All posts in “Privacy”

MoviePass CEO backpedals on location tracking and talks strategy to break even by 2019

In a rare moment of contrition, MoviePass CEO Mitch Lowe admitted misleading both consumers and advertising execs with statements last week that the company tracks the location of users before and after they go to the movies. “We don’t do the things I described,” he told TechCrunch. As for location, “We don’t record it, we don’t save it, we don’t follow it.”

Customers may find this total about-face since last week unconvincing, especially since the company issued an update to the app days after Lowe’s remarks that “removed unused app location capability.”

That too was inaccurate, Lowe told me. “The update didn’t change anything, only the menu options.” He later wrote to the same effect in a blog post on the company’s site.

The way I portrayed what we do is not accurate.

— MoviePass CEO Mitch Lowe

This series of “misstatements,” as Lowe called them, doesn’t inspire confidence in a company that has openly said that it intends to use exactly this kind of data to build a personalized evening out to its customers — courtesy of advertisers who would make offers based on that data, of course.

But Lowe explained that he was the victim of his own excitement. Talking to a crowd of data mongers at the Entertainment Finance Forum, in a talk specifically about monetizing the data MoviePass collects, he claims to simply have gotten ahead of himself and talked about plans as if they were reality.

“Sometimes I get all excited about our future vision of a night at the movies and building an ecosystem around it,” he said. “I need to correct what I said. The way I portrayed what we do is not accurate. I implied we know where you are when you’re on the way to the movies, and that’s not what we do.”

Specifically, he said that the app checks location when the user has the app open in order to find theaters near them, in case they want to look up movie times or the like. Then there’s another location check when the user checks in, to make sure they’re at the theater their ticket is for.

“We only know where they are at that instant. Once they go out of the app, we don’t know where they are. We don’t know where they go afterwards, we don’t record it. That’s all we do, that’s all we’ve ever done.”

I had pointed out earlier that tracking like he had said they did would be a flagrant violation of their own privacy policy, which would put them at risk of lawsuits or even FTC action. Lowe specifically said that they do comply with it; although technically checking in the background for nearby places isn’t listed there (only “a single request for your location” when you check in is), the nearby theaters feature is hardly the kind of invasive data collection about which one would actually complain.

MoviePass Premium?

If the company decides to launch a more comprehensive “night at the movies” service, complete with pre- and post-movie tracking, “we’ll comply by all the rules and acceptable terms by first sending an opt-in or opt-out, explaining in plain English what we are doing with that information.”

As for other changes to the product, Lowe said to expect some new offerings soon.

“There’ll be new stuff in the near future,” he said. “We’ll come out with a premium package, a bring a friend package, a couples package, a family package.”

I’d lay money on some kind of “red carpet” branding. He didn’t detail what these packages would comprise exactly, but he did say that you can expect the original monthly system will be in place for the foreseeable future.

“Most people assume the number of movies our subscribers go to is much higher than it is,” he said, which is consistent with the early adopter pattern of squeezing every last drop of value out of an all-you-can-eat service. He declined to quote actual averages, but said “you’d be shocked at how low it is.”

He said, for instance, many users go from seeing on the order 4 or 5 movies a year to 10 a year — not 10 a month as some believe is the case. The value, he speculated, was in “de-risking” seeing a bad or small movie — which also can increase ticket sales for those films.

Filling the money pit

That said, Lowe pleaded guilty in response to the most frequent and obvious criticism of the service, which is simply that it is losing money at a phenomenal rate and only survives by frequent cash infusions.

“In the old days it was raise a ton of money and then grow a business. Today what you do is you raise enough money month by month to fund essentially that negative cash flow,” he explained — which really is just a nicer way of phrasing the problem. But Lowe compared MoviePass to the likes of Netflix and Spotify, which have taken on huge debt to position themselves to grow and monetize their user base.

Whether the comparison is apt or aspirational depends on MoviePass’s success over the next year; Lowe said “We are 100 percent confident that we have the committed funding… to get to the cash flow break even point, which we believe will be early next year.”

The steps in that plan:

  • Get users to an average of 1.1 movies per month
  • Get average monthly cost of goods (i.e. what MoviePass provides the user) down to $9
  • Generate $6 per user in revenue from advertising and data plays

“Obviously we’re not there yet,” he concluded. But he pointed out that “the cash required is coming down dramatically from what it was even a few months ago.” He later specified in an email that this is from “a combination of revenue from studios and brand partnerships, lower costs of tickets, lower member churn and lower usage.” However, the road to getting a share of concessions — famously the most profitable part of the business — will be a bumpy one, especially given the antagonistic stance MoviePass has taken with industry leaders like AMC.

