All posts in “russia”

Twitter’s new troll filtering might actually prevent more abuse than any ban

Twitter has put its trolls on notice.

On Tuesday, Twitter released promising preliminary results from a test of its new proactive troll filtering tactic. It wanted to see if filtering (but not deleting) content from accounts that exhibited “trolling behavior” could make Twitter more of a platform for conversation and sharing, less an adversarial cesspool. 

In March, CEO Jack Dorsey announced that Twitter would work to measure and then improve the “conversational health” of the platform. The initiative came in response to the revelations of how Russian troll farms had used the platform to inflame the American public. Dorsey’s tweet storm announcing the initiative also seemed to say that Dorsey was taking an earnest look in the mirror at what the platform he created had become, and what it had done to the world. That was a welcome change of tune for the same company that had just a month prior continued to obfuscate Russian trolls’ use of Twitter.

Dorsey said that he wanted Twitter to undergo something of a reckoning, in which it had to actually define what it wanted “healthy conversation” to be. At least publicly, the definition of “conversational health” is still something Twitter is working out; in April, David Gasca, Twitter’s product manager for health, said that Twitter had received 230+ responses to its March Request for Proposals on how to best define, measure, and then improve conversational health on Twitter.

But it appears that the experiment is already underway. For its first improvements to “conversational health,” Twitter decided to see if it could reduce the amount of “disruptive behavior” by trolls.

“Some troll-like behavior is fun, good and humorous,” Gasca, and Del Harvey, VP of trust and safety, wrote in a post announcing the test. “What we’re talking about today are troll-like behaviors that distort and detract from the public conversation on Twitter, particularly in communal areas like conversations and search.”

To do so, it says it found a way to identify accounts that exhibit trolling behavioral markers. These markers include not having email verified accounts, a high volume of tweets directed at people the accounts don’t follow, and more. 

It then delisted the content posted by these accounts from search. And, since so much trolling takes place in the responses to tweets, responses created by these accounts would only be visible by clicking the “see more responses” option. 

Apparently, in its testing markets, Twitter saw a 4% drop in abuse reports from search, and 8% drop from comments. That’s nothing to sneeze at!

The post announcing the test explained the key challenge: how to minimize the voices whose only aim was to inflame or bully, but who weren’t actually posting content or behaving in ways that violated Twitter’s terms of service. Or, as Gasca and Harvey wrote, “how can we proactively address these disruptive behaviors that do not violate our policies but negatively impact the health of the conversation?”

Filtering rather than deleting content or suspending accounts essentially shrinks the microphone of trolls looking to stir up trouble. They can still post to their heart’s content — so there’s no “censorship” here — but the likelihood that people will see (and engage with) their content is just a bit lower. 

Then again, Twitter trolls obviously don’t agree that this isn’t censorship. Ok.

Filtering based on behavioral markers is also a proactive tactic. This addresses a frequent criticism of social and digital media companies: that they react to violate or inappropriate content, instead of preventing it in the first place. Specifically, some asked why so many Facebook group’s ties to Russia weren’t noticed earlier, since they contained obvious markers such as paying for ads about American protests in Roubles. And on YouTube, horrifying videos have made it onto the platform’s kids channels, racking up thousands of views by kids before parents noticed and reported the content.

Of course, proactively preventing abuse without chilling amounts of profiling, or raising cries of censorship, is a difficult challenge. Even in this new experiment by Twitter, trolls could get wise to Twitter’s behavioral flagging, and adjust their behavior to appear more organic. Mashable has asked Twitter if there are additional indicators not mentioned in the post, and whether Twitter will intentionally keep some of its markers private to avoid manipulation by sneaky, determined trolls. We’ll update this post when and if we hear back.

Additionally, abuse reports can certainly reflect whether users are having a bad time on Twitter — but it takes a big, trolling push to get users to actually report an account, instead of just ignore it. It’s not clear yet by what other markers Twitter might measure conversational health.

