I'm Salim Virani. My background is in peer learning and supporting creators. I'm a techie and like to make things that enable people.
2017 update: A lot of these concerns I had have proven true. Facebook has been consistent with its pattern of contempt for its users. I’ve updated this with a few more points and links.
“Oh yeah, I’ve been meaning to ask you why you’re getting off Facebook,” is the guilty and reluctant question I’m hearing a lot these days. Like we kinda know Facebook is bad, but don’t really want to know.
I’ve been a big Facebook supporter - one of the first users in my social group who championed what a great way it was to stay in touch, way back in 2006. I got my mum and brothers on it, and around 20 other people. I’ve even taught Facebook marketing in one of the UK’s biggest tech education projects, Digital Business Academy. I’m a techie and a marketer – so I can see the implications – and until now, they hadn’t worried me. I’ve been pretty dismissive towards people who hesitate with privacy concerns.
With this latest privacy change on January 30th, 2015 I’m scared.
Facebook has always been slightly worse than all the other tech companies with dodgy privacy records, but now, it’s in its own league. Getting off isn’t just necessary to protect yourself, it’s necessary to protect your friends and family too. This could be the point of no return – but it’s not too late to take back control.
Facebook doesn’t keep any of your data safe or anonymous, no matter how much you lock down your privacy settings. Those are all a decoy. There are very serious privacy breaches, like selling your product endorsement to advertisers and politicians, tracking everything you read on the internet, or using data from your friends to learn private things about you - none of these privacy breaches have an off switch. Worse yet, Facebook does these things without ever letting you know, or revealing the damage to you if you ask.
I dug in. I discovered all the spying Facebook does – which I double-checked with articles from big reputable news sources and academic studies that were heavily scrutinised. (Links are all in the Source section at the bottom of this post.)
It sounds nuts when you put it all together!
A lot of people aren’t worried about this, feeling they have nothing to hide. Why would they care about little old me? Why should I worry about this when I’m not doing anything wrong?
The now famous story of the pregnant teenager being outed by the store Target, after it mined her purchase data – larger handbags, headache pills, tissues – and sent her a “congratulations” message as marketing, which her unknowing father got instead. Oops!
The same is done about you, and revealed to any company without your control. And this extrapolates into different ways your data can reveal something about you to people you don’t want to know about it.
One of the more obvious problems here is with insurance companies. The data they have on you is mined to predict your future. Would you like to be denied health insurance because an algorithm incorrectly predicted you were starting to see a heart specialist?
What about your employer or prospective employer knowing that you might be pregnant?
Would you like your boss to know when you’re not really home sick, or when you’re looking for another job?
Would you like others to know if you’re having trouble paying your mortgage? If you’re selling your house, buyers will know they have the upper hand.
Don’t confuse privacy with secrecy. I know what you do in the bathroom, but you still close the door. That’s because you want privacy, not secrecy. (From I have nothing to hide. Why should I care about my privacy?
While most of us feel we have nothing to hide, we all come across situations where we need certain things to be secret, at least for a while. But we’re giving that up – and for what?
You give us permission to use your name, profile picture, content and information in connection with commercial, sponsored or related content (such as a brand you like), served or enhanced by us.
By “information” we mean facts and other information about you, including actions taken by users and non-users who interact with Facebook.
So this includes everything they’re collecting about you but not telling you. Everything you read online, everything someone ever posts about you, all your private financial transactions.
And, your data starts to get combined with your friends data to make these models more accurate. It’s not just about you and your data but what gets done with all of it put together.
Even if the issue here isn’t what we have to hide, it’s maintaining an important right to our freedom – which is the right to privacy.
Article 12 of UN Universal Declaration of Human Rights states:
“No one must be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation.”
We have the right to have a say in how information about us is used. But by using Facebook, we’re voluntarily giving it up, not just for us but for our friends and family!
