Mariana Bazo/Reuters
Facebook CEO Mark Zuckerberg.
- Facebook is battling with more questions about how it uses and shares people's data after a jaw-dropping New York Times story.
- The Times claimed firms like Netflix and Spotify had the ability to read, write, and delete people's private Messenger messages. Facebook later admitted this was the case.
- But Facebook explained that this was down to a legitimate integration, it's no longer live, and people knew about it at the time.
- Facebook's new headache is that people are conflating serious, genuine data breaches with what could have been the legitimate opening of its platform.
- That's a big problem for a company trying to lift itself out of a cycle of terrible PR.
The New York Times broke a story this week which suggested, without giving much technical detail, that Facebook allowed companies like Netflix, Spotify, and the Royal Bank of Canada the ability to read, write, and delete your private messages.
There's evidence to suggest that Facebook users don't really care that the social network slurps up huge amounts of their information to inform targeted ads. But a lot of people care that their private messages stay private and, naturally, The New York Times story created an uproar.
Read more: Facebook says there's an innocent explanation for why it allowed Spotify and Netflix to access your private messages
Brian Schatz, a Democrat senator, called for federal privacy law in the US, saying: "The silence from Facebook is deafening. The New York Times has a story that says that PRIVATE MESSAGES were accessible to a bank in Canada and Netflix? I'm trying to be measured and precise with my words here. But I'm a customer as well as a Senator and I'm angry in both roles."
There are myriad reasons to mistrust Facebook, but is this a breach of trust on the scale of the Cambridge Analytica scandal? (A quick reminder: That fiasco essentially highlighted how sloppy Facebook was in policing how sketchy third-party apps sucked up and misused millions of people's personal data, and it was extremely bad.)
The information we now have suggests it's not a scandal on the same level. It isn't even any kind of breach. At worst, it's a kind of dawning of hindsight that maybe we should have paid closer to attention to the permissions we granted Facebook and partners like Netflix years ago.
Facebook's defence against the NYT is that it did have some messaging API integrations with Netflix, Spotify, the RBC and, it disclosed, Dropbox. This was so that people could send song and film recommendations and files to each other, and it was only available if people used Facebook to log into these external services. As for Netflix and Spotify actually reading your messages, it isn't quite so terrifying, at least as Facebook couches it:
"In order for you to write a message to a Facebook friend from within Spotify, for instance, we needed to give Spotify "write access." For you to be able to read messages back, we needed Spotify to have 'read access.' 'Delete access' meant that if you deleted a message from within Spotify, it would also delete from Facebook. No third party was reading your private messages, or writing messages to your friends without your permission. Many news stories imply we were shipping over private messages to partners, which is not correct."
The word "access," meant in a technical sense, is important here. Alex Stamos, Facebook's former privacy chief, told Ars Technica that this doesn't mean unfettered access. We are not talking about engineers at Spotify nosing into people's Facebook Messenger messages exposed via the music platform.
He told Ars Technica: "I think the Times' section on Messenger will come to be seen as intentionally misleading." He added that users "explicitly activated" Messenger integration with Spotify, suggesting that people mostly knew what they were doing.
As Stamos noted, Facebook ought to give more detail about how exactly these different types of integrations worked and, specifically, how it asked for users' permission. It is clear that people's attitudes are changing towards how much information they're willing to share, but it's a major problem that they also can't seem to tell the difference between serious data breaches and what looks like legitimate sharing of information with partners.
That's not a good outcome for a company trying to lift itself out of a cycle of terrible PR.
Ultimately, Facebook only has itself to blame. People no longer trust the firm's public explanations of how and why it uses data, thanks to its poor record on transparency, its hunger for people's personal information, and bad early decisions not to police its own platform properly.
This won't be the last explanatory blog Facebook will have to write.
Next Story
In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
SBI Life Q4 profit rises 4% to ₹811 crore
IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study
India legend Yuvraj Singh named ICC Men's T20 World Cup 2024 ambassador
