David on Facebook (DonFB)

My thoughts on Facebook and social media in general

The Shifting Landscape of Passport Fraud | STRATFOR


A Closer Look at India's Naxalite Threat

By Scott Stewart

The recent case involving the arrest and deportation of the Russian intelligence network in the United States has once again raised the subject of document fraud in general and passport fraud in particular. The FBI’s investigation into the group of Russian operatives discovered that several of the suspects had assumed fraudulent identities and had obtained genuine passports (and other identity documents) in their assumed names. One of the suspects assumed the identity of a Canadian by the name of Christopher Robert Mestos, who died in childhood. The suspect was arrested in Cyprus but fled after posting bail; his true identity remains unknown. Three other members of the group also assumed Canadian identities, with Andrey Bezrukov posing as Donald Heathfield, Elena Vavilova as Tracey Foley and Natalia Pereverzeva as Patricia Mills.

Passport fraud is a topic that surfaces with some frequency in relation to espionage cases. (The Israelis used passport fraud during the January 2010 operation to assassinate Mahmoud al-Mabhouh, a senior Hamas militant commander.) Passport fraud is also frequently committed by individuals involved in crimes such as narcotics smuggling and arms trafficking, as well as by militants involved in terrorist plots. Because of the frequency with which passport fraud is used in these types of activities — and due to the importance that curtailing passport fraud can have in combating espionage, terrorism and crime — we thought it a topic worth discussing this week in greater detail.

Passports and Investigations

While the use of passports goes back centuries, the idea of a travel document that can be used to absolutely verify the identity of a traveler is a relatively new concept. Passports containing the photos of the bearer have only been widely used and mandated for international travel for about a century now, and in the United States, it was not until 1918 that Congress enacted laws mandating the use of U.S. passports for Americans returning from overseas and home country passports with visas for foreigners wishing to visit the United States. Passport fraud followed closely on the heels of these regulations. Following the American entry into World War I, special agents from the State Department’s Bureau of Secret Intelligence became very involved in hunting down German and Austrian intelligence officers who were then using forged documents to operate inside the United States.

In the decades after World War I, the Bureau of Secret Intelligence’s successor organization, the Office of the Chief Special Agent, became very involved in investigating Nazi and Communist agents who committed passport fraud to operate inside the United States. As the Office of the Chief Special Agent evolved into the State Department’s Office of Security and then finally the Bureau of Diplomatic Security (DS), special agents from the organization continued to investigate passport and visa fraud. In addition to foreign intelligence officers, they have also investigated terrorists, fugitives and other criminals who have committed passport fraud. Since the State Department is the agency that issues U.S. passports and visas, it is also the primary agency charged with ensuring the integrity of those documents. Therefore, in much the same manner that U.S. Secret Service agents are charged with investigating counterfeit currency (and ensuring the integrity of currency for the Treasury Department), DS agents are charged with investigating passport fraud.

DS agents are not the only ones who investigate passport fraud, however. As the FBI matured organizationally and became the primary domestic counterintelligence agency, the bureau also began to work passport fraud investigations involving foreign intelligence officers. Soviet and other Communist “illegals” — intelligence officers operating without official cover — frequently assumed the identities of deceased infants, and because of this, the FBI developed a particular interest in passport fraud investigations involving infant death identity (IDI) cases. However, passport fraud is only one of the many criminal violations that the FBI investigates, and most FBI agents will not investigate a passport fraud case during their career.

As the agency primarily responsible for border and immigration enforcement, Immigration and Customs Enforcement (ICE) also investigates identity-document fraud, including passport fraud, although many of the cases ICE agents work involve foreign passports. ICE also has a forensic document laboratory that is the best in the world when it comes to the technical investigation of fraudulent identity documents.

Another U.S. government agency that watches passport fraud with a great deal of interest is the CIA. Not only does it have an operational interest in the topic — the agency wants to be able to use fraud for its own purposes — but it is also very interested in being able to verify the true identities of walk-ins and other potential sources. Because of this, the CIA needs to have the ability to spot fraudulent documents. During the 1980s, the CIA produced an excellent series of unclassified guides on the terrorist use of passport and visa fraud called the “Redbook.” The Redbook was discontinued in 1992, just as the jihadist threat to the United States was beginning to emerge.

