Another privacy scandal erupts
Facebook says it gave other companies, such as Spotify and Netflix, access to millions of people’s private messages.
The social media giant admitted to the practice in response to a report that Facebook shares private data to partner companies as part of its third-party integration, which allowed users to use their Facebook credentials to login to other web sites and apps.
Facebook wrote in a blog post:
Did partners get access to messages? Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.
This practice, however, triggered a firestorm over the definition of consent, especially after Facebook’s former privacy chief Alex Stamos said that integration wasn’t to blame:
Interestingly, according to Business Insider:
According to internal Facebook documents seen by the Times, Spotify could see the messages of more than 70 million Facebook users a month. The Times reported that Spotify, Netflix, and the Royal Bank of Canada could read, write, and even delete people’s messages.
Importantly, both Spotify and Netflix told the Times they were unaware they had this kind of broad access. Facebook told the New York Times it found no evidence of abuse.
Zero Hedge also reported:
Amazon was granted access to users’ names and contact information through their friends, while Yahoo! was able to view streams of friends’ posts as recently as this summer despite Facebook promising that it had stopped this type of sharing years earlier.
What’s more? China’s Huawei and Russian search giant Yandex – accused last year by Ukraine of funneling user data to the Kremlin – had access to Facebook’s unique user IDs.
Facebook was able to circumvent a 2011 consent agreement with the Federal Trade Commission (FTC) which barred the company from sharing user data without explicit permission, because Facebook considered the partners extensions of itself – “service providers that allowed users to interact with their Facebook friends.” This allowed the company to grant such unprecedented access to everyone’s information. The partners were reportedly prohibited from using the personal information from purposes outside the scope of their agreement, however there has been little to no oversight.
Yesterday, Infowars reported that the NAACP was joining a long list of ideologically-diverse groups that were boycotting or otherwise moving away from Facebook.
“Over the last year, NAACP has expressed concerns about the numerous data breaches and privacy mishaps in which Facebook has been implicated,” wrote NAACP President Derrick Johnson. “And since the onset of the Silicon Valley boom, we have been openly critical about the lack of employee diversity among the top technology firms in the country.”
“Now, the time has come for our collective actions to emulate the severity of mistrust we have in Facebook.”