Facebook Admits To “Unintentionally Uploading” 1.5 Million Harvested Emails, Passwords and Contacts

If Facebook was a company touting its “days without an accident”, that sign would have been completely thrown out by now. After months of countless scandals surrounding data, surveillance and censorship, a new report from Business Insider gave users a rare admission of fault from Silicon Valley’s worst offender: revealing Facebook “unintentionally uploaded” the email contacts of 1.5 million new users who registered on the site since May 2016.

The company admitted this after a security researcher’s tweets began to question why Facebook was asking users to directly enter their email passwords in order to verify their identities. At the time, Business Insider didn’t know what to make of this, but their Facebook sources explain this was used to “improve ad targeting, build Facebook’s web of social connections, and recommend friends to add” whether the users like it or not, thus harvesting contact and log-in information without user consent.

According to the Facebook spokesperson, this practice originally began before May 2016 when the verification process involved both uploading the email password and contacts “voluntarily”. After this date, however, the company gave users a vicious false ultimatum between uploading a password the company has no right to know or being locked out of their Facebook account forever. The kicker? All warnings about contact uploads were deleted from the agreement screen — but the practice continued anyway.

A Business Insider test allows us to view several screenshots on how the process goes. Upon signing up for a new account, users are required to provide the information without much detail. It doesn’t say whether it’s for identity verification, contact uploads, content reviews or anything. You just have to take the leap of faith the blue button represents.

Once you enter the details and take this leap, Facebook begins the harvesting process before your very eyes. Without the permission of the user, a dialog box soon pops up to inform users they’ve begun “importing contacts”, implying Facebook is conducting a review of where emails are exchanged and using meta-data to connect these emails to Facebook accounts. Once this is known to the user, the process can’t be stopped mid-way through. There’s a reason why mother said never to give strangers your details — your account is suddenly out of your own hands until the search is complete.

This wasn’t some legal fine-print trickery, where the privacy catch can be learned beforehand by reading the agreement statement. Instead, there were no such mumbo-jumbo documents in the first place, enforcing an unspoken form of fraud where the user has no possibility to grant informed consent until the button is pressed and the contacts are already uploaded to Facebook servers — and once it’s pressed, there’s simply no turning back. Some notice in advance would be the least a company can do to maintain trust, rather than pretending there’s trust with a dagger behind their back.

But don’t worry! The spokesperson said Facebook apparently had no access to the content of user emails! Never mind the fact users gave their direct login information allowing such abilities, all based on a coercive Sophie's choice, at least we can’t surveillance onto the list of devilish deeds if we simply take the company at their word! Apologies, but the days of taking Facebook assertions at face value have long vanished. User contacts alone are highly sensitive data. The state can’t demand such communications knowledge without a warrant, let alone a corporation where their sovereignty lays in owning monopolised digital capital and online community squares.

Facebook, always trying to save face, released another statement:

“Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people’s email contacts were also unintentionally uploaded to Facebook when they created their account,” the spokesperson said. “We estimate that up to 1.5 million people’s email contacts may have been uploaded. These contacts were not shared with anyone and we’re deleting them. We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.”

The incident serves as another example of why the cyber-libertarian dreams of Silicon Valley have failed the public. This privacy violation isn’t a bug with an unaccountable, online socio-economic system — run exclusively by the most powerful private interests who view users as expendable income — but an intended feature for higher profits. This was the admission of the spokesperson in why the process helped Facebook in the first place. The principles of liberty through privacy run antithetical to the almighty dollar that comes from advertisement through exploitation.

Since the Cambridge Analytica scandal broke in early 2018, Facebook has been on a political warpath to maintain the status quo of self-regulation. The big tech giant has hired lobbyists to fight The California Consumer Privacy Act (CCPA), a sweeping new piece of legislation that, through a ballot initiative, would grant California residents concrete control over their personal data and wield restrictions on Silicon Valley’s masters of the universe. The CCPA allows users the right to own their data, easily opt out of a companies’ data harvesting tactics and prevents the sale of such personal information and data without consent.

Despite their best efforts, the bill was signed into law by Gov. Jerry Brown during the 2018 mid-term elections. If there was big tech accountability in California, Facebook’s verification scandal could be considered a criminal offence if their residents were affected by the harvesting. NBC News showed their data practices are purely to maintain monopoly power, citing company documents showing Zuckerberg unethically uses data to leverage power over their market competitors, so it’s not unreasonable to demand Congress and lower governments enforce any policies keeping to America’s anti-trust standard.

It’s not enough for neo-liberals and conservatives to virtue signal on social media about social media tyranny when their ideologies allow such practice in the first place. It requires the people to use their will and demand their rights are protected by law. “Mining and oil companies exploit the physical environment; social media companies exploit the social environment,” once said controversial billionaire George Soros during his Davos panel earlier this year. “The owners of the platform giants consider themselves the masters of the universe, but, in fact, they are slaves to preserving their dominant position … Davos is a good place to announce that their days are numbered.”

Thanks for reading! This article was originally published for TrigTent.com, a bipartisan media platform for political and social commentary, truly diverse viewpoints and facts that don’t kowtow to political correctness.

Bailey Steen is a journalist, graphic designer and film critic residing in the heart of Australia. You can also find his work right here on Medium and publications such as Janks Reviews.

For updates, feel free to follow @atheist_cvnt on his various social media pages on Facebook, Twitter, Instagram or Gab. You can also contact through bsteen85@gmail.com for personal or business reasons.

Stay honest and radical. Cheers, darlings. 💋

troubled writer, depressed slug, bisexual simp, neoliberal socialist, trotskyist-bidenist, “corn-pop was a good dude, actually,” bio in pronouns: (any/all)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store