Artifact and what privacy users want

The Instagram founders Kevin Systrom and Mike Krieger launched Artifact. An app that is promoted as “TikTok for text - a personalized news feed, powered by AI”. 

The news feed shows news, lifestyle articles, blogs and special interest sites. It uses machine learning to understand your interests and will let you discuss those articles with friends. Their recommenders are enabled by Google's transformer technology (the "t" in GPT). It sounds like a promising app for people in news and politics who look for a new home after the Twitter ownership changed, and who feel that today’s news feeds are too noisy and strenuous. 

But based on their privacy notice, there are some interesting parts in their business model with relevance to the privacy and security of their users and the integrity of the information environment. 

I had a look at their privacy notice. Here are some observations:

1. The product

• Users can create accounts, follow and message each other and share content 

• Artifact collaborates with publishers to let them promote their content on the platform

• Artifact’s AI-enabled recommenders show users personalized content and ads

• Privacy & security issues based on common threat vectors 

Apart from generic issues such as account security, the privacy and security of messages, ad safety, brand safety and copyright infringements as well as content safety and content moderation - it will be interesting to see how Artifact addresses three things:

1. How resilient are their recommenders against abuse by adversaries and state-actors? Algorithmic abuse, scaled abuse, novel abuse not only harm users but also publishers, brands, their business model and the entire ecosystem. 

2. How do they select publishers and avoid political bias on the platform - if at all? Is it okay for Artifact when state-actors and state-owned media outlets buy ads and distribute content?

3. Are they prepared for the mid and long term impact that highly personalized and siloed individual news feeds have on their users and on societies? 

2. The business model 

• Interest-based targeted advertising.

• Marketplace for publishers. Artifact takes a commission fee.

• The collection and sharing of user data with third parties. This may be advertisers, publishers or anyone who is interested in custom audience and market research. 

From here, Artifact can grow into 4 different directions: It can become 

1. Another ads-driven social network

2. A marketplace for publishers and content creators

3. A creator-driven platform - YouTube for text. 

4. Something else

Artifact identifies users off-platform “such as Facebook, Twitter, Instagram, LinkedIn and other social media forums” by a unique user ID, a hashed email address or a first-party pixel. They don’t mention what they do with the phone number that users need to provide to create an account. 

Privacy & security issues based on common threat vectors 

Apart from the issues any platform has such as the safety and privacy of personal information including location and device data they collect, store and share as well as the data they share with their service providers, there are three interesting parts: 

1. How are they planning to avoid state actors or their affiliates making use of the personalized user ID and track users across devices and platforms? 

2. What kind of data are they planning to sell to organizations who are interested in custom audience and market research?

3. How do they make sure user data they shared is not abused by state actors and their affiliates?

From a compliance perspective, Artifact is subject to platform regulation where their users are. This may include but is not limited to the California Consumer Privacy Act, the European Digital Services Act, the Digital Markets Act and corresponding legislation in Australia, India or the UK. 

In the specific case of Artifact, it will be interesting to see if and how they address the “snippet tax”- a European copyright directive that requires companies to pay publishers when parts of their content (snippets) appear on their platform - particularly together with targeted ads.

Tldr; 

While Google Search and Google Ads give users a choice to opt out from personalized content and ads, Artifact bets on exactly this: Highly personalized content and ads and user tracking. Apart from the generic privacy and security issues that apply to every platform, specific challenges for Artifact are the resilience of their recommenders, data privacy, potential news bias on their platform as well as the behavior of users who experience highly siloed news and content by default. 

Artifact is an interesting test case for what users want today: More ownership, privacy and security of their data on the one hand or a relief of today’s complex world with the cost of their personal data on the other hand.

Artifact’s Privacy Notice