Facebook’s Data Loophole: Of course It’s Accidental

Social media now forms an integral part of our life. We trust our intimate secrets to a faceless server and expect that our content, be it pictures, text, or anything else will be protected by the strictest privacy firewalls. We expect that the individual for whom the content is intended, the “audience”, will only be the people we choose to share information with, and no other person or party will be able to view that content. However, the recent Snowden revelations only reaffirmed that our content is far from secure. There had been considerable criticism that Facebook, entrusted with the data of millions of individuals around the globe, was selling user data to advertising companies to make targeted advertising campaigns. Our lives were and continue to be documented, behavioral patterns decoded and other such information being deduced from our online activity. Mark Zuckerburg himself stated in an interview with TechCrunch founder, Michael Arrington, “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time.” The social norm being that privacy is now an outdated concept.

The above notion is debatable as Edward Snowden unleashed a barrage of information which defeated the aforementioned statement regarding privacy. Though the NSA remains the main culprit, have we ever cast the light of the interrogation lamp onto an organization which allows the NSA access to data, organized, efficient, and ripe for spying? A quick reading of the Facebook Data Use Policy confirmed my worst fears. Not only is our content accessible to the organization and stored, but the information we would ordinarily choose not to give out is ‘received’ by the social media giant. The Data Use Policy (which can be accessed here) clearly states:

When you post things like photos or videos on Facebook, we may receive additional related data (or metadata), such as the time, date, and place you took the photo or video.”

Being a law student, I must applaud the apparent ambiguity and the clever draftsmanship of the above statement. The condition does not say with absolute certainty that Facebook will receive the information and that it will be stored. Just that it MAY receive background information pertaining to the content I upload. Moreover, Facebook does not concede that the information that it does receive will be stored and used for an advertising stream, tailored to your activity on the social platform. But for now, I feel a bit at peace knowing that extremely personal information such as my location or my electronic devices is still in my control.

Oh wait.

“We receive data from or about the computer, mobile phone, or other devices you use to install Facebook apps or to access Facebook, including when multiple users log in from the same device. This may include network and communication information, such as your IP address or mobile phone number, and other information about things like your internet service, operating system, location, the type (including identifiers) of the device or browser you use, or the pages you visit. For example, we may get your GPS or other location information so we can tell you if any of your friends are nearby, or we could request device information to improve how our apps work on your device.”

Before I comment on the apparent breach of privacy which this policy entails, I would like to convey my gratitude to Facebook. Thank you for being clear on one aspect: Facebook does indeed collect information, store it and extends the same information to advertisers and vendors to advertise products and services. Facebook has now become a massive catalogue of identities, but a collection of whole individuals whose lives are on social media. This begs the question as to why Facebook must collect this information. By using our location, time, date and other intrinsic information attached to any content that we upload onto the social media platform, we are unknowingly conceding to information that we may not feel comfortable in knowing that we are providing. Perhaps we must read the Terms and Conditions of Facebook before we accept them blindly to succumb to the pressure of having a presence on social media.

It is imperative to note that Facebook receives information every time someone logs onto their profile, the device from which they log in, their IP address and if their device has GPS enabled, their location. But the GPS location is not as important as a person’s exact location can be triangulated by using the IP address from which a person is on Facebook. The social media giant brazenly mentions that through this information, they can tell you if any of my friends are nearby and other information which they’ve categorized as necessary for “the general improvement of Facebook”.

The one thing which caught my eye was the manner in which third parties have the capability to view data. The Data Use Policy clearly states that they sometimes receive information from third party organizations and advertising partners. Essentially, what this implies is that if I were to click on a Facebook ad which lead me to a different website advertising a certain product or service, the data pertaining to me clicking that ad includes, but is not restricted to time and date of the clicking, the location of the ad, and outlay. This information, once received by Facebook is then doctored to ensure maximum clicks.

Some may argue that Facebook is well within their rights to advertise products and/or services depending upon our search history. After all, they are not a charitable organization providing a service. They are in this business to make themselves self-sustaining and to reap profits and the only manner in which they can do that is by leasing out space on their servers to advertisers. However, I personally would feel uncomfortable knowing that every keyword I’ve ever searched with is documented and used to advertise products and/or services. I do not feel comfortable knowing that a nameless and faceless individual within the scores of Facebook employees is aware that I have logged in on my Facebook and am currently reading a colleague’s status on his timeline. I do not feel comfortable with the knowledge that every time I click, “Login”, my IP address and my exact location is stored on the Facebook servers. Perhaps it was through this mechanism of storing IP addresses that individuals preaching anti-state propaganda was apprehended and persecuted in Egypt during the Arab Spring. Perhaps it is through the scores of information available on Facebook servers that the NSA can keep tabs on individuals and their activities online, as their activities on the web are a reflection of their day to day tasks.

The general populace is unaware of something which is completely black and white. I do not feel comfortable knowing that my content, my location and other increasingly personal information is free to be pursued by individuals to whom I have not given consent. Perhaps by agreeing to their terms and conditions and their Data Use Policy, I have conceded to that. However, it was only for the purpose of this article that I bothered to read Facebook’s policies and Community Safety Guidelines. How many other individuals have made the conscious effort to do so? The answer to that would be startlingly few. And that thought, that individuals around us are now being treated as numbers and as data in cyberspace is, quite frankly, scary.

Add a comment

*Please complete all fields correctly

Related Blogs

No Image