Facebook collects tons of private data across the whole of the web that we don’t generally consent to giving them. They are an advertising company, after all.
As a recent insider, this is one of those things where the outside perception doesn't match the inside at all.
Privacy is taken more seriously at Facebook than any other place I've ever worked. It's drilled into you from day one that we have systems in place to catch you accessing things you shouldn't and you will be immediately fired if you do.
You can make mistakes that bring the entire site down and cost the company millions and they won't fire you. If you try to bypass privacy controls on an ex-girlfriend's post, you're gone.
Yes, they hoover up a ton of personal data. But they guard it like the crown jewels. If you do want your data deleted, they'll delete it. I've worked on the systems responsible for this where we had to reason through what to do with things like offline backups.
I know Facebook is cancer and all but I'm still surprised they'd be leaking them as their business model relies on capturing personal data but not giving it away.
We (the general public) grant permission for facebook to use our data, with the expectation that they don't let any bad actors do anything with it that harms us (the general public). This has been their image, this is what they espouse, and it is clearly not what happened.
IMO the problem with Facebook is the private data they vacuum. If you publicly post the data on an open network, I see no problem with them taking it.
In practical terms, Facebook is actually quite tame compared to any other malicious actor who can get the same data. FB just wants it for ads and processes it in aggregate (most is never seen by a human), while other malicious actors might actually target you personally.
The main issue is that you shouldn't post anything on a public, unauthenticated network that you wouldn't want random, potentially-hostile actors to see.
Facebook collected this data for years but only recently started disclosing it. There's no reason to trust that they're disclosing all the data they're collecting.
Facebook sells access to you. It's like those safe driving apps. They don't sell your data. But they sell access to conclusions drawn from your data. That's their entire business.
I think the thing that frustrates me the most about all of this is not the privacy, but the fact that Facebook gets exclusive access to data that I think is rightfully public knowledge. I'm fine with advertisers knowing that I really enjoy hiking, what my salary is, etc., but I don't like that they have to go through Facebook to get that knowledge. Ideally, they would go through me, or even better some publicly available repository of data that I've allowed to be assembled.
But there is also data that I may not want to be public knowledge. If Facebook scans my chat logs, then Facebook knows a lot about me that I would not want some of my friends and family knowing. And I wouldn't be surprised if their TOS permits them to scan my chat logs.
And you can also do interesting oracle attacks with this. Let's say I'm trying to figure out if my son is homosexual. (Substitute for any fact Facebook may know, and for any person you want to investigate). I already know a ton of things about my son. Age, where he lives, what sports he plays, his favorite foods, etc. So I create one really specific ad that's guaranteed to include only my son and maybe a few other people. This one is only shown to homosexuals. Then I create an alternate ad that targets the same group, but only heterosexuals. Then I just need to watch which ad appears on my sons computer, and I suddenly know what Facebook thinks his sexual orientation is.
This is a pretty big deal, right? Facebook's data has to be some of the most valuable and personal data ever gathered. It seems like a real win in terms of privacy, one that would have some impact on FB's bottom line assuming they sell the data at a good price.
OTOH, it does nothing to alleviate the overarching concern people have for FB's growing access and power over all of its users, as it continues to collect their everyday personal data. The danger of abuse is not significantly less just because the data is exclusively used by Facebook.
reply