Never Trust a Surveillance Company

The parliament of the United Kingdom (UK) decided to pull a Facebook on Facebook by collecting the company's personal information. Not only did the parliament collect Facebook's personal information but it's now airing the company's dirty laundry. There are a lot of interesting tidbits to be found within the documents posted by the parliament but one in particular shows Facebook's ruthlessness when it comes to collecting your personal information:

The emails show Facebook’s growth team looking to call log data as a way to improve Facebook’s algorithms as well as to locate new contacts through the “People You May Know” feature. Notably, the project manager recognized it as “a pretty high-risk thing to do from a PR perspective,” but that risk seems to have been overwhelmed by the potential user growth.

Initially, the feature was intended to require users to opt in, typically through an in-app pop-up dialog box. But as developers looked for ways to get users signed up, it became clear that Android’s data permissions could be manipulated to automatically enroll users if the new feature was deployed in a certain way.

In another email chain, the group developing the feature seems to see the Android permissions screen as a point of unnecessary friction, to be avoided if possible. When testing revealed that call logs could be collected without a permissions dialog, that option seems to have been obviously preferable to developers.

“Based on our initial testing,” one developer wrote, “it seems that this would allow us to upgrade users without subjecting them to an Android permissions dialog at all.”

If you're using Facebook on a Google operating system, you're in the center of a surveillance Eiffel Tower, and I'm not talking about the monument!

The history of Android's permission system has not been a happy one. Until fairly recently Android had an all or nothing model where you either had to grant an application all the permissions it asked for or you couldn't use it. Not surprisingly this resulted in almost every app requesting every possible permission, which turned the permissions dialog into a formality. Android 6.0 changed the permission system to mirror iOS's. When an app running on Android 6.0 or later wants to access a protected feature such as text messages, the user is presented with a dialog alerting them to the attempted access and asks if they want to allow it.

If you read the excerpts, you'll see that Facebook was concerned about the kind of public relations nightmare asking for permission to access call and text message logs could bring. At first the company was planning to only request permission to access call logs, hoping it wouldn't cause a ruckus. However, once somebody figured out a way to add the additional capabilities without triggering any new permission requests, Facebook moved forward with the plan. So we know for a fact that Facebook knew what it was doing was likely to piss off its users and was willing to use underhanded tactics to do it without getting caught.

You should never trust a company that profits by collecting your personal information to respect your privacy. In light of the information released by the UK's parliament, this goes double for Facebook.