Facebook Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.Anti-spam check. Do not fill this in! === Privacy === {{Main|Privacy concerns with Facebook}} {{See also|Privacy concerns with social networking services#Facebook}} Facebook has faced a steady stream of controversies over how it handles user privacy, repeatedly adjusting its privacy settings and policies.<ref name="Ingram-2018">{{Cite news|url=https://www.reuters.com/article/us-facebook-privacy-idUSKBN1H41KV|title=Facebook cuts ties to data brokers in blow to targeted ads|last1=Ingram|first1=David|date=March 29, 2018|work=[[Reuters]]|access-date=February 5, 2019|last2=Fioretti|first2=Julia}}</ref> Since 2009, Facebook has been participating in the PRISM secret program, sharing with the US [[National Security Agency]] audio, video, photographs, e-mails, documents and connection logs from user profiles, among other social media services.<ref>{{cite news|url=http://edition.cnn.com/2013/09/30/us/nsa-social-networks/index.html|title=NSA mines Facebook, including Americans' profiles|last1=Simpson|first1=David|date=September 30, 2013|work=[[CNN]]|access-date=September 30, 2013|last2=Brown|first2=Pamela}}</ref><ref name="usa1">{{cite news |author1=Johnson, Kevin |author2=Martin, Scott |author3=O'Donnell, Jayne |author4=Winter, Michael |date=June 15, 2013 |title=Reports: NSA Siphons Data from 9 Major Net Firms |work=[[USA Today]] |url=https://www.usatoday.com/story/news/2013/06/06/nsa-surveillance-internet-companies/2398345/ |url-status=live |access-date=June 6, 2013 |archive-url=https://web.archive.org/web/20130607113440/http://www.usatoday.com/story/news/2013/06/06/nsa-surveillance-internet-companies/2398345/ |archive-date=June 7, 2013}}</ref> On November 29, 2011, Facebook settled [[Federal Trade Commission]] charges that it deceived consumers by failing to keep privacy promises.<ref>{{cite web|url=http://www.ftc.gov/opa/2011/11/privacysettlement.shtm|title=Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises|date=November 29, 2011|work=[[Federal Trade Commission|FTC]]|access-date=November 29, 2011}}</ref> In August 2013 [[High-Tech Bridge]] published a study showing that links included in Facebook messaging service messages were being accessed by Facebook.<ref>{{cite web|url=https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html|title=Social networks: can robots violate user privacy?|date=August 27, 2013|archive-url=https://archive.today/20130903073506/https://www.htbridge.com/news/social_networks_can_robots_violate_user_privacy.html|archive-date=September 3, 2013|url-status=dead|access-date=January 5, 2014}}</ref> In January 2014 two users filed a lawsuit against Facebook alleging that their privacy had been violated by this practice.<ref>{{cite web|url=https://www.cnet.com/news/facebook-sued-for-allegedly-intercepting-private-messages/|title=Facebook sued for allegedly intercepting private messages|last=Van Grove|first=Jennifer|date=January 2, 2014|website=[[CNet]]|publisher=CBS Interactive|access-date=March 16, 2015}}</ref> On June 7, 2018, Facebook announced that a bug had resulted in about 14 million Facebook users having their default sharing setting for all new posts set to "public".<ref>{{Cite news|url=https://money.cnn.com/2018/06/07/technology/facebook-public-post-error/index.html|title=Facebook bug set 14 million users' sharing settings to public|date=June 7, 2018|access-date=June 7, 2018}}</ref> On April 4, 2019, half a billion records of Facebook users were found exposed on [[Amazon (company)|Amazon]] cloud servers, containing information about users' friends, likes, groups, and checked-in locations, as well as names, passwords and email addresses.<ref>{{cite web|url=https://hackhex.com/security/millions-of-facebook-records-found-on-amazon-servers-5173.html|title=Millions of Facebook Records Found On Amazon Servers|date=April 4, 2019|website=Hack Hex|access-date=June 4, 2019|archive-date=June 4, 2019|archive-url=https://web.archive.org/web/20190604144710/https://hackhex.com/security/millions-of-facebook-records-found-on-amazon-servers-5173.html|url-status=dead}}</ref> The phone numbers of at least 200 million Facebook users were found to be exposed on an open online database in September 2019. They included 133 million US users, 18 million from the UK, and 50 million from users in [[Vietnam]]. After removing duplicates, the 419 million records have been reduced to 219 million. The database went offline after TechCrunch contacted the web host. It is thought the records were amassed using a tool that Facebook disabled in April 2018 after the [[Facebook–Cambridge Analytica data scandal|Cambridge Analytica]] controversy. A Facebook spokeswoman said in a statement: "The dataset is old and appears to have information obtained before we made changes last year...There is no evidence that Facebook accounts were compromised."<ref>{{cite web|url=https://www.theguardian.com/technology/2019/sep/04/facebook-users-phone-numbers-privacy-lapse|title=Facebook confirms 419 m phone numbers exposed in latest privacy lapse|date=September 5, 2019|website=[[The Guardian]]|access-date=September 7, 2019}}</ref> Facebook's privacy problems resulted in companies like [[Viber|Viber Media]] and [[Mozilla]] discontinuing advertising on Facebook's platforms.