Facebook: Look at our latest bug bounty that proves we're serious!

As Cambridge Analytica launches new site 'CambridgeFacts'

Continuing its charm offensive, Facebook has published the details of its data abuse bounty, ahead of Mark Zuckerberg’s appearances in front of US lawmakers.

The programme - which offers a minimum of $500 (and no maximum) for cases that prove to be true - will reward people who can prove an app has slurped up users’ data for nefarious means.

The move comes as the biz is under fire for playing fast and loose with users’ data, as it dawns on people just how much information they have handed over to the Zuckerborg and the apps using its platform.

Meanwhile, Zuckerberg himself is making up for an extended period of silence by issuing so many apologies it’s hard to keep up - with more expected when he gives evidence to US lawmakers later today and tomorrow.

The data abuse bounty, which was trailed at the end of last month, is the latest addition to Facebook’s PR toolkit as it tries to prove Zuck’s words aren’t just empty promises.

It will work alongside the existing bug bounty programme, but with the aim of protecting against abuse of data, regardless of whether the collection and abuse has happened because of a security vulnerability.

To report an issue, people must provide “first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence”.


Facebook crosses off one legal headache, another pops up: Server blueprint theft spat with Bladeroom settled, but...


However, it only applies to Facebook - other platforms, like Instagram, aren’t included.

If data abuse is confirmed, Facebook said it would shut down the app, “take legal action against the company selling or buying the data, if necessary”, and initiate a forensic audit of related systems - as well as telling affected users.

As with Facebook’s bug bounty programme, the payout will be based on the impact of the report - the biz noted that the highest impact bug reports have pulled in $40,000.

In order to qualify, Facebook said the situation must be one the biz wasn’t aware of, involve more than 10,000 users and have evidence of abuse - not just collection - of data.

They also have to comply with its responsible disclosure policy, including that the bounty-hunter gives Facebook time to investigate before making any information about the report public.

As well as non-Facebook data, other situations that are explicitly out of scope are: scraping, malware and scenarios where social engineering is a major component. However, Facebook added that it “hope to expand the scope of this program soon”.

The biz also emphasised that people couldn’t make a quick buck by illegally obtaining Facebook data, whipping the all-caps out to really hammer home the point:

“Any data that you obtained illegally or without proper authorization. DO NOT SHARE SUCH DATA WITH US - you will not be rewarded for doing so.”

Life is so unfair, stamps Cambridge Analytica

Meanwhile, the other company at the heart of the scandal - Cambridge Analytica - has taken a rather more petulant approach to the furore and bad press it's been getting.

“It has become open season for critics to say whatever they like about us based on speculation and hearsay,” said acting CEO Alexander Tayler (who took over from Alexander Nix after the former boss was caught on camera discussing honey traps and more with what turned out to be undercover Channel 4 presenters).

“It would be impossible to address the hundreds of articles and broadcast segments that have misrepresented Cambridge Analytica or replicated false statements made by those focused on creating a political scandal,” he said.

gold abacus via shutterstock

Facebook can’t count, says Cambridge Analytica


And so it has decided to cherry-pick just a few of the statements to refute - and has created a separate website, CambridgeFacts.com consisting of just one page, on which to do it.

Topping the list, are claims the biz had “hacked Facebook” - when actually it gained the information in “good faith”, through a license from a company (GSR) under a contract that had stated the information must be obtained legally.

And anyway, Cambridge Analytica added, that data (which they were willing to pay up to $1.5m for, according to contracts published last month) was “disappointing”, so the company used its own research to train its models.

The biz went on to say that it had deleted the raw data from its file server as soon as Facebook asked it to - and that it certainly wasn't used for the 2016 presidential election.

Rather, it said, that information came from voter files, polling data, data from the campaign and from commercial data brokers. This data was used to identify “persuadable” voters, it said, along with a polling tracker and dashboards for the campaign.

"In truth, we used the same kind of political preference models used by the Obama and Clinton campaigns; however, we started five months out from election day and did it with far fewer resources and less data," the biz said.

Finishing up the list are the statements that Cambridge Analytica is politically neutral and that Chris Wylie (the pink haired former CA researcher) “is not a whistleblower”. The firm would prefer it if everyone saw him as a one-time contractor whose account is “based on pure conjecture and guesswork, while his own motivations in this saga have remained unexplored”. ®

Other stories you might like

  • VMware claims 'bare-metal' performance on virtualized GPUs
    Is... is that why Broadcom wants to buy it?

    The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register.

    Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect.

    NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs.

    Continue reading
  • Nvidia promises annual updates across CPU, GPU, and DPU lines
    Arm one year, x86 the next, and always faster than a certain chip shop that still can't ship even one standalone GPU

    Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs).

    Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market.

    "We will extend our execution excellence and give each of our chip architectures a two-year rhythm," Kelleher added.

    Continue reading
  • Amazon puts 'creepy' AI cameras in UK delivery vans
    Big Bezos is watching you

    Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

    The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK. 

    Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what's going on in and around the vehicle.

    Continue reading
  • AWS puts latest homebrew ‘Graviton 3’ Arm CPU in production
    Just one instance type for now, but cheaper than third-gen Xeons or EPYCs

    Amazon Web Services has made its latest homebrew CPU, the Graviton3, available to rent in its Elastic Compute Cloud (EC2) infrastructure-as-a-service offering.

    The cloud colossus launched Graviton3 at its late 2021 re:Invent conference, revealing that the 55-billion-transistor device includes 64 cores, runs at 2.6GHz clock speed, can address DDR5 RAM and 300GB/sec max memory bandwidth, and employs 256-bit Scalable Vector Extensions.

    The chips were offered as a tech preview to select customers. And on Monday, AWS made them available to all comers in a single instance type named C7g.

    Continue reading
  • Beijing reverses ban on tech companies listing offshore
    Announcement comes as Chinese ride-hailing DiDi Chuxing delists from NYSE under pressure

    The Chinese government has announced that it will again allow "platform companies" – Beijing's term for tech giants – to list on overseas stock markets, marking a loosening of restrictions on the sector.

    "Platform companies will be encouraged to list on domestic and overseas markets in accordance with laws and regulations," announced premier Li Keqiang at an executive meeting of China's State Council – a body akin to cabinet in the USA or parliamentary democracies.

    The statement comes a week after vice premier Liu He advocated technology and government cooperation and a digital economy that supports an opening to "the outside world" to around 100 members of the Chinese People's Political Consultative Congress (CPPCC).

    Continue reading

Biting the hand that feeds IT © 1998–2022