Facebook “Whitelist” Granted Special Data Access to Firms
Internal documents show that the social media firm actively blacklisted certain companies from accessing data pools while favouring others.
Seized documents published by MPs show that Facebook made secret deals to give certain developers special access to user data.
The cache of internal documents was seized in November and has since been published online by a parliamentary committee investigating fake news and data misuse. Around 250 pages have been published along with a number marked by the company as “highly confidential”.
Files contained in the cache also suggest the social media firm made it “as hard as possible” for users to remain in the loops in regards to privacy changes on its Android app.
Emails were obtained by MPs as part of an unprecedented move by parliament. The head of a US-based software company, Six4Three, held the documents as part of a legal challenge being mounted against Facebook.
When parliament obtained the emails, Facebook objected to their release, stating that the documents were being presented in a “very misleading” manner.
Facebook had been warned that updates to its Android app, which allowed it to collect users’ call and texts, would be deemed controversial. However, Collins writes, “to mitigate any bad PR, Facebook planned to make it as hard as possible for users to know that this was one of the underlying features.”
Additionally, Collins asserts that Facebook allowed some companies to keep “full access” to users’ friends’ data, even after it announced changes to limit what developers could see.
“It’s is not clear that there was any user consent for this,” Collins writes. “Nor how Facebook decided which companies should be whitelisted.”
There is also evidence to suggest that Facebook’s refusal to share data with some apps caused them to fail.
Emails between Facebook staff and other tech companies appear to show the company agreeing to add specific third-party apps to its “whitelist”.
This access could allow a user on a particular app to view which of their Facebook friends were still using the product. Some of these include Airbnb, Netflix, Lyft and Badoo while documents show that others were denied these privileges.
Connected-vehicle firm, Airbiquity, along with Ticketmaster and Vine were denied access, with correspondence between staff and Zuckerberg himself discussing the blackout for Twitter-owned Vine.
Facebook claims that Six4Three “cherrypicked” the documents and that they were taken out of context, while a spokesperson for the firm added: “We stand by the platform changes we made in 2015 to stop a person from sharing their friends’ data with developers.
“Like any business, we had many internal conversations about the various ways we could build a sustainable business model for our platform.”
Zuckerberg published a response on his personal Facebook page, stating: “I understand there is a lot of scrutiny on how we run our systems. That’s healthy given the vast number of people who use our services around the world, and it is right that we are constantly asked to explain what we do.”
He added: “But it’s also important that the coverage of what we do – including the explanation of these internal documents – doesn’t misrepresent our actions or motives.”