Internal Emails Show Facebook Weighing the Privacy Risks of Quietly Collecting Call and Text Records From Its Android Users -- Then Going Ahead Anyway

Earlier this year, many Android users were shocked to discover that Facebook had been collecting a record of their call and SMS history, as revealed by the company's data download tool. Now, internal emails released by the UK Parliament show how the decision was made internally. From a report: According to the emails, developers knew the data was sensitive, but they still pushed to collect it as a way of expanding Facebook's reach. The emails show Facebook's growth team looking to call log data as a way to improve Facebook's algorithms as well as to locate new contacts through the "People You May Know" feature. Notably, the project manager recognized it as "a pretty high-risk thing to do from a PR perspective," but that risk seems to have been overwhelmed by the potential user growth.

Initially, the feature was intended to require users to opt in, typically through an in-app pop-up dialog box. But as developers looked for ways to get users signed up, it became clear that Android's data permissions could be manipulated to automatically enroll users if the new feature was deployed in a certain way.

Come on, people, enough is enough!

Face it: you have to leave Facebook. You cannot un-know things like this. There's no rules anymore, they do whatever they want, and they're invading every last vestige of your personal lives now, whether you were asked or not. It's time to leave Facebook, do it NOW.

Re:Come on, people, enough is enough!

[DickBreath]

Don't tell people to leave facebook. In a democracy, Facebook plays an absolutely important role in manipulating elections, dividing people into echo chambers, or polar opposites violently fighting each other which escalates into real life fights.

Facebook also protects your private information from ever being lost by securely backing it up with redundant copies being sent to many unknown third parties who pay to have backups of your personal info.

Re:Come on, people, enough is enough!

[r_naked]

Why do you care if people want keep their head in the sand and ignore the fact that Facebook cares not one bit about their privacy?

Heck I hope more people sign up. Then when there is some massive data breach, it just makes it all the more amusing for those of us that have no accounts, and go out of our way to foil their shadow profile builder as well.

Re:Come on, people, enough is enough!

[CaptainDork]

Facebook is a dopamine delivery system.

Re:Come on, people, enough is enough!

[rnturn]

Seriously... The smartphone purchase process is: 1.) Buy smartphone, 2.) Immediately go to the Settings -> Apps screen and uninstall the damned Facebook application.

Re:Come on, people, enough is enough!

[alexandre.oberlin]

IIUC people had allowed access to their email contacts, but I NEVER DID. Yet I had figured out about a year ago that Facebook had stolen my phone/sms metadata since they spotted as "Suggested friends" 2 persons I had only contacted by phone/sms on an Android phone (I don’t even know their email). I am talking about people living around Torino, Italy, an area with a population of several millions.

Re:Come on, people, enough is enough!

[twebb72]

I have not logged in since 2000. There is no leaving Facebook. They are still tracking everything I do in order to curate my shadow profile.

While I agree that everyone should leave, but short of that, they need heavy regulation

Re:Come on, people, enough is enough!

[rtb61]

You're on Facebook, eww, really lame, like desperate to pretend you have a life or what. Bad enough that you sell out your own digital life but you also sell out all the people you have in your contacts, sell out the privacy of your friends, so the freaks and perves at facebook can target and manipulate them, what kind of ass hat are you.

Don't tell them to leave facebook, make them feel bad for being a part of facebook, for selling out themselves and those they know to facebook. Only boring losers, the sheeple, still facebook.

Re: Come on, people, enough is enough!

[astrofurter]

+1

"You _still_ use Faceboot?"

"No, I don't have a Faceboot. Don't have an AARP card either."

"What, does your boss require you to have a Faceboot or something?"

"Nah, I don't use Faceboot. I have an actual life, you see."

There are many others.

I always make it a point to enunciate the "t" in Faceboot. Everyone gets it.

Not a surprise!

This behavior is not surprising at all considering that the only reason that Facebook exists is to collect data to sell to advertisers. Everything that they do is to increase profits. They really don't care about people or privacy...its all about the money!!!

Re:Not a surprise!

[DickBreath]

Not just advertisers.

I think Facebook would sell your personal info to anyone willing to pay for it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:MSMASH: you inbred Induchimp!

