Facebooked capped off its very bad year of data scandals with yet another leak of sensitive user information on Friday. This time, the social network disclosed a bug that made photos of 6.8 million users accessible to third-party developers, the latest sequence in a devastating string of crises for the social network this year.
The company offered a routine apology regarding the snafu, explaining that up to 1,500 apps built by 876 developers had access to these photos between September 13 to September 25. But perhaps most importantly, Facebook also noted that many of these photos weren’t even published to the website, but merely uploaded for a post they never decided to pull the trigger on.
Aside from the generally horrifying implications of having personal images exposed to strangers due to gross corporate negligence, Facebook’s mea culpa serves as a reminder of an unsavory truth reflecting the broader interests of a data-hungry internet: Your data is usually gone before you even hit publish.
Facebook’s insistence that users ultimately control their own data—”anything that you upload, you can also delete,”—has consistently proven misleading if not outright farcical. But even if you’re skeptical of Facebook’s claims, it can be easy to forget that the company also has access to data you aren’t aware you’ve shared with it yet. As far back as 2013, it was revealed that Facebook could monitor what you type, even if you wind up deleting a post and never hitting “share” altogether.
It isn’t just Mark Zuckerberg’s empire that’s guilty of bogarting data never meant to see the light of day: Various websites are equipped with code that extracts your personal info as quickly as you enter it in an online forum. It’s a practice employed by mortgage companies, healthcare firms and various others you might patronize online.
Don’t forget customer service chats, either. The business you’re complaining to might be using Live Agent, a tool that spies “what your customers are typing on Live chat in real-time,” so companies can have “answers prepared before the customer submits his questions.”
To Facebook’s ever-vanishing credit, there are engineering reasons to slurp up this data. As mentioned in a post on Facebook’s blog, it’s ostensibly to keep users from accidentally losing data:
“For example, if someone uploads a photo to Facebook but doesn’t finish posting it – maybe because they’ve lost reception or walked into a meeting – we store a copy of that photo for three days so the person has it when they come back to the app to complete their post.”
The fallout of Facebook’s latest blunder is a symptom of the company’s reluctance to share how it really treats user data, an unwillingness to make it clear when your data irrevocably enters its sphere of influence. In a nearly perfect irony, the company hosted a pop-up event on privacy in New York City as news of its latest privacy scandal spread—another example of a band-aid that only transparency and actual security could ever hope to solve.
While logging off entirely might allow for peace of mind, it’s hardly going to save you from the next big privacy scare, especially when you don’t need even need to hit publish to be wrapped up in one.
Originally posted on Popular Mechanics