[embedded content]

Zuckerberg again snubs UK parliament over call to testify

Facebook has once again eschewed a direct request from the UK parliament for its CEO, Mark Zuckerberg, to testify to a committee investigating online disinformation — without rustling up so much as a fig-leaf-sized excuse to explain why the founder of one of the world’s most used technology platforms can’t squeeze a video call into his busy schedule and spare UK politicians’ blushes.

Which tells you pretty much all you need to know about where the balance of power lies in the global game of (essentially unregulated) U.S. tech platforms giants vs (essentially powerless) foreign political jurisdictions.

At the end of an 18-page letter sent to the DCMS committee yesterday — in which Facebook’s UK head of public policy, Rebecca Stimson, provides a point-by-point response to the almost 40 questions the committee said had not been adequately addressed by CTO Mike Schroepfer in a prior hearing last month — Facebook professes itself disappointed that the CTO’s grilling was not deemed sufficient by the committee.

“While Mark Zuckerberg has no plans to meet with the Committee or travel to the UK at the present time, we fully recognize the seriousness of these issues and remain committed to providing any additional information required for their enquiry into fake news,” she adds.

So, in other words, Facebook has served up another big fat ‘no’ to the renewed request for Zuckerberg to testify — after also denying a request for him to appear before it in March, when it instead sent Schroepfer to claim to be unable to answer MPs’ questions.

At the start of this month committee chair Damian Collins wrote to Facebook saying he hoped Zuckerberg would voluntarily agree to answer questions. But the MP also took the unprecedented step of warning that if the Facebook founder did not do so the committee would issue a formal summons for him to appear the next time Zuckerberg steps foot in the UK.

Hence, presumably, that addendum line in Stimson’s letter — saying the Facebook CEO has no plans to travel to the UK “at the present time”.

The committee of course has zero powers to comply testimony from a non-UK national who is resident outside the UK — even though the platform he controls does plenty of business within the UK.

Last month Schroepfer faced five hours of close and at times angry questions from the committee, with members accusing his employer of lacking integrity and displaying a pattern of intentionally deceptive behavior.

The committee has been specifically asking Facebook to provide it with information related to the UK’s 2016 EU referendum for months — and complaining the company has narrowly interpreted its requests to sidestep a thorough investigation.

More recently research carried out by the Tow Center unearthed Russian-bought UK targeted immigration ads relevant to the Brexit referendum among a cache Facebook had provided to Congress — which the company had not disclosed to the UK committee.

At the end of the CTO’s evidence session last month the committee expressed immediate dissatisfaction — claiming there were almost 40 outstanding questions the CTO had failed to answer, and calling again for Zuckerberg to testify.

It possibly overplayed its hand slightly, though, giving Facebook the chance to serve up a detailed (if not entirely comprehensive) point-by-point reply now — and use that to sidestep the latest request for its CEO to testify.

Still, Collins expressed fresh dissatisfaction today, saying Facebook’s answers “do not fully answer each point with sufficient detail or data evidence”, and adding the committee would be writing to the company in the coming days to ask it to address “significant gaps” in its answers. So this game of political question and self-serving answer is set to continue.

In a statement, Collins also criticized Facebook’s response at length, writing:

It is disappointing that a company with the resources of Facebook chooses not to provide a sufficient level of detail and transparency on various points including on Cambridge Analytica, dark ads, Facebook Connect, the amount spent by Russia on UK ads on the platform, data collection across the web, budgets for investigations, and that shows general discrepancies between Schroepfer and Zuckerberg’s respective testimonies. Given that these were follow up questions to questions Mr Schroepfer previously failed to answer, we expected both detail and data, and in a number of cases got excuses.

If Mark Zuckerberg truly recognises the ‘seriousness’ of these issues as they say they do, we would expect that he would want to appear in front of the Committee and answer questions that are of concern not only to Parliament, but Facebook’s tens of millions of users in this country. Although Facebook says Mr Zuckerberg has no plans to travel to the UK, we would also be open to taking his evidence by video link, if that would be the only way to do this during the period of our inquiry.

