Facebook and Apple are feuding over the right way to protect your privacy. Apple’s latest update to its iOS devices includes a new privacy feature called App Tracking Transparency. This feature is enabled by default on all Apple devices and requires apps, like Facebook, to ask for users’ permission before sharing their data with third-party advertisers. In response, Facebook is gearing up to modify and defend its advertising model to stay in the game against Apple.
Big Tech is clearly starting to see that ordinary users want better privacy protections. And if a little competition between the Big Tech giants means a few more privacy safety features get put into our apps and services, that can only be a good thing. Previously, apps were able to track and exploit users’ data without their knowledge or consent. Giving users more control over who can access their data is a big step in the right direction.
But these companies aren’t learning their lesson quickly enough, and your privacy is still not their priority. Privacy protections on most apps and particularly on social media services remain scant and often ineffectual. Users still need to know the risks and make informed decisions with their data.
A recent data dump on a hacker forum highlights how precarious our privacy truly is online. The data dump revealed that over 500 million Facebook users have just had their personal information exposed online. That means about 1 out of every 5 Facebook users has had their privacy violated and their data stolen.
Facebook isn’t alone, however. Both LinkedIn and Clubhouse also experienced massive data leaks in the last month. Digital consumers often entrust their personal information to apps and websites they think are secure. But when it comes to social media, the reality may fall far short of expectation.
Social media users invest a lot in making sure their public profile shows the right image of their lives. Part of the appeal of social media is that its users are empowered to feel completely in control over what they share, spread, and say on social media.
But the problem is that social media apps themselves may be saying more about their users than people think. And most users aren’t aware of who might be listening and what they might do with what they learn.
The danger with social media is that most social media apps and websites aren’t designed to protect users’ privacy. Social media services require users to submit personal information like their name, date of birth, address, phone number, and email. But once users give this information, they’ll find it’s very hard to control who else can see it, access it, store it, share it, sell it, or otherwise use it.
When people hear about data breaches, they probably think first of high-profile cyber attacks like those perpetrated against Equifax in 2017. But a cyberattack isn’t the only kind of data breach. Hackers, cybercriminals, marketers, identity thieves, and internet scammers can use a process called data scraping to comb websites for visitor and user data. If a website hasn’t taken the necessary steps to protect user and visitor privacy, then there’s a treasure trove of personally identifiable information for these fraudsters and scammers to steal.
That’s exactly what has happened with Facebook, LinkedIn, and Clubhouse. These three companies have been quick to contend that they were not the victim of a cyberattack. And this is true. All of their cybersecurity systems worked exactly as intended, and none of them was hacked. But that’s precisely the problem.
These and other social media companies have designed their services around protecting themselves first and foremost. User privacy is an afterthought, if that. It doesn’t matter whether or not Facebook’s own cybersecurity systems were hacked; it should still shock and scandalize us that the biggest social media platform in the world has such lax privacy protections in place that hundreds of millions of users’ personal data was so easily and quickly stolen by data scraping.
Social media users need to understand that their favorite social media app is doing a lot less than they let on to protect user privacy. More often than not, social media services are doing the bare minimum just to stay out of legal trouble. But when it comes to protecting your privacy online, the bare minimum simply is not enough.
What’s more, social media apps aren’t just lax on privacy protections; they also benefit financially from violating user privacy. There’s an old saying that if you aren’t paying for the product, then you are the product. That’s definitely the case with social media. Companies like Facebook make money off of advertising revenue. And what advertisers want is your data.
Even if Facebook modifies its advertising practices in the future, exploiting user data is the foundation of Facebook’s business model. There’s only so much tweaking one can do to a fundamentally invasive way to generate revenue.
This isn’t to say that people shouldn’t use social media. But users need to be aware of the privacy risks. If you do use social media, you should know that your data likely isn’t as safe as you might think. If you want to avoid becoming the victim of identity theft or a phishing scam, relying on Facebook, LinkedIn, or any other social media site to protect your privacy for you is a bad idea.
Tom Kelly is president and CEO of IDX, a Portland, Oregon-based provider of data breach and consumer privacy services such as IDX Privacy. He is a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies.