Mark Zuckerberg has outlined his plan for a ‘privacy-focused’ Facebook. In a company blog he detailed a new approach to data, message encryption and security policies like hosting its data centres in countries that meet high privacy and security standards.
People, he says, are shifting from publicly broadcasting their activities and views in a digital ‘town square’ and would rather discuss issues in a more secure, privacy-protective online ‘living room’.
Is Facebook finally listening to its users and their privacy concerns? Or is it a pragmatic shift toward where the market is already headed? A privacy wash in response to the looming threat of further regulation and proposed new competition laws coming its way from various governments around the world?
We asked some industry experts for their opinion. Here’s what they said…
Julian Ranger, founder and executive chairman of digi.me
Any moves acknowledging the need for greater personal data privacy online and suggesting tangible actions that could help achieve this are always welcome. That is particularly true when they come from significant and influential tech companies whose previous stances and actions in this arena have been heavily criticised.
That said, Facebook’s statement seems to be focusing primarily on technical privacy, around encryption and more secure data storage, rather than increasing the privacy of its users and the personal data about them that the platform is able to access.
So this isn’t actually going to do anything to address users’ privacy concerns, because there isn’t going to be any shift in how the data that Facebook has about them can be used to track and target them with ads.
This move doesn’t change the fact that the only way that individuals can regain true privacy over their personal data is by getting it back under their own control, to share on their terms. That is never going to be wholly the case with any data held by third parties, including Facebook.
Jim Cridlin is Global Head of Innovation at WPP’s Mindshare
On the surface this announcement seems surprising given Facebook has developed an entire business model based on individuals sharing private information. However, scratch the surface and it really isn’t that surprising.
Facebook is skating to where the puck is going; consumers are shifting to more intimate communication: they spend more time in messaging apps than in social, they trust non-famous influencers and influencers with smaller numbers of followers more than others, and they’re increasingly concerned about data privacy.
The changes Facebook has announced are in line with those consumer trends. What this means for advertisers will need to be digested as changes roll out. Assuming these new private settings are applied uniformly (i.e. there aren’t parts of the Facebook ecosystem left open to sharing), Facebook’s business model will likely start looking much more like the business models of Chinese companies.
Companies like Tencent make more money from services such as micro-payments, online gaming, and streaming video (ala Netflix) than they do advertising. Perhaps the Facebook of the future will look more like this
Facebook’s plans to become a “privacy-focused” platform should be seen as a positive step forward, as the platform looks to mature after a year mired by privacy scandals. The onus is now on Facebook to adjust the way the platform works, not on users to take a step back from social media. In 2018 we saw that users didn’t abandon social media, but the networks did set expectations that they would take action.
Ultimately, Zuckerberg is preaching to the choir – this move is simply catching up what users now expect from social media networks. The idea of a “digital living room” offers privacy and security without sacrificing on what these immensely popular messaging platforms bring to users’ lives. Whether or not this helps Facebook change the world is another question altogether – but putting data privacy at the top of the agenda is certainly a step in the right direction. 2019 would appear already to be a strong year for the world’s biggest social media platform.
I’m confident Facebook can find a way to address the excessive use of private personal information whilst continuing to please advertisers with optimal targeting and users with engaging content, but it will pay a price in development costs and find it slightly more difficult to create engaging, relevant content for users.
The main issue is that privacy and security are linked and there is a high risk that when Facebook starts to use fewer private data features, it will also miss more security threats. Many of the methods used to identify potential threats and attacks, including takeover by viruses residing on a user’s device which impersonate them or bot user behaviours, are more easily detected by using personal data.
The public is gradually becoming aware of the importance of privacy and the negligence shown by Facebook at times, especially during the Cambridge Analytica fiasco. It is important that Facebook’s data privacy effort is not simply smoke and mirrors. The non-hosting of Facebook data in countries with poor human rights records is not really an issue for Facebook. It simply means the data is hosted at a different location. The encryption of data that they promise is also something which really should be done by default.
Of course, a few weeks ago, Facebook also announced its aim to merge its three popular messaging systems. On the surface, this seems sensible as it will expand (for example), the number of contacts a person can reach within one of the apps. To date, of course, this could not be done as WhatsApp offers end to end encryption while the other services did not – or at least not in the same manner. Instagram does not use end-to-end encryption and Facebook Messenger encrypts messages by default from the sender to its server, and then encrypts them again between the server and the recipient but their native Facebook Messenger does not possess the same security. There you have to enable a “secret conversation” mode within the Messenger app in order for conversations to have end-to-end encryption.
There is also the worry that a merged system will result in all the messages being backed up in the cloud, and that a leak could lead to the disclosure of messages from all services rather than just one. People may also find themselves listed in social network directories which previously they did not wish to be part of.
Even with Facebook promising to increase security on its platform, there is no guarantee of course that our data will not wind up in the hands of others. In fact, a healthy attitude is to presume that any data you release to a third party could potentially leak. The only defence we have is strong encryption and also to not send beyond the walls of our residence. Facebook should however assist us, so this is a welcome move.
This is good news from Facebook and for users concerned about exposure of their personal information”, said Peter Galvin, Chief Strategy Officer at nCipher Security. “There’s clearly appetite for a more privacy-focused strategy.
In a recent nCipher cyber security survey we found that 68% of respondents were afraid their identity would be stolen, a third of them were concerned embarrassing information would be leaked on the internet, and 20% don’t trust anyone to protect their data. Prioritizing data privacy and utilizing encryption technologies will help organizations rebuild trust with consumers who are skeptical about how their data is being used.
Facebook’s initiative towards creating a more private online world is very welcome, but it comes with a difficult trade off that Zuckerberg did not mention officially posted his plans to create a ‘Privacy-focused platform’. Think of it like a highway with cars. Facebook is now saying that all the cars on the highway will have dark tinted windows that no one can see into, including Facebook. Although it does create privacy, it comes with a substantial trade off with security. The dark tinted cars better conceal potential cyberattacks including phishing, cyber bullying and malware.
One practical result of this trade off will be less secure messages. Facebook may not be able to effectively identify and block attacks in private messages, even though they will be creating more privacy. In theory, end-to-end encryption blocks Facebook’s visibility into what is being passed from one entity to the other. Facebook will need to find a way to mitigate the security trade off that comes with increased privacy in its platform.