Resources

Several Popular Apps Share Data With Facebook Without User Consent

Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations.

In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission. Information sent instantly included the app’s name, the user’s unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people’s flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for. European law on data-sharing changed in May with the introduction of General Data Protection Regulation and mobile apps are required to have the explicit consent of users before collecting their personal information.

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants

Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.

For years, Facebook gave some of the world’s largest technology companies more intrusive access to users’ personal data than it has disclosed, effectively exempting those business partners from its usual privacy rules, according to internal records and interviews.

The special arrangements are detailed in hundreds of pages of Facebook documents obtained by The New York Times. The records, generated in 2017 by the company’s internal system for tracking partnerships, provide the most complete picture yet of the social network’s data-sharing practices. They also underscore how personal data has become the most prized commodity of the digital age, traded on a vast scale by some of the most powerful companies in Silicon Valley and beyond.

Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.

The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.

Facebook has been reeling from a series of privacy scandals, set off by revelations in March that a political consulting firm, Cambridge Analytica, improperly used Facebook data to build tools that aided President Trump’s 2016 campaign. Acknowledging that it had breached users’ trust, Facebook insisted that it had instituted stricter privacy protections long ago. Mark Zuckerberg, the chief executive, assured lawmakers in April that people “have complete control” over everything they share on Facebook.

[Facebook’s strategy in times of crisis: delay, deny and deflect.]

Facebook began forming data partnerships when it was still a relatively young company. Mr. Zuckerberg was determined to weave Facebook’s services into other sites and platforms, believing it would stave off obsolescence and insulate Facebook from competition. Every corporate partner that integrated Facebook data into its online products helped drive the platform’s expansion, bringing in new users, spurring them to spend more time on Facebook and driving up advertising revenue. At the same time, Facebook got critical data back from its partners.

The partnerships were so important that decisions about forming them were vetted at high levels, sometimes by Mr. Zuckerberg and Sheryl Sandberg, the chief operating officer, Facebook officials said. While many of the partnerships were announced publicly, the details of the sharing arrangements typically were confidential.

Facebook also allowed Spotify, Netflix and the Royal Bank of Canada to read, write and delete users’ private messages, and to see all participants on a thread — privileges that appeared to go beyond what the companies needed to integrate Facebook into their systems, the records show. Facebook acknowledged that it did not consider any of those three companies to be service providers. Spokespeople for Spotify and Netflix said those companies were unaware of the broad powers Facebook had granted them. A spokesman for Netflix said Wednesday that it had used the access only to enable customers to recommend TV shows and movies to their friends.

A Royal Bank of Canada spokesman disputed that the bank had had any such access. (Aspects of some sharing partnerships, including those with the Royal Bank of Canada and Bing, were first reported by The Wall Street Journal.)

Spotify, which could view messages of more than 70 million users a month, still offers the option to share music through Facebook Messenger. But Netflix and the Canadian bank no longer needed access to messages because they had deactivated features that incorporated it.

These were not the only companies that had special access longer than they needed it. Yahoo, The Times and others could still get Facebook users’ personal information in 2017.

Yahoo could view real-time feeds of friends’ posts for a feature that the company had ended in 2012. A Yahoo spokesman declined to discuss the partnership in detail but said the company did not use the information for advertising. The Times — one of nine media companies named in the documents — had access to users’ friend lists for an article-sharing application it had discontinued in 2011. A spokeswoman for the news organization said it was not obtaining any data.

Facebook’s internal records also revealed more about the extent of sharing deals with over 60 makers of smartphones, tablets and other devices, agreements first reported by The Times in June.

Facebook empowered Apple to hide from Facebook users all indicators that its devices were asking for data. Apple devices also had access to the contact numbers and calendar entries of people who had changed their account settings to disable all sharing, the records show.

Apple officials said they were not aware that Facebook had granted its devices any special access. They added that any shared data remained on the devices and was not available to anyone other than the users.

