A thread written by @cynthiablee

Hoolleeeee @#$%^*. Read the article. This is one case where the details are even more damning than the eye-catching headline would suggest.

Facebook specifically targeted young teens starting at 13 years old, offering them $20/month plus referral fees to unlock virtually all forms of data from all apps on the phone to spying.

The article goes into detail about the permissions waivers buttons within the app, but one risk you may not fully appreciate from the article (as if the article isn't horrifying enough already) is how these waivers put FRIENDS at risk.

Even if your child didn't install this app, if your child disclosed sensitive information to a friend who did, Facebook now has full access to that data, not anonymized.

I wrote at Vox about Facebook's long, long history of creating architectures that allow this kind of privacy leakage through careless friends. Before it was to 3rd party apps through their platform. Now it's just a giant, centralized Facebook vacuum.  https://www.vox.com/the-big-idea/2018/4/18/17251234/facebook-privacy-cambridge-analytica-third-party-apps-friends-regulation-pixel 

To reiterate: even if you have NEVER had a Facebook account, if you have a phone and use it to connect with other people through any app, Facebook now almost certainly has extensive information about you.

Also: doesn't matter if you were using encrypted apps, the root access unlock was so comprehensive that Facebook could spy on that too. "[Facebook] collect[ed] this information even where the app uses encryption, or from within secure browser sessions.”

Remember all the "email/private messaging is the new social network" takes recently? Welp, sounds like FB was able to collect data there too, as long as someone in the convo has their spying app installed. #DeleteFacebook is an extreme measure, and doesn't even work.

Here’s an excellent technical look at how Facebook circumvented the Apple store ban of their previous spying app tool, by setting it up under a company internal developer certificate (egregious misuse—supposed to be for coders to debug their apps ONLY):

Nice deep dive on the “consent” forms for Facebook’s spying app. They went out of their way to avoid letting consumers know app or the “research study” was from FB.

California is a 2-party consent state. Any lawyers out there know if Facebook accessing private phone communications of non-Facebook apps with the (very flimsy!) consent of only one of the two parties could run afoul of these types of laws?  http://www.dmlp.org/legal-guide/california-recording-law 

You can follow Cynthia Lee.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Download Threader on iOS.