Advanced Search
Content Type: Examples
In announcing a data breach in 2018, at first Facebook said 50 million people's data had been accessed, then 30 million - but the data accessed was more sensitive than they thought at first. After investigation, the company explained that it had identified four stages of attack with a different group of victims affected in each one. The attackers used an automated technique to move from the first small group of accounts they controlled to others, stealing access tokens of friends and friends of…
Content Type: Examples
In August 2018, Facebook announced it would remove more than 5,000 ad targeting options in order to prevent discrimination. Options specifying the exclusion of people interested in "Passover", "Native American culture", or "Islam" could be used as proxies to allow advertisers to exclude ethnic and religious groups in contravention of the law. The announcement came shortly after the US Department of Housing and Urban Development filed a complaint alleging that the company had enabled…
Content Type: Examples
Days before the US November 2018 midterm elections, ProPublica discovered that an organisation called Energy4US spent $20,000 to run ads on Facebook pushing conservatives to support the Trump administration's reversal of fuel emission standards. On closer scrutiny, Energy4US appeared to be a front organisation for the trade association American Fuel and Petrochemical Manufacturers, which numbers the world's largest oil companies among its members. Although Facebook's announced requirement that…
Content Type: Examples
In October 2018, in the wake of the Cambridge Analytica scandal and questions over Facebook's influence on the UK's EU referendum, Facebook announced it would add Britain to the US and Brazil on the list of countries where the company will no longer allow political groups to publish "dark" ads on its network. Among the changes: all paid-for political content will be automatically published in a public library for up to seven years; individuals and organisations running ads with political…
Content Type: Examples
In the run-up to the US 2018 mid-term elections, Facebook announced it would broaden the company's policies against voter suppression by banning misrepresentations about how to vote and whether a vote will be counted. The company also introduced a reporting option to allow users to report incorrect information and dedicated reporting channels for state election authorities. The company noted it was getting better at detecting and removing fake accounts and increasing transparency about…
Content Type: Examples
For many Filipinos, Facebook is their only way online because subsidies have kept it free to use on mobile phones since its launch in the country in 2013, while the open web is expensive to access. The social media network is believed to have been an important engine behind the ascent to the presidency of Rodrigo Duterte. Beginning in 2016, faked photographs and videos spread alongside false news targeting Senator Leila de Lima, a noted critic of Duterte and his violent war on drugs, and others…
Content Type: Examples
In a systematic campaign over more than five years, Myanmar military used Facebook to covertly spread propaganda, mostly against the Rohynga, via accounts that appeared to be dedicated to pop stars and entertainment, turning the social media site into a tool for ethnic cleansing. Having garnered a mass following, the military operatives then used the pages to distribute false news, and spread hostility and division. In one campaign in 2017, the military's intelligence group sought to convince…
Content Type: Examples
In June 2018, human rights and digital rights activists in Myanmar called on Facebook to raise its level of moderation of Burmese-language content in order to reduce hate speech, which they said was at high risk of sparking open violence. In Myanmar, decades of civil war and the end of military rule had led to a humanitarian crisis that sent 900,000 Rohynga fleeing the country and that United Nations investigators called "ethnic cleansing" and suspected genocide. Because Facebook is pre-…
Content Type: Examples
In April 2018, Facebook announced that in six months it would end a programme it called "Partner Categories", in which the social network acted as a bridge between data brokers like Acxiom, Epsilon, and TransUnion and the consumers their customers want to reach. In this deal, Facebook did not actually sell the data it collects; instead, it targeted ads to the lists of people the data brokers uploaded. Facebook users can see the results for themselves by going to their privacy settings and…
Content Type: Examples
Facebook-owned Onavo VPN (adertised as a way to block harmful websites, and keep a user's data safe) is pulled from the Apple App Store due to tracking, collecting, and analysing customers' usage data, including from other unrelated apps.
https://arstechnica.com/tech-policy/2018/08/facebook-violates-apples-data-gathering-rules-pulls-vpn-from-app-store/
Author: Valentina Palladino
Ars Technica
Content Type: Examples
30 million users had their accounts breached, with a total of 90 million accounts reset after Facebook's "view as" feature leaked unique user account access tokens, allowing attackers to not only trivially impersonate any other user on the platform, but also to potentially automate the attack on a massive scale using their API.