If you’ve ever admitted to something illegal in a private Facebook message, or even mentioned your support for a political cause, this can be used against you in the future, especially by another country’s government. You may find yourself arrested for being at the wrong place at the wrong time, or just pulled aside at the airport one day, now facing jail time because you revealed you did something that government considers illegal 5 years ago. One New York comedian had a SWAT team break into his house based on a joke post. Law enforcement often acts in error, and you’re giving them more power and more chance of error. You’re loading the gun, pointing it at your head, and handing it to every trigger-happy “enforcer” who’s willing to buy your data.
There’s no need to talk hypothetically about government surveillance here. One of the first Facebook investors called Greylock has board connections to a CIA investment firm called In-Q-Tel. According to their website, it “identifies cutting-edge technologies to help the Central Intelligence Agency and the broader US Intelligence Community to further their missions”. And if you haven’t heard - it was revealed that Facebook data is delivered directly to the PRISM programme.
And as I’ll explain later, most of this information finds its way into the public anyway. No need for NSA programmes because of marketing data companies who de-anonymise all your data to sell it again and again. This is done systematically and automatically. There’s an industry around this. There are marketplaces to buy and sell consumer data, originally started around credit agencies and direct mail companies, then growing with the browser toolbar industry when Internet Explorer was big - now they’re filled with more information than ever before. A recent example is RapLeaf which collected and released personally identifiable information, including Facebook and MySpace IDs. They stopped after serious controversy, but not only was the damage done, there were other companies who escaped the bad PR and kept up the same practice. It’s not about how marketers target ads to you, it’s that your data is bought and sold to try.
Where might you travel in the future? Do you trust their law enforcement with this information about you? Because they’re buying it.
The thing is that you don’t need a conspiracy theory to be concerned. Mark Zuckerburg himself has been public and consistent to his investors about his intentions:
That’s why they made Messenger and bought WhatsApp, but don’t forget that they’ve tried worse. When they made Facebook email, they took advantage of users who were syncing their Facebook contacts. They made it so everyone’s @facebook.com address would be the default. Why? So that your friends would email you at your @facebook.com address instead of your normal email address, and they’d be able to read your emails too.
That’s why they slowly changed the default privacy settings to public, made privacy settings harder and harder to use, and now are pretending that their privacy helper will change this.
In reality, there a loads of privacy breaches you can’t turn off, like allowing advertisers to use your endorsement to your friends, turning off how Facebook tracks what you read on the internet, or disallowing Facebook from collecting other information about you. You can’t turn them off!
Even if you have nothing to hide, you have to worry about the opposite, what Facebook chooses to hide that you want to be shared. They filter you.
“I’ve been meaning to ask you why you’re getting off” usually comes after something like, “didn’t you see my post last week?”
If you’ve ever had that conversation, you’ve noticed that there’s a big disconnect between your expectations when you communicate on Facebook and what really happens. Basically, Facebook filters out your posts based on whether or not people will use Facebook more if they don’t see it.
It feels like Facebook is the only way to stay in touch. Through pictures and comments. It feels like everyone’s on there and you’re getting a good feed on their life.
In reality, lots of your posts are never seen by anyone! And you miss out on their stuff too. Even if your friends’ stuff gets to you fine, it doesn’t mean your stuff gets to them.
Private messages suck too. How many Facebook messages do you send with no reply? How many Facebook messages do you think you forget to get back to, or miss altogether? Is that how you want to treat your friends?
Facebook a really unreliable way to stay in touch.
In the last month, I simply stopped using Facebook. Something amazing happened. People phoned me, and we really caught up. My family was more in touch. My brother emailed me with updates. Friends popped into my place to say hi.
It was, like, social.
Facebook’s blocks posts based on political content it doesn’t like. They blocked posts about Fergusson and other political protests. When Zuckerberg allegedly went a bit nuts and banned the word “privacy” from meetings at Facebook, it was also blocked from any Facebook post. You just got an error message about “inappropriate content”. Yeah, uh huh. Inappropriate for who?
