If we thought the data mining that’s been happening for years was bad, we’ve found out it’s worse than we already thought. Have you shared links via Messenger and Instagram chat? Then you’ve surely seen that little link preview at some stage or other. For Facebook to do that, it downloads data from the link and stores it on its servers.
Say what now?
Two developers, Tommy Mysk and Talal Haj Bakry, discovered privacy and security risks back in October. When reporting this to Facebook, the duo’s concerns were dismissed, and were told that the app works as intended. If that’s not a statement determining that the information was voluntarily being saved, we don’t know what is.
In summary, whenever a user shared a link on Messenger or on Instagram chat and a link preview was generated, the data from that link was downloaded to the social media giant’s servers. According to Mysk and Bakry, this occurred even if the linked site contained many gigabytes of data.
“Facebook servers download the content of any link sent through Messenger or Instagram DMs,” write Mysk and Bakry in their report. “This could be bills, contracts, medical records, or anything that may be confidential.”
The ePrivacy Directive may have stopped this practice in Europe, but the fact remains that plenty of data had been gathered throughout the years. So, what was it exactly that Facebook was collecting that the directive forced them to stop?
Having said all of this, Facebook issued a statement, explaining that they do not store the data as reported. The issue is that other social media sites, like Twitter and Discord, only download about 50MB to generate a link preview. Quite why Facebook needs the full data amount is not specified…
Facebook is refuting the findings of the report detailed below, saying it does not store data from links. It’s how it displays link previews.
According to Facebook, when links are shared in Messenger and on Instagram, a downscaled version of the image is downloaded in order to generate a preview of the link. The company says it does this to protect users from risks, such as malware. Facebook says it does not store the data.
“We don’t store the data from links shared on Messenger or Instagram and we don’t download the original file,” said a Facebook spokesperson in a statement provided to Mashable. “As we explained to the researchers, the behavior described is how we show previews of a link and it allows us to protect people from sharing malware.”
Does this increased data harvesting bother you, or is it just part of the package we’ve signed up for?