days since last facebook scandal

(17/12/2019) Facebook tracks location despite opt-out

Even if location services are disabled, Facebook tracks the positions of a user by extracting the location from metadata of uploaded content or by estimating the location of the IP address of the connection.

This practive was confirmed by Facebook in a letter to US senators where the company admits it uses several sources to track the location of its users. According to Facebook, this information is used for targetted advertising where ads and sponsored posts are filtered based on the location or region.

Sources

• epic.org: Facebook Admits to Location Tracking, Ignoring Privacy Settings (17/12/2019)
• the official letter sent to the US Senatep(19/11/2019)
• BoingBoing: Facebook offers funny answer for why it tracks users’ locations even when they turn tracking services off (18/12/2019)
• 9to5Mac: Facebook accesses your location even when you’ve opted out, confirms company (18/12/2019)
• TheHill: Facebook details location tracking after pressure from senators (17/12/2019)
• Firstpost: Facebook admits to accessing user location data in app even when opted out (19/12/2019)
• Futurezone (in German): Facebook sammelt permanent Daten über Aufenthaltsort seiner Nutzer (18/12/2019)
• Numerama (in French): Facebook subit encore les conséquences de son laxisme : 267 millions d’informations dans la nature (20/12/2019)

(12/11/2019) Facebook is secretly using your iPhone’s camera as you scroll your feed

iPhone owners, beware. It appears Facebook might be actively using your camera without your knowledge while you’re scrolling your feed. (...)

Maddux adds he found the same issue on five iPhone devices running iOS 13.2.2, but was unable to reproduce it on iOS 12. “I will note that iPhones running iOS 12 don’t show the camera (not to say that it’s not being used),” he said.

The findings are consistent with our own attempts. While iPhones running iOS 13.2.2 indeed show the camera actively working in the background, the issue doesn’t appear to affect iOS 13.1.3. We further noticed the issue only occurs if you have given the Facebook app access to your camera. If not, it appears the Facebook app tries to access it, but iOS blocks the attempt.

Update November 13, 7:20AM UTC: Facebook has confirmed the issue, calling it a bug (who would’ve guessed, right?).

“We recently discovered our iOS app incorrectly launched in landscape. In fixing that last week in v246 we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped,” Facebook VP of Integrity Guy Rosen tweeted. “We have no evidence of photos/videos uploaded due to this.”

Sources

• TheNextWeb: Facebook is secretly using your iPhone’s camera as you scroll your feed (12/11/2019)

(09/11/2019) Facebook gave Tinder and other dating apps special access to user data

Facebook CEO Mark Zuckerberg flirted with the idea of getting into the online dating business in 2014 — but instead gave Tinder and similar apps access to user data, leaked documents show.

The leaked documents were released Wednesday and are a part of an ongoing lawsuit between Facebook and Six4Three, a long-defunct app that scraped Facebook data to find photos of women in bikinis.

Sources

• Mashable: Facebook gave Tinder and other dating apps special access to user data (09/11/2019)

(06/11/2019) 7000 pages document leak allowed to shed light on Facebook internal practices

(...) The piles of leaked documents, which directly reference the company's questionable position on competition, are likely to be extremely helpful to the dozens of entities currently investigating Facebook on antitrust grounds. California, however, is conducting a privacy investigation. (...)

(...) Facebook wielded its control over user data to hobble rivals like YouTube, Twitter, and Amazon. The company benefited its friends even as it took aggressive action to block rival companies' access – while framing its actions as necessary to protect user privacy. (...)

(...) Facebook executives quietly planned a data-policy "switcharoo." "Facebook began cutting off access to user data for app developers from 2012 to squash potential rivals while presenting the move to the general public as a boon for user privacy," Reuters reported on Wednesday, citing the leaked documents. (...)

(...) Facebook considered charging companies to access user data. Documents made public in late 2018 revealed that from 2012 to 2014, Facebook was contemplating forcing companies to pay to access users' data. (It didn't ultimately follow through with the plan. (...)

