a lake of water (our open data systems; our open culture) … and it flows … everywhere. How do you put that ink back in the bottle? How do you organize it again, such that it only flows to the allowed places in the lake?”

More succinctly, a former Facebook employee who spoke anonymously to Motherboard said the question of where data goes inside the company is “broadly speaking, a complete shitshow.”

The authors state that Facebook previously had “the ‘luxury’ of addressing [new privacy regulations] one at a time,” like the EU’s GDPR and the California Consumer Privacy Act. But subsequent years brought more data protection legislation from all over the world, including India, Thailand, South Africa and South Korea. The document casts doubt on if Facebook has been able to comply with such legislation, and if it’s equipped to weather the “tsunami” of new laws that make similar restrictions. (A Facebook spokesperson denied to Motherboard that the company is not currently complying with privacy regulations.)

“Considering this document does not describe our extensive processes and controls to comply with privacy regulations, it’s simply inaccurate to conclude that it demonstrates non-compliance,” the spokesperson told Motherboard. New privacy regulations across the globe introduce different requirements and this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations,”

Apple hired the same anti-union law firm as Starbucks: report

Apple hired Littler Mendelson — an anti-union law firm known for high-profile clients such as Starbucks, McDonald’s and Nissan — reportedThe Verge. The decision to retain the firm comes shortly after 100 workers at Apple’s retail location in Atlanta’s Cumberland Mall petitioned the National Labor Relations Board last week to hold a union election. The tech giant has yet to formally respond to the petition. 

Apple workers at the Atlanta retail store are hoping to join the Communications Workers of America. The CWA has played a significant role in organizing tech industry workers in recent months, including its involvement in organizing drives Activision Blizzard subsidiary Raven Software and Verizon Wireless

The Cumberland Mall location is the first Apple Store in the US to file to unionize. But it likely won’t be the last. Earlier this month workers at Apple’s Grand Central location began collecting signatures to start a union. A worker at a New York store told The Verge the company had already begun holding captive audience meetings, a hallmark of union avoidance strategies. 

Hourly workers at Apple retail stores nationwide have complained of low pay, difficult working conditions and few opportunities for advancement. Many Apple employees were asked to work long hours or overtime during the pandemic, often at risk to their own health. Despite its steady ascent to becoming one of the world’s most profitable companies, the wages of its retail employees have not kept pace with either Apple’s growth or the country’s ballooning inflation, according to workers

“We are fortunate to have incredible retail team members and we deeply value everything they bring to Apple. We are pleased to offer very strong compensation and benefits for full time and part time employees, including health care, tuition reimbursement, new parental leave, paid family leave, annual stock grants and many other benefits,” Apple spokesperson Nick Leahy told The Verge, in a statement that did not in any capacity touch on the company’s relationship with Littler Mendelson. 

“By retaining the notorious union busting firm Littler Mendelson, Apple’s management is showing that they intend to try to prevent their employees from exercising their right to join a union by running the same playbook as other large corporations,” said CWA Secretary-Treasurer Sara Steffens. “The workers at Starbucks, another Littler client, aren’t falling for it and neither will the workers at Apple.”

Are an Apple Store worker thinking about or starting to organize your location? We’d like to hear from you. Download Signal messenger for iOS or Android and send a text confidentially to 646 983 9846.

Reddit launches $1 million fund to support user-driven projects

You’ll finally have a chance to host that r/legaladvice happy hour, or take your friends from r/animalpics to the zoo. Reddit is investing $1 million in its Community Funds program, which aims to help users get their projects and ideas off the ground. 

The program will officially open for applications in June, at which point Reddit’s entire community will be invited to apply. The platform will award anywhere between $1,000 and $50,000 to help users launch their projects, events and other ideas. The only conditions are that the projects benefit a certain Reddit community and don’t promote an outside company, product or project. Other than that, the sky appears to be the limit. Reddit lists several example projects, including online conferences, talks, outdoor festivals, concerts, workshops, magazines and short films.

Reddit first tested out the Community Funds concept last October, with a pilot run that funded 13 different projects, including a community billboard contest, a digital conference for historians, Christmas gifts for families undergoing financial difficulties and a comic book contest.

“Community Funds aligns with our mission of bringing community, belonging, and empowerment to everyone in the world. We believe that empowering communities to do more by awarding funds to support their best ideas is one way we can accomplish this,” said Reddit in its blog post announcing the program.

Projects will be selected based on their “creativity, feasibility, and community impact”, according to Reddit. Interested applicants should look out for more submission details and guidelines from Reddit, which it plans to release in the upcoming weeks. 

OnlyFans temporarily halts services for Russian creators

OnlyFans has temporarily paused accounts and payments for its Russian creators, reportedMotherboard. The UK-based platform — up until now — was one of the few Western tech companies to keep its door open to Russian users. Although OnlyFans momentarily blocked access to Russian creators in February, it soon restored the accounts, saying that full functionalities would be available “as long as we have the payment methods to support them.”

But now even tighter payment restrictions appears to have forced OnlyFans’ hand.

“OnlyFans is a creator first business. Over the past few months we have explored several options to continue providing our services to creators impacted by the Russia / Ukraine war. However, due to a further tightening of payment restrictions to and from Russia, OnlyFans can no longer properly serve our Russian creator community. As a result, we are taking steps to temporarily pause accounts where payments are received in Russia. We have asked impacted creators to contact support@onlyfans.com who can help address any queries regarding their accounts,” said a statement provided to Motherboard by OnlyFans.

