The ongoing scandal over how Cambridge Analytica was able to access and abuse 50 million Facebook users’ profiles for mercenary political gain has highlighted just how much of our privacy we entrust to the social media network.
Facebook CEO Mark Zuckerberg has eventually broken cover to issue a statement on the situation. Although he does admit that Facebook shares responsibility for what happened, the main thrust of his post aims to reassure us that our privacy is safe in the hands of Facebook.
“In this case, we already took the most important steps a few years ago in 2014 to prevent bad actors from accessing people's information in this way.”
He then goes on to outline planned steps to further restrict the access developers have to users’ personal data, and to improve the control users’ have over their data.
This is understandable, but fails to address the basic fact that Facebook exists in order to collect and monetize your personal details. Finding out as much as it can about you to target highly personalized ads (and, apparently, political propaganda) is Facebook’s entire business model – milking us of our data to then sell to the highest bidder and beyond.
If Facebook doesn’t milk its herd, it has no business model as a free service. As the saying goes “if you’re not paying for a product, you are the product.” To prove this point, I have compiled some of the underhand tactics Facebook has just recently used to devour your data without your knowledge or consent.
Facebook's Facial Recognition Software
In 2013 Facebook introduced facial recognition. The stated purpose of this was to allow Facebook to suggest friends to tag in photos. At first, photos were only scanned to identify close friends, but all photos uploaded to Facebook are now scanned. These scans can identify individuals with 98% accuracy, even when their faces are hidden.
Following a class-action lawsuit which has now been given the go-ahead, Facebook started to alert users about a new set of tools designed to manage how images obtained through facial recognition are used.
But here is the thing. These tools only allow you to control what other users do with images of you. You cannot ask Facebook to not scan photos for images of you, and you cannot control what it does with the data it collects from recognizing you in photos it has scanned.
This includes where, when, and who you were with when the photo was taken – which is extremely intimate information. You might be able to prevent photos of yourself from turning up on Facebook news feeds, but you cannot prevent Facebook itself from data mining them.
As with many of Facebook’s attempts to reassure users that it has their backs with regards to privacy, these tools are largely smoke and mirrors; designed to hide the hugely intrusive nature of Facebook itself.
It is worth noting that thanks to much stricter privacy regulations (such as the upcoming GDPR), facial recognition technology is not “offered” to users in the EU or Canada.
In 2013 Facebook acquired Onavo, an Israeli web analytics company that also marketed a VPN product.
A Virtual Private Network (VPN) is a technology designed to improve the privacy and security of its users. It does this by creating a secure connection between your device and a server run by a VPN provider. This prevents your internet provider, government, or WiFi hackers, from being able to see or interfere with your data.
The VPN provider, however, can see your data, which is why it is important to choose a trustworthy VPN providers. Unfortunately, in Onavo’s case, this means trusting Facebook.
The Onavo Protect VPN app is used by over 33 million iOS and Android users. Most are probably unaware that its stated purpose is to “improve Facebook products and services, gain insights into the products and service people value, and build better experiences.”
This is almost the direct opposite of providing the privacy that most people quite reasonably expect when using a VPN
In August 2017 the Wall Street Journal reported that Facebook had leveraged data collected through the Onavo app to monitor the performance of competitors such as Snapchat, which influenced its decision to buy WhatsApp.
Given that Facebook can see pretty much everything you do online when using Onavo, this should set privacy alarm bells ringing.
Facebook is now pushing Onovo VPN in its iOS app under the “Protect" section of the navigation menu…
Although removed from the Google Play Store after a few days, following outrage from users, Onavo also released the Bolt App Lock app. This purported to improve users’ security by locking apps with a PIN code, pattern, or fingerprint.
Again, this app was used to harvest data belonging to its users for use by Facebook.
“We collect info about your mobile device and the apps installed on. This includes info about when those apps are used, and device and network information. We use and analyse this info to help us operate Bolt App Lock, an Onavo app, and improve the service. Because we’re part of Facebook, we also sue this info to improve Facebook products and services, gain insight into the products and services people value, and build better experiences.”
Or to put it another way: the app you just downloaded to improve your security is, in fact, Facebook spyware.
Facebook’s Two factor Authentication
One factor authentication requires a single step to verify your identity, such as knowing your username and password.
Two factor authentication (2FA) provides another layer of protection against hackers by also requiring you to have something - often a phone – which is used verify your identity. Using 2FA, therefore, greatly improves your security.
Unfortunately, Facebook has seized upon 2FA as an underhand way to obtain users’ phone numbers so that it can spam them with SMS notifications. To add insult to injury, any attempt to reply to these messages (such as with the universally recognized “STOP” message) results in the reply being posted to your Facebook wall.
It should be noted that it is unclear if such notifications are intentional or are a “bug,” but users’ such as Mathew Green were in no doubt about what happened to them.
A lot of people are suggesting the Facebook SMS spam is a bug. Bullshit. Someone at FB made a deliberate decision to “re-engage users” by spamming all those mobile phone numbers 2FA users had entered. No bug here at all.
— Matthew Green (@matthew_d_green) February 14, 2018
Facebook Farming: Conclusion
Facebook is sneaky, and its response to the Cambridge Analytica scandal is pure damage limitation. Although it has made positive improvements (and plans to make more), nothing will change the basic fact that Facebook exists to invade your privacy and profit from the data it gains while doing so. We are the herd for Facebook to milk and sell on as a product to whoever it sees fit.
No amount of fiddling with the privacy settings Facebook deigns to grant you will alter this. In recent days news outlets everywhere have been encouraging readers to simply delete their Facebook accounts.
This is certainly not a bad idea, but even deleting your Facebook account is not sufficient to escape being tracked and profiled by the social media giant. Almost every web page on the internet features Facebook “Like” buttons that are used to track even non-Facebook users.
It is also almost certain that Facebook does not actually delete all the data it has collected on you when you delete your account.
That said, deleting your Facebook account is a good start in the fight against this corporate monster that sacrifices your personal privacy, objective truth, and liberal democracy on the alter stone of (largely untaxed) profit. We have instructions for doing so here.
The reality is that Facebook is undoubtedly one of the world’s largest data farmers, and by going to the pumps with our personal information we are repeatedly funding the cash cow.