Hi,

Welcome back to Techtris, your weekly(ish) digest of what’s ahead in tech, culture and their intersection. Last week’s newsletter was a one-topic special and I’ve spent a lot of the week talking to people in that area – generative AI and deeply problematic material – and hopefully I might have a bonus news-y newsletter on that topic in the next week or so.

If you’d like to be across that and haven’t already subscribed, the button is just below this paragraph. And please do consider upgrading to paid to help support me putting this out – especially if you like the more reported-out extra content.

In the meantime, on to your regularly scheduled Techtris!

Facebook sees you when you’re sleeping, knows when you’re awake

There’s a fascinating story in today’s Observer (for non-UK readers, the sister newspaper of the Guardian) about an apparent “data breach” from the NHS to Meta, the parent company of Facebook.

The NHS, the article reports, is sharing “intimate details about patients’ medical conditions, appointments and treatments” with Meta, “without consent and despite promising never to do so”.

On the face of it, this all looks…pretty bad! Why is the NHS handing over such confidential information when it has publicly promised not to do so? And why on earth does Facebook want this stuff?

The reality is all a little bit more complicated. The story isn’t wrong, at all, and is in fact a solid piece of reporting on the workings of the modern internet. 

But first it’s perhaps best to address a relatively minor issue: “breach” has a specific meaning in the online security world, and it relates to unauthorised access of data, either by an employee or contractor misusing data to which they have access, or an external hacker accessing systems. That is not at all the accusation here.

What the story centres on is a product called Meta Pixel. This is a tool that puts a one pixel by one pixel image – as small as an image can get – onto web pages, with the operator’s consent. 

The image is loaded from Meta’s servers, which means the company is able to see some browsing information. Because the very fact of being on, for example, a “book an appointment” page for an STD clinic is quite suggestive information – especially if it came after viewing an HIV information page – this seemingly innocuous tracking pixel can quickly be harvesting quite sensitive data.

The Meta Pixel tracks the IP address for any user that is on a site, but if you’re logged in to Facebook, it is generally aware of that – so it can connect your browsing activity to your Facebook profile. This is what generates the most value for Meta, as it lets the company target you much more effectively with ads.

The companies, charities, or in this case NHS Trusts that put these pixels on their site do so in exchange for useful analytics tools for their own use. In this instance, it seems that the NHS forgot that on the internet, if you’re not paying for a service then you’re not the customer – you’re the product.

The Observer’s reporting seems to suggest that there was very little bad intent on any side here, which is almost more alarming than if there had been. The trusts concerned put the tracking pixels onto some of their more innocuous public-facing sites and hadn’t noticed when it was copied over to much more sensitive content.

Meta doesn’t actively choose what to target with the pixel – it tracks wherever site owners install and use it. Given the risks of storing and processing particularly sensitive personal data (especially in Europe), Meta almost certainly doesn’t want this information. NHS trusts certainly didn’t want to hand over sensitive patient data to a US tech company. 

This was a result of bad understanding of the internet by people who should know better, and perhaps of Meta failing to communicate what Pixel does and to create better warnings about what is happening.

But we all share some of the blame here. It should be absolutely known that the big tech companies follow you site-to-site across the internet. This is not just a Meta/Facebook thing: Google, Apple and others have ways of monitoring you as you browse and using this to target ads. 

When you visit a page, some of your data is shared not just with the site operator and a few other companies, but potentially hundreds or thousands of companies with every click. When that’s just business as usual across billions or trillions of clicks, what does a breach even mean in such a world?

We deal with this by ignoring it, grousing about adverts and privacy while continuing to insist on an internet that relies on breaching privacy on an industrial scale – by not thinking about it. But that head-in-a-sand mentality comes at a cost. Today, it was handing over health information to a tech giant. What will the toll be tomorrow?

Everything I don’t know is easy

This is something I intend to write about at (much) greater length in the near future, but it’s an idea I’d like to float first here – please do share any thoughts on it by email or on Twitter.

Something struck me as I listened – or failed to listen – to Ron DeSantis’s catastrophic campaign launch on Twitter Spaces this week. Primarily, it was that an audio broadcast to a few hundred thousand listeners is not very hard. In the UK, multiple radio breakfast shows go out to up to eight million listeners, every day, with no problems.

Online, streaming is pretty much a solved technology, even for millions of concurrent streams. Five years ago, BBC iPlayer was routinely handling about 500,000 simultaneous users streaming HD content. The gaming service Twitch has handled a record 3.3 million people watching a video stream at one time. 

It wasn’t just the technical side of things that was a farce: it was clear no-one had planned out the content of the event either. A friendly three-way panel interview is a very easy format – there is a reason it is the entry-level format for live events and for new public speakers. 

