Managing Social Media: Facebook

The Delete Facebook movement has been around for a while now, and I have to admit, the idea is tempting. The downside of allowing a single company to have such an outsized view into our lives has become increasingly obvious, while the benefits have dwindled. By design, Facebook is more than just a social network – its evolved over the years to become something of an Internet hub. Sure, there’s a lot less people playing Farmville, but it’s still the closest thing to a ubiquitous messaging platform we have on the Internet, so it’s hard to just turn it off. Short of writing a letter and putting it in the mail, Facebook is the one place where I can get a message to most of my extended family. And there are things to be said too (both good and bad) about Facebook Groups, where strangers with common interests can meet and create connections — most of my hobby projects have been significantly helped by members of one Facebook group or another.

So quitting Facebook might be going a little too far for most of us, but maybe putting some limits on Facebook’s reach can help. Here are some easy steps you can take to control Facebook’s visibility into, and impact on, your digital life.

Delete the App from your Phone… Then Put it Back

Facebook’s mobile app, whether on Android or iOS, has a staggering privacy impact. Except on the latest OS versions, most of these permissions, once granted, are permanent, and accessible in the background. Recent improvements to underlying platforms have revealed numerous “bugs” that have all the appearance of spying on users – even while the app is not in use. For example, Facebook helpfully asks for access to your Address Book to facilitate “finding friends” but can use that information at will to quietly strengthen its social graph (the powerful database that makes Facebook so interesting to advertisers and political parties.) Recently a former engineer reported that Facebook experimented with uploading all your pictures in the background to “improve performance” when you chose to post a picture on their site.

Obviously, it’s nice to have your social network in your pocket – it’s convenient and helps pass the time. But, giving away all your personal data seems foolish. Fortunately, there is a work-around, and its actually quite nice. By design, your mobile web browser is a “sandbox” – websites can’t get the same permissions as Apps can, so they’re intrinsically safer. And to make it more convenient, both Android and iOS allow you to “pin” a website to your home screen so that you can launch it just like an App. The experience is slightly diminished from the full App, but its remarkably elegant, and significantly less intrusive.

Both Android and iOS let you add a web site to your home screen as if it were an App

The process is slightly different for each platform, but it amounts to:

Open Facebook in a web browser
Find the browser’s menu, and choose the option to Pin to your Home Screen
Find the new Facebook “App” icon on your Home Screen and launch from there
Use Facebook more-or-less as normal

A nice side effect of this change is that Notifications go away. You can always launch the “App” to see what’s new, but you won’t get things pushed to you constantly. Facebook Messenger is a separate app, which seems to have less privacy issues, so it can remain installed to allow message notifications.

Put Facebook in a Box

This tip applies to both your phone and your laptop or desktop computer, although the process is a little different. It requires you to get used to having multiple web browsers – and keeping Facebook in a secondary one.

Firefox believes that good fences make good neighbors

My strong recommendation is to use Firefox as your daily driver – it has an extension that can limit Facebook’s reach automatically. Chrome and Edge both are reasonable for privacy, Brave is better, but in other ways all of these browsers contribute to Google’s unreasonable control over the evolution of the Internet – but I’ll get to Google in another post. Suffice it to say, choose your main web browser and make sure you’re signed out of Facebook (and Instagram) completely on it. When you visit facebook.com from that browser, you should get prompted to sign-in – otherwise, assume Facebook is tracking you all over the web.

(Update: if you have to have Chrome, check out these extensions to help keep you safe.)

Facebook uses a browser fingerprint it establishes when you sign-in to their site, combined with tracking that same fingerprint detected through their pervasive advertising network, to piece together your browsing history — this is why Facebook ads seem like they’re reading your mind: they really do know everything you do online. Never use “sign in with Facebook” to log into a non-Facebook website or service. This is another way they track your activity. Your main web browser should be anonymous to Facebook at all times.

Once you’re confident that your primary browser is Facebook free, install and setup a secondary web browser that can be signed in with Facebook. Use this secondary browser for your Facebook community, and limit other web surfing. On a computer this is really easy – your computer comes with a web browser that should be your secondary browser:

On Windows, you can use the built-in Edge as secondary: you can pin a Facebook shortcut to your Start Menu or Taskbar that always launches in Edge. Set up Firefox or Chrome as the default web browser in Settings, and all other web links will open in that.
On a Mac, use an app called Fluid to create a Facebook shortcut in the Dock that will always launch with the Safari engine. Set your default browser to be Firefox and Chrome and all other web links will open in that.