[Aighearach]

Welcome to the English language, Ivan.

Then means that the action is happening after the something else that was discussed immediately prior.

Going means to move.

Ahead is a direction, the meaning is similar to forwards.

Anyway means that the thing that happened was not prevented by some downside or problem that was already discussed.

So, "Then going ahead anyway" means that they knew there was something problematic with their actions, and they still tried to complete those actions.

Come back tomorrow and we can discuss There, Their, and They're. But only if you stop saying that rude thing at the end. Be nice, Ivan. And show up sober.

The more we learn about Facebook...

[QuietLagoon]

... the worse Facebook looks.

Is anyone surpised?

[Teun]

Are there still people surprised by this behaviour?
Facebook is since years known to invade users and non-users privacy.
I belong to the last group and have to install various add-ons to escape their vacuuming of personal data.

Re: Is anyone surpised?

[illiac_1962]

It was pretty obvious when everyone started getting those phishing emails from friends and family that are on Facebook but which have never communicated online via email and otherwise have no online presence other than Facebook.

Everyone's blaming Facebook

[Actually,+I+do+RTFA]

This isn't just Facebook's fault. It's Google's too. Note how they only did this on Android phones. Because Apple made their OS protect their users, and Google made their OS enable spying.

Re:Everyone's blaming Facebook

[UnknownSoldier]

You missed the biggest source of the problem:

Everyone USING Facebook.

People get EXACTLY what they deserve. i.e. If they are dumb enough to use Facebook in the first place, then they shouldn't be surprised that someone profited off their stupidity.

The sad part is that nothing will change. People will whine about the problem but the majority will stay.

I will leave FB when I'm good and ready

[WillAffleckUW]

And that goes for my 254 fake FB accounts too!

Oh, you mean you actually have FB on your tracked cellphone with Android?

Ok, you're just pulling my leg there, no way anyone would be dumb enough to do that.

Re:I will leave FB when I'm good and ready

[Dunbal]

My dog has a facebook account. I don't.

Re:I will leave FB when I'm good and ready

[PrntlUnit27]

Oh, snap. You got hexed by an AC.

This assumes use of the Facebook app, right?

[WilliamGeorge]

Facebook is also available as a website, so why bother installing an app for it that just intrudes more on your privacy? If you must use it, just use the mobile website within a browser like Chrome. That way they should not be able to monitor what is going on outside of the website. Or is there some way that they can still access that info, even from inside a web browser, which I am not aware of?

Re:This assumes use of the Facebook app, right?

[RockDoctor]

Because ... IF you use the app, Facebook makes more money.

Don't you understand that basic structure of the industry?

Re:This assumes use of the Facebook app, right?

[fustakrakich]

Chrome is a Google app. I'll let you draw your own conclusions about what they pass to Facebook, as a *Professional Courtesy* of course! Then there's your service provider, who usually doesn't charge Facebook against your data quotas. There has to be a reason why. The only safe thing to assume is that you're on a party line, and just like in old time Soviet Union, the cops are listening.

Re:This assumes use of the Facebook app, right?

[WilliamGeorge]

I've never had much trouble with it on mobile, but I do sometimes find it starts to scroll through the newsfeed upon opening, until you scroll up to stop it. Not a huge deal, though.

However, it just occurred to me that they probably pull the same permission crap on the Messenger app. I use the "Lite" version, since it at least doesn't hog resources as badly, and checking the app permissions - sure enough, SMS, Phone, and Microphone are all listed there - despite there being no reason for such things in a text-based messaging app. I went ahead and turned those off on my own phone, which hopefully helps. I left Camera and Storage on so I can take and send pictures to contacts, and Contacts as well since that seems safe enough.

This makes me wonder, though, how many other app vendors are also pulling similar tricks? Maybe I'll go through all my installed apps at some point and turn off the things that don't seem like they should be necessary :/

Re:This assumes use of the Facebook app, right?

[WilliamGeorge]

Fair enough - I guess you can make voice calls through it too. I know video calls are restricted to the non-Lite app, and I've never wanted / had a reason to make a voice call through Facebook before, so I wasn't thinking about that aspect of it.

Re:This assumes use of the Facebook app, right?

