Comment: Why there is no escape from the Facebook data vortex
HOW bad is the latest Facebook data breach?
Well, hackers had full access to at least 50 million Facebook accounts; they might or might not have downloaded every single piece of information from those accounts; and they might not have been the only people to exploit the vulnerability during the 14 months it has probably existed.
Perhaps we should be reassured that the attackers did not steal any passwords, nor any payment details. All they had access to was what users had chosen to put on Facebook: their friends, messages, comments and photos. In which case, surely one possible defence against such attacks could be to do what many people are already doing for their own reasons: not to delete Facebook but to withdraw from it, to never give it your real self. Or, better yet, to give it an elaborate fictional self.
That would certainly follow the logic of Facebook’s claims about itself. When Mark Zuckerberg, its chief executive, testified before the US Congress earlier this year, he said Facebook users were in control of their data and could edit or delete it at any time. This is true: over the last decade Facebook has vastly improved its privacy controls and users have power over who advertises to them through its platform. So just don’t upload anything you wouldn’t want Russian spies to know.
But that wouldn’t quite be enough, because Mr Zuckerberg was very careful in what he told Congress. He only said “you control and own the data that you put on Facebook”; he didn’t mention the data others put on Facebook in your name. A recent study found advertisers could target you on Facebook using phone numbers and email addresses you never gave it and cannot ask it to delete. These are harvested from your friends and acquaintances who did agree to share their address books. Behind the scenes, Facebook can connect those details with your profile using what it already knows.
Fine: just make sure you never sign up to any social network with an email address any other human knows. Except that this, again, might not be enough. Facebook may be able to connect different datasets together using other tools: your name, your particular place in a network of friends, or your pattern of activity. You can be identified through a unique code your mobile phone operating system generates, and your phone has a unique ID too. Nor are social networks the only bodies collecting data on you. Data brokers buy up information from public registries, supermarket reward schemes and even invisible “tracking pixels” which tell marketers whether and where you have opened an email. Then they aggregate it into detailed profiles and sell it on to others. That’s if everyone follows the rules.
The measures you would need to take in order to gain “complete control” of all this data might not be that hard, on their own. But you would have to be uncompromising. No checking your map on your phone because you’re late for a dinner party, since this would involve switching on “location services”. No discounts for being a member of something online. Certainly no social media apps on your phone.
Doing all of this would entail wilfully opting out of all the benefits of data driven services, which not only make ordinary tasks easier but allow whole new tasks that were not previously possible.
Most people aren’t willing to make that compromise – I’m certainly not. It might not even be worth it: you already walk down the street despite the risk of mugging, so why not use social media despite the risk of comprehensive identity theft?
The problem is, if you are worried, then you will not find a solution in data abstinence. As long as collecting and aggregating large amounts of data in one place remains a viable business model, there will be many tempting targets for digital burglars. This is a problem that can only be mitigated at the level of institutions and regulations. Or perhaps – given this hack was enabled by a feature Facebook introduced to help people guard their privacy – not even then.