Why Privacy By Design Matters
As the chorus surrounding Facebook's latest data scandal continues to reach a fever-pitch, users who boarded the #DeleteFacebook train have woken up to an uncomfortable truth: the social network holds far more information about them than they expected, including complete logs of incoming and outgoing calls and SMS messages. Also included in phone call metadata, collected only from Android devices, are the names, phone numbers, and the duration of each call made or received.
The #DeleteFacebook movement gained groundswell following revelations that Facebook's weak privacy policy enforcement led to the sharing of personal information of 50 million users to a Cambridge University psychologist named Aleksandr Kogan for purposes of academic research without their explicit consent, who then passed it on to a British data analytics firm called Cambridge Analytica (in a "get rich quick" scheme) that used this harvested data to sway voter opinion during the 2016 U.S. presidential elections.
Since then, Facebook has had its stock price plummet by over 10 percent, its questionable mass data collection policy called "the largest data-mining operation in existence," forcing CEO Mark Zuckerberg to embark on an apology tour, while admitting there was a "breach of trust" between "Facebook and the people who share their data with us and expect us to protect it."
Alarming as this might seem, it should ideally come as no shock to users, as you can surmise from Facebook's nonchalant response to this data gathering practice (via Ars Technica): "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts."
"Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone – it’s explained right there in the apps when you get started. People can delete previously uploaded information at any time and can find all the information available to them in their account and activity log from our Download Your Information tool."
When anonymous feedback social network Sarahah was found to be surreptitiously uploading users' contacts to its servers last year, the app's developer rushed to defend the move, stating the upload was meant to be part of a now-defunct "find your friends" feature.
As I wrote in this very blog back then, "sharing your contacts on social networks is almost an ubiquitous practice today. I get it, it's super convenient to find your friends this way, but with phone numbers quickly becoming the only user name that matters, it is that much more necessary to be cautious and prudent before sharing them. Because you are not only giving away yours, but your friends and families' as well (irrespective of whether they wanted it or not) which are then harvested by social media platforms to create shadow profiles. Takeaway — Better be safe than sorry later!"
So, yes, what Facebook did was deliberately misleading and wrong: using uploaded contacts to recommend new friends, but also quietly sucking up your call history and other metadata for god-knows-what. But then it's hardly a surprise for a company that has a long history of playing fast and loose with user privacy, and for a CEO who branded users who trusted him and his social network with their email addresses, pictures and other personal information as "dumb f**ks". What instead we deserve is a platform that takes privacy seriously and encodes it into their design in a manner that instills transparency and trust.
The #DeleteFacebook movement gained groundswell following revelations that Facebook's weak privacy policy enforcement led to the sharing of personal information of 50 million users to a Cambridge University psychologist named Aleksandr Kogan for purposes of academic research without their explicit consent, who then passed it on to a British data analytics firm called Cambridge Analytica (in a "get rich quick" scheme) that used this harvested data to sway voter opinion during the 2016 U.S. presidential elections.
Since then, Facebook has had its stock price plummet by over 10 percent, its questionable mass data collection policy called "the largest data-mining operation in existence," forcing CEO Mark Zuckerberg to embark on an apology tour, while admitting there was a "breach of trust" between "Facebook and the people who share their data with us and expect us to protect it."
CEO Mark Zuckerberg's full page apology ad |
Alarming as this might seem, it should ideally come as no shock to users, as you can surmise from Facebook's nonchalant response to this data gathering practice (via Ars Technica): "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts."
"Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone – it’s explained right there in the apps when you get started. People can delete previously uploaded information at any time and can find all the information available to them in their account and activity log from our Download Your Information tool."
When anonymous feedback social network Sarahah was found to be surreptitiously uploading users' contacts to its servers last year, the app's developer rushed to defend the move, stating the upload was meant to be part of a now-defunct "find your friends" feature.
As I wrote in this very blog back then, "sharing your contacts on social networks is almost an ubiquitous practice today. I get it, it's super convenient to find your friends this way, but with phone numbers quickly becoming the only user name that matters, it is that much more necessary to be cautious and prudent before sharing them. Because you are not only giving away yours, but your friends and families' as well (irrespective of whether they wanted it or not) which are then harvested by social media platforms to create shadow profiles. Takeaway — Better be safe than sorry later!"
So, yes, what Facebook did was deliberately misleading and wrong: using uploaded contacts to recommend new friends, but also quietly sucking up your call history and other metadata for god-knows-what. But then it's hardly a surprise for a company that has a long history of playing fast and loose with user privacy, and for a CEO who branded users who trusted him and his social network with their email addresses, pictures and other personal information as "dumb f**ks". What instead we deserve is a platform that takes privacy seriously and encodes it into their design in a manner that instills transparency and trust.
Comments
Post a Comment