But it does take a bit of planning, especially if you’re intending to make news out of it. That also seemed to be missing – the event sorely lacked production, rehearsal, tech checks, and on the technical side lacked any kind of test run for server load and so-on.

All of which chimes with a growing sense – teased in the title for this section – that big tech’s original sin is assuming that code is hard (just look at how many people don’t understand it), but everything else is easy. And if you can code, or solve engineering problems, then those lesser problems that everyone else deals with… how hard can they be?

This was the defining problem of most tech companies that live in the real world: Uber decided taxis were clueless, licensing was pointless, and it could transform everything. For a time, it did – until bit by bit it started to realise why the world worked like it did. 

It started to require standardised fleets of cars, background checks on drivers, realised it needed regulatory approval to operate in most cities, and so on. Eventually it also realised that it’s much easier to sell a ride that costs the company $20 for $10 than it is to sell it for $25. 

The only time Uber really tried to get in an actual tech race was when it briefly considered parcel delivery – only to discover DHL and its rivals have really, really good pathing and route technology already, causing it to beat a hasty retreat into food delivery instead. Uber hasn’t disrupted transport, it’s just… slightly modernised it.

You can tell a very similar story with Airbnb and hotelling, regulators, and the like, while WeWork essentially just learned that “buy long-term, sell short-term and much cheaper” isn’t actually a plan to change the world. Where big tech has come into existing sectors, the main disruption it caused was as a result of subsidy, not as having found a whole new amazing way to do everything better.

But I don’t think that’s taught anyone anything. Tech bros are still just as eager to move out of their expertise as ever they were. Elon Musk thinks he knows how to run a social network, somehow, despite helming Twitter with all the long-term strategic thinking of a kamikaze pilot. His response to the DeSantis cataclysm was to pretend it was leading the news across the world (it wasn’t), it was a triumph (it wasn’t), and then conspicuously not mentioning that Twitter’s head of engineering had “parted ways” with the company the following day. 

Engineering is genuinely difficult. Coding is often difficult too. It’s just that human resources, working with regulators, legal compliance, public relations, and numerous other tasks are often also difficult – and just because they operate differently and present problems of a different nature to those of engineering or code, it does not make them simpler.

This feels to me like an incredibly obvious lesson that a lot of apparently very clever men are unable to learn.

Tech titbits

Mostly a bunch of silly stuff this week, as I feel we all need a bit of a break.

• The Australian poses the question asked of humanity since the biblical era: am I my reply guys’ keeper?

• For those who remember Shingy – and if you don’t remember Shingy, please Google him – the “peak tech” job title is back.

• The Messenger is a fully-funded big-name New York media startup that’s mostly finished hiring 150 journalists, including some big names. And…it seems to just be trying to use them to game SEO traffic with valueless rewrites, which is causing friction. This might, as has been noted, be a newsroom that you could just replace with ChatGPT. (Anyone who knows more about what’s going on there, do get in touch).

• Nina Jankowicz, who briefly ran the DHS’s ill-fated disinformation committee, has been sanctioned by Russia. Congratulations Nina!

• I may write this up properly soon: when is a hack not a hack? The UK’s border security seems perfectly capable of falling over without any outside help.

And finally…we need to talk about…Jack?

I wrote a few weeks ago on my scepticism about Bluesky, and I’m already feeling vindicated. Back then, my Twitter feed was half people tweeting about how wonderful it was over there, and half people trying to beg for invitations. 

I haven’t seen either type of post for ten days or so. Perhaps it’s because they’re all now on Bluesky and feel no need to return to Twitter, but…I doubt it. My feed is no quieter than it was back then.

But perhaps more significantly, I am wondering whether there is something in the billionaire psyche that cannot bear losing the spotlight. Before Elon Musk, Twitter already had a weirdo billionaire owner with bizarre habits and other companies that he should be running – its co-founder Jack Dorsey.

Dorsey is also by default a founder of Bluesky, which was spun off from Twitter some time before the Musk takeover. But Dorsey has decided to use Twitter as the platform from which to launch a series of bizarre and conspiratorial tweets. These have included “splinter the CIA, NSA, and FBI into a thousand pieces and scatter them into the winds”, “America has a problem”, and “Whoever controls the media controls the mind”.

Profound stuff, I say with a heavy eyeroll. Other than an I-told-you-so for my warning about putting too much trust in a Dorsey project – and a plug for my “why does no-one think they’re in charge” piece for the New European – I am mainly struck with one thought. Can billionaires just… not? Everything is tiring enough already. Hereby, I launch my campaign: Make Billionaires Sane Again. I hope for your support.

Until next week,

James

Techtris is written by James Ball and edited by Jasper Jackson, who accepts full responsibility for all typos, errors, bad opinions, and potentially libellous content.