Connecting people first, privacy last

Facebook’s CEO Mark Zuckerberg emphasized on various occasions during his Senate hearing that he started the social network from his dorm room. However, the simplicity of how it all began is no excuse for the creation of a business model that exploits our data and led to the privacy violation of millions of people.

Back in 2011, the idea behind Tresorit was also born in college. Our goal was to build a service that puts users’ privacy at its heart, and we are still working hard to live up to our promise and stick to our values.

One of the most alarming things that surfaced from the now viral Facebook testimony is that Zuckerberg does not know the details of Facebook’s tracking practices (or at least that’s what he was advised to declare). This shows a huge lack of commitment to the respect of its users’ privacy. It also raises the following question: how could any user be properly informed and enabled to give specific consent for the use of his or her personal data if even the company’s CEO does not know how data is handled on his platform?

Privacy should exist online as much as it does offline. Similar to how none should be able to follow all your steps while shopping or hanging out with your friends, no one should be allowed to track your online movements, conversations or pictures either. But the reality is that Facebook follows you everywhere and knows everything about you.

Facebook’s cross-platform tracking is borderless

Zuckerberg did not want to address this issue during his hearing, and it’s no wonder why. Facebook tracks all your online movements and that of your friends, even those who do not have a Facebook account. It checks your conversations, analyzes the pictures you share privately, and connects all the dots of your movements inside and outside the platform. It knows what you do, when and with whom. While we understand that tracking is an important element of marketing and is used for legitimate business purposes, what we are questioning here is the borderless extent of Facebook’s information gathering and data mining. You and your friends – who can’t even give consent – are constantly being surveilled.

Let me give you a simple theoretical example: I, as a non-member of Facebook meet a friend of mine. We haven’t seen each other for a while so we have a long discussion about the good old days. Then, I go home and look up the places we travelled to together. Again, I am not a Facebook user anymore, and I am not visiting any of the company’s websites. However, my friend at home will start seeing ads from travel agencies to visit those specific cities and places I just looked up. How come?

Well, Facebook can track non-members’ activity on third-party websites through the “like” button – not even by them clicking on it; the fact that it is loaded on their browser enables Facebook to know what pages non-members visited. In my hypothetical case, it connected my device because I was close to my friend’s device, and through that, to my friend’s profile. This way, even though I did not explicitly share data with Facebook (at least I had no intention to) I was tracked. And, on top of that, my friend’s behavior was influenced by my activity. Where is the “reasonable expectation of privacy” of our private, non-digital life?

Facebook makes it hard to delete your data and account

Zuckerberg said that Facebook deletes data once the user deleted it. But Facebook makes it extremely hard to do so. I am a cryptography expert, and it took me about 15 minutes and some research to figure out how permanently delete my Facebook account.

Facebook made improvements…well, it was forced to do so

Zuckerberg proudly kept referring to the changes Facebook made in enabling people to request information on all the data it has on them. Let’s not forget though that Facebook made this happen only after it lost a long legal battle against privacy champion Max Schrems who filed a complaint in Ireland under the European right to access.

Now, here is the good news:

Amid tough questions from senators, Zuckerberg eventually implied that Facebook would apply the GDPR even in the US. A couple of years ago, when the EU was busy working on its new data protection rules, the rest of the world was looking at it with reservation and skepticism. Now it looks like the GDPR might make its way to becoming a global standard. This legislation is tailored to the current digital technologies companies are using. It was created to address today’s technology challenges and keep up with the way information is used online. It establishes a strict legal framework for the handling of online data and deters companies from violating it by imposing huge fines for malpractice.

While legislation is certainly helpful, it’s not a solution, in itself. Technology can also play a huge role in empowering people to control their data and activities online. More research and innovation should be dedicated to building tools that enable people to enjoy as much privacy online as they have offline. End-to-end encryption can certainly help with this. We should not accept that connecting people is only possible at the expense of privacy. That’s why we have started a project to see if there is demand for a social platform that would put privacy first. If you would be interested in such a service, make your voice heard and support our cause.