Published on August 11th, 2023 📆 | 1930 Views ⚑
0Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising
The code also shows how Yandex can combine data from multiple services. McCrea says in one complex process, an adultâs search data may be pulled from the Yandex search tool, AppMetrica, and the companyâs taxi app to predict whether they have children in their household. Some of the code categorizes whether children may be over or under 13. (Yandexâs Cherevko says people can order taxis with childrenâs seats, which is a sign they may be âinterested in specific content that might be interesting for someone with a child.â)
One element within the Crypta code indicates just how all of this data can be pulled together. A user interface exists that acts as a profile about someone: It shows marital status, their predicted income, whether they have children, and three interestsâwhich include broad topics such as appliances, food, clothes, and rest. Cherevko says this is an âinternal Yandex toolâ where employees can see how Cryptaâs algorithms classify them, and they can only access their own information. âWe have not encountered any incidents related to access abuse,â he says.
Government Influence
Yandex is going through a breakup. In November 2022, the companyâs Netherlands-based parent organization, Yandex NV, announced it will separate itself from the Russian business, following Russiaâs invasion of Ukraine. Internationally, the company, which will change its name, is planning to develop self-driving technologies and cloud computing, while divesting itself from search, advertising, and other services in Russia. Various Russian businessmen have been linked to the potential sale. (At the end of July, Yandex NV said it plans to propose its restructuring to shareholders later this year.)
While the uncoupling is being worked out, Russia has been trying to consolidate its control of the internet and increasing censorship. A slew of new laws requires more companies and government services in the country to use home-grown tech. For instance, this week, Finland and Norwayâs data regulators blocked Yandexâs international taxi app from sending data back to Russia due to a new law, which comes into force in September, that will allow the Federal Security Service (FSB) access to taxi data.
These nationalization efforts coupled with the planned ownership change at Yandex are creating concerns that the Kremlin may soon be able to use data gathered by the company. Stanislav Shakirov, the CTO of Russian digital rights group Roskomsvoboda and founder of tech development organization Privacy Accelerator, says historically Yandex has tried to resist government demands for data and has proved better than other firms. (In June, it was fined 2 million rubles ($24,000) for not handing data to Russian security services.) However, Shakirov says he thinks things are changing. âI am inclined to believe that Yandex will be attempted to be nationalized and, as a consequence, management and policy will change,â Shakirov says. âAnd as a consequence, user data will be under much greater threat than it is now.â
Bakunov, the former Yandex engineer, who reviewed some of McCreaâs findings at WIREDâs request, says he is scared by the potential for the misuse of data going forward. He says it looks like Russia is a ânew generationâ of a âfailed state,â highlighting how it may use technology. âYandex here is the big part of these technologies,â he says. âWhen we built this company, many years ago, nobody thought that.â The companyâs head of privacy, Cherevko, says that within the restructuring process, âcontrol of the company will remain in the hands of management.â And its management makes decisions based on its âcore principles.â
But the leaked code shows, in one small instance, that Yandex may already share limited information with one Russian government-linked company. Within Crypta are five âmatchersâ that sync fingerprinting events with telecoms firmsâincluding the state-backed Rostelecom. McCrea says this indicates that the fingerprinting events could be accessible to parts of the Russian state. âThe shocking thing is that it exists,â McCrea says. âThere's nothing terribly shocking within it.â (Cherevko says the tool is used for improving the quality of advertising, helping it to improve its accuracy, and also identifying scammers attempting to conduct fraud.)
Overall, McCrea says that whatever happens with the company, there are lessons about collecting too much data and what can happen to it over time when circumstances change. âNothing stays harmless forever,â she says.
Gloss