As in any area where there are overlapping jurisdictions and investigations, there is sometimes tension and bureaucratic jealously between the various agencies involved in investigating passport fraud. The level of tension is frequently lower in scenarios where the agencies work together (as on joint terrorism task forces) and where the agents and agencies have become accustomed to working together. In the forensic realm, the ICE laboratory generally has an excellent relationship with the State Department, the FBI (and the document section of the FBI laboratory) and the CIA’s document laboratory.

Types of Passport Fraud

There are several different types of passport fraud. The first is the intentional issuing of a genuine passport in a false identity by a government. Real passports are often issued in false identities to provide cover for intelligence officers, but this can also be done for other reasons. For example, in late 1990, during Operation Desert Shield, the Iraqi government provided a large group of Iraqi intelligence officers with Iraqi passports in false identities so that these officials could travel abroad and conduct terrorist attacks against U.S. interests. These Iraqi teams were dispatched all over the world and were provided direction (as well as weapons and IED components) by Iraqi intelligence officers stationed in embassies abroad. The explosives and firearms were sent around the world via diplomatic pouches (which are exempt from search). Following failed terrorist attacks in Manila and Jakarta in January 1991, DS agents investigating the case discovered that the Iraqi operatives were traveling on sequentially numbered Iraqi passports. This discovery allowed a worldwide alert to go out and governments in several different regions of the world were able to arrest or deport scores of Iraqi agents.

A second type of fraud involving genuine passports is where the government is not knowingly involved in the issuance of the passport for the fraudulent identity. In such cases, an applicant uses fraudulent identification documents to apply for a passport. The group of documents needed to obtain a passport — called “breeder” documents — normally includes a birth certificate, a Social Security card and a driver’s license. A set of fraudulent breeder documents can be counterfeit, genuine but altered (this can be done by changing the name or date of birth) or genuine documents obtained by fraud.

This is where the IDI cases come in. In these cases, someone applies for a replacement birth certificate of a deceased infant or child of their approximate age and then uses the birth certificate to obtain a Social Security card and driver’s license. The person applying for the replacement birth certificate usually claims their original birth certificate was lost or stolen.

Due to changes in procedure and technology, however, it has become more difficult in recent years to obtain a copy of the birth certificate of an infant or child who died in the United States. Birth-certificate registries are now tied electronically to death registries in every state, and if someone attempts to get the birth certificate of a dead person, it is quickly noticed and an investigation launched. Also, Social Security numbers are now issued at birth, so it is very difficult for a 25- or 30-year-old person to apply for a new Social Security number. Because of these factors, IDI cases have declined significantly in the United States.

Breeder documents are generally easier to counterfeit or obtain by fraud than a passport. However, as identity documents become more cross-referenced in databases, it is becoming more difficult to obtain a passport using a counterfeit birth certificate and Social Security number. Because of this, it has become more common for a person to buy a set of genuine breeder documents from a drug user or criminal looking for some quick cash. It is also possible to buy a genuine birth certificate and Social Security card from a corrupt official. While such documents are genuine, and can carry the applicant’s true or chosen name, such genuine documents are much more expensive than the other options. Of course, passport office employees can also be bribed to issue a genuine passport with fraudulent breeder documents, though there is a remote risk that such fraud will be caught in an audit.

At the present time, it is far easier and cheaper to obtain a genuine foreign passport by fraud than it is a U.S. passport, but corruption and plain old mistakes still allow a small number of fraudulent U.S. passports to get into the system. There are still some countries where a genuine passport in any identity can be obtained for just a few hundred dollars. Generally, it is more difficult to get passports from more developed nations (such as those that participate in the U.S. visa waiver program) than it is from less developed nations, where corruption is more prevalent. Still, corruption is a worldwide problem when it comes to passports and other identity documents.

Stolen blank passports have also been used over the years. For example, after Operation Desert Storm, an Iraqi passport office in Basra was sacked and thousands of blank Iraqi passports were stolen and then sold on the black market. One of those blanks was bought by a Pakistani jihadist operative named Abdul Basit, who had the blank passport filled out with his photograph and the name of a fictitious Iraqi citizen named Ramzi Yousef. After he entered the United States, Basit organized the 1993 World Trade Center bombing. The problem with stolen blanks is that they are usually reported fairly quickly and their numbers are entered into international databases. Furthermore, like a counterfeit passport, a stolen blank passport will not correspond to information entered into passport databases, and it is therefore difficult to travel using one. In the case of Basit, he used a British passport altered to include his photo to leave Pakistan but then used the Iraqi passport to make an asylum claim once he arrived in the United States.

