Another Bandwagon Facebook Privacy Lawsuit?
Facebook is being sued once again for supposedly intercepting users' private messages, following links and sharing private data with advertisers and marketers. However, nearly every report only states the side of the plaintiff in this case but nobody is considering this topic with a pinch of skepticism.
From the reports so far there has been very little to no supporting evidence to these claims. In articles from popular news sites such as infoworld, it states:
Facebook scans users' private messages, follows any links in the messages to third-party Web sites and uses the information to build user profiles that are then shared with third parties, according to the suit brought by Facebook users Matthew Campbell and Michael Hurley on Dec. 30 in federal court in San Jose.
They claim that Facebook sells data that they mine from messages and links to advertisers to make money and to target ads to the user. That seems like a very broad accusation, but is there evidence supporting the claim?
Here is the full text of the original complaint: Matthew Campbell and Michael Hurley Class Action Complaint. This complaint is an interesting 36 page complaint, but again it contains very little real factual evidence in spite of the fact that it contains a section entitled "Factual Background".
The plaintiff references a study conducted in August 2013 by a Swiss firm called High-Tech Bridge. The study consisted of taking a web server and generating 50 random, secret URLs. HTB then tested each of these links on 50 of the top social networking sites and web services (one secret URL per website). They would perform actions such as sending messages, searching, etc. and monitor their web server logs to see if they received any requests from the tested services. They claim to have "trapped" six of the sites and observed traffic from them. These sites include Google+, Facebook, and Twitter and they state that these results are "quite interesting".
However, what they fail to mention is that making a request to a linked site and fetching data such as title, meta description, and share image are part of the normal, user-visible functionality of sites such as Facebook and Google+. When you paste a link into a post or a private message on Facebook, a loading icon momentarily appears and then a box is visible beneath the post with thumbnail info about the link. This study does not state that they excluded this functionality in their observations, so we can't rely on these results.
The plaintiff also makes statements such as:
The right of privacy is a personal and fundamental right in California and the United States. An individual's privacy is directly implicated by the collection, use, and dissemination of personal information. Defendant Facebook, Inc. has systematically violated consumers' privacy by reading its users' personal, private Facebook messages without their consent. - From infoworld.com
While privacy should be a fundamental human right, is it not debatable whether or not a user has elected to give up some of this right by registering on a site and accepting the terms of service?
Let's take a closer look at the terms of service for Facebook:
Sometimes we get data from our affiliates or our advertising partners, customers and other third parties that helps us (or them) deliver ads, understand online activity, and generally make Facebook better. For example, an advertiser may tell us information about you (like how you responded to an ad on Facebook or on another site) in order to measure the effectiveness of - and improve the quality of - ads. -From Facebook Terms of Service
This statement raises two points. Firstly, it is clearly stated that targeted ads are used, so this should come as no surprise. Secondly, it raises the thought that the data used to target the ads comes from the advertisers, not from the users' private messages.
Here's another line from the ToS:
We may put together your current city with GPS and other location information we have about you to, for example, tell you and your friends about people or events nearby, or offer deals to you in which you might be interested. We may also put together data about you to serve you ads or other content that might be more relevant to you. -From Facebook Terms of Service
Once again they state that they use information they know about you such as your geographic location to target ads that fit better.
Additionally, Facebook states that they define "public information" as information that you have shared with everyone, which includes your name, profile picture, timeline, username, etc. This information has been shared in public, and so Facebook can essentially use it however they want. For those using facebook and are not familiar with their privacy settings, check the privacy tab to limit what information is publicly available.
So to anyone who actually reads the terms of service before accepting, it should be clear that they can expect targeted ads. So if this, and the fact that Facebook retrieves meta data for links, is the only evidence that Facebook is violating the users' privacy and reading their private messages, then there is essentially no evidence at all.
This of course does not mean that no evidence exists; just that nothing of real substance has been reported so far. Facebook has of course had its privacy issues in the past, and privacy is a topic becoming ever more important.
The plaintiff intends to file a class action suit on behalf of all members and intends to make Facebook pay damages of either $100 per day of the alleged violation, or $10,000 per affected user. This of course would be in addition to the damages under California law. We shall see what happens once a verdict is made.