As Facebook colonized the rest of the web with its functionality in hopes of fueling user growth, it built aggressive integrations with partners that are coming under newfound scrutiny through a deeply reported New York Times investigation. Some of what Facebook did was sloppy or unsettling, including forgetting to shut down APIs when it cancelled its Instant Personalization feature for other sites in 2014, and how it used contact syncing to power friend recommendations.
But other moves aren’t as bad as they sound. Facebook did provide Spotify and Netflix the ability to access users messages, but only so people could send friends songs or movies via Facebook messages without leaving those apps. And Facebook did let Yahoo and Blackberry access people’s News Feeds, but to let users browse those feeds within social hub features inside those apps. These partners could only access data when users logged in and connected their Facebook accounts, and were only approved to use this data to provide Facebook-related functionality. That means Spotify at least wasn’t supposed to be rifling through everyone’s messages to find out what bands they talk about so it could build better curation algorithms, and there’s no evidence yet that it did.
Thankfully Facebook has ditched most of these integrations, as the dominance of iOS and Android have allowed it to build fewer, more standardized, and better safeguarded access points to its data. And it’s battened down the hatches in some ways, forcing users to shortcut from Spotify into the real Facebook Messenger rather than giving third-parties any special access to offer Facebook Messaging themselves.
The most glaring allegation Facebook hasn’t adequately responded to yet is that it used data from Amazon, Yahoo, and Huawei to improve friend suggestions through People You May Know — perhaps its creepiest feature. The company needs to accept the loss of growth hacking trade secrets and become much more transparent about how it makes so uncannily accurate recommendations of who to friend request — as Gizmodo’s Kashmir Hill has documented.
In some cases, Facebook has admitted to missteps, with its Director of Developer Platforms and Programs Konstantinos Papamiltiadis writing “we shouldn’t have left the APIs in place after we shut down instant personalization.” In others, we’ll have decide where to draw the line between what was actually dangerous and what gives us the chills at first glance. You don’t ask permission from friends to read an email from them on a certain browser or device, so should you worry if they saw your Facebook status update on a Blackberry social hub feature instead of the traditional Facebook app? Well that depends on how the access is monitored and meted out.
The underlying question is whether we trust that Facebook and these other big tech companies actually abided by rules to oversee and not to overuse data. Facebook has done plenty wrong, and after repeatedly failing to be transparent or live up to its apologies, it doesn’t deserve the benefit of the doubt. For that reason, I don’t want it giving any developer — even ones I normally trust like Spotify — access to sensitive data protected merely by their promise of good behavior despite financial incentives for misuse.
Even if Spotify and Netflix didn’t abuse the access Facebook provided, there’s always eventually a Cambridge Analytica. Tech companies have proven their word can’t necessarily be trusted. The best way to protect users is to properly lock down the platforms with ample vetting, limits, and oversight so there won’t be gray areas that require us to put our faith in the kindness of businesses.