(...) Facebook whitelisted certain companies to allow them more extensive access to user data, even after it locked down its developer platform throughout 2014 and 2015.TechCrunch reported in December that it "is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not. (...)

(...) Facebook planned to spy on the locations of Android users. Citing the documents, Computer Weekly reported in February that "Facebook planned to use its Android app to track the location of its customers and to allow advertisers to send political advertising and invites to dating sites to 'single' people. (...)

Sources

• The Stuff: Facebook tried to keep explosive emails and documents secret, but they ended up online (07/11/2019)
• Bloomberg: Facebook Staff Lamented ‘Unethical’ Practices But Were Rebuffed (08/11/2019)
• Bloomberg: Leaked Facebook Records Belie Public Push for User Privacy (06/11/2019)
• NBCNews: Leaked documents show Facebook leveraged user data to fight rivals and help friends (06/11/2019)
• The Verge: How leaked court documents reveal Facebook’s fundamental paranoia (06/11/2019)
• Business Insider: Facebook fought to keep a trove of thousands of explosive internal documents and emails secret. They were just published online in full. (06/11/2019)
• ArsTechnica: Massive Facebook document leak gives ammunition to investigators (08/11/2019)

(05/11/2019) Facebook says 100 software developers may have improperly accessed user data

Facebook discloses that as many as 100 software developers may have improperly accessed user data, including the names and profile pictures of people in specific groups on the social network.

Sources

• CNBC: Facebook says 100 software developers may have improperly accessed user data (05/11/2019)
• The Verge Facebook says 100 developers might have improperly accessed Groups member data (05/11/2019)

(01/10/2019) In two hours of leaked audio, Mark Zuckerberg rallies Facebook employees against critics, competitors, and the US government.

Highlights from two hours of leaked audio from recent Q&A sessions with Facebook’s CEO.

[...] The Verge obtained two hours of audio from the meetings, which include extended question-and-answer sessions between Zuckerberg and his employees. In language that is often more candid than he typically uses in his public comments, Zuckerberg seeks to rally the company against Facebook’s competitors, critics, and the US government.

Sources

• The Verge: Read the full transcript of Mark Zuckerberg’s leaked internal Facebook meetings (01/10/2019)
• Le Monde: Facebook : une discussion interne entre Mark Zuckerberg et ses employés fuite dans la presse (01/10/2019)

(20/09/2019) Suspension of ‘Tens of Thousands’ of privacy leaking Facebook apps

After the Cambridge Analytica incident, Facebook started an internal investigation in March 2018 which resulted in the suspension of “tens of thousands” of apps that were associated with about 400 developers.

Sources

• Facebook's newsroom: Facebook Newsroom: An Update on Our App Developer Investigation (20/09/2019)
• The New York Times: The New York Times: Facebook’s Suspension of ‘Tens of Thousands’ of Apps Reveals Wider Privacy Issues (20/09/2019)
• Engadget: Engadget: Facebook audit leads to the suspension of 400 apps (22/08/2018)

(04/09/2019) A huge database of Facebook users’ phone numbers found online

Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies,

[...]

But because the server wasn’t protected with a password, anyone could find and access the database. Each record contained a user’s unique Facebook ID and the phone number listed on the account.

Sources

• Techcrunch: A huge database of Facebook users' phone numbers found online/ (04/09/2019)

(13/08/2019) Facebook Paid Contractors to Transcribe Users’ Audio Chats

Facebook Inc. has been paying hundreds of outside contractors to transcribe clips of audio from users of its services, according to people with knowledge of the work.

Sources

• Bloomberg: Facebook Paid Contractors to Transcribe Users’ Audio Chats (13/08/2019)
• Wired: Security News This Week: Facebook's Voice Transcripts Were More Invasive Than Amazon's (17/08/2019)

(07/08/2019) Instagram leaks data, including location, to ad partner

Hyp3r used four key tools to scrape data from Instagram users. First, it utilized an Instagram security hole that allowed it to “zero in on specific locations” and collect all the posts made from those locations. Second, Hyp3r “systematically saved users’ public Instagram stories,” again utilizing that location data. Third, it “scraped public user profiles on a broad basis, collecting information like user bios and followers, which it then combined with the other location information.” Lastly, Hyp3r used image recognition software on user posts to analyze that the images included. The result was a database detailing a plethora of information about Instagram users.