[alexandre.oberlin]

No it doesn’t. They stole my phone/sms metadata though I never used their app and have no contact uploaded.

Re:This assumes use of the Facebook app, right?

[WilliamGeorge]

Fascinating - may I ask how you know they accessed your data? It would be extremely helpful, and I didn't see it in the article (though I only skimmed it), if there was a way to find out if FB has this specific set of data on each of us. I am under the impression that you can request a dump of all the data they have on you, but pouring through that much information just to find out if they have phone call & SMS metadata seems like a lot of work :/

Re:This assumes use of the Facebook app, right?

[DarkOx]

The thing is facebook has the methods of subtly steering people into their apps that are very effective. One example and I have little doubt there are others, is "private" and I use the term loosely messages. You can't read them on the mobile site! You can't even read them in the mobile app you have install FBs other app messenger and give it the access it wants. Oh but you can see that you have a private message - or - maybe its not really a message maybe its a bogus friend request from one of what I suspect are likely FB's own or otherwise sanctioned bots.

Now you can use the full version of the site if you can get it on your mobile somehow; to do so you will need to fake the useragent; which most people can't do at least without rooting their device; which carries its own set of risks.

Facebook should be shut down

[WCMI92]

It is an evil company. Zuckerberg should be arrested.

But isn't that just the new normal?

[Thraxy]

If you care about any data that could be collected from your phone, you should probably consider not using a smartphone at all. It shouldn't be news to anyone at this point that all free apps collect and sell your data, to some degree. Also you should probably stay away from PCs and smart TVs.

It's never enough

[SuperKendall]

Face it: you have to leave Facebook. You cannot un-know things like this. There's no rules anymore, they do whatever they want

I would ask the people of Slashdot to face something else; the truth that most people do not care about privacy. At all.

Continuing news like this from Facebook just makes it ever more obvious.

You have to figure out how to live in the world, knowing this fundamental truth and the truth that follows - even if you leave Facebook, there will always be another Facebook like milking of your privacy, because it doesn't bother most people.

Re:It's never enough

[Aighearach]

You have to figure out how to live in the world, knowing this fundamental truth and the truth that follows - even if you leave Facebook, there will always be another Facebook like milking of your privacy, because it doesn't bother most people.

Horseshit. That's no fundamental truth.

You're saying: Some Foos are also Bars. If Bar ceases to exist, it will be replaced by a Baz that is similar. Foos who were also Bars will likely then become Bazes. Therefore, All Foos are Bars or Bazes.

But that is False. Bar being replaced by Baz does not change that while some Foos are Bars, others are not. And those others that are not Bars will often still not be Bazes even after Bar disappears.

This is not a difficult matter of logic. Learning "how to live in the world" is redundant; if you're still alive, you'll still be telling others how to live, but it does not imply anything about the "in the world" part. You're alive, and the world still exists. That is all that is proven.

Re:It's never enough

[argStyopa]

+1000. I think it comes down to a lack of living memory (in the west) of actual oppression. I can't speak for places like Argentina or Russia - are they more about privacy/anonymity because of their recent history? I don't really think so?
And in the US? "Oh noes, Trump's black helicopters!" is bullshit factionalism only; nobody's 'disappearing', there are no Konzentrazionslagers. Jjackbooted fascists are boogymen waved about for-purpose, like the guns fired by cowboys to get the cattle all to run efficiently, collectively, and conveniently to the ACTUAL slaughtering pens.

I'm going to go even further: (whispers) I don't even really give a shit about privacy.

Does that mean I lose my "tech elite" cred, if I had any? I don't care. I mean, sure, I'll take it when I can get it, but let's be totally honest: it would take someone actually competent (or with a nearly-trivial level of Law Enforcement access authority) to figure out who 'argStyopa' really is. It's like securing your house against intrusion: whatever you do is only going to dissuade the lazy, casual intruder. Professionals and/or the government are going to get in without even checking their fucking stride, and do whatever they want in there without my being able to do shit about it. (Oh, and even if I did object, against neither of them would I have a hope in hell prevailing by pursuing any LEGAL recourse, let's be clear about that, too.)

