It’s well established that joining a social network means trading privacy for information. Your Facebook friends, for example, get to see that picture of you looking like you might be stoned, and you get to “like” their posts celebrating the legalization of marijuana in Washington and Colorado. Or, perhaps you simply post about your 50th birthday party or celebrating Ramadan. Potential employers get to see all that stuff too, depending on your privacy settings, and there is evidence that some of them discriminate on the basis of age and against Muslims. Facebook, meanwhile, gets to target ads at you.
What’s not as well appreciated, but becoming increasingly clear, is that users of social networks in general, and of social networking kingpin Facebook in particular, are ill-equipped to evaluate the price they’re paying in this trade — to determine just how much privacy they’ll lose over time in exchange for status updates from their friends, and what that loss will eventually mean for themselves and their loved ones.
Part of the reason it’s hard to think clearly about privacy tradeoffs is that data collection now occurs at a staggering scale. Facebook earlier this year announced that it had figured out how to store a billion gigabytes, known as an “exabyte,” in each “data hall” room in its data centers. As people upload two billion pictures a day to the social network, older photos are moved to these “cold storage” exabyte systems.
Facebook’s data hoard is being mined in ever more inventive ways. To take just a few examples: information uploaded to Facebook was sought by the Manhattan DA in a recent social security fraud case; Facebook earlier this year announced research on new techniques for performing facial recognition on partial digital images; and the company last month defended a patent acquired while purchasing a company that could be used to evaluate a person’s loan application based on the credit of his or her friends. Meanwhile, Facebook’s own rules about how its data is handled have grown more opaque, according to a recent study; in 2012, even the sister of Facebook’s co-founder accidentally made a private picture public.
“Facebook’s story is that we trade privacy for access to its service,” says Cory Doctorow, a best-selling author, co-editor of the pioneering futurist blog Boing Boing, and consultant for the civil liberties group Electronic Frontier Foundation. “But it’s clear that none of us really know what we’re trading. People are really bad at pricing out the future value of today’s privacy disclosure. … It’s nothing like any other marketplace. … In a market, buyers and sellers bargain. In Facebook’s ‘market,’ it gets to treat your private data as an all-you-can-eat buffet and help itself to whatever it wants.”
No one goes into Facebook planning to share tons of data. When you signed up, all you wanted to do was upload a few flattering vacation photos because your relationship status was, well, It’s Complicated. But people tend to get sucked into Facebook. In 2010, Austrian law student Max Schrems asked for, and eventually received, all the data Facebook had compiled on him. The information arrived in the form of a 1200-page PDF file. It contained both active and deleted personal data, including information on who had “poked” Schrems; a record of who he had friended and de-friended; a list of Facebook users he shared computers with; his RSVPs to various events; email addresses he had never provided Facebook, presumably culled from address books shared with Facebook by his friends; and all his messages and chats, some marked “deleted.” He later formed an activist group called Europe v. Facebook and, among other legal maneuvers against the company, filed a complaint with the Data Protection Commissioner in Ireland, where Facebook has its European headquarters, arguing the company’s practices violated an amendment to the European Union charter.
If a user like Schrems asked for a data dump today, it would probably look quite different. As Facebook evolves and offers more features, it generates new types of information, information that often remains hidden away. “Social networks foster an environment of mutual participation … on the premise of a social good,” says Dr. Richard Tynan of the U.K. organization Privacy International. “However, behind this apparently benign act exists an ecosystem of algorithms and decisions, known only to Facebook.”
Facebook’s tendency to appropriate more and more information led, in 2011, to a complaint by the U.S. Federal Trade Commission that the company had “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.” Without admitting wrongdoing, the company settled the case that same year, agreeing to 20 years of audits. Among other things, Facebook said it would announce all privacy policy changes widely and give people 60 days to change settings on their posts or delete their account. One commissioner disagreed with the ruling on the basis that it was, in his view, too lenient, allowing Facebook to settle without admitting wrongdoing.
A Facebook spokesperson offered, “We want people to understand how Facebook works so they can make informed decisions and control their experience. In an effort to help people really understand our data policy, we’ve made it 70 percent shorter and easier to navigate.”
Some studies dispute this. A 2015 study conducted by undergraduates at Harvard University for a publication run by data and privacy expert Professor Latanya Sweeney found that Facebook’s privacy policy became markedly more opaque and less explanatory over the years. It also argues the policy’s length has grown, which is disputed by Facebook along with the study’s general thesis. Other researchers, like the Center for Plain Language, offer praise for Facebook’s policies compared to companies like Apple.
Doctorow holds a different view. “Facebook’s playbook is easy to understand and sleazy as hell: a privacy dashboard that’s so complicated that even the Zuckerberg family can’t figure out how to share things with just family members; periodically changing everyone’s privacy settings by fiat to grab more than they’ve said they’re willing to give, then backing off to a point that’s less private than it was before, while issuing a non-pology for the ‘misunderstanding,’” he says.
Even when Facebook wants to keep your data private, it may not be able to. Earlier this year, Facebook was joined by the New York Civil Liberties Union (NYCLU) in challenging a sweeping warrant by the Manhattan District Attorney’s office. The DA wanted to see all Facebook data for 381 people under investigation for social security fraud. At the time it won the appeal, the Manhattan DA released a statement saying this became “the third court to deny Facebook’s efforts to block lawful evidence gathering,” and cited 108 guilty pleas and $24.7 million in forfeiture and restitution. “In many cases, evidence on their Facebook accounts directly contradicted the lies the defendants told to the Social Security Administration,” the statement said.
NYCLU attorney Mariko Hirose says Facebook was under a gag order, prevented from initially telling those under investigation about the warrants. “We’re not saying that social media information can’t be used in a criminal investigation,” Hirose says. “The question is complying with the Fourth Amendment, probable cause and particularity. They didn’t particularize the warrant. They asked for everything — photos, videos, IM chats with friends and family.” A Facebook spokesperson said the company is still considering whether to file a motion to appeal.
As hard as it is to fathom all the ways Facebook data is used today, the possibilities only multiply when you project into the future. Earlier this year, several researchers from Facebook and the University of California, Berkeley, published the paper “Beyond Frontal Faces: Improving Person Recognition Using Multiple Cues,” advocating for a new and, in their research, highly improved way of deriving people’s identities using partial, side, and even back-of-head pictures. In August, Facebook took moves to defend a patent acquired by Facebook in the purchase of another company, envisioning in one use case that “when an individual applies for a loan, the lender examines the credit ratings of members of the individual’s social network who are connected to the individual through authorized nodes.” The core of the patent was a technique to see how users are networked; other envisioned uses included spam prevention and personalized search.
A Facebook spokesperson stated, “Facebook didn’t invent the contents of this patent, so it’s misguided to think we are working in this area based solely on a single, unclaimed footnote in the document. Furthermore, we don’t allow people to use Facebook to confuse, deceive or defraud anyone, and we aggressively enforce this policy.”
The lending idea actually appears prominently in the patent application, taking up a fifth of the “summary of the invention section,” warranting its own diagram, and getting several other mentions, all outside of footnotes. And the strong wording of Facebook’s statement does not actually preclude the use of the platform for financial analytics. There’s also research that indicates that the startling idea of using social media for financial predictive analytics might actually work, and thus potentially catch on.
University of Maryland business professor Siva Viswanathan has looked into how “soft information” — like social contacts — can augment hard information like credit history to help lenders make better decisions. In his studies, this “soft information” has proven valuable. He studied social lending platforms like Prosper and Kabbage, not Facebook, but those platforms share with Facebook the challenge of showing that online networks can be as robust and stable as real-world connections. “We were surprised,” Viswanathan says. “Online was not perfect, but having the information did allow better [lending] decisions. The question remains how much better.” He also believes it’s quite possible that if social networks are adapted for predictive analytics in lending, people will alter their behavior online. “You have what we call adverse selection. You might end up getting the wrong crowd that manipulates connections, or people who care about privacy who are creditworthy borrowers who might stay out of the system.” Nonetheless, Viswanathan believes the model is viable.
It’s not at all clear how to help people navigate a world where the seemingly trivial act of accepting a friend request can have life-altering financial implications. Privacy International’s Tynan advocates increased disclosure of future risk; but does that mean that privacy policies would become more like dystopian sci-fi stories? “It is no longer acceptable for companies to simply detail what data they collect on their users,” he says. “They must be honest and explain what the implications are.” More radical is the idea of moving social networks to a different business model. Many people, including UNC professor Zynep Tufekci, have advocated that there be an option to pay for Facebook directly rather than by being data-mined. Some users, like me, stay on the platform as-is but greatly restrict the types of information we post. I genuinely enjoy the updates from my friends and U.S. family, and a glimpse into the lives of my relatives in Zimbabwe. But I block anyone else from posting on my wall and limit what I upload largely to pretty photographs and self-promotional links about my work. It’s hardly a deep glimpse into my life but my presence is still mineable, particularly the data on what items I click on and like by other users.
Of course, people can always leave Facebook. But you don’t even have to be on Facebook to be on Facebook. When I entered Doctorow’s name into Facebook’s search engine, I got a page that included a neatly formatted teaser link to his Wikipedia entry, plus a section titled, “Photos of my friends and Cory Doctorow.” He turns up in two pictures, uploaded and tagged by people who I’m friends with on the platform. At the bottom it reads, “This Page is automatically generated based on what Facebook users are interested in, and not affiliated with or endorsed by anyone associated with the topic.”
*Zeynep
Facebook is shady as hell. Right now it seems to “be cool” to not be in FB for some people but I have never been interested in social networks and have never created a FB account, not even when it was “cool”. A few years ago this was a problem to some of my friends since they wanted to “tag me” to pictures we had together. It was some sort of social network OCD behavior of some sort. One of them actually created an account for me just for this purpose without asking for my permission (he emailed me the credentials after creating the account). He told me that if I didn’t want the account I could just not confirm it and that’s what I did, thinking that FB would eventually delete it. BIG MISTAKE. They did not delete it, they let the account there and for all intents and purposes was an actual FB account. After about two years someone asked me if I had a facebook and I said no, another friend of mine was present and he told me that I actually had one. We argued about it for a while and imagine my surprise when it turned out that I was wrong, I did “have” FB account and he had me as his friend. It was the same account my friend created for me that I assume that FB would delete. I logged in and saw all these friend request (people that I actually did know in real life) the only limitation of this account was that it couldn’t accept friendships but that doesn’t matter to FB, it can still create a node for you in their social graph. FB knows that all those people know me and that I know them however superficially. I “permanently” deleted the account and they supposedly removed it but I’m pretty sure “my” social graph node it’s still there being used by their algorithms. Fuckers. Stay away from that shit.
Social media + Privacy = https://www.minds.com/
Free. Open-Source. Encrypted
A multitude of articles such as this one, sent to FB users I know, has done absolutely nothing to alter their use of FB. I don’t know if they even read them thoroughly; I get mumbly replies about how they’ve set their privacy and so on.
It’s also increasingly difficult to find news sites that allow comment, that are not using FB for commenting. I feel terrible that they are depriving their readers of my valuable insights!
Great post. We all know when users’ of technology when they are given free tools, in exchange they give away their digital rights it is old news now. As end users of technology, we never had protection rights to our data either, we don’t own our data, technology companies own it and they make a shit load of money with our data.. that is Facebook’s business model, the laws don’t support innocent users of technology either, they protect big tech companies… double edge sword, today’s technology are easy to hack . I have a story to tell about what one company is doing to solve this critical issue of end point rights.
Excellent article. Thanks for making an effort to, once again, help the public understand the implications of “sharing” it all on FB.
You can “leave” facebook but you cannot delete your account! Once you create your FB profile, it is there forever: it is not your property, it is owned by FB and they will not delete it. I tried to delete my account in 2011. 4 years later this month I checked to see if my profile was still there: yep! Everything was still there ready to pick up where I left off.