On a phone this is a little harder, because you can’t completely change the default browser – the built-in engine will still handle embeds and links no matter what you do. But you can still follow the same pattern – create the Home Screen shortcut “App” using the built-in browser and install another browser to do most of your surfing.

Prune Your Timeline

Aside from its privacy issues, Facebook also functions as sewage run-off for some of the Internet’s worst information pollution. Political viewpoints turn angry during an election year (or pandemic) and sometimes it gets to be a little much. You may learn things about your social network that you wish weren’t true – or maybe you just need a break from all the memes.

Sometimes you have no choice but to just remove connections (de-friend people) if they won’t listen to reason. But often a genuinely decent person has just listened to a little too much Fox or NBC News and you need to take a break from the partisanship. It’s OK to “snooze” people or unfollow them. This allows you to stay connected, without having to get inundated with their ideology.

I don’t mean to suggest we shouldn’t hear ideas and perspectives that are different from ours – in fact, I believe it’s healthy to hear both sides of a debate… as long as both sides are rational, thoughtful and based, at least in part, on objectively verifiable reality, or reasoned interpretations of events. But not all opinions are created equal, and not all sources of information are valid. I’d advocate first for a loving attempt to reason, out of concern for a friend, but I’d also advocate (especially as my kids are moving into an online world) for a limitation of the pollution you expose yourself to online.

The Facebook timeline algorithm is tweaked for engagement (sucking you in) and for maximizing advertising impressions (keeping you on the site so you see more ads). It’s not a good source of information, any more than if everyone in town went to the same park and all started shouting our opinions at each other. Prudently manage who and what shows up on your timeline, or ignore the timeline entirely, in favor of personal interactions or Facebook groups that are healthy for you.

Set App Timers

If you use the Facebook app, or a dedicated browser, both Android and iOS will allow you to limit your time in those apps. You can use this for any App that you find yourself mindlessly scrolling through more than you want to. In iOS, it’s called “Screen Time”, in Android it’s called “Digital Wellbeing”, but in either case you can find it in Settings, and easily set a timeout in minutes per day. Of course, you can over-ride it if you need to, but it’s a good reminder to manage what you’re consuming in a given 24 hour period, and make sure you’re including other interactions and sources of information.

Most current phones let you set healthy time limits on Apps

Protecting Your Brain

We don’t let our kids use social media yet – their brains are still forming, and they don’t have all the tools they need to discern what they may read online. But adults aren’t immune from the cognitive biases that can trick our brains into unhealthy patterns. Facebook is a relatively new kind of media – one that empowers peer-to-peer sharing and information dissemination much faster than what we had a generation ago. It has many incredible benefits but inherits all the same problems of previous kinds of media, while introducing a slew of others that humanity isn’t really equipped yet to understand. There are efforts underway to understand and improve how this kind of media works, but until those things mature and inform the evolution of the Internet, it’s up to us as users to think about and manage how we interact with technology and other people using it.

How to Read the News Online

This post is probably long overdue. I’m guilty myself of scrolling through Google News and letting an algorithm decide what I should see. But now, more than ever, its important to get the best information possible. Outlined here will be my attempt to provide some tips to escape the echo chamber, see past ideological spin, and find better sources of information online.

I should start with the caveat that of course this isn’t perfect. But its preferable to the norm…

App and website developers build for “stickiness” — that’s a primary goal. The longer they can keep you inside their experience, the more you are worth to them. That worth is often in advertising dollars, but its always in data: user and behavior information that lets providers create better personas (digital “voodoo dolls“) of their audiences. To restate that more clearly: the main goal of your favorite news app or website is not to inform you — its to make money off you. The longer you stay inside their experience, the more you are worth to them.

With this in mind, its easy to understand how content is created and prioritized. Content creators want to develop content that is interesting to their audiences. Content selection algorithms want to provide content that you resonate with — even when that’s not good for you. The “news” system is designed to affirm your biases, and reinforce the beliefs that brought you there.

Even information aggregators, like Facebook, YouTube and Twitter are running algorithms trying to find what you like and give it to you. They’re everywhere, and they’re cloyingly sycophantic. About once a day Google News offers me a bikini pic of a celebrity along-side other headlines — they know I’m an adult male, and they’re sure I want to see that content. All it takes is one tap to confirm that interest, and tip the algorithm toward more of it.

