Facebook defends giving tech giants access to extensive user data

[The AchieVer]

Facebook has defended its data-sharing practices with other technology firms while at the same time admitting that lax API control may have exacerbated what has already been a trying year for the social networking giant.

On Tuesday, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs said in a blog post on Facebook that recently exposed data-sharing practices were all about "helping people," and said nothing was done without a measure of user consent.

 

The note was published as the social media giant's response to a New York Times report this week which claimed that for years Facebook has conducted "special arrangements' with major technology companies that gave them access to intrusive data on users.

According to the NYT, these businesses became exempt from standard privacy rules due to these inside deals. Microsoft's Bing was able to see the names of almost all Facebook user friends without consent; Netflix and Spotify were able to read private messages; Yahoo could view Facebook friend post streams, and Amazon was able to obtain usernames and contact information through friend connections.

Papamiltiadis said in response that these features -- many of which are now defunct and no longer in use -- were used for purposes including receiving Facebook notifications while in an active browsing session; integration for song recommendations, to create search results based on the "public information" friends have shared, and the upload of contacts from Facebook to email services.

"Take Spotify for example," the post reads. "After signing in to your Facebook account in Spotify's desktop app, you could then send and receive messages without ever leaving the app. Our API provided partners with access to the person's messages in order to power this type of feature."

"Over the years we have tried various ways to make Netflix more social," a Netflix spokesperson told ZDNet. "One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people's private messages on Facebook or ask for the ability to do so."

 

"Amazon uses APIs provided by Facebook in order to enable Facebook experiences for our products," Amazon said in a statement. "For example, giving customers the option to sync Facebook contacts on an Amazon Tablet. We use information only in accordance with our privacy policy."

Microsoft added that "all user preferences" were respected in relation to its dealings with Facebook.

While these deals were designed to benefit all companies involved -- potentially as many as 150 firms in total -- and generate revenue, in light of the Cambridge Analytica scandal, it seems such deals are now coming back to haunt Facebook at the worst time.

According to the publication, some of these deals date back as far as 2010, and some were still active this year. Questions have now also been raised as to whether the tech giant has broken a 2011 consent agreement with the US Federal Trade Commission (FTC). 

Facebook really doesn't need to raise the ire of regulators any further this year, and this is a suggestion that Papamiltiadis vehemently denies, as users would need to sign in with their Facebook account to agree to the data-sharing. 

 

The executive defended the deals, blurring the lines between the social network and so-called "integration partners" by saying the data-sharing practices were established for the purpose of creating more "social experiences."

Papamiltiadis added that instant personalization was closed in 2014, and many other partnerships were wound down over 2018.

"We recognize that we've needed tighter management over how partners and developers can access information using our APIs," the executive said. "We're already in the process of reviewing all our APIs and the partners who can access them."

Amazon, Apple, Tobil, Alibaba, Mozilla, and Opera integration systems are still in effect. Facebook says that there is "no evidence" that the instant personalization data-sharing agreements and APIs were abused, but the APIs were still left in place after the program was shut down.

 

"We've taken a number of steps this year to limit developers' access to people's Facebook information, and as part of that ongoing effort, we're in the midst of reviewing all our APIs and the partners who can access them," Papamiltiadis said. "This is important work that builds on our existing systems that track APIs and control who can access to them."

That is all well and good, but considering how much criticism Facebook has faced in the past 12 months over its data-sharing practices, perhaps it is now time to remove the vagarities and soft approach to such reports, and simply be transparent about what deals involved who, and when.

This is an approach which wouldn't necessarily be taken every time a company had poor data protection and inappropriate data sharing allegations thrown their way, but in Facebook's case, trust in the company has been undermined again and again over such a short period and so perhaps more radical, transparent action needs to be taken.

As noted by Alex Stamos, Facebook's former Chief Security Officer (CSO), Facebook's response "blends all kinds of different integrations and models into a bunch of prose." 

"There very well could be serious privacy problems in the Times' story, but it is hard to tell what is really problematic because they intentionally blur the lines between FB allowing 3rd party clients/OS integrations (like Apple) with data actually going to other companies," Stamos added. "Putting your response in a wall of PR-text aimed at end consumers just isn't effective."

 

Earlier this month, Facebook revealed the existence of a bug which may have permitted unauthorized access to the private photos 6.8 million users. The leak was due to an API left in backend code between September 13 to September 25, 2018.

It is believed up to 1,500 apps built by 876 developers were involved in the security lapse.

It seems that time and time again this year, Facebook has taken a battering when it comes to user trust and its reputation as a social media platform. As a damage control measure, back in May, Facebook CEO Mark Zuckerberg announced a privacy tool called "clear history" which would give users the option to wipe out their browsing activities on the platform.

This new tool is expected to be released next year.

 

source

[steven36]

Facebook says companies got access to data only after user permission

 

 

(Reuters) - Facebook Inc (FB.O) said it did not give companies access to personal data of users without their permission, after the New York Times reported on Tuesday that the social network allowed some tech giants far greater access to data than it had disclosed.

 

The paper reported that Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without their consent, citing internal records that describe data-sharing deals that benefited more than 150 companies.

 

"None of these partnerships or features gave companies access to information without people's permission, nor did they violate our 2012 settlement with the FTC," Konstantinos Papamiltiadis, Facebook's director of developer platforms and programs, said in a blog post here

 

Facebook settled with the U.S. Federal Trade Commission in 2012 over charges that the company was deceiving consumers and forcing them to share more personal information than they had intended.

The NYT report also said Facebook gave companies like Netflix (NFLX.O) and Spotify (SPOT.N) the ability to read users’ private messages and permitted Amazon (AMZN.O) to obtain users’ names and contact information through their friends.

 

“At no time did we access people’s private messages on Facebook or ask for the ability to do so,” a Netflix spokesperson said in response to the story.

 

Netflix had launched a feature in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. The spokesperson said Netflix shut the feature in 2015 as it was not popular.

 

Facebook said the access to these companies, known as integration partners, was aimed at helping users access their Facebook accounts or specific features on devices and platforms built by other companies like Apple (AAPL.O), Amazon, Blackberry (BB.TO) and Yahoo.

 

The feature could also help users see recommendations from their Facebook friends on other popular apps and websites like Netflix and Spotify.

 

Facebook said the users needed to sign in with their Facebook account to use these features offered by the likes of Apple and Amazon.

 

The social network said it shut down nearly all of these partnerships over the past several months, except those with Apple and Amazon, which people continue to find useful and which are covered by active contracts.

 

Earlier this month, a British lawmaker released documents that revealed Facebook offered some companies, including Netflix (NFLX.O) and Airbnb, access to data about users’ friends it did not make available to most other apps in 2015.

 

Source