I really wanted to post about a single new issue regarding yet another unethical way in which Facebook collects private data about you for use in ad targeting. But to avoid having a separate topic just about that I’ll make this a collection topic about all ways they sneakily harvest your valuable personal data.
Today a new issue came to light, yet another egregious breach of trust that involves 2-factor authentication (2FA) - the mechanism to make logging into your account more secure, by (in the case of FB) providing your phone number (which is not the best 2FA method):
There is an ongoing Hacker News discussion here: https://news.ycombinator.com/item?id=18082017
From the comments in the HN thread:
“As a security engineer, I cannot overstate just how horrible this is. Phone numbers might not be an ideal 2nd factor for authentication, but to punish users for setting up 2FA by using the provided phone number for ad targetting is incredibly unethical.” (by unmonk)
“When people suggested phone 2fa was a data collection scheme they were hushed and called tinfoils.” (by a_imho)
“People still do that when you point out that using a phone number as a required identifier (WhatsApp, Signal, etc.) gives every ‘free’ service a near perfect unique identifier that’s the same for all services used by that person. Ideal for cross-service collation.”
“Who wants a social security number when you’ve got someone’s phone number?” (by Freak_NL)
One user points out that the Twitter message is sensationalized and this is a better read:
As I imagined it would. I never give anyone/any page my phone number unless I want them to call me. Why do people feel the need for 2fa? I think it’s because they have been made paranoid by the same companies (like FB) that offer the service. Clearly it is in the interests of these companies to have people become paranoid about security so they will purchase increasingly more complex software to ‘protect’ themselves. We are collectively being scammed.
Last night’s PBS TV show “Frontline: The Facebook Dilemma/ Part I” provided more insight into Facebook’s history and data collection methods. Very interesting, to say the least. Part II (PBS) is tonight! (I didn’t see this posted anywhere here in my search- excuse this if it’s repetitive.)
What about how FB is working hard on monetizing Whatsapp (which, if you believe in the reports, led the two WA founders to quit FB early and forego a combined USD1.3 billion of non-vested stock options).
(By the way, prior to being acquired by FB, WA was in the process of starting charging USD1/year - an incredibly modest sum given how heavily we use WA, and explaining their vision they would not run ads, saying that “ads are only here to convince us to buy shit (sic) we don’t need”. How ironic that a cool USD23 billion changed their perspective on that. But yet again, now that they are billionaires, they went with the #deletefacebook movement).
FB tried to have users link their FB and WA accounts.
They acknowledge that WA stores messages metadata and contact lists (and do whatever it is they want to do with that).
You cannot install WA and message someone without having to give WA full access to your entire contact list (something you don’t have to do with Signal).
And they keep reminding you every other week that you have the option to back up your chats on the cloud (asking once is not enough, maybe after asking 10 times they hope the user will relent).
Only stuff Signal stores is the most recent day you connected with the server.
Per Facebook’s collection methods, you have to realize that Facebook’s surveillance and data mining business practices are systemic to all social media platforms plus connected products supported by the android OS, Apple iOS and Microsoft Windows OS due to the fact that Google, Apple and Microsoft have adopted a surveillance capitalism business model.
The preinstalled (“rooted”) content such as apps that support telecom related products such as smartphones are nothing more than a legal form of Malware.
For example, the preinstalled Facebook app is designed to monitor, track and data mine the smartphone user whether the user is on the Facebook platform or not. The Facebook app collects way more information from a Smartphone user than if a Facebook user connected to the Facebook platform by way of the Facebook web portal via the internet. Below is a slide from one of my presentations that shows how much information the Facebook App collects vs. connecting to Facebook via the web portal:
The app will still enable Facebook to monitor, track and data mine you for financial gain even if you cancel your Facebook account but forget to disable the Facebook app that supports connected products such as a smartphone, tablet PC or even a PC.
As a matter of fact, since the app works independent of the Facebook platform, Facebook does not need for you to utilize the Facebook platform in order for Facebook to monitor, track and data mine nearly 100% of all personal and professional information that you generate using your smartphone surveillance data (e.g. location data, motion data, etc.).
In addition, the Facebook app enables Facebook to take full control over the sensors and hardware that supports your smartphone enabling Facebook to surveil your personal and professional activities 24x7/365 while still being able to access the camera and microphone at will to be able to take pictures while record audio and video of your activities without your consent.
Don’t take my word for these claims, read the application permission statements that support the Facebook app yourself such as the example below (Samsung Galaxy Note- android OS- it is the same for Apple users as well):
Many of these same permissions support the Facebook app- so copy and paste the Facebook app analysis I enclosed above to see in detail how much surveillance Facebook can conduct on your activities while data mining your personal and professional information from you smartphone or tablet PC or PC pending what devices the user uses to connect to Facebook via the app.
