Bulletins

Small businesses are pissed at misguided Princeton privacy project

Moscow's Vlad Orlov is not real.

A worker hidden behind a computer

Turns out, Vlad Orlov is a bot.

Image: Sigmund / Unsplash

Turns out, Vlad Orlov is a bot.

The supposed "Orlov" and other senders sent emails like the one sent to a website managed by Audrey Eschright, a Portland, Oregon-based writer, community organizer and software engineer. The messages went something like this: “My name is Vlad Orlov, and I am a resident of Moscow, Russia. I have a few questions about your process for responding to General Data Protection Regulation (GDPR) data access requests.”


The problem is, they’re not real, and website admins and small business managers are not happy about them. The emails were sent automatically by a team of researchers at Princeton attempting to learn about how websites respond to requests for data access under Europe’s General Data Protection Regulation and California’s privacy law.

“You have wasted 1000s of hours of people’s time and probably caused thousands of dollars in legal fees. This was a monumental [misjudgment],” U.K. software developer Andy Brice tweeted on Dec. 19. Brice, who runs software consultancy Oryx Digital, added that his friends at other companies also received the automatically generated emails requesting to learn information about how companies process GDPR data access requests and what personal information people need to provide in order to process the requests.

“Where do I send my invoice?” asked Brice rhetorically.

Now the Princeton-Radboud Study on Privacy Law Implementation — at least in its original, bot-like form — is kaput. Its principal investigator, well-known privacy researcher Jonathan Mayer, said his team stopped sending automated inquiries on Dec. 15.

Mayer issued an apology on a Princeton site associated with the study:

"I have carefully read every single message sent to our research team, and I am dismayed that the emails in our study came across as security risks or legal threats. The intent of our study was to understand privacy practices, not to create a burden on website operators, email system operators, or privacy professionals. I sincerely apologize. I am the senior researcher, and the responsibility is mine."

The project has raised lots of questions and social media discussions around research ethics, why the study passed muster with the Princeton University Institutional Review Board and the obligations of stakeholders when laws create detailed compliance obligations.

For Mayer and other researchers, the project is a learning opportunity. Mayer said his team might send follow-up emails to initial bot-email recipients telling them to disregard the previous automated data access requests. And, he said, “I will use the lessons learned from this experience to write and post a formal research ethics case study” and “I will teach that case study in coursework.”

Latest Bulletins

Javier Soltero is leaving Google Workspace, Google Cloud President Thomas Kurian announced Wednesday in an email to staff viewed by Protocol. Soltero will leave his role effective July 15th.

Keep Reading Show less

San Francisco-based game development tools provider Unity is laying off hundreds of employees, according to a report from Kotaku.

Keep Reading Show less

Niantic is reportedly cutting between 85 and 90 staff members, or 8% of its workforce.

Keep Reading Show less

Crypto hedge fund Three Arrows Capital has reportedly received a court order to liquidate after creditors sued the company over unpaid debts.

Keep Reading Show less

Just months after committing to spend $925 million on carbon dioxide removal, a collection of major tech companies has announced its first purchases. The group, operating under the banner of Frontier, announced it had purchased nearly 2,000 tons of CDR services from five companies. It's a small ripple in the CDR pond, but one Frontier hopes will turn into a wave to bring down the costs of removing carbon.

Keep Reading Show less

The Federal Trade Commission has sued Walmart, alleging the retail giant "turned a blind eye" to fraud worth hundreds of millions on its money transfer services.

Keep Reading Show less

Eric Schmidt described his first five years at Google as "pure, naive techno-optimism," in that the company believed that applying American values like free speech is good for the world. But Google hit a brick wall when it bought YouTube.

Keep Reading Show less

The Biden administration's hot electric vehicle summer continues to zip along. On Tuesday, the White House announced $700 million in commitments for EV charging from private companies. The cash will up U.S. charging manufacturing capacity to 250,000 chargers a year and increase the number of chargers out in the wild. Not too bad!

