Meta simplifies privacy doc, but your data isn’t safe (updated)

Meta Platforms, Inc. ((NASDAQ: META) recently updated its privacy policy to make it “easier to understand” but it is still thousands of words long and most people tend to drift off after 750. So your intrepid reporter took the time to read the whole thing, including the explanatory links, to give you the gist. Here it is.

It is much easier to understand that your data is no safer than it ever was.

Everything is everything

Everything you post, share, like and even look at is captured and shared with advertisers who pay Facebook for that data. They can also share photos and videos in your camera roll. Even if you have turned off location data on the app they can also capture and share location data. It’s harder to do with an Apple device, but if you are using the app they can still collect it. They can’t, however, if you access your account through a secure browser like Safari or DuckDuckGo.

They reiterate that they do not share or sell your personal… unless you give them permission. That includes your age, birthday, location, phone number, email address, physical address religious and political views, sexual orientation, health, life events, racial or ethnic origin, philosophical beliefs, and group (like union) memberships. If you post that information in your profile then it is fair game.

They also capture and share the comments, likes and views of all the people in your circle of friends and followers, along with all their personal information that they publicly post on their accounts.

The only caveat is they cannot share that information in countries that don’t allow it … unless you give permission by publicly posting it on your account.

Stop means Stop and we are talking to you

How you stop that collection is to stop using their “products” for 90 days. That means Facebook, WhatsApp, Messenger, Instagram, Novi Financial (which processes payments) and Oculus VR goggles. Once you use any one of those products it resets the 90-day clock.

  • Device information they collect includes:
  • The device and software you’re using, and other device characteristics.
  • What you’re doing on your device, like whether our app is in the foreground or if your mouse is moving (which can help tell humans from bots)
  • Identifiers that tell your device apart from other users’, including Family Device IDs.
  • Signals from your device.
  • Information you’ve shared with us through device settings, like GPS location, camera access, photos and related metadata
  • Information about the network you connect your device to, including your IP address.
  • Information about our Products’ performance on your device. Learn more.
  • Information from cookies and similar technologies.

Who they share it with

Primarily, the information is shared with “partners”. These are the people and organizations that pay for the right to get that data, mostly advertisers. Then there are the “vendors”. These are marketing and research companies that buy and distribute advertising for the partners. The thing is that Meta may or may not know who the partners are buying the advertising through the vendors. This is why some companies get a black eye in the public by advertising on radical, right-wing media, or why sometimes some very shady and deceptive advertising gets on your feed. Finally, there is the shadowy “third parties” identified as “researchers.” The most famous of this group is Cambridge Analytics. They are now out of business except they have reconstituted a couple of times and are up to the same hi-jinx of destabilizing governments.

Related:   Phishing Kits: the new frontier of hacker attacks

The problem here, though is the partners, vendors and third parties all agree to share the information they collect with Meta as well, so even if Meta doesn’t collect, share and sell your information to anyone else, that doesn’t mean someone else can’t. In some US states and in the EU, that can be mitigated by data privacy laws, but there are massive holes in those laws and they don’t stop organizations and governments not under those laws from collecting and selling your information. Here are some examples of information we are talking about:

  • Your device information
  • Websites you visit and cookie data
  • Apps you use
  • Games you play
  • Purchases and transactions you make
  • Your demographics, like your education level
  • The ads you see and how you interact with them
  • How you use products and services, online or in person.

UPDATE: The “day-after” pill provider Hey Jane has provided confidential information about their customers to Meta, Google and the payment. That information can be used to identify women trying to acquire the medication

We are never alone

To stop that from happening you need to know who is doing the collection and tell them to stop. Finding out who those people are is a different thing. There are services that, for a fee, will identify and make formal request for the deletion of your data, including Deleteme and Data Grail, which can simplify that process.

As the privacy policy states, “We receive this information whether or not you’re logged in or have an account on our Products. Partners also share with us their communications with you if they instruct us to provide services to their business, like helping them manage their communications.”

Meta proudly proclaims that they are not collecting data “in any new way”, ostensibly to get around new data privacy laws, or at least so they don’t have any new legal problems to deal with. Internationally, regulators have been after Meta to make their rules easier to understand, but that doesn’t mean they’ve made improvements to securing your data.

To sum up, don’t expect data mills like Meta to protect your data unless legally required to do so, and there are no laws that cover that issue. It’s all on you.

Lou Covey

Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *