Credit to Author: Christopher Boyd| Date: Fri, 03 Apr 2020 18:42:04 +0000
It’s almost impossible not to rely on social networks in some way, whether for personal reasons or business. Sites such as LinkedIn continue to blur the line, increasing the amount of social function over time with features and services resembling less formal sites, such as Facebook. Can anyone imagine not relying on, of all things, Twitter to catch up on breaking coronavirus news around the world instantly? The trade off is your data, and how they profit from it.
Like it or not—and it’s entirely possibly it’s a big slab of “not”—these services are here to stay, and we may be “forced” to keep using them. Some of the privacy concerns that lead people to say, “Just stop using them” are well founded. The reality, however, is not quite so straightforward.
For example, in many remote regions, Facebook or Twitter might be the only free Internet access people have. And with pockets of restriction on free press, social media often represents the only outlet for “truth” for some users. There are some areas where people can receive unlimited Facebook access when they top up their mobiles. If they’re working, they’ll almost always use Facebook Messenger or another social media chat tool to stay in touch rather than drain their SMS allowance.
Many of us can afford to walk away from these services; but just as many of us simply can’t consider it when there’s nothing else to take its place.
Mining for data (money) has never been so profitable.
But how did this come to be? In the early days of Facebook, it was hard to envision the platform being used to spread disinformation, assist in genocide, or sell user data to third-parties. We walk users through the social media business model and show how the inevitable happens: when a product is free, the commodity is you and your data.
Setting up social media shop
Often, Venture Capital backing is how a social network springs into life. This is where VC firms invest lots of money for promising-looking services/technology with the expectation they’ll make big money and gain a return on investment in the form of ownership stakes. When the company is bought out or goes public, it’s massive sacks of cash for everybody. (Well, that’s the dream. The reality is usually quite a bit more complicated).
It’s not exactly common for these high-risk gambles to pay off, and what often happens is the company never quite pops. They underperform, or key staff leave, and they expand a little too rapidly with the knock-on effect that the CEO suddenly has this massive service with millions of users and no sensible way to turn that user base into profit (and no way to retain order on a service rife with chaos).
At that point, they either muddle along, or they look to profit in other ways. That “other way” is almost always via user data. I mean, it’s all there, so why not? Here are just some of the methods social networks deploy to turn bums on seats into massive piles of cash.
Advertising on social media
Advertising is a straight-forward way for social media networks to not only make money from the data they’ve collected, but also create chains where external parties potentially dip into the same pool, too.
At its most basic, platforms can offer ad space to advertisers. Unlike traditional publishing, social media ads can be tailored to personalized data the social network sees you searching for, talking about, or liking daily. If you thought hitting “like” (or its equivalent) on a portal was simply a helpful thumbs up in the general direction of someone providing content, think again. It’s quite likely feeding data into the big pot of “These are the ads we should show this person.”
Not only is everything you punch into the social network (and your browser) up for grabs, but everything your colleagues and associates do too, tying you up in a neat little bow of social media profiling. All of it can then be mined to make associations and estimations, which will also feed back to ad units and, ultimately, profit.
Guesstimates are based on the interests of you, your family, your friends, and your friends’ friends, plus other demographic-specific clues, such as your job title, pictures of your home, travel experiences, cars, and marriage status. Likely all of these data points help the social network neatly estimate your income, another way to figure out which specific adverts to send your way.
After all, if they send you the wrong ads, they lose. If you’re not clicking through and popping a promo page, the advertisers aren’t really winning. All that ad investment is essentially going to waste unless you’re compelled to make use of it in some way.
Even selling your data to advertisers or other marketing firms could be on the table. Depending on terms of service, it’s entirely possible the social platforms you use can anonymise their treasure trove and sell it for top dollar to third parties. Even in cases where the data isn’t sold, simply having it out there is always a bit risky.
There have been many unrelated, non-social media instances where it turned out supposedly anonymous data, wasn’t. There are always people who can come along afterwards and piece it all together, and they don’t have to be Sherlock Holmes to do it. All this before you consider social media sites/platforms with social components aren’t immune to the perils of theft, leakage, and data scraping.
