On October 15, the Meta vs Wire saga took more turns and twists after The Wire published a “rebuttal” to Meta’s assertations that the alleged expose by the leftist portal was based on fabricated evidence. In its rebuttal, The Wire made several claims to justify its expose. However, most of their claims faced speculations and raised even more questions over the authenticity of the whole fiasco.
Meta’s Communication head Andy Stone said, “I know – and whoever is now going to increasing lengths to fabricate this story knows – this is completely false. I never sent, wrote, or even thought what’s expressed in that supposed email, as it’s been clear from the outset that @thewire_in’s stories are based on fabrications.”
4/x The specific mechanics of the medium just don’t allow for it.
— Brent Kimmel (@Kimmelpalooza) October 16, 2022
Also, read the email and read like… Anything Andy ever wrote. Diction is completely off, obviously an ESL composer.
For those who are unaware of what has been happening, The Wire has claimed that the NDA-led Central government of India has been provided by Meta (Facebook and Instagram’s parent company) with extensive power to remove any content from the platform(s). To prove their point, The Wire provided “evidence” of a post removed within minutes of getting published as it was flagged by Bharatiya Janata Party IT Cell Chief Amit Malviya.
While Meta and The Wire have locked horns over the alleged expose, there has been no official statement from Malviya or the union government in the matter. Notably, The Wire had made such allegations before as well with the “Tek Fog” application, where they had claimed that BJP’s tech team had created an application to bombard the social media platforms with posts against those who speak “ill” of the government, its leaders and the party. However, there was not any evidence to price the allegations, and the matter got faded away.
The Wire’s “expose” on Tek Fog came at the time of the Uttar Pradesh state assembly elections, and now the Meta “expose” came at the time of the Gujarat elections. Both states are incredibly crucial for the BJP.
Former colleague of Andy raised red flags at The Wire’s report
Brent Kimmel of Squarespace who has worked with Andy as Tech expert, raised red flags over The Wire’s report. He pointed out that the ‘receipt’ confirmation made by the server only proves that the network request was made. He said, “It means nothing in terms of whether or not a person (let alone a specific person) received it, viewed it or interacted with it in any way. You simply can’t do “gotcha” journalism over email.”
3/x but all your “receipt” means is that some network request was made. It means nothing in terms of whether or not a person (let alone a specific person) received it, viewed it or interacted with it in any way. You simply can’t do “gotcha” journalism over email.
— Brent Kimmel (@Kimmelpalooza) October 16, 2022
Furthermore, he pointed out that the language was not what Andy would have used. “Also, read the email and read like… Anything Andy ever wrote. Diction is completely off, obviously an ESL composer.”
4/x The specific mechanics of the medium just don’t allow for it.
— Brent Kimmel (@Kimmelpalooza) October 16, 2022
Also, read the email and read like… Anything Andy ever wrote. Diction is completely off, obviously an ESL composer.
He added that he hadn’t talked to Andy in over a decade but worked with him in a high-pressure environment. he said, “I would have remembered if he spoke to his colleagues that way. He doesn’t.”
Also, I haven’t spoken to @andymstone in roughly a decade, but I worked with him in a pretty high-pressure environment and I would have remembered if he spoke to his colleagues that way. He doesn’t.
— Brent Kimmel (@Kimmelpalooza) October 16, 2022
‘They read the email,’ claimed The Wire
The first claim that The Wire made in their report was the emails they sent on the @fb.com extension were opened by the respective receivers. They used a technology called ‘superhuman’ that allows the sender to check if and how many times the receiver opened the email. This technology has been around for quite some time, and several email clients and extensions add the feature to your email clients.
It adds a 1×1 pixel external image in the email. Whenever someone opens an email, it records the information. Most security experts see it as an invasion of privacy of the receivers, but the technology has thrived for years because of its use in business communication.
Though OpIndia cannot verify independently as of now if what they are saying is true or not, ethically, The Wire, a platform that talks in length about privacy, has done something extremely unethical. Superhuman faced extreme criticism in 2019 over the feature. They were tracking the location of the receivers and logging them. After much criticism, they made several changes, and the CEO had to say that they were making the changes publicly.