We shouldn’t be surprised though. Facebook isn’t a neutral platform - we need be aware of the agendas of the people behind it. Zuckerberg’s been public about his intentions. So has the first board member of Facebook - the politically conservative Peter Thiel. In his younger years, he wrote a book challenging multi-culturalism at Stanford, and now promotes a theory called Memetic Desire which, among other positive things, can also use people’s social groups to manipulate their wants and intentions. (I’m a fan of Thiel when it comes to startups - but we often forget that everyone else out there doesn’t know this stuff.)
Facebook goes so far as to let political organisations block your communication. It just takes a few people to mark the same news article as offensive, and it drops from everyone’s feed. This is often abused. I can block any article from Facebook by getting a few friends to mark it as offensive. Cheap and easy censorship.
2017 update: We’ve seen how this affected the US election. People’s news feeds often had opposing political views filtered, and yet fake news spread easily because those fake headlines reinforce our beliefs and we’re happy to share them.
All this points to the fact that it’s bad to rely on Facebook to communicate with people who are important to you. Your Facebook habit means other people have to rely on Facebook.
It’s a vicious cycle.
It actually hurts your relationships with a lot of people because you think you’re in touch with them, but you’re not. At best, you’re in touch with a filtered version of your friends. Those relationships fade, while your relationships with people who make “Facebook-friendly” posts take their place.
Not only does Facebook want to read all your communication, it wants to control it too.
Even if you’re sort of okay with this for you, by using Facebook, you’re forcing your friends and family to accept the same. Even the ones who aren’t on Facebook or go as far as to use fake names.
If you’ve ever used Facebook contact sync, or used Facebook on your mobile phone, Facebook took your complete contact list. Real names, phone numbers, addresses, emails, everything. They then use that to create “shadow profiles” of the people you know who aren’t on Facebook. Non Facebook users often see this in action, in the form of emails to them from Facebook, containing their personal information. Facebook users can see this when they upload a picture of a non-Facebook user, and they’re automatically tagged. My friend’s not on Facebook, but since me and a few friends used Facebook on our phones, Facebook has his name and contact information, plus knows who his friends are because it sees him in their address book and calling records. A couple of pictures uploaded with his face, and presto - they can identify him in pictures – adding location data from the pictures to his shadow profile. Lots of Facebook’s other techniques work on shadow profiles too. On top of all this, they can very accurately infer a lot about him based on statistical similarities to his friends.
So basically, we’ve all inadvertently been ratting on our friends who wanted to remain private. Facebook tricked us.
But Facebook’s tricks go further.
Like shadow profiles of people, Facebook can “infer a like” based on other information it has about you, like what you read all over the internet or what you do in apps where you log in with Facebook, or what’s on your credit card bill (more on that later.). Call it a “shadow like.” This allows them to sell you to more advertisers.
It’s already well-documented that Facebook collects this information. The “shadow like” technique is simply the standard use of statistical techniques in database marketing. If you read a lot about a topic, you probably like it. That sort of thing. These techniques have used in marketing since the 80s, and you can hire university statistics students to do them, though of course, Facebook hires the best in the field and are looking to pioneer state-of-the-art artificial intelligence for this. In Europe, Facebook is legally obliged to share exactly what information it has about you - but they refuse. So there’s yet another class action lawsuit against them.
Through its labyrinth of re-definitions of words like “information”, “content” and “data”, you’re allowing Facebook to collect all kinds of information about you and expose that to advertisers. With your permission only they say, but the definition of “permission” includes using apps and who knows what else.
And you thought those Farmville requests were annoying. Every time you saw one, that friend was revealing your information to “third parties.” See how this works? You tell Facebook this is for “friends only” but your friend can reveal it to a third-party. And most apps that they use are third-parties.
So effectively, all that stuff you marked as “friends only” doesn’t matter so much. By being on Facebook, there’s way more information about you that’s collected, combined, shared, and used.
