NYT says Facebook has been disclosing personal data to Amazon, Microsoft, Apple and other tech giants; Facebook denies claims with obfuscating press release

6 min read

“No one should trust Facebook until they change their business model.”

–Roger McNamee, an early investor in Facebook.

The New York Times confronted Facebook once again. The media giant obtained hundreds of Facebook internal documents that prove the tech giant has been providing some of the world’s largest technology companies “more intrusive access to users’ personal data than it has disclosed”, and “effectively exempted those business partners from its usual privacy rules”.

The records were initially generated in 2017 by the company’s internal system for tracking partnerships. The Times points out how these documents helped  Facebook get more users, and lift its advertising revenue. It was a win-win situation for both, Facebook and its partner companies- where partner companies acquired features to make their products more attractive and Facebook users connected with friends across different devices and websites.

The deals revealed through the documents, benefited more than 150 companies including tech businesses, online retailers and entertainment sites, automakers and media organizations.

The report speculates whether Facebook ran afoul of a 2011 consent agreement with the Federal Trade Commission that barred the social network from sharing user data without explicit permission.  Mr. Satterfield, Facebook’s privacy director, said its partners were subject to “rigorous controls.” Facebook officials claimed the company had disclosed its sharing deals in its privacy policy since 2010. New York Times, however, says that the language in the policy about its service providers does not specify what data Facebook shares, and with which companies it shares them with.

With most of the partnerships, Mr. Satterfield said, the F.T.C. agreement did not require Facebook to secure users’ consent before sharing data because “Facebook considered the partners’ extensions of itself “. He also stated that the partners were prohibited from using personal information for other purposes and that “Facebook’s partners don’t get to ignore people’s privacy settings.”

This data was shared with some of the largest names of the tech industry, including Amazon, Microsoft, and Yahoo, who claimed that they had used the data appropriately, without further expanding on the sharing deals in detail.

What did the documents reveal?

Here are some key points from the report that stood out:

  1. Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent.
  2. Netflix and Spotify were given the ability to read Facebook users’ private messages.
  3. Amazon was permitted to obtain users’ names and contact information through their friend.
  4. Yahoo could view streams of friends’ posts, despite public statements that it had stopped that type of sharing years earlier.
  5. Facebook obtained data from multiple partners for a friend-suggestion tool called “People You May Know.” There have been reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim. Facebook, used contact lists from the partners, including Amazon, Yahoo, and Huawei to gain deeper insight into people’s relationships and suggest more connections.
  6. Some deals described in the documents were limited to sharing non-identifying information with research firms or enabling game makers to accommodate huge numbers of players.
  7. Some partners were allowed to see users’ contact information through their friends — even after Facebook said in 2014 that it was stripping all applications of that power.
  8. Sony, Microsoft, Amazon, and others could obtain users’ email addresses through their friends.
  9. Spotify, Netflix and the Royal Bank of Canada were allowed to read, write and delete users’ private messages.
  10. In late 2009, it launched “instant personalization” which changed the privacy settings of the 400 million people then using the service, making some of their information accessible to all of the internet. Then it shared that information, including users’ locations and religious and political leanings, with Microsoft and other partners. The F.T.C. investigated this and in 2011 cited these privacy changes as a deceptive practice. Facebook officials then stopped mentioning instant personalization in public and entered into the consent agreement. In 2014, Facebook ended instant personalization and removed access to friends’ information. But in a previously unreported agreement, the social network’s engineers continued allowing Bing; Pandora, and Rotten Tomatoes, the movie, and television review site, access to much of the data they had gotten for the discontinued feature.

Facebook’s response to New York Times report

In response to the New York Times report, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, said in a blog post that “To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC”. He also explained that all the work done in the said domain was so that “ people could have more social experiences.”

The post goes on to somewhat justify the claims made in the Times report. In response to the instant personalization deal that the leaked documents revealed, his statement- “ We shut down instant personalization, which powered Bing’s features, in 2014 and we wound down our partnerships with device and platform companies months ago, following an announcement in April. Still, we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs.”- does raise questions on Facebook’s seriousness with respect to user privacy.

The post also claims that Facebook does not “have evidence that data was used or misused after the program was shut down”. Further adding, “we shouldn’t have left the APIs in place after we shut down instant personalization.”

This post has received enormous backlash from Alex Stamos, a former chief security officer at Facebook. He claims that the response is not good enough to the claims made by the Times report and that “ it makes the same mistake of blending all kinds of different integrations and models into a bunch of prose and it is very hard to match up the responses to the Times’ claims.”

That being said, he also tweets that allowing for 3rd party clients is the kind of pro-competition move we want to see from dominant platforms, however, integrations that are sneaky or send secret data to servers controlled by others really is wrong.
Users have demanded Facebook come clean about the explicit details of the access deals.

Some users also have spoken up on the nature of legal contracts that a user has to sign to use a particular tech service.

You can head over to the New York Times for more insights on this news.

Read Next

British parliament publishes confidential Facebook documents that underscore the growth at any cost culture at Facebook

Ex-Facebook manager says Facebook has a “black people problem” and suggests ways to improve

France to levy digital services tax on big tech companies like Google, Apple, Facebook, Amazon in the new year

Share this post

Popular

12,000+ unsecured MongoDB databases deleted by Unistellar attackers

Over the last three weeks, more than 12,000 unsecured MongoDB databases have been deleted. The cyber-extortionist have left only an email contact, most likely...