For now it at least seems safe for consumers to use the app without fear that they are being surreptitiously tracked — any more than they are the rest of their time online, at any rate. 2018 will be the year MoviePass either becomes a major force in the industry or collapses, its expended millions a sad examplar of peak subscription economy.

Featured Image: Bryce Durbin / TechCrunch

MoviePass CEO proudly says the app tracks your location before and after movies

Everyone knew the MoviePass deal is too good to be true — and as is so often the case these days, it turns out you’re not the customer, you’re the product. And in this case they’re not even attempting to camouflage that. Mitch Lowe, the company’s CEO, told an audience at a Hollywood event that “we know all about you.”

Lowe was giving the keynote at the Entertainment Finance Forum; his talk was entitled “Data is the New Oil: How will MoviePass Monetize It?” Media Play News first reported his remarks.

“We get an enormous amount of information,” Lowe continued. “We watch how you drive from home to the movies. We watch where you go afterwards.”

It’s no secret that MoviePass is planning on making hay out of the data collected through its service. But what I imagined, and what I think most people imagined, was that it would be interesting next-generation data about ticket sales, movie browsing, A/B testing on promotions in the app, and so on.

I didn’t imagine that the app would be tracking your location before you even left your home, and then follow you while you drive back or head out for a drink afterwards. Did you?

It sure isn’t in the company’s privacy policy, which in relation to location tracking discloses only a “single request” when selecting a theater, which will “only be used as a means to develop, improve, and personalize the service.” Which part of development requires them to track you before and after you see the movie?

Naturally I contacted MoviePass for comment and will update if I hear back. But it’s pretty hard to misinterpret Lowe’s words.

The startup’s plan is to “build a night at the movies,” perhaps complete with setting up parking or ordering you a car, giving you a deal on dinner before or after, connecting you with like-minded moviegoers, etc. Of course they need data to do that but one would hope that the collection would be a bit more nuanced than this.

People clearly value the service, since it essentially lets them use someone else’s credit card instead of their own at the movies (and one belonging to a bunch of venture capitalists at that). Who would say no? Some people sure might, if they knew their activities were being tracked at this granularity (and, it has to be said, with such a cavalier attitude) to be packaged up and sold. (Good luck with the GDPR, by the way.)

Hopefully MoviePass can explain exactly what data it collects and what it does with it, so everyone can make an informed choice.

Featured Image: iStock / Getty Images Plus/Getty Images UNDER A Royalty free LICENSE

He fooled an entire nation with a fake Facebook profile. Then I tracked him down.

This is the story of Dr. Jekyll and Mr. Hyde, but in the world of social media and fake news. 

Have you met every single friend you have on Facebook in real life? We all know the basic rules about keeping photos and posts private and carefully vetting friend requests. 

But things can get complicated. And dangerous.

I met the real Alexandre Martinez on Facebook over the summer. He lives in France and has short dark hair and chiseled features. 

Those features are now highly recognizable in Bulgaria, where Alexandre, better known as Alexander Nikolov, became an unwitting celebrity.

Alexandre fell victim to an incredibly intricate case of identity theft. His name, photographs and personal information were used to create a multitude of fake social media accounts. This continued for over five years when a Bulgarian man was jailed for using the fabricated identity to scam people. 

Not long after that, the fake Facebook profile, gleaming with Martinez’s photos, was taken over by Bulgarian authorities, who announced it by putting a logo on the profile picture and a banner on the cover image. 

It read, “This profile has been taken over by the Division for Organised Crime for its criminal use, in accordance with the Criminal Code of the Republic of Bulgaria.” 

The surreal sight is exacerbated by the photos belonging to Alexandre Martinez still visible on the bottom left. 

The account has since been taken offline.

A screenshot of Alexander Nikolov's Facebook page. The cover photo reads, "This profile has been taken over by the Division for Organised Crime for its criminal use, in accordance with the Criminal Code of the Republic of Bulgaria."

A screenshot of Alexander Nikolov’s Facebook page. The cover photo reads, “This profile has been taken over by the Division for Organised Crime for its criminal use, in accordance with the Criminal Code of the Republic of Bulgaria.”

Image: Screenshot by Mashable

More than two dozen people I spoke with had willingly given large sums of money and shared personal details between 2015-2017 with a man they were convinced was real. They had been interacting with his statuses and his pictures for years. They felt like they knew Alexander Nikolov. 