Sources

• 9to5mac.com: Instagram bans ad partner for secretly tracking user locations, saving Stories, more (07/08/2019)
• Forbes: Instagram Partner Has Been Secretly Tracking Locations Of Millions Of Users: Report (07/08/2019)
• Business Insider: Instagram’s lax privacy practices let a trusted partner track millions of users' physical locations, secretly save their Stories, and openly flout its rules (07/08/2019)

(12/07/2019) FTC Reportedly Hits Facebook With Record $5 Billion Settlement

After months of negotiations, the Federal Trade Commission fined Facebook a record-setting $5 billion on Friday for privacy violations, according to multiple reports.

If approved by the Justice Department's civil division, it will also be the first substantive punishment for Facebook in the US, where the tech industry has gone largely unregulated. But Washington has taken a harsher stance toward Silicon Valley lately, and Friday’s announcement marks its most aggressive action yet to curb its privacy overreaches.

Sources

• WIRED: FTC Reportedly Hits Facebook With Record $5 Billion Settlement (12/07/2019)

(21/05/2019) Facebook caught lying to the Dutch Parliament

On May 15 2019, Facebook’s Head of Public Policy for the Netherlands spoke at a round table in the House of Representatives and stated: “You can now only advertise political messages in a country, if you’re a resident of that country.”

Dutch Digital Rights NGO Bits of Freedom quickly proved that this was completely wrong. It was no problem at all to boost a political posting to a German target group from a Dutch Facebook account and pay for it from a Dutch bank account, and vice versa.

Sources

• Bits of Freedom: Facebook lies to Dutch Parliament about election manipulation (21/05/2019)
• Niewsuur: Bits of Freedom: 'Facebook gaat de fout in met politieke advertenties' (21/05/2019)
• Bits of Freedom: Kamerleden boos na Facebook-onthulling Bits of Freedom (21/05/2019)
• German coverage: Digitalcourage: Facebook widerlegt: Wahlmanipulation aus dem Ausland ist möglich (22/05/2019)
• Boing Boing: Facebook's Dutch Head of Policy lied to the Dutch parliament about election interference (21/05/2019)
• European Digital Rights: Facebook lies to Dutch Parliament about election manipulation (22/05/2019)
• Radio Gütersloh: Wahlmanipulation im Internet möglich (22/05/2019)
• Neue Westfälische: Facebook sperrt Fake-Seiten mit AfD-Werbung vor Europawahl (22/05/2019)

(20/05/2019) Thanks to Facebook, Your Cellphone Company Is Watching You More Closely Than Ever

According to a confidential document the Intercept had access to, Facebook gives away information about your phone that is used by your mobile phone carrier.

Facebook’s cellphone partnerships are particularly worrisome because of the extensive surveillance powers already enjoyed by carriers like AT&T and T-Mobile: Just as your internet service provider is capable of watching the data that bounces between your home and the wider world, telecommunications companies have a privileged vantage point from which they can glean a great deal of information about how, when, and where you’re using your phone. AT&T, for example, states plainly in its privacy policy that it collects and stores information “about the websites you visit and the mobile applications you use on our networks.” Paired with carriers’ calling and texting oversight, that accounts for just about everything you’d do on your smartphone.

Sources

• The Intercept: Thanks to Facebook, Your Cellphone Company Is Watching You More Closely Than Ever (20/05/2019)

(13/05/2019) WhatsApp vulnerability allows to install spyware

A vulnerability found in Facebook's owned messaging service WhatsApp, allowed a spyware to be installed allegedly linked to the NSO group.

Note: the funny part here is that nothing in the release notes of the update mentionned the vulnerability when the dev team was aware of it.