So if you’re ready to escape the fun house mirror that is Internet news, here’s what to do:

Dump your current News app or go-to website. Google News, Apple News, MSN News, Fox News, CNN news… whatever you use, its all the same. I’m not even talking network bias yet, I’m just talking about algorithm-driven content providers. They’ve all got to go.
Identify raw sources. In the US almost all news comes from the Associated Press first. Each network gets those stories, and puts their own ideological spin on that news. Skip the spin, and find the source: AP, and Reuters are both good for North America.
Identify alternative sources. I’m not talking about fringe sites with extreme beliefs, I’m talking about a source of news that is further removed from the reach of your country’s political parties. In the US, the BBC or the CBC are reasonably impartial observers of what’s happening in your country. Find world news sources that aren’t reported from within your country — you’ll still get the big news items, but the context will be improved.
Once you’ve selected better news sources, find their RSS feeds. OK, I know that sounds like techno-babble, so let’s break out of the numbered list and explain…

RSS stands for Really Simple Syndication (or Rich Site Summary), and its been a backing technology for the web since 1999. If you listen to podcasts, you use it regularly. An RSS feed is just the content from a site, none of the ads, none of the tracking technology, and none of the algorithms. Just the raw content.

Increasingly sites are hiding or obscuring their RSS feeds, because they want you on their site in your browser or on their app, so they can track you. But so far, no one has succeeded in removing it entirely. If you’re technically inclined, you can use tools in your browser to find the feed URL, but if not, there’s easier ways to get it.

I use a service called InoReader. They have a pro version, but the free one has everything you need to search for RSS feeds from the news sources you trust. Once you create an account in InoReader, you can add your selected news sources directly. The content is sucked out of the site via RSS, in aggregate, anonymously and automatically, then made available at the InoReader website or on the InoReader app on your phone or tablet, in a neatly organized fashion. Its a curated news stream that breaks the algorithms that taint the information you’re getting.

Like I said, its not perfect. InoReader knows what you’re reading — but because it serves raw feeds, it can’t alter them without detection (you can always look at the RSS directly to see if they’re changed; in 4 years of monitoring, I’ve never seen it happen.) Another challenge is that sometimes news sites only publish the first sentence or two into their RSS feed, and you have to click through to their website to read the whole article — but when you do, you can visit as a signed-out, anonymous reader (there are other work-arounds, for those comfortable with deploying a little open source software.) And of course, your critical thinking skills are always needed for any media you consume.

But even with the challenges, and the little bit of extra work it takes to make good selections, the difference is night-and-day. Do this for awhile, then compare the real headline with the liberal and conservative spin carried by other sources, and you’ll realize just how bad things are.

The dangers of the filter-bubble are real, and the increasing polarization in the US (and Canada too!) is a very real result. If you’re going to use technology, you should use it responsibly. The onus is on you to consume information that challenges your beliefs, educates you, and makes you more empathetic toward people who are different than you. Popular “news” technology does the opposite.

Update 10/5/2020: Associated Press feeds are increasingly difficult to find. This person has a solution — scroll to the bottom of his associated-press-rss repo to find a working URL.

Getting to Know Your Digital Voodoo Doll

Cambridge Analytica Logo If the Cambridge Analytica scandal told us one thing, its how poorly people understand how data is being used. Although the folks at CA may not have had the most altruistic of intentions, they were really only exploiting what was freely available. That they used some data Facebook didn’t intend them to use doesn’t change the fact that the data was there for the taking. People volunteered it willingly, so it was inevitable that it would be put to use.

What is probably less clear in this tale of targeting was that they weren’t really targeting you or I. Rather, the technology allowed them to identify what kind of people we are like, and target people of that kind. This aggregate group identity makes up a persona — a fictional person that has traits and attributes, gathered from the self-provided data of real people, that are useful for addressing many actual individuals that are similar to that persona.

This is not new. In fact, in programming, type inheritance is a powerful concept that is useful for generalization. What’s new in the last decade or so is the volume of self-identified human data, and a few primary keys that allow that data to be associated with unique donators. Lots of web sites have data on you as a mostly anonymous visitor. There’s identifying information, for sure, but nothing you deliberately confirm or setup, so its a “weak link”. When a website requires you to create an account, then they truly have uniquely identifying information for tracking you within the properties that account uses. Facebook is mostly unprecedented because of the scope of that account. As an identifier, its used far beyond the actual Facebook website — its used on other Facebook properties (WeChat, Instagram) and on millions of partner sites that use Facebook log-in, or Facebook data sharing (when you see “Like on Facebook” on a website that is not Facebook, they are sharing data using your identity as a key.)