This is of particular concern where these access tokens were used as a "Single Sign On" for third-party services who authenticate against Facebook. The…
Content Type: Examples
In May 2017, the European Commission fined Facebook $122 million for providing incorrect or misleading information during its 2014 acquisition of WhatsApp. At the time of the acquisition, Facebook assured the EC that it would not be able to link its accounts database to that of WhatsApp. After the merger, Facebook went on to implement that linkage, and the EC found that Facebook staff knew even in 2014 that it was technically possible to do so. The EC could have imposed a larger fine, but said…
Content Type: Examples
In December 2017, the German cartel office presented preliminary findings in an investigation of Facebook, ruling that the company had abused its dominant position by requiring access to third-party data (including data from subsidiaries WhatsApp and Instagram) when an account is opened and tracking users across the web. Facebook responded that the service is popular in Germany, but not dominant. About 41% of Germans have active Facebook accounts. The investigation's final resolution…
Content Type: Examples
In September 2017, the Spanish national data protection regulator fined Facebook €1.2 million, alleging that the company collected personal information from Spanish users that could then be used for advertising. The investigation, which took place alongside others in Belgium, France, Germany, and the Netherlands, found three cases in which Facebook had collected information such as gender, religious beliefs, personal tastes, and browsing histories of millions of Spanish users without disclosing…
Content Type: Examples
In June 2015, the Belgian data protection regulator, Commission for the Protection of Privacy, launched a complaint that Facebook indiscriminately tracked internet users when they visited Facebook pages or clicked Like or Share, even when they are not Facebook members. In November 2015, the Court of First Instance gave Facebook 48 hours to stop tracking internet users who do not have accounts with the social network or face fines of up to €250,000 per day. The court said Facebook tracked users…
Content Type: Examples
In January 2013, Facebook upgraded its search tool to enable the site to answer more complex questions. Called Graph Search, the new tool aimed to make it possible for users to find businesses and each other based on location, personal history, personal interests, and mutual friends. The site promised special privacy protections for minors. Privacy advocates pointed out the risks of making shared information discoverable on a large scale. Facebook's response was to suggest that users adjust…
Content Type: Examples
In May 2017, the French data protection regular, CNIL, fined Facebook €150,000 saying the company had failed to inform users properly about how their personal data is tracked and shared with advertisers. The regulator did not, however, order the company to change its practices. The decision was one of a series of European regulatory examinations of changes made to Facebook's privacy policy in 2014. CNIL's action followed rulings in 2016, when CNIL gave Facebook three months to stop tracking non…
Content Type: Examples
In 2015, Facebook created the "Free Basics" programme, in which the company partnered with telephone carriers in various countries to offer free access to Facebook - that is, using Facebook would not count against their data plan. While critics argued the plan is anti-competitive, violates the principles of network neutrality and didn't empower users to build their own culturally and contextually appropriate solutions, Facebook claimed that the service would help get India's hundreds of…
Content Type: Examples
In July 2014, a study conducted by Adam D. I. Kramer (Facebook), Jamie E. Guillory, and Jeffrey T. Hancock (both Cornell University) and published by the Proceedings of the National Academy of Sciences alerted Facebook users to the fact that for one week in 2012 689,003 of them had been the subjects of research into "emotional contagion". In the study, the researchers changed randomly selected users' newsfeeds to be more positive or negative to study whether those users then displayed a more…
Content Type: Examples
In 2012, Facebook CEO Mark Zuckerberg's sister, Randi, tweeted to fellow Twitter user Callie Schweitzer that Schweitzer had violated her privacy by posting a picture taken in her kitchen. Randi Zuckerberg, the former head of Facebook's marketing department, had posted the picture, which was taken in her kitchen and showed four people including her brother, to Facebook intending it to be viewed by Friends only. Schweitzer responded that the picture had popped up in her Facebook News Feed. Randi…
Content Type: Examples
In November 2011, the US Federal Trade Commission charged Facebook with repeatedly breaking the privacy promises it made to users. Among the list of deceptive practices and incidents in the FTC's complaint were December 2009 changes Facebook made to its site that publicly exposed information users might have marked private, such as their Friends lists; Facebook's failure to certify the security of apps participating in its Verified Apps programme, as the company said it would; the company's…
Content Type: Examples
In June 2011, Facebook enabled an automatic facial recognition called "Tag Suggestions" based on its research project DeepFace, requiring users who objected to opt out. The feature scanned the faces in newly uploaded photographs and compared them to those in the billions of images already on the system. When it found what it believed to be a match, it would suggest tags - that is, names.