This highlights another category of genuine passports used in passport fraud, those that are real but have been altered, usually by replacing the photo appearing on the passport. Passport fraud investigators refer to this as a photo-subbed passport. In the 1970s, it was fairly easy to photo-sub passports from most countries, but in the past couple of decades, many countries have taken great efforts to make this process more difficult. The use of high-tech laminates and now, in current U.S. passports, RFID chips that contain a photo that must match the one appearing on the passport make it far harder to photo-sub passports today. Of course, efforts to increase passport security haven’t always worked as planned. In 1993, the State Department began issuing a new high-tech passport with a green cover that was supposed to be impossible to photo-sub. Within a few months of the first issuance of the passports, document vendors discovered that the laminate on the green passports could be easily removed by placing a block of dry ice on the passport, changing the photo and then pressing the laminate back down with an iron. Due to the ease of photo-subbing these passports, their value on the black market skyrocketed, and the “fraud proof” green passports had to be taken out of circulation after less than a year.

Finally, we have counterfeit passports, which are passports created from scratch by a document vendor. Like counterfeit currency, there is a vast range of quality when it comes to counterfeit passports, and as a rule of thumb, you get what you pay for. On the streets of places like Bangkok, Hong Kong or New York, one can buy counterfeit passports from a wide array of countries. There is, however, a vast difference between the passport one can purchase for $100 and the one that can be purchased for $10,000. Also, like currency, some passport counterfeiters will even attempt to use elements of genuine passports, like the optically “dead” paper with little or no fluorescence used for the pages and the holographic laminates used on the photo pages. However, like photo-subbed passports, it is far more difficult to create a functional counterfeit passport today than it was several years ago. Not only does the passport have to be of high quality, but the number needs to correspond to the database of legitimately issued passports. Therefore, most counterfeit passports are useful for traveling in the third world but would not withstand the scrutiny of authorities in the developed world.

In spite of these problems, there is still a market for counterfeit and photo-subbed passports. While they may not be useful for traveling to a country like the United States or France, they can be used to travel from a place like Pakistan or China to a gateway country in the Western Hemisphere like Venezuela or a gateway country in Europe like Albania. Because of this, American and European passports still fetch a decent price on the black market and are frequently stolen from or sold by Westerners. Citizens of Western countries who travel to terrorist training camps are also frequently encouraged to “donate” their passports and other documents to the group that trains them. There are also many reports that Mossad makes use of the passports of foreign Jews who move to Israel and give their passports to the intelligence agency. Stolen or deliberately lost passports not only can be altered or cloned but also can be used for travel by people who physically resemble the original bearer, although once they are reported stolen or lost and entered into lookout databases, their utility declines.

A Shifting Focus

The difficulty in obtaining functional travel documents has affected the way criminal and terrorist organizations operate. With increasing scrutiny of travel documents, groups like al Qaeda have found it progressively more difficult to travel to the West. This is one of the factors that has led to their increasing use of operatives who have the ability to travel to where the planned attack is to be conducted, rather than sending a more professional terrorist operative to conduct the attack.

This difficulty in counterfeiting passports has even affected intelligence agencies, which are the best passport counterfeiters in the world. This is why we see intelligence agencies like Mossad having to clone passports — that is, create a counterfeit passport that bears the same name and number of a legitimate passport — or even resort to other types of fraud to obtain genuine passports for operatives. It has become difficult to fabricate a usable passport using a fictitious name. Mossad operatives have gotten in trouble for attempting to fraudulently obtain genuine passports in places like New Zealand. And Mossad is certainly not the only intelligence service experiencing this difficulty in obtaining documents for its operatives.

Because of these difficulties, intelligence agencies and militant and criminal organizations have begun to place increasing importance on recruiting assets involved in the issuance of identity documents. At an embassy, a consular officer is viewed as almost as important a person to recruit as a code clerk. A corrupt consular officer can make a great deal of money selling documents. But the threat can extend far from an overseas embassy. If an organization like the Russian Foreign Intelligence Service (or the Sinaloa cartel) can recruit an employee at the New Jersey Office of Vital Statistics, they can arrange to have their agent occasionally issue a genuine birth certificate (camouflaged in a large stack of legitimately issued documents) in a fraudulent identity for their use. Likewise, if they can recruit a clerk at the Social Security office in Jersey City, they can get that agent to occasionally issue a Social Security number and card that corresponds to the birth certificate. These primary documents can then be used to obtain a driver’s license (the key identity document for living in the United States) and eventually a passport for international travel.

Of course, recruiting an agent who works inside an agency is not the only way to obtain identification documents. Several years ago, a cleaning company owned by a group of Nigerians placed a low bid on the contract to provide cleaning services to Department of Motor Vehicles (DMV) offices in Florida. Shortly after the company began providing services to the DMV, the agency suffered a rash of thefts across the state that included not only blank driver’s licenses and laminates but an entire machine that took the photos and processed the blank licenses.

The advent of cross-referencing databases, machine-readable passports routinely checked against such databases, radio frequency identification technology and procedures intended to prevent fraud have helped curtail many types of passport fraud. That said, passports are still required to travel for nefarious purposes, and these security measures have caused resourceful criminals, terrorists and intelligence agencies to shift their focus from technical methods of fraud toward exploiting humans in the process. In many places, the effort made to vet and monitor employees issuing documents is far less extensive than the effort made to physically protect documents from counterfeiting. The end result is that humans have become the weakest link in the equation.

Give us your thoughts on this report

For Publication

Not For Publication

Read comments on other reports

Reader Comments


Reprinting or republication of this report on websites is authorized by prominently displaying the following sentence at the beginning or end of the report, including the hyperlink to STRATFOR:

"This report is republished with permission of STRATFOR"


via stratfor.com

Comments [0]

Interesting Quote by Sergey Brin

Since services and information are our most successful exports, if regulations in China effectively prevent us from being competitive, then they are a trade barrier
via guardian.co.uk

Comments [0]

Can Google Buzz Compete With Facebook?

What you saw of Buzz in the Google presentation was just the first step of a major initiative. Google will learn from it, and with time allow more services into buzz, enhance their API offering for developers, and generally make it easier and more convenient to share. So any feature to feature comparison misses the point. Both are living products.

However I think that these 3 metrics are indicative of Buzz's viability as a strong competitor to Facebook.

  1. Conversion rate of Gmail users to active Buzz users: what percentage of gmail users will eventually start using Buzz actively to share information and read friend feeds. That could be because the sharing is easier, or because gmail is conveniently open in their browsers, or just because Buzz provides a mutual exclusive information feed that is compelling in itself and different from Facebook's.
  2. Speed of building users' relevant social graphs: Buzz's automatic social graph creation based on your email conversations is an improvement compared to the early days of Facebook (that was also based on email, but without the email frequency and time data points). But it's less comprehensive than Facebook's current social graph that has been based partly on friend suggestions, people you've added manually after meeting in real life, etc. So how quickly and comprehensively Google can rebuild your social graph will be key.
  3. Ability to increasingly provide valuable integration opportunities for developers: the information flowing in Facebook is increasing coming from third party sites who have chosen to integrate with Connect because of the benefits that it brings to their applications (easier to login, easier to share, word-of-mouth). The interestingness of Buzz's feed depends on the variety of information that is fed into it (and organized by Google's algorithms), and varied information cannot come from Google's sharing tools and the usual suspects (twitter, flickr) only. Buzz will enhance its position if developers start using Buzz's API to postback stories instead of (or in addition to) Facebook Connect.

Comments [0]

What is Facebook Likely to Present at F8?

Here are 4 product related news that I think Facebook is potentially announcing at their developer conference:
  • Payments: They are expected to be opening up their payment platform for broad usage (in partnership with PayPal). Facebook payments is already used by a small set of developers.
  • Location API: They will also probably announce some new changes to their API around location. This will probably lead to interesting integrations. For example Foursquare updates would also update your Facebook location. And then that location would be accessible by other apps. This is similar functionality to what Yahoo's FireEagle was supposed to do.
  • Local Business Tools: There has been some talk that the company has been working on a service for local businesses however if that will be announced at F8 is still unclear.
  • Open Graph API: They are also likely to release the Open Graph API which allows any site on the web to have similar functionality as a Facebook page. i.e. a community of fans, status updates, etc.