The effect is that activities spanning the web are opted-in to Facebook data collection, whether you’re aware of it or not. Suddenly a single primary key has a rich repository of information about billions of individuals. Realistically, it would take an incredible effort to actually target a single individual, but it does become very easy to group individuals based on activity. Individuals who “Like” a Republican candidate, individuals who participate in discussions about vaccinations, individuals who view religious videos, etc…

The field of psychographics is the emerging social science of identifying groups based on these common activities, then determining what methods are most effective at influencing the individuals within those groups. Facebook helps out even more, due to a built-in concept called Graph Relationships. These are the links between individuals that can be used to tie people to groups even if those linked individuals provide no explicit data that identifies them as part of the group. You may not have shown any visible interest in a particular political candidate, but if you’re linked to many people who have, you may find yourself targeted as part of that group.

https://www.businessinsider.com/explainer-what-exactly-is-the-social-graph-2012-3

This self-identification increases with your social network, and with your activity. If you’ve seen ads for something you recently thought about (but could swear you didn’t write down or say out loud) the odds are good that you’ve been targeted based on your activities or affiliations, and advertisers “knew” you would be interested in that product or service, because other people like you are interested in it.

I recently saw this concept described as a digital voodoo doll, and the analogy is apt. Advertisers and other influencers aren’t interacting with you directly, instead they’ve created an avatar that is like you, they’ve experimented to determine how best to impact those like you, and then they’ve launched their digital onslaught against the group. When the voodoo doll gets really precise, its called micro-targeting, and you really should be scared of it.

So what can you do about it? Well knowing the importance of identifier keys, you can participate in the web more strategically. It may be easier to sign up for a new service with your Facebook account (keeping track of multiple passwords is hard!), but know that when you do, Facebook gets all that data. Use different keys (new accounts) for different services, to reduce the chance of your activity being linked. You don’t have to quit Facebook entirely, but be careful what you indulge within their scope of view.

On that topic, there are ways to keep fences around that garden. FireFox has an extension that does just that — blocking Facebook tracking on sites not owned by Facebook. The same cautions should apply to any service whose tendrils extend beyond their own .com front-end. Microsoft, Amazon, Google all offer useful developer tools for web creators — in exchange for data collected from those sites. Diversify your digital activity: use different services for different features, and don’t mix and match. For example, Microsoft hosts our email, but not our voice commands. Amazon gets our voice commands through Alexa, but doesn’t store any of our documents. Opt out of data collection when given the choice.

As tech providers find newer, more clever ways to collect data, and the legal framework struggles to keep up, be aware of how you’re inevitably being targeted. Information is neutral — it doesn’t have a bias. Human beings, on the other hand, are biased. If something is presented as information but appeals to your natural bias, question the source — odds are that you’re being manipulated.

The dream of the Internet was that information could be shared instantly and freely with everyone. Those altruistic nerds that invented it may have forgotten that someone has to pay for technology somehow, and perhaps unknowingly, we backed our technology revolution into an ad-supported model. Being willing to pay for content that isn’t ad sponsored seems to have a tendency to inspire a little less subterfuge in the content provider. If you want to learn something new, or engage with a community on a topic, consider private online services — even those that aren’t free, or require a little more work.

There’s no quick fix for Facebook, or Google or even Apple. To make the Internet a better place, its citizens must be aware, involved and active. You can be online without responding to your baser instincts for affirmation or attention, but if you find the dopamine rush too irresistible, you might be better off closing those accounts after all…

Internet Safety – a moving target

When you visit a webpage, you might think of its address, like www.cnn.com. That address isn’t really an Internet address though. It’s a domain name — a friendly and memorable shortcut for an Internet Protocol (IP) address. That kind of address is made up of four groups of numbers, called octets. CNN’s actual address (today) is 151.101.1.67. That’s what your browser really goes to.

The mechanism the browser uses to look up the number from the shortcut is called DNS, or Domain Name System. One of the most resilient and important parts of the Internet, DNS is often provided by your Internet service, whose own servers sync with other DNS servers around the world, providing a distributed system of record — a phone book, if you’d like, for instant address look-ups.

Importantly, DNS is first provided by your computer (or mobile device) that forwards DNS requests from the browser, to your router or modem, which forwards the request to your Internet provider, etc… If you don’t like your Internet provider’s answers (or the speed with which they answer), you can choose a different DNS provider by making a configuration change downstream (eg: on your router, or on your computer.)

