Meta sues Israeli surveillance firm for collecting data on 600,000 users through fake accounts Voyager Labs relies on AI for analytics
Meta said it is suing Voyager Labs scraping for hireBecause Facebook, Instagram, Twitter, and other social media or posting sites use fake accounts, special software, and a vast network of IP addresses to secretly collect large amounts of personal information from their users.
The defendant created and used more than 38,000 fake Facebook user accounts and its monitoring software to collect the visible profile information of more than 600,000 Facebook users, including posts, likes, friend lists, photos and comments, as well as information from Facebook groups and pages. In Meta’s complaint. Defendant designed the monitoring software to hide its existence and activities from Meta and others, and sold and licensed the data it collected for profit.
Web scraping (sometimes called harvesting) is a technique for extracting the content of websites through a script or program with the goal of modifying it to allow use in another context, such as enriching databases, reference or data mining.
Voyager Labs, which provides a service scraping for hireso he rents his tools to collect data.
As for whether a chip is legal or not, the answer depends on the geographic location.
In the United States, hiQ Labs uses web scraping on LinkedIn data for recruiting purposes. After the trial, the United States Court of Appeals for the Ninth Circuit ruled in favor of hiQ in September 2019: the court specifically considered that users retain ownership rights to their profiles and information is freely distributed on the Internet, they can be. collected. The case then goes to the Supreme Court, which is expected to rule in favor of LinkedIn in November 2022, according to Judge Edward Chen’s decision, which found that hiQ had deliberately and repeatedly reverse-engineered to circumvent antitrust protections. robots by simulating human users.
On the French side, on April 30, 2020, the CNIL published new guidelines on web scraping. The CNIL guidelines state that publicly available information is always personal information and cannot be reused without the knowledge of the person to whom the information relates.
In December 2021, a startup from Station F is punished for hacking. he collected data from the yearbook of a Paris business school, using a web scraping technique to recruit alumni of the institution with the aim of crowdfunding8. automated data processing system and not web scraping.
Meta said Facebook users living in California whose data was deleted included employees of nonprofit organizations, universities, news organizations, health care facilities, the U.S. military, local, state and federal government agencies, as well as full-time parents, retirees and colleagues. union members. Meta said data collection and the use of fake accounts violate its terms of service.
Voyager Labs, headquartered in Israel, bills itself as an AI-powered survey service that collects data from billions of “human pixels” and signals and uses artificial intelligence to map connections, track geographic locations and provide other personal data to public safety agencies.
By tapping into this vast ocean of data, they can gain actionable insights about individuals, groups and topics, then dig deeper to discover more,” company officials wrote in marketing materials accompanying the release. Meta complaint. Voyager Labs’ letterhead reads: Emphasizing individuality.
In one case, the service used Facebook posts to identify the full names of an Italian marathon runner and his wife who contracted COVID-19. The service then provided a list of friends and people the runner was in contact with. In a different case, Voyager Labs identified patrons of a British pub who may have been infected with a deadly virus.
Voyager Lab’s clients include the Los Angeles Police Department, according to exhibits. Voyager Labs was able to identify several new targets in an easier-to-read format and process warranty returns faster, which were easier to read, according to a statement from a member of the department.
Meta is seeking a permanent injunction that would prevent Voyager Labs from continuing the experiment.
In the lawsuit announcement, Jessica Romero, Meta Director of Platform Enforcement and Litigation, wrote:
Voyager developed and used custom programs to launch scraping campaigns on Facebook and Instagram and on websites such as Twitter, YouTube, LinkedIn and Telegram. Voyager developed scraping software to use fake accounts to scrape user-accessible data while logged into Facebook, including user profile information, posts, friend lists, photos and comments. Voyager used a system of different computers and networks in different countries to hide its activities, including when Meta submitted fake accounts for verification or verification. Voyager did not compromise Facebook, but instead used fake accounts to collect publicly available information.
Our lawsuit alleges that Voyager violated our Terms of Service against fraudulent accounts and unauthorized, automated scraping. We are seeking a permanent injunction against Voyager to protect people from scraping services. Companies like Voyager are part of an industry that provides scraping services to anyone, regardless of their target users or purpose, including as a way to profile people for criminal behavior. This industry secretly collects information that people share with their community, family and friends without oversight or accountability and in ways that can violate people’s civil rights.
This isn’t the first time Meta has sued a company over a data breach
The lawsuit is at least the second time Meta has sued over a data breach on its platform. In July, the company sued Octopus, the U.S. subsidiary of the Chinese national technology company, for allegedly offering to take down any website, and Turkey-based defendant Ekrem Ates for allegedly using their Instagram accounts to delete information from users’ profiles. more than 350,000 users of this platform.
Octopus: scrap rental
The first action is against a company called Octopus, the American subsidiary of a national Chinese high-tech company that claims to have more than one million customers. Octopus offers access to scraping services and software that customers can use to scrape any website. For a fee, Octopus customers can launch scraping attacks from its cloud-based platform or hire Octopus to scrap websites directly. Octopus offers data recovery from Amazon, eBay, Twitter, Yelp, Google, Target, Walmart, Indeed, LinkedIn, Facebook and Instagram.
After paying to access the scrapping software, customers had their Facebook and Instagram accounts hijacked by providing their Octopus credentials. Octopus, the user’s Facebook friends, such as email address, phone number, gender and date of birth, as well as Instagram followers and username, profile URL, location, and the number of likes and comments per post.
Meta is a leader in legal action to protect people from these types of services that provide scraping as a service on many websites. Companies like Octopus are part of a growing scrap industry that provides automation services to any customer, regardless of who they target or what their purpose is. This industry makes scrap available to individuals and businesses that would otherwise not have access to it.
Our lawsuit alleges that Octopus engaged in unauthorized, automated scraping in violation of our Terms of Service and the Digital Millennium Copyright Act, attempting to hide their scraps and avoid being detected and blocked by Facebook and Instagram. We are seeking a permanent injunction against Octopus. Protecting people from for-hire scraping services that operate across multiple platforms and national borders also requires a collective effort by platforms, politicians and civil society, and is sometimes necessary to prevent abuse by sellers and buyers. .
Mystalk: Target clone sites
We also filed a lawsuit against Turkey-based defendant Ekrem Atesh for allegedly using automated Instagram accounts to extract information from the profiles of more than 350,000 Instagram users. These profiles were visible to users logged into Instagram. Respondent posted the extracted data on its own websites or “clone sites”. A clone site is a website that copies and displays Instagram profiles, posts and other information without permission. Our External Data Abuse team has provided information on how we work to protect people from clone sites.
As of February 2021, we have taken several enforcement actions against this defendant, including deactivating the accounts, sending a cease and desist letter, and revoking their access to the Meta services.
Meta doesn’t exactly have clean hands when it comes to unwanted scraps. Several Facebook users who switched to contact sharing in 2018 were shocked to discover that the company had collected years of phone conversation metadata from their Android phones. The data includes names, phone numbers, and the duration of each call made or received. Facebook has denied that the data was secretly collected.
Sources: Complaint from Meta, Disclosure from Meta about Octopus
What do you think about Voyager Labs in particular and scraping service rentals in general?
Lean more on the side of Meta who believes that automated scraping through fake accounts is against its usage policy, rather agree with those who believe that publicly defined data will be collected regardless of the method?