Facebook says it gave other companies, such as Spotify and Netflix, access to millions of people’s private messages.
The social media giant admitted to the practice in response to a report that Facebook shares private data to partner companies as part of its third-party integration, which allowed users to use their Facebook credentials to login to other web sites and apps.
Facebook wrote in a blog post:
Did partners get access to messages? Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.
This practice, however, triggered a firestorm over the definition of consent, especially after Facebook’s former privacy chief Alex Stamos said that integration wasn’t to blame:
I’m sorry, but allowing for 3rd party clients is the kind of pro-competition move we want to see from dominant platforms. For ex, making Gmail only accessible to Android and the Gmail app would be horrible. For the NY Times to try to scandalize this kind of integration is wrong.
— Alex Stamos (@alexstamos) December 19, 2018
But integrations that are sneaky or send secret data to servers controlled by others really is wrong. Since the Times is apparently sitting on a huge list of historical integrations, it would be better for FB to document them than to allow the Times’ to add their framing.
— Alex Stamos (@alexstamos) December 19, 2018
Strongly with you on the competition/interoperability point but not sure why that couldn’t be done in a consented way
— Kevin Bankston (@KevinBankston) December 19, 2018
If somebody clicks “add account” and then types their username and password into their OS integrated client, is that enough consent?
— Alex Stamos (@alexstamos) December 19, 2018
It”s not the apps, it’s the data, that relates to the private lives of people, those that are the product, and are meant to be customers, human beings. The bits may byte you back. Suggest reading, understanding the GDPR, Convention108, and the charter for fundamental rights.
— Fat Seagull (@Fat_Seagull) December 19, 2018
Interestingly, according to Business Insider:
According to internal Facebook documents seen by the Times, Spotify could see the messages of more than 70 million Facebook users a month. The Times reported that Spotify, Netflix, and the Royal Bank of Canada could read, write, and even delete people’s messages.
Importantly, both Spotify and Netflix told the Times they were unaware they had this kind of broad access. Facebook told the New York Times it found no evidence of abuse.
Zero Hedge also reported:
Amazon was granted access to users’ names and contact information through their friends, while Yahoo! was able to view streams of friends’ posts as recently as this summer despite Facebook promising that it had stopped this type of sharing years earlier.
What’s more? China’s Huawei and Russian search giant Yandex – accused last year by Ukraine of funneling user data to the Kremlin – had access to Facebook’s unique user IDs.
[…]
Facebook was able to circumvent a 2011 consent agreement with the Federal Trade Commission (FTC) which barred the company from sharing user data without explicit permission, because Facebook considered the partners extensions of itself – “service providers that allowed users to interact with their Facebook friends.” This allowed the company to grant such unprecedented access to everyone’s information. The partners were reportedly prohibited from using the personal information from purposes outside the scope of their agreement, however there has been little to no oversight.
Yesterday, Infowars reported that the NAACP was joining a long list of ideologically-diverse groups that were boycotting or otherwise moving away from Facebook.
“Over the last year, NAACP has expressed concerns about the numerous data breaches and privacy mishaps in which Facebook has been implicated,” wrote NAACP President Derrick Johnson. “And since the onset of the Silicon Valley boom, we have been openly critical about the lack of employee diversity among the top technology firms in the country.”
“Now, the time has come for our collective actions to emulate the severity of mistrust we have in Facebook.”
The Emergency Election Sale is now live! Get 30% to 60% off our most popular products today!