Meta and Mark Zuckerberg face a six-letter problem. Spell it out with me: T-i-k-T-o-k.
Yeah, TikTok, the short-form video app that has hoovered up a billion-plus users and become a Hot Thing in Tech, means trouble for Zuckerberg and his social networks. He admitted as much several times in a call with Wall Street analysts earlier this week about quarterly earnings, a briefing in which he sought to explain his apps’ plateauing growth—and an actual decline in Facebook’s daily users, the first such drop in the company’s 18-year history.
Zuckerberg has insisted a major part of his TikTok defense strategy is Reels, the TikTok clone—ahem, short-form video format—introduced on Instagram and Facebook and launched in August 2020.
If Zuckerberg believed in Reels’ long-term viability, he would take a real run at TikTok by pouring money into Reels and its creators. Lots and lots of money. Something approaching the kind spent by YouTube, which remains the most lucrative income source for social media celebrities. (Those creators produce content to draw in engaged users. The platforms sell ads to appear with the content—more creators, more content, more users, more potential ad revenue. It’s a virtous cycle.)
Now, here’s as good a time as any for a crash course in creator economics. For this, there’s no better guide than Hank Green, whose YouTube video on the subject recently went viral. His fame is most rooted there on YouTube, where he has nine channels run from his Montana home. His most popular channel is Crash Course (13.1 million subscribers—an enviable YouTube base), to which he posts education videos for kids about subjects like Black Americans in World War II and the Israeli-Palestinian conflict.
Like the savviest social media publishers, Green fully understands that YouTube offers the best avenue for making money. It shares 55% of all ad revenue earned on a video with its creator. “YouTube is good at selling advertisements: It’s been around a long time, and it’s getting better every year,” Green says. On YouTube, he earns around $2 per thousand views. (In all, YouTube distributed nearly $16 billion to creators last year.)
Green sports an expansive mindset, though, and he has accounts on TikTok, Instagram and Facebook, too. TikTok doesn’t come close to paying as well as YouTube: On TikTok, Green earns pennies per every thousand views.
Meta is already beginning to offer some payouts for Reels. Over the last month, Reels has finally amassed enough of an audience for Green’s videos to accumulate 16 million views and earn around 60 cents per thousand views. Many times over TikTok’s but still not enough to get Green to divert any substantial his focus to Reels, which has never managed to replicate TikTok’s zeitgeisty place in pop culture. (Tiktok “has deeper content, something fascinating and weird,” explains Green. Reels, however, is “very surface level. None of it is deeper,” he says.) Another factor weighing on Reels: Meta’s bad reputation. “Facebook has traditionally been the company that has been kind of worst at being a good partner to creators,” he says, citing in particular Facebook’s earlier pivot to long-form video that led to the demise of several promising media startups, like Mic and Mashable.
This is where Zuckerberg could use Meta’s thick profit margin (36%, better even than Alphabet’s) and fat cash pile ($48 billion) to shell out YouTube-style cash to users posting Reels, creating an obvious enticement to prioritize Reels over TikTok. Maybe even Reels over YouTube, which has launched its own TikTok competitor, Shorts.
Now, imagine how someone like Green might get more motivated to think about Meta if Reels’ number crept up to 80 cents or a dollar per thousand views. Or $1.50. Or a YouTube-worthy $2. Or higher still: YouTube earnings can climb over $5, double even for the most popular creators.
Meta has earmarked up to a $1 billion for these checks to creators, which sounds big until you remember the amount of capital Meta has available to it. (And think about the sum YouTube disburses.) Moreover, Meta has set a timeframe for dispensing those funds, saying last July it would continue through December 2022. Setting a timetable indicates that Meta could (will likely?) turn off the financing come next Christmas.
Zuckerberg has demonstrated a willingness to plunk down Everest-size mountains of money over many years for projects he does fully believe in. The most obvious example is the metaverse, the latest Zuckerberg pivot. Meta ran up a $10.1 billion bill on it last year to develop new augmented and virtual reality software and headsets and binge hire engineers. Costs are expected to grow in 2022. And unlike Reels, metaverse spending has no semblance of a time schedule; Wall Street has been told the splurge will continue for the foreseeable future. Overall, Meta’s view on the metaverse seems to be, We’ll spend as much as possible—for as long as it takes—for this to happen.