Comments [0]

Octazen + Facebook: 5 Interesting Facts

Facebook last week made a talent acquisition of a two person Malaysian startup called Octazen, which builds functionality that allows users on a social network to import their friends from other sites. Here are 5 things I learned after reading about this on Techcrunch, GigaOm, and Quora.

1. Octazen and Facebook go a long way back. I knew that Facebook has been using contact importing functionality since the early days, but it seems that they've been using Octazen all along. One would have thought that they built their own functionality. According to GigaOm:
Facebook last week acquired a small Malaysian startup called Octazen Solutions, [...] that the social network had already been using to grow its number of users

2. There's a vibrant industry around contact importing. This includes the companies Octazen, Improsys, Cloudsponge, and the open source project OpenInviter

3. The contact-importing space is semi-legit. In addition to clearly breaching the TOS of the products hosting the data, it seems that there was a constant cat & mouse game between the contact importing companies (like Octazen) and the mail providers and others who host the data like Microsoft Hotmail, or Yahoo mail. Here is one account from a Techrunch commenter:
when we used them yahoo will ban us often, the way around is to use lot of servers (with different hosting providers) with multiple ips and rotate the ips (as they get banned). This was basically a cat/mouse game.

4. Contact importing is a widely accepted practice. Improsys lists as its clients Myspace, Orkut, Photobucket, iLike, Stumbleupon, and a who's who of the web2.0 social networking players. View the full list here.

5. Facebook will benefit from Octozen's acquisition on multiple fronts. These include gaining two domain experts in distributed scraping technologies, preventing other companies to use their technology, preventing people attempting to scrape Facebook's user data, and maybe even reducing their licensing costs (in case a significant increase in usage was projected). A knowledgeable user on Quora answers the question: "Why did Facebook acquire Octazen?" with the following 8 points:
  1.  
    1. disable the ability for loads of 3rd party sites from benefitting from value propositions that defeat the point of FB Connect (ie shutdown available tools that enable quickly building up a portable social graph that don't depend on FB Connect)
    2. hire the leading experts in how to build distributed systems that can get around rate limits
    3. hire the experts in data scraping techniques (which can be used to help lockdown FB data from similar experts - which helps ensure that FB is a walled garden) 
    4. hire expert h4ck3r5 to assist security team efforts
    5. onboard experts who can help optimize address book importing tools
    6. potentially keep past business relationship discressions private (unlikely they are doing anything tons of other non-publicly traded sites aren't already doing - ie breaking ToS)
    7. hire extremely competent engineering talent
    8. potential patent 
Analysis

The fact that a contact importing industry exists tells us two facts: companies are interested in accessing user data from other services. And they want to protect user data on their own services. 
If there were easy to use all-you-can-eat API's to extract user data then social networks would not have to resort to the likes of Octazen. To me this emphasizes the importance of initiatives like the data portability project. Clearly data is an important competitive barrier that benefits the company hosting it. However, not all data is the same. It makes sense for first level user data to be set free and made conveniently portable to be used if a user wishes to. However, a company can still keep within its walls other second-level statistical data that can help in improving its own product and providing a better user experience. So for example:
  • Gmail can allow users to export their email contacts with the frequency of messaging. And they can keep data about how often they log in, what percentage of emails are unread at any given moment, on which dates each message was sent out, etc.
  • Facebook can allow users to save out their name, family, D.o.B, and other information to any other site with a click of a button as long as the user clearly knows what is happening. And it can retain data around how often a user views a friend's profile, when friends were added, and so on. That is currently not permitted with the Facebook developer terms of use.
One particular instance of an environment where the user data was and is still walled off is with IM. Sites like Meebo and Imo.im started by connecting users to their IM networks from the a unified web interface. While this was clearly against official terms of use of AOL, MSN Messenger, etc, it is becoming more and more accepted practice and the web IM's are winning out. Established networks are inter operating. Jabber is being adopted. And data is similarly likely to be freed on the rest of the web.

Comments [0]

How Facebook Can Change Global Marketing with 1 Line of Code.

The hidden switch of Facebook ads

Most people know that Facebook can be used to advertise to people based on their demographic info. Things like gender, age, relationship status, location.

