Let’s face it, everyone wants your data. Marketers want it so they can sell you stuff. Foreign governments want it so they can monitor or target you. Criminals want it so they can steal for profit. Indeed, the brokering of personal data is a multi-billion-dollar industry.
And thanks to the proliferation of social media platforms, bad actors don’t have to work too terribly hard; people will willingly give up personal information in exchange for entertainment.
Case in point: Quizzes were all the rage on Facebook for years. Which superhero do you most resemble? What does your favorite color say about your personality? Who is your perfect mate?, and so on. Meanwhile, you won’t get your results without granting the quiz tool access to your friends, photos, timeline, email address and any other personal information housed in your Facebook profile.
Make no mistake, that’s a lot of information to share with a quiz tool created by a company most people are blissfully ignorant about.
Data Collection Galore
Turns out that many of the platforms that hosted these tools were founded by or acting on behalf of data collection companies that are paid to aggregate as much information about consumers as possible, from as many sources as possible, and sell it to third parties. They analyze your likes, comments, and online activity and begin to profile your preferences based on your online behavior.
You may be asking, “Who are these third parties?” Well, they vary from enterprises looking to sell you their goods, foreign and domestic governments, political parties, and more. Remember the Cambridge Analytica scandal? While doing work for the Donald Trump Campaign, Cambridge Analytica improperly obtained access to more than 50 million user profiles on Facebook. The scandal raised public debate about the integrity and ethics of using back-door methods to unknowingly target voters in the United States.
[You may also like: Here’s Why Foreign Intelligence Agencies Want Your Data]
However, data collection companies are not the only organizations that use quizzes and entertainment- focused tools to quietly gather personal information. Hackers do it too. Facebook recently filed a lawsuit against two Ukrainian developers, Andrey Gorbachov and Gleb Sluchevsky, for allegedly creating quizzes that asked consumers questions like, “Do you have royal blood,” or “What does your eye color say about you?” in exchange for access to users’ private account data, including friends, photos, name, age, location, birthday, and more.
After facing tremendous public pressure regarding its policies and mishandling of consumer data, Facebook increased its policing of these activities. It even banned personality quizzes following the Cambridge Analytica scandal. And most recently, the FTC is forcing CEO Mark Zuckerberg to personally sign off on privacy policy compliance each quarter, making him potentially liable for civil and criminal penalties if there are any future violations.
Consumer Trust — Unwarranted?
But it’s not just Facebook that has compromised user data. Any number of mobile apps may also be doing the same thing. Why? Because bad actors are like water; they seek the path of least resistance. And in this case, that path is leveraging seemingly innocent entertainment apps that live in trusted Apple and Android app stores.
Now, instead of giving away their Facebook profile data, consumers could be granting apps access to all the data they keep in their phone, including their digital wallet, contacts, photos, browsing history, and a wealth of Personally Identifiable Information (PII) — all in exchange for a glance at how they might look in 40 years.
[You may also like: How Hackable Is Your Dating App?]
That’s where FaceApp comes in. If you’ve logged into social media recently, you’ve likely seen many of your friends sharing pics via FaceApp, a facial recognition software (based on the same technology used by law enforcement) that encourages users to upload a photo and see what they might look like in 40 years.
Sounds fun, right? Well, on the surface perhaps. But FaceApp’s privacy policies and Terms of Service are extremely vague, giving the app and the company that created it rights to collect your photos and use as they see fit.
As the app grew in popularity, privacy advocates began warning people that a Russian-owned company was collecting their data. Reminiscent of Cambridge Analytica, this news sent shockwaves through the American political system, leading U.S. Senate Minority Leader Chuck Schumer to request an FBI investigation into the app. The senator expressed his concern via twitter that personal data from U.S. citizens would be shared with “a hostile foreign power.” (Unsurprisingly, the FaceApp CEO denied sharing data with the Russian government or storing it on Russian servers).
[You may also like: Are Your Applications Secure?]
Which is all to say…how much of consumers’ trust in apps is warranted? Geoffrey Fowler at the Washington Post tested his iPhone to see exactly how much data from apps was passed on to third parties about him and the results were frightening. His experiment found 54,000 hidden data tracking apps within one week!
So, what does this mean for our privacy? When people unknowingly sign away the right to their data for all time in exchange for a few minutes of entertainment, is the fight for consumer privacy rights already being lost?