The same freewheeled mindset doesn’t seem to appply to Reels. But Zuckerberg knows he can’t let TikTok take over the short-form video space unopposed. Meta needs to hang onto the advertising revenue generated by Instagram and Facebook until it can make the metaverse materialize. (Instagram and Facebook, for perspective, generated 98% of Meta’s $118 billion revenue last year; sales of Meta’s VR headset, the Quest 2, accounted for the remaining 2%.) And advertising dollars will increasingly move to short-form video, following users’ increased demand for this type of content over the last several years.
Reality is, Zuckerberg has already admitted he doesn’t see Reels as a long-term solution to his T-i-k-T-o-k problem. If he did, he’d spend more on it and creators like Green than what the metaverse costs him over six weeks.
A small Nebraska company is helping law enforcement around the world spy on users of Google, Facebook and other tech giants. A secretly recorded presentation to police reveals how deeply embedded in the U.S. surveillance machine PenLink has become.
PenLink might be the most pervasive wiretapper you’ve never heard of.
The Lincoln, Nebraska-based company is often the first choice of law enforcement looking to keep tabs on the communications of criminal suspects. It’s probably best known, if it’s known at all, for its work helping convict Scott Peterson, who murdered his wife Laci and their unborn son in a case that fomented a tabloid frenzy in the early 2000s. Nowadays the company has been helping cops keep tabs on suspected wrongdoing by users of Google, Facebook and WhatsApp – whatever web tool that law enforcement requests.
With $20 million revenue every year from U.S. government customers such as the Drug Enforcement Administration, the FBI, Immigration Customs Enforcement (ICE) and almost every other law enforcement agency in the federal directory, PenLink enjoys a steady stream of income. That doesn’t include its sales to local and state police, where it also does significant business but for which there are no available revenue figures. Forbes viewed contracts across the U.S., including towns and cities in California, Florida, Illinois, Hawaii, North Carolina and Nevada.
“PenLink is proud to support law enforcement across the U.S. and internationally in their effort to ﬁght wrongdoing,” the company said. “We do not publicly discuss how our solution is being utilized by our customers.”
Sometimes it takes a spy to get transparency from a surveillance company. Jack Poulson, founder of technology watchdog Tech Inquiry, went incognito at the National Sheriffs’ Association’s winter conference in Washington. He recorded a longtime PenLink employee showing off what the company could do for law enforcement and discussing the scale of its operations. Not only does the recording lift the lid on how deeply involved PenLink is in wiretapping operations across the U.S., it also reveals in granular detail just how tech providers such as Apple, Facebook and Google provide information to police when they’re confronted with a valid warrant or subpoena.
Scott Tuma, a 15-year PenLink veteran, told attendees at the conference that the business got off the ground in 1987 when a law enforcement agency had an abundance of call records that it needed help organizing. It was in 1998 that the company deployed its first wiretap system. “We’ve got those, generally, scattered all over the U.S. and all over the world,” Tuma said. Though he didn’t describe that tool in detail, the company calls it Lincoln.
Today, it’s social media rather than phones that’s proving to be fertile ground for PenLink and its law enforcement customers. Tuma described working with one Justice Department gang investigator in California, saying he was running as many as 50 social media “intercepts.” PenLink’s trade is in collecting and organizing that information for police as it streams in from the likes of Facebook and Google.
The PenLink rep said that tech companies can be ordered to provide near-live tracking of suspects free of charge. One downside is that the social-media feeds don’t come in real time, like phone taps. There’s a delay – 15 minutes in the case of Facebook and its offshoot, Instagram. Snapchat, however, won’t give cops data much more than four times a day, he said. In some “exigent circumstances,” however, Tuma said he’d seen companies providing intercepts in near real time.
Making matters trickier for the police, to get the intercept data from Facebook, they have to log in to a portal and download the files. If an investigator doesn’t log in every hour during an intercept, they get locked out. “This is how big of a pain in the ass Facebook is,” Tuma said. PenLink automates the process, however, so if law enforcement officers have to take a break or their working day ends, they’ll still have the intercept response when they return.
A spokesperson for Meta, Facebook’s owner, said: “Meta complies with valid legal processes submitted by law enforcement and only produces requested information directly to the requesting law enforcement official, including ensuring the type of legal process used permits the disclosure of the information.”
Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union, reviewed the comments made by Tuma. She raised concerns about the amount of information the government was collecting via PenLink. “The law requires police to minimize intercepted data, as well as give notice and show necessity,” she said. “It’s hard to imagine that wiretapping 50 social media accounts is regularly necessary, and I question whether the police are then going back to all the people who comment on Facebook posts or are members of groups to tell them that they’ve been eavesdropped upon.”
She suggested that Tuma’s claim that a “simple subpoena” to Facebook could yield granular information – such as when and where a photo was uploaded, or when a credit-card transaction took place on Facebook Marketplace – may be an overreach of the law.
There’s a lot of nuance involving where government actions might stray over the line, said Randy Milch, a New York University law professor and former general counsel at telecoms giant Verizon Communications. “While I’m sympathetic to the idea that the government is going to ask for more than it needs, simply saying ‘too much data must mean an overreach’ is the kind of arbitrary rule that isn’t workable,” he told Forbes. “The government doesn’t know the amount of the data it’s seeking” before the fact. Milch noted that the Stored Communications Act explicitly allows for subpoenas to collect records including names, addresses, means and source of payment, as well as information on session times and durations.
‘Google’s the best’
In his Washington talk, Tuma gushed over Google’s location-tracking data. Google “can get me within three feet of a precise location,” he said. “I cannot tell you how many cold cases I’ve helped work on where this is five, six, seven years old and people need to put [the suspect] at a hit-and-run or it was a sexual assault that took place.” If people are carrying their phones and have Gmail accounts, he said, law enforcement “can get really lucky. And it happens a lot.” Facebook, by comparison, will get a target within 60 to 90 feet, Tuma said, while Snapchat has started providing more accurate location information within 15 feet.
Snapchat didn’t respond to requests for comment.
Tuma also described having a lot of success in asking Google for search histories. “Multiple homicide investigations, I’ve seen it: ‘How to dispose of a human body,’ ‘best place to dump a body.’ Swear to God, that’s what they search for. It’s in their Google history. They cleared their browser and their cookies and things, they think it’s gone. Google’s the best.” A Google spokesperson said the company tries to balance privacy concerns with the needs of police. “As with all law enforcement requests, we have a rigorous process that is designed to protect the privacy of our users while supporting the important work of law enforcement,” the spokesperson said.
Tuma described Apple’s iCloud warrants as “phenomenal.” “If you did something bad, I bet you I could find it on that backup,” he said. (Apple didn’t respond to requests for comment.) It was also possible, Tuma said, to look at WhatsApp messages, despite the platform’s assurances of tight security. Users who back up messages effectively remove the protection provided by the app’s end-to-end encryption. Tuma said he was working on a case in New York where he was sitting on “about a thousand recordings from WhatsApp.” The Facebook-owned app may not be so susceptible to near real-time interception, however, as backups can only be done as frequently as once a day. Metadata, however, showing how a WhatsApp account was used and which numbers were contacting one another and when, can be tracked with a surveillance technology known as a pen-register. PenLink provides that tool as a service.
All messages on WhatsApp are end-to-end encrypted, said a company spokesperson, and it’s transparent about how it works with law enforcement. “We know that people want their messaging services to be reliable and safe – and that requires WhatsApp to have limited data,” the spokesperson said. “We carefully review, validate and respond to law enforcement requests based on applicable law and in accordance with our terms of service, and are clear about this on our website and in regular transparency reports. This work has helped us lead the industry in delivering private communications while keeping people safe, and has led to arrests in criminal cases.” They pointed to a release last year of a feature that allows users to encrypt their backups in the iCloud or Google Drive, while noting that when they respond to a law enforcement request, they don’t provide the data to any private company like PenLink, but directly to law enforcement.
Going dark or swimming in data?
In recent years, the FBI and various police agencies have raised concerns about end-to-end encryption from Google or Facebook cutting off valuable data sources. But Tuma said that Silicon Valley’s heavyweights aren’t likely to start hiding information from police because it would mean doing the same to advertisers. “I always call B.S. on it for this reason right here: Google’s ad revenue in 2020 was $182 billion,” Tuma said.
