Facebook allowed Spotify and Netflix to read Facebook users’ private messages and gave other companies similarly intrusive access to user accounts, the New York Times reported on Tuesday.
According to internal documents obtained by the Times, Facebook engaged in partnerships with more than 150 companies that were exempted from standard user-privacy rules. In addition to giving Spotify and Netflix access to private messages, Facebook allowed Microsoft’s Bing search engine to see the names of nearly all Facebook users’ friends without consent. Amazon was permitted to obtain users’ names and contact information through their friends. Yahoo could see streams of friends’ posts as recently as this summer, even though Facebook executives publicly declared they had stopped that kind of sharing years earlier.
Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread.
That behavior could violate a 2011 consent agreement Facebook made with the Federal Trade Commission, which banned the company from sharing user data without explicit permission, the Times says.
This is the latest in what has become a perpetual stream of user-privacy scandals for the company.
Last Friday, Facebook announced that a bug had exposed the private photos of 6.8 million users without their permission. It enabled 876 third-party app developers to access photos that Facebook users had uploaded but not yet shared, along with Facebook Stories.
On Nov. 15, the Times reported that CEO Mark Zuckerberg and COO Sheryl Sandberg hid the extent of Russian election interference on the platform, slow-walked security upgrades, deflected blame for the problem and hired a Republican-run PR firm to discredit Facebook’s critics by linking them to Democratic mega-donor George Soros, a frequent subject of far-right conspiracy theories.
Last March, investigative reporters in the US and UK revealed that Cambridge Analytica, a data-mining firm linked to Trump adviser Steve Bannon, had harvested the personal data of 87 million Facebook users without consent and used it for political purposes.
Also in March, an IM exchange that Zuckerberg had as a 19-year-old college student resurfaced. He told a friend he had access to private information on everyone at Harvard and that people were “dumb fucks” for turning it over to him.
Facebook has repeatedly attempted to minimize the extent of user privacy violations, only for a more expansive reality to emerge. In April, Zuckerberg told Congress that Facebook users “have complete control” over everything they share on Facebook.
“Everything it’s said about protecting user privacy has been a slippery lie of one sort or another,” wrote Rob Beschizza of technology site BoingBoing on Wednesday.
Steve Satterfield, Facebook’s director of privacy and public policy, told the Times that none of the partnerships violated FTC policy, adding that the company was winding many of them down. But he acknowledged that Facebook had made mistakes. “We know we’ve got work to do to regain people’s trust. Protecting people’s information requires stronger teams, better technology and clearer policies, and that’s where we’ve been focused for most of 2018.”