Revealed in a cached of internal documents siezed by UK parliament

We look at highlights and other controversies surrounding Facebook



Facebook’s recent barrage of bad publicity and controversies seems almost non-ending as the recently revealed information from Facebook’s internal documents seized by UK Parliament has revealed even more damning details of their careless (or carefree) attitude to user privacy and data handling.

We list down some irritating, dangerous or despicable attempts by Facebook to grab some money.

1) Scraping your phone calls and SMS, in spite of knowing it was unethical

Your Calls and Messages are being logged

Facebook will record and upload each and all of your call logs and SMS if you are using the Messenger App. And it is quite possible that you may not even know you have given them permission to do so.



Don’t believe me? Go to this URL on Facebook which has your information. And scroll down to the section labelled “Calls and Messages”.



In fact, this was revealed as far back as March of 2018, and the only way to find out if they have anything stored is to look at the URL suggested above.

Facebook knew the risks and that it was unethical



The documents seized by the UK Parliament, which have been now revealed, shows that the Facebook’s growth team planning to use the call log data as a way to improve Facebook’s algorithms and find new contacts in the “People You May Know” feature of Facebook.

The lead for the project recognised it as a “high-risk thing to do from a PR perspective”, but went ahead nevertheless.



FB decided to go ahead with the call and SMS scraping.

Credits: UK Parliament/ The Verge.

2) Tricking users into giving permissions

The SMS and Call Log scraping initially required the users to opt in using the in-app pop-up dialog box. However, as expected, most people opted out. To increase the number of users FB can scrape the data of, the FB Developers looked for ways to manipulate the Android’s data permissions to enroll the users without showing them the permission dialog box.

FB found a way to change the permission it was granted without users noticing



In an email chaing, the developers responsible for the call and SMS log scraping feature discussed how they can increase the permissions without needed users to explicity provide the permissions.

One developer wrote, “it seems that this would allow us to upgrade users without subjecting them to an Android permissions dialog at all.”



FB Developers find a way to bypass the permission feature.

Credits: UK Parliament/ The Verge.

When the controversy broke, Facebook flat out refused that it was not collecting any call logs without permission, however, as explained in an article on Ars Technica, many Facebooks users were experienced persisted scraping inspite of never proving the permission while installing the Messenger app.



3) Considering selling user data



We covered Facebook’s considerations about selling its user data in detail earlier, an improperly redacted document showed that Facebook pondered over the idea to cut off data access to companies that did not spend over $250k a year on ads in a bid to increase the ad revenue.

Although there are dozens of emails discussing monetizing access to user data, this specific idea related to its OpenGraph API is not known to be implemented, there are other instances where they used the user data for other reasons.



4) Punish Vine, a competitor, by selectively denying access

Facebook’s CEO, Mark Zuckerberg personally told the staff to block the newly launched Vine app’s freind finder feature.

In the cache of documents seized by UK parliament, Justin Osofsky, a VP at Facebook, asked Mark Zuckerberg, “Twitter launched Vine today which lets you shoot multiple short videosegments to make one single, 6-second video. As part of their NUX, you can find friends viaFB. Unless anyone raises objections, we will shut down their friends API access today. We’veprepared reactive PR, and I will let Jana know our decision.”

Zuckerberg’s answered, “Yup, go for it.”

Mark Zuckerberg trying to harm Vine

Credits: UK Parliament

Although to be fair to Facebook, Twitter had also cut off its friend finding features for Instagram, which was acquired by Facebook.



5) Secretly leaking info to corporations and companies



To Facebook, user data was owned by FB and they could use it to earn money as they like, this is evidenced by emails discussing that the login is free but maintaining the data costs as much as $0.10 per year.

Mark Zuckerber discussing the cost of user data.

Credits: UK Parliament

And when an emoloyee question the liability of giving developes such open access, Zuckerberg admitted that, “we leak info to developers”, and dismissed the objection by stating, “but I just can’t think if any instances where that data has leaked from developer to developer and caused a real issue for us. Do you have examples of this?……”.

And then Cambridge Analytica happened, where a “survery” app was gather data of over 50 million people, which eventually was sold to Cambridge Analytica.

Facebook also allegedly “whitelisted” several companies for unfettered access to it’s API, even after it moved to Graph API 2.0 which made it difficult to access to data about user’s friends.

Whether, the whitelisting was linked to the ad spend on Facebook by those companies is unknown, however, several big companies like Netflix, AisBnB, Bumble, Lyft, Badoo / Hot or Not (dating app) were given access, while majority of smaller apps were denied access.

6) Buying a VPN company to snoop on users for competitive advantage



In 2013, Facebook acquired Onavo, a company known for it’s VPN project, but not known for its analytics business.

Typically VPN is marketed as a secure app that protects a users privacy, Facebook used that perception to its advantage and collected the data about all the apps on a user’s phone to analyse and gain competitive advantage.

In the Onavo app is deemed a spyware by Apple and media outlets, and Apple forced Facebook to remove the App from Apple App Store.



Onavo abused user trust and gathered their data, the very thing VPN is supposed to protect against.

Credits: UK Parliament

In their bid to gain competive advantage, Facebook abused the user’s trust in VPN and did exactly what VPNs are supposed to protect against, unwarranted snooping.

While the Facebook saga continues with (an obviously happy) board backing its CEO & COO in spite of mounting pressure from media and government, there seems to be no change in the way Facebook operates. With only a few hollow apologies, Facebook and Mark Zuckerberg keep promising that they will fix this without any apparent steps to contain the malaise.

Have you faced any data privacy scare or issue, let us know your thoughts in comments.

