Featured Image for Scathing report claims Facebook shared users’ private messages with Netflix and Spotify

Scathing report claims Facebook shared users’ private messages with Netflix and Spotify

The New York Times has accused Facebook of even more privacy violations as the social media giant desperately tries to clean up its public image.

After the Cambridge Analytica scandal earlier in the year, Facebook tried to show the world that they saw the error of their ways.

CEO Mark Zuckerburg promised that the platform would be more mindful of what it does with user data, more forthright about what it collects and more transparent about who exactly has access to the data.

He even posted his plans for various improvements to be made to Facebook. Then he said the rebuild would take years and, well, he wasn’t wrong.

Facebook is like a cheating boyfriend who promises that he’s changed, only to get back together with his partner and continue his promiscuous ways.

Internal documents unveiled by reporters at the New York Times reveal that Facebook has been giving Microsoft, Amazon, Spotify and other major companies way more access to the platform’s 2.2 billion users than the company disclosed.

The alleged secret data exchange was organised for the mutual benefit of each company involved. Facebook was able to grow its user base while the companies were able to add more improvements and features to their products. It was seen as a win-win scenario for the tech giants.

The disturbing findings are explored in the 270-page Times report based on both Facebook’s internal documents and admissions from around 50 former Facebook employees.

Spotify Discover Weekly

Spotify was one of the companies involved. (Image: Spotify)

According to the report, Facebook allowed Microsoft’s Bing search engine to access the names of almost every Facebook users’ friends and gave Netflix and Spotify the capacity to read Facebook users’ private messages.

Facebook – under the guidance of Zuckerberg – also allegedly gave Amazon access to users’ names and contact information and authorised Yahoo to view streams of friends’ posts. Spotify, Netflix and the Royal Bank of Canada were reportedly given the power to read, write and delete users’ private messages and to see every participant in a group message thread.

I’ll say that again for clarity: the Times says Facebook allowed several companies to read, write and delete the private messages of its users, with no permission needed outside of signing into the social media platform. That’s about as bad as it gets.

It is alleged that over 150 companies were involved, including sites from the entertainment, automaking and media industries. With the oldest deal dating back to 2010 and most deals still active in 2017, the companies were able to gather data from hundreds of millions of people per month. The scope of the privacy violation is staggering.

In a post on the company’s blog, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs at Facebook, said that none of the partnerships or features gave companies access to information without people’s permission, and didn’t violate Facebook’s settlement with the Federal Trade Commission.

“To put it simply, this work was about helping people do two things. First, people could access their Facebook accounts or specific Facebook features on devices and platforms built by other companies like Apple, Amazon, Blackberry and Yahoo. These are known as integration partners,” wrote Papamiltiadis.

“Second, people could have more social experiences – like seeing recommendations from their Facebook friends – on other popular apps and websites, like Netflix, The New York Times, Pandora and Spotify.”

Mark Zuckerberg speaking at a conference. (Photo: Pete Souza)

Mark Zuckerberg speaking at a conference. (Photo: Pete Souza)

Facebook claims it has been public about these features. It also says many of the partnerships have been shut down over the past few months, except those with Amazon and Apple. Facebook also strangely implied that by signing into their Facebook account, users had agreed to all these terms and were to blame for any perceived invasion of privacy.

In reply to the question, “Did partners get access to messages?” Papamiltiadis wrote, “Yes. But people had to explicitly sign in to Facebook first to use a partner’s messaging feature.”

Who knew that signing into a Facebook account gave the company – and any company it sees fit – the permission to do whatever the hell it wants with your data?

David Vladeck, a former Federal Trade Commission employee, wasn’t having any of the Facebook PR spin and diversion of blame.

“This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” Vladeck told the Times.

“I don’t understand how this unconsented-to data harvesting can at all be justified under the consent decree.”

Nick Stamos, Facebook’s former chief security officer, gave Facebook the following advice to clean up this mess: “What they really need is a table that gets updated over the next several days that lists the company, the kind of integration, what data was accessible, what steps a user took to activate the integration, and when/whether it was shut down.”

In response to the concerning findings, Amazon, Microsoft and Yahoo spokespeople told the Times that they used the data appropriately, but wouldn’t discuss the details. Netflix sent out an ill-timed and tone-deaf tweet that said it “never asked for, or accessed, anyone’s private messages” because “we’re not the type to slide into your DMs”.

Spotify tried to pretend that it was completely unaware of the access that Facebook had granted them – sure, and the Royal Bank of Canada denied that they had any access at all. So much for taking responsibility, right?

A TV remote pointed at a TV displaying the word 'Netflix'

Even Netflix had access to your personal data and messages. (Image: Netflix)

The Times claims the revealed partnerships are only a fraction of all the deals, which include over 60 smartphone and tablet brands. Apple, for example, had access to contact numbers and calendar entries even when people had changed their account settings to disable sharing. Apple claimed they were unaware of the access granted by Facebook.

Facebook claims none of these data partnerships violates the terms of their FTC (US Federal Trade Commission) agreement because the companies are service providers that strictly use the data “for and at the direction of” Facebook, basically serving as an appendage of the platform.

The FTC believes otherwise. They say Facebook’s interpretation of the exemption is too broad, and that it was supposed to be used for sending and receiving information such as processing credit cards for payment, not scanning and sharing user data between companies.

Freedom From Facebook, a program aimed at breaking up Facebook’s social media monopoly, has called for the FTC to act.

“This is a make-or-break moment for the FTC,” said Sarah Miller, Chair of Freedom From Facebook, in a statement to Fox News

“The flagrancy with which Facebook has flouted its consent decree shows it doesn’t take the agency seriously.

“The idea that Facebook should be broken up, or never allowed to acquire Instagram and WhatsApp, has gone mainstream. If the FTC wants to be taken seriously again – not only by corporations but by the public, on whose behalf it is expected to work – the FTC can’t allow Facebook’s monopoly to continue to exist.”

Only time will tell the ramifications for Facebook, but billions of dollars usually assist legal battles pretty well. What it should do, however, is act as a reminder that we pay for so-called ‘free’ services like Facebook, Instagram, Twitter and WhatsApp with what has become the most valuable commodity of all – our personal data.

About the author

Clear eyes, full hearts, can’t lose.

Leave a comment