You are using an outdated browser.
Please upgrade your browser
and improve your visit to our site.
Skip Navigation

Facebook allowed Netflix and Spotify to read the private messages of its users.

Jack Taylor/Getty

The New York Times has published a blockbuster report documenting privacy abuses at the world’s largest social media platform, Facebook. The newspaper reports that Facebook shared private information about its users with so-called “partners” (companies with business agreements with Facebook). Because of these partnerships, Facebook felt it didn’t need to notify either its users or government regulators at the Federal Trade Commission (F.T.C.).

“The social network allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages,” the Times notes. Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show.”

Aside from Spotify, Bing, Netflix, and the Royal Bank of Canada, other “partners” that Facebook shared information with include Yahoo, Amazon, the Russian search engine Yandex, and the Chinese firm Huawei. Both Yandex and Huawei are known to work with the security services of their home countries. Huawei has been named as a security threat by the American government.

The partnerships Facebook has created are two-way streets, so it receives information from companies it does business with. One tool to facilitate this is the much criticized “People You May Know” feature.

According to the Times, “The feature, introduced in 2008, continues even though some Facebook users have objected to it, unsettled by its knowledge of their real-world relationships. Gizmodo and other news outlets have reported cases of the tool’s recommending friend connections between patients of the same psychiatrist, estranged family members, and a harasser and his victim.”

The F.T.C. has limited examination authority and seems to have outsourced its oversight duties to PriceWaterhouseCoopers, a company hired by Facebook.

Former F.T.C. official David Vladeck expressed amazement at Facebook’s business practices. “This is just giving third parties permission to harvest data without you being informed of it or giving consent to it,” Vladeck told the Times.

Early Facebook investor Roger McNamee agreed. “I don’t believe it is legitimate to enter into data-sharing partnerships where there is not prior informed consent from the user,” he told the newspaper. “No one should trust Facebook until they change their business model.”