The latest scandal involving Facebook is a timely reminder to users to 1. read the small print, 2. read the small print and 3. read the small print.

Yes, share those 208 photos of your mini-break to Prague, and post one inspirational quote per day (“Be like a grapefruit: a bit sour but great at breakfast”) but bear in mind that this social network holds a metric tonne of of your personal data – and most of the time, you’ve given it permission to do so.

In essence, the collecting and giving away of personal data starts when you sign up for Facebook: you have to share your name, gender, date of birth and contact details.  Fair enough, you might think.  But Facebook tracks and stores data about:

  • Every ad you click
  • Any additional personal information added to the profile including schools, maiden name, hometown and current city, employment, other organisations, music, films, books you like, everything
  • every IP address you use when logging into your Facebook account
  • every friend in your network, including friends you’ve, er, unfriended
  • ALL your activity – from the day you first joined. Facebook describes its activity log as “a list of your posts and activity, from today back to the very beginning. You’ll also see stories and photos you’ve been tagged in, as well as the connections you’ve made – like when you liked a Page or added someone as a friend.” In other words, every “like,” every status change, and every search of another person on Facebook.

But the real meat of data harvesting begins with third-party apps.  From Airbnb to Spotify, to daft quizzes and everything in between, they allow users to sign in using their Facebook password. And people opt in without thinking, and then in the case of quizzes, share the results to encourage others to take them.  Doesn’t matter how mad they are.  “That was a quiz telling me which disease I would die from, so I HAD TO TAKE IT ACTUALLY SANDRA, IT’S MEDICAL.”

Yet you’ve just agreed to let that app access not just your name, gender, and location, it’s also asked you for your friends names, your email and telephone numbers, location and more.  Remember, because our phones contain so much personal information — like our exact location, contact data, and cameras that can record us — apps can’t just use these unless you tell them it’s okay.   Now Google Maps isn’t going to work if it doesn’t know your location, but why should a calculator app need to know that?  These apps have no business requesting these, because they’re not necessary for the functionality of the app. Even if an app clearly defines what it wants the permission for (which more developers should do), there’s no guarantee that it’s not abusing the permission.

From here, all it takes is for the third-party app to sell the data to someone else.

Short of deleting a Facebook account (and Facebook doesn’t make that easy either), there are a few other steps users can take to protect themselves, starting with getting rid of all those third-party apps and turning off location data. Go to Facebook settings (nope, not privacy), then “apps,” and check how many apps you have that are are linked to Facebook.  Remove them.  Or scoot over to the apps, websites, and plugins square, click on “edit,” and then turn off all third-party API access. Doing so will prevent third-party apps from linking to your Facebook account in the future.

Facebook tracks users’ locations, but it doesn’t have to. There are actually options to deny it location access, or to only give it access when the app is being used. Processes are slightly different for iPhone or Android, but both are easy.

In Android, go to settings, scroll down and click location. From here, users can slide location on and off. For those with iPhones, go to settings, then privacy, and then location. From here, users can find the Facebook app and pick the location access they want to give.  And while you’re at it, check the permissions for all the other apps on your phone.

Write a comment