Mark Zuckerberg and Facebook have done it once again, but his use of words is what keeps him being able to say he didn’t lie to Congress. Zuckerberg said that Facebook doesn’t sell users data, but he failed to say that they give it away freely to some very large companies who have profited from users data, including private messages.
More than likely, people will continue using Facebook, and that’s exactly what Zuckerberg is expecting.
Facebook gave some companies more extensive access to users’ personal data than it has previously revealed, letting them read private messages or see the names of friends without consent, according to a New York Times report.
Here are highlights from the report.
Facebook shared data with more than 150 companies — not only tech businesses but automakers and media organizations — through apps on its platform even if users disabled sharing. Apps from many of these “integration partners” never even showed up in user application settings, with the company considering them an extension of its own network. The deals dated back as far as 2010 and were all active in 2017, with some still in effect this year.
Spotify, Netflix and the Royal Bank of Canada were able to read, write and delete Facebook users’ private messages, and to see everyone on a message thread. Spotify could look at messages of more than 70 million users a month and still lets users share music through Facebook Messenger while Netflix and the Canadian bank have turned off features that incorporated message access.
Facebook let Microsoft’s Bing search engine see the names of “virtually all Facebook users’ friends without consent,” the paper said. Microsoft officials said Bing was using the data to build Facebook user profiles on Microsoft servers, but the company has since deleted the data. Yahoo had the ability to show Facebook users’ news feeds, including posts by their friends, on its home page. The search company eliminated the feature in 2012 but still had access last year to data for nearly 100,000 people a month.
Facebook designated a Russian search site, Yandex, as a partner, giving it access to unique user IDs as recently as 2017 after it stopped sharing them with other applications because of privacy risks.
The New York Times says it obtained more than 270 pages of Facebook documents and interviewed more than 60 people, including many former Facebook employees.
What Facebook Had To Say About This Report:
Today, we’re facing questions about whether Facebook gave large tech companies access to people’s information and, if so, why we did this.
To put it simply, this work was about helping people do two things. First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners. Second, people could have more social experiences – like seeing recommendations from their Facebook friends – on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify.
To be clear: none of these partnerships or features gave companies access to information without people’s permission, nor did they violate our 2012 settlement with the FTC.
How did people use these features?
People used these features in many different ways, including through:
Apps that allowed people to access their Facebook account on their Windows Phone device
Notifications about their activity on Facebook that they could turn on while they were using Safari or other browsers
“Social hubs” that consolidated their feeds across Facebook, Twitter, and other services
Messaging integrations that allowed people to recommend things like songs from Spotify to friends
Search results in Bing and elsewhere based on public information their friends shared
Tools that helped them find friends on Facebook by uploading their contacts from email providers like Yahoo
We’ve been public about these features and partnerships over the years because we wanted people to actually use them – and many people did. They were discussed, reviewed, and scrutinized by a wide variety of journalists and privacy advocates.
But most of these features are now gone. We shut down instant personalization, which powered Bing’s features, in 2014 and we wound down our partnerships with device and platform companies months ago, following an announcement in April. Still, we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs. We’re already in the process of reviewing all our APIs and the partners who can access them.
Who are these integration partners and why did Facebook work with them?
People want to use Facebook features on a variety of devices and products, many of which we don’t support ourselves. This was particularly true early in our history, before Android and iOS became the predominant ways people use the internet on their phones. Text-only and feature phones were widely popular. Across the industry, companies like Facebook partnered with other companies to build integrations. Take the Blackberry Hub app as an example. People using Blackberry devices could log into Facebook using this feature, allowing them to see the same Facebook News Feed they would see if they logged in from a desktop computer. The data we provided allowed the person to access their own account on Blackberry. Blackberry couldn’t use any of the information for its own purposes.
Facebook has had similar integration partnerships over the years with Amazon, Apple, Microsoft, Yahoo and other companies, which were overseen by our partnerships and product teams. These partners built many kinds of integrations, including mobile versions of Facebook and social feed hubs, which aggregated feeds from Facebook and other companies. We’ve shut down nearly all of these partnerships over the past several months, except with Amazon and Apple, which people continue to find useful and which are covered by active contracts; Tobii, an integration that enables people with ALS to access Facebook; and browser notifications for people who use Alibaba, Mozilla and Opera.
Does this mean these companies got access to my Facebook information if I didn’t authorize it?
Our integration partners had to get authorization from people. You would have had to sign in with your Facebook account to use the integration offered by Apple, Amazon or another integration partner.
What was instant personalization and how did it work?
Instant personalization is a product we offered with select partners from 2010 to 2014 that involved public information on Facebook, and it’s different from the types of partnerships we’ve described above. With instant personalization, people could link their Facebook account with other services like Rotten Tomatoes or Yelp to see public information their friends shared. When searching on Bing for articles about an upcoming trip to Europe, you could get results based on what your friends had shared publicly. People could turn off instant personalization at any time.
Did partners get access to messages?
Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature. Take Spotify for example. After signing in to your Facebook account in Spotify’s desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person’s messages in order to power this type of feature.
Why did some partners have access to data as late as 2017, even after instant personalization was shut down?
Instant personalization only involved public information, and we have no evidence that data was used or misused after the program was shut down. However, we shouldn’t have left the APIs in place after we shut down instant personalization. We’ve taken a number of steps this year to limit developers’ access to people’s Facebook information, and as part of that ongoing effort, we’re in the midst of reviewing all our APIs and the partners who can access them. This is important work that builds on our existing systems that track APIs and control who can access to them.