The Things You Don’t See

We've talked about privacy a lot in this newsletter, and as a major player in the social media and data aggregation industry, Facebook has naturally been a common topic. Many people do not seem to be terribly concerned about the rampant data collection that takes place every second you spend using online services or internet-connected devices. The rationale for this is often "why should I care if they have my data? I'm not that interesting," and it is a sentiment shared by a not-insignificant number of people.

This misconception stems from a false perception of how much or how often a company gathers data. Many mobile devices, for example, collect a considerable amount of data on their users straight out of the box, such as their location, usage data (like what websites you visit, how long you're on your device, etc.), telemetry data including what you type, location data, and more. Beyond that, most of the apps that people download onto these devices tend to collect similar data types, and sometimes in greater quantities. Your devices may report this data back to the servers that it connects to quite often, giving the companies that made the device or developers of the apps you use a current, up-to-date picture of what you look like as a user.

A real-world example of this can be found in Amazon's Echo products, Google Assistants, or Facebook Portals. These products record similar types of data as listed above, and they also are constantly listening (see: recording) what is said within range of them. This would be fine, if this recording was deleted once it was determined that the wake word was never spoken, but that is usually not the case. A story in 2019 found that Amazon's Echo DOES keep a recording of all things that are said around it, and by default sent that data to Amazon. Anyone who has an Echo dot within range while having private conversations may have had that recording shipped off to live in an Amazon data center, where it will live for an indefinite period of time.

Another example can be found in the Facebook app, particularly when uploading photos to Facebook. Images contain data called EXIF data, which includes information related to the device taking the photo. This can range from the device number that is unique to your camera and your camera alone, to precise location data that will tell someone who views the EXIF data where that photo was taken. This EXIF data is a part of every single image that is taken, and it isn't particularly difficult to view it. When you upload a photo to Facebook's platform, they usually replace all of the EXIF data to keep you safe--ostensibly, at least, as it isn't visible to the public.

However, they don't simply delete the old data; they send it - yep, you guessed it - to their data centers. That data can be used to map places that you frequent, like restaurants or bars, meaning that advertisers can show you advertisements that will be incredibly, scarily in tune with your daily life. There's another consideration, too: what if a hacker gets their hands on this data? Malicious criminals with clear pictures of who you are, what you like, and even what areas you frequent. Scary stuff.

Ultimately, data protection is going to come down to the education of users and government regulation of massive corporations like Facebook, Twitter, or Google. It's important to know what you're handing over-- and more important to stand up for the right to your own data in the future.

To learn more about how Facebook collects EXIF data from the images you upload, check out the main article HERE.