On Tuesday (April 30), Facebook kicks off its annual F8 developer conference in San Jose, California, where CEO Mark Zuckerberg is going to take the stage followed by a parade of company executives to talk about what the social media giant has in mind for the next year and beyond. Some of that will concern current services like Instagram and WhatsApp. Others will be forward-looking features like the AI-voice assistant that's apparently in the works.
But a big chunk of F8 will likely focus on Facebook's attitude toward privacy, with Zuckerberg elaborating on his plan to promote more private communication on Facebook's many platforms. It's a big change that Zuckerberg sounds quite serious about.
If Zuckerberg wants to prove just how serious Facebook is about guarding user privacy, though, he should it prove it by announcing he's quitting.
Zuckerberg has been talking up privacy a lot lately, starting with a post back in March and continuing through a quarterly earnings call this past week in which Facebook's founder said he wants to build a more privacy-focused platform in which users can securely communicate with one another.
"I believe the future of communication will increasingly shift to private, encrypted services where people can be confident what they say to each other stays secure and their messages and content won't stick around forever," Zuckerberg wrote in his March post outlining Facebook's strategy. "This is the future I hope we will help bring about."
It's a lofty goal that Zuckerbeg himself concedes will take several years to implement. But with Zuckerberg still at the helm of Facebook, it will be hard to believe that the social media company is doing more than just paying lip service to the notion that it must do a better job of respecting the privacy and personal data of its users.
Type "Facebook privacy scandal" into your search engine of choice, and don't be surprised if you're prompted to be a little more specific. Incidents where Facebook was too cavalier with user data stretch back years, and while the particulars change from scandal to scandal, the one constant is the guy sitting in the CEO chair.
"Unfortunately, every time they seem to be taking a step in the right direction, we get another news blip," said Fatemeh Khatibloo, a vice president and principal analyst at Forrester Research, when I asked her about Facebook's credibility on safeguarding user privacy. "It's just one thing after another that proves they've never prioritized privacy over their business model."
Consider the F8 conference from a year ago that began with a prolonged apology over the Cambridge Analytica scandal, where a data mining firm got a hold of the personal data of 50 million Facebook users. Zuckerberg began his keynote promising changes at Facebook, such as using artificial intelligence to identify fake accounts, instituting new rules for ad transparency, and trying to keep fake and misleading news from filling up your Facebook feed. Zuckerberg also promised a Clear History feature that would let you easily delete information about apps and websites you've interacted with, sort of like erasing your browser history.
"It's not enough to build powerful tools," Zuckerberg said at last year's F8. "We have to make sure they're used for good, and we will"
So what's changed in the last year? Well, the Clear History feature never launched — it's coming later in 2019, Facebook now says — but the company showed off its commitment to safeguarding data in far more telling ways.
• In May 2018, 14 million Facebook users had the default setting on all of their posts changed to public. Facebook blamed the error on a bug.
• In August, the Wall Street Journal reported that Facebook had approached banks asking for card transactions and checking account balances so that it could target new services at users.
• In September, 30 million accounts were seized by attackers who used a flaw in Facebook's "View As" function to steal access tokens. About half of those accounts had names, phone numbers and/or email addresses accessed by the attackers, while another 14 million had additional data compromised.
• If you use a phone number for two-factor authentication with Facebook, the service confirmed that it uses that number to target you with ads.
• After insisting that its new Portal smart display wasn't collecting your data, Facebook admitted that whom you call and how you use Portal could be used for targeted ads.
• In December, we learned that yet another bug let app developers see photos users had uploaded to Facebook but never published.
• Those messages you thought were private on Facebook? Turns out the social media giant was sharing them with partners, according to a New York Times investigation.
• At the start of 2019, we learned that Facebook had been encouraging game developers to let children spend money on games without their parents' permission.
• Just this month, Facebook revealed that it stored account passwords for hundreds of millions of Facebook, Facebook Lite and Instagram users in unencrypted plain text on its servers, which would have allowed Facebook employees to take a peek.
