Analyzing Cambridge Analytica, Facebook and You

The Cambridge Analytica scandal involving Facebook hit this month because of its involvement in the election of Donald Trump in 2016. The company used an app developed legitimately by a Cambridge University researcher, Dr. Aleksandr Kogan, as a personality survey called "This is Your Digital Life."

I recall learning about that app about 3 years ago in a presentation at an EdTech conference. By using it as a quiz on Facebook, about 270,000 users gave permission (because most people are unaware of the access they allow) to their data which was collected but then used to additionally collect some public data from their friends.

I suspect a majority of social media users are unaware of how their data is used, and what permissions they have granted (perhaps by default in some instances).

Have you ever used your Facebook login as a way to sign in to another website or app? It asks you if you want to login using your Facebook ID and that seems to save a step or two and is great if you forgot your actual login to that other site. 

When those Facebook users took the "This is your digital life" quiz using their Facebook login, they allowed that app's developer to tap into all of the information in their Facebook profile (that includes your name, where you live, email address and friends list).  [Note: Currently, apps are no longer permitted to collect data from your Facebook friends.]

I don't give Dr. Kogan, Cambridge Analytica or Facebook a pass on this activity even if users did opt in. Kogan shared it with Cambridge Analytica which Facebook says that was against its policy. Facebook says it asked Cambridge Analytica to delete all of the data back in 2015. Facebook also claims that it only recently found out that wasn't done.

A lot of people seem to have given up on privacy, accepting it as something we just can't control any more. But there is a lot you can and should do.

settings

For example, a very simple change to make in your Facebook privacy settings is to "Limit The Audience for Old Posts on Your Timeline." That means that posts on your timeline that you've shared with Friends of friends, and Public posts, will now be shared only with Friends. Anyone tagged in these posts, and their friends, may also still see these posts, but the public (which includes apps) will not be able to access them legitimately.

Facebook's API, called Platform, allows third-party apps and websites to integrate with your Facebook account and exchange data with them via developer tools. It can be convenient for users, such as decreasing the number of login/password combinations you need to remember, but it has potential for abuse.

When you use the "Log in With Facebook" feature on a site, you grant a third-party app or service access to your Facebook account. It will ask for permission to receive specific Facebook data from you - email address, birthdate, gender, public posts, likes and also things beyond your basic profile info. I have seen cases where when I deny access to some information, it tells me the app can't be loaded. That is a warning. But some legitimate apps, like the scheduling apps Hootsuite and Buffer, do need a lot of permissions in order to allow them to post as you on social networks like Facebook, Twitter, LinkedIn and Instagram. In these cases, by using the app I need to trust that developer and the service it is connecting to via an API.

Being educated about how technology works and knowing how you can protect your own data and privacy is more important than ever. And, of course, you can always not use a service that doesn't seem to help you do that.

Are You Ready for HTTPS?

police tape

A post from Doc Searls reminds me that “Google Condemns the Archival Web.” What web is that? It is the one when the URL is HTTP rather than HTTPS – the “S” for “secure.”  Google’s Chrome browser will mark all those older pages as “insecure” this summer, possibly striking fear in the clicking fingers of many users.

Google says:   “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption…Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’ on every current Chrome browser.”

So many “legacy” websites created in the days of yore, though they will still exist, will have a kind of Google crime tape around them. Will people dare to enter, or be scared off? I would assume all those insecure sites will see a drop off in visitors.

SSo why doesn’t everyone just fix what Google says to fix and make their site “secure?”  Well, there is some cost in money and/or time. For plain old folks who aren’t web wizards, they may not even know what needs to be done. There are old sites that no longer have an owner or webmaster but still exist on the World Wide Web that becomes more of a museum each year. For many sites -like blogs – there is no “cost benefit” to upgrading.

As of this writing this site is http://www.serendipity35.net without the magic "S." Will Brother Tim come to the rescue like a caped web crusader and make everything secure and Chrome-ready?

What happens if you use another browser like Firefox or Safari? I assume all will be well. For now. And you will be able to sneak under that police tape to those other sites – but you have been warned.

