Facebook docs reveal how they view user data

December 5, 2018
Share on facebook
Share on twitter
Share on email


  • After announcing changes to platform data policies in 2015, Facebook entered into secret “whitelist” agreements with preferred developers such as Netflix and Amazon to allow continued access to complete user friend data.
  • Facebook indirectly monetized user data by exclusively offering the above “whitelist” data access to developers that spent over $250,000/year on Facebook advertising.
  • The Facebook subsidiary, Onavo, collected mobile app installation and usage data without customer knowledge. This information was then used by Facebook to determine which companies to acquire, and which to view as strategic threats.
  • Policy changes that enabled the collection of consumer phone call and SMS records by Facebook’s Android app were purposefully obfuscated from users to avoid negative PR.
  • Apps identified as rivaling Facebook had their data access curtailed by Facebook’s engineering team for purely competitive reasons

Become an OWI Member and receive daily insights, behind-the-scenes deal info, access to research, exclusive events, and much more.

What happened

A committee of U.K. lawmakers has published a trove of internal Facebook Inc. emails and documents previous sealed under California court order. Originally obtained during discovery in a U.S. lawsuit, the documents show Facebook may have misled the public regarding third-party developer access to user data.

In our opinion, the most interesting revelations from the published documents can be found in Exhibits 38 and 170, as well as on page FB-01389036 (see below)


[tab title=”Exhibit 38″ state=”active”]

Exhibit 38 – Mark Zuckerberg discussing linking data to revenue
MZ email 27 October 2012 to Sam Lessin at Facebook

‘There’s a big question on where we get the revenue from. Do we make it easy for devs to use our payments/ad network but not require them? Do we require them? Do we just
charge a rev share directly and let devs who use them get a credit against what they owe us? It’s not at all clear to me here that we have a model that will actually make us the revenue we want at scale.’

‘I’m getting more on board with locking down some parts of platform, including friends data and potentially email addresses for mobile apps.’

‘I’m generally sceptical that there is as much data leak strategic risk as you think. I agree
there is clear risk on the advertiser side, but I haven’t figured out how that connects to the rest of the platform. I think we leak info to developers, but I just can’t think if any instances where that data has leaked from developer to developer and caused a real issue for us. Do you have examples of this?……

‘Without limiting distribution or access to friends who use this app, I don’t think we have
any way to get developers to pay us at all besides offering payments and ad networks.’


[tab title=”Exhibit 170″]

Exhibit 170 – Mark Zuckerberg discussing linking data to revenue
Mark Zuckerberg email – dated 7 October 2012

‘I’ve been thinking about platform business model a lot this weekend…if we make it so devs can generate revenue for us in different ways, then it makes it more acceptable for us to charge them quite a bit more for using platform. The basic idea is that any other revenue you generate for us earns you a credit towards whatever fees you own us for using plaform. For most developers this would probably cover cost completely. So instead of every paying us directly, they’d just use our payments or ads products. A basic model could be:

Login with Facebook is always free
Pushing content to Facebook is always free
Reading anything, including friends, costs a lot of money. Perhaps on the order of
$0.10/user each year.

For the money that you owe, you can cover it in any of the following ways:
Buys ads from us in neko or another system
Run our ads in your app or website (canvas apps already do this)
Use our payments
Sell your items in our Karma store.
Or if the revenue we get from those doesn’t add up to more that the fees you owe us, then you just pay us the fee directly.’



[tab title=”FB-01389036″]

“applications currently use facebook connect by-in-large in order to (1) get the ‘friend’ graph that enables their service to be compelling, (2) get the publication rights that resolve free distributino for them (3) sometimes for the minor benefit of speeding signup* (though in reality FB converts worse than non-FB signups in many cases now) (4) sometimes for the minor benefit of providing easier login for users, (5) in a very few cases for specfic access to a specific type of Facebook data (photos etc)”

UPSHOT: Right now I believe that if you asked an application to implement Facebook connect but didn’t give them the friend graph, publication rights in the same dialog, etc/ people would have no reason for implementing it at all.
“There is no direct value for implementing Facebook Connect”



Why it Matters

We expect the documents to spark continued regulatory and legislative scrutiny of Facebook in the U.S. and the U.K., as lawmakers react to discrepancies between leaked documents and  Facebook’s previous public statements. Areas of expected focus include whether proper consumer consent was obtained for post-2015 “whitelist” data sharing, and the potential antitrust implications Facebook’s targeting of competitor data access.

For companies with business models reliant on Facebook user data, these revelations should serve as further reinforcement of the idea that data access can be revoked at a moment’s notice. Facebook’s leadership is strongly aware of the value of their data to external developers and has not hesitated to leverage this position of power to extract business concessions.


Don’t miss KNOW 2019, the industry-leading conference on identity, trust, and the data economy. This year’s content includes dedicated panels on trust and safety and how proper identity programs can create safer trusted online ecosystems.