Facebook is no stranger to controversy. Its business model depends on the collection of personal data for advertising. So it is, of course, incentivized to collect as much as possible. Because of that, Facebook has come under scrutiny by regulators many times and has been caught with its hand in the personal information cookie jar more than once. So, should you trust Facebook and keep your account open?
Those are the questions we’ll answer in this post. We’ll cover Facebook’s record concerning privacy, and discuss the difference between deactivating and deleting your Facebook account.
To start, let’s look at Facebook’s record concerning privacy.
From convenient way to keep in touch to privacy nightmare
Founded in 2004 by Harvard graduate Mark Zuckerberg and his university roommates, Facebook quickly grew from a means to connect students from select college campuses to arguably the largest social network on the internet.
It wasn’t immediately apparent to the masses that a site enabling users to share personal information about themselves with their “friends” implied the site itself had access to all that data. But it would only take a few years before the social network was embroiled in its first privacy scandals.
In 2006, Facebook unveiled the now piecemeal news feed feature. It displayed users’ personal information without their knowledge or consent in their friends’ news feeds. And users had no way of disabling the feed. This was a wake-up call for many Facebook users who felt this was a blatant privacy violation.
Less than a year later, in 2007, the social network launched a program called Beacon. Beacon would publish users’ purchases from third-party online merchants in their news feed, often without users’ knowledge or consent, seemingly doubling down on the news feed’s surreptitious data sharing. This led to a class action lawsuit, which saw Facebook pay 9.6 million to settle. The Beacon program was discontinued in 2009.
Today, Facebook can still track you on sites and apps that it does not control or own. When you use Facebook, it places a cookie with a unique identifier on your device. Whenever you use another app or visit a website with a Facebook feature in it, such as a “Like” button or comments section, Facebook can identify you through the cookie and log your activity. Although the practice is panned by privacy activists, tracking cookies are commonly used to collect data used in targeted advertising. They’re also used by Google, Microsoft, and Amazon, among others.
Ads on Facebook can’t be trusted. Besides being annoying, they’re frequently used to perpetuate scams and illegal services.
Then things got worse
In 2009, Facebook reviewed and changed its terms of service, rendering it impossible for users to delete their data after leaving the platform. Despite users’ outcry, a few months later, Facebook made changes to its privacy policy, making a host of users’ private details public by default.
In 2011, the Federal Trade Commission (FTC) blamed Facebook for privacy violations. The FTC claimed that Facebook’s statement that third-party apps could only access small amounts of user data required for their operation was false and that, in actuality, third-party apps essentially had open access to user’s private information. On top of that, the FTC alleged that Facebook was sharing users’ personal details with advertisers (again, without users’ knowledge or consent). After settling with the FTC, Facebook agreed to submit itself to a bi-annual privacy audit by an independent party until 2031.
Then, in 2013, a bug was discovered by Facebook in its code. The bug caused the phone numbers and email addresses of 6 million Facebook users to be exposed to anyone with at least one other piece of contact information from those users. Facebook promptly patched the bug and informed regulators.
Later, in 2014, a group of data scientists at Facebook were authorized to perform a mood manipulation study on more than half a million users. Throughout the experiment, users’ news feeds were manipulated (yes, again without knowledge or consent), exposing them to either more positive or more negative content in an effort to determine how emotions could spread over social networks.
Cambridge Analytica
While the Cambridge Analytica scandal didn’t come to light until 2018, events leading up to the massive breach occurred as far back as 2014. That year, Cambridge University professor Aleksandr Kogan and his company GSR produced a Facebook app meant to perform personality tests. At the same time, he had entered into a data-licensing arrangement with Cambridge Analytica, a political consulting firm, to provide it with psychological profiles of American voters. The app collected the psychological data of over 87 million people.
Facebook itself only learned of the data-sharing arrangement in 2015, banning Kogan from the platform and forcing him to delete the unlawfully harvested data. Cambridge Analytica also filed a lawsuit against Kogan. Yet, despite all this, Facebook did not inform its users of the breach. It was only when whistleblower Christopher Wylie came forward in 2018 that the details were published in the media, exposing the scandal to the light of day.
