Skip to main content

Facebook users unknowingly gave companies permission to see private messages

Facebook’s integration tools allow for shortcuts like recommending a Netflix hit on the social network, or sharing a Spotify song on Messenger — but those same tools are continuing to raise questions about Facebook’s privacy policies. An investigative report by The New York Times states Netflix and Spotify had access to private messages while Microsoft’s Bing could view the names of friends. In a response to the report, Facebook says that those privacy settings, many of which have been discontinued, were only granted with user permission.

The report, however, suggests that Facebook’s data-sharing with third parties went beyond what users understood they were agreeing to. According to the report, the API allowed major tech companies to see users friends list and even access private messages with vague user consent. The API allowed the tech platforms to enable features like sharing inside a Messenger note.

Responding to the report, Facebook says that none of the features allowed access without users permission. The network also said that the features did not violate the company’s 2012 settlement with the Federal Trade Commission. Facebook says that the tools enabled features like accessing account information from a Windows phone, consolidating feeds from multiple networks, Messenger integration and personalized search results in Bing.

The latest isn’t the only time reports have suggested that Facebook’s permissions options are too vague. Android users that integrated their contacts list with Facebook later found a record of their phone calls inside their Facebook data. Allowing access to an app previously allowed that app to see friends data (who didn’t click that allow button). After the Cambridge Analytica scandal earlier this year, Facebook made several changes to API access and says most of the features in the report have already been discontinued, starting with partnership changes in 2014.

The report, however, suggests that some major tech companies continued to gain access to some data (for users that clicked that “allow” button) after the features were discontinued in 2014. The Times reports that Amazon could see usernames and contact information if a friend granted access, while Yahoo could see friends’ posts, both access that was still happening this summer.

The third-party data in question was governed by business contracts, the report said, which had more than 150 technology companies on the list through 2017 and several still accessing data this year.

Facebook says that it hasn’t found signs of abuse for the data granted to the companies using those business contracts. The company has confirmed that some platforms had access to messages, but says again that was only for users that granted the app permission to access data.

Another type of Facebook data feature coming under fire is the instant personalization feature, which was shut down in 2014. The tool allowed users to personalize search results on places like Yelp and Rotten Tomatoes with information that friends shared. Some still had access to the feature as late as 2017 and Facebook says that was a mistake and the company is continuing to work to limit access.

Facebook says it is already in the process of reviewing API guidelines and how third-party apps access data.

Editors' Recommendations

Hillary K. Grigonis
Hillary never planned on becoming a photographer—and then she was handed a camera at her first writing job and she's been…
Facebook will now let users turn off political ads
Mark Zuckerberg

Facebook CEO Mark Zuckerberg said his social media company is gearing up for the 2020 election by rolling out an option for users to turn off political ads and launching an initiative to increase voter turnout.

In an op-ed for USA Today, Zuckerberg said users will be able to switch off political ads, a tool it first introduced earlier this year in January.

Read more
Zoom iOS app will no longer send data to Facebook following backlash
coronavirus crisis not ready for an online first world analysis zoom conference lifestyle image

As millions of people switch to working from home due to the global coronavirus pandemic, video conferencing software like Zoom has become suddenly indispensable and far more widely-used than before. However, concerns have been raised and the security of some conferencing tools and the implications they could have for users' privacy.

An investigation by Motherboard last week revealed that Zoom's iOS app was sending some data about users to Facebook, which was not made clear in the app's privacy policy. This happened even if Zoom users did not have a Facebook account. Zoom would connect to Facebook's Graph API and share information such as the device model being used, the location a user was connecting from, and advertising identification data.

Read more
WhatsApp may soon let you send disappearing messages in private chats
whatsapp group admin feature telegram

WhatsApp may, at long last, add a feature most of its rivals have been offering for ages. The Facebook-owned messaging service is reportedly trialing a new option that will let you send self-destructing messages in private conversations.

Spotted by WABetaInfo, which reverse-engineers WhatsApp clients to unearth unannounced functions, the messaging app’s latest Android beta comes with a hidden "Delete messages" setting. It allows you to set a blanket expiration timer for all of your messages in a one-on-one personal chat. Once activated, each of your sent messages in that conversation will vanish some time after the recipient has read it. You can have them gone as quickly as an hour or up to a year.

Read more