Keep Reading Show less

Meta said it's working to correct enforcement errors that led to the removal of Facebook posts related to abortion pills and suspensions of user accounts behind the posts. The clarification came after Motherboard discovered that Facebook was instantly removing posts that said "abortion pills can be mailed," which the FDA legalized in 2021.

"Content that attempts to buy, sell, trade, gift, request or donate pharmaceuticals is not allowed. Content that discusses the affordability and accessibility of prescription medication is allowed," Meta spokesperson Andy Stone tweeted in response to the story. "We've discovered some instances of incorrect enforcement and are correcting these."

Keep Reading Show less

Option Impact, a benchmark compensation product from Advanced-HR, has a new owner.

Keep Reading Show less

FTX is reportedly exploring the possibility of buying Robinhood. The crypto exchange led by CEO Sam Bankman-Fried is looking into whether it could acquire the online brokerage, according to a Bloomberg report that cited unnamed sources.

Keep Reading Show less

Backstage Capital, which invests in underrepresented founders, has cut all of its operational staff after it ran into fundraising challenges, according to founder Arlan Hamilton.

Keep Reading Show less

Crypto hedge fund Three Arrows Capital has defaulted on a loan of cryptocurrencies worth $666 million from Voyager Digital, the broker said Monday.

Keep Reading Show less

Goldman Sachs has joined efforts to assist the ailing crypto lending company Celsius, in what would be the biggest effort yet by a traditional financial institution to jump in amid a broad crypto crash. Several large crypto hedge funds, lending companies and brokerages have sought funding or credit amid a liquidity crunch in recent days.

Keep Reading Show less

Los Angeles could become the first major city in the country to ban the construction of new gas stations because of the climate crisis.

Keep Reading Show less

Six of Sony's internal game development studios have issued public messages of support for abortion rights and condemnations of the U.S. Supreme Court's overturning of Roe v. Wade on Friday. It's a notable shift for PlayStation, after Sony Interactive Entertainment CEO Jim Ryan told staff in May to "respect differences of opinion" on reproductive rights following POLITICO's disclosure of details from a leaked draft opinion in early May.

Keep Reading Show less

Yelp is closing its New York, Chicago and Washington, D.C., offices as the company embraces remote work.

Keep Reading Show less

Netflix is laying off hundreds of workers in its second round of layoffs in roughly a month, according to a report from CNBC on Thursday.

Keep Reading Show less

Instagram is testing using facial analysis tools to verify age on the platform, Meta announced in a blog post Thursday.

Keep Reading Show less

EBay was once known as a marketplace for trendy collectibles like Beanie Babies. Now it’s going deep into the new world of NFT digital collectibles.

Keep Reading Show less

TikTok made several new commitments to its advertising and consumer practices, promising to better protect children from hidden ads and inappropriate content. The platform's new pledges come after a complaint filed in February 2021 from the European Consumer Organisation that alleged TikTok broke EU consumer rules.

Keep Reading Show less

Meta has agreed to settle a long-standing lawsuit filed by the Department of Housing and Urban Development alleging discrimination in Facebook's housing ad system. As part of the settlement, Meta vowed to change the way ads for housing, as well as employment and credit opportunities, are delivered on its platforms, and to pay a $115,054 fine.

"Discrimination in housing, employment and credit is a deep-rooted problem with a long history in the US, and we are committed to broadening opportunities for marginalized communities in these spaces and others," Roy Austin Jr., Meta's vice president of civil rights, wrote in a blog post.

Keep Reading Show less

Crypto lender BlockFi has secured a $250 million revolving credit line from FTX, a deal that comes as a broader market meltdown has forced other lenders to freeze withdrawals.

Keep Reading Show less

The solar panel market is a mess. An ill-timed Commerce Department probe has wrought uncertainty beyond the already-fraught supply chain, but at least some U.S. developers are trying to right the ship a bit.

Keep Reading Show less

Microsoft will remove controversial automated tools that predict a person’s age, gender and emotional state from its Azure Face API artificial intelligence service that analyzes faces in images, according to a report published by The New York Times on Tuesday.

Keep Reading Show less
Bulletins