Superhuman still has the feature and claims it is “for business purposes” to make it easier to close the “deals faster.” OpIndia has sent an email to Rahul Vohra, Founder, and CEO of Superhuman, to get his views on the use of the platform for “expose” and how he feels about the invasion of privacy for that matter. We are waiting for a reply from Rahul on the matter and will add or publish it as an additional report when and if we get a reply from him.
It is noteworthy that experts in the field have raised concerns over the matter. Martin Obiols, a cybersecurity expert, said, “Do not praise people using clients that provide read-statuses for email. This is a huge privacy violation regardless of its purpose of doing it. I seriously do not understand how these tools are allowed under data privacy laws.”
Do not praise people using clients that provide read-statuses for email. This is a huge privacy violation regardless of the purpose of doing it.
— Martín Obiols (@olemoudi) October 15, 2022
I seriously do not understand how these tools are allowed under data privacy laws https://t.co/dXhZB1RPXY
Not to forget, most email clients, including Gmail, stop external images from loading as a security feature. How Superhuman managed to get around such features in Meta’s email client is another matter of concern. If this claim is true, Meta is not using the required security features.
Superhuman or any app is NOT fool-proof evidence
Another important point is, as Superhuman has STOPPED tracking the location, there is another way to say that someone has read it. Say The Wire sent it to someone else in BCC or forwarded the email to someone else, and the other receiver opened the email. The tracking will be based on the same pixel image. In that case, it will show that the email was opened by the recipient.
Let’s take an example. Say I want to track if my boss Nupur J Sharma read the email I sent. I used Superhuman or another application to do so. She read I got the information, and it’s done. This was the first scenario. In the second scenario, I want to implicate my boss read the email but ignored to acknowledge it. In that case, I would BCC it to my personal email ID, or I will forward the email to someone else. When the email gets opened by me or someone else, I can show that my boss opened the email as there is no way to trace the location from where the email was opened. Now I am the devil at my office! This is why such tracking applications cannot be solid evidence in an expose like this.
The DKIM mumbo-jumbo!
Now, The Wire made its way to technical in the next step. The Wire claimed that they used a python-based open-source tool called dkimpy to verify if the email came from an authentic source or not. There is way too much technical jargon in the report that needs simplification. Basically, this tool allows the user to ensure of the email came from an authentic source or not. It checks the header (code-based technical information) of the email and matches it with the sender’s digital signature.
Ideally, this system not only traces the source but also provides information if anything was changed in the email during the transit. In case you are unaware, there are ways to modify the email while it travels from the source to the destination. Codes can be injected, information can be altered, and so on. This is why encryption of the data is essential.
Anyway, this is where The Wire made a blunder that was noticed by a Twitter user Technical Trading Guru that goes by the handle @techtradeguru on Twitter. We will not go into the DKIM claim authenticity but point out the alleged photoshop saga that raised questions over The Wire’s report.
At 12:01 AM, techtradeguru pointed out that the screenshot of the emails from Experts used in the report to verify their DKIM claim had the date wrong. The emails were received in 2021, as per the screenshot.
SEE HOW BEUTIFULLY THE WIRE STAFF SAYS THAT THEY VEIFIED DKIM OF MAIL
— Technical Trading Guru (@techtradeguru) October 15, 2022
BUT HAVE FAKED WRONG DATE IN EMAIL AS OF 2021.
COMPLETE PIECES OF SHHHHH https://t.co/sGm5PL3PC4
We checked and verified the claim using WayBackMachine by Archive.org. Here is the screenshot of that particular section in The Wire’s report with timestamp 12:51:59 on WayBackMachine. Please note that WayBackMachine uses GMT timestamps. IST timestamps are not available.
After techtradeguru and others pointed it out, The Wire changed the screenshots, and it showed 2022 as the year. This screenshot was timestamped 14:32:41 on WayBackMachine.