<ref>{{cite news | last = Reaz | first = Shaer | date = August 28, 2020 | title = Cutting ties with a giant: Viber CEO on Facebook relations and #StopHateForProfit | url = https://www.thedailystar.net/bytes/news/cutting-ties-giant-viber-ceo-facbook-relations-and-stophateforprofit-1952021 | work = [[The Daily Star (Bangladesh)|The Daily Star]] | access-date = September 27, 2020 }}</ref><ref>{{cite web |url=https://blog.mozilla.org/blog/2020/06/24/were-proud-to-join-stophateforprofit/ |title=We're proud to join #StopHateForProfit |date=June 24, 2020 |website=[[Mozilla Corporation]] |publisher=[[Mozilla Foundation]] |access-date=September 27, 2020 }}</ref> In March 2024, a court in California released documents detailing Facebook's 2016 "Project Ghostbusters". The project was aimed at helping Facebook compete with [[Snapchat]] and involved Facebook trying to develop decryption tools to collect, decrypt, and analyze traffic that users generated when visiting Snapchat and, eventually, YouTube and Amazon. The company eventually used its tool [[Onavo]] to initiate man-in-the-middle attacks and read users' traffic before it was encrypted.<ref>{{cite web |last1=Franceschi-Bicchierai |first1=Lorenzo |title=Facebook snooped on users' Snapchat traffic in secret project, documents reveal |url=https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/ |website=TechCrunch |access-date=March 26, 2024 |date=March 26, 2024}}</ref> ==== Racial bias ==== Facebook was accused of committing "systemic" racial bias by EEOC based on the complaints of three rejected candidates and a current employee of the company. The three rejected employees along with the Operational Manager at Facebook as of March 2021 accused the firm of discriminating against Black people. The EEOC has initiated an investigation into the case.<ref>{{cite web|url=https://www.theguardian.com/technology/2021/mar/05/facebook-systemic-racial-bias-hiring-eeoc-investigation|title=Facebook faces US investigation for 'systemic' racial bias in hiring|access-date=March 6, 2021|website=[[The Guardian]]|date=March 6, 2021}}</ref> ==== Shadow profiles ==== A "[[shadow profile]]" refers to the data Facebook collects about individuals without their explicit permission. For example, the [[Facebook like button#Tracking|"like" button]] that appears on third-party websites allows the company to collect information about an individual's internet browsing habits, even if the individual is not a Facebook user.<ref name="verge shadow profiles">{{cite web|url=https://www.theverge.com/2018/4/11/17225482/facebook-shadow-profiles-zuckerberg-congress-data-privacy|title=Shadow profiles are the biggest flaw in Facebook's privacy defense|last=Brandom|first=Russell|date=April 11, 2018|website=[[The Verge]]|access-date=June 28, 2019}}</ref><ref>{{cite web|title=How Facebook can have your data even if you're not on Facebook|work=[[USA Today]]|access-date=April 13, 2018|url=https://www.usatoday.com/story/tech/columnist/baig/2018/04/13/how-facebook-can-have-your-data-even-if-youre-not-facebook/512674002/}}</ref> Data can also be collected by other users. For example, a Facebook user can link their email account to their Facebook to find friends on the site, allowing the company to collect the email addresses of users and non-users alike.<ref>{{cite web|url=https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691|title=How Facebook Figures Out Everyone You've Ever Met|last=Hill|first=Kashmir|date=November 7, 2017|website=[[Gizmodo]]|access-date=June 28, 2019}}</ref> Over time, countless data points about an individual are collected; any single data point perhaps cannot identify an individual, but together allows the company to form a unique "profile". This practice has been criticized by those who believe people should be able to opt-out of involuntary data collection. Additionally, while Facebook users have the ability to download and inspect the data they provide to the site, data from the user's "shadow profile" is not included, and non-users of Facebook do not have access to this tool regardless. The company has also been unclear whether or not it is possible for a person to revoke Facebook's access to their "shadow profile".<ref name="verge shadow profiles" /> ==== Cambridge Analytica ==== {{Main|Facebook–Cambridge Analytica data scandal}} Facebook customer Global Science Research sold information on over 87 million Facebook users to Cambridge Analytica, a political data analysis firm led by [[Alexander Nix]].<ref>{{cite web|last1=Lewis|first1=Paul|last2=Wong|first2=Julia Carrie|title=Facebook employs psychologist whose firm sold data to Cambridge Analytica|work=[[The Guardian]]|access-date=March 20, 2018|date=March 18, 2018|url=https://www.theguardian.com/news/2018/mar/18/facebook-cambridge-analytica-joseph-chancellor-gsr}}</ref> While approximately 270,000 people used the app, Facebook's [[Application programming interface|API]] permitted data collection from their friends without their knowledge.