They say they “anonymise” this, but in reality, it’s a simple step to de-anonymise it. A lot of the anonymous data, like what and when you posted, pictures of you, your location at a given time, is enough for a huge number of companies to tie that anonymous data back to you – and sell it on. (That’s why it doesn’t matter if you use a fake name on Facebook, your data is like a fingerprint and will match back to your real name.)
On top of this, they allow all the Facebook apps full access to your information - with your name and everything. And even if you never use any apps on Facebook, your friends do. When they use apps, your friends share all your information for you. There’s a whole industry behind this.
Some things DO have off buttons, but keep in mind they are temporary, and as Facebook has done in the past, it will switch them back on without letting you know. When Facebook started (and probably when you joined) it was clearly a safe place to share with your friends only. That was their big promise. Over time, they switched the default privacy setting to public so that if you still wanted to keep Facebook for friends only, you had to manually find over 100 settings on multiple hidden settings pages. Then, they started dropping those settings and forced information to be public anyway.
Why are you still punching yourself? :)
You might have noticed Facebook ads with your friends’ endorsement under it. Basically, Facebook gives advertisers the right to use you as an endorser, but you have no control over it. It’s not limited to when you’ve actually clicked a like button. There have been known cases of vegetarians endorsing McDonalds, a long- and happily-married woman endorsing dating sites, and even a young boy endorsing a sex club to his own mother!
Those cases were so embarrassing that the person found out. People called them up. But in most cases, these are endorsements that don’t get discovered – people assume them to be true. That’s even scarier because Facebook is used heavily for political advertising, and product endorsements. People know I raised money for kids with cancer before, so they might not be surprised if they see an ad where I’m endorsing a Christian outreach programme poor kids in Africa. But I categorically only support programmes that don’t have religious allegiances, since they’re known to bias their support to people who convert. Worse, a lot of people might assume things about my religious beliefs based on these false endorsements. Don’t even get me started on all the hypey startup stuff I don’t condone!
We can have no idea if our endorsement has been used to sell flakey crap in our name. I don’t want to think about my mom wasting her money on something she thought I was endorsing, or my startup founder clients seeing adverts for useless products with my face under them.
Using Facebook means this happens all the time. Advertisers can buy your endorsement on Facebook and your information from third-party data brokers. You never get to know about it, and you can’t turn it off.
Finally, I want to explain how this latest privacy change makes things way worse, and way more out of your control if you stay on Facebook.
Facebook is demanding to track what you buy, and your financial information like bank account and credit card numbers. You’ve already agreed to it in the new Terms Of Service. It’s already started sharing data with Mastercard. They’ll use the fact that you stayed on Facebook as “permission” to make deals with all kinds of banks and financial institutions to get your data from them. They’ll call it anonymous, but like they trick your friends to reveal your data to the third-parties with apps, they’ll create loopholes here too.
Facebook is also insisting to track your location via your phone’s GPS, everywhere and all the time. It’ll know exactly who you spend your time with. They’ll know your habits, they’ll know when you call in sick at work, but are really out bowling. “Sal likes 2pm Bowling at Secret Lanes.” They’ll know if you join an addict support group, or go to a psychiatrist, or a psychic, or a mistress. They’ll know how many times you’ve been to the doctor or hospital, and be able to share that with prospective insurers or employers. They’ll know when you’re secretly job hunting, and will sell your endorsement for job sites to your friends and colleagues – you’ll be revealed.
They’ll know everything that can be revealed by your location, and they’ll use it however they want to make a buck.
And – it’ll all be done retrospectively. If you stay on Facebook past January 30th, there’s nothing stopping all of your past location and financial data to get used. They’ll get your past location data from when your friends checked-in with you, and the GPS data stored in photos of you. They’ll pull your old financial records - that embarrassing medicine you bought with your credit card 5 years ago will be added to your profile to be used as Facebook chooses. It will be sold again and again, and likely used against you. It will be shared with governments and be freely available from loads of “third-party” companies who do nothing but sell personal data, and irreversibly eliminate your privacy.