Facebook has Filed a Patent To Calculate Your Future Location

Facebook has filed several patent applications with the U.S. Patent and Trademark Office for technology that uses your location data to predict where you’re going and when you’re going to be offline.

A May 30, 2017, Facebook application titled “Offline Trajectories” describes a method to predict where you’ll go next based on your location data. The technology described in the patent would calculate a “transition probability based at least in part on previously logged location data associated with a plurality of users who were at the current location.” In other words, the technology could also use the data of other people you know, as well as that of strangers, to make predictions. If the company could predict when you are about to be in an offline area, Facebook content “may be prefetched so that the user may have access to content during the period where there is a lack of connectivity.”

Another Facebook patent application titled “Location Prediction Using Wireless Signals on Online Social Networks” describes how tracking the strength of Wi-Fi, Bluetooth, cellular, and near-field communication (NFC) signals could be used to estimate your current location, in order to anticipate where you will go next. This “background signal” information is used as an alternative to GPS because, as the patent describes, it may provide “the advantage of more accurately or precisely determining a geographic location of a user.” The technology could learn the category of your current location (e.g., bar or gym), the time of your visit to the location, the hours that entity is open, and the popular hours of the entity.

Yet another Facebook patent application, “Predicting Locations and Movements of Users Based on Historical Locations for Users of an Online System,” further details how location data from multiple people would be used to glean location and movement trends and to model location chains. According to the patent application, these could be used for a “variety of applications,” including “advertising to users based on locations and for providing insights into the movements of users.” The technology could even differentiate movement trends among people who live in a city and who are just visiting a city.

Facebook Privacy Social Networks Internal Emails Show Facebook Weighing the Privacy Risks of Quietly Collecting Call and Text Records From Its Android Users—Then Going Ahead Anyway

Earlier this year, many Android users were shocked to discover that Facebook had been collecting a record of their call and SMS history, as revealed by the company’s data download tool. Now, internal emails released by the UK Parliament show how the decision was made internally.

According to the emails, developers knew the data was sensitive, but they still pushed to collect it as a way of expanding Facebook’s reach. The emails show Facebook’s growth team looking to call log data as a way to improve Facebook’s algorithms as well as to locate new contacts through the “People You May Know” feature. Notably, the project manager recognized it as “a pretty high-risk thing to do from a PR perspective,” but that risk seems to have been overwhelmed by the potential user growth.

Initially, the feature was intended to require users to opt in, typically through an in-app pop-up dialog box. But as developers looked for ways to get users signed up, it became clear that Android’s data permissions could be manipulated to automatically enroll users if the new feature was deployed in a certain way.

Facebook Filed A Patent To Predict Your Household’s Demographics Based On Family Photos

Facebook has submitted a patent application for technology that would predict who your family and other household members are, based on images and captions posted to Facebook, as well as your device information, like shared IP addresses. The application, titled “Predicting household demographics based on image data,” was originally filed May 10, 2017, and made public today.

The system Facebook proposes in its patent application would use facial recognition and learning models trained to understand text to help Facebook better understand whom you live with and interact with most. The technology described in the patent looks for clues in your profile pictures on Facebook and Instagram, as well as photos of you that you or your friends post.

It would note the people identified in a photo, and how frequently the people are included in your pictures. Then, it would assess information from comments on the photos, captions, or tags (#family, #mom, #kids) — anything that indicates whether someone is a husband, daughter, cousin, etc. — to predict what your family/household actually looks like. According to the patent application, Facebook’s prediction models would also analyze “messaging history, past tagging history, [and] web browsing history” to see if multiple people share IP addresses (a unique identifier for every internet network).

Facebook Allowed Advertisers to Target Users Interested in “White Genocide”—Even in Wake of Pittsburgh Massacre

Apparently fueled by anti-Semitism and the bogus narrative that outside forces are scheming to exterminate the white race, Robert Bowers murdered 11 Jewish congregants as they gathered inside their Pittsburgh synagogue, federal prosecutors allege. But despite long-running international efforts to debunk the idea of a “white genocide,” Facebook was still selling advertisers the ability to market to those with an interest in that myth just days after the bloodshed.

A simple search of Facebook pages also makes plain that there are tens of thousands of users with a very earnest interest in “white genocide,” shown through the long list of groups with names like “Stop White South African Genocide,” “White Genocide Watch,” and “The last days of the white man.” Images with captions like “Don’t Be A Race Traitor” and “STOP WHITE GENOCIDE IN SOUTH AFRICA” are freely shared in such groups, providing a natural target for anyone who might want to pay to promote deliberately divisive and incendiary hate-based content.

Only 22% of Americans Now Trust Facebook’s Handling of Personal Info

Facebook is the least trustworthy of all major tech companies when it comes to safeguarding user data, according to a new national poll conducted for Fortune, highlighting the major challenges the company faces following a series of recent privacy blunders. Only 22% of Americans said that they trust Facebook with their personal information, far less than Amazon (49%), Google (41%), Microsoft (40%), and Apple (39%).

In question after question, respondents ranked the company last in terms of leadership, ethics, trust, and image… Public mistrust extended to Zuckerberg, Facebook’s public face during its privacy crisis and who once said that Facebook has “a responsibility to protect your information, If we can’t, we don’t deserve it.” The company subsequently fell victim to a hack but continued operating as usual, including debuting a video-conferencing device intended to be used in people’s living rooms or kitchens and that further extends Facebook’s reach into more areas outside of personal computers and smartphones. Only 59% of respondents said they were “at least somewhat confident” in Zuckerberg’s leadership in the ethical use of data and privacy information, ranking him last among four other tech CEOS…

As for Facebook, the social networking giant may have a difficult time regaining public trust because of its repeated problems. Consumers are more likely to forgive a company if they believe a problem was an aberration rather than a systemic failure by its leadership, Harris Poll CEO John Gerzema said.

The article concludes that “For now, the public isn’t in a forgiving mood when it comes to Facebook and Zuckerberg.”

Facebook Could Use Data Collected From Its Portal In-Home Video Device To Target You With Ads

Facebook announced Portal last week, its take on the in-home, voice-activated speaker to rival competitors from Amazon, Google and Apple. Last Monday, we wrote: “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.” We wrote that because that’s what we were told by Facebook executives. But Facebook has since reached out to change its answer: Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties.

“Portal voice calling is built on the Messenger infrastructure, so when you make a video call on Portal, we collect the same types of information (i.e. usage data such as length of calls, frequency of calls) that we collect on other Messenger-enabled devices. We may use this information to inform the ads we show you across our platforms. Other general usage data, such as aggregate usage of apps, etc., may also feed into the information that we use to serve ads,” a spokesperson said in an email to Recode. That isn’t very surprising, considering Facebook’s business model. The biggest benefit of Facebook owning a device in your home is that it provides the company with another data stream for its ad-targeting business.

Facebook Is Teeming With Fake Accounts Created By Undercover Cops

In the summer of 2015, as Memphis exploded with protests over the police killing of a 19-year-old man, activists began hearing on Facebook from someone called Bob Smith. The name was generic, and so was his profile picture: a Guy Fawkes mask, the symbol of anti-government dissent. Smith acted as if he supported the protesters, and, slowly, they let him into their online community. Over the next three years, dozens of them accepted his friend requests, allowing him to observe private discussions over marches, rallies and demonstrations.

But Smith was not real. He was the creation of a white detective in the Memphis Police Department’s Office of Homeland Security whose job was to keep tabs on local activists across the spectrum, from Black Lives Matter to Confederate sympathizers.

The detective, Tim Reynolds, outed himself in August under questioning by the American Civil Liberties Union of Tennessee, which sued the police department for allegedly violating a 1978 agreement that prohibited police from conducting surveillance of lawful protests. The revelation validated many activists’ distrust of local authorities. It also provided a rare look into the ways American law enforcement operates online, taking advantage of a loosely regulated social media landscape — and citizens’ casual relinquishing of their privacy — to expand monitoring of the public.

The proliferation of fake Facebook accounts and other means of social media monitoring ─ including the use of software to crunch data about people’s online activity ─ illustrates a policing “revolution” that has allowed authorities to not only track people but also map out their networks, said Rachel Levinson-Waldman, senior counsel at New York University School of Law’s Brennan Center for Justice.

She is among many scholars who worry that expanded social media surveillance could make people less likely to engage in online activities protected by the First Amendment, from sharing their opinions to organizing protests of the government. But there are few laws governing this kind of monitoring. Few courts have taken up the issue. And most police departments don’t have policies on how officers can use social media for investigations, according to Levinson-Waldman’s research.

“It’s pretty open territory,” she said.

Instagram is testing the ability to share your precise location history with Facebook

Revealed just weeks after Instagram’s co-founders left the company, Instagram is currently testing a feature that would allow it to share your location data with Facebook, even when you’re not using the app.

Instagram is not the only service that Facebook has sought to share data between. Back in 2016 the company announced that it would be sharing user data between WhatsApp and Facebook in order to offer better friend suggestions. The practice was later halted in the European Union thanks to its GDPR legislation, although WhatsApp’s CEO and co-founder later left over data privacy concerns.

Facebook is also reportedly testing a map view to see friend’s locations, similar to what’s already offered by Snapchat. Instagram’s data sharing could provide additional data points to power this functionality, while providing Facebook with more data to better target its ads.

Facebook “bug” prevented users from deleting their accounts

Until just a few days ago, some Facebook users could not delete their accounts — the option to do so simply didn’t work. After VentureBeat reached out to Facebook regarding the issue, an engineer was able to squash the bug.

Two weeks ago, I got an email from a VentureBeat reader who couldn’t delete his Facebook account. He claimed there were others also having issues — no matter what they tried, they simply could not delete Facebook. I didn’t believe him at first. […] I did my due diligence. The least I could do was help him delete his account. Upon request, the reader was gracious enough to let me log into his Facebook account so I could see for myself. No matter what I tried, and regardless of which browser I used, the Facebook help page for deleting your account would not load when logged into his account.

The reporter contacted a Facebook spokesperson, who after looking into the matter concluded that a bug prevented some people with “a large number of posts” from deleting their accounts. Facebook says it has resolved the issue.

Facebook increases so-called “deletion” pending time from 14 days to 30

Facebook has increased the pending time to process a deletion request to 30 days, a 16-day increase over the previous 14.

Is there a reason to believe that Facebook’s also making this change because more people are deleting their accounts? The movement [sic] has certainly gotten a lot of attention in recent months, with WhatsApp cofounder Brian Acton encouraging his nearly 43,000 Twitter followers in March to delete Facebook.

But Facebook’s last earnings report doesn’t give much indication that it is — the number of daily active users in the U.S. and Canada stayed flat, and even increased in Asia. The number of DAUs in Europe dropped by 4 million, but Facebook executives indicated that they believed that was mostly due to GDPR. Facebook followers will have to wait until the company’s next earnings report on October 30 to see if the dip in Europe DAUs is part of a continuing trend.

For those who want to delete Facebook and are willing to wait out 30 days, here’s a step-by-step guide on how to do so.

Facebook Is Giving Advertisers Access To Your Shadow Contact Information

Kashmir Hill, reporting for Gizmodo:

Last week, I ran an ad on Facebook targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.” You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.

… Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser. They came up with a novel way to detect whether that information became available to advertisers by looking at the stats provided by Facebook about the size of an audience after contact information is uploaded. They go into this in greater length and technical detail in their paper [PDF]. They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks.

Officially, Facebook denies the existence of shadow profiles. In a hearing with the House Energy & Commerce Committee earlier this year, when New Mexico Representative Ben Lujan asked Facebook CEO Mark Zuckerberg if he was aware of the so-called practice of building “shadow profiles”, Zuckerberg denied knowledge of it.

