Facebook gave tech companies ‘intrusive’ access to users ‘ private messages and personal information, internal documents reveal

connectVideoFacebook the tipping point?

Why 2018 could be seen as a canary in the coal mine for Facebook.

Facebook reportedly gave other big tech companies “intrusive access” to the personal data of its 2.2. billion-users — in some cases for private messages, usernames and contact information — questions about the question of whether the company ran afoul of the 2011 consent agreement with the Federal Trade Commission.

These secret agreements were clearly intended to benefit Facebook’s never-ending push for growth and to enable the companies to work with to add features to their products to improve. However, the findings underline how much power the Menlo Park, Calif.-based company operates on the data of the users.

The agreements are laid down in a “blockbuster” – New York Times on the basis of more than 270 pages of the internal Facebook documents and interviews with about 50 former employees of the company.

According to the Times, Facebook allowed Microsoft’s Bing search engine to include the names of almost all the Facebook users’ friends without his permission gave Netflix and Spotify access to Facebook users’ personal messages. The Mark Zuckerberg-led company allowed Amazon to get the users names and contact details of their friends and allowed Yahoo to view streams of friends’ messages. Facebook also reportedly allowed Spotify, Netflix and the Royal Bank of Canada to read and delete of users private messages and to all participants in a thread.


It is detailed in the internal documents, benefited more than 150 companies, including a number of entertainment sites, automakers and media organizations. Their applications collected the data of hundreds of millions of people per month, with the oldest deal that dates back to 2010 and the majority of the deals that are still active as of 2017.

In a statement posted on the blog, Facebook said none of these features or partnerships, gave companies access to information without the consent of the people’s party, nor did they violate the settlement with the u.s. Federal Trade Commission (FTC).

“To say it simply, this work was about helping people do two things. First, people can access their Facebook accounts, or specific Facebook features on devices and platforms built by other companies such as Apple, Amazon, Blackberry and Yahoo. These are known as integration partners. Secondly, people could have more social experiences – such as seeing the recommendations of their Facebook-friends – on other popular apps and websites, such as Netflix, The New York Times, Pandora and Spotify.”

The company said that the his audience about these features and that many of the cooperation, with the exception of Amazon and Apple, have been closed over the past few months. Facebook also noted in its blog post that users would have had to log in with their Facebook account to use the integration offered by Apple, Amazon or other partners.

“Still, we recognize that we need tighter control over how partners and developers access to information through our Apis,” the company said in the statement. “We are already in the process of reviewing all our Apis and partners that have access to them.”



Over the years several studies have confirmed that most people do not read the small print buried in terms of service agreements. Data Privacy experts pushed back on Facebook claims that the partnerships were all above board.

“The only common thread is that they are in the partnerships that would benefit the company in terms of development or growth in an area that they otherwise can not get access to,” Ashkan Soltani, a former chief technologist at the FTC, told the Times.

Another former FTC employee said the sharing of data probably violated the 2011 consent decree.

“This is just giving third parties permission to gather data without that you are aware of or give permission for it,” David Vladeck, who formerly ran the FTC’s consumer protection bureau, told the newspaper. “I don’t understand how this unconsented-data harvesting can be justified under the consent decree.”

Nick you will make, Facebook’s former chief security officer, tweeted that Facebook failed in its response to the Times, research by the mix of “all kinds of different integrations and models in a bunch of prose,” making it difficult to match the response of the organization with the times’ reporting. Still, he did defend his former employer, noting that third-party client access is a “pro-competition move.”

You will make gave the following advice on Facebook: “What they really need is a table that is being updated in the next few days a list of the company, the nature of the integration, what data was accessible, what are the steps a user to activate the integration, and/or the exit.”

Amazon, Microsoft and Yahoo representatives told the Times that they used the data in the right way, but they would not discuss the arrangements in detail. Netflix says in a tweet on Wednesday that it “never requested or opened, everyone’s private messages,” adding, “We are not the type to slide into your DMs.” Spotify told the Times that it was not aware of the access to Facebook, she had, while one of the Royal Bank of Canada spokesman disputed that the bank had such access.


Under these partnerships, which the Times reports is only a fraction of such deals, was that Facebook data obtained from multiple partners for a controversial (and, critics say, is rather creepy) feature known as “People You May Know.” That function, which was introduced a decade ago, still continues to exist, despite the fact that the users have been reported in other news outlets that it would recommend connections between stalkers and victims, or between patients of the same psychiatrist.

“Facebook, in turn, uses the contact lists of partners, including Amazon, Yahoo and the Chinese company Huawei — which has been marked as a security threat by American intelligence officials — to deeper insights in the relationships and suggest that more connections, the records show,” the Times reports.

In this Sept. 5, 2018, file photo Facebook COO Sheryl Sandberg testifies before the Senate Intelligence Committee hearing on Capitol Hill in Washington.

The Times also discovered more information about the details and the size of the share of deals that Facebook created, with more than 60 makers of smartphones and tablets.

That included a partnership with Apple, which reportedly allowed Apple “to hide from Facebook users all indicators that the aircraft were with the demand for data. Apple devices also had access to the contacts and calendar entries from people who had changed their account settings to disable all cookies, to share.”


Apple told the time was not aware of any special access granted by Facebook, adding that a shared data remained on the devices and was not available for others than the users.

Even so, Facebook’s record on privacy of the user — given the Cambridge Analytica data scandal and the more recent bug where users photos — is not exactly stellar.

According to the Times, two former Facebook employees also said that a lot of these special parts of partnerships, which are largely negotiated by more senior officers of the company, were not subject to a comprehensive privacy program reviews. Facebook said the level of scrutiny, “depending on the specific collaboration and the time it was made.”

Pam Dixon, executive director of the World Privacy Forum, a nonprofit privacy research group, said that Facebook has little power over what happens with the data of a user after sharing in general. “The travel,” Mrs. Dixon said. “It could be adjusted. It can be entered into an algorithm and decisions could be taken about on the basis of that data.”

Other privacy advocates criticized the FTC for not reining in the tech giant.

“There is an endless barrage of how Facebook has ignored users’ privacy settings, and we really believed that in 2011 we had solved this problem,” Marc Rotenberg, head of the Electronic Privacy Information Center, an online privacy group that filed one of the first complaints about Facebook with the federal regulators, told the Times. “We have on Facebook under the regulatory authority of the FTC after a huge amount of work. The FTC has failed to take a decision.”


Facebook claims this information partnerships fall under an exemption from the FTC agreement because the partner companies are the service providers who use the data only “for and in the direction of” Facebook, functioning in a way as an extension of the social platform.

However, the former FTC officials told the newspaper that Facebook was the interpretation of the exemption to the general, adding that the provision was intended to be the Facebook for the perform basic, everyday functions, such as sending and receiving of data via the Internet or the processing of credit card transactions, without violating the consent decree.

Another so-called integration partner was the Russian search engine company Yandex, who had access to Facebook’s unique user Id’s in 2017. A spokeswoman for Yandex, which was accused last year by the Ukrainian security service from the tidal movement of the user data to the Kremlin, said that the company was not aware of the access and did not know why Facebook had allowed it to continue. They also told the Times that the Ukrainian allegations have “no merit.”

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular