Privacy concerns with Facebook#Oculus and metaverse platforms

In 2010 the Electronic Frontier Foundation identified two personal information aggregation techniques called "connections" and "instant personalization". They demonstrated that anyone could get access to information saved to a Facebook profile, even if the information was not intended to be made public.{{cite web|url=https://www.eff.org/deeplinks/2010/04/handy-facebook-english-translator |title=A Handy Facebook-to-English Translator | Electronic Frontier Foundation |website=Eff.org |date=April 28, 2010 |access-date=June 11, 2013}} A "connection" is created when a user clicks a "Like" button for a product or service, either on Facebook itself or an external site. Facebook treats such relationships as public information, and the user's identity may be displayed on the Facebook page of the product or service.

Instant personalization was a pilot program that shared Facebook account information with affiliated sites, such as sharing a user's list of "liked" bands with a music website, so that when the user visits the site, their preferred music plays automatically. The EFF noted that "For users that have not opted out, Instant Personalization is instant data leakage. As soon as you visit the sites in the pilot program (Yelp, Pandora, and Microsoft Docs) the sites can access your name, your picture, your gender, your current location, your list of friends, all the Pages you have Liked—everything Facebook classifies as public information. Even if you opt-out of Instant Personalization, there's still data leakage if your friends use Instant Personalization websites—their activities can give away information about you, unless you block those applications individually."

On December 27, 2012 CBS News reported that Randi Zuckerberg, sister of Facebook founder Mark Zuckerberg, criticized a friend for being "way uncool" in sharing a private Facebook photo of her on Twitter, only to be told that the image had appeared on a friend-of-a-friend's Facebook news feed. Commenting on this misunderstanding of Facebook's privacy settings, Eva Galperin of the EFF said "Even Randi Zuckerberg can get it wrong. That's an illustration of how confusing they can be."{{cite news|url=https://www.cbsnews.com/news/zuckerberg-family-pic-stirs-facebook-privacy-debate/|title=Zuckerberg family pic stirs Facebook privacy debate|date=December 27, 2012|access-date=June 4, 2012|publisher=CBS News}}

In August 2007 the code used to generate Facebook's home and search page as visitors browse the site was accidentally made public.{{cite news |first=Harrison |last=Hoffman |url=http://news.cnet.com/8301-10784_3-9758702-7.html |title=Facebook's source code goes public|publisher=CNET News.com|date=August 12, 2007}}{{cite news|first=Jonathan|last=Richards|url=http://www.foxnews.com/story/0,2933,293115,00.html|title=Facebook Source Code Leaked Onto Internet|publisher=Fox News Channel|date=August 14, 2007|access-date=August 21, 2007|archive-url=https://web.archive.org/web/20130529171218/http://www.foxnews.com/story/0,2933,293115,00.html|archive-date=May 29, 2013|url-status=dead|df=mdy-all}} A configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure private data on the site was. A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served and threatened with legal notice by Facebook.{{cite web |url=http://szinf.com/facebook-php-leak-snafu.html |title=Facebook's PHP leak SNAFU |website=Szinf.com |date=July 6, 2015 |access-date=July 6, 2015 |archive-url=https://web.archive.org/web/20150707103848/http://szinf.com/facebook-php-leak-snafu.html |archive-date=July 7, 2015 |url-status=dead}} Facebook's response was quoted by the site that broke the story:{{cite news|first=Nik|last=Cubrilovic|url=https://techcrunch.com/2007/08/11/facebook-source-code-leaked|title=Facebook Source Code Leaked|website=TechCrunch.com|date=August 11, 2007}}

{{cquote|A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released powers only Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further.}}

In November Facebook launched Beacon, a system (discontinued in September 2009){{cite news|last=Ortutay|first=Barbara|url=https://www.usatoday.com/tech/hotsites/2009-09-21-facebook-beacon_N.htm|title=Facebook to end Beacon tracking tool in settlement|newspaper=USA Today|access-date=December 8, 2010|date=September 21, 2009}} where third-party websites could include a script by Facebook on their sites, and use it to send information about the actions of Facebook users on their site to Facebook, prompting serious privacy concerns. Information such as purchases made and games played were published in the user's news feed. An informative notice about this action appeared on the third party site and allowed the user to cancel it. The user could also cancel it on Facebook. Originally if no action was taken, the information was automatically published. On November 29 this was changed to require confirmation from the user before publishing each story gathered by Beacon.

On December 1 Facebook's credibility in regard to the Beacon program was further tested when it was reported that The New York Times "essentially accuses" Mark Zuckerberg of lying to the paper and leaving Coca-Cola, which is reversing course on the program, with a similar impression.{{cite web|author=Henry Blodget |url=http://www.alleyinsider.com/2007/12/nyt-facebooks-zuckerberg-lied-to-us-coke-ditto.html |title=NYT: Facebook's Zuckerberg Misled Us; Coke: Ditto – Silicon Alley Insider |website=Alleyinsider.com |date=December 1, 2007 |access-date=June 11, 2013 |url-status=dead |archive-url=https://web.archive.org/web/20090131143840/http://www.alleyinsider.com/2007/12/nyt-facebooks-zuckerberg-lied-to-us-coke-ditto.html |archive-date=January 31, 2009 }} A security engineer at CA, Inc. also claimed in a November 29, 2007, blog post that Facebook collected data from affiliate sites even when the consumer opted out and even when not logged into the Facebook site.{{cite web|url=http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/facebook-s-misrepresentation-of-beacon-s-threat-to-privacy-tracking-users-who-opt-out-or-are-not-logged-in.aspx |title=Facebook's Misrepresentation of Beacon's Threat to Privacy: Tracking users who opt out or are not logged in. |author=Stefan Berteau |date=November 29, 2007 |work=CA Security Advisor Research Blog |access-date=December 24, 2007 |url-status=dead |archive-url=https://web.archive.org/web/20071217062755/http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/facebook-s-misrepresentation-of-beacon-s-threat-to-privacy-tracking-users-who-opt-out-or-are-not-logged-in.aspx |archive-date=December 17, 2007 }} On November 30, 2007, the CA security blog posted a Facebook clarification statement addressing the use of data collected in the Beacon program:{{cite web|url=http://community.ca.com/blogs/securityadvisor/archive/2007/11/30/update-a-statement-from-facebook.aspx |title=Update: A Statement From Facebook |author=Stefan Berteau |date=November 30, 2007 |work=CA Security Advisor Research Blog |access-date=December 8, 2010 |url-status=dead |archive-url=https://web.archive.org/web/20101128031612/http://community.ca.com/blogs/securityadvisor/archive/2007/11/30/update-a-statement-from-facebook.aspx |archive-date=November 28, 2010 }}

{{cquote|When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook for Facebook to operate Beacon technologically. If a Facebook user clicks 'No, thanks' on the partner site notification, Facebook does not use the data and deletes it from its servers. Separately, before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well.}}

The Beacon service ended in September 2009 along with the settlement of a class-action lawsuit against Facebook resulting from the service.

On September 5, 2006, Facebook introduced two new features called "News Feed" and "Mini-Feed". The first of the new features, News Feed, appears on every Facebook member's home page, displaying recent Facebook activities of the member's friends. The second feature, Mini-Feed, keeps a log of similar events on each member's profile page.{{cite magazine|last=Rosmarin |first=Rachel |url=https://www.forbes.com/technology/2006/09/01/facebook-myspace-internet_cx_rr_0905facebook.html |title=Facebook's Makeover |magazine=Forbes |date=September 5, 2006 |url-status=dead |archive-url=https://web.archive.org/web/20061005001718/http://www.forbes.com/technology/2006/09/01/facebook-myspace-internet_cx_rr_0905facebook.html |archive-date=October 5, 2006 |access-date=April 29, 2015 }} Members can manually delete items from their Mini-Feeds if they wish to do so, and through privacy settings can control what is actually published in their respective Mini-Feeds.

Some Facebook members still feel that the ability to opt out of the entire News Feed and Mini-Feed system is necessary, as evidenced by a statement from the Students Against Facebook News Feed group, which peaked at over 740,000 members in 2006.{{cite news|title=Facebook CEO: 'We Really Messed This One Up' |date=September 8, 2006 |url=http://www.nbc11.com/news/9805842/detail.html |work=NBC11.com |access-date=February 21, 2007 |url-status=dead |archive-url=https://web.archive.org/web/20070128133612/http://www.nbc11.com/news/9805842/detail.html |archive-date=January 28, 2007 }} Reacting to users' concerns, Facebook developed new privacy features to give users some control over information about them that was broadcast by the News Feed.{{cite book|title=The Facebook Effect: The Inside Story of the Company That Is Connecting the World|last=Kirkpatrick|first=David|year=2010|publisher=Simon & Schuster|location=New York City|isbn=978-1-4391-0211-4|page=191}} According to subsequent news articles, members have widely regarded the additional privacy options as an acceptable compromise.{{cite news|last=Jesdanun |first=Anick |year=2006 |url=http://www.businessweek.com/ap/financialnews/D8K0UAL00.htm |title=Facebook offers new privacy options |agency=Associated Press |access-date=September 8, 2006 |url-status=dead |archive-url=https://web.archive.org/web/20101213080852/http://www.businessweek.com/ap/financialnews/D8K0UAL00.htm |archive-date=December 13, 2010 }}

In May 2010 Facebook added privacy controls and streamlined its privacy settings, giving users more ways to manage status updates and other information broadcast to the public News Feed.{{cite web|url=http://blog.facebook.com/blog.php?post=391922327130|title=Making Control Simple|access-date=December 8, 2010}} Among the new privacy settings is the ability to control who sees each new status update a user posts: Everyone, Friends of Friends, or Friends Only. Users can now hide each status update from specific people as well.{{cite web|url=http://www.facebook.com/privacy/explanation.php|title=Controlling How You Share|website=Facebook|access-date=December 8, 2010}}{{Primary source inline|date=September 2020}} However, a user who presses "like" or comments on the photo or status update of a friend cannot prevent that action from appearing in the news feeds of all the user's friends, even non-mutual ones. The "View As" option, used to show a user how privacy controls filter out what a specific given friend can see, only displays the user's timeline and gives no indication that items missing from the timeline may still be showing up in the friend's own news feed.

Facebook had allowed users to deactivate their accounts but not actually remove account content from its servers. A Facebook representative explained to a student from the University of British Columbia that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups. The New York Times noted the issue and raised a concern that emails and other private user data remain indefinitely on Facebook's servers. Facebook subsequently began allowing users to permanently delete their accounts in 2010. Facebook's Privacy Policy now states, "When you delete an account, it is permanently deleted from Facebook."

