days since last facebook scandal

(06/11/2019) 7000 pages document leak allowed to shed light on Facebook internal practices

(...) The piles of leaked documents, which directly reference the company's questionable position on competition, are likely to be extremely helpful to the dozens of entities currently investigating Facebook on antitrust grounds. California, however, is conducting a privacy investigation. (...)

(...) Facebook wielded its control over user data to hobble rivals like YouTube, Twitter, and Amazon. The company benefited its friends even as it took aggressive action to block rival companies' access – while framing its actions as necessary to protect user privacy. (...)

(...) Facebook executives quietly planned a data-policy "switcharoo." "Facebook began cutting off access to user data for app developers from 2012 to squash potential rivals while presenting the move to the general public as a boon for user privacy," Reuters reported on Wednesday, citing the leaked documents. (...)

(...) Facebook considered charging companies to access user data. Documents made public in late 2018 revealed that from 2012 to 2014, Facebook was contemplating forcing companies to pay to access users' data. (It didn't ultimately follow through with the plan. (...)

(...) Facebook whitelisted certain companies to allow them more extensive access to user data, even after it locked down its developer platform throughout 2014 and 2015.TechCrunch reported in December that it "is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not. (...)

(...) Facebook planned to spy on the locations of Android users. Citing the documents, Computer Weekly reported in February that "Facebook planned to use its Android app to track the location of its customers and to allow advertisers to send political advertising and invites to dating sites to 'single' people. (...)

Sources

• The Stuff: Facebook tried to keep explosive emails and documents secret, but they ended up online (07/11/2019)
• Bloomberg: Facebook Staff Lamented ‘Unethical’ Practices But Were Rebuffed (08/11/2019)
• Bloomberg: Leaked Facebook Records Belie Public Push for User Privacy (06/11/2019)
• NBCNews: Leaked documents show Facebook leveraged user data to fight rivals and help friends (06/11/2019)
• The Verge: How leaked court documents reveal Facebook’s fundamental paranoia (06/11/2019)
• Business Insider: Facebook fought to keep a trove of thousands of explosive internal documents and emails secret. They were just published online in full. (06/11/2019)
• ArsTechnica: Massive Facebook document leak gives ammunition to investigators (08/11/2019)

(01/10/2019) In two hours of leaked audio, Mark Zuckerberg rallies Facebook employees against critics, competitors, and the US government.

Highlights from two hours of leaked audio from recent Q&A sessions with Facebook’s CEO.

[...] The Verge obtained two hours of audio from the meetings, which include extended question-and-answer sessions between Zuckerberg and his employees. In language that is often more candid than he typically uses in his public comments, Zuckerberg seeks to rally the company against Facebook’s competitors, critics, and the US government.

Sources

• The Verge: Read the full transcript of Mark Zuckerberg’s leaked internal Facebook meetings (01/10/2019)
• Le Monde: Facebook : une discussion interne entre Mark Zuckerberg et ses employés fuite dans la presse (01/10/2019)

(04/09/2019) A huge database of Facebook users’ phone numbers found online

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies,

[...]

But because the server wasn’t protected with a password, anyone could find and access the database. Each record contained a user’s unique Facebook ID and the phone number listed on the account.

Sources

• Techcrunch: A huge database of Facebook users' phone numbers found online/ (04/09/2019)

(07/08/2019) Instagram leaks data, including location, to ad partner

Hyp3r used four key tools to scrape data from Instagram users. First, it utilized an Instagram security hole that allowed it to “zero in on specific locations” and collect all the posts made from those locations. Second, Hyp3r “systematically saved users’ public Instagram stories,” again utilizing that location data. Third, it “scraped public user profiles on a broad basis, collecting information like user bios and followers, which it then combined with the other location information.” Lastly, Hyp3r used image recognition software on user posts to analyze that the images included. The result was a database detailing a plethora of information about Instagram users.

Sources

• 9to5mac.com: Instagram bans ad partner for secretly tracking user locations, saving Stories, more (07/08/2019)
• Forbes: Instagram Partner Has Been Secretly Tracking Locations Of Millions Of Users: Report (07/08/2019)
• Business Insider: Instagram’s lax privacy practices let a trusted partner track millions of users' physical locations, secretly save their Stories, and openly flout its rules (07/08/2019)

(21/05/2019) Facebook caught lying to the Dutch Parliament

On May 15 2019, Facebook’s Head of Public Policy for the Netherlands spoke at a round table in the House of Representatives and stated: “You can now only advertise political messages in a country, if you’re a resident of that country.”

Dutch Digital Rights NGO Bits of Freedom quickly proved that this was completely wrong. It was no problem at all to boost a political posting to a German target group from a Dutch Facebook account and pay for it from a Dutch bank account, and vice versa.