Less people know that you can also use Facebook to target users based on the pages they are a fan of. Right now, this is only feasible if the person advertising owns both the advertised and the targeted page (cross promotion). But with a switch of a button, one line of programming code, Facebook could allow marketers to target users based on the competing fan pages they are connected to. For example:

- A solar panel company could promote their fan page to people who are fans of the Toyota Prius
- Google could target the Android page to fans of the iPhone SDK.
- Verizon could reach AT&T's customers with a special offer to switch phone carriers.

The race for fans and its long term effect on marketing

Currently, Facebook has companies caught in a race to acquire fans. And companies are spending large amounts of money on Facebook to achieve that goal. As people's connections with their favorite brands are mapped, the game will shift, and the race will be to acquire customers from your competition or from other brands that share similar values. And how will companies do that? By spending even more money on Facebook ads. 

The marketing process will become more liquid as customer groups are easier to find and communicate with. And as a result, the delta between customers' perceptions of brands and the real value that a brand provides will narrow, forcing companies to focus more and more of their energy on creating measurable value and creating great products that speak for themselves. 

So who benefits from this? 

- Facebook wins by increasing revenue, and accumulating valuable competitive data. 
- Customers win as companies' offers and marketing messages become more transparent and genuinely useful in a bid to acquire them. 
- And innovative product-focused companies eventually win by understanding early on that when your customers are so easily targetable by your competitors, the only way to keep them loyal is by constantly delivering innovative products. 

Comments [0]

How to Get People to Donate Their Organs & Open Up Their Facebook Privacy Settings

User Choice Depends on Context

In his book Predictably Irrational Dan Ariely gives a strong convincing example of the power of defaults to influence people. He references a study that attempts to explain why the ratio of organ donors to non-donors (people who volunteer to give away their organs when they die) varies so much between countries with similar demographic / sociocultural / and ethnic backgrounds. For example, Scandinavian countries, or countries of Western Europe, etc. The researchers found out that the high variation is primarily caused by the format of the wording on the form that citizens are required to fill. 

One type of form asked citizens to check the box to participate in the organ donation program. The other type of form asked citizens to check the box if they don't want to participate in the organ donation program. Both forms offer people a chance to revert their decision in the future.

As it turns out countries with the second type of forms (opt-out NOT opt-in) have a significantly higher percentage of their population that participates in the donation programs. Choosing if you want to be a donor is a complex decision for which all the repercussions are not immediately understood. And many would rather not change anything in the form until they've given it enough thought. Of course, after the form is submitted, people get back to their daily lives and the majority will completely forget about it leaving the default on the paper determine what happens to their organs when they die.

This study is clear in its findings: people have much less freedom in deciding things than they think they do. The system designer: the person that writes the form or the user interface designer that creates the popup has a higher control on people's decisions than the people who think they are making the decision themselves. 

And as a result, the people designing the systems have a high degree of responsibility which grows proportionally to the amount of people exposed to the system. In the case of Facebook, 350 M users is a whole lot of responsibility.

The 'Privacy Announcement'

 
Which brings us to Facebook. Almost 6 weeks ago, they prompted users to revisit their privacy settings because they were as they put it "making some changes to give you more control of your information and stay connected". The popup would display up to three times before forcing the user to visit a privacy page that he had to evaluate and confirm.

While the stated goal of that 'Privacy Announcement' was to help users get more control (understood as choice to share or hide information), the form has multiple design and linguistic elements that indicate a strong preference from Facebook to get users to materially loosen their privacy controls.

Here are three techniques they've used.

1. Focus on the Wanted Choice: The choice to share more is on the left side. People read left-to-right and left is where users will more likely focus on. This same technique is used on many freemium websites (for example Basecamp) where more expensive options are on the left, and the free version is all the way to the right. 
2. Barriers Through Clicks: To revert to the current settings, you need to click a total of 10 times, while to stay on the proposed settings, you don't have to do anything. Facebook is putting you in a situation where you need significantly more effort to leave things as they are in comparison to having them as they want you to.
3. Negative Naming: They call the current settings 'old settings' to give them a negative connotation that implies a sense of expiration or being outdated and discourage you from clicking on them. This is the other side of the coin of how the different groups of the abortion rights issue like to call themselves: Pro-choice / or Pro-life. You don't hear any group calling themselves Pro-death and Anti-choice.

Here is a screenshot of the form for your reference: 

Picture 99 
  

If Facebook really wanted to give people more control, they would have left the defaults to the current privacy settings for everyone, and gave users the chance to share more if they felt like it. But clearly the main goal was to get people to share more.

And I have a sense that in their product management meetings, and in their user tests, as they were testing different versions of this page, the #1 metric that they had as a goal was which percentage of the users in this test ended up sharing the types of information that we wanted them to share?

The Spin 

After that 'Privacy Announcement' was rolled out to users, many experts in the field had a negative view about it including Jason Calcanis, the Electronic Frontier Foundation, & Venture Beat. But just like in politics, Facebook was ready with its own spin and talking points. 

1. For example, in response to Venture Beat's article, Facebook came back with arguments ranging from the we've talked to regulators argument to our statistcs show that users are more empowered and we have a new privacy center

But none of that matters, because at the end of the day, 95% of the users will NOT remember Zuckerberg's December 1 open letter about upcoming privacy changes. And 95% of users will NOT read the privacy guide in the privacy section. This is not D.C. People are not judged by their initiatives or beliefs. In Silicon Valley, it's the effect of what you do that is important. And if no one remembers something it's like as if you never said it.

2. In addition the Facebook PR rep. says the following: "Facebook’s model of personalized control" where each post or shared item can have its own privacy settings "will make the default mode obsolete". 
 
No it will NOT make the default model obsolete. Because the default is by definition, the path of least effort, and as long as there are two paths one of which is always selected and the other is not, the users carry the burden of changing that option every single time they encounter those options. And as a result users will end up going the easier path. So if Facebook manipulates users into changing their default option to 'share with everyone' then to protect one's privacy a user will have to do an extra step every time he shares any information if he wants to stay private. If Facebook really believed that the default model is obsolete, then why would they force every single one of their 350 Million users to go and change those defaults instead of just explaining the per-post privacy feature and leave it at that?

3. Also Facebook says this: "Furthermore, we do not recommend the “Everyone” setting for people who have customized their settings previously".

It is true that people who have set some particular privacy settings previously, had those specific settings untouched. But those users constitute a small fraction of the total user base by Facebook's own admission. And the fact that they have gone this extra step makes them more advanced users. So this emphasizes the point that Facebook's careful manipulation of the defaults in their December privacy change hit the most vulnerable users, those with the least understanding of the site who had previously never changed their privacy settings. Those are the users who are most likely to go with the defaults, and who are the least likely to go back to the privacy page in the future.

Conclusion

I think that information transparency will have a positive outcome on society our sociecty is increasingly moving in this direction. And I think that there will be multiple drivers taking us there including emerging companies like Facebook. And with time, more people will likely start to see that the benefits that transparency brings outweigh the inconveniences. 

But none of that gives Facebook the right to manipulate users into unknowingly giving away their privacy. No matter if they're doing this for the good of the world, or to populate their open stream API with a press of a button and garner an enhanced competitive position against Twitter.

The Username & Icon is the New Dot Com

1. There is this story about a Hungarian startup that went from broke bootstrapped mode to covering all costs + salaries in one day by changing the icon of their free book iPhone app.20090806-8nke7jag2yhkhbuqenibwqnhw4

They were able to differentiate themselves in a crowded market, with lots of similar products, with a small change to their icon that had nothing to do with the actual product itself.

2. Here's another story. I know of another app by a Mexican developer, with hundreds of thousands of fans, with a fraction actually using the app (usually it's the other way around, as only a fraction of your users care enough to become fans). The app was able to gather such a number of fans solely because of its name El Ahorcado which means Hangman in Spanish. People became fans of the app because it reminded them of the game which they played as children.

3. Here's another example: @BreakingNewsMichael Van Poppel, whom I consider the European equivalent of Matt Drudge, started a twitter account with the catchy BreakingNews username, and as a result acquired hundreds of thousands of followers before selling the account to MSNBC. His strong reporting skills in addition to a catchy username were both strong influences in acquiring a large follower base.

So next time you're building an app or establishing a brand, think carefully of the name and icon you pick for your idea. 

Traditionally, brands have had dozens of touchpoints to showcase their identity. But in our current world of feeds, app leaderboards, 140 characters, and url shorteners, your username + icon combination will account for a much larger share of your brand exposure and have a disproportionate influence on customer acquisition. Choose them carefully.

Facebook Releases New Ads Product

Click on images to see screenshots of new facebook ads product...

     
Click here to download:
Facebook_Releases_New_Ads_Prod.zip (121 KB)

Comments [0]