Let's even assert that /.'s db is utterly secure, hackproof, and stored on Uranus...it doesn't matter. Modern brute force data-analysis heuristics can (or soon will be able to) identify me by my posting habits, time of day, subjects, even syntax and linguistic patterns. I'd be traced back to my work IP address, and google's constant-phone-location thing would put me at a specific desk at the moment these words were being typed. I could tippytoe all I want, only use cash, a TOR browser from multihop public anonymized VPNs and what would I get for all this massive inconvenience? Nearly no protection at all from the agencies I should REALLY be afraid of.

So no, you can weep piteously over the "loss of privacy" but it's gone, mate.

(And, while this may just be a comforting rationalization, I don't believe privacy was really anything more than an ephemeral industrial-era invention anyway: in the pre-modern era, you were more of less tied to what you did, and what you said. Sure you could write under a pseudonym, or wear a mask, but those "privacy measures" were pretty feeble defenses...just like today.)

Re:It's never enough

[DarkOx]

Its also true leaving facebook does next to nil for your privacy (well okay stop using their vpn). The thing is all your friends are still on facebook. facebook is still slurping up their contact lists with you on it. They are still gobbling up pictures with you in them and their geo tags; if anyone has ever tagged you before they have your face and will recognize you anyway.

Unless you can literally get the majority of people you know to dump facebook too - they have and they will continue to be able to assemble a pretty darn complete picture of your life like it or not.

The real choice before you right now is this: Have a facebook account and put some stuff on their you want people to see/know about you or don't. if you choose don't realize that when someone searches you on facebook they will still find stuff but all of it will be sourced from places you don't control directly. Ditto with having stuff on the web. You put some stuff other there that will likely come up first when someone searches you in hopes they look at that and maybe stop looking or you leave the first results to be whatever they are. You might think whatever I have nothing to hide; sure but guess what the shell scrip you wrote 15 years ago while still in school is going to pop up and I am going to conclude you're a terrible programmer if I don't find anything else...

Re:It's never enough

[Kjella]

I would ask the people of Slashdot to face something else; the truth that most people do not care about privacy. At all.

The main problem I think is the discrepancy between what harm you could do and what harm is actually done. I've walked around with a radio buoy aka cell phone most of my adult life. I'm sure there's lots of potentially bad things you could do with that data, but have I actually seen the cell phone operator or the government abuse it? Not that I'm aware of. I've been paying for more and more things electronically with e-tail and just in general. I'm sure there's lots of potentially bad things you could do with that data, but have I actually seen the bank or the government abuse it? Not that I'm aware of. Maybe I'm just ignorant or they're so subtle nobody notices, but I got very little I can point to say and say this bad thing happened to me because they were spying on me.

Sure I could point to China or Gestapo or McCarthyism and say that bad things has happened to other people in other countries in other times and it would be terrible if anything like that happened to me, but to the vast majority of people the threat will seem very remote. So with a lot of very high probability, very low impact risk like Facebook will show me personally targeted ads and very low probability, very high impact risk like the next Hitler will round up the dissidents and send me to the death camps the aggregate risk is still very low. At least compared to all the "mundane" risks we live with every day, like if I get mugged on the street I hope they do track down the mugger even though that video surveillance can probably be used for lots of bad things too.

That would all be nice and well if this was totally fungible, give up your privacy when it's not being abused and take it back when it's getting abused. Except that's not how it works, the privacy that's eroded is not easily clawed back as the anonymous options disappear, the social norms change and your history rarely goes away. And we keep deluding ourselves to think it won't happen here, okay Snowden showed what the NSA is doing but they're not the Gestapo. Trump is no Putin, much less a Hitler. It's something people actually believe and it's something people want to believe and maybe even need to believe. Because if a really bad guy got access to all our electronic tracks we're utterly and totally fucked. Where the DDR had a file on everyone, China has an encyclopedia. The part they hook into your social credit score is just the tip of the iceberg.

Link for original paper

[RockDoctor]

The link to the actual government data is in this story.

Re: Link for original paper

[illiac_1962]

Don't spoil this with facts unless it keeps our little Facebook flame war going.

Re:MSMASH: you inbred Induchimp!

[Aighearach]

Naw, I don't think a sheet of glass can celebrate anything, and surely any alcohol will have evaporated.