<ref>{{cite web|last=Franceschi-Bicchierai|first=Lorenzo|title=Why We're Not Calling the Cambridge Analytica Story a 'Data Breach'|work=Motherboard|access-date=March 20, 2018|date=March 19, 2018|url=https://motherboard.vice.com/en_us/article/3kjzvk/facebook-cambridge-analytica-not-a-data-breach}}</ref> At first Facebook downplayed the significance of the breach, and suggested that Cambridge Analytica no longer had access. Facebook then issued a statement expressing alarm and suspended Cambridge Analytica. Review of documents and interviews with former Facebook employees suggested that Cambridge Analytica still possessed the data.<ref>{{cite news|url=https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html|title=How Trump Consultants Exploited the Facebook Data of Millions|first1=Matthew|last1=Rosenberg|first2=Nicholas|last2=Confessore|first3=Carole|last3=Cadwalladr|newspaper=[[The New York Times]]|date=March 17, 2018}}</ref> This was a violation of Facebook's [[consent decree]] with the [[Federal Trade Commission]]. This violation potentially carried a penalty of $40,000 (${{formatprice|{{Inflation|US|40000|2018}}}} in {{Inflation-year|US}} dollars{{inflation-fn|US}}) per occurrence, totalling trillions of dollars.<ref>{{Cite news|url=https://www.washingtonpost.com/news/the-switch/wp/2018/03/18/facebook-may-have-violated-ftc-privacy-deal-say-former-federal-officials-triggering-risk-of-massive-fines/|title=Facebook may have violated FTC privacy deal, say former federal officials, triggering risk of massive fines|last1=Timberg|first1=Craig|date=March 18, 2018|newspaper=[[The Washington Post]]|access-date=March 25, 2018|last2=Romm|first2=Tony|issn=0190-8286}}</ref> According to ''The Guardian'', both Facebook and Cambridge Analytica threatened to sue the newspaper if it published the story. After publication, Facebook claimed that it had been "lied to". On March 23, 2018, The [[High Court of Justice|English High Court]] granted an application by the [[Information Commissioner's Office]] for a warrant to search Cambridge Analytica's London offices, ending a standoff between Facebook and the Information Commissioner over responsibility.<ref>{{Cite news|url=https://www.cnbc.com/2018/03/23/uk-high-court-grants-cambridge-analytica-search-warrant-to-ico.html|title=UK High Court grants Cambridge Analytica search warrant to ICO|date=March 23, 2018|work=[[CNBC]]|access-date=March 23, 2018|archive-url=https://web.archive.org/web/20180323222219/https://www.cnbc.com/2018/03/23/uk-high-court-grants-cambridge-analytica-search-warrant-to-ico.html|archive-date=March 23, 2018|url-status=dead }}</ref> On March 25, Facebook published a statement by Zuckerberg in major UK and US newspapers apologizing over a "breach of trust".<ref>{{Cite news|url=https://www.bbc.co.uk/news/business-43532948|title=Facebook boss apologises in newspaper ads|date=March 25, 2018|work=[[BBC News]]|access-date=March 25, 2018 }}</ref> {{blockquote|You may have heard about a quiz app built by a university researcher that leaked Facebook data of millions of people in 2014. This was a breach of trust, and I'm sorry we didn't do more at the time. We're now taking steps to make sure this doesn't happen again. We've already stopped apps like this from getting so much information. Now we're limiting the data apps get when you sign in using Facebook. We're also investigating every single app that had access to large amounts of data before we fixed this. We expect there are others. And when we find them, we will ban them and tell everyone affected. Finally, we'll remind you which apps you've given access to your information – so you can shut off the ones you don't want anymore. Thank you for believing in this community. I promise to do better for you.}} On March 26, the [[Federal Trade Commission]] opened an investigation into the matter.<ref>{{Cite news|url=https://www.cbsnews.com/news/ftc-facebook-investigation-confirmed-opened-facebook-stock-drops-futher-today/|title=Facebook stock rebounds after FTC investigation news|last=Ivanova|first=Irina|date=March 26, 2018|work=[[CBS News]]|access-date=March 26, 2018}}</ref> The controversy led Facebook to end its partnerships with data brokers who aid advertisers in targeting users.<ref name="Ingram-2018" /> On April 24, 2019, Facebook said it could face a fine between $3 billion (${{formatprice|{{Inflation|US|3000000000|2019}}}} in {{Inflation-year|US}} dollars{{inflation-fn|US}}) to $5 billion (${{formatprice|{{Inflation|US|5000000000|2019}}}} in {{Inflation-year|US}} dollars{{inflation-fn|US}}) as the result of an investigation by the Federal Trade Commission.<ref>{{cite web|url=https://www.cnbc.com/2019/04/24/facebook-estimates-up-to-5-billion-loss-in-ftc-privacy-inquiry.html|title=Facebook estimates up to $5 billion loss in FTC privacy inquiry|last=Feiner|first=Lauren|date=April 24, 2019|website=www.cnbc.com|access-date=April 25, 2019}}</ref> On July 24, 2019, the FTC fined Facebook $5 billion, the largest penalty ever imposed on a company for violating consumer privacy. Additionally, Facebook had to implement a new privacy structure, follow a 20-year settlement order, and allow the FTC to monitor Facebook.