A notable ancillary effect of social-networking websites is the ability for participants to mourn publicly for a deceased individual. On Facebook, friends often leave messages of sadness, grief, or hope on the individual's page, transforming it into a public book of condolences. This particular phenomenon has been documented at a number of schools.{{cite web|access-date=March 5, 2008|url=http://www.newsobserver.com/102/story/521293.html|archive-url=https://web.archive.org/web/20070820170242/http://www.newsobserver.com/102/story/521293.html|archive-date=August 20, 2007|title=Net generation grieves with Facebook postings|work=News Observer}}{{cite news|first=Sarah |last=Batista |url=http://www.charlottesvillenewsplex.tv/news/headlines/1999437.html |title=UVA Student Remembered |publisher=Charlottesville Newsplex |date=November 21, 2005 |access-date=April 10, 2006 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20080119114556/http://www.charlottesvillenewsplex.tv/news/headlines/1999437.html |archive-date=January 19, 2008 }}{{cite news|first=Stephanie|last=Bernhard|url=http://www.browndailyherald.com/media/paper472/news/2006/01/25/CampusNews/Community.Mourns.Death.Of.Pagan.06-1504200.shtml?norewrite200603280837&sourcedomain=www.browndailyherald.com|title=Community mourns death of Pagan '06|newspaper=Brown Daily Herald|date=January 25, 2006|access-date=April 10, 2006|archive-date=September 29, 2007|archive-url=https://web.archive.org/web/20070929103238/http://www.browndailyherald.com/media/paper472/news/2006/01/25/CampusNews/Community.Mourns.Death.Of.Pagan.06-1504200.shtml?norewrite200603280837&sourcedomain=www.browndailyherald.com|url-status=dead}} Facebook originally held a policy that profiles of people known to be deceased would be removed after 30 days due to privacy concerns.{{cite news|access-date=March 5, 2008|url=http://media.www.browndailyherald.com/media/storage/paper472/news/2007/02/22/Features/Facebook.Profiles.Become.Makeshift.Memorials-2736508.shtml?mkey=2429152|title=Facebook profiles become makeshift memorials|newspaper=The Brown Daily Herald|date=February 22, 2007|author=Kelleher, Kristina|url-status=dead|archive-url=https://web.archive.org/web/20080321104329/http://media.www.browndailyherald.com/media/storage/paper472/news/2007/02/22/Features/Facebook.Profiles.Become.Makeshift.Memorials-2736508.shtml?mkey=2429152|archive-date=March 21, 2008}} Due to user response, Facebook changed its policy to place deceased members' profiles in a "memorialization state".{{cite news|url=https://www.usatoday.com/tech/webguide/internetlife/2007-05-08-facebook-vatech_N.htm?csp=34|title=USA Today article|newspaper=USA Today|date=May 8, 2007|first=Monica|last=Hortobagyi|access-date=April 30, 2010}} Facebook's Privacy Policy regarding memorialization says, "If we are notified that a user is deceased, we may memorialize the user's account. In such cases we restrict profile access to confirmed friends and allow friends and family to write on the user's Wall in remembrance. We may close an account if we receive a formal request from the user's next of kin or other proper legal request to do so."

Some of these memorial groups have also caused legal issues. Notably, on January 1, 2008, one such memorial group posted the identity of murdered Toronto teenager Stefanie Rengel, whose family had not yet given the Toronto Police Service their consent to release her name to the media, and the identities of her accused killers, in defiance of Canada's Youth Criminal Justice Act, which prohibits publishing the names of the under-age accused.{{cite news|access-date=March 5, 2008|url=https://www.theglobeandmail.com/news/national/facebook-proves-problematic-for-police/article665975/|title=Facebook proves problematic for police|newspaper=The Globe and Mail|date=January 5, 2008|author=Drudi, Cassandra|location=Toronto}} While police and Facebook staff attempted to comply with the privacy regulations by deleting such posts, they noted difficulty in effectively policing the individual users who repeatedly republished the deleted information.{{cite news|access-date=March 5, 2008|url=http://www.digitaljournal.com/article/248379/Angry_Facebook_Users_Illegally_Leaked_the_Names_of_Accused_Underage_Murderers|title=Angry Facebook Users Illegally Leaked the Names of Accused Underage Murderers|work=Digital Journal|date=January 5, 2008}}

In July 2007 Adrienne Felt, an undergraduate student at the University of Virginia, discovered a cross-site scripting (XSS) hole in the Facebook Platform that could inject JavaScript into profiles. She used the hole to import custom CSS and demonstrate how the platform could be used to violate privacy rules or create a worm.{{cite web |url=http://www.cs.virginia.edu/felt/fbook/ |title=Defacing Facebook |access-date=August 17, 2007|date=July 27, 2007}}

Facebook offers privacy controls to allow users to choose who can view their posts: only friends, friends and friends of friends, everyone, custom (specific choice of which friends can see posts). While these options exist, there are still methods by which otherwise unauthorized third parties can view a post. For example, posting a picture and marking it as only viewable by friends, but tagging someone else as appearing in that picture, causes the post to be viewable by friends of the tagged person(s).{{Cite journal|last1=Günel|first1=Burcu Sayin|last2=Şahi̇n|first2=Serap|last3=Kogias|first3=Dimitris G.|last4=Patrikakis|first4=Charalampos Z.|date=2019-10-01|title=Privacy issues in post dissemination on Facebook|url=https://dergipark.org.tr/en/pub/tbtkelektrik/662311|journal=Turkish Journal of Electrical Engineering & Computer Science|volume=27|issue=5|pages=3417–3432|doi=10.3906/elk-1811-25|issn=1300-0632|doi-access=free|hdl=11147/9111|hdl-access=free}}

Photos taken of people by others can be posted on Facebook without the knowledge or consent of people appearing in the image; persons may have multiple photos which feature them on Facebook without being aware of it. A study has suggested that a photo of a person which reflects poorly on them posted online can have a more harmful effect than losing a password.{{Cite journal|last1=Vishwanath|first1=Arun|last2=Xu|first2=Weiai|last3=Ngoh|first3=Zed|date=2018|title=How people protect their privacy on facebook: A cost-benefit view|url=https://asistdl.onlinelibrary.wiley.com/doi/abs/10.1002/asi.23894|journal=Journal of the Association for Information Science and Technology|volume=69|issue=5|pages=700–709|doi=10.1002/asi.23894|s2cid=13747670|issn=2330-1643}}

When commenting on a private post, the commenting user is not informed if the post they commented on is later made public – which would make their comment on said post also publicly viewable.

Quit Facebook Day was an online event which took place on May 31, 2010 (coinciding with Memorial Day), in which Facebook users stated that they would quit the social network due to privacy concerns.{{cite magazine|url=http://www.pcworld.com/article/197621/its_quit_facebook_day_are_you_leaving.html|title=It's Quit Facebook Day, Are You Leaving? – PCWorld|last=Paul|first=Ian|date=May 31, 2010|magazine=PC World|access-date=May 31, 2010|archive-date=June 1, 2010|archive-url=https://web.archive.org/web/20100601102604/http://www.pcworld.com/article/197621/its_quit_facebook_day_are_you_leaving.html|url-status=dead}}

It was estimated that 2% of Facebook users coming from the United States would delete their accounts.{{cite news|url=http://www.tgdaily.com/software-features/50001-quit-facebook-day-set-to-be-a-flop|title=Quit Facebook Day set to be a flop|last=Woollacott|first=Emma|date=May 31, 2010|publisher=TG Daily|access-date=May 31, 2010|archive-date=June 2, 2010|archive-url=https://web.archive.org/web/20100602190151/http://www.tgdaily.com/software-features/50001-quit-facebook-day-set-to-be-a-flop|url-status=dead}}

However, only 33,000 (roughly 0.0066% of its roughly 500 million members at the time) users quit the site.{{cite news |url=https://www.theguardian.com/media/pda/2010/jun/01/digital-media-facebook |author=Jemima Kiss |date=June 1, 2010 |newspaper=The Guardian |title=Facebook: Did anyone really quit? |location=London}} The number one reason for users to quit Facebook was privacy concerns (48%), being followed by a general dissatisfaction with Facebook (14%), negative aspects regarding Facebook friends (13%), and the feeling of getting addicted to Facebook (6%). Facebook quitters were found to be more concerned about privacy, more addicted to the Internet, and more conscientious.{{cite journal|title = Who Commits Virtual Identity Suicide? Differences in Privacy Concerns, Internet Addiction, and Personality Between Facebook Users and Quitters |journal = Cyberpsychology, Behavior, and Social Networking |volume = 16 |issue = 9 |pages = 629–634 |doi = 10.1089/cyber.2012.0323 |pmid = 23374170 |year = 2013|last1 = Stieger|first1 = Stefan|last2 = Burger |first2 = Christoph |last3 = Bohn |first3 = Manuel |last4 = Voracek |first4 = Martin }}{{Subscription required}}

Facebook enabled an automatic facial recognition feature in June 2011, called "Tag Suggestions", a product of a research project named "DeepFace".{{cite web|url=http://www.extremetech.com/extreme/178777-facebooks-facial-recognition-software-is-now-as-accurate-as-the-human-brain-but-what-now|title=Facebook's facial recognition software is now as accurate as the human brain, but what now? | ExtremeTech|website=Extremetech.com|access-date=June 13, 2014}} The feature compares newly uploaded photographs to those of the uploader's Facebook friends, to suggest photo tags.

National Journal Daily claims "Facebook is facing new scrutiny over its decision to automatically turn on a new facial recognition feature aimed at helping users identify their friends in photos".Facebook Taking Hits Over Facial Recognition Feature. Washington: Atlantic Media, Inc., 2011. ProQuest. Web. December 6, 2016. Facebook has defended the feature, saying users can disable it.{{cite web|title=Facebook facial recognition raises eyebrows in Germany, EU|url=http://www.dw-world.de/dw/article/0,,15144128,00.html|publisher=Deutsche Welle|access-date=June 13, 2011}} Facebook introduced the feature on an opt-out basis.{{cite news|last=Milian|first=Mark|title=Facebook lets users opt out of facial recognition|url=http://edition.cnn.com/2011/TECH/social.media/06/07/facebook.facial.recognition/|archive-url=https://web.archive.org/web/20110611054342/http://edition.cnn.com/2011/TECH/social.media/06/07/facebook.facial.recognition/|url-status=dead|archive-date=June 11, 2011|publisher=CNN International|access-date=June 13, 2011}} European Union data-protection regulators said they would investigate the feature to see if it violated privacy rules.{{cite web|last=Gannes|first=Liz|title=Facebook facial recognition prompts EU privacy probe|url=http://news.cnet.com/8301-1023_3-20070148-93/facebook-facial-recognition-prompts-eu-privacy-probe/|publisher=Cnet News|access-date=June 13, 2011}}

Naomi Lachance stated in a web blog for NPR, All Tech Considered, that Facebook's facial recognition is right 98% of the time compared to the FBI's 85% out of 50 people. However, the accuracy of Facebook searches is due to its larger, more diverse photo selection compared to the FBI's closed database.{{cite web|url=https://www.npr.org/sections/alltechconsidered/2016/05/18/477819617/facebooks-facial-recognition-software-is-different-from-the-fbis-heres-why|title=Facebook's Facial Recognition Software Is Different From The FBI's. Here's Why|website=NPR|date=18 May 2016|access-date=December 16, 2018|last=Lachance|first=Naomi}}

Mark Zuckerberg showed no worries when speaking about Facebook's AIs, saying, "Unsupervised learning is a long-term focus of our AI research team at Facebook, and it remains an important challenge for the whole AI research community" and "It will save lives by diagnosing diseases and driving us around more safely. It will enable breakthroughs by helping us find new planets and understand Earth's climate. It will help in areas we haven't even thought of today".Computer, Express. "Facebooks' Mark Zuckerberg: 'we should Not be Afraid of AI'." Express Computer (2016) ProQuest. Web. December 6, 2016.

