Unriddled: "Alexa, Make a Donation," and More Tech News You Need

Welcome one, welcome all to Wednesday -- the day that marks not just the week's halfway point, but another edition of "Unriddled": the HubSpot Marketing Blog's mid-week digest of the tech news you need to know.

This week, we continue to wade through the very crowded pool of tech news items to help you decrypt what's happening in this vast, often complex sector. And, get this: It's not all about Facebook.

It's our Wednesday tech news roundup, and we're breaking it down.

Unriddled: The Tech News You Need

1. An IRA Purge From Facebook

Yesterday afternoon, Facebook Chief Security Officer Alex Stamos issued a statement indicating that the company had removed 70 Facebook and 65 Instagram accounts, in addition to 138 Facebook Pages, that were controlled by the Russia-based Internet Research Agency (IRA). The announcement noted that many of these Pages ran ads that have also been removed from Facebook.

Roughly 95% of the Pages with content were in Russian, indicating that these pages were targeted toward Russia residents or people who speak the language in neighboring nations.

According to Stamos, the decision to remove these Pages had little to do with the content itself -- and everything to do with the fact that they were controlled by the IRA, which "has repeatedly used complex networks of inauthentic accounts to deceive and manipulate people who use Facebook, including before, during and after the 2016 U.S. presidential elections," he wrote. "It’s why we don’t want them on Facebook."

Users can expect a further explanation from Facebook in the coming weeks, Stamos said. The company is looking to update its Help Center so people can find out if they liked any of these Pages.

Source: Facebook

2. "Alexa, Make a Donation"

On Monday, it was revealed that Amazon Echo Users can now donate to 40 charities through Amazon Pay: a service, much like Apple Pay or Google Pay, that lets people use payment methods already associated stored in their Amazon accounts to purchase goods and services -- and now, to make donations.

To make donations through Alexa, users need to have such a valid payment method set up in their Amazon accounts, and have voice purchasing enabled. And in order to prevent others from making unwanted donations, users can set up a four-digit voice confirmation code, which can be done through the voice purchasing settings.

It's an interesting new feature for Amazon, and not the first that allows shoppers to use its technology to make charitable donations. In 2013, the company launched Amazon Smile, which lets users pick a charity that will receive 0.5% of what they pay for certain, eligible products.

Source: Amazon

But with the introduction of this Alexa skill, it allows users to make more spontaneous or impromptu donations just through an Alexa command -- without reaching for their wallets or filling in several information fields.

To that end, organizations that receive donations through Alexa will also receive the user's name, address, and email address, but not his or her credit card information. So, while there's a chance that you'll receive follow-up communication from the organization you donated to, the payment information itself is supposed to be secure. 

3. Data Leaks Abound

Facebook wants to make one thing clear to users: The ongoing situation with Cambridge Analytica was not a data leak. Rather, it was the misuse of data -- collected by an app developer as was allowed by Facebook at the time -- by an analytics and profiling firm that never should have obtained information in the first place.

Keep that distinction in mind -- because over the past several days, more than one consumer platform has experienced actual data leaks.

MyFitnessPal

One of them was MyFitnessPal: a free online calorie tracking site that's owned by fitness apparel company Under Armour, which announced last week that the site had experienced a data beach impacting up to 150 million accounts. The data did not include information like Social Security or credit card numbers, according to the company's statement, but was instead limited to things like usernames, email addresses, and hashed passwords (the kind that's encrypted with something called bcrypt). 

Panera

The second was a data leak from fast-casual restaurant chain Panera that included information like customer names, email and mailing addresses, dates of birth, and the last four digits of their credit card numbers. And according to information security blogger Brian Krebs, Panera knew of this leak for eight months before it addressed it.

It all began in August 2017 when security researcher Dylan Houlihan alerted Panera that customer data was leaking from its site -- which according to emails supplied to Krebs, led to Panera's director of information security Mike Gustavison largely writing off the report as a scam. And despite Gustavison verifying the problem soon thereafter and saying the company was working on a fix, eight months later, Houlihan discovered that the site was not only continuing to leak data, but that the estimated seven million jeopardized customer records could also be easily indexed and crawled by automated tools.

Since Krebs first reported the leak on Monday, Panera has issued statements indicating that it has fixed the problem -- but several sources have said that the "fix" barely goes beyond requiring a valid user login to view these records (whereas before, anyone with the correct link to them could view them). Others have also reported that they have reason to believe more than seven million customer records have been exposed, and that Panera's corporate client records may have also been affected. 

Grindr

Finally, it was revealed by BuzzFeed earlier this week that dating app Grindr has been sharing personal user data with such third-party research firms -- which included personal medical test results that users have the option of sharing on their profiles. Again, this incident is not to be confused with a data leak. Rather than this information being unintentionally exposed, the app says that this information is intentionally shared with research firms (namely, Apptimize and Localytics) to help improve the user experience. 

According to the report, all of a user's personal profile information is shared with these firms, which can include test results, if the user chooses to include it in his or profile. And while Grindr says this information is shared only with research partners and should, therefore, be secure, the news has left many wondering how easily that information could be abused if there was a data breach and it fell into the wrong hands.

Grindr has since issued a statement to BuzzFeed indicating that it will stop sharing medical test information from user profiles with these third-party firms -- while also calling the negative response "a misunderstanding of technology," according to the app's Chief Security Officer Bryce Case, by the people who were unhappy to learn of this activity.