Location and financial data are not just really sensitive, they allow the “third-parties” de-anonymise information about you. This massively empowers these third-parties to collect all available information about you, including calculated information that you never revealed. This is a situation where even Facebook itself will have trouble maintaining the privacy of its data – not that they care.
This is unprecedented, and just like you’d never have guessed that Facebook would sell your endorsements when you signed up in 2009, it’s too hard to predict what Facebook and those third-party data sellers will do with this new power.
This is simply a consequence of their business model. Facebook sells you out, because that’s exactly how they make money. And they’re under heavy pressure from their investors to make more.
What can you do about this? Facebook gives you two options: accept all of this, or get off the Facebook bus.
To be honest, this bus is getting loud, annoying and bit smelly, isn’t it? And the ticket is way too expensive in the first place. You know, I’m not even sure it’s heading in the right direction…
According to the FTC settlement from a few years ago, after Facebook was sued by the US government for its privacy practices, Facebook is “required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;”
There are different interpretations of this. Some say you need to delete each post separately, others say delete your account, and some say they’ll still keep your data anyway – that all you can do is stop giving them more data. Then, there are the data brokers Facebook works with, that now have our data.
So deleting your Facebook account (not deactivating) is necessary to stop this, and then there are a few other steps to try to undo the damage:
Use Facebook’s download my archive tool
Grab your photos. I used this Android app since the Facebook tool doesn’t give you all your pictures or in full resolution. ( I also downloaded my friends list page - just by scrolling to the bottom to load everyone, and hitting File -> Save. Honestly, so far I haven’t needed the file yet. Turns out, I don’t need a computer to tell me who my friends are. )
If you want to be extra careful delete your Facebook posts individually with this script. This is necessary under some interpretations of what Facebook is entitled to keep.
Facebook will still try to track you with a “shadow profile”, but this can be blocked.
If you’re not using Firefox, the EFF have a browser plugin called Privacy Badger. (And while you’re at it, the EFF made this great plugin that automatically chooses the most secure web connection, making it more difficult for internet companies and others to snoop your web activity.)
Then there’s the data that’s been leaked to data brokers. You can request that they remove it.
2017 update: At first, I thought I’d try Facebook alternatives. I felt a sense of needing to replace Facebook with something similar, like Diaspora but email and phone have actually been much better! After a month off Facebook, I didn’t feel the need for a direct replacement. The phone call was enough- go figure. Everyone already has one, and we forget how super easy and convenient they are to use. I see fewer pictures, but I actually talk to people. More recently, we all got on a big chat room. I currently recommend Signal for this. You can encrypted call, chat and share pictures, and very little is stored on their servers. It’s actually better than Facebook since it’s more immediate and personal. (But since it’s a private company, there’s no reason to trust it in the long term. It can be bought and fall to the same pressures.)
Telegram is also a private company, and doesn’t encyrypt messages by default. But there are tons of people on it, so you’re likely to find enough friends there to start.
In the long run, my big hope is on Tox but it’s early days. When that’s ready for prime time, it’ll be the first messenging platform that’s fully encrypted and peer-to-peer, so no company will be able to mess with it.
I’m thinking of a little free-software phone app that just allows me to snap a pic or make a little comment, and share it with a fixed list of people over email: just close friends and family. All the convenience of Facebook sharing, to my closest friends, without the privacy cost. What do you think? Something you’d be up for? If you’d like that app, sign up for updates on the project. If you’d like to help, hit me up :)
If you have any other ideas or advice, please get in touch. This is what I see as a responsible step to prevent myself, my family and my friends from having their freedom taken from them, and their personal relationships made to suffer.
Remember, this isn’t just about the technical stuff. By staying on Facebook, you’re granting them permission to collect and use information about you, regardless of you even using the Internet. And by staying on, the data they collect on you gets used to create models about your closest friends and family, even the ones who opted out.