Privacy advocates noted that besides the issue that all users were opted in by default, the feature meant…
Content Type: Examples
In early 2011, Facebook launched "Sponsored Stories", an advertising product that used content from members' posts inside ads displayed on the service. Drawing on Likes, check-ins, and comments, a Sponsored Story might use a member's photograph and their comments from a coffee shop to create an ad that would then be displayed alongside other ads. Users were provided no ability to opt out. Among the inaugural advertisers was Coca-Cola, and Starbucks featured in a marketing video Facebook made to…
Content Type: Examples
In October 2010, the Wall Street Journal discovered that apps on Facebook were sending identifying information such as the names of users and their Friends to myriad third-party app advertising and internet tracking companies. All of the ten most popular Facebook apps, including Zynga's FarmVille, Texas HoldEm Poker, and FrontierVille, were found to be transmitting personal information about their users' Friends to outside companies. While Facebook and defenders of online tracking argued that…
Content Type: Examples
When journalist Alex Hern needed to set up a Facebook account in order to manage the Guardian's technology page and other work-related things, he locked down its privacy settings so that the account's profile would not appear in searches and only Friends of Friends could add him as a friend. In October 2017, Hern discovered that these settings no longer applied: an update to Facebook's internal search engine gave users the ability to search the entire network. While private posts remained…
Content Type: Examples
In April 2010, Facebook launched a set of tools to enable websites to add a social layer by adding a Facebook frame to their pages. The company's three launch partners, Microsoft's Docs.com, Yelp, and Pandora, had access to a more comprehensive tool, Instant Personalization, which allowed them to look directly at individuals' Facebook profiles and use the public information presented there to provide a personalised experience such as playing music (Pandora) or restaurants (Yelp) that the person…
Content Type: Examples
In September 2007, Facebook, which from its 2004 founding had stressed the privacy of its user profiles and interactions, opened up its profiles to public search engines such as Google and Bing. Facebook's new "public listing search" allowed anyone to search for a particular person; such searches returned the name and profile picture of all members who had set their search privacy to "Everyone". The benefit to Facebook was to encourage non-users to sign up when they saw their friends and family…
Content Type: Examples
In July 2009 after an in-depth study of the site spurred by complaints from the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa, Canada's Privacy Commissioner issued a ruling that Facebook was in direct violation of the country's privacy laws. Among the regulator's complaints: the company's privacy policies were often confusing, incomplete, and generally lacked transparency; the company did not make a reasonable effort to inform users how their private…
Content Type: Examples
In February 2008, users discovered that deleting their account from Facebook does not entirely remove it. Instead, the company's servers retained copies of the information in those accounts indefinitely even after those users telephoned the company to request full removal. The company argued that retaining the data benefits users by making it easy for them to resurrect their accounts later, should they choose to do so. Facebook's website did not make this clear; only users who contacted the…
Content Type: Examples
In November 2007, Facebook launched Beacon, an advertising programme that allowed third-party sites to include a script that passed Facebook notifications about users' activities on their sites such as purchases, auction bids, reviews, and game-playing. The service as originally designed offered no opportunity to opt out, and a public outcry ensued; many people did not want their activities broadcast automatically to all their Friends. Users also soon found that Beacon transmitted information…