<ref>{{Cite web |date=July 24, 2019 |title=FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook |url=https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions-facebook |url-status=live |archive-url=https://web.archive.org/web/20230721213553/https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions-facebook |archive-date=July 21, 2023 |access-date=August 12, 2023 |website=Federal Trade Commission |language=en}}</ref> Cambridge Analytica's CEO and a developer faced restrictions on future business dealings and were ordered to destroy any personal information they collected. Cambridge Analytica filed for bankruptcy.<ref>{{Cite web |date=July 23, 2019 |title=FTC Sues Cambridge Analytica, Settles with Former CEO and App Developer |url=https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-sues-cambridge-analytica-settles-former-ceo-app-developer |url-status=live |archive-url=https://web.archive.org/web/20220613132946/https://www.ftc.gov/news-events/news/press-releases/2019/07/ftc-sues-cambridge-analytica-settles-former-ceo-app-developer |archive-date=June 13, 2022 |access-date=August 12, 2023 |website=Federal Trade Commission |language=en}}</ref> Facebook also implemented additional privacy controls and settings<ref name="guar1">{{cite news|url=https://www.theguardian.com/technology/2018/apr/11/fact-checking-mark-zuckerberg-testimony-congress|title=Fact-checking Mark Zuckerberg's testimony about Facebook privacy|last=Solon|first=Olivia|date=April 12, 2018|access-date=June 29, 2018|newspaper=[[The Guardian]]}}</ref> in part to comply with the European Union's [[General Data Protection Regulation]] (GDPR), which took effect in May.<ref>{{cite news|url=https://techcrunch.com/2018/04/04/zuckerberg-gdpr/|title=Zuckerberg says Facebook will offer GDPR privacy controls everywhere|website=[[TechCrunch]]|access-date=April 4, 2018}}</ref> Facebook also ended its active opposition to the [[California Consumer Privacy Act]].<ref>{{cite web|url=https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/|title=Facebook exits anti-privacy alliance it formed with Comcast and Google|last=Brodkin|first=Jon|date=April 12, 2018|work=Ars Technica|access-date=April 13, 2018}}</ref> Some, such as [[Meghan McCain]] have drawn an equivalence between the use of data by Cambridge Analytica and the [[Barack Obama 2012 presidential campaign|Barack Obama's 2012 campaign]], which, according to ''[[Investor's Business Daily]]'', "encouraged supporters to download an Obama 2012 Facebook app that, when activated, let the campaign collect Facebook data both on users and their friends."<ref>"[https://web.archive.org/web/20190220020940/https://www.investors.com/politics/editorials/facebook-data-scandal-trump-election-obama-2012/ Funny, When Obama Harvested Facebook Data On Millions Of Users To Win In 2012, Everyone Cheered]". ''[[Investor's Business Daily]]''. March 19, 2018.</ref><ref name="forbes.com">"[https://www.forbes.com/sites/kalevleetaru/2018/03/19/why-are-we-only-now-talking-about-facebook-and-elections/ Why Are We Only Now Talking About Facebook And Elections?]". ''[[Forbes]]''. March 19, 2018.</ref><ref name="news.com.au">"[http://www.news.com.au/technology/online/security/former-obama-campaign-boss-reveals-how-they-could-access-creepy-facebook-data/news-story/5a275b7c9f540fc9542f5256e644e26e Former Facebook staffer, Obama campaign boss reveal concerns about Facebook data]". [[News.com.au]]. March 21, 2018.</ref> Carol Davidsen, the Obama for America (OFA) former director of integration and media analytics, wrote that "Facebook was surprised we were able to suck out the whole social graph, but they didn't stop us once they realised that was what we were doing".<ref name="forbes.com" /><ref name="news.com.au" /> [[PolitiFact]] has rated McCain's statements "Half-True", on the basis that "in Obama's case, direct users knew they were handing over their data to a political campaign" whereas with Cambridge Analytica, users thought they were only taking a personality quiz for academic purposes, and while the Obama campaign only used the data "to have their supporters contact their most persuadable friends", Cambridge Analytica "targeted users, friends and lookalikes directly with digital ads."<ref>{{cite web|title=Comparing Facebook data use by Obama, Cambridge Analytica|url=https://www.politifact.com/truth-o-meter/statements/2018/mar/22/meghan-mccain/comparing-facebook-data-use-obama-cambridge-analyt/|publisher=[[PolitiFact]]|access-date=May 24, 2019 }}</ref> ==== DataSpii ==== In July 2019, cybersecurity researcher Sam Jadali exposed a catastrophic data leak known as [[DataSpii]] involving data provider DDMR and marketing intelligence company Nacho Analytics (NA).<ref name="Fowler-2019">{{Cite news |last=Fowler |first=Geoffrey A. |date=July 19, 2019 |title=Perspective {{!