The Cybersecurity Threat to FB & Insta Users

Europe has much stronger privacy laws (the GDPR) than the United States, and some global companies simply follow the more stringent GDPR guidelines across their services to keep things simple, which extends those protections to the US users.

Not Meta, the company behind Facebook (FB) and Instagram (Insta).

In Europe, Meta alerted users that its artificial intelligence (AI) would begin scraping (ingesting) users’ public posts for AI training data as of June 26. This announcement has caused a kerfuffle around security and user privacy issues.

No kerfuffle here in the States, not because our data won’t be ingested, but because Meta already ingests US users’ public posts for training data (text, photos, and prompts) for Meta AI, its chatbot.  Didn’t realize Meta was using your FB or Insta posts to train its AI? If you are a US user, that’s because Meta was not required to inform you it was doing so. No GDPR here!

I think this surprises no one and, if you have your posts set to public, you likely had no misguided belief that your data were private. Even so, tracking how companies use your data–your words, your photos–in is a good habit to get into for one major security reason.

Aggregated data pose a cybersecurity threat if used maliciously.

Posting publicly does not pose the same security threat as being included in a mega scrape. Hackers don’t have the time to download data from individuals one at a time, but large data sets have high value, even if they need to be curated.

These large-scale scrapes of data, called mega scrapes, when curated, can be used by hackers in any number of ways to target the people whose information is in the data set (think social engineering techniques, such as phishing). Facebook has been hacked before, and it can be hacked again. Meaning, the data set they mega scrape together to train their AI poses a cybersecurity threat to users if it is breached.

Can you opt out?

Can US users opt out? NYT says nope, you can only avoid scraping by setting your accounts to private. (But can your friend in Europe opt out? You betcha, but it’s not easy.)

The upshot? Read the fine print on new accounts and on your legacy accounts when you receive an alert that changes have been made. (And we all know to delete our zombie accounts, of course.)

Learn more

Jiménez J. Can I Opt Out of Meta’s A.I. Scraping on Instagram and Facebook? Sort Of.  The New York Times. June 7, 2024. Updated June 10, 2024. Accessed June 10, 2024. https://www.nytimes.com/2024/06/07/technology/meta-ai-scraping-policy.html

Thubron R. Facebook will soon use your posted content to train its AI, and opting out isn’t easy. TechSpot. May 29, 2024. Accessed June 10, 2024. https://www.techspot.com/news/103179-facebook-soon-use-posted-content-train-ais-opting.html

Tidy J. How your personal data is being scraped from social media. BBC News. July 15, 2021. Accessed June 10, 2024. https://www.bbc.com/news/business-57841239