• Oh, and two caches of Facebook user data — one of which with 540 million records — were found on Amazon cloud servers. That unprotected data had been put there by third-party companies in violation of Facebook's rules.
I want to point out: This is a partial list. If we sat around previewing everything that's gone wrong for Facebook since last year's F8 conference, we'd wrap up just in time for the 2020 version to begin.
In most organizations, that many high-profile blunders would result in an untold number of heads rolling. At Facebook, though, no one ever seems to be held to account — certainly not anyone in a leadership position at the company. (Facebook's highest profile departures usually seem to involve the founders of companies they've bought who bristle under Facebook's corporate culture.)
Instead, Facebook — which can't seem to master privacy for the services it currently offers — now thinks it's earned enough trust to promise that future services will include encrypted messaging and secure data storage. "We all need to communicate privately, and this service could be even more important in our lives," Zuckerberg said on a conference call with Wall Street analysts last Thursday (April 24). "So, I think we should focus our efforts on building this privacy-focused platform."
Zuckerberg was saying these words as reports leaked out that Facebook was facing a fine of between $3 billion and $5 billion from the Federal Trade Commission for violating a 2011 consent decree (involving user privacy violations, naturally). That's like Hannibal Lecter telling you how everyone needs to work more veggies into their diet.
Of course, Zuckerberg isn't going to take me up on my suggestion, nor is anyone with any influence at the company likely to press the issue about Facebook's repeated privacy pratfalls. Facebook just completed a first quarter where revenue rose 26 percent to a little more than $15 billion. Both daily active users and monthly active users rose 8 percent year over year during the quarter. If stories like this one scolding Facebook over its privacy lapses are bumming out anybody at the company, they're crying all the way to the bank.
MORE: Don't Use Facebook? Facebook Tracks You Anyway
(Khatibloo strikes a note of caution about putting too much stock in that daily active user figure — we don't actually know whether it covers someone who's constantly on Facebook or a user who opens the app once on their smartphone and then leaves it running in the background. "It would be more meaningful to know how people are engaging on the platform," she told me.)
So when F8 begins Tuesday, expect an extensive if not especially detailed talk about how this time, Facebook's really going to get privacy right. Expect developers in attendance to applaud. Expect the reporters there to dutifully take down every one of Zuckerberg's pronouncements.
And expect another apology a few months later when word of another breach leaks out.
I am a PHP / LAMP Stack Developer and Software Architect (Same Languages as FB is Coded in.)
This proves he had ABSOLUTELY NO idea what he was doing when he designed Facebook's system.
This is EXTREMELY elementary... Beyond rudimentary! Spells INCOMPETENCE... Possible Negligence?
Facebook must be a company full of the worst and most incompetent employee's on the face of the entire planet!
I've been denied multiple bounties for legitimate issues regarding Facebook that they ended up patching, but was always given an elaborate excuse as to why they wouldn't pay the bounties, which always ended up being entirely fictitious if not outright lies or misinformation. It is impossible to sue them over this, because they will throw a team of unpaid intern attorneys at the case so they don't have to pay these bounties, unless it is ordered by a court. It also costs money to bring charges against them, so they get away with it most of the time and receive free work constantly!
I still have the emails where they told me instead of filtering CSRF attacks in their system, all wireless routers in the entire world needed to be patched to prevent them... They then included the CSRF patches I proposed, into their filtering system... I was not paid or compensated in any form...
This is now a rampant business practice by Facebook, because they have been allowed to get away with it repeatedly.
Hackers and security researchers have now been selling the vulnerabilities and exploits on the black market to attain at least some form of compensation.
I mean they deserve to be paid something if Facebook isn't going to pay like they promised.
I see it as fair game and I hope FB get's devastated by the next black market exploit that gets released, by a security researcher who was pissed enough for not being paid to do actually do something about it.
Who likes to work for free here?
How about your hard work being completely stolen?
Injustice at its finest...