Why Facebook Is a Security And Privacy Nightmare
Bytes: Facebook is no longer the king of the social media castle. More and more people are starting to turn their backs on the network for good. And while it’s still possible to contend that you shouldn’t delete your account, the arguments in favor of ditching the service are piling up at an alarming rate.
1. A Terrible Track Record
f the incident was a one-off, you might be able to forgive Facebook. But it wasn’t a one-off. It was just the latest in a long line of data-handling missteps, and further proof that Facebook’s security isn’t up to par.
Here are some of the other most infamous incidents.
Cast your mind back to 2007. Facebook had just opened to the public for the first time (previously, it was restricted to students).
In November of that year, the company launched Beacon. It was a script that allowed third-party websites to automatically post the actions of a user onto the network. For example, if you bought a plane ticket, it would suddenly pop up on your wall for everyone to see.
In today’s world, it barely seems believable, but the project lasted for two years until eventually being shut down following the settlement of a class-action lawsuit.
Instant Personalization was a pilot program launched in 2010.
It automatically shared a person’s information with affiliate sites. For example, it could share your favorite sports teams with a news site so you see appropriate headlines first, or it could share your favorite bands with a music website, and so on.
Here’s what the Electronic Frontier Foundation said about the scheme at the time:
“For users that have not opted out, Instant Personalization is instant data leakage. As soon as you visit the sites in the pilot program, they can access your name, your picture, your gender, your current location, your list of friends, and all the Pages you have Liked.
Even if you opt out of Instant Personalization, there’s still data leakage if your friends use Instant Personalization websites—their activities can give away information about you.”
This wasn’t the first (or last) time that your friends could be a threat to your Facebook privacy.
Applications and Identifying Information
An HTTP referrer made it possible. It could expose both a user’s identity and their friends’ identities, posing a big threat to everyone’s Facebook privacy.
It took Facebook almost 12 months to remedy the issue.
2. Zuckerberg’s Duplicity on Privacy
Mark Zuckerberg is a curious character. Facebook made him a multi-billionaire in his 20s and—for a long time in the 2000s—the media viewed him as a savior of sorts.
Here’s one of his public quotes from Facebook’s early days (via Forbes):
“By giving people the power to share, we’re making the world more transparent. When you give everyone a voice and give people power, the system usually ends up in a really good place. So, what we view our role as, is giving people that power.”
Sounds honorable. But Zuckerberg seems to have a darker, duplicitous side. His quotes are Trump-esque; he doesn’t seem to maintain the same opinion from one interview to the next. Thus, it’s incredibly hard to know what he actually thinks about the topic of user privacy.
Let’s take a closer look.
Of course, there’s one quote that’s now infamous above all others (via The Register):
“I have over 4,000 emails, pictures, and addresses [of Harvard students]. People just submitted it. I don’t know why. They trust me. Dumb f*cks.”
But even if you attribute that to the exuberance of youth, Mark has consistently appeared to flip-flop on the subject of privacy.
Compare this quote from the D8 conference in June 2010:
“There have been misperceptions that we’re trying to make all information open, but that’s false. We encourage people to keep their information private.”
With this one from an interview with Wired June 2009:
“People can make their profile open to everyone. And what I would just expect is that as time goes on, we’re just going to keep on moving more and more in that direction.”
Alternatively, compare this quote from an op-ed in the Washington Post in May 2010:
“We do not share your personal information with people or services you don’t want. We do not give advertisers access to your personal information. And we do not and never will sell any of your information to anyone.”
With this quote from an interview with Time in the very same month:
“The way that people think about privacy is changing a bit […] What people want isn’t complete privacy.”
Even as recently as Spring 2017—just nine months before the Cambridge Analytica scandal—he was offering mixed messages. Here’s what he told Freakonomics Radio host Stephen Dunbar in a podcast:
“Privacy is extremely important, and people engage and share their content and feel free to connect because they know that their privacy is going to be protected on Facebook.”
Why the Duplicity?
Ultimately, he knows that Facebook’s future is dependent on keeping shareholders happy. To keep shareholders happy, Facebook needs to make copious amounts of cash. And to make copious amounts of cash, he has to play fast and loose with users’ data.
The whole thing would feel more palatable if Zuckerberg was more honest about Facebook’s intentions. Why won’t he admit that Facebook users are the company’s product?
Instead, we’re left with an ongoing charade in which Facebook clearly uses your information to make money while simultaneously pretending privacy is one of its central tenets.
Which one do you think is more important to Facebook executives? Exactly. That’s why you should delete your account.
3. Government and Private Surveillance
You can split the issue of surveillance into two parts: government and a private company.
Oh, how the East German Stasi must have longed for a tool like Facebook. Can you imagine a better way for a repressive regime to monitor its citizens?
But the surveillance doesn’t end with dictatorships and secret police. People living in “democracies” are also under threat from Facebook’s cooperation with security forces.
Governments across North America and Europe now frequently order Facebook to give up users’ data to help them discover crimes, establish motives, prove or disprove alibis, and reveal communications. Much of it goes under the guise of “fighting terrorism,” but that’s a catch-all term whose meaning is becoming increasingly diluted.
And how does Facebook respond to the requests? Frankly, it rolls over meekly and gives the governments what they want.
If you’re in the US, the only exception is unopened inbox messages that are less than 181 days old. To access those, governments need a warrant and probable cause.
“We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, [or] to prevent imminent bodily harm […] This may include sharing information with other companies, lawyers, courts, or other government entities.”
Furthermore, in early 2018, the United States announced it was going to start vetting people’s social media profiles as part of its requirements for granting an entry visa. It’s only a matter of time until other countries follow suit.
If you don’t fancy giving the White House complete access to your Facebook life just to go on holiday to Disneyland, it’s better to reach for the delete button.
Private Company Surveillance
How would you feel if that funny-but-offensive meme you posted last week ended up costing you your dream job?
It could happen.
To this day, there is still no federal law that protects the workers. The integrity of their Facebook privacy is left in the hands of employers.
4. Publishing Rights
We’ve all seen the statuses on Facebook. They typically read something like “In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, blah, blah, blah.”
Here’s the kicker. You already own the copyright to any original work you’ve posted on the network. That status update has absolutely no legal basis.
So, what’s all the fuss about?
It’s because Facebook’s terms and conditions lay claim to “Non-Exclusive, Transferable, Sub-Licensable, Royalty-Free” rights to anything you put on the network.
These all relate to publishing, not ownership. Your ownership of your content is not in question, but you have granted Facebook permission republish it in just about any way the company deems appropriate. It can even sell sub-licenses for your work and directly profit from it.
From a privacy perspective, it means that you could create a piece of artwork with personally identifying information (like a selfie, or a love letter, or a poem), and Facebook could transfer the publishing rights to another entity, sell the sub-license for a fee, and not pay you a penny. Before you know it, you’re looking at a mugshot of yourself on the side of the New York subway.
Don’t take the risk.
The List Goes On…
We could list Facebook security and privacy concerns all day, but we won’t. Hopefully, you now have enough information to make an informed decision.