In May 2016 Facebook faced a lawsuit in Illinois for violations of the Biometric Information Privacy Act.{{cite news |date=6 May 2016 |title=Facebook facing lawsuit over photo tagging |work=KGO-TV |url=https://abc7news.com/biometric-data-facebook-being-sued-for-photo-tagging-how-to-turn-off-the-feature-on/1326299 |url-status=live |access-date=21 February 2022 |archive-url=https://web.archive.org/web/20220222014147/https://abc7news.com/biometric-data-facebook-being-sued-for-photo-tagging-how-to-turn-off-the-feature-on/1326299/ |archive-date=22 February 2022}} In February 2021, the company settled, agreeing to pay $650 million, and shut down the feature in December 2021.{{Cite web |last=Robertson |first=Adi |date=2021-11-02 |title=Facebook is shutting down its Face Recognition tagging program |url=https://www.theverge.com/2021/11/2/22759613/meta-facebook-face-recognition-automatic-tagging-feature-shutdown |access-date=2022-03-29 |website=The Verge}} Following the shutdown, Cher Scarlett, a former Apple security engineer, in January 2022 tweeted a photo that she had been auto-tagged in by someone unknown to her prior to shutdown. The photo was from the 19th century and she said that she learned it was her great-great-great-grandmother of Volga German ancestry, saying the technology was "dangerous" and "off-putting", and pointed to the implication of genocide.{{Cite web |last=Cords |first=Sarah |date=2022-03-16 |title=Blowing the Whistle on Big Tech |url=https://progressive.org/api/content/2798b192-a545-11ec-9e0e-12274efc5439/ |access-date=2022-03-29 |website=The Progressive}}

In September 2024, Meta said it scraped all Australian adult users' public photos and posts on Facebook to train its AI without an opt-out option.{{cite web | last=Evans | first=Jake | title=Facebook admits to scraping every Australian adult user's public photos and posts to train AI, with no opt-out option | website=ABC News | date=2024-09-10 | url=https://www.abc.net.au/news/2024-09-11/facebook-scraping-photos-data-no-opt-out/104336170 | access-date=2024-09-12}}

An article published by USA Today in November 2011 claimed that Facebook creates logs of pages visited both by its members and by non-members, relying on tracking cookies to keep track of pages visited.{{cite web |first=Byron |last=Achohido |title=Facebook tracking is under scrutiny |url=https://www.usatoday.com/tech/news/story/2011-11-15/facebook-privacy-tracking-data/51225112/1 |archive-url=https://web.archive.org/web/20111116071618/http://www.usatoday.com/tech/news/story/2011-11-15/facebook-privacy-tracking-data/51225112/1 |website=USA Today |date=November 15, 2011 |archive-date=November 16, 2011 |access-date=June 18, 2017 |url-status=dead}}

In early November 2015 Facebook was ordered by the Belgian Privacy Commissioner to cease tracking non-users, citing European laws, or risk fines of up to £250,000 per day.{{cite web |title=Belgian court orders Facebook to stop tracking non-members |url=https://www.theguardian.com/technology/2015/nov/10/belgian-court-orders-facebook-to-stop-tracking-non-members |website=The Guardian |date=November 10, 2015 |access-date=June 18, 2017}} As a result, instead of removing tracking cookies, Facebook banned non-users in Belgium from seeing any material on Facebook, including publicly posted content, unless they sign in. Facebook criticized the ruling, saying that the cookies provided better security.{{cite web |first=Chris |last=Baraniuk |title=Facebook bows to Belgian privacy ruling over cookies |url=https://www.bbc.com/news/technology-34987422 |website=BBC News |publisher=BBC |date=December 2, 2015 |access-date=June 18, 2017}}{{cite web |first=Nick |last=Statt |title=After privacy ruling, Facebook now requires Belgium users to log in to view pages |url=https://www.theverge.com/2015/12/2/9838104/facebook-belgium-log-in-privacy-ruling-cookies |website=The Verge |date=December 2, 2015 |access-date=June 18, 2017}}

By statistics, 63% of Facebook profiles are automatically set "visible to the public", meaning anyone can access the profiles that users have updated. Facebook also has its own built-in messaging system that people can send messages to any other user, unless they have disabled the feature to "from friends only". Stalking is not only limited to SNS stalking, but can lead to further "in-person" stalking because nearly 25% of real-life stalking victims reported it started with online instant messaging (e.g., Facebook chat).{{cite web|url =http://ansonalex.com/infographics/facebook-stalking-statistics-2012-infographic/|title = Facebook Stalking Statistics 2012|date = Nov 12, 2012|access-date = Oct 26, 2014|website = ansonalex.com|publisher = Anson, Alexander|last = Anson|first = Alexander}}

In December 2018 it emerged that Facebook had, during the period 2010–2018, granted access to users' private messages, address book contents, and private posts, without the users' consent, to more than 150 third parties including Microsoft, Amazon, Yahoo, Netflix, and Spotify. This had been occurring despite public statements from Facebook that it had stopped such sharing years earlier.{{cite web|url=https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html|title=As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants|first1=Gabriel J. X.|last1=Dance|first2=Michael|last2=LaForgia|first3=Nicholas|last3=Confessore|date=December 18, 2018|website=The New York Times}}

In December 2018 it emerged that Facebook's mobile app reveals the user's location to Facebook, even if the user does not use the "check in" feature and has configured all relevant settings within the app so as to maximize location privacy.{{cite web|url=https://www.theguardian.com/technology/2018/dec/19/facebook-users-avoid-location-based-ads-settings-investigation-reveals|title=Facebook users cannot avoid location-based ads, investigation finds|first=Alex|last=Hern|date=December 19, 2018|website=The Guardian}}

In February 2019 it emerged that a number of Facebook apps, including Flo, had been sending users' health data such as blood pressure and ovulation status to Facebook without users' informed consent.{{cite web|url=https://www.cbsnews.com/news/facebook-reportedly-received-sensitive-health-data-from-apps-without-consent/|title=Facebook reportedly received users' sensitive health data from apps: "It's incredibly dishonest"|date=22 February 2019 |publisher=CBS News|access-date=February 23, 2019}}{{cite web|url=https://www.theguardian.com/technology/2019/feb/23/facebook-app-data-leaks|title=Facebook attacked over app that reveals period dates of its users|first1=Jamie|last1=Doward|first2=Raj|last2=Soni|date=February 23, 2019|access-date=February 23, 2019|website=The Guardian}}{{cite web|url=https://www.wsj.com/articles/you-give-apps-sensitive-personal-information-then-they-tell-facebook-11550851636|title=You Give Apps Sensitive Personal Information. Then They Tell Facebook.|first1=Sam|last1=Schechner|first2=Mark|last2=Secada|date=February 22, 2019|access-date=February 23, 2019|website=The Wall Street Journal}}{{cite web|url=https://www.theverge.com/2019/2/22/18236398/facebook-mobile-apps-data-sharing-ads-health-fitness-privacy-violation|title=App makers are sharing sensitive personal information with Facebook but not telling users|first=Nick|last=Statt|date=February 22, 2019|website=The Verge|access-date=February 23, 2019}} New York governor Andrew Cuomo called the practice an "outrageous abuse of privacy", ordered New York's department of state and department of financial services to investigate, and encouraged federal regulators to step in.{{cite web|url=https://www.theguardian.com/technology/2019/feb/22/new-york-facebook-privacy-data-app-wall-street-journal-report|title='Outrageous abuse of privacy': New York orders inquiry into Facebook data use|agency=Reuters|date=February 23, 2019|access-date=February 23, 2019|website=The Guardian}}

Facebook's acquisition of virtual reality headset manufacturer Oculus has resulted in ongoing concerns over the integration of its hardware and software platforms with Facebook user data. After the acquisition, Oculus co-founder Palmer Luckey had assured users that "you won't need to log into your Facebook account every time you wanna use the Oculus Rift."{{Cite web |last=Robertson |first=Adi |date=August 19, 2020 |title=Facebook is making Oculus' worst feature unavoidable |url=https://www.theverge.com/2020/8/19/21375118/oculus-facebook-account-login-data-privacy-controversy-developers-competition |url-status=live |archive-url=https://web.archive.org/web/20200827095924/https://www.theverge.com/2020/8/19/21375118/oculus-facebook-account-login-data-privacy-controversy-developers-competition |archive-date=August 27, 2020 |access-date=September 4, 2020 |website=The Verge}}{{Cite web |title=Palmer Luckey on Oculus' Facebook deal: "You will not need a Facebook account to use or develop for the Rift" |url=https://www.pcgamesn.com/palmer-luckey-oculus-facebook-deal-you-will-not-need-facebook-account-use-or-develop-rift |url-status=live |archive-url=https://web.archive.org/web/20200822042403/https://www.pcgamesn.com/palmer-luckey-oculus-facebook-deal-you-will-not-need-facebook-account-use-or-develop-rift |archive-date=August 22, 2020 |access-date=September 4, 2020 |website=PCGamesN |date=26 March 2014}}

Initially the Oculus desktop software provided opt-in integration with Facebook, primarily for identifying Facebook users within their Oculus friends list.{{Cite web |last=Machkovech |first=Sam |date=September 15, 2016 |title=Facebook login adds real-name policy, auto-updated friends list to Oculus [Updated] |url=https://arstechnica.com/gaming/2016/09/facebook-login-adds-real-name-policy-auto-updated-friends-list-to-oculus/ |url-status=live |archive-url=https://web.archive.org/web/20200909022747/https://arstechnica.com/gaming/2016/09/facebook-login-adds-real-name-policy-auto-updated-friends-list-to-oculus/ |archive-date=September 9, 2020 |access-date=September 4, 2020 |website=Ars Technica}} In August 2020, Facebook announced that all Oculus products and services would become subject to the unified Facebook privacy policy, code of conduct, and community guidelines moving forward, and that a Facebook account would be required to use Oculus products and services beginning in October. This policy took effect beginning with the Oculus Quest 2.{{Cite web |last=Robertson |first=Adi |date=2020-10-15 |title=Facebook is accidentally locking some users out of their new Oculus headsets |url=https://www.theverge.com/2020/10/15/21518194/oculus-quest-2-headset-facebook-account-suspension-problems |access-date=2020-10-18 |website=The Verge}}{{cite news |author=Sam Machkovech |title=The Facebookening of Oculus VR becomes more pronounced starting in October |publisher=Ars Technica |url=https://arstechnica.com/gaming/2020/08/oculus-vr-accounts-will-soon-require-facebook-ties/ |url-status=live |access-date=August 19, 2020 |archive-url=https://web.archive.org/web/20200818193931/https://arstechnica.com/gaming/2020/08/oculus-vr-accounts-will-soon-require-facebook-ties/ |archive-date=August 18, 2020}} At that time, the ability to create a standalone Oculus account was discontinued, and it was announced that these accounts were to be deprecated effective January 1, 2023.