I think the key to using Facebook is to be your own ‘privacy setting’ and do not rely on the unreliable and ever changing privacy settings on facebook that will invariably expose what you want private. You need to think of Facebook is entirely, entirely PUBLIC. Assume that everybody can ready anything you post or upload: employers, customers, police, etc. Be extremely cagey on FB….what you say or post can and will be held against you!
I solved the privacy issue by using part of my maiden name that I don’t use anymore in any document (I had two being of a South American origin) and I find that nobody, not even my friends, have found me on facebook, I found them. The reason I decided to do this was because I was a teacher when I joined Facebook many years ago and I didn’t want my students to find me. The only draw back is that I have to explain to people why my name isn’t my current name.
I believe that with some basic data about you—hometown, high school and college, current and previous place of employ—and a bit of data crunching, it would be trivial to identify your account on Facebook. That’s not something the average person would do, but any business or other agency wishing to do so would be able to. So, “nobody” (as you say) is a bit of a stretch.
Thank you for this story. Given that 1/7th of all human beings are on FB, I’m growing more worried that I will appear suspicious to police or employers or even just neighbors because I’m not there. And perhaps now I can add being unable to obtain credit. FB is a method to analyze and quantify human behavior so that corporations can market to us in increasingly insidious and irresistible ways. The social interaction is merely the carrot they dangle to get us to reveal exactly how we behave and why we do. I’m not saying that was the plan for FB from the beginning (nor even that they really understand what they’ve become) but this is the real implication of FB on humanity and when you really see that picture at last it is frightening.
I wish more people would boycott tech products until strong consumer protection laws are put in place to keep pace with new adaptations of technologies. US consumers didn’t even blink when Snowden blew the whistle, much less change their behavior, it’s kind of pathetic.
I agree with your comments, unless a group of people set up new standards.. only will we as end users of technology succeed.
Due to some issues with a wrong gmail account i cannot acces FB and are blisfully not data mined anymore (i hope). BIG brother zuck is watching.
Great article!
This is an important article. I am a criminal defense attorney and am currently litigating defendant’s constitutional right to access evidence stored by social media providers that helps exonerate my clients. Facebook claims it does not store deleted content on social media files, or at least it is not “reasonably accessible.” Just as a I suspected, this was a lit. Thank you for this good work. I hope you keep reporting on it.
Add all the data from Whastapp to the cocktail….
after 7 years of hassle free commenting on the demise of society and government.. I was ID checked by FB.
I don’t play that game.
Seems they couldnt data mine me… fake name fake bday etc etc
Thank you for the informative article on Facebook’s privacy issues. I prefer The Intercept focus on this rather than the racism and Muslims.
Listening to Zuckerberg tell me that his dislike button is like a like button, but only for empathizing with victims, not wrong doers, sounds more like a game better played by data rapists. What is the meaning of your leading inferences, Zuckerbug? No telling anyone to bug off unless you say it’s OK? OK, asshole.
“That’s why I go to the Intercept, they let you say what you think…” BS.
I refuse to go there. My Auntie is always there, but I won’t follow her into the square just four a dance off. I enjoyed the one on one conversation, but I’m not tuning into anyone’s broadcast station. Enough DJ’s in the house to spin your ass off.
“Facebook, meanwhile, gets to target ads at you.”
They can try, but ultimately you are the determiner of what you see: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
Not on the majority of Apple devices, which don’t allow adblocking.
Works on any device (laptops) that’ll run FireFox, for example. The most recent news would seem to suggest that ad blocking is available on the iPhone and iPads running Safari (http://www.businessinsider.com/apple-ios9-to-allow-ad-blocking-on-iphones-and-ipads-2015-6?r=UK&IR=T).
Don’t forget Ghostery, which lists all trackers on a Web page and lets you block any or all of them (including FB & Twitter). That and AdBlock+ are on my Firefox browser.
I should add that Ghostery found three trackers at The Intercept, including Google Analytics but not FB.
I was on FB for a short time, but quit it years ago over privacy issues. Don’t miss it a bit, obviously. Thanks for the article, Farai.
The 2015 study mentioned in the article: http://techscience.org/a/2015081102/