This post was last updated on 22nd December 2019.
I was having a conversation with a friend of mine recently and they were asking me why I don’t use Facebook. Within my circle of friends, I’m the IT guy and most of them aren’t really into IT, let alone privacy or security. So this person thought Facebook was great. I disagree.
I get it, Facebook is useful for keeping in touch with people, planning events and generally wasting time. But it’s also extremely good at swallowing your privacy, chewing it up, and spitting it out to all of their advertising partners.
Back to my friend – I quickly rattled off a number of reasons as to why I don’t use Facebook, but thought I would write my reasons out in a longer form. This is for a number of reasons:
- It gives me a place to refer people to when I inevitably get asked this question again.
- People may actually learn something from this post and think twice about using the service themselves.
For many people from the privacy and security circles I’m involved in, this won’t be new information, but hopefully it will still be of use. I intend for this post to be an ever-evolving list a f**k ups that Zuckerberg & Co. have made when handling both our data, and our privacy.
I intend to create a new item within this list every time I feel another reason not to use Facebook comes to light. Where possible, I will try to articulate technical information in a way that is easy to digest, so anyone can understand (hopefully).
These are in chronological order, starting with the earliest. So the whole thing should read like a nice, long privacy vortex timeline.
If you think I’ve missed something here, please contact me.
- Reason 1: The Timeline
- Reason 2: Beacon
- Reason 3: FTC Privacy Charges
- Reason 4: Bug exposes private data
- Reason 5: Mood manipulation experiment
- Reason 6: Facebook stops giving apps all the data
- Reason 7: Belgian court says stop tracking everyone!
- Reason 8: Cambridge Analytica
- Reason 9: Breach exposing 540 million users
- Reason 10: Fined 5 billion dollars
- Reason 11: Circumventing GDPR
- Reason 12: 267 million user breach
When: September 2006
What: Facebook introduced the timeline feature
When Facebook first launched, you had to go into each person’s profile to see their status updates and what they had been up to. After just 2 years, Zuckerberg decided that creating a feed that automatically displayed everything your friends have posted was a good idea.
It may seem like a small thing, but this is the beginning of the end when it comes to privacy. No longer are your timeline and profile updates kept on your page only, they’re now plastered all over the timeline of every person you are friends with.
When: December 2007
What: Here comes the tracking – AKA, Beacon
Zucker & Co. thought it would be a really great idea if they implemented a way for companies to track purchases made by Facebook users, then notify their Facebook friends. Worse still, this was often without the Facebook user’s consent.
The Zuck later explained his rationale behind Beacon, and announced that users would be given an option to opt out of Beacon – how thoughtful of him.
Here’s an interesting read on The New York Times about the introduction of advertising and tracking into Facebook.
When: November 2011
What: FTC privacy charges
Zucker the sucker settled with the Federal Trade Commission over charges that he didn’t keep his privacy promise to users, by allowing private information to be made public without warning.
Regulators said that Facebook falsely claimed that 3rd party apps were only able to access the data they needed to operate. Well, the truth is they could access pretty much the entirety of the user’s profile. This included non-public profile data.
What’s more, the apps could even collect your private posts even if you weren’t using them. All it took was for one of your friends to be using one of these apps.
Facebook were also charged with sharing user information to advertisers, despite promising they wouldn’t. Shock horror!
Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users, Facebook’s innovation does not have to come at the expense of consumer privacy. The FTC action will ensure it will not.
— Jon Leibowitz, then chairman of the FTC
When: June 2013
What: Bug exposes private data
A bug in Facebook’s software exposed the email addresses and phone numbers of 6 million users to anyone who had a connection to the person, or knew at least one piece of their contact information. Here’s a write-up on Mashable about the bug.
When: July 2014
What: Mood manipulation experiment
Yes, you read that right. Facebook carried out mood manipulation experiments on their users!
The experiment included more than half a million randomly selected users. Facebook altered their news feeds to show more positive or negative posts. The purpose was to see how emotions could spread on social media.