Google trumpets that developers have been transitioning their sites to HTTPS and that “progress last year was incredible” – Over 68% of Chrome traffic on both Android and Windows is now protected and over 78% of Chrome traffic on both Chrome OS and Mac is now protected. I am a bit surprised that though they trumpet this stat: “81 of the top 100 sites on the web use HTTPS by default”  I would have thought that 100% of the top 100 sites would have complied.

This in the same week that it is announced that Wikispaces is shutting down. Soon young kids will ask what you mean when you say “Internet.”

Make a mental note for July so that you’re not shocked when you see some warning signs on the information superhighway.

When Bots Attack

robot
Software bots may not be what you imagine when you hear of a robot attack

Bots, automated software tools, got a lot of attention for their involvement in trying to manipulate news and the 2016 U.S. Presidential election. They can also be used as a weapon against business rivals. They can be used just because don't like someone or their website or business, or even for the delight of being able to do damage.

A local business in my home state of New Jersey, Melovino Meadery, was a recent victim. The small business makes handcrafted mead, that fairly rare alcoholic beverage made from fermented honey and water. Many small businesses rely on online reviews to attract customers, and bots can be used to post unfavorable reviews in an attempt to bring down a business' reputation online.

The meadery was hit by Russian bots and it makes you wonder why they would have interest in a small NJ business. It may not be Russians who have an interest, but someone closer to home who is using the Russian bots.

This Serendipity35 website was hit years ago by a denial of service attack. By hitting us with comment spam in attempts to add links to sites selling drugs and other items, they were able to bring us down for a time. Those attacks also caused my Google Ads account to be suspended indefinitely with no recourse, even though we were able to show by our server logs that these excessive posts and hits (hundreds in several minutes, thousands overall) were not done by us trying to pad our numbers for gain.

We had to shut down this blog for a few days, the commenting feature totally, increase our anti-spam settings and then manually delete those erroneous comments. It hurt us.

Not all bots are evil. A bot (a common nickname for software robot or agent) is an automated tool that carries out repetitive and mundane tasks. The Wikipedia site uses bots to help maintain the 44+ million pages of the English Wikipedia. But bots can also be used to make erroneous edits very rapidly and can disrupt Wikipedia. There are currently 2,153 bot tasks approved for use on the English Wikipedia that make edits, leave messages on user talk pages, etc.

The meadery story has two further elements. The negative reviews were on Facebook and the owner posted about what had happened. Fans of the business began to post positive, five-star reviews in an effort to balance out the fake negative ones. Unfortunately, on Facebook if a rating doesn't include a written review, it can't be reported or removed.

Sergio Moutela, owner of Melovino Meadery, sarcastically thanked whoever was responsible for the fake reviews because it brought the company's fans and the business closer together. Fans defended and mounted a grassroots counter attack.  Unfortunately, that thank-you post also got him a death threat. Someone claiming to be a Navy Seal with more than 300 "confirmed kills" (a frequently copied threat that's been online for years) threatened him. Moutela took it seriously. He tracked the poster to a place outside of NJ, contacted the local police there and they met with the person and informed the poster that further interactions with Moutela would bring an arrest.

That same day, the meadery was visited by the town's health department inspector who said a telephone complaint had come in about the business. Coincidence? The inspector only noted a few minor items that were corrected on the spot.

All this stemmed from the bot attack and the repercussions of it.

Bots are tools, and like almost every tool, it can be used for good and for bad.

 

Going Horizontal

vertical horizontalIn microeconomics and management, going vertical or vertical integration occurs when the supply chain of a company is owned by that company. For example, if a car manufacturer also produces its own steel, tires and batteries.

This is in contrast with horizontal integration, wherein a company produces several items which are related to one another.

Higher education has been a vertical enterprise for centuries. We keep knowledge creation, teaching, testing, and credentialing all under one company/college banner.

These are terms from economics and business. Are they applicable to discussions about education?

