Until data is misused, Facebook’s breach will be forgotten

We worried about Cambridge Analytica because it could have helped to choose Trump. We ignore LocationSmart because even though the company was selling and displaying GPS coordinates in real time from our phones, it was never clear exactly how or how those data were misused.

This idea, that privacy issues are abstract concepts for most people until they become security or ideological issues, is important to understand the massive Facebook breach revealed this week.

The engineering of the social network was neglected, allowing to combine three errors to steal the access tokens of 50 million people. In pursuit of rapid growth at affordable efficiency, Facebook did not protect its users. This evaluation does not rule out that. Facebook fucked big.

But despite the potential that these access tokens could have allowed attackers to take over users' accounts, act like them and delete their personal information, it's not clear how much users care. That's because, for now, Facebook and its watchdogs are not sure exactly what data was stolen or how it was used incorrectly.

The trick that broke the camel?

All this could change tomorrow. If Facebook discovers that the hacking was perpetrated by a foreign government to interfere with elections, by criminals to bypass security checkpoints of identity theft and steal bank accounts or social media profiles, or to attack individuals for physical damage, the gallows and torches will come.

Given a scary enough application for the data, the breach could finish the job of destroying the Facebook brand. If users begin to delete their profile data, reduce the scanning of their feeds and stop sharing, non-compliance could have significant financial and network effect consequences for Facebook. After years of scandals, this could be the trick that has broken the back of the camel.

However, in the absence of such misuse of pirated data, the gap could fade into the background for users. Similar to the stress-filled departures of the founders of the Instagram, Instagram and WhatsApp acquisitions, the worst part of the reaction may not come from the public.

The trick could speed up the regulation of social networks. Senator Warner urged Congress to "step up" after the attack. Previously he defended privacy laws similar to those of GDPR in Europe. That includes the portability of the data and the interoperability rules that could facilitate the change of social networks. That threat of people switching to competing applications could be successful in forcing Facebook to better deal with user privacy and security.

The FTC or the European Union could impose significant fines on Facebook for the violation. But since it earns billions in earnings per quarter, those rates should historically be massive to be a serious sanction for Facebook.

One of the most important questions about the attack is if the cards were used to access other services such as Airbnb or Spotify. who trust Facebook Login. The gap could keep potential partners from building on Facebook's identity platform. But at least you do not have to worry about changing all your passwords. Unlike hacks that steal usernames and passwords, the lasting danger of Facebook's breach is limited. The access tokens have already been invalidated, while the reuse of passwords can cause other applications to be pirated long after the initial violation.


If government investigators, journalists or anti-Facebook activists want to make the company pay for their negligence, they will need to connect it to a specific threat about how we live or what we believe.

For now, without a harmful application of the data breached, this scandal could be mixed with the rest of Facebook's problems. Every week, sometimes several times a week, Facebook has some trouble getting headlines. Over time, they add up to discourage the use of Facebook and encourage more users to eliminate it. But without a general purpose, independent social network that they can easily switch to, many users have endured Facebook's setbacks in exchange for the connection utility it provides.

As infractions become more common, the public may be insensitive. At worst, we could become complacent. Companies must be held accountable for privacy failures, even when the damage caused is vague. But between Equifax, Yahoo and the cell phone companies, we are getting used to letting out a deep sigh with some expletives and continuing with our lives. The ones we will remember will be those in which the danger spread from the digital world to our lives offline.

[Featured image via Getty]

Leave a Reply