I've Been Mugged Blog

The acquisition of WhatsApp by Facebook has received a lot of attention in the news media. I recommend reading this LinkedIn article article by Bernard Marr about the combined power of Facebook.com and WhatsApp:

"WhatsApp doesn’t really fit into the Facebook business model because it has always promised its users that it won’t sell ads. So how will Facebook get a return on their $19 billion? I believe that the answer is: by mining the data within WhatsApp."

In my opinion, social networking sites that insist on being free for users have already made the decision to (heavily) mine their customers' data. It's their business model. (This also applies to Google.) Marr wrote this about the extensive amount of information Facebook has already collected about its users:

"... what we look like, who our friends are, what our views are on most things, when our birthday is, whether we are in a relationship or not, the location we are at, what we like and dislike, and much more. This is an awful lot of information (and power) in the hands of one commercial company. Facebook is only beginning to leverage all their data and I believe that even if we all stopped using Facebook today (which is very unlikely), the company would still have more information about people than any other private company on the planet..."

I would add more items to this list of data collected by Facebook:

• Geo-location data about where (and when) you are in the real world. when you, a) check in from various physical, locations; b) use the Facebook mobile app; and c) upload photos and/or videos with geo-location metadata embedded
• Health information you share with fitness apps (e.g., RunKeeper, Strava, MapMyRide, FitBit, etc.). Below are actual posts on Facebook. I have masked the names and images to protect users' privacy. Click on an image to view a larger version:

I briefly reviewed the privacy polices for several fitness apps. MapMyRide and MapMyFitness use the same privacy policy, which seems to be more transparent and honest than other apps about the data collected and shared (emphasis added):

"Personal information is any information that identifies a User personally, either alone or in combination with other information available to us... For certain Services, MapMyFitness requests a User furnish certain financial information, including but not limited to, a credit card or other payment account information that we maintain in encrypted form on secure servers..."

The MapMyFitness Privacy Policy also stated (emphasis added):

"MapMyFitness and our partners and licensees may collect, use and share a User’s precise location information, including the real-time geographic location of a User’s mobile device. For some third-party partners, such as Google, this location information will be shared automatically. For others, such as Facebook, this information will only be shared with a User’s explicit permission or if you choose to share it... Location information... may be collected from a User’s wireless carrier, certain third party service providers, or directly from the mobile device that the User previously registered for use with MapMyFitness. The collection and tracking of a User’s location information may occur even when the MapMyFitness mobile phone application is not actively open and running... MapMyFitness may receive certain personally non-identifiable information about the User’s use of the Services. Such information, which may be collected passively using various technologies, or via submission of data by fitness devices the User may have configured to work with the Services, cannot presently be used to specifically identify the User. MapMyFitness may store such information ourselves or it may be included in databases owned and maintained by our affiliates, agents or service providers."

I interpret the last paragraph to include cloud storage vendors and fitness devices in athletic clubs (and gyms) that interact with the mobile app. The policy advises users to use the "Private" privacy setting so data is not shared with friends and the general public. The wording implies that the data is shared ("Private" setting or not) with affiliates, partners, and licensees.

Marr also summarized Facebook's abilities to predict things about its users:

"... Facebook revealed that it can now safely predict when a user is about to change their relationship status from ‘single’ to ‘in relationship’. The insights come from analyzing the way we exchange messages and post on our timeline just before we 'commit'. Read the details here... a recent study shows that it is possible to accurately predict a range of highly sensitive personal attributes simply by analyzing the ‘Likes’ we have clicked on Facebook. The work conducted by researchers at Cambridge University and Microsoft Research shows how the patterns of Facebook ‘Likes’ can very accurately predict your sexual orientation, satisfaction with life, intelligence, emotional stability, religion, alcohol use and drug use, relationship status, age, gender, race and political views among many others."

Marr's warning to consumers and to users of social networking sites:

"WhatsApp's data would reveal who we are sending messages to, how often we do that, what pictures we share and most importantly what we are talking about.Even though Facebook states that the two companies will run independently of each other, I think it is naïve to believe that this will continue for long..."

It is reasonable to assume that everything Facebook knows about your fitness, the NSA and GCHQ probably know, too. And, the HIPAA Privacy Rule exists for several reasons. Some really smart people put that law in place to ensure that health care providers keep patients' personal health information secure. Many consumers seem totally unaware of this, and share their personal health information with any and every social networking site. You can learn more about the HIPAA Privacy Rule here.

More images fitness posts from Facebook appear below: