(C) Alec Muffett's DropSafe blog.
Author Name: Alec Muffett
This story was originally published on allecmuffett.com. [1]
License: CC-BY-SA 3.0.[2]


Project Aldrin / Facebook into China, a partial retrospective from someone who saw some of the code

2025-03-09 18:22:47+00:00

Interesting to see {Project Aldrin, Facebook’s attempted entry to China} get more public coverage; it’s a big chunk of the reason that I quit back in 2016, and as Meta spox say “was widely discussed at the time“. Even though the story is now being boosted to promote a book, the moral compromises at play should not be forgot. I personally saw the Aldrin code & developer comments, and some of it sickened me…

Basically: the Aldrin project was set up as a secret project within Facebook — something hardly conceivable at the time, against the open trajectory of most development, and running on rented cloud systems for independence and to reduce cross-contamination issues.

Aldrin was definitely well under development as a corporate strategic goal by mid 2014, because I eventually learned that it was one of the considerations and potential blockers to Facebook’s launching of a Tor onion site — a blocker which was eventually resolved by management working out that Tor is a global solution, not one aimed at China, so “[Tor] is not an anti-Chinese thing, it’s a global thing” was a decision that had to be made by Mark and (if my memory serves correctly, not certain) Elliot Schrage — amongst many others — whilst I waited essentially helplessly to learn if the cool Onion thing my team had built was going to be allowed to be launched.

It was this experience which put “China” onto my radar but I had no idea what the scale, scope, or intention of this “secret project” was.

Eventually, though, the name “Aldrin” popped onto my radar, and through it I discovered a bunch of experimental code which divided the Facebook userbase into “Chinese Users” ( CU ) and non-Chinese Users ( NCU ) and then proposed different treatments for them; this is alluded-to in my goodbye post, about how:

In the new tooling, there is an extra, experimental feature: if members of a community have a certain “bit” set, and if they create an interesting cluster of similar (viral?) content, then that content can be sent for external “content management” review. If the reviewer gives a thumbs-down, the content is suppressed for other people who also have that bit set. There are complex (and possibly buggy) rules about what happens when content passes from a community with the bit set, to one which does not, and vice versa. There is also additional logging of which people are current members of a group from where content was sent for review. […] The bit is to be set based upon the nationality of a person. This feature is a tectonic shift which goes beyond traditional geoblocking (i.e.: “you can’t show posts which mention [topic X] when the user appears to be in [region Y]”) and pushes the content management controls down onto individual accounts. It enables filtering of user content on the basis of a presumed nationality of a person. It could be used – and appears intended – to facilitate state censorship. I consider this to be a highly illiberal and misconceived feature. The fact that we could even contemplate building this is the third reason why I’m leaving. […] Let’s ignore the “censorship” aspect and ask: if we build such a tool and capability for one country, how can we not offer it to more countries? Consider the larger countries which try to armtwist us over access to their markets, our users, their people, our new. Shall we pick-and-choose which countries may benefit from direct oversight of what their populations are buzzing about? Do we believe that we can keep this censorious genie in a single-bit, single-customer, on-or-off, binary bottle? If so, it’s political hubris on an extraordinary scale.

The stuff that I didn’t wholly get into in the post (and, proviso, I am dragging the following up from 10yo mental memory and it may be a bit flaky and was in any case a bit experimental at the time) were the internal code discussions in Aldrin-related Tasks & Code Review, that for instance if a single posting by a CU person as part of a Facebook Group caused the content-review to be triggered, perhaps the entire membership of the group should be provided in the report to the content reviewer?

Put more simply: if someone posted to a Facebook Group and it caught the attention of a censor, the entire group membership might (so went this proposal) be reported.

That struck me as astoundingly stupid, as well as Orwellian; chilling in multiple senses of “speech” and “freedom”.

On the other hand: although I gather they are unrelated codebases, I still maintain that Facebook’s readiness to adopt Fact Checking after the 2016 presidential election, and subsequent usage of Fact Checking during the 2020 Pandemic, can at least in part be attributed to the pre-work that had been done my the Aldrin team, given that the two solutions are essentially the same shape: “characteristics of a posting trigger third-party content review and subsequent downranking if appropriate.”

Censorship, too, is a dual-use technology.

In any case: Facebook/Meta is a company, and as I also said in my goodbye post:

It’s a legitimate business perspective to suggest that Facebook can, and perhaps should, make the world more connected by entering the Chinese market, and in doing so make necessary adjustments in order to comply with local laws and regulations. I have no argument against the legitimacy of this proposition – it’s good business sense. But it’s also a legitimate human perspective to suggest that censorship is illiberal and not in line with our broader company ethic, and that offering it as a service to one/more states would be ethically dubious and (worse) create an ongoing and ever-increasing moral hazard in a global market.

I feel that Meta’s subsequent efforts towards end-to-end encryption have done a lot to redress the concerns I expressed at the time; but we must all collectively hold them to those improvements.

postscript

If you’re going to critique me and/or the above and/or Aldrin in general, please at least first go read my big posting:

…and the contemporary reportage from Mike Isaac at NYT:

current coverage

Mostly related to the new book by Sarah Wynn-Williams:
[END]

[1] URL: https://alecmuffett.com/article/112685
[2] URL: https://creativecommons.org/licenses/by-sa/3.0/

DropSafe Blog via Magical.Fish Gopher News Feeds:
gopher://magical.fish/1/feeds/news/alecmuffett/

You are viewing proxied material from magical.fish. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.