On Wednesday (December 5, 2018), the UK Parliament decided to release a treasure trove of Facebook internal emails. The release comes in response to a lawsuit by the app maker Six4Three, which claims that Facebook uses app restrictions to put its competitors out of business.

There are a lot of pages to go through in this document – 250 in total – but luckily, the internet’s been on the case. We’re using this in-depth breakdown from Ashkan Soltani (the former Chief Technologist at the FTC and ex-Obama senior adviser) to explore these documents.

Today we’re going to show you the 7 absolute worst things about Facebook these emails and memos revealed, as well as what they mean for you.

#1 Facebook found a way to access Android users’ call history – without asking their permission

Possibly the worst thing that has been discovered about the Facebook email dump is what the company’s engineers were working on.

They found ways to collect Android users’ call records – and not need to ask for permissions.

According to Soltani :

You can see what he’s talking about in the leaked email below:

Android permissions workaround

In this way, users would only have to upgrade to the newer version of Facebook. But the app wouldn’t ask them to accept or deny the necessary permissions.

What does this mean for you?

Honestly – nothing great. All your calls were logged by Facebook to help them invite people to their app. If you even called someone once, they caught that, logged it, and saved the data in their files to use for whatever purposes.

Not cool, Facebook. Not cool at all.

#2 Call history was used to improve their creepy People You May Know suggestions

Other users were quick to point out that logging user calls – and text messages – without their knowledge or permission was a pretty bad idea:

That’s especially because it was related to the People You May Know (PYMK) friend suggestion algorithm.

This algorithm, by the way, was CREEPY. Here are some of the more interesting things that came from it (from Gizmodo):

  • A social worker whose client called her by her nickname on their second visit, because she’d shown up in his People You May Know, despite their not having exchanged contact information.
  • An attorney who wrote: “I deleted Facebook after it recommended as PYMK a man who was defense counsel on one of my cases. We had only communicated through my work email, which is not connected to my Facebook, which convinced me Facebook was scanning my work email.”

What does this mean for you?

If someone has your email address or phone number, they could be recommended to you. And, if you didn’t set your profile to private (most people don’t), that means they can see all the stuff you shared on your Facebook – pictures of your family, your recent status updates, recent activity, etc.

#3 Apps need to spend at least $250K/year to get user data

One very revealing point that made an appearance again and again was how much Facebook was willing to give access for companies that spent at least $250,000 per year on ads.

And one word keeps coming up: NEKO.

What is NEKO Facebook

So now the obvious question:

What does NEKO stand for?

In multiple emails, Facebook keeps on stressing that apps need to spend at least NEKO $250,000, or using NEKO numbers as a way to decide whether or not to give data access to apps.

So what is this Facebook NEKO?

According to Forbes, NEKO is just Facebook’s way of describing app ads. But Soltani states that:

NEKO is an acronym used to describe mobile app-install ads

But anyways, whether it’s ads on mobile app installs or simply ads the apps are buying on Facebook, the point is the same – Facebook used it to decide whether to give them all that precious data or not.

What does this mean for you?

As we’ve mentioned before elsewhere: if you’re not paying for it, you’re the product. And Facebook sold you – well, your behavioral data – to increase their share price.

#4 Facebook spied on users with its VPN app

In 2013, Facebook bought the team behind Onavo, a free VPN service that’s supposed to protect user data and keep their activities private. In early 2018, Facebook added this as a feature to its main app, under the banner “Protect” in its menu. (Not too long ago, we discussed just how horrible this Onavo VPN actually is.)

However, opposed to what they’re saying, that VPN was actually a front for Facebook’s real purpose: to track the apps people are using.

That way, they can use this data to plan their own strategies:

In the British email and document dump from December 5, you can see the following slides where Onavo is named as the source of the data.

Facebook Onava VPN used to track app data

The VPN app was also used to see how much engagement competitors’ apps were getting:

Facebook Onava VPN used to track app engagement

What does this mean for you?