I, too, had been friends with that fake account for years, interacting with someone hiding behind a social media mask all along.

Meanwhile, fake Alex had established himself as a social media star in his own right, garnering a sizable online following, including journalists, politicians and public figures. Over time, this helped him pen countless articles in various news outlets. He would even dial in as a political commentator on  national TV news programs and radio shows.

And yet, no one in Bulgaria had ever seen this man in real life. 

“It was a total shock to me and my family. I can’t believe my photos were used to scam people,” Martinez said.

Spas Vasilev a.k.a. Alexander Nikolov – the social media chameleon

Spas Vasilev a.k.a. Alexander Nikolov – the social media chameleon

Image: GiF by mashable

The tale of Alexandre Martinez shines a different light into the increasingly familiar story about the infiltration of fake accounts, or bots, on social media networks to be used as political weapons or tools for profit.

This is about the dangers of real people creating fake accounts and about the ease with which fake accounts can accrue an incredibly authentic digital footprint that can be used to deceive, scam and harm people. And, whereas bots are increasingly easy to spot, these fake accounts were so well crafted and detailed, there was virtually no way to recognise, flag, or track them. 

Until the man allegedly behind it all got caught. For a long time, his authenticity was unquestionable. Then it all came crumbling down.

Being Alexander Nikolov

In the business of identity theft

In the business of identity theft

Image: vicky leta/mashable

I spent the last few months investigating fake Alex. I wanted to find out how hard it would be to track down both the perpetrator and the victim. I also wanted to see how much support social media platforms offer in cases of stolen identity. 

The man allegedly behind the fake Alex accounts is called Spas Vasilev. His online existence can be traced back to Twitter where he used the handle @tourbg. Some of his first tweets are from 2012. In 2013, a Facebook profile popped up with the name Alexander Nikolov. From there, his social media accounts skyrocketed in popularity in Bulgaria, according to multiple people who first followed him on Twitter and then befriended him on Facebook.

In the years that followed, Vasilev would download pictures that Alexandre Martinez was posting on his private social media accounts, patiently concocting a glamorous new life for fake Alex and his engaged audience in Bulgaria. In this life, fake Alex was landing top jobs at multinational corporations and consultancy firms – most notably Airbus. He lived in Paris and New York with his wife and kids, who were also fictitious. 

As he tagged fake Alex’s travels across the world on Facebook, Vasilev was living a solitary and secluded life in Bulgaria. 

Fake Alex's photos were a mixture of stolen pictures from Martinez travels and photos from the internet.

Fake Alex’s photos were a mixture of stolen pictures from Martinez travels and photos from the internet.

Image: Screenshot by mashable

Image from Air France's maiden Boeing 787 flight. Caption reads, "Family status: slept on the plane."

Image from Air France’s maiden Boeing 787 flight. Caption reads, “Family status: slept on the plane.”

Image: Screenshot by Mashable

Vasilev’s story involves money, too. Vasilev, under the false pretense of being a rich and successful manager with connections in various airlines, allegedly began offering discounted flights to dozens of people through Facebook. Many people trusted him, dozens more I spoke with even secured flights. 

One person flew to Bulgaria, then to San Francisco with tickets purchased via fake Alex. The tickets were real, albeit last-minute. But on his third attempt – two tickets to New York – the fake Alex accounts went silent. 

There was no flight to New York.

For years, it seemed to be working perfectly. Then I was invited to a secret Facebook group, made up of dozens of people (73 at the time of writing), who claim to have fallen victim to Vasilev’s schemes. (Full disclosure: I was added by a friend, who had shared sensitive personal information with Vasilev. She had come to know the fake Alex Facebook account through me.)

So I tracked the alleged perpetrator down with the help of Henk van Ess, a researcher and contributor for Bellingcat

From emails used by fake Alex, provided by people in the Facebook group, we found another name, besides Alexander Nikolov, used to register those addresses – Aneliya Stoyanova. A deep search into Alexander Nikolov’s profile showed several mentions of the name Aneliya in comments to posts dating back to 2010. 

A 2010 post, three years before Alexander Nikolov surfaced on Facebook, shows the profile had a different name then – Aneliya Stoyanova.

A 2010 post, three years before Alexander Nikolov surfaced on Facebook, shows the profile had a different name then – Aneliya Stoyanova.

Image: Screenshot by Mashable

In addition, two of the phone numbers associated with fake Alex led to two new Facebook accounts with supposed French identities (Guillaume Martin and Claire Berranger). A deeper look revealed several other connections with the fake Alex profile – all three were listed as administrators of a Facebook page for a media company set up by Vasilev. These fake accounts, most likely also created by Vasilev, remain online.

