Facebook terms reviewed. This blog is usually not a data security blog (although it’s something I care about); but the recent scandal with Facebook made me curious just what users agree to by using the site. As the saying goes, “if the product is free, you are the product.”
Credit: The Sound of Music, 1965. 20th Century Fox.
Say goodbye to you personal data.
Full disclosure, I do not maintain a Facebook page. I understand the benefits of it, but it’s not for me. Recently, the FCC has announced an investigation into Facebook and its CEO has been called to Capital Hill over the data sharing scandal. The headline, of course, is that Facebook shared its information and that information was used to sway the election in the US in 2016. The underlying issue is, what, if anything did users agree to by using the site. This blog post reviews some of those things.
In general, the terms of service with Facebook are what will govern the relationship between Facebook and the user. The first thing you need to know is that the terms of service are scattered around a lot of hyperlinks. Links within links. If you want to know the true terms, be prepared to spend a long time navigating the site.
For example, section I of the Data Use policy states:
Things you do and information you provide. We collect the content and other information you provide when you use our Services, including when you sign up for an account, create or share, and message or communicate with others. This can include information in or about the content you provide, such as the location of a photo or the date a file was created. We also collect information about how you use our Services, such as the types of content you view or engage with or the frequency and duration of your activities.
The “Services” are defined here https://www.facebook.com/help/1561485474074139 and include basically everything Facebook does, as well as its affiliates, which are identified here: https://www.facebook.com/help/111814505650678?helpref=faq_content.
In short, anything you consent to by using any of these pages, or their mobile apps can be shared. Importantly, the permissions on some of the apps allow Facebook to monitor you phone calls and text messages even outside of the Facebook app. https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/
But that’s just the beginning. Facebook collects all of your payment and credit card information. Again, in section I of the data use policy, a user agrees that:
Information about payments. If you use our Services for purchases or financial transactions (like when you buy something on Facebook, make a purchase in a game, or make a donation), we collect information about the purchase or transaction. This includes your payment information, such as your credit or debit card number and other card information, and other account and authentication information, as well as billing, shipping and contact details.
By using Facebook, you agree that Facebook can track you on the web and in real life:
Device information. We collect information from or about the computers, phones, or other devices where you install or access our Services, depending on the permissions you’ve granted. We may associate the information we collect from your different devices, which helps us provide consistent Services across your devices. Here are some examples of the information we collect:
- Attributes such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers.
- Device locations, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals.
- Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.
Facebook then can use all of that information and provide it to third parties, because the users agreed to it.
Apps, websites and third-party integrations on or using our Services. When you use third-party apps, websites or other services that use, or are integrated with, our Services, they may receive information about what you post or share. For example, when you play a game with your Facebook friends or use the Facebook Comment or Share button on a website, the game developer or website may get information about your activities in the game or receive a comment or link that you share from their website on Facebook. In addition, when you download or use such third-party services, they can access your Public Profile, which includes your username or user ID, your age range and country/language, your list of friends, as well as any information that you share with them. Information collected by these apps, websites or integrated services is subject to their own terms and policies.
Facebook users also allow Facebook to provide your “cookies” to third parties affiliated with Facebook. The terms use for cookies states:
We may place cookies on your computer or device, and receive information stored in cookies, when you use or visit:
The Facebook Services;
Services provided by other members of the Facebook family of companies; and
Services provided by other companies that use the Facebook Services (such as companies that incorporate the Like button or Facebook’s advertising services into their websites and apps).
To help temper the extremely broad usage of your data, Facebook states in its Terms that “You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings.” However, the background data being harvested is not “posted” on Facebook. In essence, Facebook is saying “the pictures are yours but your soul is mine”.
There are a lot of things users sign away by using Facebook. In my opinion users agree that all of their data and habits can be used by Facebook and third parties for a wide range of things.
By using Facebook, you are agreeing that Facebook can track you, your friends and anyone who shares information about you. Facebook can monitor you communication; both inside and outside of the platform. Perhaps, most importantly, it seems as if that Facebook can sell all of that information to the highest bidder.
Welcome to being the product.
The foregoing is simply the opinion of the author, and not a legal opinion.