It’s been barely six months since Mark Zuckerberg appeared before Congress and promised lawmakers and the American public that he and Facebook, the company he founded and leads today, would do better. “This episode has clearly hurt us,” Mr. Zuckerberg said. “We have to do a lot of work about building trust back.”
The episode he was referring to was the revelation in March that Cambridge Analytica, a political consulting firm connected to the Trump campaign, had harvested the sensitive data of as many as 87 million Facebook users without their explicit permission. That scandal rocked Facebook, sending the company’s stock price spiraling. Mr. Zuckerberg himself lost nearly $11 billion.
Since Mr. Zuckerberg’s testimony, lawmakers have done little to nothing to better regulate technology platforms like Facebook and hold them more accountable for suspect practices. But there’s also little evidence that Facebook, and Mr. Zuckerberg, has taken his pledge to Congress as seriously as once hoped either: Facebook announced late last month the biggest data breach in its history, affecting nearly 50 million user accounts. In the same week, the news site Gizmodo published an investigation that found Facebook gave advertisers contact information harvested from the address books on their users’ cellphones.
Equally worrisome from Gizmodo’s report: Facebook is also giving advertisers phone numbers that users have provided solely for security reasons. Security experts generally advise users to add two-factor authentication to their accounts, which sometimes takes the form of providing a phone number to receive text messages containing log-in codes. It’s ironic — two-factor authentication is supposed to better safeguard privacy and security, but these phone numbers are winding up in the hands of advertisers.