}} I found your data. It's for sale. |url=https://www.washingtonpost.com/technology/2019/07/18/i-found-your-data-its-sale/ |access-date=April 3, 2024 |newspaper=Washington Post |language=en-US |issn=0190-8286}}</ref><ref>{{Cite web |last=Goodin |first=Dan |date=July 18, 2019 |title=My browser, the spy: How extensions slurped up browsing histories from 4M users |url=https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/ |access-date=April 3, 2024 |website=Ars Technica |language=en-us}}</ref> Branding itself as the "God mode for the internet," NA through DDMR, provided its members access to private Facebook photos and Facebook Messenger attachments including tax returns.<ref name="Jadali-2019">{{Cite web |last=Jadali |first=Sam |date=July 18, 2019 |title=DataSpii – A global catastrophic data leak via browser extensions |url=https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/ |access-date=April 3, 2024 |website=Security with Sam |language=en-US}}</ref> DataSpii harvested data from millions of Chrome and Firefox users through compromised browser extensions.<ref>{{Cite web |date=July 19, 2019 |title=Google, Firefox Browser Extensions Expose Data of 4 Million People |url=https://www.consumerreports.org/electronics-computers/privacy/google-firefox-browser-extensions-expose-personal-data-a2138132661/ |access-date=April 3, 2024 |website=Consumer Reports |language=en-US}}</ref> The NA website stated it collected data from millions of opt-in users. Jadali, along with journalists from ''Ars Technica'' and ''The Washington Post'', interviewed impacted users, including a ''Washington Post'' staff member. According to the interviews, the impacted users did not consent to such collection. DataSpii demonstrated how a compromised user exposed the data of others, including the private photos and Messenger attachments belonging to a Facebook user's network of friends.<ref name="Jadali-2019" /> DataSpii exploited Facebook's practice of making private photos and Messenger attachments publicly accessible via unique URLs. To bolster security in this regard, Facebook appends query strings in the URLs so as to limit the period of accessibility.<ref name="Jadali-2019" /> Nevertheless, NA provided real-time access to these unique URLs, which were intended to be secure. This allowed NA members to access the private content within the restricted time frame designated by Facebook. ''The Washington Post''{{'}}s Geoffrey Fowler, in collaboration with Jadali, opened Fowler's private Facebook photo in a browser with a compromised browser extension.<ref name="Fowler-2019" /> Within minutes, they anonymously retrieved the "private" photo. To validate this proof-of-concept, they searched for Fowler's name using NA, which yielded his photo as a search result. In addition, Jadali discovered Fowler's ''Washington Post'' colleague, Nick Mourtoupalas, was directly impacted by DataSpii. Jadali's investigation elucidated how DataSpii disseminated private data to additional third-parties, including foreign entities, within minutes of the data being acquired. In doing so, he identified the third-parties who were scraping, storing, and potentially enabling the facial-recognition of individuals in photos being furnished by DataSpii.<ref>{{Cite web |last=Goodin |first=Dan |date=July 18, 2019 |title=More on DataSpii: How extensions hide their data grabs—and how they're discovered |url=https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/ |access-date=April 3, 2024 |website=Ars Technica |language=en-us}}</ref> ==== Breaches ==== On September 28, 2018, Facebook experienced a major breach in its security, exposing the data of 50 million users. The data breach started in July 2017 and was discovered on September 16.<ref>{{Cite news|url=https://techcrunch.com/2018/09/28/everything-you-need-to-know-about-facebooks-data-breach-affecting-50m-users/|title=Everything you need to know about Facebook's data breach affecting 50M users|work=[[TechCrunch]]|access-date=October 2, 2018}}</ref> Facebook notified users affected by the exploit and logged them out of their accounts.<ref>{{Cite news|url=https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html |archive-url=https://web.archive.org/web/20180928165450/https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html |archive-date=September 28, 2018 |url-access=subscription |url-status=live|title=Facebook Security Breach Exposes Accounts of 50 Million Users|last1=Isaac|first1=Mike|date=September 28, 2018|work=[[The New York Times]]|access-date=September 29, 2018|last2=Frenkel|first2=Sheera}}</ref><ref>{{Cite news|url=https://www.theguardian.com/technology/2018/sep/28/facebook-50-million-user-accounts-security-berach|title=Facebook says nearly 50 m users compromised in huge security breach|last=Wong|first=Julia Carrie|date=September 28, 2018|work=[[The Guardian]]|access-date=September 29, 2018}}</ref> In March 2019, Facebook confirmed a password compromise of millions of Facebook lite application users also affected millions of Instagram users. The reason cited was the storage of password as plain text instead of encryption which could be read by its employees.<ref>{{cite web|url=https://www.news18.com/news/tech/not-tens-of-thousands-but-millions-of-instagram-passwords-exposed-admits-facebook-2108667.html|title=Not Tens of Thousands, But Millions of Instagram Passwords Exposed, Admits Facebook|website=News18|date=April 19, 2019 |access-date=April 19, 2019}}</ref> On December 19, 2019, security researcher Bob Diachenko discovered a database containing more than 267 million Facebook user IDs, phone numbers, and names that were left exposed on the web for anyone to access without a password or any other authentication.<ref>{{cite web|url=https://thenextweb.com/facebook/2019/12/20/267-million-facebook-users-data-has-reportedly-been-leaked/|title=267 million Facebook users' data has reportedly been leaked|last=Ghoshal|first=Abhimanyu|date=December 20, 2019|website=The Next Web|language=en-us|access-date=December 21, 2019}}</ref> In February 2020, Facebook encountered a major [[security breach]] in which its official [[Twitter]] account was hacked by a [[Saudi Arabia]]-based group called "[[OurMine]]". The group has a history of actively exposing high-profile social media profiles' vulnerabilities.<ref>{{cite web|url=https://www.nbcnews.com/tech/security/facebook-s-twitter-account-hacked-n1132901|title=Facebook's Twitter account hacked|access-date=February 7, 2020|website=[[NBC News]]}}</ref> In April 2021, ''The Guardian'' reported approximately half a billion users' data had been stolen including birthdates and phone numbers. Facebook alleged it was "old data" from a problem fixed in August 2019 despite the data's having been released a year and a half later only in 2021; it declined to speak with journalists, had apparently not notified regulators, called the problem "unfixable", and said it would not be advising users.<ref>{{cite web|url=https://www.theguardian.com/technology/2021/apr/11/another-huge-data-breach-another-stony-silence-from-facebook|title=Another huge data breach, another stony silence from Facebook|access-date=April 21, 2021|website=[[The Guardian]]|date=April 11, 2021}}</ref> ==== Phone data and activity ==== [[File:Onavo logo.png|thumb|Facebook acquired [[Onavo]]'s [[virtual private network]] to harvest usage data on its competitors.]] After acquiring [[Onavo]] in 2013, Facebook used its Onavo Protect [[virtual private network]] (VPN) app to collect information on users' [[web traffic]] and app usage. This allowed Facebook to monitor its competitors' performance, and motivated Facebook to acquire WhatsApp in 2014.<ref>{{Cite news|url=https://www.wsj.com/articles/the-new-copycats-how-facebook-squashes-competition-from-startups-1502293444|title=The New Copycats: How Facebook Squashes Competition From Startups|last1=Morris|first1=Betsy|date=August 9, 2017|work=[[The Wall Street Journal]]|access-date=August 15, 2017|last2=Seetharaman|first2=Deepa|issn=0099-9660}}</ref><ref>{{Cite news|url=http://www.foxbusiness.com/features/2017/08/09/new-copycats-how-facebook-squashes-2.html|title=The New Copycats: How Facebook Squashes -2-|date=August 9, 2017|work=Fox Business|access-date=August 15, 2017}}</ref><ref>{{cite web|url=https://www.engadget.com/2017/08/13/facebook-knew-about-snap-struggles-through-app-tracking/|title=Facebook knew about Snap's struggles months before the public|website=Engadget|date=August 13, 2017 |access-date=August 15, 2017}}</ref> Media outlets classified Onavo Protect as [[spyware]].<ref>{{cite news|access-date=September 3, 2018|title=Apple makes Facebook pull its spyware(ish) VPN from the App Store|url=https://www.fastcompany.com/90224974/apple-makes-facebook-pull-its-spywareish-vpn-from-the-app-store|website=Fast Company|date=August 23, 2018}}</ref><ref>{{cite news|first=Tom|last=McKay|date=August 22, 2018|access-date=September 3, 2018|title=Facebook Pulls Its Data-Harvesting Onavo VPN From App Store After Apple Says It Violates Rules|url=https://gizmodo.com/facebook-pulls-its-data-harvesting-onavo-vpn-from-app-s-1828541718|website=Gizmodo}}</ref><ref name="Mashable">{{cite news|first=Jack|last=Morse|date=August 22, 2018|access-date=September 3, 2018|title=Facebook to pull its creepy VPN Onavo from App Store after Apple pushback|url=https://mashable.com/article/facebook-pulls-onavo-from-app-store/|website=Mashable}}</ref> In August 2018, Facebook removed the app in response to pressure from Apple, who asserted that it violated their guidelines.<ref>{{Cite news|url=https://techcrunch.com/2018/08/22/apple-facebook-onavo/|title=Apple removed Facebook's Onavo from the App Store for gathering app data|work=[[TechCrunch]]|access-date=August 23, 2018}}</ref><ref>{{Cite news|url=https://www.theverge.com/2018/8/22/17771298/facebook-onavo-protect-apple-app-store-pulled-privacy-concerns|title=Facebook will pull its data-collecting VPN app from the App Store over privacy concerns|work=[[The Verge]]|access-date=August 23, 2018}}</ref> The [[Australian Competition and Consumer Commission]] sued Facebook on December 16, 2020, for "false, misleading or deceptive conduct" in response to the company's use of personal data obtained from Onavo for business purposes in contrast to Onavo's privacy-oriented marketing.