We’re still not done with this downward spiral…
Still in 2018, bad actors were able to exploit a flaw in Facebook’s “View As” feature, designed to enable users to visualize what their profiles look like when viewed by other Facebook users. The flaw allowed hackers to obtain the personal details of Facebook users, such as name, date of birth, email or phone number, gender, etc. The flaw affected roughly 30 million users before the social network patched it.
Just a year later, in 2019, it was discovered that Facebook stored more than 500M user passwords in plaintext files (i.e., unencrypted). Only Facebook employees could access the data, but that still means more than 2,000 people had access.
In April of that same year, it was revealed that between 2016 and 2019, Facebook would stealthily upload users’ email contacts when they created their accounts. Facebook would prompt new users for their email password, ostensibly to verify the account (whatever happened to verification emails?). When users complied, the email addresses of all their contacts were uploaded to Facebook’s servers for improved ad targeting. This is said to have affected over 1.5 million users.
In July 2019, Facebook was fined 5 billion dollars by the FTC for its repeated privacy violations and its failure to respect the FTC’s orders following the Cambridge Analytica debacle. Specifically, the cited violations concerned the data collection of children under 13 years of age – which is illegal under the Children’s Online Privacy Protection Act (COPPA). This was the largest fine ever imposed in the FTC’s history.
In September, an unsecured and publicly accessible server was found to be hosting the private data of 419 million Facebook users. Facebook did not own the server, and it still isn’t clear how the data got there.
Just two months later, in December 2019, the personal details of 267 million Facebook users were found to be available on a server over the Dark Web. A second server was found in March 2020 with the private information of an additional 42 million users. Both servers were associated with a Vietnamese hacker collective.
In June 2020, Facebook engineers were found to have inadvertently enabled third-party developers to access much more data than they should have (Oops). This was fixed a month later, but the damage had already been done for the exposed users.
In April 2021, the personal details of over 530 million Facebook users were posted to an online hacking forum. The data seems to have been scraped from the site after hackers discovered a bug in Facebook’s contact importer. Facebook patched the flaw in September of the same year but opted not to alert its users of the breach. In November, Ireland’s Data Protection Commission fined Meta (Facebook’s parent company) €265M for violating Europe’s General Data Protection Regulation (GDPR).
And finally, at the end of 2022, Facebook agreed to pay out 725 million dollars as a settlement for its privacy violations in the Cambridge Analytica debacle.
To delete or not to delete
It’s a bleak portrait if I ever saw one. And I guess that, given the above, any reasonable person would have to answer “no” to the question, “Should you trust Facebook.” Now, should you delete your account? A “one-size-fits-all” answer just isn’t possible here. Everyone’s circumstances are different. Some use Facebook for business purposes; others may have no other means to stay in touch with certain people. So, it will come down to a personal choice based on each person’s situation.
However, if you decide to delete your Facebook account, here’s how to do that.
Deleting vs. deactivating Facebook
When you want to remove yourself from Facebook, you have two options: either delete or deactivate your account. In a nutshell, one is permanent, while the other is not.
Deactivating your account can be a good option if you simply want to take a break from Facebook, temporarily removing your presence from the network to come back at a later date. When your account is deactivated, nobody can view your profile, although your name can still be included in your friends’ lists. You can also continue to use Facebook Messenger while your account is deactivated.
On the other hand, deleting your account cuts you off completely and is a one-way trip (i.e., there’s no turning back). All your posts, pictures, videos, and everything else tied to your profile will be inaccessible. You won’t be able to use Facebook Messenger, and you won’t be able to use the “login with Facebook” feature on third-party sites. However, the messages you sent to your friends over Facebook will still remain visible to them.
When you choose to delete your account, Facebook grants you a 30-day grace period, during which you can reactivate your account by signing back into it. After 90 days, Facebook will delete your data, so it’s recommended to download your data from Facebook before deleting your account (we’ll show you how to do that, too).