India’s Biometric Database Is Creating A Perfect Surveillance State — And U.S. Tech Companies Are On Board

Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history. For the past nine years, India has been building the world’s biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means “proof” or “basis” in Hindi), could be a gold mine. The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company — Google — gave a definitive response.

That’s because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India’s poor, the database has become Indians’ gateway to nearly any type of service — from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.

Social Media Manipulation Rising Globally, New Oxford Report Warns

A new report from Oxford University found that manipulation of public opinion over social media platforms is growing at a large scale, despite efforts to combat it. “Around the world, government agencies and political parties are exploiting social media platforms to spread junk news and disinformation, exercise censorship and control, and undermine trust in media, public institutions and science.”

“The number of countries where formally organized social media manipulation occurs has greatly increased, from 28 to 48 countries globally,” says Samantha Bradshaw, co-author of the report. “The majority of growth comes from political parties who spread disinformation and junk news around election periods. There are more political parties learning from the strategies deployed during Brexit and the U.S. 2016 Presidential election: more campaigns are using bots, junk news, and disinformation to polarize and manipulate voters.”

This is despite efforts by governments in many democracies introducing new legislation designed to combat fake news on the internet. “The problem with this is that these ‘task forces’ to combat fake news are being used as a new tool to legitimize censorship in authoritarian regimes,” says Professor Phil Howard, co-author and lead researcher on the OII’s Computational Propaganda project. “At best, these types of task forces are creating counter-narratives and building tools for citizen awareness and fact-checking.” Another challenge is the evolution of the mediums individuals use to share news and information. “There is evidence that disinformation campaigns are moving on to chat applications and alternative platforms,” says Bradshaw. “This is becoming increasingly common in the Global South, where large public groups on chat applications are more popular.”

Facebook is not alone in making everyone’s data available for whatever purpose

Most companies that trade in the sale and manipulation of personal information are private and beholden to few rules other than the bare minimum of those they establish themselves, to avoid scrutiny and be able to say “we told you so” if an angry individual ever comes calling. Even if a consumer is aware their data is being passed around, their ability to control it once it’s out there is virtually nil: if they request it be deleted from one data broker, it can simply be bought back from from one of several gigantic firms that have been storing it, too.

It is an open question what the actual effect of Cambridge Analytica’s work on the presidential election was, and what the outcome might have been without its influence (most references to its “psychographic” profiling in The New York Times’ story are appropriately skeptical). It would be hard to say without a lot more cooperation from the company and Facebook itself. But the leak by one of its researchers is an incredibly rare glimpse into a fairly routine process in an industry that is so staggeringly enormous and influential, not just in politics but in our personal, day-to-day existence, that it’s difficult to believe that it is anything but a mistake. But it isn’t, and wasn’t, a mistake. It is how things happened and are still happening every day.

Digital ads are starting to feel psychic

It seems like everyone these days has had a paranoiac moment where a website advertises something to you that you recently purchased or was gifted without a digital trail. According to a new website called New Organs, which collects first-hand accounts of these moments, “the feeling of being listened to is among the most common experiences, along with seeing the same ads on different websites, and being tracked via geo-location,” reports The Outline. The website was created by Tega Brain and Sam Lavigne, two Brooklyn-based artists whose work explores the intersections of technology and society…

Facebook is working on technology that allows users to type straight from their thoughts

Facebook is working on technology that allows users to type straight from their thoughts without having to lift a finger to work the keyboard. Regina Dugan, a former director of DARPA and the ex-head of Google’s experimental ATAP research group, said that the brain-computer interface had the capacity to revolutionize how human beings use and interact with technology. Currently, such brain-computer interface technology only exists in medical research but the Building 8 team is committed to bringing it to reality.