Sources

• Techcrunch: WhatsApp exploit let attackers install government-grade spyware on phones (13/05/2019)
• The Guardian: WhatsApp urges users to update app after discovering spyware vulnerability (13/05/2019)
• ArsTechnica: WhatsApp vulnerability exploited to infect phones with Israeli spyware (14/05/2019)
• EFF: What You Need to Know About the Latest WhatsApp Vulnerability (16/05/2019)

(01/05/2019) Facebook wants to scan encrypted person-to-person WhatsApp messages for content Facebook or repressive governments dislike

Facebook plans to install an on-phone AI content moderation algorithm that would flag a post and prevent it from being sent if a user attempts to send a rules-violating post via encrypted WhatsApp message.

Sources

• Forbes: Facebook's Edge AI Content Scanning Brings NSA-Style Surveillance And Censorship To The Planet (05/05/2019)
• Facebook for developers: Applying AI to Keep the Platform Safe (01/05/2019)

(25/04/2019) Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely

Facebook is facing a multi-billion dollar fine for accidentally storing millions of people's passwords in plain text.

Ireland's Data Protection Commission (DPC), which is the default privacy regulator for Facebook in Europe, said on Thursday it had launched a "statutory inquiry" into the social network after it admitted to the error.

Sources

• Business Insider: Facebook is looking down the barrel of a $2.2 billion fine for storing millions of passwords insecurely (25/04/2019)

(25/04/2019) Facebook is punishing Black people for talking about racism

Black people who openly discuss experiences of racism or call out white privilege often have their Facebook accounts suspended, according to a new report by USA Today.

Sources

• The Daily Dot: Report: Facebook is punishing Black people for talking about racism (25/04/2019)
• Usa Today: Facebook while black: Users call it getting 'Zucked,' say talking about racism is censored as hate speech (30/04/2019)

(18/04/2019) Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed

Given the terrible run of form it’s been on over the last year, it probably shouldn’t be that surprising that Facebook waited until the highly anticipated report on Russian interference in the 2016 US presidential election to deliver some bad news.

Sources

• QZ: Facebook waited until the Mueller report dropped to tell us millions of Instagram passwords were exposed (18/04/2019)

(18/04/2019) Facebook Stored Millions of Instagram Users' Passwords in Plaintext

Facebook late last month revealed that the social media company mistakenly stored passwords for "hundreds of millions" of Facebook users in plaintext, including "tens of thousands" passwords of its Instagram users as well.

Sources

• The Hacker News: Facebook Stored Millions of Instagram Users' Passwords in Plaintext (18/04/2019)

(18/04/2019) "Ooops, I accidentally shared your contact list"

Facebook says it 'unintentionally uploaded' 1.5 million people's email contacts without their consent

Sources

• Business Insider: Facebook harvested the email contacts of 1.5 million users without their knowledge or consent when they opened their accounts (18/04/2019)

(16/04/2019) 15 Months of Fresh Hell Inside Facebook

Scandals. Backstabbing. Resignations. Record profits. Time Bombs. In early 2018, Mark Zuckerberg set out to fix Facebook. Here's how that turned out.

Sources

• Wired: 15 Months of Fresh Hell Inside Facebook (16/04/2019)

(11/04/2019) Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show

Facebook’s leaders seriously discussed selling access to user data — and privacy was an afterthought.

Sources

• NBCNews: Mark Zuckerberg leveraged Facebook user data to fight rivals and help friends, leaked documents show (11/04/2019)

(10/04/2019) Condamné pour clauses abusives en France, Facebook modifie ses conditions d’utilisation

Le tribunal de grande instance de Paris condamne Facebook à verser 30 000 euros à l’UFC-Que Choisir, en raison de 430 clauses d’utilisation jugées illicites. Le réseau social modifie ses CGU, à la demande de la DGCCRF et de la Commission européenne.

