5 Facebook facepalms (just last week)

Your weekly roundup of Facebook news, also known as #SOMUCHPRIVACYSPLATTER!!!

In the wake of the Cambridge Analytica (CA) User Data Grabathon, Facebook’s spasming like a data addict suffering from withdrawal-related delirium tremors. Here are our picks for the week’s Top 5 chunks of shrapnel from that and other Facebook hijinx:

1. Facebook broke Tinder

Facebook on Wednesday applied thumbscrews to apps, tightening up its API in hopes of rewriting its history of ignoring developers as they’ve gleefully ransacked users’ private data.

We said, Hooray! No more searching for users by email or phone, making it that much tougher for these apps to auto-scrape our data!

Oh, NO! said people who found that the privacy changes interrupted their Tinder chats with cute French people.

Users reported getting logged out and then not being able to log back in, in spite of jumping through a whole lot of privacy hoops. New York Magazine reported that things got circular: users were first asked to log in to Facebook. Then they were asked to provide “additional Facebook permissions” to “create fuller profiles, verify authenticity and provide support.” Tapping “Ask me” on the permission request merely sent users back to the original notification asking them to log in to Facebook.

Facebook said it was a glitch. It was fixed later Wednesday night. Sorry about that, Facebook said. And no, your come-on lines weren’t that bad, and yes, you can now return to the search for the love of your life.

2. What’s a mere 37 million more CA victims between BFFs?

Speaking of that Wednesday privacy spasm, Facebook’s post about the overhaul included a wee bit more information about the CA Grabathon.

The factoid has to do with how many Facebook users were affected by CA’s harvesting of data to build “psychographic” profiles (all the better to profile you with, my dear, and to then target you with uber personalized political ads).

Two investigatory reports – one from the New York Times, another from The Observer – had originally estimated that more than 50 million Facebook users were psychographically scraped in early 2014 to build the system.

Make that 87 million-ish, Facebook said… A number that translates into “basically, all US users.”

From the post, written by Facebook CTO Mike Schropfer:

Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.

3. Facebook shelves plans to share data with hospitals (what now?!!?!?!!)

Now here’s a neat idea, Facebook apparently said to itself before CA blew up in its face: we’ll build medical profiles of people with anonymized medical data – illnesses, prescription information, that sort of thing – match it with the data we’ve got, and help hospitals figure out which patients might need special care or treatment.

Right. Then CA happened. You could practically hear the screeching wheels on that data gurney.

A Facebook spokesperson told CNBC that the plan never went beyond the talking stage:

This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone’s data.

…though as recently as last month, Facebook was talking to several health organizations about signing a data-sharing agreement, including Stanford Medical School and American College of Cardiology. The plan would have been to anonymize the data, to use hashing to match individuals’ Facebook profiles with their medical profiles, and to use the data strictly for medical research.

What could possibly have gone wrong with that, Dr. Frankenzucker? I guess we’ll have to wait for things to calm down before we find out. Granted, that might be never, at this rate.

4. Facebook’s been secretly deleting Zuck’s Messenger messages

No, thank you: that privacy dogfood we put out for public consumption isn’t quite to our taste, Facebook admitted. That’s why it’s been secretly deleting founder and CEO Mark Zuckerberg’s messages.

A spokesperson told TechCrunch that the company started retracting certain messages from users’ inboxes after the embarrassing Sony Pictures hack:

After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications. These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages.

5. Privacy groups challenge Facebook’s use of facial recognition

Just who, exactly, told Facebook it was OK to use our biometrics to tag us in photos?

Why, nobody. That’s why the Electronic Privacy Information Center (EPIC) and several other consumer groups planned to file a complaint on Friday with the US Federal Trade Commission (FTC), asking for an investigation into the company’s use of facial recognition technology.

They shared a draft of the complaint with USA Today.

EPIC president Marc Rotenberg:

The problem is that the people Facebook is trying to ‘tag’ did not consent to being identified.

Facebook uses facial identification to recognize people in photos, thus making it easier for users to tag them. It also lets people know if they’ve shown up in other people’s photos or videos.

Rob Sherman, Facebook Deputy Chief Privacy Officer, said in a statement that it also helps the visually impaired:

Our face recognition technology helps people manage their identity on Facebook and makes our features work better for people who are visually impaired.

Facebook is already facing a class action suit brought by Illinois residents that claim that the social network violated Illinois privacy laws by “secretly” amassing users’ biometric data without getting consent from the plaintiffs.

Another complaint? Just add it to the pile: the FTC’s already going after Facebook over CA-palooza.

Let’s get meta: for more Naked Security coverage of Facebook, follow us on Facebook!