Facebook's biggest mistakes
It seems that every week, there’s another huge Facebook controversy. From the Cambridge Analytica scandal to how its Android app collects data on everyone you've texted, the company seems to have done practically everything it can to erode the public's trust. You may even have a hidden Facebook profile that you didn't make, made up of things other people said about you.
Here are the worst of Facebook's blunders, in chronological order. We expect we may need to update this list often.
Facebook may have a profile on you that you don't know about (11/7/17)
Sure, I deleted my Facebook profile, but that may not stop the company from keeping tabs on me. Multiple reports hint that the company keeps “shadow profiles” on everyone, even people who don't use Facebook. You can see this technology in your day-to-day experiences, such as when Facebook magically recommends a new friend whom you already know. These profiles can be created using data about an individual that has been shared by Facebook users.
Cambridge Analytica used Facebook's quizzes to harvest your data (3/17/18)
Eighty-seven million Facebook users had their personal data given to third parties without permission, thanks to personality quizzes on Facebook. Yes, users connected their accounts willingly to Global Science Research (GSR) in the name of scientific research, but they did not know that the data would be passed on to Cambridge Analytica, a firm accused of using Facebook information to craft ads and messages for Donald Trump’s 2016 presidential campaign.
Facebook knows who you're calling and texting, outside of Facebook. (3/23/18)
We saw this with our own eyes as we poked around one of our own Facebook-account data exports. Facebook -- via its Android app -- logged histories of your calls and text messages. Yes, this may feel a little too like Black Mirror's "The Entire History of You," but it's not fiction. Don't think you're outside of Facebook's tracking if you're not using Facebook Messenger. The app is logging your SMS texts and phone calls, actions performed entirely outside of Facebook's app.
Facebook requests your bank balance info (8/6/18)
Facebook wants to know everything about you, and that trend continued when reports revealed the company went looking for your bank info. This information would likely be used for interactions between customers and banks through Facebook Messenger, which is getting a ton of features plugged into it, with the clear and likely intent of becoming the only app you use to contact others. Facebook claimed it wouldn't use this information for anything aside from enabling personalized experiences, but we've heard that before.
Facebook's Onavo app was a spy inside your iPhone (8/23/18)
While Zuckerberg forced Facebook execs to stop using their iPhones out of spite, Tim Cook's company was forced to play hardball when it kicked Facebook's Onavo Protect VPN app out of the iOS app store. This move came after negotiations over the data collecting practices of the app, which offended privacy advocates and Apple for its over-zealous vacuuming of personal info. Facebook is accused of using the app for detecting potential threats to Facebook's near-monopolistic dominance.
50 million accounts exposed by Facebook's buggy code (9/28/18)
When you hear there was a flaw in Facebook's 'View As' function, it doesn't sound like a gigantic disaster. The 50 million users whose had their accounts exposed by this bug would say otherwise. The access tokens, which could give access for up to several years, were made available to attackers who exploited a vulnerability in the tool designed to let Facebook users see what their profile looks like to others.
Facebook uses 2FA phone numbers to deliver ads (9/28/18)
Two-factor authentication (2FA) is a popular and necessary security measure that we tell all users to enable, if available, that can text a code to your phone, to provide a second confirmation of your identity when you log into an app. Facebook broke that trust, though, by using the phone numbers submitted for 2FA to target ads. Trying to defend itself, but simply revealing how it blames users for not reading the fine print, a Facebook spokesperson stated, "We use the information people provide to offer a better, more personalized experience on Facebook, including ads … We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts."
Facebook’s Portal doesn’t collect data (until it does) (10/17/18)
When Facebook launched Portal, its smart home screen for the video chat obsessed, it swore that the device wouldn't collect user data at all. Turns out, everybody who distrusted Zuckerberg's team was on the right track, and Facebook owned up to this fact less than 2 weeks after it said otherwise. Laughably, Facebook claimed it didn't 'intend' to use any of the collected data.
Credit: Tom's Guide
Those photos you almost posted, but didn't? They're out there. (12/14/18)
Sometimes, you think twice while posting a photo, and cancel the upload midway through, realizing you didn't want that pic in the public realm. A 'bug' in Facebook's system enabled developers to see those shots, and it took two weeks for Facebook to shut it down.
Facebook shared your messages with companies (12/19/18)
We don't know why Netflix or Spotify would want to read our private Facebook messages, but then again, most of the logic behind Facebook's biggest mistakes confuse us. And not only did Facebook allow partners access to our private information, it even allowed access to continue after relationships had terminated. Netflix tried to distance itself from this controversy by linking it to an unpopular, terminated feature.
Facebook Portal gets 5-star rave reviews … from Facebook employees (1/17/19)
Remember that smart screen that Facebook claimed wouldn't collect your data, before it was compelled to admit that it did? Three of its employees were caught sharing rave 5-star reviews for the Portal device on Amazon, which Facebook swears wasn't part of a coordinated effort. The reviews were removed from the online retailer.
Credit: Tom's Guide
Facebook uses "friendly fraud" to take money from kids and parents (1/25/19)
Facebook's been so eager to get in close with your kids, including making a version of its Messenger app just for the younger crowd, and its even taking their money. Documents recently unveiled show us that the company used the term 'friendly fraud' to persuade developers to target children with its freemium games. When an employee tried to streamline the reimbursal process for parents trying to get their money back, the solution led to a Facebook making less money, and the company halted the initiative.
Facebook asks for — and takes — teens' data for a pittance (1/29/19)
Could you put a price on all of your calls, emails and photos? Facebook says it's up to $20 per month, according to news of a secret app named Facebook Research VPN that shared all of your activity with the social network. Users couldn't download from an app store, but instead side-load it onto Android devices (where it still runs) or perform an Enterprise-level installation onto iOS devices (which Apple put a kibosh on).
Facebook stores user passwords in unencrypted plaintext (3/21/19)
Since 2012, Facebook applications stored hundreds of millions of passwords belonging to Facebook Lite, Facebook and Instagram users in plaintext on company servers, where any Facebook employee could have seen them, the company admitted following a scoop from independent information-security reporter Brian Krebs.
The good news is that to anyone's knowledge, none of the unencrypted passwords left company premises. But it's still a major facepalm for a company that has always prided itself on security, if not privacy.