The results were published on the Proceedings of the National Academy of Sciences, which understandably kicked off a huge shit storm.
The Facebook data scientist who led the experiment eventually posted an apology on Facebook:
I can understand why some people have concerns about it, and my co-authors and I are very sorry for the way the paper described the research and any anxiety it caused.
— Adam Kramer, FB Data Scientist
When: April 2015
What: Facebook stops giving apps all the data
If Jane Smith downloads and app, that app should not be able to suck all of Gary Jones’ data just because they’re friends. Am I right, or am I right?
Well, according to Facebook, I’m dead wrong and this behaviour is completely appropriate. You can read more about the whole debacle in this TechCrunch post.
When: February 2018
What: Belgian court says stop tracking everyone!
Did you know that Facebook can track you over multiple sites? Well they can and a Belgian court ordered Facebook to stop collecting private information about Belgian users on 3rd party sites. Facebook were also ordered to delete all data they have illegally collected on Belgian users, including those who aren’t Facebook users, or risk being fined up to 100 million euros.
When: March 2018
What: Cambridge Analytica
Oh yeah, here it is – the big dog; Cambridge Analytica. Zuck the crook strikes again.
You know earlier on (reason 6 to be specific) when I mentioned that Facebook stopped giving apps all the data? Wellllll, they didn’t! Truth is, all the data continued to be leaked between apps and this culminated when consulting company, Cambridge Analytica used leaked Facebook app data to great affect during the 2016 Trump presidential campaign.
Here’s how the data collection went down:
- Around 32,000 US voters used a Facebook survey app and were paid a couple dollars to take a detailed personality/political test.
- The app also collected data such as likes and personal information from the test-taker’s Facebook account, as well as the same data from all their friends. This resulted in gathering the data of around 50 million Facebook users.
- The test results and skimmed Facebook data were combined to provide psychological patterns.
- Algorithms combined the data with other sources, such as voter records, to create a list of 2 million people in 11 key states, with hundreds of data points per person.
- These people were then targetted with highly personalised advertising to sway their vote.
Many feel that the analysis, data manipulation and ultimately the highly targetted advertising on Facebook had a direct impact on the result of the 2016 US election. Would Trump have won without this data? Who knows. But one thing is for sure, this data definitely helped.
When: April 2019
What: Breach exposing 540 million users
Yet more Facebook apps with more holes in than a sieve. This time, Cyber Security firm, UpGuard reported that a Facebook app dataset was found to be publicly available online. The breach contained the comments, likes, reactions, account names and Facebook IDs of over 540 million users.
Furthermore, there was also an Amazon S3 bucket discovered for an app called At the Pool, which contained the user ID, friends list, likes, music, movies, books, photos, events, groups, check-ins, interests, password and more. Worse still, around 22,000 of those passwords were not encrypted. Winning!
When: July 2019
What: Facebook fined 5 billion dollars over privacy breaches
This was a settlement, once again at the hands of the Federal Trade Commission (FTC). This is a culmination of a lot of the privacy issues you have read about above. Although 5 billion dollars sounds like a huge amount of money, it’s only around one month’s worth of revenue for Zuck the shmuck.
You can read more about it in this CNN article.
When: November 2019
What: Facebook admits to circumventing GDPR
Facebook has told a court in Vienna that: “We don’t need user’s consent to process data.” It went on to say that since May 25, 2018, it has been collecting and processing data without the user’s consent.
If you don’t know, The GDPR requires that all users need to consent to how their personal data is handled by a given website.
You can read a full write up of the issue on this post from Enterprise Times.
When: December 2019
What: A breach affects 267 million users, most of them from the US
Another month, another Facebook data breach. This time it was a database containing more than 267 million Facebook user IDs, phone numbers, and names that were left exposed on the web for anyone to access without a password or any other authentication.
The leaked dataset was found by security researcher Bob Diachenko, in partnership with Comparitech. You can read more here.