The current version of the report contains the identity of one of the Microsoft employees who checked the authentication of the dkimpy used by The Wire and allegedly confirmed that DKIM signature test of the email has passed. It is notable that Facebook is using Microsoft’s email services.
However, there was another set of blunders made by them. First, the new screenshot was evidently photoshopped. Techtradeguru pointed it out and said, “They have copied the first 2 of 2021 and pasted in place of 1. I have done the pixel analysis.”
ALSO THEY HAVE COPIED THE FIRST 2 OF 2021 AND PASTED IN PLACE OF 1. I HAVE DONE THE PIXEL ANALYSIS.
— Technical Trading Guru (@techtradeguru) October 15, 2022
ANY OTHER PERSON CAN DO TOO.
We made a GIF of the images he mentioned in his tweet to make it easier to understand. Ideally, when there should have been more space between “2022” and “at” in the screenshot which was missing. It shows that the screenshot was a photoshopped version of the older screenshot and not a new one.
Moreover, they changed the date but did not change the day. The 2021 and 2022 calendars are not identical in terms of Days. That means 12 October and 14 October in 2021 and 2022 fell on different days of the week. Multiple Twitter users pointed out this particular mistake made by The Wire. In both screenshots, the days remained Friday and Wednesday respectively. Trying to justify this discrepancy, Wire claimed that it was due to the fact that the dates were incorrectly set on TailOS, a Linux-based portable OS. But netizens pointed out that even if the date is wrongly set in the system, it will not result in a mismatch between the day and date, if it shows the wrong date, it will show the day corresponding to that wrong date only.
It was pointed out by tech expert Pranesh Prakash in a detailed Twitter thread on The Wire’s latest report. He wrote, “Now, @thewire in is saying the incorrect dates are due to TailsOS being used and being set to the wrong date. Except, it doesn’t take a genius to realize that even were that true, TailsOS would show: Thursday, October 14, 2021 and Tuesday, October 12, 2021 NOT Fri & Wed.”
Now, @thewire in is saying the incorrect dates are due to TailsOS being used and being set to the wrong date.
— Pranesh Prakash (@pranesh) October 15, 2022
Except, it doesn’t take a genius to realize that even were that true, TailsOS would show:
Thursday, October 14, 2021 and
Tuesday, October 12, 2021
NOT
Fri &
Wed pic.twitter.com/yHPjS3Syse
We verified the days of all four dates and here is the screenshot compilation from Google.
The Wire’s report, the reporter who wrote the report, and the Founding editor have claimed that the date was messed up because the OS was recently re-installed on the reporter’s computer, and the OS (TailsOS) that they use has a history of messing up the dates after installation. They further claimed that the new screenshot was taken after setting the date right. However, they failed to provide any explanation of the wrong Days of the week in the screenshots. No matter how messed up the OS is after re-installation, it cannot take the Day of the week wrong.
Also, Pranesh pointed out that the difference in year would not have been possible. He said, “If TailsOS was used to receive an email, Tails must have connected to Tor. However, Tails “automatically synchronizes the system time at start”, Tor fails w/ wrong time, & apps use UTC. So if time can’t be off by *a year*, only few hours (to match Tor IP).” The TailsOS connects to the Internet through the anonymous network Tor.
If TailsOS was used to receive an email, Tails must have connected to Tor.
— Pranesh Prakash (@pranesh) October 15, 2022
However, Tails “automatically synchronizes the system time at start”, Tor fails w/ wrong time, & apps use UTC.
So if time can’t be off by *a year*, only few hours (to match Tor IP)https://t.co/KeJQhDzEpm pic.twitter.com/64cnHN5Hdk
Moreover, most people who have used the Internet and web-based services must have seen that several of such services do not work if the date in the system is wrong. Nowadays most systems automatically synchronise the time with the web, and therefore we don’t face such issues. But for Wire to claim that an exclusively Internet-based OS didn’t synch the time and it was wrongly set manually raised suspicions.
There is a lot to the story that The Wire has presented. As experts have pointed out mistakes and some experts have offered to independently check the DKIM claims, it will be interesting to see how the story moves further.