Go to my website My Smart Privacy to learn more by reading the articles that I’ve written on the subject matter of surveillance and data mining business practices: www.MySmartPrivacy.com (Warning- you will be unplugged from the Silicon Valley Matrix after reading the articles that I’ve written- I’m an industry insider as well)
One liberated, spread the word by forwarding a link to my website to anyone who cares about civil liberties, privacy, cyber security, safety and good business ethics.
Regards- Rex M. Lee/Privacy & Data Security Consultant/Technology Journalist
Are you saying that when Facebook is pre-installed on a device, even when I am not a Facebook user and never opened it, the app is tracking me in the background at all times, sending data to the mothership, and can, for instance, “record audio and video” without my knowledge?
Such an assumption would seem really farfetched, and, if proven accurate, would invite such massive lawsuits that they would bring the company down.
In any case, I disabled the app already. Is that good enough protection?
The app could be sending back information to FB, and - theoretically - record audio and video, if those app permissions are enabled. But that last part is highly speculative and never proven.
I have Facebook installed on my phone per factory. I am not a FB user, and never opened the app. However, I can see mobile data used by the app in the last two months is 1.7MB. What gives? I now have disabled the app entirely.
That is the best thing to do, yes. And go through all your other apps you do not use, and do the same.
It’s awful and shows we’re not at all in control of our devices which are technically our own possessions. I also imagine that most of the data sent by the app is while you’re on Wifi, so the true amount is much higher. Cellular data is not free, and you can see how apps that are tracking you (even if you’re not even a user!) not only invade your privacy but actually cost you significant money on your mobile bill. We’re being sold out by the tech and mobile industry without us even knowing. We’re paying for not only a $1000 phone but also a monthly bill, and it’s subsidising these tech companies’ secretive and pervasive tracking of us.
A partial solution is to turn off background data usage in each and every app. You should still be able to receive notifications since these are usually sent via the Google Cloud Messaging or Firebase Cloud Messaging protocols on Android. However who knows to what extent apps can use a cloud messaging protocol to track you as well?
Yes, many smartphones and connected products supported by the android OS and Apple iOS contain a preinstalled Facebook app which is programmed to enable Facebook to surveil and data mine the product user 24x7/365 for financial gain even when the Facebook user is not on the platform.
With that being said, I believe I have exposed the fact that Facebook and other companies such as Baidu (state owned Chinese Company) are enabled to monitor, track and data mine non-customers or non-subscribers (see below photographs) due to interactive application permission command strings attached to apps which enable two or more companies to surveil and data mine a user from a single predatory preinstalled app.
Aside from being a technology journalist, I also work for an application developer so I know how the game is played when it comes to surveillance and data mining business practices. What I’m divulging to you is related to 5 years of research that I’ve done regarding smartphones and connected products…
To vet my findings, I’ve submitted several reports and analysis to all tech companies concerned. My reports and analysis are centered on preinstalled content such as apps that cannot be uninstalled, controlled or disabled by the product owner or user.
Specifically, I submitted my reports and analysis to AT&T, T-Mobile, Samsung and Google. I asked all parties concerned to copy Facebook, Baidu plus other companies responsible for the development of the preinstalled content that supported the Samsung Galaxy Notes that I analyzed so that all parties concerned including Facebook could read my report and analysis.
I gave all tech companies concerned my reports and analysis so that they could validate my findings or rebuke my findings.
The reports and analysis contained questions regarding Facebook’s surveillance and data mining business practices regarding Facebook’s potential ability to monitor, track and data mine non-Facebook subscribers due to a preinstalled (“rooted”) interactive application permission command string that I found attached to over 50 apps (see actual picture below):
Baidu Example- attached to the 4.2 android email app which is not associated with Gmail- Baidu has nothing to do with email, so why is Google enabling Baidu to access location services tied to email?- this is proof of preinstalled Chinese Surveillance technology associated with a mainstream smartphones such as the Samsung Galaxy Note- this fact has been published in several articles that I’ve written for MissionCritical Communications Magazine plus the Epoch Times:
Back to Facebook, this android (Google) interactive app permission enabled Facebook with access tokens giving Facebook the ability to collect surveillance data (e.g. location data) and sensitive user data associated with the app that this interactive application permission command string is attached to which in total was over 50 preinstalled apps of which none were developed by or for Facebook.
To date, all tech companies concerned have not addressed my questions regarding Facebook’s surveillance and data mining business practices in total or if in fact Facebook is enabled to monitor, track and data mine non-Facebook subscribers.
Mind you the Galaxy Notes that I analyzed were not free plus the devices are telecom related devices supported by protected (due process/4th amendment) telecom infrastructure meaning that all tech companies concerned have a legal responsibility to be transparent with me regarding all business practices concerned especially since I paid for all products concerned.
Since all tech companies concerned refused to address my questions regarding their surveillance and data mining business practices, I filed a formal complaints with the FTC, state AGs and the FCC.