Of course, Facebook makes the process of deactivating or deleting your account as convoluted as legally possible, so these guides will come in handy to those determined to do so.
Let’s start with how to download your Facebook information.
How to download your Facebook information
- Log into your Facebook account.
- Click on the Account icon at the top right of the UI. A drop-down menu is displayed.
- Select Settings & Privacy. The Settings & Privacy pane is displayed on the left side of the screen.
- Select Settings. The Your Facebook Information page is displayed.
- Select Download Your Information. The Download your information pop-up is displayed.
- Click the Request a download button.
- You’re prompted to choose between a complete copy of your data (Complete copy) or to select the specific types of content (Select types of information).
- Once you’ve made your selection, a summary of your request is displayed. Click the Submit request button.
A confirmation message is displayed. Once your backup is ready, Facebook will send you an email with a secured download link. This took a few hours for me.
Once you get the email, click the link and then click the Download displayed on the displayed web page. You’re prompted for your password, and your archive begins downloading once entered.
How to deactivate your Facebook account
- Log into your Facebook account.
- Click on the Account icon at the top right of the UI. A drop-down menu is displayed.
- Select Settings & Privacy. The Settings & Privacy pane is displayed on the left side of the screen.
- Select Settings. The Your Facebook Information page is displayed.
- Click on the Accounts Center box at the top left of the page. The Accounts Center page is displayed.
- Select Personal details from the options list on the left. The Personal details page is displayed.
- Select Account ownership and control. The Account ownership and control page is displayed.
- Choose Deactivation or deletion.
- You’re prompted to select the account to deactivate or delete.
- You’re then prompted to choose between Deactivate account or Delete account. Select Deactivate account.
- You’re prompted for your password. Enter it.
- You’re then prompted to provide a reason for the deactivation. Make your selection and click the Continue button.
- You’re presented with the option to automatically reactivate your account after a specified period of time. You can also choose not to have it reactivated automatically. Make your selection and click the Continue button.
- You’re presented with the final confirmation for account deactivation where you have the option of enabling or disabling Messenger use. Make your selection and click the Deactivate my account button.
You’re logged out of Facebook, and a confirmation message stating that your account has been deactivated is displayed. Your account is now deactivated.
How to delete your Facebook account
- Log into your Facebook account.
- Click on the Account icon at the top right of the UI. A drop-down menu is displayed.
- Select Settings & Privacy. The Settings & Privacy pane is displayed on the left side of the screen.
- Select Settings. The Your Facebook Information page is displayed.
- Click on the Accounts Center box at the top left of the page. The Accounts Center page is displayed.
- Select Personal details from the options list on the left. The Personal details page is displayed.
- Select Account ownership and control. The Account ownership and control page is displayed.
- Choose Deactivation or deletion.
- You’re prompted to select the account to deactivate or delete.
- You’re then prompted to choose between Deactivate account or Delete account. Select Delete account.
- You’re asked to provide a reason for the deletion. Make your selection and click the Continue button.
- A screen attempting to convince you stay on Facebook is displayed. Click the Continue button.
- A screen promoting alternatives to account deletion is displayed. Click the Continue button.
- You’re prompted for your password. Enter it.
- A final confirmation screen is displayed. Click Delete account.
You’re logged out of Facebook, and a confirmation message stating that your account has been deleted is displayed. Your account is now deleted.
As mentioned above, you have 30 days to change your mind and reactivate your account by signing in again. And after 90 days of inactivity, Facebook will delete your data.
Wrap Up
So, that was a brief history of Facebook’s privacy violations, along with step-by-step guides on downloading your data from Facebook and deactivating and deleting your account. Because of the internet’s “surveillance capitalism” business model, social media companies are going to want to collect as much information on their users as they possibly can to turn it into money – like weird personal information alchemists.
Of course, Facebook isn’t the only alchemist out there; it’s just the biggest one. So, it’s bound to be the one that gets caught the most often.
Life is full of trade-offs. Some are just worse than others.
Stay safe.