For too long these companies have gone unchallenged in their business practices, and only under public pressure from this Committee and others have they begun to fully cooperate with our requests. We plan to write to Facebook in the coming days with further follow up questions.

In terms of the answers Facebook provides to the committee in its letter (plus some supporting documents related to the Cambridge Analytica data misuse scandal) there’s certainly plenty of padding on show. And deploying self-serving PR to fuzz the signal is a strategy Facebook has mastered in recent more challenging political times (just look at its ‘Hard Questions’ series to see this tactic at work).

At times Facebook’s response to political attacks certainly looks like an attempt to drown out critical points by deploying self-serving but selective data points — so, for instance, it talks at length in the letter about the work it’s doing in Myanmar, where its platform has been accused by the UN of accelerating ethnic violence as a result of systematic content moderation failures, but declines to state how many fake accounts it’s identified and removed in the market; nor will it disclose how much revenue it generates from the market.

Asked by the committee what the average time to respond to content flagged for review in the region, Facebook also responds in the letter with the vaguest of generalized global data points — saying: “The vast majority of the content reported to us is reviewed within 24 hours.” Nor does it specify if that global average refers to human review — or just an AI parsing the content.

Another of the committee’s questions is: ‘Who was the person at Facebook responsible for the decision not to tell users affected in 2015 by the Cambridge Analytica data misuse scandal?’ On this Facebook provides three full paragraphs of response but does not provide a direct answer specifying who decided not to tell users at that point — so either the company is concealing the identity of the person responsible or there simply was no one in charge of that kind of consideration at that time because user privacy was so low a priority for the company that it had no responsibility structures in place to enforce it.

Another question — ‘who at Facebook heads up the investigation into Cambridge Analytica?’ — does get a straight and short response, with Facebook saying its legal team, led by general counsel Colin Stretch, is the lead there.

It also claims that Zuckerberg himself only become aware of the allegations that Cambridge Analytica may not have deleted Facebook user data in March 2018 following press reports.

Asked what data it holds on dark ads, Facebook provides some information but it’s also being a bit vague here too — saying: “In general, Facebook maintains for paid advertisers data such as name, address and banking details”, and: “We also maintain information about advertiser’s accounts on the Facebook platform and information about their ad campaigns (most advertising content, run dates, spend, etc).”

It does also confirms it can retain the aforementioned data even if a page has been deleted — responding to another of the committee’s questions about how the company would be able to audit advertisers who set up to target political ads during a campaign and immediately deleted their presence once the election was over.

Though, given it’s said it only generally retains data, we must assume there are instances where it might not retain data and the purveyors of dark ads are essentially untraceable via its platform — unless it puts in place a more robust and comprehensive advertiser audit framework.

The committee also asked Facebook’s CTO whether it retains money from fraudulent ads running on its platform, such as the ads at the center of a defamation lawsuit by consumer finance personality Martin Lewis. On this Facebook says it does not “generally” return money to an advertiser when it discovers a policy violation — claiming this “would seem perverse” given the attempt to deceive users. Instead it says it makes “investments in areas to improve security on Facebook and beyond”.

Asked by the committee for copies of the Brexit ads that a Cambridge Analytica linked data company, AIQ, ran on its platform, Facebook says it’s in the process of compiling the content and notifying the advertisers that the committee wants to see the content.

Though it does break out AIQ ad spending related to different vote leave campaigns, and says the individual campaigns would have had to grant the Canadian company admin access to their pages in order for AIQ to run ads on their behalf.

The full letter containing all Facebook’s responses can be read here.

House Democrats release more than 3,500 Russian Facebook ads

Democrats from the House Intelligence Committee have released thousands of ads that were run on Facebook by the Russia-based Internet Research Agency.

The Democrats said they’ve released a total of 3,519 ads today from 2015, 2016 and 2017. This doesn’t include 80,000 pieces of organic content shared on Facebook by the IRA, which the Democrats plan to release later.

