(Update June 6, 2018, 9:54 AM EDT)
In a follow-up report, the New York Times has found that at least four Chinese device makers are among the list of sixty plus electronics companies, including Huawei, a company that's currently flagged by American intelligence as a national security threat. Facebook admitted it gave data to Huawei on Tuesday in a statement.
Oddly enough, the Chinese phone maker denied any claims of collecting or storing Facebook user data today. Facebook told the New York Times it will end its data partnership with Huawei by the end of the week.
Here's a short list of all the companies that might have gotten their hands on your very intimate Facebook data without your knowledge: Global Science Research, S.C.L. Group (Cambridge Analytica's parent company), AggregateIQ.
And now you can add about 60 of your favorite companies that produce smartphones and computers. Just perfect.
A searing report by the New York Times published Sunday publicly accused Facebook of allowing user data to fall into the hands of "at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft, and Samsung — over the last decade." According to the report, the manufacturers even had access to data about friends of the affected users, contradicting Facebook's current privacy policies.
To test what data device-makers were able to see, a Times reporter signed into his Facebook account on a 2013 BlackBerry smartphone (it was important to use a device that wasn't subject to Facebook's 2014 privacy overhaul). The reporters found that the app not only accessed extensive information about the reporter's profile, it got ahold of similar data from his friends, and from friends of friends, too.
The reporters suspect this worked because of private APIs (application programming interfaces), a type of connection that links Facebook to device makers. Private APIs allowed companies like Amazon, Apple, and Blackberry to access user data, including "relationship status, political leanings, and events they planned to attend."
The partnerships themselves are no big secret — Facebook has been cultivating them for years, and they're often announced publicly, as Facebook confirmed in a blog post. But what is likely surprising to many users is the extent of the information shared without their knowledge, including from friends of users. Facebook refutes that the APIs shared users' friends' data.
This report comes just weeks after Facebook announced it would shut down older APIs no longer in use. But it comes at a less-than-ideal time for Facebook: users are still reeling from the Cambridge Analytica scandal, questioning whether the ways that Facebook has integrated with their lives is worth the price of so much of their personal information. If the allegations against Facebook are, in fact, indicative of misconduct, it will be yet another symptom of Facebook's careless treatment of online privacy.
The good news: Facebook has started taking action to rein in what these companies can access via APIs — it started banning hundreds of third party apps from accessing user data, and even disabled targeted advertising. The bad news: the damage, in this case, is already done.
We know by now that it's a myth that users have full control over the data they give up to Facebook. It's sad to see that recent revelations like these no longer are able to surprise us. We know more now about how Facebook has handled user data in the past. The real question is if we have confidence that it will change in the future.