Sources

• L'Observateur: Condamné pour clauses abusives en France, Facebook modifie ses conditions d’utilisation (10/04/2019)

(3/04/2019) Hundreds of millions of Facebook records exposed on public servers – report

Material discovered on Amazon cloud servers in latest example of Facebook letting third parties extract user data

Sources

• The Guardian: Hundreds of millions of Facebook records exposed on public servers – report (3/04/2019)

(11/03/2019) Facebook confirms it took down an anti-Facebook ads

Facebook confirms it took down Elizabeth Warren's ads about Facebook, but is in the process of restoring them. FB spox: "We removed the ads because they violated our policies against use of our corporate logo. In the interest of allowing robust debate, we are restoring the ads.”

Sources

• Twitter: Facebook confirms it took down an anti-Facebook add (11/03/2019)

(7/03/2019) Facebook Messenger bug revealed who you had conversations with

Imperva, a cybersecurity company, on Thursday detailed a flaw with Facebook Messenger that allowed potential attackers to learn who you were talking with on the chatting service.

The security bug didn't show the content of the messages, but just knowing who you were in touch with has the potential to harm your privacy, said Ron Masas, the security researcher who discovered the vulnerability.

Sources

• CNET: Facebook Messenger bug revealed who you had conversations with(7/03/2019)

(22/02/2019)'Outrageous abuse of privacy': New York orders inquiry into Facebook data use

Order follows report that Facebook may access highly personal information including weight, blood pressure and ovulation status

Sources

• The New York Times (22/02/2019)

(24/01/2019) Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.

Sources:

• TechCrunch: Facebook pays teens to install VPN that spies on them (29/01/2019)
• TechCrunch: Apple bans Facebook’s Research app that paid users for data

(24/01/2019) Facebook knowingly duped game-playing kids and their parents out of money

Facebook orchestrated a multiyear effort that duped children and their parents out of money, in some cases hundreds or even thousands of dollars, and then often refused to give the money back [...]

Sources:

• Reveal News: Facebook knowingly duped game-playing kids and their parents out of money (24/01/2019)
• The Independent: Facebook tricked children into spending money on in-app games, court documents reveal (26/01/2019)

(18/12/2018) Facebook allowed Netflix, Microsoft, Spotify and Amazon access to private messages and personal information of users

The 18 December 2018, the New York Times reveals that Facebook had given extended access to user data, on a much wider scope that it has previously disclosed.

Sources:

• The New York Times: Facebook gives access to private messages to 3rd party partners (18/12/2018)
• Libération: Partage des données : Facebook et ses partenaires particuliers (19/12/2018)
• Usbek & Rica: Pour les partenaires de Facebook, vos données personnelles, c'est open bar (19/12/2018)
• BFMTV: Facebook a laissé Netflix et Spotify accéder à tous vos messages privés (19/12/2018)

(14/12/2018) Facebook Photo API bug exposes 6.8 millions of users' photos

On the 14 December 2018, Facebook announces throught a blog post that they discovered a bug in their Photo API that allowed a broader access than usual for 12 days.

Sources:

• Facebook original blog post: Notifying our Developer Ecosystem about a Photo API Bug (14/12/2018)
• Le Monde: Facebook : une faille de sécurité a pu exposer les photos de 6,8 millions d’utilisateurs (17/12/2018)

(1/11/18) Facebook Knows How to Track You Using the Dust on Your Camera Lens

In 2014, Facebook filed a patent application for a technique that employs smartphone data to figure out if two people might know each other. The author, an engineering manager at Facebook named Ben Chen, wrote that it was not merely possible to detect that two smartphones were in the same place at the same time, but that by comparing the accelerometer and gyroscope readings of each phone, the data could identify when people were facing each other or walking together. That way, Facebook could suggest you friend the person you were talking to at a bar last night, and not all the other people there that you chose not to talk to.

Sources:

• Gizmodo: Facebook Knows How to Track You Using the Dust on Your Camera Lens (1/11/2018)

(15/09/2015) Facebook’s Like Buttons Will Soon Track Your Web Browsing to Target Ads

Starting next month, the millions of Facebook “Like” and “Share” buttons that publishers have added to their pages and mobile apps will start funneling data on people’s Web browsing habits into the company’s ad targeting systems.

Sources:

• MIT Technology Review: Facebook’s Like Buttons Will Soon Track Your Web Browsing to Target Ads (15/09/2015)