Since the 2016 election and the Cambridge Analytica scandal, Facebook has been under near-constant scrutiny over the way it handles users’ private data. Its privacy problems didn’t just start in 2016, though; going back to its public debut in 2006, Facebook has faced a significant number of data privacy-related issues. The latest came yesterday, with the reveal (from New York Times security researcher Zeynep Tufekci) that if a Facebook user provides their phone number solely for secure two-factor login authentication, any other user can then look them up using that phone number.
In handling privacy issues, Facebook has consistently chosen not to do anything to limit the massive amount of data it collects about users, or to better regulate what happens to that data.
But all those problems will be no more, according to founder and CEO Mark Zuckerberg. In a 3,225-word manifesto posted today, he outlined his plan to turn Facebook into “a privacy-focused communications platform.”
He envisions Facebook in its current state like a “town square,” and wants it to become “a more intimate space like a living room,” he wrote in the statement. Facebook plans to achieve this by shifting from a platform where its 2.7 billion users publicly share their posts, photos, and general information with a lot of people to a platform where people primarily share private, encrypted information with a small number of people.
“I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform — because frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing,” Zuckerberg wrote.
But, he added, he thinks private, small-number sharing is where social media is heading.
To that end, Zuckerberg said Facebook will implement changes over the next few years that will encourage users to share with smaller, closer groups of people. It will also implement changes to make users’ data more ephemeral.
What will this look like in practice? First, Facebook plans to bring together Messenger with Facebook subsidiaries Instagram and WhatsApp to allow cross-app private messaging that’s more securely encrypted and comes with features like self-destruction. That means users will be able to choose when their private missives sent over any of the apps will self-destruct (à la Snapchat).
“This would reduce the risk of your messages resurfacing and embarrassing you later,” Zuckerberg wrote. “And we could also provide an option for you to set individual messages to expire after a few seconds or minutes if you wanted.”
Zuckerberg also said Messenger, Instagram, and WhatsApp will be updated so users must opt-in to receiving private messages in the first place. (Right now, private messages are turned on by default.)
As for data Facebook collects about its users, Zuckerberg said metadata tied to users’ private messages will be kept around for a shorter timeframe, and be deleted after it feeds through Facebook’s spam and safety systems. In addition, Facebook won’t store “sensitive data” at all about users located in “countries with weak records on human rights like privacy and freedom of expression in order to protect data from being improperly accesssed,” Zuckerberg wrote.
These changes will act as a first step, a foundation upon which Facebook will then build out other services. Zuckerberg said the company is also considering data privacy changes that will affect “how people do payments and financial transactions” and “the role of businesses and advertising.”
Noticeably absent from Zuckerberg’s statement is anything about third parties who have access to Facebook’s internal data about users. Third-party access was the cause of the Cambridge Analytica scandal, and was a major discussion point in Zuckerberg’s subsequent Congressional hearing about data privacy. It was also, as was recently revealed, what gave Netflix the ability to read, write, and delete Facebook users’ private messages. (Netflix denies knowing it had that ability, and denies ever exploited it.)
Zuckerberg also didn’t mention the fact that Facebook doesn’t just collect users’ data from messages; it also gleans a considerable amount of very specific information about users by tracking them across the web and in real life, geolocationally, using things like phones’ GPS services.
“I believe we should be working towards a world where people can speak privately and live freely knowing that their information will only be seen by who they want to see it and won’t all stick around forever,” he wrote. “If we can help move the world in this direction, I will be proud of the difference we’ve made.”
Header image by Anthony Quintano