Another day, another Facebook privacy mess. Actually, this one is a few different privacy messes that we'll roll up into a single post because, honestly, who can keep track of them all these days? While we've noted that the media is frequently guilty of exaggerating or misunderstanding certain claims about Facebook and privacy, Facebook does continue to do a really, really awful job concerning how it handles privacy and its transparency about these things with its users. And that's a problem that comes from the executive team, who still doesn't seem to fully comprehend what a mess they have on their hands.
The latest flaps both involve questionable behavior targeted at younger Facebook users. First there's a followup on a story we wrote about a few weeks ago, involving internal Facebook documents showing staffers gleefully refusing to refund money spent unwittingly by kids on games on the Facebook platform. Reveal, from the Center for Investigative Reporting, who broke that story, also had a much more detailed and much more damning followup, about how Facebook was clearly knowingly duping young children out of their parents' money.
Facebook encouraged game developers to let children spend money without their parents’ permission – something the social media giant called “friendly fraud” – in an effort to maximize revenues, according to a document detailing the company’s game strategy.
Sometimes the children did not even know they were spending money, according to another internal Facebook report. Facebook employees knew this. Their own reports showed underage users did not realize their parents’ credit cards were connected to their Facebook accounts and they were spending real money in the games, according to the unsealed documents.
For years, the company ignored warnings from its own employees that it was bamboozling children.
A team of Facebook employees even developed a method that would have reduced the problem of children being hoodwinked into spending money, but the company did not implement it, and instead told game developers that the social media giant was focused on maximizing revenues.
Yes, they not only called it "friendly fraud," but in an internal memo, they explained "why you shouldn't try to block it" (i.e., why you should let game developers scam kids out of their parents' money).
This reminds me so much of the early days of adware scammers, who pulled similar kinds of stunts -- and it's incredible to think that Facebook, which presented itself as a squeaky clean alternative to the open web where those kinds of scams piled up, was basically doing the same thing on a much larger scale. The Reveal article has much more on this, and is worth reading in full to see how the focus on revenue had the company deliberately look the other way as it scooped up cash from kids.
But rather than focus on that, we already need to move on to the more recent Facebook privacy scandal, which also (partially) involves kids. Last summer, we wrote about how Apple had booted Facebook's Onavo app from its app store. Facebook had marketed it as a privacy protecting "VPN," but it was really pretty blatant spyware. Indeed, late last year when yet another Facebook privacy scandal broke, it was revealed that Facebook had been using Onavo data to determine what competitive apps were most popular -- including giving it ideas on what apps to buy or (much more damning) what apps to hinder or block from Facebook.
Apparently, even having Apple boot the app didn't give Facebook the idea that maybe this spyware was going a bit too far. Instead, it now appears that Facebook "pivoted" into paying teens to install Onavo on iPhones in a way that routed around Apple's App Store blocks, by saying it was a part of "Facebook Research." And they hid this from Apple by using third party "beta testing" services:
The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.
Facebook appears to have desperately wanted all of this data, if it was willing to go these lengths even after Apple had booted Onavo. After TechCrunch broke this story, Facebook claimed that it would stop that program on iPhones, while Apple claims it banned the app before Facebook itself could pull it.
For years, people like Jaron Lanier have argued that Facebook should pay its users for all the data they get -- but I think even people who wanted payment would balk a bit at how much access people were giving in exchange for $20/month in gift cards.
“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.”
And, of course, the setup required you to keep the app running and spying on everything if you wanted to keep getting paid.
Facebook, in response to the TechCrunch story, did its standard PR tap dance, insisting that they weren't hiding anything (Apple's response suggests otherwise, as does the fact that Facebook specifically used these 3rd party services). But, once again, like with so many other Facebook privacy scandals, the reason why so many people get upset about this is because they were not open and transparent about what was going on, and that's why it's so surprising to everyone.
The only "good" news is that on the same day all of this came out, it was announced that Facebook has just hired two of its biggest privacy critics to work on privacy issues at the company: EFF's Nate Cardozo and Open Technology Institute's Robyn Greene (*Disclosure: I know both Nate and Robyn, and Nate did, very helpfully, represent us on one issue while he was at EFF.) I know some may cynically see this as Facebook trying to co-opt some of its critics, but both Nate and Robyn have incredibly strong track records on privacy, including being vocally critical of Facebook and its policies. Hopefully this is a sign that the company is actually taking these issues seriously (better a decade too late than never).
Filed Under: apps, friendly fraud, kids, onavo, privacy, research, vpnCompanies: facebook