Granick of the ACLU said that such claims showed that the FBI, contrary to what the bureau claimed, wasn’t losing sight of suspects because of encrypted apps like WhatsApp. “The fact that backups and other data are not encrypted creates a treasure trove for police,” Granick said. “Far from going dark, they are swimming in data.” It’s noteworthy that Signal, an encrypted communications app that’s become hugely popular in recent years, does not have a feature that allows users to back up their data to the cloud.
Indeed, the amount of data being sent by the likes of Google and Facebook to police can be astonishing. Forbes recently reviewed a search warrant in which the police were sent 27,000 pages of information on a Facebook account of a man accused of giving illegal tours of the Grand Canyon. Tuma said he’d seen even bigger returns, the largest being around 340,000.
Though its headcount is small – less than 100 employees, according to LinkedIn – PenLink’s ability to tap a wide range of telecoms and internet businesses at scale has made the company very attractive to police over the last two decades. Over the last month alone, the DEA ordered nearly $2 million in licenses and the FBI $750,000.
Through a Freedom of Information Act request, Forbes obtained information on a $16.5 million PenLink contract with ICE that was signed in 2017 and continued to 2021. It details a need for the company’s suite of telecommunications analysis and intercept software applications, including what it called its PLX tool. The contract requires PenLink, at a minimum, to help wiretap a large number of providers, including AT&T, Iridium Satellite, Sprint, Verizon, T-Mobile, Cricket, Cablevision, Comcast, Time Warner, Cox, Skype, Vonage, Virgin Mobile and what the government calls “social media and advertising websites” such as Facebook and WhatsApp.
PenLink’s work wouldn’t be possible without the compliance of tech providers, who, according to Granick, “are storing too much data for too long, and then turning too much over to investigators. Social media companies are able to filter by date, type of data, and even sender and recipient. Terabytes of data are almost never going to be responsive to probable cause, which is what the Fourth Amendment requires.”
As for how you choose to answer these prompts, I have some advice on that, too.
On Monday, after many months of anticipation,AppleAAPL-0.24%released iOS 14.5. The update isn’t as big as the full-digit release thattypically arrives each September, but it does have a few useful upgrades.Siri has some new, more realistic voices. If you’re setting up a new device, the virtual assistant no longer defaults to a female voice —something I’ve long advocated for. Then, there’s the new mask-unlock trick. If you’re wearing a mask and want tounlock your iPhone without punching in a passcode, you can use your Apple Watch to confirm it’s you. Oh, and there’s a redesigned syringe emoji. No sore arm included.But the most important and most controversial update? App Tracking Transparency—abbreviated to ATT. The privacy feature requires any app that wants to track your activity and share it with other apps or websites to ask for permission.“We really just want to give users a choice,” Craig Federighi, Apple’s senior vice president of software engineering, told me in an exclusive video interview. “These devices are so intimately a part of our lives and contain so much of what we’re thinking and where we’ve been and who we’ve been with that users deserve and need control of that information.” He added, “The abuses can range from creepy to dangerous.”
App developers, advertisers and social networks dependent on ad revenue don’t see it as such a humanitarian decision. For years, they’ve relied on this sort of tracking and sharing your info with data brokers to build a dossier on your digital habits to serve you highly personalized ads.Facebook has been vocal about Apple’s move, calling it “harmful to small businesses,” “anticompetitive” and “hypocritical.”“It’s people opting out without understanding the impact,” said Graham Mudd,Facebook’svice president of Ads & Business Product Marketing. “If you look at Apple’s language and the lack of explanation, we’re concerned that people will opt out because of this discouraging prompt, and we will find ourselves in a world where the internet has more paywalls and where far fewer small businesses are able to reach their customers.”
“It wasn’t surprising to us to hear that some people were going to push back on this, but at the same time, we were completely confident that it’s the right thing,” Mr. Federighi said. While the feature’s rollout has been delayed, Mr. Federighi said that was caused not by backlash but because Apple had to make sure app developers could comply when a user opted out of tracking. Mr. Federighi said Apple worked hard on the clarity of the prompts and has created privacy-respecting ad tools for developers.After years of writing about the need for more privacy control, I’m grateful for the choice. But this is much more than just some eeny-meeny-miny-moe decision. This is a choice about who you think deserves your personal information, and how targeted you want the marketing in your feeds to be. When presented with a pop-up, here’s what to consider.
