Facebook can't catch a break: report says Spotify, Netflix, and others had access to your private messages
2018 has not been a good year for Facebook. Ever since the Cambridge Analytica scandal lit the flame early this year, the company has been held under heavy scrutiny for how it collects and handles user data. Document leaks have shocked some users, committee hearings have been scheduled to pressure Facebook into fessing up what it's doing behind closed doors, a #DeleteFacebook campaign was started and was viral for a brief moment.
Needless to say, the social media's stocks have seen better times.
But 2018 is not done with Facebook, not yet. The NY Times reportedly acquired a substantial number of documents, detailing Facebook's relationships with its big-name partners — what kind of data is shared and what the partners are allowed to do with it.
There are some juicy details to be found in these documents. Facebook is, reportedly, willing to bend its own privacy rules just so it can score a deal with the right partner. For example, Microsoft's Bing search engine was able to see the names of someone's friends without the user's consent.
OK, not too much of an issue. What else?
It allowed Amazon to siphon people's names and contact information through their Facebook friends. It also, up until the Summer of 2018, let Yahoo view streams of a user's friends' posts.
You know, that's still neither here nor there. Names, posts — these things are often public in the first place. But here's an interesting tidbit — reportedly, Facebook allowed Netflix, Spotify, and even the Royal Bank of Canada to look directly into users' Facebook Messenger conversations. That includes permissions to read, write, and edit messages.
Now, the purpose of this permission is not clear. We would assume it has something to do with being able to share Netflix shows or Spotify songs directly into a conversation. As far as the bank goes — we're not sure, probably personal money transfers through the Messenger.
Spotify and Netflix both said they were unaware they had such powers granted to them, implying that they never needed or used them, we suppose. The Royal Bank of Canada flat out denied ever having such access.
Apparently, even Apple had been given special treatment, with the ability to collect phone numbers and calendar entries from one's Facebook account in order to sync them to one's iOS device without needing to notify the user. Apple, too, stated it wasn't aware it was given any special treatment and also reassured users that whatever data is downloaded on an Apple device, stays just on that device and is not transmitted elsewhere.
Save for the private message access, a lot of these things sound like something a modern person should always be aware of. If you have a public profile, your name and picture will be seen. If you add contact details, those might end up shared more than you'd like. Even if your social media of choice is a true saint, you never know when servers can be hacked... or you simply can't know where that company and all of its information is going to be 10 years from now.
Then, there's the issue that these data deals were not a one-way street. According to the NY Times, Facebook was also getting data from Amazon, Yahoo, and even Huawei. The social media used any information it can get in order to get a deeper understanding of user profiles and even inter-user relationships.
So, the gist of it is, some Facebook partners have a lot more access than Cambridge Analytica had and Facebook did not think its users deserve to know this or need to be asked for consent. The full report can be found here, though the documents themselves are not presented.