Next, I tracked down the alleged perpetrator, Spas Vasilev. Fake Alex claimed to have lived in Paris, which was also cited as his hometown on his Skype profile. The two other fake accounts set up by Vasilev were also located in France. And I had received another lead from the secret Facebook group by someone who claimed to have studied with Vasilev in Nice, France, in 2004. 

That led me to an account on an old Bulgarian social media network, belonging to a man called Spas Vasilev, whose profile states he completed an undergraduate degree at the School of Economics and Business in Nice. It had his full name and correct date of birth. From there, using official records, I found his address and his family.

A picture of Vasilev (bottom right)  and his family posted on Facebook by his father on January 2, 2015.

A picture of Vasilev (bottom right)  and his family posted on Facebook by his father on January 2, 2015.

Image: Screenshot by mashable

So, I had a lead about the alleged perpetrator, but zero clues about who the man on all the fake Alex pictures was. On Oct. 7, 2017, I made a public request for help on Twitter. 

Within days after my tweet, it was the leading story in Bulgaria, with all major news networks, newspapers and tabloids filing their own stories. 

A few days after that, Spas Vasilev was arrested.

The stolen identity

When I told Alexandre Martinez about his new found fame in Bulgaria, he told me it was like seeing a ghost. How could someone have been using photos of his private life to create an entirely new person online and use it to fool an entire nation? 

I located Martinez’s real LinkedIn profile first, then Facebook – which is where I interviewed him. He doesn’t recall ever meeting Vasilev. Yet, he confirmed that the pictures on the fake Alex account were his, the oldest dating back a few years, the newest from aboard the first Boeing 787 flight for Air France on Jan. 5, 2017. 

Because Martinez’s Facebook account and photos aren’t public, “and never were,” he remains unsure how Vasilev had gained access to them.

Martinez told me having his identity stolen had caused great distress to him and his family and he was worried Vasilev’s ticket scams would cause problems for him at work. 

The dangers and repercussions of online identity theft are far-reaching. And social media companies don’t make it easy to track and report abuses and, most importantly, notify the people whose personal data had been stolen. 

In Bulgaria, online identity theft is not a crime, according to the law.

One of the prosecutors working on Vasilev’s case, Ivaylo Petrov, said the focus was solely on traceable financial dealings Vasilev had while pretending to be Alexander Nikolov.

Millie Graham Wood, a solicitor with Privacy International, said this is often part of a larger problem:

“In instances where there is identity theft, society and governments need to consider how to respond to this, particularly where individuals use photos to signify trustworthiness (e.g. that they are a professional working for a large airline) and use this to create fake personas and exploit other individuals financially,” Wood said. 

“This is a complex area and requires companies who encourage us to post our daily lives on social media to think critically about how social media is not only used as a surveillance tool, but can be used for identify theft.”

Facebook and LinkedIn did not respond to requests for comment. I also alerted staff at Air France about a potential identity theft of one of their potential employees, citing the geolocated photos from the maiden Boeing 787 flight. Air France responded by saying they would address the matter, but were not at liberty to release any further information.

As it turns out, they never contacted Martinez about it either. 

A playbook for creating a fake account

Fake Alex and I first connected on Twitter, then Facebook, where we had 34 mutual friends. 

I know his voice because we’ve spoken on the phone on several occasions. The first record I have of him trying to sell me flight tickets is from Sept. 26, 2016.

A sample of my correspondence with Alexander Nikolov on Facebook

A sample of my correspondence with Alexander Nikolov on Facebook

Image: Screenshot by Mashable

But there is a sharp distinction between fake Alex – the discount ticket scammer and Alexander Nikolov – world traveller, journalist and social media influencer. 

I can’t help but wonder if that account would still be online today if it weren’t for the scams? 

Due diligence 

Before this story broke in Bulgaria, a Google search revealed pages and pages of articles with Alexander Nikolov’s bylines. In the aftermath, news agencies jumped to cover the flashy case of a stolen identity. 

What remains troubling is the hidden attempts of some outlets to cover up how little vetting they all did in their dealings with fake Alex. 

A good example is a broadcast by the Bulgarian National TV from 2014, where fake Alex was scheduled to appear via Skype. Fake Alex phoned in citing technical issues, according to the reporter that conducted the interview. 