The requirements, as well as Facebook's later focus on "metaverse" platforms, have led to concerns over the amount of user data that could be collected by the company via virtual reality hardware and interactions, including the user's surroundings, motions and actions, and biometrics.{{cite news |last=Hunter |first=Tatum |title=Surveillance will follow us into 'the metaverse,' and our bodies could be its new data source |newspaper=The Washington Post |url=https://www.washingtonpost.com/technology/2022/01/13/privacy-vr-metaverse/ |access-date=29 March 2022}}{{cite web |last1=O'Brien |first1=Matt |last2=Chan |first2=Kalvin |title=EXPLAINER: What is the metaverse and how will it work? |url=https://abcnews.go.com/Business/wireStory/explainer-metaverse-work-80842516 |access-date=29 March 2022 |website=ABC News |publisher=Associated Press}} Horizon, a VR social network run as part of the Oculus platform, is subject to Facebook policies, performs "rolling" recordings of interactions that could be uploaded to Facebook servers for the purposes of moderation if users are reported, and users can be observed by moderators without their knowledge if they are reported by others, or "signals" regarding that user are raised by other users via their own actions (such as muting).{{Cite web |last=Lang |first=Ben |date=2020-08-28 |title=In 'Horizon' Facebook Can Invisibly Observe Users in Real-time to Spot Rule Violations |url=https://www.roadtovr.com/facebook-horizon-privacy-monitoring-moderation/ |access-date=2022-08-04 |website=Road to VR}}

In September 2020 Facebook pulled all Oculus products from the German market due to concerns from local regulators over the policy's compliance with the European Union's General Data Protection Regulation (GDPR).{{Cite web |last=Hayden |first=Scott |date=2020-09-02 |title=Facebook Halts Sale of Rift & Quest in Germany Amid Regulatory Concerns |url=https://www.roadtovr.com/facebook-oculus-germany-rift-quest-halted-antitrust/ |access-date=2021-07-28 |website=Road to VR}} In December 2020, the German Federal Cartel Office (Bundeskartellamt) launched an antitrust investigation into Facebook's mandatory integration of its social networking platform with its virtual reality products.{{Cite web |last= |first= |date=11 December 2020 |title=Insights: Breakup Lawsuit Will Transform Facebook, Regardless Of Its Eventual Outcome |url=https://www.tubefilter.com/2020/12/11/insights-facebook-antitrust-lawsuit/ |access-date=2021-02-07 |website=www.tubefilter.com}}{{Cite web |last=Abent |first=Eric |date=2020-12-10 |title=Oculus Quest 2 Facebook account demand sparks an antitrust investigation |url=https://www.slashgear.com/oculus-quest-2-facebook-account-demand-sparks-an-antitrust-investigation-10650568/ |access-date=2021-02-07 |website=SlashGear}}

At the Facebook Connect event in October 2021 (where Facebook, Inc. announced its rebranding as Meta), Zuckerberg stated that Meta was "working on making it so you can log in into Quest with an account other than your personal Facebook account".{{Cite news |last=Jimenez |first=Jorge |date=2021-10-28 |title=Oculus Quest VR headsets to eliminate mandatory Facebook account log-in requirement |work=PC Gamer |url=https://www.pcgamer.com/oculus-quest-vr-headsets-to-eliminate-mandatory-facebook-account-log-in-requirement/ |access-date=2021-11-01}} The new "Meta account" was announced in July 2022 as a de facto replacement for Oculus accounts, which will not be explicitly tied to the Facebook social network, and can be linked with other members of the Facebook "Family of Apps" (Facebook, Messenger, Instagram, and WhatsApp). It was stated that Meta Quest users would be allowed to transition to Meta accounts and decouple their Facebook logins from its VR platforms. Ars Technica noted that the new terms of service and privacy policies associated with Meta account system could allow enforcement of a real name policy (stating that users would be obligated to provide "accurate and up to date information (including registration information), which may include providing personal data", and still allowed for "rampant" use of user data by Meta, especially if linked with other Facebook apps.{{Cite web |last=Machkovech |first=Sam |date=2022-07-09 |title=Meta removes Facebook account mandate from Quest VR—but is that enough? |url=https://arstechnica.com/gaming/2022/07/quest-vr-has-traded-facebookening-for-metastasis-with-new-account-system/ |access-date=2022-08-04 |website=Ars Technica}}

Personal information of 533 million Facebook users, including names, phone numbers, email addresses, and other user profile data, was posted to a hacking forum in April, 2021. This information had been previously leaked through a feature allowing users to find each other by phone number, which Facebook fixed to prevent this abuse in September 2019. The company decided not to notify users of the data breach.[https://www.npr.org/2021/04/09/986005820/after-data-breach-exposes-530-million-facebook-says-it-will-not-notify-users After Data Breach Exposes 530 Million, Facebook Says It Will Not Notify Users]

The Irish Data Protection Commission, which has jurisdiction over Facebook due to the location of its EU headquarters, then opened an investigation into the breach as a possible violation of GDPR.{{cite news |url=https://www.politico.eu/article/ireland-to-probe-facebook-following-massive-data-leak/ |title=Ireland to probe Facebook following massive data leak |author=Vincent Manancourt |date=April 14, 2021}}

There have been allegations by some users that Facebook's mobile app is capable of listening to conversations without consent, citing instances of the service displaying advertisements for products that they had only spoken about, and had otherwise had no prior interactions with. In August 2019, Facebook admitted that it had been sending anonymized voice data from the Messenger app to third-party contractors for human review to improve the quality of its automatic transcription function, but denied that this data was being used for personalized advertising. The company also stated that it had recently suspended human reviews after scrutiny over Amazon, Apple, and Google's use of similar practices for their voice assistant platforms.{{Cite web |title=Facebook Said It Wasn't Listening to Your Conversations. It Was. |url=https://www.vice.com/en/article/facebook-said-it-wasnt-listening-to-your-conversations-it-was/ |access-date=2022-08-04 |website=Vice.com |date=14 August 2019}}{{Cite web |date=2019-06-28 |title=Is Facebook listening to me? Why those ads appear after you talk about things |url=https://eu.usatoday.com/story/tech/talkingtech/2019/06/27/does-facebook-listen-to-your-conversations/1478468001/ |access-date=2019-06-28 |website=USA Today}}

There have been some concerns expressed regarding the use of Facebook as a means of surveillance and data mining.

Two Massachusetts Institute of Technology (MIT) students used an automated script to download the publicly posted information of over 70,000 Facebook profiles from four schools (MIT, NYU, the University of Oklahoma, and Harvard University) as part of a research project on Facebook privacy published on December 14, 2005.{{Cite journal|author1=Jones, Harvey |author2=Soltren, José Hiram |name-list-style=amp |title=Facebook: Threats to Privacy|year=2005|url=http://www.swiss.ai.mit.edu/6095/student-papers/fall05-papers/facebook.pdf|location = Cambridge, Massachusetts | publisher = MIT (MIT 6.805/STS085: Ethics and Law on the Electronic Frontier – Fall 2005)}} (PDF) Since then, Facebook has bolstered security protection for users, responding: "We've built numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad)."{{cite web|url=http://www.theindychannel.com/news/25841727/detail.html|title=Facebook Security Response|website=TheIndyChannel.com|access-date=December 8, 2010|archive-url=https://web.archive.org/web/20120417210853/http://www.theindychannel.com/news/25841727/detail.html|archive-date=April 17, 2012|url-status=dead}}

A second clause that brought criticism from some users allowed Facebook the right to sell users' data to private companies, stating "We may share your information with third parties, including responsible companies with which we have a relationship." This concern was addressed by spokesman Chris Hughes, who said, "Simply put, we have never provided our users' information to third party companies, nor do we intend to."{{cite news|first=Chris|last=Peterson|title=Who's Reading Your Facebook?|publisher=The Virginia Informer|date=February 13, 2006}} Facebook eventually removed this clause from its privacy policy.{{cite web|url=http://www.facebook.com/policy.php| title=Facebook Privacy Policy| website=Facebook|access-date=December 8, 2010}}{{Primary source inline|date=September 2020}}

In the United Kingdom the Trades Union Congress (TUC) has encouraged employers to allow their staff to access Facebook and other social-networking sites from work, provided they proceed with caution.{{cite news|access-date=March 5, 2008|url=http://www.timesonline.co.uk/tol/life_and_style/career_and_jobs/article2351444.ece|archive-url=https://archive.today/20081012040423/http://www.timesonline.co.uk/tol/life_and_style/career_and_jobs/article2351444.ece|url-status=dead|archive-date=October 12, 2008|title=Get a life and allow your staff to use Facebook, TUC tells bosses|newspaper=The Times|date=August 30, 2007|author=Buckley, Christine|location=London}}

In September 2007 Facebook drew criticism after it began allowing search engines to index profile pages, though Facebook's privacy settings allow users to turn this off.{{cite news|url=http://news.bbc.co.uk/2/hi/technology/6980454.stm|title=Facebook Opens Profiles to Public|publisher=BBC|date=September 7, 2007}}

Concerns were also raised on the BBC's Watchdog program in October 2007 when Facebook was shown to be an easy way to collect an individual's personal information to facilitate identity theft.{{cite web|url=https://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/internet/internet_20071024.shtml |access-date=March 5, 2008 |title=Facebook security |publisher=BBC |date=October 24, 2007 |url-status=dead |archive-url=https://web.archive.org/web/20080220063143/http://www.bbc.co.uk/consumer/tv_and_radio/watchdog/reports/internet/internet_20071024.shtml |archive-date=February 20, 2008 }} However, there is barely any personal information presented to non-friends – if users leave the privacy controls on their default settings, the only personal information visible to a non-friend is the user's name, gender, profile picture and networks.{{cite web|url=http://www.facebook.com/privacy/explanation.php#basicinfo|title=Controlling How You Share|website=Facebook|access-date=December 8, 2010}}{{Primary source inline|date=September 2020}}

An article in The New York Times in February 2008 pointed out that Facebook does not actually provide a mechanism for users to close their accounts, and raised the concern that private user data would remain indefinitely on Facebook's servers.{{cite news|url=https://www.nytimes.com/2008/02/11/technology/11facebook.html|title=How Sticky Is Membership on Facebook? Just Try Breaking Free|work=The New York Times|date=February 11, 2008|first=Maria|last=Aspan|access-date=September 23, 2014}} {{as of|2013}}, Facebook gives users the options to deactivate or delete their accounts.

