Forum Navigation
You need to log in to create posts and topics.

Facebook Privacy News Compilation

Edit: This thread started as a one-off article about Facebook collecting data without reading the terms and conditions of the service they used. It was hilarious and pretty scary from a consumer standpoint. As it turns out, Facebook's favorite company pastime is apparently to commit flagrant violations of users' privacy. So, I decided to just turn this into a compliation thread highlighting news about Facebook and its passion for vacuuming up all personal information it can.

Here's the first article I shared:

Facebook did not read the terms and services of the app that improperly shared user data with Cambridge Analytica, the company's chief technology officer said Thursday.

"We require that people have a terms and conditions and we have an automated check there at the time — this was in 2014, maybe earlier," Mike Schroepfer told U.K. lawmakers at a parliamentary committee hearing. "We did not read all of the terms and conditions."

...Facebook did not pull it up on its terms of services until after The Guardian newspaper reported early information about it harvesting user data.

Could you script a more absurd plot twist to this user data harvesting scandal? I really hope this is the beginning of the end for Facebook. I mean, aside from this current stuff, Facebook has always been a clunky and awkwardly designed site.

Also, it's way past time for legislation protecting consumers against the absurdity of terms of service agreements. I mean, literally no one reads them. Can't everyone (except corporate attorneys probably) agree that there's an issue here? Trying to lock users into legally binding agreements that they don't understand and haven't read.

We need something that will define what an acceptable terms of service/terms and conditions agreement looks like:

  • A maximum word length for consumer products
  • Grade-level language at the average for a U.S. adult (remove legal jargon)
  • Stop anti-consumer conditions like restrictions on criticism/benchmarking, restrictions on use of competitor products, agreeing in advance to future changes, etc.


I wonder if there are going to be any consequences for Facebook and Zuckerberg for all these privacy breeches. I think it's going to take a political shift though, because the current president doesn't seem to value holding corporations responsible.

More in "Facebook is a terrible steward of users' data" news...they accidentally set 14 million users' sharing settings to public. So, if you thought your stuff was privately shared, you might want to double check that!

Facebook posts typically default to the last "audience" a post was shared with, such as family members, friends, or friends except their boss. That default was changed to public for the 14 million users, but if affected users noticed, they could have manually switched the setting themselves.

"We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts," said Erin Egan, Facebook's chief privacy officer. "We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time. To be clear, this bug did not impact anything people had posted before -- and they could still choose their audience just as they always have."

And this is my favorite part:

A Facebook spokesperson said the notification is the start of new proactive and transparent way for the company to handle issues going forward.

I'll personally attest to the fact that nothing this company does is transparent. I say this because the Amdall Gallery Facebook page was recently disabled, and I was given no reason why or if it's ever coming back. Because of the total lack of communication or transparency regarding this banned account process, I went ahead and created a new page today. We lost followers and months of history/posts/etc.

So yeah, not a big fan of Facebook as a company.

Facebook really didn't have a good 2018. More privacy issues:

I had previously read somewhere that Facebook creates internal user profiles for people who don't even have profiles, which is pretty outrageous. But here's an article about them tracking Android users even if they didn't use the app.

Facebook's data collecting practices have once again been called into question, after a new report revealed that it "routinely tracked" people who do not use the app.

Their report, which was presented at Chaos Computer Congress in Leipzig, Germany, stated:  "Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools. App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system."

And don't worry! Turning off location apparently doesn't stop Facebook from tracking your location:

“There is no way for people to opt out of using location for ads entirely,” said a Facebook spokesperson by email. “We use city and zip level location which we collect from IP addresses and other information such as check-ins and current city from your profile to ensure we are providing people with a good service—from ensuring they see Facebook in the right language, to making sure that they are shown nearby events and ads for businesses that are local to them.”

Also, just a reminder on smartphone apps and location data...many, many apps sell your specific location history to third parties. This is very common, in fact. The Weather Channel app is catching a ton of heat about this:

People relied on the most popular mobile weather app to track forecasts that determined whether they chose jeans over shorts and packed a parka or umbrella, but its owners used it to track their every step and profit off that information, Los Angeles prosecutors said Friday.

