As Facebook privacy-related incidents continue to pile up, a new Threatpost poll found that a whopping three-fourths of respondents no longer trust the social-media giant.
The negative sentiment, reflected in a Thursday Threatpost poll of over 130 security professionals, comes as Facebook faces a slew of data privacy snafus that are continuing more than a year after the Cambridge Analytica scandal first thrust the social-media platform’s data privacy issues into the spotlight.
The latest is Facebook confirming that it harvested the email contact lists for 1.5 million people, in an ongoing effort since May 2016. Shortly before that, an NBC News report, detailing thousands of newly-leaked Facebook emails, webchats, spreadsheets and meeting summaries, revealed that the company was using its member data as leverage for commercial relationships.
And, also on Thursday, Recode discovered that Facebook had accidentally stored millions of Instagram users’ passwords (not thousands, as previously thought) unencrypted on its servers.
On the heels of these incidents, the Threatpost poll found that Facebook users have mainly lost trust in the platform. Of those polled, 75 percent said that they believe “the whole organization is lying to consumers” about how it handles data.
“Facebook’s principal defense to many of the privacy criticisms in the last year-plus is that malicious third parties misused the platform to access private user data,” Dan Goldstein, the president and owner of Page 1 Solutions, said in an email. “This claim really doesn’t hold water at this point, now that we know that Facebook actively rode roughshod over issues of consumer consent in order to collect data.”
Trust is Gone
The array of new reports, leaked documents and incidents revealed just how much is going on behind the scenes when it comes to Facebook collecting, leveraging and sharing user data.
In the wake of the revelations, the Threatpost poll found that Facebook users have lost trust in the platform. Up to 95 percent of respondents said that they recognize the firm is built on monetizing people’s data – and they believe that “it’s likely all these issues have been intentional and Facebook just continues getting caught.” In contrast, only 4 percent said that they instead believe “there are sure to be things that fall through the cracks and data that gets mishandled,” and that it’s not a corporate conspiracy.
“These online giants shouldn’t be able to just grab your entire social network through your contact list without specific permission, and companies like Facebook need to face stiff penalties when they do it,” said Brian Vecci, field CTO at Varonis in an email. “Without basic consumer protections that lead to real penalties, this kind of thing will continue to happen.”
Making matters worse for the social-media juggernaut, when asked what Facebook can do to clean up its act, almost 50 percent of respondents answered that there is nothing the firm can do – and that it has lost all credibility.
However, those polled don’t think the incidents will stop consumers from using the platform – and remain unsure what it will take to get Facebook to prioritize responsible data security.
Uncertain Future
Up to 65 percent of survey respondents said that none of these data privacy-related incidents will be enough to bring Facebook down – because consumers will continue to use the platform anyway.
So where will any change in behavior ultimately come from? Some surveyed asserted that the social-media firm should pledge to adhere by General Data Privacy Regulation (GDPR) tenets in all markets (as opposed to just for E.U. citizens, or adopt official third-party auditing.
But many in the security space agree that the main responsibility lies with the tech industry to change the prevailing attitude towards consumer data.
In fact, 40 percent of respondents argued that the tech industry as a whole needs to re-evaluate how it collects, maintains and shares data.
“If not Facebook, then Google or Amazon or the big social network of the future will exploit consumer trust,” said Vecci. “This news illustrates how easy it is for any company—not just Facebook—to skip asking for consent when harvesting personal data like your contacts. Consumers need to be vigilant, but also need a basic set of online rights.”
Don’t miss our free Threatpost webinar, “Data Security in the Cloud,” on April 24 at 2 p.m. ET.
A panel of experts will join Threatpost senior editor Tara Seals to discuss how to lock down data when the traditional network perimeter is no longer in place. They will discuss how the adoption of cloud services presents new security challenges, including ideas and best practices for locking down this new architecture; whether managed or in-house security is the way to go; and ancillary dimensions, like SD-WAN and IaaS.