Facebook is Not The Internet’s Only Privacy Villain

Search Encrypt/ April 11, 2018/ News

Facebook is getting battered for recent news involving Cambridge Analytica’s use of Facebook user data. The company’s stock price (FB) fell around 11-percent as a result, in which the company lost more value than Tesla’s entire market cap! The privacy concerns that have existed on the fringes of the internet forever, finally made their way into mainstream news. Facebook isn’t the only tech giant that uses data in shady ways.

Facebook is constantly gathering data about its 2+ billion users. Google’s Android mobile OS has over 2 billion users by itself. So with all the products under the Google umbrella, Google is potentially gathering data about significantly more users than Facebook. Amazon Prime has 90 million members, and is certainly collecting user data about its large customer base.

Google Has A Lot More Data About You Than Facebook

TheAntiMedia.com reported that Google’s file on you is much bigger and more complete than the data profile Facebook stores. Dylan Curran, an Irish web developer downloaded the data files available from both Google and Facebook about him. The social media giant’s file about Curran was about 600Mb, or the size of about 400,000 Word documents. Google’s data profile about him was a whopping 5.5GB, the equivalent of 3 million Word documents.

While Facebook knows who my friends are, and my locations, and things I’m interested in, Google has many more “services” that I interact and share data with.

Google Knows:

  • Where you’ve been
  • Everything you’ve ever searched for
  • All the apps and extensions you use
  • All of your YouTube history
  • Who you send emails to

google-data-privacy

Google details its data collection here. But how can we know that Google is truly adhering to its policies if there is little to no transparency into what the company is doing? The truth is that we can’t, and that’s a problem.

Other Companies Collect Data Just like Facebook

The reaction to the Cambridge Analytica data-scandal has been major and widespread. However, other companies are collecting similar amounts and arguably more information than the Facebook information used by Cambridge Analytica. Because Google has more interaction points (Gmail, Google Drive, Google+, Google Analytics, etc.) with users than Facebook, it can gather more complete user data. Cirrus Insight estimates that Google holds “somewhere around 10-15 exabytes of data.” One exabyte equals 1 million terabytes, so in other words Google stores around 15 million terabytes of information.

Beyond the collection of that data, there is a huge market for reselling that information. Companies use this data for traditional marketing to identity verification and fraud prevention.

Data Brokers Offer Little Transparency

The companies that gather your data disclose that they are doing so in their “privacy policies” and terms of use. However, where that data goes after it’s collected is unclear. Paul Boutin explains in Newsweek that data brokerage is a very secretive industry. Boutin detailed the difficulty of even getting interviews with company officials in the industry, calling them “notoriously secretive”.

“Data brokers are serving a growing clientele eager to know a person’s ethnicity, spending habits, sexual orientation, and specific illnesses such as HIV, diabetes, depression or substance abuse. This information may be found directly in data broker records, or, increasingly, it may be predicted from other data.”

One concern that comes out of this is if this type of data use is ethical. The predictions inferred from this data are just that, predictions. A potential employer may flag a job applicant as a “possible drug addict” and as a result hire another candidate. This seems like a good thing, however what if you are incorrectly flagged and lose out on a job, or are refused medical treatment because the data predicts that you won’t pay.

Companies Besides Facebook Just Haven’t Made Headlines

Recent news about Facebook may be enough to make a portion of Facebook users go away. The Guardian even published this article, Facebook: Is It Time We All Deleted Our Accounts?. Facebook is the scapegoat for this round of privacy concerns, but deleting your Facebook account won’t protect your data from other internet companies. The internet has a data privacy problem, not just Facebook. Our data is being gathered by any company that wants it. All it takes is one data breach for our information to be public, even if we don’t want it to be.

Stories will continue to come up as more and more users realize the extent to which their data is collected and processed. Recently Panera Bread messed up big time with its customers’ data. It was aware of a flaw in its system which allowed for a data leak, but failed to fix the issue for eight months.

How Companies Should Avoid Data Security Disasters

Fortune lists these steps for companies to minimize risk and damages associated with data breaches.

  • Post a contact page for bug reports – Make it easy for security researchers to report issues they find with your company’s website/product. After all, these people are helping you avoid bigger issues down the road. This page should be seperate from the standard customer service line, and reports should be reviewed by qualified security experts. Google has a great example of this and offers rewards (up to $31,337) for reported bugs.
  • Don’t shoot the messenger – In Panera’s case, employees at the company responded defensively, a clear disincentive to report bugs to the company in the future. We’ve discussed many times the negative impacts data breaches and hacks have on businesses, if someone is able to stop one of these before it becomes a bigger deal…that’s beneficial to the business.
  • Promptly respond to tipsters – If someone feels like their tip to your business hasn’t been recognized, they may choose to publicize their finding elsewhere. This security researcher did just that when Panera Bread failed to properly respond to his tip.
  • Fix the issue quickly & completely – Not fixing the issue makes your company appear like it doesn’t care about user security. Similar to taking too long to respond, if the issue isn’t fixed the person reporting it may again take their message elsewhere to pressure your business to change. Also, implementing an incomplete or ineffective fix is another issue. Panera claimed their issue had been fixed, when in fact it was still broken.

If users outside your organization are able to discover vulnerabilities in your systems, listen to them. If more companies take users and their privacy seriously, their businesses and their customers will be better off. An internet that decentralizes data, and stops making our data the product, will provide better user experiences.

Read More: Complete Beginner’s Guide to Internet Privacy & Safety