CEO Mark Zuckerberg would testify before Congress regarding the failure of his company to prevent Cambridge Analytica from siphoning off information belonging to around 87 million people, a majority of whom are Americans. In the lead-up to the hearings, Facebook has scrambled to respond to increased scrutiny from the journalists and the public over its privacy practices.
Steps such as overhauling its complete privacy setting menu are a clear benefit. But in other areas, the hurriedness of Facebook to respond to the criticism has resulted in features that may potentially have negative consequences for the users. It was reported on Thursday evening that Mark Zuckerberg and the other top Facebook executives could delete old messages on Messenger, a feature not available to anyone else. Facebook said that the feature exists for corporate security reasons related to the Sony hack of 2014, but it yet feels elitist, especially in the light of broader critiques of the privacy practices of the company.
To prevent sustained backlash, Facebook quickly announced that an “unsend” feature would roll out to all the users in the next several months. Facebook said that Zuckerberg and the other executives would not use it until everyone else could.The end-to-end encrypted setting of Messenger even already has the ability to set messages to delete after a stipulated amount of time. A Facebook spokesperson told in a statement that they would now be making a broader delete message feature available which may take some time and that until this feature is ready, they would no longer be deleting any executives’ messages. Further, the spokesperson said that they should have done this sooner and they are sorry that they did not.
Sarah Jamie Lewis, privacy and anonymity researcher and the executive director of Open Privacy said that in the secure messaging space there is a concept called transcript consistency, the idea that all participants in a conversation see and react to the same messages. She further said that when users allow people to delete messages arbitrarily, they lose transcript consistency, and when that happens cause-and-effect could get muddled or lost entirely. Lewis added that it is not difficult to conceive of ways such a feature could be abused.
In the recent weeks, the ephemeral-messaging debacle is not the only time that Facebook seems to have not fully thought through as to how a well-intentioned but quickly rolled-out feature may affect its user base. Previously this week for an instance, Facebook ceased the ability to search people by their phone number on the platform, highlighting the fact that malicious actors had abused it to scrape data or attempt to access users’ accounts. Facebook’s chief technology officer, Mike Schroepfer, said in a blog post published on Wednesday that given the scale and sophistication of the activity they have seen, they believe most people on Facebook could have had their public profile scraped in this way due to which they have now disabled that feature.
But as the others have indicated, it is yet fairly simple to get a Facebook users’ phone number through other means, like public groups, many of which were made when someone lost their phone or upgraded to a new one and required to gather the numbers of their family and friends. Facebook was correct to kill the phone number search feature, albeit belatedly, but the issue of bad actors collecting users’ phone numbers or other data on the platform remains unsolved.