It knows when you’ve been online shopping, the last time you worked out and whether you’ve been lurking on your ex’s profile.
Meta’s new social media platform Threads is gobbling up massive amounts of sensitive data on its 100 million users and counting.
The specificity and quantity of information the text and multimedia platform can access poses a risk to most users, if it falls into the wrong hands or is used to target them, tech experts agree.
“This is a hacker’s dream,” said Claudette McGowan, a longtime banking executive who founded Protexxa, a Toronto-based platform that uses artificial intelligence to rapidly identify and resolve cyber issues for employees.
“The more data you have sitting in a certain position (or) spot is going to get people really, really excited about getting access to it and being very creative about it.”
It also keeps tabs on what you’re doing on your device, like whether the app is in the foreground or if your mouse is moving, messages you send and receive and details on purchases you make, including credit card information.
“It looks to me like it is a grab bag or a drift-net approach,” said Brett Caraway, a professor of media economics at the University of Toronto.
That approach is not unusual for social media services or other apps. It’s become “standard repertoire” for such companies to broker access to as much data as possible, he said.
Music-centric social media app TikTok, for example, collects usernames, passwords, dates of birth, email addresses, telephone number, information disclosed in user profiles, photographs and videos. It also grabs preferences you set, content you upload, comments you make, websites you’ve visited, apps you’ve downloaded and purchases you have made.
Screen resolution, keystroke patterns, battery levels, audio settings and “your approximate location, including location information based on your SIM card and/or IP address” are also scooped up by TikTok.
Caraway often hears from students who wonder why they should care if social media companies access their data because they’re not high-profile and don’t use such apps for controversial activities.
“Just because you’re safe today doesn’t mean you’re safe tomorrow,” Caraway argues.
“We’re certainly seeing a situation in the U.S. where certain marginalized populations are under attack, at least rhetorically and sometimes legally, and you might find yourself as part of one of those marginalized populations.”
Regardless of what you do on social media, Caraway said these companies leave users “not in the position to bargain.”
“You just have to take what the platform gives you.”
Asked about the app’s privacy concerns, Meta referred The Canadian Press to Threads posts from its chief privacy officer Rob Sherman, where he argued its privacy measures “are similar to the rest of our social apps, including Instagram, in that our apps receive whatever information you share in the app — including the categories of data listed in the App Store.”
“People can choose to share different kinds of data,” he wrote.
“People just don’t understand the value of the data,” said McGowan.
“They become the product. Things are being monetized that they don’t even envision and they’re thinking they’re making decisions and formulating opinions that really are being formed and decided for them.”
She also advises people to consider a company’s history.
“Do they have a track record of handling sensitive information with care?” she questioned.
“Do they have a track record of being transparent and open and honest with their user community?”
In the case of Threads, its parent company Meta was infamously ensnared in privacy concerns in 2018, when it was revealed that consulting firm Cambridge Analytica paid a Facebook app developer for access to the personal information of about 87 million users.
The personal info was used to target U.S. voters during the country’s presidential election that ended with Donald Trump in power.
Threads has yet to launch in European Union, which has strict data privacy rules.
“We would have liked to offer Threads in the EU at the same time as other markets, and the app does meet General Data Protection Regulation requirements today,” Sherman has said on Threads.
“But building this offering against the backdrop of other regulatory requirements that have not yet been clarified would potentially take a lot longer, and in the face of this uncertainty, we prioritized offering this new product to as many people as possible.”
If you’re having second thoughts about an account you’ve signed up for in light of such developments, most services offer tools that help you adjust settings, limiting access to some of your personal information.
“And you always have the option to disconnect,” McGowan added.
However, to dump your Threads profile, which is embedded in Instagram, you must also delete your Instagram account.
This report by The Canadian Press was first published July 16, 2023.
Meta funds a limited number of fellowships that support emerging journalists at The Canadian Press.