This “chain of trust” allows organizations to filter the Internet within the network they provide internally. If an organization doesn’t want its members to visit a website (like pornography) they can insert DNS records locally that prevent the request from actually finding that website.

This is also the basis of many parental controls systems. They keep a list of addresses kids probably shouldn’t go to, and all you have to do is configure your local environment to use the parental controls DNS server, rather than a public unfiltered one. This chain, and the ability for administrators to control the chain, is a part of how the Internet was designed: the browser asks the computer, the computer asks the router, the router asks the network provider, the network provider asks the rest of the Internet.

Last year, Mozilla (makers of the FireFox browser) decided to experiment with breaking that chain of trust. Instead of the browser asking the PC (and so on), they decided maybe the browser could go around the chain, and just ask someone that Mozilla decided to trust. They claim this makes people safer, since they can encrypt that request, using a non-standard approach called DNS over HTTPS (DoH). The effect is that intentionally crafted trust chains will be broken. Fine as an experiment, but this month they decided this behavior would be the default for all FireFox users. If you don’t know how to work around it, your parental controls are effectively disabled.

And working around it is possible — but not easy. Because this is not a standard, or even an accepted RFC (the process by which the Internet is evolved through review and consensus), Mozilla gets to impose arbitrary hoops you have to jump through to disable it. The easier they are for you to implement, the easier they are for someone to defeat.

And Mozilla isn’t the only browser maker messing with trust on the Internet. I’ve written before about Google’s attempts to re-make the ‘Net in their own image.

So, how can you filter the Internet at home while bigger groups than you and me are hard at work funneling all traffic through bastardized versions of the Internet where they can monetize your queries? As of late 2019, here’s what still works — and my best guess about how long it will continue to work…

Circle with Disney – another 1-2 years
Circle is a device that you put on your WiFi network that filters actual traffic. Below DNS is the actual routing of data from a website to a device. This path is managed via ARP (Address Resolution Protocol) tables, which tell your router how to get traffic to a given device. Circle needs to know which devices on your network belong to a child (which is a bit of a pain to setup), then it can stop traffic that’s not appropriate.

Unfortunately, Circle is abandoning the one-time purchase device, in favor of a device+service model that will cost you more. If you can still find them, the original Circle is less than $100, and really works well. It also lets you set time limits and curfews from a reasonably friendly app on your phone.

PiHole + OpenDNS – 3-5 years
PiHole is a tiny service that runs on a Raspberry Pi. In total it’ll cost you about $50 to set this up on your network. Once the Pi is built and running, you can install PiHole in a couple seconds, and tell it to use OpenDNS as your upstream DNS provider (instead of your Internet provider.) Then tell your router to use the Pi as a DNS server — your own chain of trust. You can then use the OpenDNS website to determine what kinds of web pages should be allowed within your home network.

It sounds complicated, but its really not too hard, and because its actively being developed, they’ve been able to stay on top of changes, like Mozilla just made. As of today, they’ve implemented one of the work-arounds for DoH, that tells the browser not to trust any other DNS provider. Eventually Google is going to realise there’s an untapped data source here, and move to eliminate competition from parents who want to protect their kids. But for the near future, this works well.

Mobile Device Parental Controls – constantly changing
The best phones for parental controls are iPhones… personal preference aside. The Screen Time feature lets you set a PIN and access control for many things on the device. Unfortunately, you need regular physical access to configure and change these settings, which appear and disappear through different OS versions. This obviously requires parents to keep a certain amount of hands-on with their kids devices.

Apple has an app called Apple Configurator that allows you to setup a number of Supervision controls over the device remotely — but they’ve intentionally limited that capability so only organizations (schools or businesses) can use it. They actually research you to determine if you should be allowed to Supervise users before you can use the feature with kid’s devices — presumably they’re monetizing this somehow, because there’s no reason this shouldn’t be free to everyone.

Amazon has a number of features for parental control and monitoring on their tablet devices (yours truly was responsible for some of them), but with each version of their OS, they make those harder to find and use.

Our kids don’t have their own phones…yet. We have one “kid phone” that they can check out if they’re going to an event where we’re not with them — but its locked down tight. Still, their friends all have phones, and the pressure is on. Soon enough, I guess I’ll be trying out some parental control apps, to see what works best outside the home. Any suggestions?