Clock 5 MINUTES

Facebook’s Worst Privacy Abuses & Data Scandals – Timeline

Facebook’s biggest ever Ad campaign said: We’re sorry. With a history of privacy abuse stretching back to its launch, it’s not hard to understand why. Here, we’ve provided a history of the biggest mishaps, leaks and breaches.

9 May
2019
SelfKey
Identity Wallet
facebook-data-privacy
key-icon

The social media giant launched in 2004 and has since become an integral part of modern society – registering more than 2 billion monthly users worldwide.

If you follow the news, you’ll know that Facebook came under fire in 2018 for a flurry of leaks, breaches and poor earnings reports. As a result, Facebook lost over $120 billion in market cap, and its user count shrank in Europe.

In fact, Facebook has a long and checkered history of neglecting its users. Let’s look at this claim in more detail.

The Early 2000s – Beacon Shares Purchasing History in the News Feed

Before Facebook had it’s two year anniversary, problems regarding user privacy were already emerging. In 2006, Facebook launched the News Feed feature which shared personal details without the users knowledge or consent. This led to users protesting the sudden privacy violation, especially because the News Feed didn’t have an off-switch.

In late 2007, a program called “Beacon” was launched which illegally shared users’ online purchases from third party sites on the News Feed. Once again, this was done without knowledge or consent, and a class action lawsuit was filed. Despite eventually paying $9.5 million to settle the lawsuit, Facebook didn’t stop running Beacon until 2009.

The SelfKey Identity Wallet is a free identity solution for Windows, Linux and Mac. Get yours today!

2009 to 2014 – The Federal Trade Commission Gets Involved

In early 2009, Facebook made changes to its terms of service stating that users can’t delete their data once they leave the platform. Rather predictably, there was an outcry. Later that year, Facebook revised its privacy policy and privacy settings for users. By doing so, Facebook made a large range of personal information public by default.

As 2011 came to an end, Facebook settled with the Federal Trade Commission (FTC) for privacy charges. According to regulators, Facebook falsely claimed that third-party apps were only able to access data that was strictly needed. The truth was more sinister, third-party apps could access nearly all of the user’s personal data and Facebook was also openly sharing user information with advertisers.

The FTC filed a number of other complaints, most of which involve Facebook lying to users about who could see their data and giving users a false sense of privacy. Due to these infractions, Facebook agreed to undergo an independent privacy evaluation every other year until 2031.

In 2013, Facebook discovered a bug that exposed private user information. Although Facebook caught it themselves, the bug shared the phone numbers and email addresses of 6 million users. Anyone who knew at least one piece of contact information or who had some type of connection to the person could access the data. In a statement, Facebook said it fixed the bug and notified regulators.

A year later, Facebook drew more negative attention, when it allowed an internal group of data scientists to run a mood manipulation experiment on over half a million users. The experiment caused Facebook to alter news feeds to either show more positive or negative posts, and its purpose was to show how emotions could spread over social media.

Once the study was published, there was a severe backlash due to the perceived ethical violations. Obviously, users did not provide informed consent to participate in the study, and were treated as guinea pigs.

2018 – Oops! We Leaked Your Data Again

To truly understand the extent of the Cambridge Analytica scandal, we have to go back a few years. In 2014, a Cambridge University professor, Aleksandr Kogan, ran a personality test app on Facebook.

Kogan’s company, GSR, then signed a data-licensing contract with the political consulting firm Cambridge Analytica in order to supply the company with psychological profiles of US voters. Over the course of the summer, the app was downloaded by over 200,000 Facebook users and harvested the personal information of as many as 87 million people.

It wasn’t until 2015 that Facebook learned that Kogan had shared data with Cambridge Analytica. According to Mark Zuckerberg, Kogan was banned from the platform and forced to delete all improperly acquired data. In the summer of 2016, Cambridge Analytica took legal action against GSR and Kogan, for selling illegally acquired data.

Facebook did not notify users of the data breach and assumed the problem had gone away. Luckily, a whistleblower by the name of Christopher Wylie  came forward in 2018, and The Guardian and The New York Times both published exposés revealing the scandal.

The damage of the breach was far more insidious than expected. Steve Bannon, a then advisor to the Trump administration, used this data to specifically target US voters during the 2016 presidential elections. Cambridge Analytica not only worked with Donald Trump’s election team; they also worked with Brexit’s “Leave” campaign – and reportedly had a significant impact on the outcome

2019 – The Aftermath & Our Current Predicament

After the Cambridge Analytica scandal, Facebook made a renewed pledge to protect users’ privacy and in May 2019, Zuckerberg stated “the future is private.” However in the wake of yet another scandal, the words feel hollow. 

There is no trust left for Facebook, and the shift to a privacy-centric approach just feels fake, especially since the behemoth launched its in-app dating service. Given that Facebook also owns two other mega apps – WhatsApp and Instagram – it’s beginning to feel more and more like Facebook’s real goal is world domination. Alarmingly, Facebook’s monopoly means that users have nowhere else to turn.

As recently as April 2019, Facebook’s privacy practices were under scrutiny again, when it was revealed that millions of passwords to Instagram and Facebook accounts had been stored in plain text files. Facebook assured users that the passwords were not accessible or abused in any way, but it’s another nail in the proverbial coffin for the company.

It goes beyond privacy too. In March, Facebook was deemed, by the United Nations, as a contributing factor to the ethnic cleansing occuring in Myanmar. It’s clear that Facebook is fighting many demons.

As of today, May 9th 2019, Facebook is still under investigation by the FTC. It is suspected that Facebook will have to pay a fine of $5 billion – the largest fine the agency has ever levied.

What Can You Learn from Facebook’s History of Privacy Abuse?

The timeline discussed so far illustrates that Facebook has a long history of privacy abuse. In interviews, Mark Zuckerberg is open about the fact that software engineers can test and deploy without much oversight. Decisions are seemingly made solely on the strength of the available data, giving little thought to the privacy of its global user base.

It’s unsurprising therefore to see so many occasions on which Facebook users have been forced to suffer data leaks and breaches. What can you do about it?

The first thing to learn is that any online account can be breached. As a result, you should either delete your Facebook account or at least delete any information that could potentially harm you.

Next, it’s vital to start learning about alternatives. Facebook, Quora, Google and others have shown that they cannot be trusted to keep your data safe. Instead, look for platforms that employ a decentralized identity management system. With this approach, your data is stored locally, keeping it safe from large-scale data breaches.

The concept of a Self-Sovereign Identity (SSI) system is key here, as it allows you to retain ownership over your data and minimises the information that is shared publicly. Check out Self-Sovereign Identity and SelfKey’s Identity Wallet to learn more.