Deactivating an account allows it to be restored later, while deleting it will remove the account "permanently", although some data submitted by that account ("like posting to a group or sending someone a message") will remain.{{cite web|url=http://www.facebook.com/about/privacy/your-info |title= Information we receive about you |via=Facebook |access-date=June 11, 2013}}{{Primary source inline|date=September 2020}}

{{main|Onavo}}

In 2013 Facebook acquired Onavo, a developer of mobile utility apps such as Onavo Protect VPN, which is used as part of an "Insights" platform to gauge the use and market share of apps.{{Cite web|url = https://techcrunch.com/2013/10/13/facebook-buys-mobile-analytics-company-onavo-and-finally-gets-its-office-in-israel/|title = Facebook Buys Mobile Data Analytics Company Onavo, Reportedly For Up To $200M… And (Finally?) Gets Its Office In Israel|date = Oct 13, 2013|website = TechCrunch|last = Lunden|first = Ingrid}} This data has since been used to influence acquisitions and other business decisions regarding Facebook products.{{Cite news|url=https://www.wsj.com/articles/the-new-copycats-how-facebook-squashes-competition-from-startups-1502293444|title=The New Copycats: How Facebook Squashes Competition From Startups|last1=Morris|first1=Betsy|date=August 9, 2017|work=The Wall Street Journal|access-date=August 15, 2017|last2=Seetharaman|first2=Deepa|issn=0099-9660}}{{Cite news|url=http://www.foxbusiness.com/features/2017/08/09/new-copycats-how-facebook-squashes-2.html|title=The New Copycats: How Facebook Squashes −2-|date=August 9, 2017|work=Fox Business|access-date=August 15, 2017}}{{Cite web|url=https://www.engadget.com/2017/08/13/facebook-knew-about-snap-struggles-through-app-tracking/|title=Facebook knew about Snap's struggles months before the public|website=Engadget|date=13 August 2017 |access-date=August 15, 2017}} Criticism of this practice emerged in 2018, when Facebook began to advertise the Onavo Protect VPN within its main app on iOS devices in the United States. Media outlets considered the app to effectively be spyware due to its behavior, adding that the app's listings did not readily disclaim Facebook's ownership of the app and its data collection practices.{{Cite news|url=https://techcrunch.com/2018/02/12/facebook-starts-pushing-its-data-tracking-onavo-vpn-within-its-main-mobile-app/|title=Facebook is pushing its data-tracking Onavo VPN within its main mobile app|last=Perez|first=Sarah|work=TechCrunch|access-date=February 14, 2018}}{{Cite news|url=http://www.itpro.co.uk/security/30542/facebooks-protect-security-feature-is-essentially-spyware|title=Facebook's Protect security feature is essentially Spyware|work=IT PRO|access-date=February 14, 2018}} Facebook subsequently pulled the iOS version of the app, citing new iOS App Store policies forbidding apps from performing analytics on the usage of other apps on a user's device.{{Cite news|url=https://techcrunch.com/2018/08/22/apple-facebook-onavo/|title=Apple removed Facebook's Onavo from the App Store for gathering app data|work=TechCrunch|access-date=August 23, 2018}}{{Cite news|url=https://www.theverge.com/2018/8/22/17771298/facebook-onavo-protect-apple-app-store-pulled-privacy-concerns|title=Facebook will pull its data-collecting VPN app from the App Store over privacy concerns|work=The Verge|access-date=August 23, 2018}}{{cite news|access-date=September 3, 2018|title=Apple makes Facebook pull its spyware(ish) VPN from the App Store|url=https://www.fastcompany.com/90224974/apple-makes-facebook-pull-its-spywareish-vpn-from-the-app-store|last=Grothaus|first=Michael|website=Fast Company|date=August 23, 2018}}{{Cite news|url=https://theappdevelopers.co.uk/portfolio/facebook-pushes-back-against-apples-app-store-fees/|title=Facebook pushes back against Apple's App Store fees|access-date=August 21, 2018}}

Since 2016 Facebook has also run "Project Atlas"—publicly known as "Facebook Research"—a market research program inviting teenagers and young adults between the ages of 13 and 35 to have data such as their app usage, web browsing history, web search history, location history, personal messages, photos, videos, emails, and Amazon order history, analyzed by Facebook. Participants would receive up to $20 per-month for participating in the program. Facebook Research is administered by third-party beta testing services, including Applause, and requires users to install a Facebook root certificate on their phone. After a January 2019 report by TechCrunch on Project Atlas, which alleged that Facebook bypassed the App Store by using an Apple enterprise program for apps used internally by a company's employees, Facebook refuted the article but later announced its discontinuation of the program on iOS.{{cite web|first=Casey|last=Newton|access-date=January 30, 2019|title=Facebook will shut down its controversial market research app for iOS|url=https://www.theverge.com/facebook/2019/1/30/18203349/facebook-research-app-apple-shutdown|date=January 30, 2019|website=The Verge}}{{cite web|access-date=January 30, 2019|title=Facebook pays teens to install VPN that spies on them|url=https://techcrunch.com/2019/01/29/facebook-project-atlas/|first=John|last=Constine|website=TechCrunch|date=January 29, 2019|archive-date=2025-01-07|archive-url=https://web.archive.org/web/20250107024636/https://techcrunch.com/2019/01/29/facebook-project-atlas/|url-status=live}}

On January 30, 2019 Apple temporarily revoked Facebook's Enterprise Developer Program certificates for one day, which caused all of the company's internal iOS apps to become inoperable.{{cite web|first=Kurt|last=Wagner|access-date=January 30, 2019|title=Apple says it's banning Facebook's research app that collects users' personal information|url=https://www.recode.net/2019/1/30/18203231/apple-banning-facebook-research-app|date=January 30, 2019|website=Recode}}{{cite web|first=Tom|last=Warren|access-date=January 30, 2019|title=Apple blocks Facebook from running its internal iOS apps|url=https://www.theverge.com/2019/1/30/18203551/apple-facebook-blocked-internal-ios-apps|date=January 30, 2019|website=The Verge}}{{cite news|first=Mike|last=Isaac|access-date=2019-02-02|title=Apple Shows Facebook Who Has the Power in an App Dispute|url=https://www.nytimes.com/2019/01/31/technology/apple-blocks-facebook.html|newspaper=The New York Times|date=31 January 2019|issn=0362-4331}} Apple stated that "Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple", and that the certificates were revoked "to protect our users and their data". US Senators Mark Warner, Richard Blumenthal, and Ed Markey separately criticized Facebook Research's targeting of teenagers, and promised to sponsor legislation to regulate market research programs.{{cite web|access-date=January 31, 2019|title=Senator Warner calls on Zuckerberg to support market research consent rules|url=https://techcrunch.com/2019/01/30/facebook-research-app/|date=January 30, 2019|first=Josh|last=Constine|website=TechCrunch}}{{cite news|first=Issie|last=Lapowsky|access-date=January 31, 2019|title=By Defying Apple's Rules, Facebook Shows It Never Learns|url=https://www.wired.com/story/facebook-research-app-lessons/|date=January 30, 2019|issn=1059-1028|magazine=Wired}}

In 2010 the Wall Street Journal found that many of Facebook's top-rated apps—including apps from Zynga and Lolapps—were transmitting identifying information to "dozens of advertising and Internet tracking companies" like RapLeaf. The apps used an HTTP referer that exposed the user's identity and sometimes their friends' identities. Facebook said that "While knowledge of user ID does not permit access to anyone's private information on Facebook, we plan to introduce new technical systems that will dramatically limit the sharing of User ID's". A blog post by a member of Facebook's team further stated that "press reports have exaggerated the implications of sharing a user ID", though still acknowledging that some of the apps were passing the ID in a manner that violated Facebook's policies.{{cite web |first1=Emily |last1=Steel |first2=Geoffrey A. |last2=Fowler |title=Facebook in Privacy Breach |url=https://www.wsj.com/articles/SB10001424052702304772804575558484075236968 |website=The Wall Street Journal |date=October 18, 2010 |access-date=June 4, 2017}}{{cite web |first=Dean |last=Takahashi |title=WSJ reports Facebook apps — including banned LOLapps games — transmitted private user data |url=https://venturebeat.com/2010/10/17/wsj-reports-facebook-apps-including-banned-lolapps-games-transmitted-private-user-data/ |website=VentureBeat |date=October 17, 2010 |access-date=June 4, 2017}}

In 2010 Canadian security consultant Ron Bowes of Skull Security created a BitTorrent download consisting of the names of about 100 million Facebook users. Facebook likened the information to what is listed in a phone book. It included some who had opted not to be found by search engines, and some who did not realize their information was public. Bowes created the list to get statistical information about user names, which can be used in both penetration testing and computer break-ins.{{Cite news|url=https://www.irishtimes.com/news/details-of-facebook-users-published-1.861806|title=Details of Facebook users published|first=Charlie|last=Taylor|newspaper=The Irish Times}}{{Cite news|url=https://www.bbc.com/news/technology-10802730|title=Facebook data harvester speaks out|work=BBC News|date=July 29, 2010}}

In 2009 and 2010 the fact that Facebook was not requiring connections to use HTTPS other than at login meant that a routing glitch at AT&T caused cookie to end up on the wrong users' phones. This resulted in some Facebook users having continuous access to another person's account instead of their own.{{Cite web|url=https://www.businessinsider.com/weird-att-glitch-allowed-users-to-access-other-peoples-facebook-account-2010-1|title=Weird AT&T Glitch Allowed Users To Access Other People's Facebook Account|agency=Associated Press|website=Business Insider}}

{{main|Facebook and Cambridge Analytica data scandal}}

In 2018 Facebook admitted{{Cite news|url=https://newsroom.fb.com/news/2018/03/suspending-cambridge-analytica/|title=Suspending Cambridge Analytica and SCL Group from Facebook {{!}} Facebook Newsroom|access-date=March 20, 2018}}{{Cite news|url=https://www.bloomberg.com/news/articles/2018-03-20/how-facebook-made-its-cambridge-analytica-data-crisis-even-worse|title=How Facebook Made Its Cambridge Analytica Data Crisis Even Worse|date=March 20, 2018|publisher=Bloomberg L.P.|access-date=March 20, 2018}} that an app made by Global Science Research and Alexandr Kogan, related to Cambridge Analytica, was able in 2014{{cite news|access-date=March 21, 2018|title=Academic behind Facebook breach says political influence was...|url=https://www.reuters.com/article/us-facebook-cambridge-analytica/academic-behind-facebook-breach-says-he-is-a-scapegoat-bbc-idUSKBN1GX0OG|work=Reuters|date=March 21, 2018}} to harvest personal data of up to 87 million Facebook users without their consent, by exploiting their friendship connection to the users who sold their data via the app.{{cite web|url=https://www.theguardian.com/technology/2018/apr/04/facebook-cambridge-analytica-user-data-latest-more-than-thought|title=Facebook says Cambridge Analytica may have gained 37m more users' data|first=Olivia|last=Solon|date=April 4, 2018|website=The Guardian|access-date=April 6, 2018}} Following the revelations of the breach, several public figures, including industrialist Elon Musk and WhatsApp cofounder Brian Acton, announced that they were deleting their Facebook accounts, using the hashtag "#deletefacebook".{{cite web|url=https://www.theguardian.com/technology/2018/mar/23/elon-musk-delete-facebook-spacex-tesla-mark-zuckerberg|title=Elon Musk joins #DeleteFacebook effort as Tesla and SpaceX pages vanish|first=Julia Carrie|last=Wong|author-link=Julia Carrie Wong|date=March 23, 2018|website=The Guardian|access-date=March 24, 2018}}{{cite web|url=https://www.forbes.com/sites/jemmagreen/2018/03/23/deletefacebook-highlights-the-benefits-of-blockchain/|title=#DeleteFacebook Highlights The Benefits Of Blockchain|first=Dr. Jemma|last=Green|website=Forbes|access-date=March 24, 2018}}{{cite web|url=https://www.wsj.com/articles/next-worry-for-facebook-disenchanted-users-1521717883|title=Next Worry for Facebook: Disenchanted Users|first=Kirsten|last=Grind|date=March 22, 2018|website=The Wall Street Journal|access-date=March 25, 2018}}

Facebook was also criticized for allowing the 2012 Barack Obama presidential campaign to analyze and target select users by providing the campaign with friendship connections of users who signed up for an application. However, users signing up for the application were aware that their data, but not the data of their friends, was going to a political party.{{cite web|last=Tobias|first=Manuela|title=Comparing Facebook data use by Obama, Cambridge Analytica|url=http://www.politifact.com/truth-o-meter/statements/2018/mar/22/meghan-mccain/comparing-facebook-data-use-obama-cambridge-analyt/|publisher=PolitiFact|access-date=May 2, 2018|date=March 22, 2018}}{{cite web|last=Schouten|first=Fredreka|title=Obama 2012 team: We didn't break Facebook rules in our campaign|url=https://www.usatoday.com/story/news/politics/2018/03/20/obama-2012-team-we-didnt-break-facebook-rules-our-campaign/442130002/|website=USA Today|access-date=May 2, 2018|date=March 20, 2018}}{{cite web|last=Rogers|first=James|title=Obama 2012 campaign 'sucked' data from Facebook, former official says|url=https://www.foxnews.com/tech/2018/03/20/obama-2012-campaign-sucked-data-from-facebook-former-official-says.html|publisher=Fox News Channel|access-date=May 2, 2018|date=March 20, 2018}}{{cite web|last=Sullivan|first=Mark|title=Obama Campaign's "Targeted Share" App Also Used Facebook Data From Millions Of Unknowing Users|url=https://www.fastcompany.com/40546816/obama-campaigns-targeted-share-app-also-used-facebook-data-from-millions-of-unknowing-users|work=Fast Company|access-date=May 2, 2018|date=March 20, 2018}}{{cite web|last=Rutenberg|first=Jim|title=The Obama Campaign's Digital Masterminds Cash In|url=https://www.nytimes.com/2013/06/23/magazine/the-obama-campaigns-digital-masterminds-cash-in.html|website=The New York Times|access-date=May 2, 2018|date=June 20, 2013}}

In September 2018 a software bug meant that photos that had been uploaded to Facebook accounts, but that had not been "published" (and which therefore should have remained private between the user and Facebook), were exposed to app developers.{{cite web|url=https://www.theguardian.com/technology/2018/dec/14/facebook-admits-bug-app-developers-hidden-photos|title=Facebook admits bug allowed apps to see hidden photos|first=Alex|last=Hern|date=December 14, 2018|access-date=December 15, 2018|website=The Guardian}} Approximately 6.8 million users and 1500 third-party apps were affected.

In March 2019 Facebook admitted that it had mistakenly stored "hundreds of millions" of passwords of Facebook and Instagram users in plaintext (as opposed to being hashed and salted) on multiple internal systems accessible only to Facebook engineers, dating as far back as 2012. Facebook stated that affected users would be notified, but that there was no evidence that this data had been abused or leaked.{{cite magazine | title=Facebook Stored Millions of Passwords in Plaintext—Change Yours Now | magazine=Wired | date=2019-03-21 | url=https://www.wired.com/story/facebook-passwords-plaintext-change-yours/ | access-date=2019-03-23}}{{cite web | last=Hern | first=Alex | title=Facebook stored hundreds of millions of passwords unprotected | website=The Guardian | date=2019-03-21 | url=http://www.theguardian.com/technology/2019/mar/21/facebook-admits-passwords-unprotected | access-date=2019-03-22}}

In April 2019 Facebook admitted that its subsidiary Instagram also stored millions of unencrypted passwords.{{cite web |title=Facebook now says its password leak affected 'millions' of Instagram users |url=https://techcrunch.com/2019/04/18/instagram-password-leak-millions/ |website=TechCrunch |access-date=18 April 2019 |date=18 April 2019}}

Facebook has denied for years that it listens to conversations and in turn releases ads based on them, however Facebook has been shown to have lied about their policies in the past.{{cite news |url=https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html|archive-url=https://web.archive.org/web/20210905072629/https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html|archive-date=2021-09-05|website=The New York Times|title=As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants |date=19 December 2018 |last1=Dance |first1=Gabriel J. X. |last2=Laforgia |first2=Michael |last3=Confessore |first3=Nicholas }} In 2016, Facebook stated "Facebook does not use your phone's microphone to inform ads or to change what you see in News Feed." a spokeswoman said, "some recent articles have suggested that we must be listening to people's conversations in order to show them relevant ads. This is not true. We show ads based on people's interests and other profile information, not what you're talking out loud about."{{Cite web|url=https://newatlas.com/computers/facebook-not-secretly-listening-conversations/|title=Facebook isn't secretly listening to your conversations, but the truth is much more disturbing|date=2019-09-06|website=NEWS ATLAS|access-date=2019-09-06}}

Government and local authorities rely on Facebook and other social networks to investigate crimes and obtain evidence to help establish a crime, provide location information, establish motives, prove and disprove alibis, and reveal communications.{{cite web|url=https://www.eff.org/files/filenode/social_network/20100303__crim_socialnetworking.pdf |title=John Lynch & Jenny Ellickson, U.S. Dept. of Justice, Computer Crime and Intellectual Property Section, Obtaining and Using Evidence from Social Networking Sites: Facebook, MySpace, LinkedIn, and more |access-date=June 11, 2013}} Federal, state, and local investigations have not been restricted to profiles that are publicly available or willingly provided to the government; Facebook has willingly provided information in response to government subpoenas or requests, except with regard to private, unopened inbox messages less than 181 days old, which would require a warrant and a finding of probable cause under federal law under Electronic Communications Privacy Act (ECPA). One 2011 article noted that "even when the government lacks reasonable suspicion of criminal activity and the user opts for the strictest privacy controls, Facebook users still cannot expect federal law to stop their 'private' content and communications from being used against them".{{cite journal|title=From Facebook to Mug Shot: How the Dearth of Social Networking Privacy Rights Revolutionized Online Government Surveillance|journal= Pace Law Review|volume=31|issue=1|year=2011|author= Junichi P. Semitsu|url=http://digitalcommons.pace.edu/cgi/viewcontent.cgi?article=1771&context=plr }}

Facebook's privacy policy states that "We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities". Since the U.S. Congress has failed to meaningfully amend the ECPA to protect most communications on social-networking sites such as Facebook, and since the U.S. Supreme Court has largely refused to recognize a Fourth Amendment privacy right to information shared with a third party, no federal statutory or constitutional right prevents the government from issuing requests that amount to fishing expeditions and there is no Facebook privacy policy that forbids the company from handing over private user information that suggests any illegal activity.

The 2013 mass surveillance disclosures identified Facebook as a participant in the U.S. National Security Administration's PRISM program. Facebook now reports the number of requests it receives for user information from governments around the world.[https://www.facebook.com/about/government_requests "Rapport over verzoeken tot gegevensverstrekking van internationale overheden"]. Facebook. Retrieved September 4, 2013.

In 2022 Nebraska police charged a teenage girl and her mother after obtaining Facebook messages which allegedly showed that they performed an illegal self-managed medication abortion.{{Cite web |last1=O'Brien |first1=Sara |last2=Duffy |first2=Clare |date=2022-08-10 |title=Nebraska teen and mother facing charges in abortion-related case that involved obtaining their Facebook messages |url=https://www.cnn.com/2022/08/10/tech/teen-charged-abortion-facebook-messages/ |access-date=2022-08-13 |website=CNN}}

On May 31, 2008 the Canadian Internet Policy and Public Interest Clinic (CIPPIC), per Director Phillipa Lawson, filed a 35-page complaint with the Office of the Privacy Commissioner against Facebook based on 22 breaches of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). University of Ottawa law students Lisa Feinberg, Harley Finkelstein, and Jordan Eric Plener, initiated the "minefield of privacy invasion" suit. Facebook's Chris Kelly contradicted the claims, saying that: "We've reviewed the complaint and found it has serious factual errors—most notably its neglect of the fact that almost all Facebook data is willingly shared by users."{{Cite web|url=http://ap.google.com/article/ALeqM5hpMWm7pPdLssNR9Uu4OksMSOpZcgD910STD80|archive-url=https://web.archive.org/web/20080603214050/http://ap.google.com/article/ALeqM5hpMWm7pPdLssNR9Uu4OksMSOpZcgD910STD80|url-status=dead|title=ap.google.com, Canada launches privacy probe into Facebook|archive-date=June 3, 2008}} Assistant Privacy Commissioner Elizabeth Denham released a report of her findings on July 16, 2009.{{cite web|title=Privacy Commissioner's Findings in the case of CIPPIC against Facebook|url=http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.pdf|access-date=January 15, 2010}} In it, she found that several of CIPPIC's complaints were well-founded. Facebook agreed to comply with some, but not all, of her recommendations. The Assistant Commissioner found that Facebook did not do enough to ensure users granted meaningful consent for the disclosure of personal information to third parties and did not place adequate safeguards to prevent unauthorized access by third-party developers to personal information.