The operator of the Weather Channel mobile app misled users who agreed to share their location information in exchange for personalized forecasts and alerts, and they instead unwittingly surrendered personal privacy when the company sold their data to third parties, the city attorney, Michael Feuer, said.

Feuer sued the app’s operator in Los Angeles county superior court to stop the practice. He said 80% of users agreed to allow access to their locations because disclosures on how the app uses geolocation data were buried within a 10,000-word privacy policy and not revealed when they downloaded the app.

“Think how Orwellian it feels to live in a world where a private company is tracking potentially every place you go, every minute of every day,” Feuer said. “If you want to sacrifice to that company that information, you sure ought to be doing it with clear advanced notice of what’s at stake.”

These tech companies aren't going to self-regulate to any meaningful degree. We really need Congress to intervene and set up some privacy protections for consumers.

Oh Facebook...staying creepy all day, every day. This time catching heat from Congress about invasive apps gathering data on minors as young as 13 years old:

Three of the Senate’s biggest privacy advocates are sending letters to Facebook, Google, and Apple executives Thursday, following a recent TechCrunch report that Facebook used an iOS and Android app to monitor the phones of users as young as 13 years old. The app, called Research and sometimes referred to as Project Atlas, gave Facebook complete visibility into users' app activity, web searches, encrypted data, and even private messages.

The bulk of the senators’ questions are reserved for Facebook and revolve around the company’s alleged attempt to target teenagers and sidestep device makers' privacy policies. Facebook has said that only 5 percent of the app’s users were teenagers, but the lawmakers still want to know if Facebook specifically targeted teens with ads about Atlas. They also ask why the parental consent form that the app’s teenage users had to submit was “less strict” than the one required by Messenger Kids.

Perhaps the most pressing question is what information Facebook actually used and why. Experts have noted that the Research app installed what’s known as a “root certificate” on users’ phones, which granted the company unlimited visibility into users' actions. But it’s still unclear whether Facebook actually analyzed and retained all of that information. The lawmakers are hoping to clear that up.

Looks like Facebook's data sharing practices are getting some attention from law enforcement:

Federal prosecutors are conducting a criminal investigation into data deals Facebook struck with some of the world’s largest technology companies, intensifying scrutiny of the social media giant’s business practices as it seeks to rebound from a year of scandal and setbacks.

A grand jury in New York has subpoenaed records from at least two prominent makers of smartphones and other devices, according to two people who were familiar with the requests and who insisted on anonymity to discuss confidential legal matters. Both companies had entered into partnerships with Facebook, gaining broad access to the personal information of hundreds of millions of its users.

The companies were among more than 150, including Amazon, Apple, Microsoft and Sony, that had cut sharing deals with the world’s dominant social media platform. The agreements, previously reported in The New York Times, let the companies see users’ friends, contact information and other data, sometimes without consent. Facebook has phased out most of the partnerships over the past two years.

The hits never stop coming:

Facebook app developers left hundreds of millions of user records exposed on publicly visible cloud servers, researchers from security firm UpGuard said today.

The researchers said the larger of the two data sets came from a Mexican media company called Cultura Colectiva. A 146GB data set with information like Facebook user activity, account names, and IDs was found that included more than 540 million records, the researchers said. A similar data set was also found for an app called “At the Pool.” While smaller, the latter included especially personal information, including 22,000 passwords apparently used for the app, rather than directly for Facebook.

It’s not clear how long the data was publicly available, or who may have obtained it from the servers, if anyone. Both data sets were found on Amazon cloud servers, and the data was removed after Facebook was contacted, the researchers said. what point are there going to be even minor repercussions for Facebook? I mean, just in this thread we've got seven incidences of privacy violations or data breaches. And it's not even close to a full list. To this point, they just keep chugging away, monetizing peoples' baby pictures and political memes.