Lastly, the world is full of people who say “it’ll never happen”, and when it does, they switch to “there’s nothing we can do.” There is. The Internet was decentralised for 50 years, and is full of options, by design, that allow us to maintain privacy. We have a say in the world we want to live in – if we take action ourselves. Plus, we can help everyone understand, and help them make their own choices more informed.
This post has been read by 1,000,000 people now. It’s a positive sign that we can inform and educate ourselves!
Please share this with people who are important to you. But to be honest, even though this post is really popular, it’s clear a lot of people are assuming what’s in it. Sharing a link isn’t as good as talking to someone.
If you got this far and want to share it with someone close, I suggest you do what I did – pick up the phone.
A note on the quality of these sources: I tried to find references from major news outlets, with a range of political biases. These articles are less technically aware, but we can expect they’re more rigorous than blogs at checking their sources. For the more technical stuff, sources like The Register are known to be more credible, and Techcrunch is notoriously unreliable at fact-checking. I’ve included some of their articles though, because they’re good at explaining things.
Facebook likes reveal sensitive personal information
New Facebook Policies Sell Your Face And Whatever It Infers
You are what you Facebook Like
Criticism of Facebook - Wikipedia, the free encyclopedia
Forcing users onto Messenger
Europe vs Facebook
Facebook info sharing created Zoosk.com dating profile for married woman
@facebook.com e-mail plague chokes phone address books
Facebook Knows Your Friends—Even if They’re Not on Facebook - IEEE Spectrum
Facebook Now Wants To ‘Spy’ On Android Phone Users!
Facebook adds naggy “ask” button to profile pages
Facebook users unwittingly revealing intimate secrets, study finds
Facebook’s Generation Y nightmare
Facebook Knows Your Friends—Even if They’re Not on Facebook - IEEE Spectrum
Facebook’s New Privacy Rules Clear the Way for Payments Push and Location-Based Ads
Stalking on Facebook Is Easier Than You Think - IEEE Spectrum
Millions Will Flow to Privacy Groups Supporting Weak Facebook Settlement | WIRED
Facebook Is Recycling Your Likes To Promote Stories You’ve Never Seen To All Your Friends
Is Facebook damaging your reputation with sneaky political posts? | ZDNet
Even Google won’t be around for ever, let alone Facebook
Facebook reforms user settings
Facebook Privacy: A Bewildering Tangle of Options - Graphic - NYTimes.com
Facebook is not your friend
Facebook violates German law, Hamburg data protection official says | Sci-Tech | DW.DE | 02.08.2011
The World from Berlin: ‘Every User Can Decide Alone What Facebook Knows’ - SPIEGEL ONLINE
Q&A: Facebook privacy changes
Famous Facebook Flip-Flops
No Death, No Taxes - The New Yorker
Facebook censors political satire after complaint from JobCentre Plus
TED: The curly fry conundrum: Why social media “likes” say more than you might think
With friends like these … Tom Hodgkinson on the politics of the people behind Facebook
Facebook Must Face Lawsuit Over Scanning of Users’ Messages, Judge Says
How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did
War on General Purpose Computers is the difference between utopia and dystopia
Don’t Worry About Selling Your Privacy To Facebook. I Already Sold It For You | Just Well Mixed
Facebook’s Hidden “Like” Isn’t Just Good For Mobile Developers, It’s Good For Facebook
Mastercard to access Facebook data
Three transactions can reveal your identity
Look who’s lurking around your Facebook page: Your insurance company!
NSA Prism program taps in to user data of Apple, Google and others
Everything We Know About What Data Brokers Know About You
How to Stalk Someone’s Location on Facebook Messenger
What your online friends reveal about where you are
Turn on Tracking Protection in Firefox to Make Pages Load 44% Faster
I’ve recently become a Kernel Fellow and am exploring new models for collaboration.