Archive for March 7, 2019

Thursday, March 7, 2019

A Privacy-Focused Vision for Social Networking

Mark Zuckerberg:

Public social networks will continue to be very important in people’s lives -- for connecting with everyone you know, discovering new people, ideas and content, and giving people a voice more broadly. People find these valuable every day, and there are still a lot of useful services to build on top of them. But now, with all the ways people also want to interact privately, there’s also an opportunity to build a simpler platform that’s focused on privacy first.

I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform -- because frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing. But we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.

I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won’t stick around forever. This is the future I hope we will help bring about.

Alex Stamos:

This isn’t a post I expected to read, and I wish he wrote it two years ago. Hopefully the external vision is reflected in internal moves to change product culture that informs thousands of product and engineering decisions per year. Turning a ship that large is difficult.

[…]

Right now FB gets crap (from the same people) for both invading people’s privacy and not policing communications enough. This is the judo move: in a world where everything is encrypted and doesn’t last long, entire classes of scandal are invisible to the media.

He explicitly recognizes the downside for safety, and rightly points out the potential mitigations, but he is coming down pretty hard on putting data outside of Facebook’s reach for advertising, content moderation, investigation and government requests.

[…]

The “Secure Data Storage” section is a massive shot across Tim Cook’s bow. Expect to hear a lot about iCLoud and China every time Cook is sanctimonious.

In other news, Zuck has clearly given up on entering China, as these changes makes that impossible. Good.

Ben Thompson:

In fact, what Zuckerberg announced is quite believable, precisely because it makes perfect sense for Facebook: this is a privacy cake that Facebook can have — and eat it too.

[…]

By the same token, though, just because Facebook capped Snapchat’s growth doesn’t mean that Snapchat’s core insight about the desire for private, ephemeral communication was wrong: what Zuckerberg wrote yesterday is basically Snapchat’s reason-for-existing. In other words, while Instagram Stories built a wall around Snapchat by copying Snapchat’s secondary feature, this “Privacy-Focused Vision for Social Networking” is a clear attempt to build the core of Snapchat for everyone else.

[…]

Perhaps most compelling, though, is the degree to which this move locks in Facebook’s competitive position. As I noted above, Snapchat already showed that Facebook is vulnerable in the realm of private ephemeral communications, but soon that will no longer be the case. Moreover, given Facebook’s focus on end-to-end encryption, the company has made it that much harder to even get off the ground: not even Snapchat is fully end-to-end encrypted (pictures are, but not text messages).

[…]

Why can Facebook deliver most of the value? Because they are still Facebook! They still have the core Facebook app, Instagram, ‘Like’-buttons scattered across the web — none of that is going away with this announcement. They can very much afford a privacy-centric messaging offering in a way that any would-be challenger could not. Privacy, it turns out, is a competitive advantage for Facebook, not the cudgel the company’s critics hoped it might be.

Nick Heer:

If Facebook truly is going to build private, encrypted services for its users, it’s not because the company’s culture has radically pivoted to embrace the value of privacy. This is more likely a tactic, rather than a goal for its own sake.

Previously: Facebook and Phone Numbers.

Update (2019-03-08): Zeynep Tufekci:

So, wow, Mark Zuckerberg published a plan to entrench Facebook, fend off regulatory action, lower costs, shrink scandal exposure, acknowledge realities— and he called it a “privacy-focused vision” while ignoring all the big privacy issues! 🙄

I mean, Facebook doesn’t need to read your messages—that’s not how its surveillance machine runs. Zuckerberg states as much same day in interview in @Wired. Done right, shift to end-to-end could be great. But it could just mean hiring fewer content moderators and hiding scandals.

China’s not happening. No kidding. People like Snapchat’s features and Facebook will keep copying them. They will scramble WhatsApp and Instagram hard into Facebook so regulators can’t break them off. These are not privacy shifts—they’re shrewd competitive moves for entrenchment.

See also: Exponent, Hacker News.

TensorFlow Differential Privacy

James Vincent (via Dan Masters):

Google has announced a new module for its machine learning framework, TensorFlow, that lets developers improve the privacy of their AI models with just a few lines of extra code.

TensorFlow is one of the most popular tools for building machine learning applications, and it’s used by developers around the world to create programs like text, audio, and image recognition algorithms. With the introduction of TensorFlow Privacy, these developers will be able to safeguard users’ data with a statistical technique known as “differential privacy.”

[…]

There are some downsides to using differential privacy, though. “By masking outliers, it can sometimes remove relevant or interesting data, especially in varied datasets, like those involving language,” says Erlingsson. “Differential privacy literally means that it’s impossible for the system to learn about anything that happens just once in the dataset, and so you have this tension. Do you have to go get more data of a certain type? How relevant or useful are those unique properties in the dataset?”

Ariel Herbert-Voss:

Just found this incredible paper by @korolova and team: they straight-up reverse engineered Apple’s differential privacy system. They share implementation details and findings about privacy loss in a real-world system, which is key for broader DP adoption.

Previously:

CloudBerry Backup for macOS

Dave Kitabjian:

I have seen other reviews of CloudBerry that happily check many boxes on the feature list and grant it a favorable rating. I wonder how many of those reviewers actually performed a non-trivial backup using the product and took the time to evaluate whether it was in fact working properly.

I really wanted to be the one to tell the TidBITS community that there was another great backup app to consider. But I wanted to do that because I want to help you protect your data, and right now, the best way I can do that is to recommend that you do not use CloudBerry Backup for macOS.

Previously:

How Time Machine Makes Backups With APFS

Howard Oakley:

The preparatory sequence identifies and deletes expired local snapshots. According to Apple’s Support Note, these local snapshots are kept for 24 hours; although the log entries below indicate a shorter period, later backups confirm that this is normally the case, and you should expect to find a full 24 hours of snapshots at any time.

backupd then copies changed items to the backup destination. In order to maintain the impression that each backup is a complete copy of the source volume, it then makes hard links to all the unchanged files and folders. It is able to do this as, unlike many file systems, HFS+ supports directory hard links as well as those to files.

[…]

backupd then checks that there is sufficient free space on the backup destination, and if there is, performs that same process as with HFS+, copying changed items and making hard links to the rest. That is followed by new steps, which save a clone family cache to the new backup folder, and back-up-later caches there too. The precise purpose of these isn’t yet clear, although the latter may well list files which changed as the backup was being made.

[…]

I have been writing that Time Machine has fallen behind macOS, at least in respect of its reliance on the HFS+ file system for backups, which results from its use of directory hard links. This implementation of Time Machine for APFS is perhaps best viewed as version 1.5: it now takes best advantage of the new file system as its source, but has yet to find a new backup method and format appropriate to an APFS backup destination.

Howard Oakley:

That old [HFS+] system periodically failed, perhaps when FSEvents lost track of recent changes, or became corrupted. In those circumstances, Time Machine would perform a lengthy ‘deep traversal scan’ to determine what needed to be backed up, which could in some cases take several hours. One strong case for adopting a new approach with APFS was to reduce the frequency of those deep traversals by using a more robust mechanism for determining what to back up. There’s no evidence that the new snapshot-based system is any quicker – indeed, in many cases it may perform more slowly than using FSEvents.

[…]

However, deep traversal scans do still occur on APFS volumes. In one period of only 8 hours, my iMac Pro undertook and completed two such scans, as shown in the T2M2 report below.

Previously: