As Facebook privacy-related incidents continue to pile up this week, a new Threatpost poll found that a whopping three-fourths of respondents no longer trust the social media giant.
The negative sentiment, reflected in a Thursday Threatpost poll of over 130 security professionals, comes as Facebook faces a slew of data privacy snafus this week – more than a year after the Cambridge Analytica scandal first thrust the social media platform’s data privacy into the spotlight.
On the heels of these incidents, the Threatpost poll found that Facebook users have completely lost trust in the platform. Of those polled, 75 percent said that they believe whole organization is lying to consumers about data how it handles data.
“Facebook’s principal defense to many of the privacy criticisms in the last year-plus is that malicious third parties misused the platform to access private user data,” Dan Goldstein, the president and owner of Page 1 Solutions, said in an email. “This claim really doesn’t hold water at this point, now that we know that Facebook actively rode roughshod over issues of consumer consent in order to collect data.”
Trust is Gone
Just this week, an array of new reports, leaked documents, and incidents revealed just how much is going on behind the scenes when it comes to Facebook collecting, leveraging and sharing user data.
A Tuesday NBC News report, detailing thousands of newly-leaked Facebook emails, webchats, spreadsheets and meeting summaries, found that Facebook has been using its user data as leverage in various relationships with other companies.
On Thursday, another report found that Facebook had harvested the email contact lists for 1.5 million people in an ongoing effort since May 2016. And, also on Thursday, Recode discovered that Facebook had accidentally stored millions of Instagram users’ passwords (not thousands, as previously thought) unencrypted on its servers.
On the heels of these incidents, the Threatpost poll found that Facebook users have completely lost trust in the platform. Up to 95 percent of respondents said that they recognize the firm is built on monetizing people’s data – so it’s likely all these issues have been intentional and Facebook just continues getting caught. (In contrast, only 4 percent said that they instead believe “there are sure to be things that fall through the cracks and data that gets mishandled,” but that it’s not a corporate conspiracy).
Making matters worse, when asked what Facebook can do to clean up its act, almost 50 percent of respondents answered that there is nothing the firm can do – it has lost all credibility.
“These online giants shouldn’t be able to just grab your entire social network through your contact list without specific permission, and companies like Facebook need to face stiff penalties when they do it,” said Brian Vecci, field CTO at Varonis in an email. “Without basic consumer protections that lead to real penalties, this kind of thing will continue to happen.”
However, those polled don’t think the incidents will stop consumers from using the platform – and remain unsure what it will take to get Facebook to prioritize responsible data security.
Uncertain Future
Up to 65 percent of survey respondents said that none of these data privacy-related incidents will be enough to bring Facebook down – because consumers will continue to use the platform anyways.
So where will change ultimately come from? Some surveyed asserted that the social media firm should pledge to adhere by General Data Privacy Regulation (GDPR) tenants in all markets (as opposed to just the EU, where GDPR is currently enforced), or adopt official third-party auditing.
But many in the security space agree: the main responsibility beyond consumers and regulations, survey respondents said, needs to come from the tech industry.
In fact, 40 percent of respondents argued that the tech industry as a whole needs to re-evaluate how it collects, maintains and shares data.
“If not Facebook, then Google or Amazon or the big social network of the future will exploit consumer trust,” said Vecci. “This news illustrates how easy it is for any company—not just Facebook—to skip asking for consent when harvesting personal data like your contacts. Consumers need to be vigilant, but also need a basic set of online rights.”
Don’t miss our free Threatpost webinar, “Data Security in the Cloud,” on April 24 at 2 p.m. ET.
A panel of experts will join Threatpost senior editor Tara Seals to discuss how to lock down data when the traditional network perimeter is no longer in place. They will discuss how the adoption of cloud services presents new security challenges, including ideas and best practices for locking down this new architecture; whether managed or in-house security is the way to go; and ancillary dimensions, like SD-WAN and IaaS.