Facebook emails show its real mission
By Kevin Roose
British lawmakers on Wednesday gave a gift to every Facebook critic who has argued that the company, while branding itself as a do-gooder enterprise, has actually been acting much like any other profit-seeking behemoth.
That gift was 250 pages’ worth of internal emails, in which Facebook’s executives are shown discussing ways to undermine their competitors, obscure their collection of user data and — above all — ensure that their products kept growing.
The emails, which span 2012 to 2015, were originally sealed as evidence in a lawsuit brought against Facebook by Six4Three, an app developer. They were part of a cache of documents seized by a British parliamentary committee as part of a larger investigation into Facebook’s practices and released to the public Wednesday.
It should not come as a surprise that Facebook — a giant, for-profit company whose early employees reportedly ended staff meetings by chanting “domination!” — would act in its own interests.
But the internal emails, a rare glimpse into Facebook’s inner workings, show that the image the company promoted for years — as an idealistic enterprise more dedicated to “bringing the world closer together” than increasing its own bottom line — was a carefully cultivated smoke screen.
These emails reveal that in the formative years of Facebook’s growth, the company’s executives were ruthless and unsparing in their ambition to collect more data from users, extract concessions from developers and stamp out possible competitors.
“It shows the degree to which the company knowingly and intentionally prioritized growth at all costs,” said Ashkan Soltani, a privacy researcher and former chief technologist of the Federal Trade Commission.
In a blog post on Wednesday, Facebook said the documents included in the lawsuit were a cherry-picked sample that “tells only one side of the story and omits important context.”
Here are four revelations from the emails that detail Facebook’s aggressive quest for growth:
1. The company engineered ways to collect Android users’ data without alerting them.
In February 2015, Facebook had a privacy dilemma.
The company’s growth team — a powerful force within Facebook — wanted to release an update to the Android app that would continually collect users’ entire SMS and call log history. That data would be uploaded to Facebook’s servers, and would help Facebook make better recommendations, such as suggesting new friends to Android users based on the people they’d recently called or texted. (This feature, called “People You May Know,” has been the subject of much controversy.)
But there was a problem: Android’s privacy policies meant that Facebook would need to ask users to opt in to having this data collected. Facebook’s executives worried that asking users for this data could bring a public backlash.
“This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it,” one executive, Michael LeBeau, wrote.
He outlined the nightmare scenario: “Screenshot of the scary Android permissions screen becomes a meme (as it has in the past), propagates around the web, it gets press attention, and enterprising journalists dig into what exactly the new update is requesting, then write stories about ‘Facebook uses new Android update to pry into your private life in ever more terrifying ways.’”
Ultimately, Facebook found a workaround. Yul Kwon, the head of Facebook’s privacy program, wrote in an email that the growth team had found that if Facebook’s upgraded app asked only to read Android users’ call logs, and not request other types of data from them, users would not be shown a permission pop-up.
“Based on their initial testing, it seems that this would allow us to upgrade users without subjecting them to an Android permissions dialog at all,” Kwon wrote.
In a blog post on Wednesday, Facebook said it collects call and text message logs only from Android users who opt in, and that as of 2018, it keeps this information only temporarily, since “the information is not as useful after about a year.”
2. Mark Zuckerberg personally approved cutting off a competitor’s data access.
In January 2013, one of Zuckerberg’s lieutenants emailed him with news about Twitter, one of Facebook’s biggest competitors. The company had introduced a video-sharing service called Vine, which allowed users to create and post six-second video clips.
When new users signed up for Vine, they were given the option of following their Facebook friends — a feature enabled through Facebook’s application program interface, or API. This feature was widely used, and had become a valuable tool for new apps to accelerate user growth. But in Vine’s case, Facebook played hardball.
“Unless anyone raises objections, we will shut down their friends API access today,” wrote the lieutenant, Justin Osofsky, now a Facebook vice president.
Zuckerberg, the chief executive, replied: “Yup, go for it.”
On Wednesday, Rus Yusupov, one of Vine’s co-founders, said on Twitter, “I remember that day like it was yesterday.”
Facebook’s decision to shut off Vine’s API access proved fateful. Months later, Instagram released its own short-form video feature, which many saw as a further attempt by Facebook to hobble Vine’s growth. Vine shut down in 2016, after stagnant growth and heavy competition led many of its stars and users to go elsewhere.
On Tuesday, Facebook changed its developer policies, ending the prohibition on apps that competed with the company’s own features.
3. Facebook used a privacy app to collect usage data about its competitors.
In 2013, Facebook acquired Onavo, an Israeli analytics company, announcing that Onavo’s tools “will help us provide better, more efficient mobile products.”
One of those tools, an app called Onavo Protect, was especially helpful in helping Facebook sniff out potential competitors. The app, which was billed to users as a way to keep their internet browsing private, also collected data about which apps those people used the most — including apps not owned by Facebook — and fed that information back to Facebook.
According to the emails released on Wednesday, Facebook executives received reports about the performance of rival apps, using data obtained through Onavo.
Sometimes, those reports revealed up-and-coming competitors. One report included in the email cache, dated April 2013, said that WhatsApp, the mobile messaging app, was gaining steam. According to Onavo’s proprietary data, WhatsApp was being used to send 8.2 billion messages a day, whereas Facebook’s own mobile app was sending just 3.5 billion messages daily.
Ten months later, Facebook announced that it was acquiring WhatsApp in a deal valued at $14 billion.
In August, Facebook pulled Onavo Protect from the App Store, after Apple reportedly said that it violated the company’s privacy rules.
4. Facebook executives wanted more social sharing, as long as it happened on Facebook.
In November 2012, Zuckerberg sent a lengthy note to several top executives called “Platform Model Thoughts.” It outlined how intensely he wanted Facebook to be the center of everyone’s social life online.
The email addressed a debate that was raging inside Facebook at the time, about whether outside app developers should have to pay to connect their apps to Facebook’s developer platform. Zuckerberg said he was leaning away from a charge-for-access model, and toward what he called “full reciprocity” — giving third-party developers the ability to connect their apps to Facebook free, in exchange for those apps’ giving data back to Facebook, and making it easy for users to post their activity from those services on their Facebook timelines.
By giving away access, Zuckerberg said, Facebook could entice more developers to build on its platform. And by requiring app developers to send data back to Facebook, it could use those apps to increase the value of its own network. He wrote that social apps “may be good for the world but it’s not good for us unless people also share back to Facebook.”
Facebook later put in place a version of this “reciprocity rule” that required developers to make it possible for users of their apps to post their activity to Facebook, but did not require them to send usage data back to Facebook. (Not coincidentally, this “reciprocity rule” explains why for several years, it was virtually impossible to go on Facebook without seeing dozens of updates about what your friends were watching on Hulu or listening to on Spotify.)
In a Facebook post on Wednesday, after the emails were made public, Zuckerberg wrote that the company had tightened its developer policies in 2014 to protect users from “sketchy apps” that might misuse their data.
But back in 2012, the company’s worry was not about data misuse. Instead, the company was chiefly concerned with how to use those developers’ apps to spur its own growth.
Sheryl Sandberg, Facebook’s chief operating officer, wrote back to concur with Zuckerberg’s approach to data reciprocity.
“I think the observation that we are trying to maximize sharing on Facebook, not just sharing in the world, is a critical one,” she wrote.