If you aren't paying money for a product, there's a good chance that you're the product — and that's never been truer than with Facebook. We've all grown accustomed to using Facebook to keep up with friends, while the company has quietly collected data about who we are and what we're interested in. All of that data helps Facebook target advertisements to make money, but it's also a treasure trove of information for malicious actors, who have exploited Facebook's lax privacy protections to scoop up personal information.
The Cambridge Analytica scandal, in which the personal information of up to 87 million Facebook users was collected without their permission, may have just been the tip of the iceberg. Now, the New York Times reports that Facebook has been quietly sharing our personal information with at least 60 big tech companies, including Apple, Samsung, BlackBerry and Microsoft. And, Facebook has confirmed that it has shared data with Huawei and other Chinese device makers, which raises concerns that the Chinese government could have used these companies products for intelligence gathering. Facebook has special partnerships with these device-makers to help them integrate Facebook with their mobile devices. This lets users do things like share photos and send messages on Facebook without opening the app directly. These deals go back a decade, allowing manufacturers to add Facebook features before there was a Facebook app on every platform.
This convenience seems to have come at the sacrifice of our privacy. These partners were considered "service providers" by Facebook — and unlike app-makers, that means we never had to opt-in to give them access to our data. And they didn't just have access to our Facebook information: they could also see our friends. This included relationship status, religious and political affiliation, events they were attending, and a lot more. Partners could also retrieve basic identifying information about friends of friends.
The service provider distinction meant companies could access this information even if our privacy settings specifically said we didn't want to share information with third parties. This certainly seems to contradict Mark Zuckerberg's recent testimony before Congress, where he explained that your personal information was yours: "You have complete control over who sees it and how you share it."
But Facebook disagrees that this is a privacy problem. It gave information to these partners in order to "recreate the Facebook experience," and agreements with each service provider prohibited use of the data for anything else. Facebook claims data was only accessible when people made the decision to share it — but that doesn't explain how the New York Times was able to use the service provider loophole to get access to information from hundreds of users (and hundreds of thousands of friends of friends).
Facebook says it isn't aware of any abuse by its service providers, but in reality, we just don't know. These companies have had access to our personal information for years and were allowed to copy and store it on their own servers. Even if these companies stored our data safely and securely, the problem is that we didn't know about it — and we may have even explicitly told Facebook not to give our information away. It's hard to trust that Facebook takes our privacy seriously when the company keeps handing out our data.
Facebook is already in the process of ending these partnerships because Facebook apps mean that device manufacturers no longer need direct access to Facebook data. But once our personal information has been shared, there's no making it private again.
So what can a user do to keep their data safe? You should start by reviewing your Facebook privacy settings (even though that wouldn't help in this specific situation). But even after your privacy settings are in order, you have to remember that your data could always be shared anyway, whether by friends taking screenshots of your Facebook posts or through more Facebook loopholes. That means you simply shouldn't share anything on a social network that you wouldn't want to go public.
If you're looking for a more dramatic exit, you can always delete your Facebook account.
[Image credit: Facebook breach via BigStockPhoto, Facebook]