Sources

• Bits of Freedom: Facebook lies to Dutch Parliament about election manipulation (21/05/2019)
• Niewsuur: Bits of Freedom: 'Facebook gaat de fout in met politieke advertenties' (21/05/2019)
• Bits of Freedom: Kamerleden boos na Facebook-onthulling Bits of Freedom (21/05/2019)
• German coverage: Digitalcourage: Facebook widerlegt: Wahlmanipulation aus dem Ausland ist möglich (22/05/2019)
• Boing Boing: Facebook's Dutch Head of Policy lied to the Dutch parliament about election interference (21/05/2019)
• European Digital Rights: Facebook lies to Dutch Parliament about election manipulation (22/05/2019)
• Radio Gütersloh: Wahlmanipulation im Internet möglich (22/05/2019)
• Neue Westfälische: Facebook sperrt Fake-Seiten mit AfD-Werbung vor Europawahl (22/05/2019)

(13/05/2019) WhatsApp vulnerability allows to install spyware

A vulnerability found in Facebook's owned messaging service WhatsApp, allowed a spyware to be installed allegedly linked to the NSO group.

Note: the funny part here is that nothing in the release notes of the update mentionned the vulnerability when the dev team was aware of it.

Sources

• Techcrunch: WhatsApp exploit let attackers install government-grade spyware on phones (13/05/2019)
• The Guardian: WhatsApp urges users to update app after discovering spyware vulnerability (13/05/2019)
• ArsTechnica: WhatsApp vulnerability exploited to infect phones with Israeli spyware (14/05/2019)
• EFF: What You Need to Know About the Latest WhatsApp Vulnerability (16/05/2019)

(25/04/2019) Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely

Facebook is facing a multi-billion dollar fine for accidentally storing millions of people's passwords in plain text.

Ireland's Data Protection Commission (DPC), which is the default privacy regulator for Facebook in Europe, said on Thursday it had launched a "statutory inquiry" into the social network after it admitted to the error.

Sources

• Business Insider: Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely (25/04/2019)

(18/04/2019) Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed

Given the terrible run of form it’s been on over the last year, it probably shouldn’t be that surprising that Facebook waited until the highly anticipated report on Russian interference in the 2016 US presidential election to deliver some bad news.

Sources

• QZ: Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed (18/04/2019)

(18/04/2019) "Ooops, I accidentally shared your contact list"

Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent

Sources

• Business Insider: Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts (18/04/2019)

(11/04/2019) Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show

Facebook’s leaders seriously discussed selling access to user data — and privacy was an afterthought.

Sources

• NBCNews: Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show (11/04/2019)

(3/04/2019) Hundreds of millions of Facebook records exposed on public servers – report

Material discovered on Amazon cloud servers in latest example of Facebook letting third parties extract user data

Sources

• The Guardian: Hundreds of millions of Facebook records exposed on public servers – report (3/04/2019)

(7/03/2019) Facebook Messenger bug revealed who you had conversations with

Imperva, a cybersecurity company, on Thursday detailed a flaw with Facebook Messenger that allowed potential attackers to learn who you were talking with on the chatting service.

The security bug didn't show the content of the messages, but just knowing who you were in touch with has the potential to harm your privacy, said Ron Masas, the security researcher who discovered the vulnerability.

Sources

• CNET: Facebook Messenger bug revealed who you had conversations with(7/03/2019)

(24/01/2019) Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.

Sources:

• TechCrunch: Facebook pays teens to install VPN that spies on them (29/01/2019)
• TechCrunch: Apple bans Facebook’s Research app that paid users for data

(18/12/2018) Facebook allowed Netflix, Microsoft, Spotify and Amazon access to private messages and personal information of users

The 18 December 2018, the New York Times reveals that Facebook had given extended access to user data, on a much wider scope that it has previously disclosed.

Sources:

• The New York Times: Facebook gives access to private messages to 3rd party partners (18/12/2018)
• Libération: Partage des données : Facebook et ses partenaires particuliers (19/12/2018)
• Usbek & Rica: Pour les partenaires de Facebook, vos données personnelles, c'est open bar (19/12/2018)
• BFMTV: Facebook a laissé Netflix et Spotify accéder à tous vos messages privés (19/12/2018)

(1/11/18) Facebook Knows How to Track You Using the Dust on Your Camera Lens

In 2014, Facebook filed a patent application for a technique that employs smartphone data to figure out if two people might know each other. The author, an engineering manager at Facebook named Ben Chen, wrote that it was not merely possible to detect that two smartphones were in the same place at the same time, but that by comparing the accelerometer and gyroscope readings of each phone, the data could identify when people were facing each other or walking together. That way, Facebook could suggest you friend the person you were talking to at a bar last night, and not all the other people there that you chose not to talk to.

Sources:

• Gizmodo: Facebook Knows How to Track You Using the Dust on Your Camera Lens (1/11/2018)