<ref>{{cite web |last1=Spadafora |first1=Anthony |title=Facebook sued for using VPN to spy on users |url=https://www.techradar.com/news/facebook-sued-for-using-vpn-to-spy-on-users |website=[[TechRadar]] |access-date=January 7, 2021 |language=en |date=December 16, 2020}}</ref><ref>{{cite web |last1=Duckett |first1=Chris |title=Facebook dragged to court by ACCC over deceptive VPN conduct allegations |url=https://www.zdnet.com/article/facebook-dragged-to-court-by-accc-over-deceptive-vpn-conduct-allegations/ |website=ZDNet |access-date=January 7, 2021 |language=en |date=December 16, 2020}}</ref> In 2016, Facebook Research launched Project Atlas, offering some users between the ages of 13 and 35 up to $20 per month (${{formatprice|{{Inflation|US|20|2016}}}} in {{Inflation-year|US}} dollars{{inflation-fn|US}}) in exchange for their personal data, including their app usage, [[web browsing history]], [[Web search engine|web search]] history, [[Mobile phone tracking|location history]], [[personal message]]s, photos, videos, [[email]]s and [[Amazon (company)|Amazon]] order history.<ref>{{cite web |last=Laura |first=Bremner |date=January 29, 2019 |title=Facebook pays teens to install VPN that spies on them |url=https://pcsite.co.uk/facebook-project-atlas/ |access-date=January 30, 2019 |website=PcSite}}</ref><ref name="Recode Jan 2019">{{cite web|url=https://www.recode.net/2019/1/30/18203231/apple-banning-facebook-research-app|title=Apple says it's banning Facebook's research app that collects users' personal information|last=Wagner|first=Kurt|date=January 30, 2019|website=Recode|access-date=January 30, 2019}}</ref> In January 2019, ''TechCrunch'' reported on the project. This led Apple to temporarily revoke Facebook's Enterprise Developer Program [[Public key certificate|certificates]] for one day, preventing Facebook Research from operating on iOS devices and disabling Facebook's internal iOS apps.<ref name="Recode Jan 2019" /><ref>{{cite web|first=Tom|last=Warren|access-date=January 30, 2019|title=Apple blocks Facebook from running its internal iOS apps|url=https://www.theverge.com/2019/1/30/18203551/apple-facebook-blocked-internal-ios-apps|date=January 30, 2019|website=[[The Verge]]}}</ref><ref>{{cite news|first=Mike|last=Isaac|access-date=February 2, 2019|title=Apple Shows Facebook Who Has the Power in an App Dispute|url=https://www.nytimes.com/2019/01/31/technology/apple-blocks-facebook.html |archive-url=https://web.archive.org/web/20190201020059/https://www.nytimes.com/2019/01/31/technology/apple-blocks-facebook.html |archive-date=February 1, 2019 |url-access=subscription |url-status=live|newspaper=[[The New York Times]]|date=January 31, 2019|issn=0362-4331|via=NYTimes.com}}</ref> ''[[Ars Technica]]'' reported in April 2018 that the Facebook Android app had been harvesting user data, including phone calls and text messages, since 2015.<ref>{{cite web|first=Sean|last=Gallagher|access-date=January 31, 2019|title=Facebook scraped call, text message data for years from Android phones [Updated]|url=https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/|date=March 24, 2018|website=Ars Technica}}</ref><ref>{{cite web|url=https://mashable.com/2018/03/25/facebook-android-phone-call-data-gathering/|title=Facebook's app has been collecting Android phone data for years on some devices|last=Rosenberg|first=Adam|website=Mashable|date=March 25, 2018|access-date=February 6, 2019}}</ref><ref>[https://www.theverge.com/2018/3/25/17160944/facebook-call-history-sms-data-collection-android Facebook has been collecting call history and SMS data from Android devices] ''The Verge''</ref> In May 2018, several Android users filed a [[class action lawsuit]] against Facebook for invading their privacy.<ref>{{cite web|url=https://www.jurist.org/news/2018/05/android-users-file-lawsuit-against-facebook-for-invasion-of-privacy/|title=Android users file lawsuit against Facebook for invasion of privacy|work=jurist.org|date=May 11, 2018 }}</ref><ref>{{cite web|author=Buckner, Gabriella|url=http://www.itpro.co.uk/data-mining/31107/facebook-faces-class-action-lawsuit-for-android-call-and-message-data-scraping|title=Facebook faces class action lawsuit for Android call and message data scraping|work=itpro.co.uk|date=May 14, 2018|access-date=February 7, 2019}}</ref> In January 2020, Facebook launched the Off-Facebook Activity page, which allows users to see information collected by Facebook about their non-Facebook activities.<ref>{{cite web|url=https://www.facebook.com/off-facebook-activity|title=Off-Facebook Activity|website=Facebook for Business}}</ref> ''The Washington Post'' columnist Geoffrey A. Fowler found that this included what other apps he used on his phone, even while the Facebook app was closed, what other web sites he visited on his phone, and what in-store purchases he made from affiliated businesses, even while his phone was completely off.