Vasilev also penned op-eds in other media outlets under the guise of fake Alex. He was a regular contributor to Webcafe until 2017. However, after I contacted the owners of the website about how they verified him before working together, his bylines were removed immediately and replaced by what now reads “Become a contributing writer.” (A blog he was editing and writing for was subsequently bought by the Webcafe group.)

Alexander Nikolov ceased to exist on Facebook on Jan. 11, 2018, the last time I was able to access it. But he lives on on LinkedIn. All the while, the man allegedly behind this remains in custody in Bulgaria awaiting charges, none of which are related to his elaborate and long-term identity theft.

Fake Alex was born using snippets of someone else’s life and an entire nation was duped. His Facebook profile prospered because it used the platform exactly as it was designed. But the consequences are very real – from the difficulty of tracking down the perpetrator and holding them to the task of erasing the stolen content off the internet. 

[embedded content]

5G needs a “new mindset” towards Internet rules, telcos warn

Carriers have kicked off the world’s biggest mobile phone tradeshow with calls for an “investment friendly framework” to fund rollouts of next-gen 5G network technology and level the playing field with Internet giants.

“We need a new mindset,” argued Telefonica CEO José María Álvarez-Pallete López, giving the first keynote of the morning here at Mobile World Congress 2018 in Barcelona.

López went on to call for a “digital bill of rights” and for the industry to engage with ethical debates over the impact of connected technologies, including in areas such as privacy and machine ethics.

Vodafone CEO Vittorio Colao also urged the “same rules for Internet players”, arguing that Facebook Messenger makes the tech giant “the biggest telco in the world” — yet one he said has “practically no obligation” in terms of the access it must provide to different groups of users.

“All of this much finish. We need to be treated all the same,” he added in a thinly veiled warning to governments eyeing 5G and thinking how they might reap the benefits of next-gen network investment to power efficiencies in their own service delivery.

The unspoken ‘if’ being — if you want us to make the big investments needed to build out 5G networks.

Colao also complained that spectrum is too expensive and said licenses should be granted for longer than 25 years — not shorter, as he said is currently being considered in Europe.

Discussions on public shared networks should be “parked”, he said ticking another item off his regulatory wish-list, and any public subsidy for 5G rollouts should be “neutral”.

If lawmakers adopted this approach the deployment of 5G and fiber would be a given, he claimed.

During the keynotes, several telco execs took time out to describe beneficial applications that could be enabled by 5G. Colao talked about a connected ambulance being able to be “the first step of the hospital”, for example.

And NTT docomo’s president and CEO Kazuhiro Yoshizawa also talked up 5G-enabled telehealth solutions supporting remote diagnostics when specialist doctors can’t see patients in person.

Yoshizawa also talked about 5G enabling construction machinery to be operated remotely from a control centre, rather than with a human driver in the cab. Which made for the slightly disconcerting vision of a visibly driverless digger carving up the landscape.

“Many businesses will need a large amount of video on the uplink,” he noted.

But while there was talk of 5G’s potential societal (and business) benefits, Colao had come to play Cassandra for the flip side: Warning about the risk of a growing technophobia undermining the case for 5G rollouts by eroding trust and support.

He also raised the “digital dominance” of tech giants Facebook, Amazon, Apple, Netflix and Google, noting growing concerns over how “big and powerful” these companies are, and over societally damaging problems like fake news.

Although he argued the real problem for telcos is people are becoming worried that AI technologies “empowered by broadband” might damage jobs and skills.

“We have to make it an opportunity to create more jobs — more expert jobs and mitigate this techno fear,” he warned.

Connected technologies risk “increasing inequality and decreasing social cohesion”, he added — suggesting too that such concerns have the potential to fuel damaging populism.

“We need as a industry to engage, to ensure we build better future for people and a better deal for citizens,” he said.

His suggestion for 5G purveyors to win friends and wider societal backing is to tie rollouts tightly to local needs.

And he called for the creation of regulation-free regions where 5G experiments can become practical examples showing what’s possible — pointing to Vodafone’s 5G trials in Milan as the kind of consortium of local partners needed to “test the future” but in a way that keeps communities of users engaged and on side with the benefits.

The Milan trial is a public private partnership involving 38 partners including universities and startups, he noted. “This should be the model,” he continued. “A locally managed innovation process so that local citizens can see the benefits.”

Regulation-free innovation areas would also be a way to attract startups to tackle local problems — and entrepreneurs are needed to play a key role in ensuring 5G gets associated with a “better future” for society as a whole.

“We need to start looking at technology not as an enabler of problems but as a way to improve the deal of citizens,” he added.