In August 2011 the Irish Data Protection Commissioner (DPC) started an investigation after receiving 22 complaints by europe-v-facebook.org, which was founded by a group of Austrian students.{{cite web|url=http://orf.at/stories/2077750/2077719/ |title=Was Facebook über User weiß |website=Orf.at |date=November 27, 2011 |access-date=June 11, 2013}} The DPC stated in first reactions that the Irish DPC is legally responsible for privacy on Facebook for all users within the European Union{{cite web|url=http://www.europe-v-facebook.org/midlands103.mp3|format=MP£|title=Sound file|website=Europe-v-facebook.org|access-date=December 16, 2018}} and that he will "investigate the complaints using his full legal powers if necessary".{{cite web|url=http://www.europe-v-facebook.org/DPC_letter.pdf|date=August 24, 2011|title=An Coimisineir Cosanta Sonrai (Data Protection Commissioner) letter|access-date=June 13, 2014}} The complaints were filed in Ireland because all users who are not residents of the United States or Canada have a contract with "Facebook Ireland Ltd", located in Dublin, Ireland. Under European law Facebook Ireland is the "data controller" for facebook.com, and therefore, facebook.com is governed by European data protection laws. Facebook Ireland Ltd. was established by Facebook Inc. to avoid US taxes (see Double Irish arrangement).{{cite news|url=https://www.bloomberg.com/news/2010-10-21/google-2-4-rate-shows-how-60-billion-u-s-revenue-lost-to-tax-loopholes.html/|title=Google 2.4% Rate Shows How $60 Billion Lost to Tax Loopholes |publisher=Bloomberg L.P.|access-date=May 21, 2013|first=Jesse|last=Drucker|date=October 21, 2010}}

The group 'europe-v-facebook.org' made access requests at Facebook Ireland and received up to 1,222 pages of data per person in 57 data categories that Facebook was holding about them,{{cite web |title=Facebook's Data Pool |url=http://www.europe-v-facebook.org/EN/Data_Pool/data_pool.html |website=Europe-v-facebook.org}} including data that was previously removed by the users.{{cite web|url=http://www.europe-v-facebook.org/removed_content.pdf|date=August 22, 2011|title=Removed content|access-date=June 13, 2014}} The group claimed that Facebook failed to provide some of the requested data, including "likes", facial recognition data, data about third party websites that use "social plugins" visited by users, and information about uploaded videos. Currently the group claims that Facebook holds at least 84 data categories about every user.{{cite web|url=http://www.europe-v-facebook.org/fb_cat1.pdf|date=April 3, 2012|title=Facebook Data Categories|access-date=June 13, 2014}}

The first 16 complaints target different problems, from undeleted old "pokes" all the way to the question if sharing and new functions on Facebook should be opt-in or opt-out.{{cite web |title=Legal Procedure against 'Facebook Ireland Limited' |url=http://www.europe-v-facebook.org/EN/Complaints/complaints.html |website=Europe-v-facebook.org}} The second wave of 6 more complaints was targeting more issues including one against the "Like" button.{{cite news|url=http://www.irishexaminer.com/ireland/facebook-wont-like-its-17th-complaint-165606.html |title=Facebook won't 'like' its 17th complaint |newspaper=Irish Examiner |date=August 27, 2011 |access-date=June 11, 2013}} The most severe could be a complaint that claims that the privacy policy, and the consent to the privacy policy is void under European laws.

In an interview with the Irish Independent, a spokesperson said that the DPC will "go and audit Facebook, go into the premises and go through in great detail every aspect of security". He continued by saying: "It's a very significant, detailed and intense undertaking that will stretch over four or five days." In December 2011 the DPC published its first report on Facebook. This report was not legally binding but suggested changes that Facebook should undertake until July 2012. The DPC is planning to do a review about Facebook's progress in July 2012.{{update inline|date=February 2022}}

In spring 2012 Facebook had to undertake many changes (e.g., having an extended download tool that should allow users to exercise the European right to access all stored information or an update of the worldwide privacy policy).{{Cite web|date=2020-12-19|title=Facebook hit with privacy issues in Europe|url=https://www.mytechgist.com/big-tech/facebook-hit-with-privacy-issues-in-europe/|access-date=2020-12-22|website=My Tech Gist|archive-date=2020-12-22|archive-url=https://web.archive.org/web/20201222062628/https://www.mytechgist.com/big-tech/facebook-hit-with-privacy-issues-in-europe/|url-status=dead}} These changes were seen as not sufficient to comply with European law by europe-v-facebook.org. The download tool does not allow, for example, access to all data. The group has launched our-policy.org{{cite web|url=http://www.our-policy.org/|title=Our-Policy.org – Annuity Payments Policies and Regulations|website=Our-policy.org|access-date=March 24, 2018|archive-url=https://web.archive.org/web/20180525140237/http://www.our-policy.org/|archive-date=May 25, 2018|url-status=dead}} to suggest improvements to the new policy, which they saw as a backdrop for privacy on Facebook. Since the group managed to get more than 7.000 comments on Facebook's pages, Facebook had to do a worldwide vote on the proposed changes. Such a vote would have only been binding if 30% of all users would have taken part. Facebook did not promote the vote, resulting in only 0.038% participation with about 87% voting against Facebook's new policy. The new privacy policy took effect on the same day.{{cite web|url=http://www.europe-v-facebook.org/en/en.html |title=Europe versus Facebook |website=Europe-v-facebook.org |access-date=June 11, 2013}}

In early 2019 it was reported that Facebook had spent years lobbying extensively against privacy protection laws around the world, such as GDPR.{{cite web|url=https://www.theguardian.com/technology/2019/mar/02/facebook-global-lobbying-campaign-against-data-privacy-laws-investment|archive-url=https://web.archive.org/web/20190302143109/https://www.theguardian.com/technology/2019/mar/02/facebook-global-lobbying-campaign-against-data-privacy-laws-investment|url-status=dead|archive-date=March 2, 2019|title=Revealed: Facebook's global lobbying against data privacy laws – Technology – The Guardian|website=TheGuardian.com|date=March 2, 2019|access-date=March 3, 2019}}

{{cite web|url=https://www.politico.eu/article/inside-story-facebook-fight-against-european-regulation|author=Laura Kayali|title=Inside Facebook's fight against European regulation|date=January 29, 2019|website=Politico Europe|access-date=May 3, 2019}}

The lobbying included efforts by Sandberg to "bond" with female European officials including Enda Kenny (then Prime Minister of Ireland, where Facebook's European operations are based), to influence them in Facebook's favor. Other politicians reportedly lobbied by Facebook in relation to privacy protection laws included George Osborne (then Chancellor of the Exchequer), Pranab Mukherjee (then President of India), and Michel Barnier.

In 2021 Facebook attempted to use "a legal trick" to bypass GDPR regulations in the European Union by including personal data processing agreement in what they considered to be a "contract" (Article 6(1)(b) GDPR) rather than a "consent" (Article 6(1)(a) GDPR) which would lead to the user effectively granting Facebook a very broad permission to process their personal data with most of the GDPR controls void. Irish Data Protection Commission (DPC) expressed its preliminary approval for this bypass and sent its draft decision to other data protection authorities in the European Union, at which point the document was leaked to media and published on noyb.eu.{{Cite web|title=Irish DPC greenlights Facebook's "GDPR bypass".|url=https://noyb.eu/en/irish-dpc-greenlights-facebooks-gdpr-bypass|access-date=2021-10-15|website=noyb.eu}} DPC sent a takedown notice to noyb.eu, which was also published by the portal which reject to self-censor.{{Cite web|title=DPC "requires" noyb to take down documents from website|url=https://noyb.eu/en/dpc-requires-noyb-take-down-documents-website|access-date=2021-10-15|website=noyb.eu}}

In December 2019 the Hungarian Competition Authority fined Facebook around US$4 million for false advertising, ruling that Facebook cannot market itself as a "free" (no cost) service because the use of detailed personal information to deliver targeted advertising constituted a compensation that must be provided to Facebook to use the service.{{Cite web|url=https://www.seattletimes.com/business/hungary-competition-authority-fines-facebook-4-million/|title=Hungary competition authority fines Facebook $4 million|date=2019-12-06|website=The Seattle Times|access-date=2019-12-14}}

Students who post illegal or otherwise inappropriate material have faced disciplinary action from their universities, colleges, and schools including expulsion.{{cite news|url=https://www.boston.com/news/local/articles/2005/10/06/fisher_college_expels_student_over_website_entries|work=Boston Globe|title=Fisher College expels student over website entries|first=Sarah|last=Schweitzer|date=October 6, 2005}} Others posting libelous content relating to faculty have also faced disciplinary action.{{cite web|access-date=January 25, 2010|url=http://www.syracuse.com/news/index.ssf/2010/01/seventh-grade_north_syracuse_s.html|title=Seventh-grade North Syracuse student suspended, 25 others disciplined for Facebook page about teacher |work=The Post-Standard|date=January 24, 2010|author=O'Toole, Catie }} The Journal of Education for Business states that "a recent study of 200 Facebook profiles found that 42% had comments regarding alcohol, 53% had photos involving alcohol use, 20% had comments regarding sexual activities, 25% had seminude or sexually provocative photos, and 50% included the use of profanity."{{cite journal | last1 = Peluchette | first1 = Joy | last2 = Karl | first2 = Katherine | year = 2010 | title = Examining Students' Intended Image on Facebook: "what were they Thinking?!". | journal = Journal of Education for Business | volume = 85 | issue = 1| pages = 30–7 | doi=10.1080/08832320903217606| s2cid = 44233400 }} It is inferred that negative or incriminating Facebook posts can affect alumni's and potential employers' perception of them. This perception can greatly impact the students' relationships, ability to gain employment, and maintain school enrollment. The desire for social acceptance leads individuals to want to share the most intimate details of their personal lives along with illicit drug use and binge drinking. Too often, these portrayals of their daily lives are exaggerated and/or embellished to attract others like minded to them.

Students in general have a higher engagement when using Facebook groups in class, as students can comment on each other's short writings or videos.{{Cite journal|last1=Ulla|first1=Mark B.|last2=Perales|first2=William F.|date=2020-03-19|title=The adoption of Facebook as a virtual class whiteboard: Promoting EFL students' engagement in language tasks|url=http://dx.doi.org/10.1002/tesj.515|journal=TESOL Journal|volume=11|issue=3|doi=10.1002/tesj.515|s2cid=216269728|issn=1056-7941|url-access=subscription}} Increased teacher-student and student-student interaction, improved performance, and convenience of learning were some of the benefits of using Facebook as an educational instrument.Chugh, Ritesh, and Umar Ruhi. "Social media in higher education: A literature review of Facebook." Education and Information Technologies 23 (2018): 605–616. However, it limits student's writing to be shorter since checking on spelling and typing on a phone keyboard is relatively more time-consuming.

On January 23, 2006 The Chronicle of Higher Education continued an ongoing national debate on social networks with an opinion piece written by Michael Bugeja, director of the Journalism school at Iowa State University, entitled "Facing the Facebook".{{cite news|url=http://chronicle.com/jobs/news/2006/01/2006012301c/careers.html|archive-url=https://web.archive.org/web/20080220193743/http://chronicle.com/jobs/news/2006/01/2006012301c/careers.html|archive-date=February 20, 2008|title=Facing the Facebook|access-date=October 6, 2006|last=Bugeja|first=Michael|date=January 3, 2006|newspaper=The Chronicle of Higher Education}} Bugeja, author of the Oxford University Press text Interpersonal Divide (2005), quoted representatives of the American Association of University Professors and colleagues in higher education to document the distraction of students using Facebook and other social networks during class and at other venues in the wireless campus. Bugeja followed up on January 26, 2007, in The Chronicle with an article titled "Distractions in the Wireless Classroom",{{cite news|last=Bugeja|first=Michael J.|title=Distractions in the Wireless Classroom|work=Chronicle Careers|publisher=The Chronicle of Higher Education|date=January 26, 2007|url=http://chronicle.com/article/Distractions-in-the-Wireless/46664|access-date=June 26, 2007}} quoting several educators across the country who were banning laptops in the classroom. Similarly, organizations such as the National Association for Campus Activities,{{cite web|url=http://www.naca.org/NACA/Events/WorkshopsOtherEvents/OnlineChatFacebook.htm |archive-url=https://web.archive.org/web/20060627061008/http://www.naca.org/NACA/Events/WorkshopsOtherEvents/OnlineChatFacebook.htm |url-status=dead |archive-date=June 27, 2006 |title=Facing the Facebook |access-date=October 6, 2006 |author=National Association of Campus Activities |date=July 12, 2006}} the Association for Education in Journalism and Mass Communication,{{cite web|url=http://www.asjmc.org/meetings/facebook_panel.htm|title=Facing the Facebook: Administrative Issues Involving Social Networks|access-date=October 6, 2006|author=Association for Education in Journalism and Communication|year=2006|archive-url=https://web.archive.org/web/20071008113829/http://www.asjmc.org/meetings/facebook_panel.htm|archive-date=October 8, 2007}} and others have hosted seminars and presentations to discuss ramifications of students' use of Facebook and other social-networking sites.

