The UK parliament publicly shared secret internal Facebook emails on December 5 that cover a wide-range of the company’s tactics related to its free iOS VPN app that was used as spyware, recording users’ call and text message history, and much more.

As reported by Bloomberg, British lawmakers made the massive document of internal Facebook emails publicly available on December 5. The full document includes hundreds of pages of emails and data. A summary includes six main “key issues” from the documents.

  1. White Lists – Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.
  2. Value of friends data – It is clear that increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook. The idea of linking access to friends data to the financial value of the developers relationship with Facebook is a recurring feature of the documents.
  3. Reciprocity – Data reciprocity between Facebook and app developers was a central feature in the discussions about the launch of Platform 3.0.
  4. Android – Facebook knew that the changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user would be controversial. To mitigate any bad PR, Facebook planned to make it as hard of possible for users to know that this was one of th e underlying features of the upgrade of their app.
  5. Onavo – Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, and apparently without their knowledge. They used this data to assess not just how many people had download ed apps, but how often they used them. This knowledge helped them to decide which companies to acquire, and which to treat as a threat.
  6. Targeting competitor Apps – The files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business.

Onavo was an interesting effort from Facebook. It posed as a free VPN service/app labeled as Facebook’s “Protect” feature, but was more or less spyware designed to collect data from users that Facebook could leverage. Apple pulled the app six months after it landed on the App Store.

Facebook’s emails describe how it used data from Onavo to target competitor apps:

Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, and apparently without their knowledge. They used this data to assess not just how many people had downloaded apps, but how often they used them. This knowledge helped them to decide which companies to acquire, and which to treat as a threat.

The emails also reveal more about how Facebook purposely obscured the fact that calls and texts would be recorded on Android devices.

Facebook knew that the changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user would be controversial. To mitigate any bad PR, Facebook planned to make it as hard of possible for users to know that this was one of the underlying features of the upgrade of their app.

Other tactics included whitelisting certain companies to allow access to the data of users and users’ friends. The UK parliament isn’t sure if Facebook received consent to do this.

Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.

The emails are a selection, often with little or no context or continuity, showing Facebook staff, including the chief executive, Mark Zuckerberg, discussing whether to trade access to user data for revenue, valuable trademarks or simple cash payments. The emails also cast new light on a number of other controversial practices at the social network:

  • In 2015, the company began “continuously uploading” call and text logs from Android phones, giving it a valuable window into the communications habits of its users. The company knew it was “a pretty high-risk thing to do from a PR perspective”, and discussed ways to do it without requiring users to actively opt in. One staff member warned that the change could result in “enterprising journalists … writing stories about ‘Facebook uses new Android update to pry into your private life in ever more terrifying ways – reading your call logs, tracking you in businesses with beacons, etc.’”
  • Since 2013, the company has used a VPN app it acquired, named Onavo, to harvest information about app usage on iPhones. By funneling all internet usage on those phones through Facebook’s servers, it could be forewarned about popular apps, and take pre-emptive action against possible competition. The company used this information in 2013 to show that WhatsApp was more popular on mobile than Facebook Messenger; it acquired the company a year later.
  • In 2013, when Twitter launched its mobile video app Vine, Facebook immediately shut down access to the company’s Find Friends API, frustrating Vine’s ability to grow the way Facebook’s own Instagram had – by piggybacking on to a wider social network. The move was personally approved by Zuckerberg.
  • Even though it clamped down on apps accessing user data in 2015, Facebook offered continued access to that data to a small number of large companies, including Netflix, Lyft and Airbnb.

The full collection of Facebook emails were released by the U.K. Parliament, as part of a British parliamentary committee inquiry into “disinformation and fake news.”

© Photo

Lee Matz