As Facebook is upending the journalism industry, the New York Times is continues their campaign of exposing Facebook’s questionable data use.
Summary from The Download via the MIT Technology Review
NYT’s tl;dr of their report
While it is true that Facebook hasn’t sold users’ data, for years it has struck deals to share the information with dozens of Silicon Valley companies. These partners were given more intrusive access to user data than Facebook has ever disclosed. In turn, the deals helped Facebook bring in new users, encourage them to use the social network more often, and drive up advertising revenue.
NY Times on Facebook and their partners
Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
. . .
Facebook, in turn, used contact lists from the partners, including Amazon, Yahoo and the Chinese company Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest more connections, the records show.
. . .
Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show… A spokesman for Netflix said Wednesday that it had used the access only to enable customers to recommend TV shows and movies to their friends.
So by signing in to Spotify with your Facebook account, Spotify has the ability to read all your private Facebook messages.
Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show.
This confusing two sentences reiterates, facebook does not sell user data. Instead, it uses a loophole to sell access to Facebook owned data:
Facebook has never sold its user data, fearful of user backlash and wary of handing would-be competitors a way to duplicate its most prized asset. Instead, internal documents show, it did the next best thing: granting other companies access to parts of the social network in ways that advanced its own interests.
This is not the first time Facebook’s data sharing practices have drawn scrutiny:
In late 2009, it changed the privacy settings of the 400 million people then using the service, making some of their information accessible to all of the internet. Then it shared that information, including users’ locations and religious and political leanings, with Microsoft and other partners.
Facebook called this “instant personalization” and promoted it as a step toward a better internet, where other companies would use the information to customize what people saw on sites like Bing. But the feature drew complaints from privacy advocates and many Facebook users that the social network had shared the information without permission.
. . .
In 2014, Facebook ended instant personalization and walled off access to friends’ information. But in a previously unreported agreement, the social network’s engineers continued allowing Bing; Pandora, the music streaming service; and Rotten Tomatoes, the movie and television review site, access to much of the data they had gotten for the discontinued feature. Bing had access to the information through last year, the records show, and the two other companies did as of late summer, according to tests by The Times.
. . .
Microsoft officials said that Bing was using the data to build profiles of Facebook users on Microsoft servers. They declined to provide details, other than to say the information was used in “feature development” and not for advertising. Microsoft has since deleted the data, the officials said.
More examples of how Facebook shared your data, from NY Times
We’ve been public about these features and partnerships over the years because we wanted people to actually use them – and many people did. They were discussed, reviewed, and scrutinized by a wide variety of journalists and privacy advocates.
But most of these features are now gone. We shut down instant personalization, which powered Bing’s features, in 2014 and we wound down our partnerships with device and platform companies months ago, following an announcement in April. Still, we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs. We’re already in the process of reviewing all our APIs and the partners who can access them.
. . .
We’ve shut down nearly all of these partnerships over the past several months, except with Amazon and Apple, which people continue to find useful and which are covered by active contracts; Tobii, an integration that enables people with ALS to access Facebook; and browser notifications for people who use Alibaba, Mozilla and Opera.
Facts About Facebook’s Messaging Partnerships
People could message their friends about what they were listening to on Spotify or watching on Netflix, share folders on Dropbox, or get receipts from money transfers through the Royal Bank of Canada app. These experiences were publicly discussed. And they were clear to users and only available when people logged into these services with Facebook. However, they were experimental and have now been shut down for nearly three years.
. . .
No third party was reading your private messages, or writing messages to your friends without your permission. Many news stories imply we were shipping over private messages to partners, which is not correct.
Op Ed from the New Yorker
But the case reflects a fundamental problem: Facebook was so determined to grow, and to cement the commercial partnerships that would help it grow, that it didn’t pause to build tools that could parcel out narrow slices of information.
. . .
‘Trust is the willingness to accept vulnerability. In a personal relationship, it is the willingness to self-disclose and be honest. For Facebook, it is the very willingness of the informed to participate in their platform.’