Facebook recently announced Portal, its take on the in-home, voice-activated speaker to rival competitors from Amazon, Google and Apple. Initially, Facebook stated that “No data collected through Portal — even call log data or app usage data, like the fact that you listened to Spotify — will be used to target users with ads on Facebook.”
It has been reported, however, that Facebook has backtracked and changed its stance: Portal doesn’t have ads, but data about who you call and data about which apps you use on Portal can be used to target you with ads on other Facebook-owned properties.
Please see below for commentary from several cybersecurity experts.
Sam Curry, Chief Security Officer at Cybereason:
“Privacy-related information is like freedom, often misunderstood and known to matter but not truly appreciated until it’s gone. Having data and most importantly a mapping of the relationships among people, objects and the world is inherently valuable. In the consumer-industrial complex, it’s the equivalent of insider information.The organisations that moved first and became super aggregators of this data, effectively acquiring it through providing value like searches and social media benefits, have wound up with the modern day equivalent of lucky oil turning up under personal property in the 20th century. However, going forward companies like Facebook and Google would do well to remember that this data is a privilege and a right and even though the general public can’t understand it’s inherent value, they will one day. Like freedom, privacy will not be long denied; and companies can either be aware of this and leading the cause to champion privacy or can be swept aside when the eventual privacy revolution arrives.”
Paul Bischoff, Privacy Advocate at Comparitech.com:
“Facebook reneged on an earlier statement saying it wouldn’t collect personal or usage information for advertising purposes. It now says it will collect metadata, like call time and duration, along with aggregate usage data about apps used on the device. The Portal itself won’t show ads, but it will collect information that can be used in targeted ads that users see elsewhere. The about-face is unfortunate from a privacy standpoint. It puts Portal in the same league as the Echo Show. Google Home and Amazon Echo devices use similar data collection tactics on their respective devices. The difference is that Facebook recently underwent a barrage of major privacy setbacks, so consumers might find it less trustworthy than the competition.”
Mayur Upadhyaya, Managing Director, EMEA at Janrain:
“One of the challenges with privacy legislation (such as GDPR) today, is much of the debate is on declared personal identifiable information (PII). Smart devices collect a lot of log information that could become identity fragments. For instance, what my Spotify plays doesn’t say too much (beyond my obsession with late 90’s indie). However, when combined with location, this behavioural information becomes psychographic. So, now I’m part of a cohort. My Netflix plays might suggest I’m male and my news stories might suggest my political affiliation. We now have my age, band, politics, location and gender – which is all derived data and not first party. The nuance here is the following: let’s say on a publisher’s site I’ve opted out of my personal data being used for ad-targeting, have I opted out of the derived data for ad-targeting?”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.