And somehow they managed to top themselves! Facebook got email passwords, swiped contacts (presumably for marketing purposes)...and it's still somehow not a massive scandal? It's hard to understand why users aren't abandoning Facebook in droves. No one seems to really care though.

Just two weeks after admitting it stored hundreds of millions of its users’ own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network.

Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically …”

A form below the message asked for the users’ “email password.”

“That’s beyond sketchy,” security consultant Jake Williams told the Daily Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”

At the time, the outlet noted that “the company has recently been criticized for repurposing information it originally acquired for ‘security’ reasons.” It turns out this was exactly what happened, as Facebook logged into users’ outside email accounts and “unintentionally” silently uploaded a copy of their address book to its servers without their knowledge or consent, making off with more than 1.5 million people’s contact lists. The company has promised to delete the data but did not respond when asked to commit to a specific date by which it would agree to delete the illicitly obtained lists.

Facebook also has a checkered history when it comes to securely handling passwords. Last month the company acknowledged that unencrypted passwords for hundreds of millions of its users had been stored for years in company logs accessible to 2,000 employees.

It will probably come as no surprise that in the seven months since I last posted in this thread, Facebook has continued down the path of rampant privacy violations and irresponsible behavior. It's honestly too much to recap right now, but I did see something that offers a nice up to date rebuke from a surprising person.

Sacha Baron Cohen (the one and only Borat) gave a speech denouncing Facebook's damaging behavior and subsequently wrote an editorial in the Washington Post. I always had in mind that Cohen was a sharp guy, but he really outlines some big issues with Facebook (and other tech companies) here well. I'll embed the video, then add some snippets from the editorial.

This is not necessarily related to the privacy issue, but it does offer criticism of Facebook's refusal to be responsible for content on their platform (likewise Google/YouTube and Twitter). Cohen offers some good points about the fact that these companies are actually some of the largest publishers in the history of the world, yet don't want to be held to the same standards as traditional publishers. These companies have completely escaped responsibility to this point for content on their platforms, and it seems like it's time to reexamine that reality.

The ugliness my jokes help reveal is why I’m so worried about our pluralistic democracies. Demagogues appeal to our worst instincts. Conspiracy theories once confined to the fringe are going mainstream. It’s as if the Age of Reason — the era of evidential argument — is ending, and now knowledge is delegitimized and scientific consensus is dismissed. Democracy, which depends on shared truths, is in retreat, and autocracy, which thrives on shared lies, is on the march. Hate crimes are surging, as are murderous attacks on religious and ethnic minorities.

All this hate and violence actually has something in common: It’s being facilitated by a handful of Internet companies that amount to the greatest propaganda machine in history.

Facebook, YouTube, Twitter and other social media platforms reach billions of people. The algorithms these platforms depend on deliberately amplify content that keeps users engaged — stories that appeal to our baser instincts and trigger outrage and fear. That’s why fake news outperforms real news on social media; studies show lies spread faster than truth.

Zuckerberg claimed new limits on social media would “pull back on free expression.” This is utter nonsense. The First Amendment says that “Congress shall make no law” abridging freedom of speech, but this does not apply to private businesses. If a neo-Nazi comes goose-stepping into a restaurant and starts threatening other customers and saying he wants to kill Jews, would the restaurant owner be required to serve him an elegant eight-course meal? Of course not. The restaurant owner has every legal right, and, indeed, a moral obligation, to kick the Nazi out. So do Internet companies.

Zuckerberg speaks of welcoming a “diversity of ideas,” and last year, he gave us an example. He said he found posts denying the Holocaust “deeply offensive,” but he didn’t think Facebook should take them down “because I think there are things that different people get wrong.” This is madness. The Holocaust is a historical fact, and those who deny it aim to encourage another one. There’s no benefit in pretending “the Holocaust is a hoax” is simply a “thing” that “different people get wrong.” Zuckerberg says “people should decide what is credible, not tech companies.” But two-thirds of millennials say they haven’t even heard of Auschwitz. How are they supposed to know what’s “credible?” How are they supposed to know that the lie is a lie?