<ref>{{Cite news|url=https://www.washingtonpost.com/technology/2020/01/28/off-facebook-activity-page/|title=Facebook will now show you exactly how it stalks you – even when you're not using Facebook|first=Geoffrey A. |last=Fowler |newspaper=[[The Washington Post]]}}</ref> In November 2021, a report was published by Fairplay, Global Action Plan and Reset Australia detailing accusations that Facebook was continuing to manage their ad targeting system with data collected from teen users.<ref>{{cite web |date=November 16, 2021 |title=Facebook continuing to surveil teens for ads, says report |url=https://techcrunch.com/2021/11/16/facebook-accused-of-still-targeting-teens-with-ads/ |access-date=November 16, 2021 |website=[[TechCrunch]] |language=en-US}}</ref> The accusations follow announcements by Facebook in July 2021 that they would cease ad targeting children.<ref>{{Cite news |author=Naomi Nix |date=July 27, 2021|title=Facebook Reduces Advertising Targeting for Teenagers |url=https://www.bloomberg.com/news/articles/2021-07-27/facebook-reduces-advertising-targeting-for-teenagers|access-date=November 16, 2021|work=[[Bloomberg News|Bloomberg]]}}</ref><ref>{{cite web|last=Klar|first=Rebecca|date=July 27, 2021|title=Facebook, Instagram to limit targeted ads for teen users|url=https://thehill.com/policy/technology/564878-facebook-instagram-to-limit-targeted-ads-for-teen-users/|access-date=November 16, 2021|website=[[The Hill (newspaper)|The Hill]]|language=en}}</ref> ==== Public apologies ==== The company first apologized for its privacy abuses in 2009.<ref>{{Cite book|url={{google books|plainurl=y|id=SzxDTGGr80EC|page=119}}|title=Business Ethics For Dummies|last1=Bowie|first1=Norman E.|last2=Schnieder|first2=Meg|date=February 9, 2011|publisher=John Wiley & Sons|isbn=978-1-118-02062-3}}</ref> Facebook apologies have appeared in newspapers, television, blog posts and on Facebook.<ref name="Hempel-2018" /> On March 25, 2018, leading US and UK newspapers published full-page ads with a personal apology from Zuckerberg. Zuckerberg issued a verbal apology on [[CNN]].<ref>{{cite web|url=https://www.theverge.com/2018/3/25/17161398/facebook-mark-zuckerberg-apology-cambridge-analytica-full-page-newspapers-ads|title=Mark Zuckerberg apologizes for Facebook's data privacy scandal in full-page newspaper ads|last=Statt|first=Nick|date=March 25, 2018|website=[[The Verge]]|access-date=February 6, 2019|archive-date=December 24, 2020|archive-url=https://web.archive.org/web/20201224105735/https://www.theverge.com/2018/3/25/17161398/facebook-mark-zuckerberg-apology-cambridge-analytica-full-page-newspapers-ads|url-status=dead}}</ref> In May 2010, he apologized for discrepancies in privacy settings.<ref name="Hempel-2018">{{Cite magazine|url=https://www.wired.com/story/facebook-a-history-of-mark-zuckerberg-apologizing/|title=A Short History of Facebook's Privacy Gaffes|last=Hempel|first=Jessi|date=March 30, 2018|magazine=Wired|access-date=February 6, 2019|issn=1059-1028}}</ref> Previously, Facebook had its privacy settings spread out over 20 pages, and has now put all of its privacy settings on one page, which makes it more difficult for third-party apps to access the user's personal information.<ref name="Ingram-2018" /> In addition to publicly apologizing, Facebook has said that it will be reviewing and auditing thousands of apps that display "suspicious activities" in an effort to ensure that this breach of privacy does not happen again.<ref>{{cite web|title=Social Media/polls Show Low Trust in Facebook|url=https://www.digitaltrends.com/social-media/polls-show-low-trust-facebook/|website=www.digitaltrends.com|date=March 26, 2018|access-date=February 6, 2019}}</ref> In a 2010 report regarding privacy, a research project stated that not a lot of information is available regarding the consequences of what people disclose online so often what is available are just reports made available through popular media.<ref name="christofides2011">{{cite web|url=https://www.priv.gc.ca/en/opc-actions-and-decisions/research/funding-for-privacy-research-and-knowledge-translation/completed-contributions-program-projects/2009-2010/p_200910_06/|title=Privacy and Disclosure on Facebook: Youth & Adults' Information Disclosure and Perceptions of Privacy Risks – Contributions Program 2009–2010|publisher=Office of the Privacy Commissioner of|date=March 31, 2010|website=www.priv.gc.ca|access-date=February 6, 2019|last1=Christofides|first1=E.|last2=Muise|first2=A.|last3=Desmarais|first3=S.}}</ref> In 2017, a former Facebook executive went on the record to discuss how social media platforms have contributed to the unraveling of the "fabric of society".<ref>{{Cite news|url=https://www.theguardian.com/technology/2017/dec/11/facebook-former-executive-ripping-society-apart|title=Former Facebook executive: social media is ripping society apart|last=Wong|first=Julia Carrie|date=December 12, 2017|work=[[The Guardian]]|access-date=February 6, 2019|issn=0261-3077}}</ref> Summary: Please note that all contributions to Christianpedia may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here. You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Christianpedia:Copyrights for details). Do not submit copyrighted work without permission! Cancel Editing help (opens in new window) Discuss this page