Horizontal integration often occurs in the business world by internal expansion, acquisition or merger. Of course, that might happen in education too, but there are also signs that it is happening in other ways.

When MOOCs were the big news five years ago, some people saw this as a shift from a vertically integrated model to a horizontally integrated one by decoupling teaching and learning from the campus testing and credentialing.

In looking for further examples of vertical and horizontal integration in education, the examples I found were mostly in medical education. 

"Vertical and horizontal integration of knowledge and skills - a working model" (Snyman WD, Kroon J.) looks at an integrated outcomes-based curriculum for dentistry at the University of Pretoria in 1997.

In "Horizontal and vertical integration of academic disciplines in the medical school curriculum (Vidic B, Weitlauf HM) looks at pedagogical shifts caused by the rapid expansion of new scientific information and the introduction of new technology in operative and diagnostic medicine.

In more general terms, assessment alignment is often the reason for both horizontal and vertical alignment in education. Alignment is typically understood as the agreement between a set of content standards and an assessment used to measure those standards. By establishing content standards, stakeholders in an education system determine what students are expected to know and be able to do at each grade level.

Probably, it is best when education goes both vertically and horizontally. 

Horizontal information exchange can be teachers sharing methodology, students sharing information, students helping each other learn.

When a curriculum is truly vertically aligned or vertically coherent, what students learn in one lesson, course, or grade level prepares them for the next lesson, course, or grade level. I know teaching is supposed to be structured and logically sequenced so that learning progressively prepares them for more challenging, higher-level work. I saw that structured sequencing more in my K-12 teaching than I do in higher education which is more siloed. 

Let's work on going more horizontal, higher ed.

ELIZA and Chatbots

sheldonI first encountered a chatterbot, it was ELIZA on the Tandy/Radio Shack computers that were in the first computer lab in the junior high school where I taught in the 1970s.

ELIZA is an early natural language processing program that came into being in the mid-1960s at the MIT Artificial Intelligence Laboratory. The original was by Joseph Weizenbaum, but there are many variations on it.

This was very early artificial intelligence. ELIZA is still out there, but I have seen a little spike in interest because she was featured in an episode of the TV show Young Sheldon. The episode, "A Computer, a Plastic Pony, and a Case of Beer," may still be available at www.cbs.com. Sheldon and his family become quite enamored by ELIZA, though the precocious Sheldon quickly realizes it is a very limited program.

ELIZA was created to demonstrate how superficial human to computer communications was at that time, but that didn't mean that when it was put on personal computers, humans didn't find it engaging. Sure, kids had fun trying to trick it or cursing at it, but after awhile you gave up when it started repeating responses.

The program in all the various forms I have seen it still uses pattern matching and substitution methodology. She (as people often personified ELIZA), gives canned responses based on a keyword you input. If you say "Hello," she has a ready response. If you say "friend," she has several ways to respond depending on what other words you used. Early users felt they were talking to "someone" who understood their input.

ELIZA was one of the first chatterbots (later clipped to chatbot) and a sample for the Turing Test. That test of a machine's ability to exhibit intelligent behavior equivalent to, or indistinguishable from, that of a human, is not one ELIZA can pass by today's standards. ELIZA fails very quickly if you ask her a few complex questions.

The program is limited by the scripts that are in the code. The more responses you gave her, the more variety there will be in her answers and responses. ELIZA was originally written in MAD-Slip, but modern ones are often in JavaScript or other languages. Many variations on the original scripts were made as amateur coders played around with the fairly simple code.

One variation was called DOCTOR and was made to be a crude Rogerian psychotherapist who likes to "reflect" on your questions by turning the questions back at the patient.  This was the version that my students when I taught middle school found fascinating and my little programming club decided to hack the code and make their own versions.

Are chatbots useful to educators?  They have their uses, though I don't find most of those applications to be things that will change education in ways I want to see it change. I would like to see them used for things like e-learning support and language learning

If you want to look back at an early effort, you can try a somewhat updated version of ELIZA that I used in class at my NJIT website. See what ELIZA's advice for you turns out to be.