In a chilling report published by CNBC, over ten former employees of the social media giant have come out to reveal that Facebook uses its app to find and deal with every perceived threat.

Facebook tracks users and ex-employees who represents a threat to its staff or offices through a list it calls “BOLO,” short for “Be On the Lookout.”

Replying ‘F*ck you, Mark’ on Zuckerberg’s Update is Dangerous

For Facebook, perceived threats include users who publicly threaten the company, its staff or offices but sometimes the bar could get low. While it’s standard to find yourself on Facebook’s List for sending threatening emails to the company, some others might find themselves on the list for swearing at the company’s CEO Mark Zuckerberg or its COO Sheryl Sandberg on their status updates or as a reply to a comment.

This form of communication is classified as “threatening communication,” according to a former employee who worked with the company’s security team. In its defense, Facebook said no one gets added to its BOLO list without a “rigorous review” of the seriousness of the threat.

How Facebook’s Security Share User Data

If you do find yourself on Facebook’s BOLO list, a request will be made from Facebook’s global security operations center to the company’s information security team for them to monitor your movement. Security officials will also receive a report about the user, including their name, location, photo and a brief description of why they were added to the list.

If a Facebook user makes a threat about a Facebook office, but they are in another jurisdiction, the tracking might end there. In cases, where threats are made against an office close to the BOLO user, Facebook will monitor the user’s location regularly and keep the physical guards on alert. They can also alert local law enforcement agencies, where need be.

In one case detailed in the report, a Facebook user, who was visiting an employee who works at the headquarters, was denied entry into the Campus. Unknown to him, he was on Facebook’s list for freaks.

His name was included based on a message he sent to Zuckerberg years back. He was prevented from entering the premises, and his movements were observed, according to a former employee familiar with the case. Calls were made to Facebook’s global security intelligence and investigation team, and the user was subsequently removed from the list and granted entry into the premises.

Facebook was quoted by CNBC in the report:

Our physical security team exists to keep Facebook employees safe. They use industry-standard measures to assess and address credible threats of violence against our employees and our company, and refer these threats to law enforcement when necessary. We have strict processes designed to protect people’s privacy and adhere to all data privacy laws and Facebook’s terms of service. Any suggestion our onsite physical security team has overstepped is absolutely false.

The Ugly side of Facebook’s Data Collection

The social network has been upfront about the kind of data it can collect from users and what it does with the data. According to its data policy, the company collects data from any of the device settings a user turns, and this includes your GPS location. Facebook is entirely advance in the way it amasses detailed information from its customers.

It has invested in the ability to collect, store and analyze huge chunks of data in real time. Facebook can use the data it gathers from your activity to promote user security and safety for both online and offline use cases, as it does with the BOLO list.

Facebook monitors users activity across multiple sites through its cookies; facial recognition is another investment the social network has made to help in its photo processing capabilities.

The most exciting part is ‘likes.’ Every time you like an update or a picture, you’re giving Facebook viable data about yourself to accurately predict your intelligence, emotional stability, religion, sex life, age, political views and much more. It would be nice if Facebook kept all of this information to itself to protect its staff and offices. But the social media giant has been selling user data to the highest bidder.

Last year, it told Congress it gave over 50 businesses including Nike and Spotify access to user data, after blocking the feature to the general public.

User data was also harvested by disgraced research firm Cambridge Analytica who harvested personal data of millions of Americans on Facebook without their consent and used it for political purposes.

The Scary Side of Tech

It’s not uncommon for tech executives to be targeted by irate customers or disgruntled employees, as some have been. Last month, Facebook’s Menlo Park headquarters was evacuated following an anonymous tip sent to the NYPD.

YouTube suffered a disastrous shooting, when a suspected female shooter drove into the building and opened fire on employees at the company’s San Bruno headquarters, injuring some workers before killing herself. Netflix’s LA office was also locked down following reports of a former employee of the streaming giant strolled into the office with a firearm. The employee was detained, without injuring or killing anyone.

While Facebook is taking these extreme measures of spying on its users to keep its staff safe, it begs the question of just how ethical these threat tracking tactics are. Other tech companies keep similar lists, but this author doubts they use their user’s data against them as much as Facebook does. As described by a former Facebook employee, the social media giant’s tactics are “very Big Brother-esque.”