Obviously, if you installed it from Apple’s App Store (it’s now been removed), or from Google’s Play Store (for some reason, it’s still there), then Facebook used your behavior for their purposes to decide which apps to kill or imitate.

#5 Zuckerberg shuts down Vine’s data access because of competition

If you remember the glory days of Vine, you’ll also probably remember that the app was ingloriously shut down in 2017.

According to reports, the short-form video app found it hard to acquire new users or make money.

Now it’s been revealed that that was exactly Facebook’s plan: they wanted to kill the app. In 2012-2013, Vine was seen as a huge Facebook competitor, since Facebook was planning on launching its own video service in 2013.

At that time, Vine was the #1 overall app and the #1 social network app in the US iTunes store:

Vine competition shut down by Facebook

And so Facebook decided to kill it. In an email exchange, Facebook’s Vice President Justin Osofsky and Mark Zuckerberg decide to kill Vine’s data access, thereby seriously limiting its growth:

Zuckerberg kills Vine in email

So now you know who to blame.

What does this mean for you?

If you liked Vine, your other-favorite social media cause its downfall. But who knows how many other cool or interesting apps like Vine didn’t make it because of Facebook’s business strategy?

#6 Facebook forced Tinder to give ‘Moments’ trademark for data

So then we have the business relationship between Tinder and Facebook.

Facebook came out with a feature called Moments, as I’m sure you know. The only problem, at the time, was that Tinder had already trademarked it. So, what is a powerful app like Facebook – and a cruelly-determined guy like Zuckerberg to do?

A little tit-for-tat, call it legal, corporate blackmail:

If you give us “Moments” we’ll give you data. If you don’t, your app will die.

You can see the email exchange here, with a Tinder representative asking what the trademark exchange is for, and hinting at a greater relationship (read: continued use of data):

Facebook - Tinder agreement 1

Facebook’s representative, Konstantinos Papamiltidas makes the offer more explicit:

Facebook - Tinder agreement 2

And, of course, Tinder accepted.

What does this mean for you?

You – your data, collectively Facebook users’ data – was used as a bargaining chip to get a trademark.

#7 If apps paid enough, they get your data

If you’re nice to Facebook, Facebook is nice to you – at least if you’re an app. If you made good revenues for Facebook, Facebook would allow you to access its data.

And, this revenue didn’t have to be direct payments from the app – apps could just get their users to use some Facebook products, like their payments system, items in their store, or the users or apps running ads:

Facebook money for data

That is the criteria they used to decide which apps get access to user data: money.

And now you know why they were in the Cambridge Analytica scandal to begin with.

What does this mean for you?

It’s probably easy to guess: Facebook doesn’t really care about keeping your data safe. It’s all about money.

This is an easy trend to spot in corporations around the world. But what do you think has changed?

But it also means that – at least before the new scandal-motivated “transparency updates” – your data went to the highest bidder, and that data may have been sent to shady companies, to do who-knows-what.

The strange story of how these emails were revealed

Besides the movie-like shock and drama of what the British email dump reveals, there’s an even bigger, Hollywood-style story of how the UK Parliament got their hands on the documents in the first place.

It all starts with the app Six4Three. They filed a lawsuit in a court in San Mateo, California, claiming that Facebook was selling access to user data for money, partaking in uncompetitive practices (causing Six4Three’s app Pikini to shut down), and mass surveillance on users.

That was in 2015, and nothing much happened from that. But then the Cambridge Analytica scandal happened, and U.K.’s Digital, Culture, Media and Sport Committee began investigating Facebook’s practices.

The San Mateo court ordered the documents found in the process of the lawsuit to be sealed, since they contained some sensitive internal emails. The British wanted those documents.

So, on November 26, when Six4Three’s founder Ted Kramer was on a business trip in London, the British government seized those documents from Kramer – after twice requesting them from him – and published them under a rarely-used parliamentary privilege.

The case is still in court. Facebook, of course, says all the claims are baseless.

You can read the entire British email dump here [pdf].

Recommended reads:

Facebook data breach

Facebook: deactivate vs delete