What remains unclear is the impact that these ads actually had on public opinion, but the Democrats note that they were seen by more than 11.4 million Americans.

You can find all the ads here, though it’ll take some time just to download them. As has been noted about earlier (smaller) releases of IRA ads, they aren’t all nakedly pro-Trump, but instead express a dizzying array of opinions and arguments, targeted at a wide range of users.

“Russia sought to weaponize social media to drive a wedge between Americans, and in an attempt to sway the 2016 election,” tweeted Adam Schiff, who is the Democrats’ ranking member on the House Intelligence Committee. “They created fake accounts, pages and communities to push divisive online content and videos, and to mobilize real Americans,”

He added, “By exposing these Russian-created Facebook advertisements, we hope to better protect legitimate political expression and safeguard Americans from having the information they seek polluted by foreign adversaries. Sunlight is always the best disinfectant.

In conjunction with this release, Facebook published a post acknowledging that it was “too slow to spot this type of information operations interference” in the 2016 election, and outlining the steps (like creating a public database of political ads) that it’s taking to prevent this in the future.

“This will never be a solved problem because we’re up against determined, creative and well-funded adversaries,” Facebook said. “But we are making steady progress.”

Twitter banned Russian security firm Kaspersky Lab from buying ads

The U.S. government isn’t the only one feeling skittish about Kaspersky Lab. On Friday, the Russian security firm’s founder Eugene Kaspersky confronted Twitter’s apparent ban on advertising from the company, a decision it quietly issued in January.

“In a short letter from an unnamed Twitter employee, we were told that our company ‘operates using a business model that inherently conflicts with acceptable Twitter Ads business practices,’” Kaspersky wrote.

“One thing I can say for sure is this: we haven’t violated any written – or unwritten – rules, and our business model is quite simply the same template business model that’s used throughout the whole cybersecurity industry: We provide users with products and services, and they pay us for them.”

He noted that the company has spent around than €75,000 ($93,000 USD) to promote its content on Twitter in 2017.

Kaspersky called for Twitter CEO Jack Dorsey to specify the motivation behind the ban after failing to respond to an official February 6 letter from his company.

More than two months have passed since then, and the only reply we received from Twitter was the copy of the same boilerplate text. Accordingly, I’m forced to rely on another (less subtle but nevertheless oft and loudly declared) principle of Twitter’s – speaking truth to power – to share details of the matter with interested users and to publicly ask that you, dear Twitter executives, kindly be specific as to the reasoning behind this ban; fully explain the decision to switch off our advertising capability, and to reveal what other cybersecurity companies need to do in order to avoid similar situations.

In a statement about the incident, Twitter reiterated that Kaspersky Lab’s business model “inherently conflicts with acceptable Twitter Ads business practices.” In a statement to CyberScoop, Twitter pointed to the late 2017 Department of Homeland Security directive to eliminate Kaspersky software from Executive Branch systems due to the company’s relationship with Russian intelligence.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS asserted in the directive at the time.

Russia’s game of Telegram whack-a-mole grows to 19M blocked IPs, hitting Twitch, Spotify and more

As the messaging app Telegram continues to try to evade Russian authorities by switching up its IP addresses, Russia’s regulator Roskomnadzor (RKN) has continued its game of whack-a-mole to try to lock it down by knocking out complete swathes of IP address. The resulting chase how now ballooned to nearly 19 million IP addresses at the time of writing, as tracked by unofficial RKN observer RKNSHOWTIME (updated on a Telegram channel with stats accessible on the web via Phil Kulin’s site).

As a result, there have been a number of high-profile services also knocked out in the crossfire, with people in Russia reporting dozens of sites affected, including Twitch, Slack, SoundCloud, Viber, Spotify, FIFA and Nintendo, as well as Amazon and Google. (A full list of nearly 40 addresses is listed below.)