How Fracking Companies Use Facebook Surveillance to Ban Protest

Facebook is being used by oil and gas companies to clamp-down on protest. Three companies are currently seeking injunctions against protesters: British chemical giant INEOS, which has the largest number of shale gas drilling licenses in the UK; and small UK outfits UK Oil and Gas (UKOG), and Europa Oil and Gas. Among the thousands of pages of documents submitted to British courts by these companies are hundreds of Facebook and Twitter posts from anti-fracking protesters and campaign groups, uncovered by Motherboard in partnership with investigative journalists at DeSmog UK. They show how fracking companies are using social media surveillance carried out by a private firm to strengthen their cases in court by discrediting activists using personal information to justify banning their protests.

Included in the evidence supplied by the oil and gas companies to the courts are many personal or seemingly irrelevant campaigner posts. Some are from conversations on Facebook groups dedicated to particular protests or camps, while others have been captured from individuals’ own profile pages. For instance, a picture of a mother with her baby at a protest was submitted as part of the Europa Oil and Gas case. Another screenshot of a post in the Europa bundle shows a hand-written note from one of the protesters’ mothers accompanying a care package with hand-knitted socks that was sent to an anti-fracking camp. One post included in the UKOG hearing bundle shows two protesters sharing a pint in the sun — not at a protest camp, nor shared on any of the campaign pages’ Facebook groups. A screenshot from INEOS’s hearing bundle shows posts from a protester to his own Facebook wall regarding completely unrelated issues such as prescription drugs, and a generic moan about his manager.

It is not always clear how such posts are being used against these activists except to portray them in a bad light, and a judge could disregard them as irrelevant to the case. But their often personal nature raises questions about how these companies were scrutinising the private lives of campaigners to justify shutting down their protests.

In 2011, the UK government ordered a public inquiry led by Lord Justice Leveson into the culture, practices and ethics of the British press after a leading tabloid newspaper was convicted of phone hacking. One of the activists subject to surveillance, Jon O’Houston, who has been part of the Broadford Bridge Protection Camp, said he felt it was equivalent to the phone hacking cases, which led to the Leveson review.
Advertisement

“What’s said in the groups is generally taken either out of context or cherry-picked”, O’Houston told Motherboard. “When taken out of context, you can make anything look bad or good.”

Despite his posts being used to strengthen the case for injunctions against protesters, he said he wouldn’t necessarily change his behaviour on social media.

“I don’t think I’d ever change the way we operate our groups. There’s too much information there already. If someone wants to go back five years and have a look at what was going on in these groups five years ago, they could do that,” he said.

“It would be very difficult if we stopped using Facebook as a platform,” he added. “We would lose so much of that important stuff. In a way, it’s got us trapped.”

Facebook, Google, and Microsoft Use Design to Trick You Into Handing Over Your Data, New Report Warns

A study from the Norwegian Consumer Council dug into the underhanded tactics used by Microsoft, Facebook, and Google to collect user data. “The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users,” states the report, which includes images and examples of confusing design choices and strangely worded statements involving the collection and use of personal data.

Google makes opting out of personalized ads more of a chore than it needs to be and uses multiple pages of text, unclear design language, and, as described by the report, “hidden defaults” to push users toward the company’s desired action. “If the user tried to turn the setting off, a popup window appeared explaining what happens if Ads Personalization is turned off, and asked users to reaffirm their choice,” the report explained. “There was no explanation about the possible benefits of turning off Ads Personalization, or negative sides of leaving it turned on.” Those who wish to completely avoid personalized ads must traverse multiple menus, making that “I agree” option seem like the lesser of two evils.

In Windows 10, if a user wants to opt out of “tailored experiences with diagnostic data,” they have to click a dimmed lightbulb, while the symbol for opting in is a brightly shining bulb, says the report.

Another example has to do with Facebook. The social media site makes the “Agree and continue” option much more appealing and less intimidating than the grey “Manage Data Settings” option. The report says the company-suggested option is the easiest to use. “This ‘easy road’ consisted of four clicks to get through the process, which entailed accepting personalized ads from third parties and the use of face recognition. In contrast, users who wanted to limit data collection and use had to go through 13 clicks.”