Why This Is Important

Okay, so, we clearly have a lot to learn from these three incidents -- all in light of the fairly recent Facebook and Cambridge Analytica data news.

I'll start with Grindr. While it's possible that users did misunderstand the extent and intention of this data sharing, the point is: There was an outcry. To accuse this unhappy audience of "misunderstanding" how it works can easily (and understandably) be deemed as insulting. For any marketers who curious as to how they might want to handle a situation like this one, should they become responsible for responding to it, I would suggest explaining the situation clearly and in a non-condescending manner if you believe your audience might misunderstand the situation. But try to avoid labeling it as such, and instead, focus on a resolution.

And you might be thinking, "There's very little chance that I'll find myself in that situation." But think twice: With the General Data Protection Regulation (GDPR) coming into force next month (check out our primer here), it might soon apply to you more than you think. Don't feel bad -- our research shows that only 42% of marketers feel that they're even somewhat prepared for the GDPR.

Plus, the noticeable volume of data- and privacy-related issues making headlines within the past year (we haven't forgotten about you, Equifax) shows just how much more vulnerable businesses might be to these types of issues than they're aware. Long story short: If you haven't done one already, now might be a good time for a security checkup, to make sure you know how your (and your customers') data is protected, and who exactly has access to it.

4. Apple Chips

Bloomberg reported this week that Apple will begin using its own chips in Mac devices as soon as 2020, rather than using the Intel processors it's long relied on in the buildout of its computers. It's a project reportedly known internally as "Kalamata": one that illustrates another step toward making the Apple branded ecosystem iron-clad.

In February, I wrote about how this ecosystem can sometimes create a restrictive user experience, especially when it comes to Apple's smart home speaker, the HomePod. In my experience, limiting the device's music streaming options to Apple Music rendered the HomePod somewhat useless to those who use services like Spotify (which, side note, officially became listed on the New York Stock Exchange as SPOT yesterday) or Pandora. 

But processor chips are different, and introduce a new type of vertical integration for Apple. While much of the company's hardware -- like the iPhone and Apple Watch, for example -- runs on its own, internally-designed processors, its computers still rely on chips from Intel, often slowing down production due to the reliance on major pieces from external companies.

It's not exactly welcome news for Intel, whose stock price dropped when this information was revealed -- though it does appear to have slightly rebounded as of writing this post. 

Source: Google

Apple certainly isn't alone in its desire to create a product ecosystem that's somewhat indestructible as a result of brand loyalty. Google, for its part, is building a growing portfolio of branded products, including mobile devices and computers, like Chromebooks, which currently run on Intel processing.

But this move has many -- present company included -- wondering if Google will be the next to vertically integrate machine processing capabilities. After all, Google and Apple have been known to become more than a bit competitive when it comes to similar products and capabilities (see: last fall's #MadeByGoogle event) -- so should Google follow suit, it wouldn't exactly come as a surprise.

What Else Is Going Down in Tech Town?

More of the Latest From Facebook

On top of the ongoing data-related scrutiny Facebook is already receiving, the social media network is now coming under fire for archiving videos -- like deleted multiple takes -- that users thought had been removed, but were instead stored in personal data files, as per New York Magazine. A company spokesperson told TechCrunch that this happened because of "a bug," and that the videos probably weren't seen by the public.  

Facebook has continued to respond to the fallout from allegations that personal user data was misused by analytics and profiling firm Cambridge Analytica, with announcements made last week that the company would be limiting the data available to advertisers on its platform. Meanwhile, new data shows that 31% of tech workers said they would delete Facebook.

In light of this data misuse, many are asking if or how Facebook will extend rules and practices required by the GDPR to U.S. users. In an interview with Reuters, Facebook CEO Mark Zuckerberg did not make that clear, though he did say that the social network is working on an internal "law" or version of the GDPR that would apply globally to all users. When asked which parts of the European regulation that would include, he answered, “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing.” 

The company also announced last week its action plan to prevent the future weaponization of its platform to influence elections, outlining a four-tiered approach to protecting election security. Yesterday, that was followed by an announcement that Facebook will roll out changes to provide greater context around stories appearing in the News Feed. Read full story >>

Google Also Had a Busy Month

While Facebook was dominating many tech news headlines in March, Google was quietly having a busy month of its own. Learn more about these latest developments in this month's edition of "What You Missed in Google." Read full story >>

More (Unconfirmed) Changes From Instagram

Last week, we reported on changes that visual-content-sharing app Instagram would be making to its algorithm, with the possible introduction of a "New Posts" feature and more. Now, it seems that the company has made abrupt, unannounced changes to the way developers can use the app's API to access data, with some losing access to it completely. Read full story >>

It's a Dark, Pivotal Time for Autonomous Vehicles

Following recent fatal accidents involving both Uber and Tesla self-driving cars, the autonomous vehicle sector is going through a somewhat dark, but important phase. California has responded with new regulations imposed by its Department of Motor Vehicles, Arizona's governor suspended Uber's self-driving cars from its roads, and many other manufacturers have voluntarily paused its testing of these vehicles. But what does it all mean for the future of this crucial, highly-scrutinized industry?  Recode's Johana Bhuiyan breaks these issues down, and the implications they could have for the future of self-driving. Read full story >>

That’s all for today. Until next week, feel free to weigh in on Twitter to ask us your tech news questions, or to let us know what kind of events and topics you'd like us to cover.