No Stopping Facebook… Company Admits Sharing Your Private Messages With Other Tech Giants
This year has been all about Facebook and its continued privacy disasters. While the company has employed a "sorry, won't happen again" meaningless response, more and more reports keep coming, revealing that Facebook isn't afraid to break the laws and exploit its users' data. In a new report, The New York Times has published some startling revelations over how the social networking giant gave access to its users' data to over a hundred different tech and media companies.
Among these, a dozen of the top tech giants received access to users' private messages after deals that "were vetted at high levels, sometimes by Mr. Zuckerberg and Sheryl Sandberg." The publication reported and Facebook later admitted in a blog post that it allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages.
"Over the years we have tried various ways to make Netflix more social," Netflix said in an emailed statement. "One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so."
Spotify and Netflix weren't the only tech companies enjoying access to billions of Facebook users' personal data
From Apple to Microsoft, it seems nearly all major tech companies enjoyed having access to Facebook data. As the NYT report said, Facebook may have never sold user data fearing user backlash, but it definitely did the next best thing by granting other companies access to its "most prized asset."
Here are some examples of these data sharing partnerships, many of which never required user consent:
"Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show.
"The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
"Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
"Microsoft officials said that Bing was using the data to build profiles of Facebook users on Microsoft servers. They declined to provide details, other than to say the information was used in “feature development” and not for advertising. Microsoft has since deleted the data, the officials said."
These data sharing agreements come as no surprise since many of the affected users are those who gave their consent to use certain features. However, it's alarming that Facebook misled users when it said it had discontinued such partnerships all the while it kept on offering unrestricted access to its partners. While Facebook has time and again said that most of these partnerships ended years ago after the release of iOS and Android when it didn't need to offer these "integrations" to different companies to tie in different features, internal documents suggest that several companies have continued to have this access.
"As of 2017, Sony, Microsoft, Amazon and others could obtain users’ email addresses through their friends."
While some of this access was limited to the public user data, which isn't a privacy threat, over a dozen deals went beyond public data. "Some enabled partners to see users’ contact information through their friends - even after the social network, responding to complaints, said in 2014 that it was stripping all applications of that power," the publication revealed.
The report also sheds light on some worrying aspects of Facebook's reckless handling of user data even when there are security flags. From Russian company Yandex to Chinese firm Huawei and the equally-irresponsible Yahoo, Facebook continued to offer these companies access to user data years after the company stopped sharing this data with other applications.
Facebook records show Yandex had access in 2017 to Facebook’s unique user IDs even after the social network stopped sharing them with other applications, citing privacy risks. A spokeswoman for Yandex, which was accused last year by Ukraine’s security service of funneling its user data to the Kremlin, said the company was unaware of the access and did not know why Facebook had allowed it to continue. She added that the Ukrainian allegations “have no merit.”
This report doesn't come as a shock as it only confirms Facebook's indifference towards user security and privacy and how this access to data could be used to manipulate social movements in different countries.
In its own response to this new report, Facebook says it did this all to help people. These partnerships, Facebook says, gave people access to more features and better social experiences. “Facebook’s partners don’t get to ignore people’s privacy settings, and it’s wrong to suggest that they do,” Steve Satterfield, director of privacy and public policy at Facebook, said.
"Over the years, we’ve partnered with other companies so people can use Facebook on devices and platforms that we don’t support ourselves. Unlike a game, streaming music service, or other third-party app, which offer experiences that are independent of Facebook, these partners can only offer specific Facebook features and are unable to use information for independent purposes."
The latest report and last week's major data exposures reinforce yet again that the world could do with some alternatives. Thousands, if not millions, of small businesses rely on Facebook, and the company knows its importance. The arrogance and recklessness with which Facebook has dealt with these issues in the past two years is a proof that the company isn't going to get responsible, and that it's time for some new platforms.
- Updated with statement issued by Netflix. The NYT piece goes into more detail of different kinds of data sharing partnerships (recommended read)