Facebook users around the world are being warned that the tech giant is still using clandestine means to harvest users’ private and sensitive data secretly for the company’s selfish ends without anyone realizing it.
In an extensive write up on the subject, Forbes expert writer, Zak Doffman warned that the extent of Facebook’s user privacy breach is such that the only way out for users is for them to complete delete the Facebook app from their phones.
According to him, even when the known tracking tools on the Facebook app are deactivate, the tech giant resorts to other tools like metadata from photos and IP addresses, adding that security experts have even warned that Facebook goes even further and uses accelerometer on phones (iPhone in particular) to track users’ movements and behavior.
Similar breaches among other things, have badly damaged the reputation of Facebook to the point that the tech giant is in the process to change its name later this month. But multi-billionaire Founder and CEO, Mark Zuckerberg seem obsessed with cashing in on users’ privacy more than protecting them from abuse.
Not long ago, some Facebook staff were found culpable of using their privilege of having access to users’ data to trace some users to their homes and offices and make personal contact with them. These included some male staff tracing female users to their homes to ask for dates.
While Facebook is facing all kinds of probes and legal actions across the world regarding practices like these, one would have thought they would be moving away from that. But Doffman notes that whereas Facebook admits to this harvesting, they have refused to see why that is so wrong when users specifically disable location tracking.
Below is the full article for Zak Doffman, first published by Forbes.
WHY YOU SHOULD DELETE YOU FACEBOOK APP
A stark new warning for almost all iPhone users, as Facebook is suddenly caught “secretly” harvesting sensitive data without anyone realizing. And worse, there’s no way to stop this especially invasive tracking other than by deleting the app.
A week ago, I warned iPhone users that Facebook still captures location data using the metadata from your photos and your IP address, even if you update your settings “never” to track your location. Facebook admits to this harvesting, refusing to be drawn on why that’s so wrong when users specifically disable location tracking.
Now security researchers have suddenly warned that Facebook goes even further, using the accelerometer on your iPhone to track a constant stream of your movements, which can easily be used to monitor your activities or behaviors at times of day, in particular places, or when interacting with its apps and services. Alarmingly, this data can even match you with people near you—whether you know them or not.
Researchers Talal Haj Bakry and Tommy Mysk warn that “Facebook reads accelerometer data all the time. If you don’t allow Facebook access to your location, the app can still infer your exact location only by grouping you with users matching the same vibration pattern that your phone accelerometer records.”
If you think this is spurious, Facebook actually has a patent application to use wireless phone signals to connect strangers, and even cites the example of just such a bus ride, “it can be advantageous to provide an approach for users, who have met or have likely met, to connect with one another if they so choose.” Remember, none of this information exists in isolation, Facebook’s trillion-dollar magic is joining the data dots. Put more simply, you know all those mysterious new friend connection ideas…
“We tested several apps,” Mysk explains, “and Facebook and Instagram stood out. While Facebook reads the accelerometer all the time, Instagram only reads it when the user is texting in the DM. In addition, WhatsApp also reads the accelerometer by default to animate chat wallpapers. So, this puts these three apps together, and you wonder if they are matching vibration patterns among users. This can get nasty, and the way to end it is by protecting this valuable sensor with a permission.”
You need to remember that Facebook is a trillion-dollar empire built on data, and only data—with Facebook, it’s not so much a metaverse as a dataverse. If the company can use this data, combined with everything else it holds on you and those around you, then it will. Why would it suddenly decide to exercise restraint?
Just look at the staggering privacy labels behind Facebook’s iPhone app—while much of the data Facebook gathers comes from its platform and services, the data it can pull from the app simply adds more third-party information into its mix. All this is linked to your identity, nothing is wasted or thrown away.
As ESET’s Jake Moore warns, “this is, in clear terms, another violation which seems to have gone under the radar when scooping up yet more personal data from iPhones. Many people may not even think twice what sensors an iPhone has, let alone fully understand what this information can offer companies.”
This is another app permission issue. If you use the Facebook app on your iPhone, then you essentially give Facebook permission to access data and information on and about your phone. And while you can restrict some of this, there is other data—just as here with the accelerometer—that you will not know about.
Mysk and Haj Bakry have form for just such privacy exposures. They discovered the iOS clipboard issue that ultimately prompted Apple to change its settings and provide a clipboard warning, which has now led to Android 12 doing the same.
Just as then, Apple needs to act here. The accelerometer should not be a free-for-all, not when data giants such as Facebook can use this as yet another data point to feed into their algorithms, plotting social graphs and tracking locations and behaviors.
“All data which is personal and unique should be viewed as sensitive and must be protected,” Moore says. “This permission needs to be restricted along with other obtrusive data tracking especially if users were previously unaware this information was being analyzed.” And it’s that lack of awareness that is most critical here.
Apple has done a great job this year, preventing data abuses from the likes of Facebook and Google. App Tracking Transparency has already inflicted a drastic impact on data-fueled revenues. In iOS 15, we have seen new privacy innovations around mail tracking, web anonymity and privacy reports. Now we have another simple update that Apple needs to develop, to clamp down on this clear-cut data abuse.