It’s unclear if OnlyFans users in Russia can still access their accounts and pay for services on the platform. Engadget has reached out for clarification and will update if we hear back.

Spending and earning money in Russia has become even more difficult in recent weeks as countries continue to pile on sanctions. Russian creators and merchants have been barred from making money on a number of Western platforms, including Twitch, YouTube, Etsy, Fiverr and Meta-owned Instagram and Facebook. Visa, Paypal, American Express and Mastercard have suspended operations in the country, making it impossible for many Russians to receive or send foreign payments. A partial SWIFT ban on Russia means that a number of its major banks are unable to make transactions with the rest of the world.

FCC wants to fine wireless carrier Truphone for ties to Russian oligarchs

The FCC’s crackdown on Russian ties to US telecom is making headway. The agency voted today to fine Montana-based wireless carrier Truphone for not disclosing that it is indirectly owned by Russian oligarchs, reportedReuters. Any company with an FCC common carrier license has to receive approval from the agency before letting a foreign entity hold more than 25 percent of its equity or voting interests. For violating that rule, the agency proposed a fine of $660,639 and is requiring Truphone to repeat parts of the FCC’s vetting process.

The ownership of Truphone and control of its FCC licenses were repeatedly transferred to foreign entities without proper vetting by the FCC, according to a press release

FCC Commissioner Geoffrey Starks told Reuters that the company has been indirectly owned by “a small group of Russian oligarchs since at least 2011 … With the importance of the internet and the shifting national security environment facing our nation, protecting our communications networks has never been more critical.”

One of those Russian oligarchs is Chelsea Premier League football club owner Roman Abramovich, who has been sanctioned by the UK, EU and Canada. Truphone raised $200 million from funds owned by Russian oligarch Roman Abramovich, making him a minority owner. The company acknowledged its ties to Abramovich in a statement back in April, and said an outside advisory firm would be reviewing its strategic operations.

Truphone is only the latest company to fall under FCC scrutiny. Last month the agency put Russian cyber firm Kaspersky Labs on its national security threat list, meaning that US firms are banned from using FCC subsidies to pay for its services.

Judge dismisses class-action against Activision Blizzard’s sexual harassment probe

A California judge today granted Activision’s motion to dismiss a class-action lawsuit filed by investors who asserted the company misled them about sexual harassment allegations at the company, including probes by the Equal Employment Opportunity Commission (EEOC) and California’s Department of Fair Employment and Housing (DFEH). First reported by Bloomberg Law, the judge ruled that the plaintiffs failed to meet the threshold to pursue their claims under federal securities law.

First filed in August 2021 by a group of individual investors that includes Jeff Ross and Gary Cheng, they allege the EEOC and DFEH probes were intentionally downplayed by Activision in SEC filings, which calling them “routine”. But the judge argued these investors’ claims to be an example of “fraud-by-hindsight,” wherein companies which suffer bad outcomes are unfairly accused of having been able to predict them.

“Plaintiffs contend that the media’s reaction to news of the regulatory investigations and Defendants’ statement in response to the DFEH Action ‘belies any notion’ that the regulatory investigations were ordinary or routine. But such allegations constitute ‘fraud-by-hindsight’ and absent particularized, temporal facts, are insufficient to support a claim of securities fraud,” wrote Judge Percy Anderson of the US District Court of the Central District of California.

A US district court recently approved an $18 million dollar settlement between the videogame company and the EEOC. The lawsuit by California’s DFEH is still pending. While the motion to dismiss is a setback for the investors, they have 30 days to file an amended complaint.

Garmin unveils new Vívosmart fitness tracker after nearly four years

Garmin has launched the latest iteration of the Vívosmart fitness tracker, the long-awaited Vívosmart 5. It’s been nearly four years since Garmin released the previous iteration of the Vívosmart, and for the most part, the new model doesn’t fix what wasn’t broken. It still has the same slim appearance as its predecessor, albeit with a much larger OLED screen and an interchangeable band. 

Unlike older models, the Vívosmart has a connected GPS, so it can connect to your smartphone to track the distance, speed and pace of your runs and bike rides. It includes 14 different modes for activity tracking, including everything from yoga to HIIT workouts to breathwork.

For those who need more than the basics, the Vívosmart 5’s lack of ECG sensors and built-in GPS may be a dealbreaker. Fitness trackers have only grown more advanced since Garmin released the Vívosmart 4 in 2018. The latest models from Apple and Fitbit are packed with multiple health-tracking features, GPS support and state-of-the-art sensors. Garmin’s pricier models include bells and whistles like the Fenix 7‘s multi-LED flashlight and the Instinct 2’s solar charging ability. But for those looking for a solid wearable that can track activity levels, sleep, menstrual cycles, blood oxygen levels and stress, the Vívosmart 5 could be a strong contender.

The Vívosmart 5’s battery claims to last for 7 days on a single charge, but that’s only if you don’t enable the pulse ox or sleep tracking features. It is both swim- and shower-proof, and the silicon band is available in three different colors: cool mint, black and white. The Vívosmart 5 retails for $150, putting it roughly at the same price point as the latest Fitbit Charge and a number of Garmin watches, including the Forerunner 45S.