The EDUCAUSE Learning Initiative has also released a brief pamphlet entitled "7 Things You Should Know About Facebook" aimed at higher education professionals that "describes what [Facebook] is, where it is going, and why it matters to teaching and learning".{{cite web|url=http://www.educause.edu/LibraryDetailPage/666?ID=ELI7017 |title=7 Things You Should Know About Facebook |access-date=October 6, 2006 |author=EDUCAUSE Learning Institute |year=2006 |url-status=dead |archive-url=https://web.archive.org/web/20060916224132/http://www.educause.edu/LibraryDetailPage/666?ID=ELI7017 |archive-date=September 16, 2006 }}

Some research{{cite journal |last=Junco |first=R |year=2012 |title=Too much face and not enough books: The relationship between multiple indices of Facebook use and academic performance |url=http://reyjunco.com/wordpress/pdf/JuncoCHBFacebookGrades.pdf |journal=Computers in Human Behavior |volume=28 |issue=1 |pages=187–198 |doi=10.1016/j.chb.2011.08.026 |s2cid=17799159 |archive-date=2020-12-13 |archive-url=https://web.archive.org/web/20201213175718/http://reyjunco.com/wordpress/pdf/JuncoCHBFacebookGrades.pdf |url-status=dead}}{{cite journal |last=Junco |first=R |year=2012 |title=The relationship between frequency of Facebook use, participation in Facebook activities, and student engagement |url=http://blog.reyjunco.com/pdf/JuncoFacebookEngagementCAE2011.pdf |journal=Computers & Education |volume=58 |issue=1 |pages=162–171 |doi=10.1016/j.compedu.2011.08.004 |s2cid=15979291 |archive-date=2012-01-04 |archive-url=https://web.archive.org/web/20120104150106/http://blog.reyjunco.com/pdf/JuncoFacebookEngagementCAE2011.pdf |url-status=dead}}Heiberger, Greg and Harper, Ruth (2008). Have you Facebooked Astin lately? In Reynol Junco and Dianne M. Timm (Eds). Using Emerging Technologies to Enhance Student Engagement. San Francisco: Jossey-Bass. on Facebook in higher education suggests that there may be some small educational benefits associated with student Facebook use, including improving engagement which is related to student retention. 2012 research has found that time spent on Facebook is related to involvement in campus activities. This same study found that certain Facebook activities like commenting and creating or RSVPing to events were positively related to student engagement while playing games and checking up on friends was negatively related. Furthermore, using technologies such as Facebook to connect with others can help college students be less depressed and cope with feelings of loneliness and homesickness.Cotten, Shelia R. (2008). Students' technology use and the impacts on well-being. In Reynol Junco and Dianne M. Timm (Eds). Using Emerging Technologies to Enhance Student Engagement. San Francisco: Jossey-Bass.

As of February 2012 only four published peer-reviewed studies have examined the relationship between Facebook use and grades.{{cite journal | last1 = Kirschner | first1 = P. A. | last2 = Karpinski | first2 = A. C. | year = 2010 | title = Facebook and academic performance | url =https://ou-nl.academia.edu/PaulKirschner/Papers/164912/Facebook_and_Academic_Performance | journal = Computers in Human Behavior | volume = 26 | issue = 6| pages = 1237–1245 | doi = 10.1016/j.chb.2010.03.024 | access-date = October 31, 2017 | archive-url =https://web.archive.org/web/20111227123223/http://ou-nl.academia.edu/PaulKirschner/Papers/164912/Facebook_and_Academic_Performance | archive-date = December 27, 2011 | url-status = dead | df = mdy-all | hdl = 10818/20216 | s2cid = 206611975 | hdl-access = free }}Kolek, E. A., & Saunders, D. (2008). Online disclosure: An empirical examination of undergraduate Facebook profiles. NASPA Journal, 45(1), 1–25.{{cite journal|url=https://firstmonday.org/ojs/index.php/fm/article/view/2498|title=Facebook and academic performance: Reconciling a media sensation with data|first1=Eszter|last1=Hargittai|first2=Eian|last2=More|first3=Josh|last3=Pasek|date=April 26, 2009|journal=First Monday|volume=14|issue=5|access-date=January 30, 2019|doi=10.5210/fm.v14i5.2498 |doi-access= free|url-access=subscription}} The findings vary considerably. Pasek et al. (2009) found no relationship between Facebook use and grades. Kolek and Saunders (2008) found no differences in overall grade point average (GPA) between users and non-users of Facebook. Kirschner and Karpinski (2010) found that Facebook users reported a lower mean GPA than non-users. Junco's (2012) study clarifies the discrepancies in these findings. While Junco (2012) found a negative relationship between time spent on Facebook and student GPA in his large sample of college students, the real-world impact of the relationship was negligible. Furthermore, Junco (2012) found that sharing links and checking up on friends were positively related to GPA while posting status updates was negatively related. In addition to noting the differences in how Facebook use was measured among the four studies, Junco (2012) concludes that the ways in which students use Facebook are more important in predicting academic outcomes.

Performative surveillance is the notion that people are very much aware that they are being surveilled on websites, like Facebook, and use the surveillance as an opportunity to portray themselves in a way that connotes a certain lifestyle—of which, that individual may, or may not, distort how they are perceived in reality.{{Citation

| last = Westlake

| first = E. J.

| title = Friend Me if You Facebook: Generation Y and Performative Surveillance

| journal = The Drama Review

| volume = 52 | issue = 4

| pages = 21–40

| year = 2008

| doi=10.1162/dram.2008.52.4.21| s2cid = 57572210

}}

In an effort to surveil the personal lives of current, or prospective, employees, some employers have asked employees to disclose their Facebook login information. This has resulted in the passing of a bill in New Jersey making it illegal for employers to ask potential or current employees for access to their Facebook accounts.{{cite web |first=Matt |last=Friedman |title=Bill to ban companies from asking about job candidates' Facebook accounts is headed to governor |url=http://www.nj.com/politics/index.ssf/2013/03/bill_to_ban_companies_from_req.html |website=The Star-Ledger |publisher=Advance Digital |date=March 21, 2013 |access-date=June 8, 2017}} Although the U.S. government has yet to pass a national law protecting prospective employees and their social networking sites, from employers, the fourth amendment of the US constitution can protect prospective employees in specific situations.{{cite book|last=N. Landers|first=Richard|title=Social Media in Employee Selection and Recruitment: theory, practice, and current challenges|date=2016|publisher=Springer international publishing|location=Switzerland|isbn=9783319299891|pages=19–20}}{{cite web|url=http://www.uscourts.gov/about-federal-courts/educational-resources/educational-activities/fourth-amendment-activities|title=Fourth Amendment Activities|website=uscourts.gov|access-date=March 24, 2018}} Many companies examine Facebook profiles of job candidates looking for reasons to not hire them. Because of this, many employees feel like their online social media rights and privacy are being violated. In addition, employees begin to make performative profiles where they purposefully portray themselves as professional and have desired personality traits. According to a survey of hiring managers by CareerBuilder.com, the most common deal breakers they found on Facebook profiles include references to drinking, poor communication skills, inappropriate photos, and lying about skills and/or qualifications.{{Cite book|title=Facebook me! : a guide to socializing, sharing, and promoting on Facebook|last=Dave.|first=Awl|date=2011|publisher=Peachpit Press|isbn=9780321743732|edition=2nd|location=Berkeley, CA|oclc=699044722}}

Facebook requires employees and contractors working for them to give permission for Facebook to access their personal profiles, including friend requests and personal messages.

A 2011 study in the online journal First Monday examines how parents consistently enable children as young as 10 years old to sign up for accounts, directly violating Facebook's policy banning young visitors. This policy is in compliance with a United States law, the 1998 Children's Online Privacy Protection Act, which requires minors aged under 13 to gain explicit parental consent to access commercial websites. In jurisdictions where a similar law sets a lower minimum age, Facebook enforces the lower age. Of the 1,007 households surveyed for the study, 76% of parents reported that their child joined Facebook at an age younger than 13, the minimum age in the site's terms of service. The study also reported that Facebook removes roughly 20,000 users each day for violating its minimum age policy. The study's authors also note, "Indeed, Facebook takes various measures both to restrict access to children and delete their accounts if they join." The findings of the study raise questions primarily about the shortcomings of United States federal law, but also implicitly continue to raise questions about whether or not Facebook does enough to publicize its terms of service with respect to minors. Only 53% of parents said they were aware that Facebook has a minimum signup age; 35% of these parents believe that the minimum age is merely a recommendation or thought the signup age was 16 or 18, not 13.{{cite web|url =http://journalistsresource.org/studies/society/education/parents-children-facebook-privacy-age/ |title = Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the Children's Online Privacy Protection Act |date = 2 November 2011 |publisher = Journalist's Resource.org }}

{{See also|Facebook malware}}

Phishing refers to a scam used by criminals to trick people into revealing passwords, credit card information, and other sensitive information. On Facebook, phishing attempts occur through message or wall posts from a friend's account that was breached. If the user takes the bait, the phishers gain access to the user's Facebook account and send phishing messages to the user's other friends. The point of the post is to get the users to visit a website with viruses and malware.

In April 2016 Buzzfeed published an article exposing drop shippers who were using Facebook and Instagram to swindle unsuspecting customers. Located mostly in China, these drop shippers and e-commerce sites would steal copyrighted images from larger retailers and influencers to gain credibility. After luring a customer with a low price for the item, they would then deliver a product that is nothing like what was advertised or deliver no product at all.{{Cite web|url=https://www.buzzfeednews.com/article/sapna/say-no-to-the-dress|title=Say No To The Dress|website=BuzzFeed News|date=5 April 2016|access-date=January 22, 2019}}

{{Reflist}}

• [https://www.techk.in/2021/03/how-to-delete-facebook-account.html How to Permanently delete or deactivate your Facebook Account on Android Phone step by step]
• [https://www.hindimejabab.com/2020/08/Facebook-Account-Delete-kaise-kare.html How to delete your Facebook account and deactivate your Facebook account in hindi]

{{Facebook navbox}}{{Censorship and websites}}

{{DEFAULTSORT:Criticism Of Facebook}}

Category:Internet privacy

Facebook

Facebook

Category:Privacy controversies