Select Page

Variety has reported a few days ago that “Meta Platforms” agreed to pay $90 million to settle a lawsuit over the company’s use of cookies to track Facebook users’ internet activity even logged off from the platform. 

They were requested to delete all data collected from those users illegally.

Here are more details about the settlement agreement filed this past Monday in a California court. Let’s take into account that if this is approved by a judge, it will put to rest the biggest series of social media-related suits (at least those about users’ privacy).

 

Facebook Newest $90 Million Settlement

For over a decade (first filed in 2012) Facebook’s use of the “Like” button has turned on the alarms. Up to this point, many people didn’t or still don’t know that this popular feature was used to track users as they visited third-party websites and then allegedly compiled browsing histories into profiles. Information that’s attractive enough to be sold to advertisers.

After being known, this rapidly exploded for its violation of the federal wiretapping laws.

But this case was never fully closed… Until apparently, just recently.

Here’s what Meta’s spokesperson has to say: 

“Reaching a settlement in this case, which is more than a decade old, is in the best interest of our community and our shareholders and we’re glad to move past this issue.”

The latest development of this story was last year after Meta was ordered to pay $650 million due to a class-action lawsuit when Facebook was accused of violating the Illinois Biometric Information Privacy Act (BIPA) over its facial recognition photo-tagging feature.

A second strike coming from the U.S. state of Texas hit Meta earlier this week. The company was sued for “capturing and using the biometric data of millions of Texans without properly obtaining their informed consent to do so.”

 

But unfortunately for Mark and the company, this is not the only bad news from this week for Facebook. 

 

Facebook 2022 Chrome Extension Privacy Scandal

It was discovered that several Chrome browser extensions were using Facebook’s session tokens to get access to data of signed-in users’ data, without their direct concern.

The news started spreading after Zach Edwards (security researcher) noticed how Brave was blocking the Chrome Extension “L.O.C.” which was exposing users’ Facebook data to a third-party server with the help of tokens obtained easily from Facebook’s Creator Studio.

This maliciously-intended browser extension uses Facebook’s Graph API to fetch data about every single signed-in user it finds, with the intention to automate Facebook data processing.

Facebook Graph API

Of course, such easy access to this data can be and is being abused, as in the past. Something similar happened in September 2018 with the “View As” feature, which affected around 50 million accounts.

Guy Rosen, former VP of Product Management and now VP of Integrity at Meta explained:

“This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.”

So, what does all of this mean?

Cambridge Analytica once obtained people’s Facebook profile information via a third-party quiz app plugged into the social network. Now, governmental figures are trying to avoid that from happening with Chrome extensions. 

Even after the preventive measures put in place after the CA fiasco, the Creator Studio access tokens could lead to a repeat of history. But we were told the token is not the problem. But rather browser extensions that people install with the intention to automate Facebook activities.

In that case, Meta’s spokesperson advises everyone to remove unsafe extensions from their web stores and call out Google to be “more vigilant”.