APIs and Your Privacy

Application programming interfaces, or APIs, have been the topic of much recent discussion. Newsworthy events, including those involving Facebook’s API and Cambridge Analytica obtaining information about millions of Facebook users, have highlighted the technical capabilities of APIs for prominent websites and mobile applications. At the same time, media coverage of ways that APIs have been misused has sparked concern for potential privacy invasions and other issues of public policy. This paper seeks to educate consumers on how APIs work and how they are used within popular websites and mobile apps to gather, share, and utilize data. APIs are used in mobile games, search engines, social media platforms, news and shopping websites, video and music streaming services, dating apps, and mobile payment systems. If a third-party company, like an app developer or advertiser, would like to gain access to your information through a website you visit or a mobile app or online service you use, what data might they obtain about you through APIs and how? This report analyzes 11 prominent online services to observe general trends and provide you an overview of the role APIs play in collecting and distributing information about consumers. For example, how might your data be gathered and shared when using your Facebook account login to sign up for Venmo or to access the Tinder dating app? How might advertisers use Pandora’s API when you are streaming music? After explaining what APIs are and how they work, this report categorizes and characterizes different kinds of APIs that companies offer to web and app developers. Services may offer content-focused APIs, feature APIs, unofficial APIs, and analytics APIs that developers of other apps and websites may access and use in different ways. Likewise, advertisers can use APIs to target a desired subset of a service’s users and possibly extract user data. This report explains how websites and apps can create user profiles based on your online behavior and generate revenue from advertiser-access to their APIs. The report concludes with observations on how various companies and platforms connecting through APIs may be able to learn information about you and aggregate it with your personal data from other sources when you are browsing the internet or using different apps on your smartphone or tablet. While the paper does not make policy recommendations, it demonstrates the importance of approaching consumer privacy from a broad perspective that includes first parties and third parties, and that considers the integral role of APIs in today’s online ecosystem

Mobile Privacy and Business-to-Platform Dependencies: An Analysis of SEC Disclosures

This Article systematically examines the dependence of mobile apps on mobile platforms for the collection and use of personal information through an analysis of Securities and Exchange Commission (SEC) filings of mobile app companies. The Article uses these disclosures to find systematic evidence of how app business models are shaped by the governance of user data by mobile platforms, in order to reflect on the role of platforms in privacy regulation more generally. The analysis of SEC filings documented in the Article produces new and unique insights into the data practices and data-related aspects of the business models of popular mobile apps and shows the value of SEC filings for privacy law and policy research more generally. The discussion of SEC filings and privacy builds on regulatory developments in SEC disclosures and cybersecurity of the last decade. The Article also connects to recent regulatory developments in the U.S. and Europe, including the General Data Protection Regulation, the proposals for a new ePrivacy Regulation and a Regulation of fairness in business-to-platform relations

Understanding the Detection of View Fraud in Video Content Portals

While substantial effort has been devoted to understand fraudulent activity in traditional online advertising (search and banner), more recent forms such as video ads have received little attention. The understanding and identification of fraudulent activity (i.e., fake views) in video ads for advertisers, is complicated as they rely exclusively on the detection mechanisms deployed by video hosting portals. In this context, the development of independent tools able to monitor and audit the fidelity of these systems are missing today and needed by both industry and regulators. In this paper we present a first set of tools to serve this purpose. Using our tools, we evaluate the performance of the audit systems of five major online video portals. Our results reveal that YouTube's detection system significantly outperforms all the others. Despite this, a systematic evaluation indicates that it may still be susceptible to simple attacks. Furthermore, we find that YouTube penalizes its videos' public and monetized view counters differently, the former being more aggressive. This means that views identified as fake and discounted from the public view counter are still monetized. We speculate that even though YouTube's policy puts in lots of effort to compensate users after an attack is discovered, this practice places the burden of the risk on the advertisers, who pay to get their ads displayed.Comment: To appear in WWW 2016, Montr\'eal, Qu\'ebec, Canada. Please cite the conference version of this pape

GALACTICOIN: A new revenue stream for Real Madrid based on blockchain technology

White paper.SUMMARY: Football is indeed a beautiful game, and its appeal is unrivaled. This industry continues its pace as one of the fastest markets in the world and during the last years, the way clubs interact and engage with the fans has changed significantly due to digital transformation (KPMG, 2018a, pp.3), and the behavior of the new millennial generation. Likewise, fans and football supporters are looking to connect with their clubs and players, that’s why the participation on social media networks has increased, as well as the use of different technologies to enhance a better and personalized customer experience. Considering Real Madrid, as one of the leaders in the industry and the most valuable in terms of digital, how the club will face the fast development of technology to create a closer bonding with the upcoming generations? The current report is structured within five parts to provide an exciting project proposal that might boost the club’s potential, finding a solution to reach this challenging target market. The first part focuses on the situation analysis of the football industry and key industry trends plus an overall overview about Real Madrid (revenue, brand value, fans, digital strategy) introducing a current challenge the club is facing: Santiago Bernabéu renovation. Based on Real Madrid’s stadium case, the second part states the objectives and strategic planning to find a solution for the club through a new revenue stream based on a disruptive technology: the blockchain. For instance, the third part explains this technology and its advantages through a real example. Then, the report introduces the concept that the current project proposes: the Galácticoin for Real Madrid. The idea will be explained in detail, with all its benefits, timeline and the expected revenues. Finally, the document presents the conclusions based on a finance, brand value and fans perspective, according to the project objectives; the team chart description, advisors and references consulted

Incentives for Quality over Time – The Case of Facebook Applications

We study the market for applications on Facebook, the dominant platform for social networking and make use of a rule change by Facebook by which high-quality applications were rewarded with further opportunities to engage users. We find that the change led to quality being a more important driver of usage while sheer network size became less important. Further, we find that update frequency helps applications maintain higher usage, while generally usage of Facebook applications declines less rapidly with age