Ultimately, the FCC forced T-Mobile to reply to my questions regarding all tech companies concerned surveillance and data mining business practices.
Rather than address my questions with specifics, T-Mobile simply admitted that smartphones and connected products supported by the android OS and Apple iOS are NOT private, secure or safe forms of telecommunications and computing due to preinstalled surveillance and data mining technology developed by Google and Apple the OS developers whom control which content such as apps (e.g. Facebook app) are preinstalled on devices that support the android OS and Apple iOS.
Don’t take my word for this claim, T-Mobile explains it better than I can:
T-Mobile Admission: “We, too, remember a time before smartphones when it was reasonable to conclude that when you activated service with T-Mobile that only T-Mobile would have access to our personal information. However, with the Samsung Galaxy Note, the iPhone, and many other devices, there are indeed a variety of parties that may collect and use information.” — T-Mobile Privacy Team (FCC Consumer Complaint #423849 Filed by Rex M. Lee/Public Record)
Aside form T-Mobile’s admission that telecom related products such as smartphones are not private, secure or safe forms of telecommunications due to intrusive preinstalled content- using my research, I leveraged Verizon into admitting that Verizon does not sell a private, secure or safe smartphone, tablet PC, flip phone (most flip phones are supported by the android OS today) or connected product supported by the android OS, Apple iOS or MS Windows OS (8&10).
Again, do not take my word for this claim, Verizon’s explanation is better than mine:
Verizon Admission “We have reviewed your request at the highest levels of our organization and have confirmed that the only solutions to make a phone private and secure are available through third parties, not directly from Verizon…. Additionally, Verizon is not equipped to address preinstalled solutions or applications on any device” – July 02, 2018 Note that I also debunked the third-party solutions that Verizon suggested meaning that there is no way to privatize and secure connected products supported by the android OS, Apple iOS or Microsoft Windows OS due to uncontrollable preinstalled surveillance and data mining technology developed by all parties concerned.
As of this date, all parties concerned have not addressed any of my questions with specifics other than the nebulous admissions made by Verizon and T-Mobile which should be the biggest news in telecom and tech but mainstream media outlets will not publish the admissions due to what I believe is a conflict of interest regarding the fact that companies such as Verizon, T-Mobile, Google, Samsung and Apple are collectively the biggest advertisers on TV.
Sorry for the long explanation, but you need to understand that smartphones, tablet PCs and connected products supported by the android OS, Apple iOS and Microsoft Windows 8 & 10 OS are solely developed to enabled the content developers (OS & Apps) with the ability to monitor, track and data mine the product user for financial gain at the expense of the product user’s civil liberties, privacy, cyber security and safety whether the user is an adult, child or business professional according to T-Mobile and Verizon.
Oh by the way, MDM and Security apps will only protect you from intrusive and exploitive third-party content that you purchase or download for free, these solutions will not protect you from intrusive and exploitive preinstalled surveillance and data mining technology created by Apple, Google and Microsoft the three dominant OS developers whom control the market for preinstalled content.
All OS developers concerned have adopted surveillance and data mining business practices rooted in Surveillance Capitalism (business model).
I can back all of my claims and findings up with hard data and photographic evidence such as the evidence I enclosed in this reply.
My reports and analysis have been used by the Department of Homeland Security for the DHS Study on Mobile Device Security published in April of 2017: https://www.dhs.gov/publication/csd-mobile-device-security-study (my company RML Business Consulting, LLC is listed on page 97 of the study as a contributor).
You can contact me if you want more information.
Have a good day. PS, sorry for any typos but I’m spread thin on time this AM.
Great research, thank you!
Should we resign ourselves to being tracked for the rest of our lives, and it just getting worse and worse each year? Or should we try to develop an alternate operating system and other services that have privacy at their core? (And hope that they won’t be hacked?)
Alternate OS is one way but not a fix. Legislation centered on an Electronic Bill of Rights is also one way. Aside from working with law makers, I’m also appealing to business leaders to help drive change due to privacy, cyber security and safety issues with surveillance and data mining business practices.
I’m moderating a cyber security panel at IWCE’s Critical LTE Communications Forum in Chicago on Nov 6th and I will be driving the discussion to harmful and dangerous surveillance and data mining business practices. Pressure from enterprise business is another way change can come about.
As individuals, you too can help drive change by contacting your telecom provider to discuss your rights as a telecom subscriber. You have telecom related rights that are being violated today. Read my latest article, Govt. Fails to Enforce Privacy, Telecommunication and Consumer Laws Meant to Protect Citizens, to learn more: https://www.theepochtimes.com/government-fails-to-enforce-privacy-telecommunication-and-consumer-laws-meant-to-protect-citizens_2696525.html
Also spread the word by forwarding a link to my website which contains all of the articles I’ve written on the subject matter: www.MySmartPrivacy.com
Have a good day- Rex