Option 1: Ask App Not to Track
This is your hands-off-my-data choice.Tapping this tells the system not to share something you probably never knew you were sharing, called an IDFA—Identifier for Advertisers. For years all iPhones have had this invisible string of numbers used for tracking and identifying you and your activity in and across apps. (Android has something similar.)Here’s an example of how it works: You download a free, ad-supported sleep app. A few hours later you start seeing ads foradult onesiesin your Facebook feed. You also start seeing ads in the sleep app pertaining to other interests of yours—potentially as innocent as dish soap or as personal as fertility treatments.Behind the scenes the sleep app and Facebook were communicating about you using that identifier. And since most apps use it, the data attached to yours can include the apps you’ve downloaded, your search history, your purchase history, your recent locations and more.Tapping this option will restrict the app from accessing that tracking number (which your device no longer shares by default), but it also tells that app you don’t want to be tracked using sneakier means. That’s why it says “Ask App Not to Track” rather than “Do Not Track,” Mr. Federighi explained.Apps that might ignore the policy and continue to track through other means could be punished in the App Store, he added. “They might not be able to provide updates or their app could even be removed from the store.” Translation: Follow the rules or get out.The appeal of this option doesn’t need my explanation: Stop the tracking and the “surveillance capitalism,”as some call it, that’s been happening behind the scenes all these years.Those who prioritize privacy—or just don’t like pop-ups—can opt out of tracking altogether with a universal setting that tells all apps, “No.” On your iPhone go to Settings > Privacy > Tracking. You’ll see “Allow Apps to Request to Track.” Turn it off and apps won’t ask—and they won’t have access to your identifier.
Tap this option and your data flows like the Mississippi—at least among the apps that get your consent. App makers have two opportunities to explain how they will use the data and convince you they’re worthy.When you get the pop-up, under the question “Allow [app] to track your activity across other companies’ apps and websites?” you’ll see a message from the app maker in small text. Most are short and tend to explain the need to track for “relevant” or “personalized” ads. Still, read them—you may be surprised by what’s said.Others go a step further. Before you get to that official pop-up, some will show a full screen explaining the benefits of advertising and how they use personal data.Merriam-Webster sure got my attention: “The Collegiate Dictionary and Thesaurus with hundreds of thousands of entries are free, but we couldn’t do that without ads.” That’s one way to pull at the heartstrings of a professional writer. TheMcDonald’sapp offering more ads for “food you love”? Not as compelling.
When I asked business owners and execs in the ad industry and social media to explain why people should tap “Allow,” their answers boiled down to the following:
You want relevant ads.Many tracking pleas mentioned the days when our social-media feeds were full of pointless ads. “I don’t have a baby. I don’t even like babies! Why are you trying to sell me diapers?” But remember tapping this won’t make all ads—and not even all relevant ads—go away. There are still ways to deliver targeted ads without this sort of tracking.
You want to support small businesses.“As a consumer and mother, I get it. As a business owner, this sucks,” Erin LaCkore, a 35-year-old owner of LaCkore Couture, a small jewelry brand, told me. “There are so many more people I would be able to reach.” Facebook’s ad tools allow her and many other small businesses to carefully target people who would be interested in their products.
“When people go to make this decision, I want them to A) think of their safety but B) what you might have missed out on that you might have loved as a consumer,” she added. (My colleague Christopher Mims exploredthe impact on small businessesin a recent column.)
You want the internet to remain free.Facebook argues this move threatens the ability for apps to remain free and ad-supported. Mr. Federighi said that there was a similar response years back when Apple introduced privacy features in Safari, yet ads still appear on websites viewed in Safari.
Unsurprisingly, the vast majority of people will likely say no to tracking. AppsFlyer is a measurement firm that helps businesses evaluate ad-campaign performance. According tothe company’s data, based on the early use of ATT in iOS, the opt-in rate was an average of 26% per app across nearly 550 apps. People are more likely to allow tracking with nongaming apps and brands that they trust.Whatever you decide, you can always change your mind. In that Tracking section of your Privacy settings, you can adjust your choice for each app.“People have their own sense of privacy and how important it is to them,” Mr. Federighi said. “So we will all make our personal decisions.”His personal decision? Oh, he’ll be opting out. I plan to do the same for many apps—especially ones that handle my most personal information—but I will consider it case by case, and read each pop-up with care.