JM Rieger @RiegerReport Video Editor, The Washington Post • [email protected] Jun. 17, 2018 4 min read

Facebook has confirmed to Congress it tracks your:

- Mouse movement on screen
- Operating system
- Hardware
- Battery level
- Signal strength
- Harddrive storage space
- File names and types
- Bluetooth signal
- Browser and browser plugins 

For years, Facebook allowed:

- Bing to see names of FB friends w/o consent
- Amazon to get contact info via FB friends
- Yahoo to view FB friends’ posts
- Spotify and Netflix to read, write and delete FB private messages and to see all users on a thread 

As of 2017:

Sony, Microsoft, Amazon and others could obtain users’ email addresses through their friends.

Facebook also gave Russian search giant Yandex access to unique user IDs even after Facebook had stopped sharing them with other applications. 

Facebook has never sold user data, instead opting to grant companies access to parts of the social network in ways that advanced its own interests.

FB obtained data from multiple data-sharing partners for its friend-suggestion tool “People You May Know.” 

FB allowed Apple to hide from FB users all indicators its devices were asking for data.

Apple devices had access to contact numbers and calendar entries of people who had changed account settings to disable all sharing, records reviewed by NYT show. 

Most data-sharing partners contacted by NYT declined to say whether FB had audited their use of FB data.

Two former partners said FB never audited them: BlackBerry and Yandex.

Facebook told NYT while it audited partners rarely, it managed them closely. 

The records obtained by The New York Times shows that The New York Times had access to users’ friend lists for an article-sharing application it discontinued in 2011. 

Facebook: “None of these partnerships or features gave companies access to information without people’s permission.” 

Facebook’s director of privacy to NYT:

The FTC agreement didn’t require users’ consent before sharing FB data. 

Facebook also used contact lists from Huawei — which has been flagged as a security threat by American intelligence officials — to gain deeper insight into people’s relationships and suggest Facebook friends to them via the “People You May Know” tool. 

In a second Facebook response to NYT story, Facebook says no third party read users private messages and the private message read/write/delete access only occurred if users opted for the Facebook Login option on third party sites. 

Notably, Facebook did not post the permission screens that users saw when granting this access to third party apps via the Facebook Login option. 

"Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android 'Facebook Research' app.”

Apple now says Facebook violated its policies. 

The Facebook Research app likely gave it the ability to track:

- Private messages in apps
- Instant messaging chats, including photos/videos
- Emails
- Web searches
- Web browsing
- Ongoing location information via any app tracking a user’s location 

The Facebook Research app was similar to another Facebook research app that Apple banned over the summer. 

"Facebook even asked users to screenshot their Amazon order history page.” 

At least 11 apps are sending personal info to Facebook, often w/o disclosure and even if the user has no FB account, including:

- Heart rate
- When a user had her period and tried to get pregnant
- The location and price of real estate viewed by users 

Facebook and Instagram still target ads based on a user’s location even if the user turns off location services.

A user cannot opt out of it.

Facebook also targets ads to users based on their IP addresses, even if users turn off location services. 

Even while publicly claiming to protect user data, Mark Zuckerberg oversaw plans to require third-party apps to compensate Facebook for access to its users’ data, according to ~4,000 pages of leaked company documents from 2011-2015 obtained by NBC News. 

"Facebook ultimately decided not to sell the data directly but rather to dole it out to app developers who were considered personal ‘friends' of Zuckerberg or who spent money on Facebook and shared their own valuable data, the documents show.” 

Zuckerberg downplayed the potential privacy risks associated with Facebook’s data-sharing arrangements in a 2012 email:

“I just can’t think of any instances where that data has leaked from developer to developer and caused a real issue for us.” 

"Facebook said Thursday that it stored millions of Instagram passwords without proper security, expanding a disclosure in March that Facebook passwords had been left visible and unprotected inside the company's servers.” 

"Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts.” 

Facebook has uncovered emails that appear to show Mark Zuckerberg connected to potentially problematic privacy practices.

A 2012 email exchange with Zuckerberg discusses how some apps can display user information regardless of user privacy settings on FB. 

A yearlong study by the South Asian American advocacy group Equality Labs found that in India, Facebook failed to delete 93% of posts containing speech that violated Facebook’s own rules. 

Instagram allowed Hyp3r, one of its preferred “Marketing Partners," to secretly save the stories and locations of millions of users for the past year, violating Instagram rules.

Instagram has issued a cease and desist and kicked Hyp3r off its platform. 

"Facebook hasn’t disclosed to users that third parties may review their audio. That’s led some contractors to feel their work is unethical, according to the people with knowledge of the matter."

Companies including Facebook, Apple, Amazon and Google have been relying on humans to check and improve their voice-recognition and/or artificial intelligence systems, but have not told users about it. 

You can follow @RiegerReport.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Threader is an independent project created by only two developers. The site gets 500,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Running this space is expensive and time consuming. If you find Threader useful, please consider supporting us to make it a sustainable project.