Out of the frying pan and into the fire for social media giant Facebook.

A report published by The New York Times details Facebook’s relationships with large corporations and the extent to which they provided access to user data.

One of the more startling revelations in that report — Facebook granted some corporations the ability to read, write, and delete user private messages.

Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show. Facebook acknowledged that it did not consider any of those three companies to be service providers. Spokespeople for Spotify and Netflix said those companies were unaware of the broad powers Facebook had granted them. A Royal Bank of Canada spokesman disputed that the bank had any such access.

Spotify, which could view messages of more than 70 million users a month, still offers the option to share music through Facebook Messenger. But Netflix and the Canadian bank no longer needed access to messages because they had deactivated features that incorporated it.

These were not the only companies that had special access longer than they needed it. Yahoo, The Times and others could still get Facebook users’ personal information in 2017.

Yahoo could view real-time feeds of friends’ posts for a feature that the company had ended in 2011. A Yahoo spokesman declined to discuss the partnership in detail but said the company did not use the information for advertising. The Times — one of nine media companies named in the documents — had access to users’ friend lists for an article-sharing application it also had discontinued in 2011. A spokeswoman for the news organization said it was not obtaining any data.

Facebook’s internal records also revealed more about the extent of sharing deals with over 60 makers of smartphones, tablets and other devices, agreements first reported by The Times in June.

Apple is also implicated in the report:

Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show.

Apple officials said they were not aware that Facebook had granted its devices any special access. They added that any shared data remained on the devices and was not available to anyone other than the users.

Facebook entered full crisis PR mode after the 2016 election when federal investigators found Russian entities were using the platform in an attempt to sew discord and strife among the American public. Now, it appears as though Facebook’s relationship with Russian entities (though they may be different in scope and connection from those who attempted election meddling) is significantly cozier than they have ever publicly let on:

The Times report is lengthy, but well worth the read.

Following the Cambridge Analytica scandal earlier this year (wherein the data firm Cambridge Analytica was privy to the data of some 50 million Facebook users because those users gave them express consent through a third-party app. The information they mined was only a fraction of the data available to Facebook) I blogged about social media privacy concerns, a post that’s again relevant.


Donations tax deductible
to the full extent allowed by law.