Likely a few people at remote listening stations will have a few days or weeks to drink a last toast to Planet Earth. But if you have internet access and are allowed to post on slashdot, you're not gonna be one of those.

Shocked? Really?

[fustakrakich]

You mean to say that many people actually believe all that "privacy policy" bullshit? Rhetorical question...

Yum

[illiac_1962]

Making popcorn for this one.

Re:MSMASH: you inbred Induchimp!

[bluefoxlucid]

There's a begging-the-question fallacy in there: Facebook analyzed the risk, then took action. The "anyway" implies they found the risks beyond some threshold.

Question: was there a methodology for determining if the action was too risky?

Question: did they determine the action was too risky?

Question: was their determination based on an internal standard or on a common criteria?

He missed the one where the PM said there was a "PR" risk. Was that Privacy Risk or Public Relations? Is the summary trying to imply that the PM thought it was a Privacy Risk when the PM was talking about Public Relations?

Welcome to lying without stating untrue things. The questions above will either lead to facts which support the implications (truth) OR to facts which debase the implications (lies), but nothing that was stated was false.

Re: Who is surprised by tbis?

[illiac_1962]

You are so racist.

Re:Facebook

[techno-vampire]

Either that, or he may just be a shape-shifter, like a Zygon. Candidly, I wouldn't be the least bit surprised if he were.

Re:MSMASH: you inbred Induchimp!

[rogoshen1]

Foolish man; do you think someone who cared about privacy even an iota would be a facebook employee?

Re:Apple does it too

[Actually,+I+do+RTFA]

It's not great, sure. However, it is only used in the aggregate by the first-party provider (assuming you don't opt out). Google allows any app on your phone to get personal data on you. And your call/text logs seem even more sensitive than your GPS/SSID data.

Both are bad, but there are degrees of badness. Significant degrees.

Nobody's going to leave Facebook

[rsilvergun]

because that's how they connect with people. In particular adults have a very, very hard time meeting people. Especially in an age of declining church attendance. Facebook groups are a replacement for that. If you want folks off Facebook the only way would be a replacement for that feature.

Remakes

[SuperKendall]

This is not a difficult matter of logic.

Well it wasn't until you tried to describe it.

Re:Remakes

[Aighearach]

That's sad. That's just sad.

Suckerburged

[Rip!ey]

Suckerburged again!

It should become synonymous with willingly having the wool pulled over your eyes.

One word to describe Facebook: unhealthy

[iMadeGhostzilla]

People don't care about privacy but may care that facebook use is correlated with depression (links everywhere). Usually I don't log in for days or a week or two, and when I do come back I feel a mixture of expecting a hit and a mild wave of depression. The posts feel like they are made by people trapped in a cage. I usually don't stay more than a few minutes.

I've been recommending what I found worked for me: I used Social Book Post Manager browser add-on to undo everything I've ever posted or liked or commented on FB. Having no content of my own made me disinterested in posting anymore, and my "friends" list stayed so I can get in touch with people via DM. That's most of what FB is good for, as far as I'm concerned.

Re:dumbass millenials deserve social media

[Aighearach]

Yeah, probably. What planet did you say you were from???

Re:MSMASH: you inbred Induchimp!

[Aighearach]

The word "anyway" only tells you that the action has been questioned. It is your own judgmental nature that you've detected, not any external threshold.

It acknowledges that a decision included a trade-off, and that the actual decision made was not to stop the action involved in the trade-off.

You're making a lot of presumptions about whatever was or wasn't done to measure the risk, but the public information doesn't actually tell us about that. So it is a lie to imply that it is important, and somehow precludes honest acknowledgment of the facts. They considered the risk to be very high, and they still did the thing. That is "anyway" territory no matter which side of that decision you're on.

Re:MSMASH: you inbred Induchimp!

[bluefoxlucid]

The "anyway" implies there was a usually-contraindicating factor--that the outcome would have resulted in a situation not occurring--but the situation occurred anyway.

"He had a girlfriend, but he slept with the girl from the bar anyway."

It is a common English idiom, kind of like how "slept with" doesn't actually mean sleeping, even if that's what the words in the dictionary tell you.

Of course some people are super sheltered, and don't quite get what someone means when they say they "slept with" someone they met at the bar.