What’s notable is that Google and Amazon themselves seem still not to be buckling under pressure. As we reported earlier this week, a similar — but far smaller — instance happened in the case of Zello, which had also devised a technique to hop around IP addresses when its own IP addresses were shut down by Russian regulators.

Zello’s circumventing lasted for nearly a year, until it seemed the regulator started to use a more blanket approach of blocking entire subnets — a move that ultimately led to Google and Amazon asking Zello to cease its activities.

After that, Zello’s main access point for its Russian users was via VPN proxies — one of the key ways that users in one country can effectively appear as if they are in another, allowing them to circumvent geoblocking and geofencing, either by the companies themselves, or those that have been banned by a state.

It’s important to note that the domain fronting that Google is in the process of shutting down is not the same as IP hopping — although, more generally, it will mean that there is now one less route for those globally whose traffic is getting blocked through censorship to wiggle around that. The IP hopping that has led to 19 million addresses getting blocked in Russia is another kind of circumvention. (I’m pointing this out because several people I’ve spoken to assumed they were the same.)

Pavel Durov, Telegram’s founder and CEO, has made several public calls on Telegram and also third-party sites like Twitter to praise how steadfast the big internet companies have been. And others like the ACLU have also waded into the story to call on Amazon, Apple, Google and Microsoft to hold strong and continue to allow Telegram to IP hop.

But what could happen next?

I’ve contacted Google, Amazon and Telegram now several times to ask this question and for more details on what is going on. As of yet I’ve had no replies. However, Alexey Gavrilov, the CTO and founder of Zello, provided a little more potential insight:

He said that ultimately they might ask Telegram to stop — something that might become increasingly hard not to do as more services get affected — and if that doesn’t work they can suspend Telegram’s account.

“Each cloud provider has provisions, which let them do it if your use interferes with other customers using their service,” Gavrilov notes. “The interpretation of this rule may be not trivial in case when the harm is caused by third party (i.e. RKN in this case) so I think there are some legal risks for Amazon / Google. Plus that would likely cause a PR issue for them.”

Another question is whether there are bigger fish to fry in this story. Some have floated the idea that just as Zello preceded Telegram, RKN’s battles with the latter might lead to how it negotiates with Facebook.

As we have reported before, Facebook notably has never moved to house Russian Facebook data in Russia. Local hosting has been one of the key requirements that the regulator has enforced against a number of other companies as part of its “data protection” rules, and over the last couple of years while some high-profile companies have run afoul of the these regulations, others (including Apple and Google) have reportedly complied.

Regardless, there’s been one ironic silver lining in this story. Since RKN shifted its focus to waging a war on Telegram, Gavrilov tells me that Zello service has been restored in Russia. Here’s to weathering the storm. 

We’ll update this post as and when we get responses from the big players. A more complete list of sites that people have reported as affected by the 19 million address block is below, via Telegram channel Нецифровая экономика (“Non-digital economy”). Some of these have been disputed, so take this with a grain of salt:

1. Sberbank (disputed)

2. Alfa Bank (disputed)

3. VTB

4. Mastercard

5. Some Microsoft services

6. Video agency RT Ruptly

7. Games like Fortnite, PUBG, Guild Wars 2, Vainglory, Guns of Boom, World of Warships Blitz, Lineage 2 Mobile and Total War: Arena

8. Twitch

9. Google

10. Amazon

11. Russian food retailer Dixy (disputed)

12. Odnoklassniki (the social network, ok,ru)

13. Viber

14. Дилеры Volvo

15. Gett Taxi

16. BattleNet

17. SoundCloud

18. DevianArt

19. Coursera

20. Realtimeboard

21. Trello

22. Slack

23. Evernote

24. Skyeng (online English language school)

25. Part of the PlayStation Network

26. Ivideon

27. ResearchGate

28. Gitter

29. eLama

30. Behance

31. Nintendo

32. Codecademy

33. Lifehacker

34. Spotify

35. FIFA

36. And it seems like some of RKN’s site itself