Breaking up with Facebook is hard to do. The ubiquitous social media giant apparently doesn’t take user rejection lightly, and despite its string of bad behavior, it isn’t about to let you ― or your personal data ― go without a struggle.
The latest accusation that Facebook misbehaved came over the weekend, when U.S. and British lawmakers demanded to know why the site didn’t warn 50 million of its users that a political data firm with links to President Donald Trump’s 2016 campaign had harvested their private information for something called a “psychographic voter model.”
Facebook has previously been accused of breaching the trust of its users: It allowed itself to be used as a tool for disinformation and admitted to running fake political ads designed to mislead voters.
Even aside from fears that data could wind up in the wrong places, some users have just reached their saturation point for cat videos and lunch photos. They would like to bid adieu, but Facebook makes it hard. So what’s a Facebook user to do if they’ve had enough?
Facebook likes to hang on to its users, says Serge Egelman, research director of the Berkeley Laboratory for Usable and Experimental Security, a company affiliated with the University of California, Berkeley, that researches how people make privacy and security decisions, and then uses that understanding to construct safer systems and interfaces.
The real business of Facebook is collecting data, Egelman says, and for years now, the site has made it hard for users to delete theirs ― not that the internet allows erasures anyway. Once you post something, it is out there, somewhere, forever more. Until 2007, Facebook never completely deleted a user’s information even if their account was deleted. It was more like suspending an account, which meant a person could get their account and all the information back anytime they decided to join Facebook again. In 2008, Facebook began offering the option of permanent deletion.
Facebook isn’t interested in giving away your data when it can make money off it.
Today, Facebook basically offers its users two divorce options: deactivation, which leaves room for a user to come back with all their data intact (and makes that data available to Facebook even if the user doesn’t return); and deletion, which permanently removes a user’s data from Facebook but requires that the user contact Facebook and engage in a multi-step and time-consuming process for that to happen. After jumping through multiple online hoops, those wishing to delete their account must wait about two weeks for the deletion to be processed. If you sign on to an account during this waiting period, the deletion process will be terminated and you have to start all over again.
There is a third option, of course, which is to just do nothing ― you abandon your account and stop signing on to Facebook ― which Egelman and others think happens quite a bit.
Facebook did not respond to HuffPost’s request for statistics about how many users have deleted, deactivated or abandoned their Facebook accounts.
Egelman said that the “right to be forgotten” exists in the European Union, but not in the United States. “The U.S. needs more stringent policy directives so that we have the right to be forgotten and have our data delivered,” he told HuffPost.
But to keep things in perspective, he said, you should determine your “threat model,” meaning what you’re actually worried will happen.
Is it that some stranger will be able to learn where you live and what your kids’ names are from Facebook? Certainly there is the risk that collecting information from multiple online sources ― Facebook being just one ― could lead to a bigger compilation of information about you, your health conditions, your finances, etc.
The reality is that most of this data is being collected by companies that want to target the ads they send your way. While it’s annoying to think someone is tracking you, the goal is nothing more nefarious than identifying consumers for a product. Period. Which is not to discount those who would steal your identity, clean out your savings account or break into your house after learning you are in Hawaii from those vacation photos you posted on Facebook.
Facebook knows a lot about you for sure, said Egelman, but keep something else in mind: Facebook isn’t interested in giving away your data when it can make money off it. Here’s Facebook’s policy about what it will and will not do with your information.
Short of deleting your account, what can an individual user do to limit where your Facebook data winds up? Here are a few cautions:
1. Don’t use Facebook to sign on to other apps.
Sure, it’s more convenient to use Facebook to sign on to other apps, because who can remember a gazillion passwords for all those different sites? But when you do it, you are giving the other app permission to access your information on Facebook. And who knows what they, as third-party sites, will do with it?
2. Remember that the weakest link is anyone connected to you.
OK, so let’s say you have wisely heeded the advice to only friend people on Facebook who you actually know in real life. You can even make it more selective: just family for family news or just school friends for school news.
When you open the Facebook door to strangers, you are handing over the keys to your data. Ditto for posting your updates so that they can be seen by friends of friends or the public.
People frequently add their work colleagues to their friends list. This can get dicey should you complain about someone in the office or add an inappropriate photo. Maybe “Don’t Facebook Under the Influence” should be a bumper sticker?
3. Don’t let others post to your timeline.
Do you really want the lout from your college fraternity to be sharing remembrances, like the time you both woke up in the trash dumpster? “Good times, man, good times.” Your prospective employer may not agree.
College admissions officers, future employers, even future spouses ― are all going to check you out online. At least control the narrative of your own timeline and keep frat boys and others who could unwittingly harm you away.
In the same vein, your health history probably doesn’t need to be posted publicly.
4. Share defensively.
Even the most innocuous post can play into the hands of identity thieves. You know how much you love getting all those happy birthday wishes on Facebook? Get over it. Your birthdate is a vital link in the verification of your identity. Facebook’s feature of remembering your birthday and notifying all your friends is sweet ― and dangerous.
There is also really no reason to post to Facebook with the location tagger working. Facebook places lets your friends know where you are and what you are doing. What’s more, you will be spammed by others’ updates on their whereabouts, which can be very disturbing. So if you want to have your coffee in peace, make sure that your Facebook privacy settings are as per your requirements.
5. Like less, worry more.
We all get a ton of requests to like something on Facebook ― a group, a post, a movie, book or place. Tons of them. Those likes are what help shape our data profile.
Be mindful of what you say on all social media sites, including Facebook. Enjoy the site for what it gives us ― the ability to stay in touch and share life’s moments with people we know ― but watch what you post carefully.