Back to catalog

Facebook and privacy

The two main concerns about Facebook regarding privacy are the following:

  • A revenue model that involves selling user information
  • Employers, organizations and individuals use Facebook data for their own purposes

The result is the compromise of identities without the permission of the individual.

Here's an example: Facebook hired people to generate transcripts of users' audio chats. ( Source ) ( Source ) ( Source )

The following critics are grouped into a few segments for easier reading.

Cooperation with government requests

Facebook has willingly provided information in response to government requests.

In an article from 2011 is noted that "even when the government lacks reasonable suspicion of criminal activity and the user opts for the strictest privacy controls, Facebook users still cannot expect federal law to stop their 'private' content and communications from being used against them". ( Source )

Basically, this means that the government gets granted access to every single piece of user data they require from Facebook no matter what.

Facebook participates in the PRISM program. This came to light in the global surveillance disclosures of 2013 to current year.

Inability to terminate accounts

Before 2010 it wasn't possible to delete a Facebook account. It was only possible to deactivate it. A Facebook representative explained that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups. ( Source )

Since then, it is finally possible to directly remove an account. The privacy policy states: "When you delete an account, it is permanently deleted from Facebook." ( Source )

Security holes

In 2007 a student discovered a XSS vulnerability that could be used to inject JavaScript into profiles and by extend could harm users privacy. ( Source )

Poor privacy controls

Even if a post is set to 'friends only', as soon as another person is tagged, all friends of that person can see the private post. ( Source )

When a private post is made public, no user that commented earlier will receive a notice about it, exposing their once private comment. ( Source )

Quit Facebook Day

Was an online event in 2010 where Facebook users stated to remove their accounts. Estimation was around 2% of the userbase. The result, 0,007% (around 33.000 accounts). ( Source ) ( Source ) ( Source )

Quitters are more concerned about privacy, more addicted to the Internet, and more conscientious. ( Source )

Photo recognition

The automatic facial recognition feature "Tag Suggestions" was enabled in 2011. It compares new image uploads with the uploads of friends to suggest tags.

There were critics, because the feature is activated per default and the user has to switch it off manually. ( Source )

Irish Data Protection Commissioner (DPC) Investigation

The Irish DPC investigated after a complaint from a group of Austrian students in 2011. ( Source )

The group requested access to their user data and got about 1,200 pages per person grouped in over 50 categories. ( Source ) Some data got previously removed by the students, but was in the report anyway.

The group claimed that Facebook failed to provide some data, including Likes, facial recognition data and data about websites using the Facebook social plugins. After that there were several complaints filed against Facebook. ( Source ) ( Source )

The DPC then audited Facebook and suggested some changes that they should undertake until 2012.

Facebook did change some things in response, but the changes were seen as not sufficient enough. Facebook did a worldwide vote on the proposed changes, but didn't advertise it. The vote was in favour of Facebook because the required 30% of all users world wide didn't vetoed it. Instead it was about 0.04% which voted 87% against the new policy. The new policy took effect on the same day. ( Source )

Tracking of non-members

Facebook creates logs of visited pages, relying on tracking cookies, even if not logged in to Facebook. ( Source )

In 2015 Facebook was ordered by the Belgian Privacy Commissioner to stop the tracking of non-users, or risk fines of up to £250,000 per day. ( Source )

Instead of removing tracking cookies, Facebook banned all Belgian non-users from seeing any Facebook content, including publicly posted, unless they sign in. ( Source ) ( Source )


Over 60% of profiles are automatically set to 'visible to public'. Anyone can access these profiles. Also, if not manually disabled, every Facebook user can receive messages from total strangers.

The possible stalking is not limited to happen only on the platform itself. 25% of real-life stalking victims reported that it started in social media. ( Source ) ( Source )

Performative surveillance

Means that people are very much aware of the fact, that they are being monitored on websites like Facebook. They use this fact to portray themselves in a different way, that may, or may not differ greatly of the way they are perceived in reality. ( Source )