By Dr. Ulrich Lang, CEO
The press is full of coverage of Facebook’s privacy breaches. The sad part of the story is that many security and privacy professionals (including myself) have been working for years to create awareness and educate about the issues that are (if you would believe the press coverage) just coming to light now. There is nothing new, and the press coverage should be quite different. We knew it all along, but nobody wanted to take on the corporates that drive Silicon Valley’s “free” internet services economy.
Cambridge Analytica’s election meddling has been known since the election. It’s been known for years that Facebook will not actually delete data that you delete from their servers. It’s been known that you are the product and not the customer – the business model is to sell your data to as many advertisers and anyone else who wants it as possible. Let’s be clear – Facebook, Google etc. are mostly advertisement firms. It’s also been known for years that U.S. privacy and data protection laws are lacking, and not because ensuring privacy and consent is hard (it is). The European Commission has successfully taken the lead for years on such regulation, culminating in the current General Data Protection Regulations (GDPR), and – as opposed to the U.S. government – has not shied away from regulating big Internet companies. In fact it may do just that with Facebook (source).
Bringing it down from the big picture to the individual, what does it mean for you and what should you do?
- Educate yourself so you can navigate this mine field: Tracking you is key to them. Whatever you do in their apps and web pages is tracked. Your browser stores cookies which advertisers (such as Facebook) can use to track you – even if you don’t use their applications right now. They even started “fingerprinting” your browser and machine so even without cookie they get a good idea about who you are etc. You have probably seen the effects of this by seeing ads appear somewhere that relate to something you’ve done somewhere else before. This illustrates that every step is connected. Google Analytics etc. will track you on every page you go to. So … assume whatever you do is being tracked. If you use Messenger/Gmail etc., that stuff is also tracked. Recent significant advances in artificial intelligence (AI) allow tech companies to “make sense” of very large amounts of data – so you cannot assume at all that you can “hide in the masses”. Add on top that location, shopping patterns etc. are all tracked, and you can see that you are providing A LOT OF information.
- Don’t assume you have nothing to hide: You don’t know what you don’t know, and nobody knows how AI gets to its results. It just flags you for certain things, similar to how your credit score is mined from data in ways that are not comprehensive to humans anymore. Also you don’t know what the future will bring – what information footprint you provide today can be used for whatever purposes tomorrow. The EU actually regulates this “further processing” but is pretty unspecific about it (for example, further processing should be “unsurprising” to the data subject, i.e. you). So…just because you cannot see today how what you post and upload can be used in ways you don’t agree with doesn’t mean it won’t happen in the future.
- Don’t assume you can backpaddle later: If it’s out there, it won’t go away. This information is the business of the “free” internet services firms, and they won’t give it back. You agreed to give it to them. So again, think long-term.
- What’s the point? Think before you share. Is that photo useful? Or are you just sharing because you are bored, or want to see how people react etc.
- Redact & minimize: Post about your great dinner without the location. In fact disable location services for most apps on your phone. Crop photos so people still get it but sensitive stuff is removed. Write posts in ways that your friends understand but that are implicit (“great dinner at my usual spot” instead of “ate dish x at restaurant x at x pm” (accidentally having the receipt in the photo with the last 4 of your credit card)…you get the idea.
- Think about your kids: If you’re grown up (? 🙂 like me, you’ve grown up before the consumer internet and cell phones. There is no footprint of you prior to say 1995 or even much later. Today’s kids are being showcased on social media by their proud parents all the time. Baby photos, baby did this, baby did that, kid passed exam x, etc. etc. You are leaving a digital trail from birth for your kids. Don’t do it. They may live until they are 90 or 100 years old, and someone will have access to their entire history online. The potential impact is huge, much larger than for you and me who came into this as more or less adults. So…do your small kids a favor and protect them – crop images, show babies from the back, don’t post stuff that could be useful later for someone to derive information. If you have teenagers, educate them about this.
- Download your Facebook data: To ensure you understand what’s going on just with a single data collector (Facebook), download your data (or at least the part of the data they are willing to give you. You can find information here https://www.facebook.com/help/405183566203254 and here https://www.facebook.com/help/1700142396915814?helpref=related&refid=69 – this will give you a picture of some of the information they have, and which advertisers have it (at least as far as Facebook knows).
- Delete your footprint: This won’t help you with what Facebook knows about you, but it will help protect you against some third parties, identity theft, negative impact of your social network “life” during interviewing etc. For example, use the Chrome browser add-on Social Book Post Manager to delete your Facebook wall regularly. And maybe buy the developer a coffee 😉 And maybe don’t use Chrome otherwise because Google will track your every move there 😉 I mostly use Firefox.
- If you want to unplug, plan and do it right: Deleting your account and creating a new one should disassociate your new accounts’ activity from the old one. This is a good idea, but logistically difficult. You need to go through your friends list and select the ones you want to add to the new account. Then contact them to let them know there will be a new “you” sending them a friend request. Then delete the old account, add all the remaining friends, and move on…not so easy unless you are in process of purging “friends” anyway…also, if you unplug completely or drop too many friends, you may realize that you are more dependent on social networks than you may think (apart from the boredom clicking/scrolling/swiping part). You may have used social network to identify individuals for social activities, or to stay in the loop what like-minded people were up to. It takes a lot of effort to keep in touch with a wider pool of people outside social networks. This article gives a good overview about the challenges of Facebook-quitting and internet-quitting. I know people who’ve done it though (esp. migrating to a new account).
Lots of food for thought – please contact us if you have any comments or suggestions.