As any cursory glance of a security news source will tell you, there’s an awful lot of rogue advertisers out there to offset the perfectly legitimate ones. Whether by purchase or stumbling upon data leaked online, scammers are happy to take social media data and tie it up in email/phone scams and additional fake promos. At that point, even data generated through theoretically legitimate means is being (mis)used in some way by unscrupulous individuals, which only harms the ad industry further.
Apps and ads
Moving from desktop to mobile is a smart move for social networks, and if they’re able to have you install an app, then so much the better (for them). Depending on the mobile platform, they may be able to glean additional information about sites, apps, services, and preferred functionalities, which wouldn’t necessarily be available if you simply used a mobile web browser.
If you browse for any length of time on a mobile device, you’ll almost certainly be familiar with endless pop-ups and push notifications telling you how much cooler and awesome the app version of site X or Y will be. You may also have experienced the nagging sensation that websites seem to degrade in functionality over time on mobile browsers.
Suddenly, the UI is a little worse. The text is tiny. Somehow, you can no longer find previously overt menu options. Certain types of content no longer display correctly or easily, even when it’s something as basic as a jpeg. Did the “Do you want to view this in the app?” popup reverse the positions of the “Yes” and “No” buttons from the last time you saw it? Are they trying to trick you into clicking the wrong thing? It’s hard to remember, isn’t it?
A cynic would say this is all par for the course, but this is something you’ve almost certainly experienced when trying to do anything in social land on a mobile minus an app.
Once you’re locked into said app, a brave new world appears in terms of intimately-detailed data collection and a huge selection of adverts to choose from. Some of them may lead to sponsored affiliate links, opening the data harvesting net still further, or lead to additional third-party downloads. Some of these may be on official platform stores, while others may sit on unofficial third-party websites with all the implied risk such a thing carries.
Even the setup of how apps work on the website proper can drive revenue. Facebook caught some heat back in 2008 for their $375USD developer fee. Simply having a mass of developers making apps for the platform—whether verified or not—generates data that a social network platform can make use of, then tie it back to their users.
It’s all your data, wheeling around in a tumble drier of analytics.
Payment for access/features
Gating access to websites behind paywalls is not particularly popular for the general public. Therefore, most sites with a social networking component will usually charge only for additional services, and those services might not even be directly related to the social networking bit.
LinkedIn is a great example of this: the social networking part is there for anybody to use because it makes all those hilariously bad road warrior lifestyle posts incredibly sticky, and humorous replies are often the way people first land on a profile proper. However, what you’re paying for is increased core functionality unrelated to the “Is this even real?” comedy posts elsewhere.
In social networking land, a non-payment gated approach was required for certain platforms. Orkut, for example, required a login to access any content. Some of the thinking there was that a gated community could keep the bad things out. In reality, when data theft worms started to spread, it just meant the attacks were contained within the walls and hit the gated communities with full force.
The knock-on effect of this was security researchers’ ability to analyse and tackle these threats was delayed because many of these services were either niche or specific to certain regions only. As a result, finding out about these attacks was often at the mercy of simply being informed by random people that “X was happening over in Y.”
These days, access is much more granular, and it’s up to users to display what they want, with additional content requiring you to be logged in to view.
Counting the cost
Of the three approaches listed above, payment/gating is one of the least popular techniques to encourage a revenue stream. Straight up traditional advertising isn’t as fancy as app/site/service integration, but it’s something pretty much anybody can use, which is handy for devs without the mobile know-how or funds available to help make it happen.
Even so, nothing quite compares to the flexibility provided by mobile apps, integrated advertising, and the potential for additional third-party installs. With the added boost to sticky installs via the pulling power of social media influencers, it’s possibly never been harder to resist clicking install for key demographics.
The most important question, then, turns out to be one of the most common: What are you getting in return for loading an app onto your phone?
It’s always been true for apps generally, and it’ll continue to be a key factor in social media mobile data mining for the foreseeable future. “You are the product” might be a bit long in the tooth at this point, but where social media is concerned, it’s absolutely accurate. How could the billions of people worldwide creating the entirety of the content posted be anything else?
The post How social media platforms mine personal data for profit appeared first on Malwarebytes Labs.