Is Threads a “threat” to users’ privacy?
Thy Dang
Launched on 05/07/2023, Threads immediately became a “fever” with million registrations within the first few hours. However, Threads requiring access and collecting information from users, including sensitive items such as Health & Fitness or Search History have caused a stir in the cyber community.
What is Threads?
Threads is an online social network owned by the company Meta Platforms – which operates other popular social networks such as Facebook, Instagram and WhatsApp. Users can search and download apps at the iOS and Google Play stores on mobile devices.
The way Threads works is similar to Twitter. Users can upload and share images, text of no more than 500 characters, and videos up to 5 minutes in length. In addition, users can interact back and forth by replying, retweeting, quoting and liking posts on the platform. The special thing is that users are required to use Instagram to register for Threads. And they will “stick” together, once you delete the account of this platform, the remaining linked accounts will also be deleted.
About Threads privacy policy
After its launch, Threads immediately became a hot topic of discussion around the world. Besides receiving a huge number of users – 2 million registrations in the first 2 hours, Threads attracted the attention of the public because of its unavailability on the App Store and Google Play platforms in Europe due to non-compliance with the European Union’s General Data Protection Regulation (GDPR). [1]
Threads makes users concerned about the “privacy” of the app when it comes to requesting access to users’ personal information. Specifically, Threads requests to collect 14 different items of user information in the Data Linked to You category, including Health & Fitness, Financial Info, Contact Info, User Content, Browsing History, Usage Data, Diagnostics, Purchasing, Location, Contacts, Search History, Identifiers, Sensitive Info and Other Data.
However, if you search for Meta’s two “brothers” applications, Facebook and Instagram, it is easy to see that these two platforms also collect the same amount of data as Threads. only when Threads emerged as a trend did the public notice this “unusual behavior” and began to question why Meta needed to collect so much sensitive information.
Although Apple does mention “Privacy practices information is not verified by Apple”, the amount of data listed on the list is enough to raise concern, especially when Meta had and is having a lot of legal problems with GDPR compliance in Europe.
For Threads, Meta provides additional terms in the Threads Additional Terms of Use and Privacy Policy. These addendums are intended to clarify interactions with third-party services. However, the main data issues still lie in the Privacy Policy. Through the section Why and how we process your information, it can be seen that a large number of different data types are fully utilized by Meta. [2][3]
Meta scandals in the past
This is not the first time Meta has faced criticism from users. Meta has many times leaked data, causing waves of outrage in the technology world.
Only in 2023, Meta was twice entangled in controversies surrounding the leaking of user data to third parties. In May, Meta received a record fine of up to $ 1.3 billion for transferring user data from the EU to the US for analysis. In January, Meta was fined $410 million for running analytics-based ads on Facebook and Instagram, which violated the GDPR.
In 2021, Facebook exposed the personal information of 553 million accounts from 106 countries, including phone numbers, Facebook IDs, full names, addresses, dates of birth, biographies and in some cases emails. In 2018, Facebook faced a scandal when it allowed the data of 87 million users to be illegally accessed and used by Cambridge Analytica. What is more surprising is that Cambridge Analytica did not violate Facebook’s policy in collecting information from users around the world.
Comparison between products in Meta
Compared to Meta’s predecessor products such as Facebook and Instagram, it can be seen that Threads’ list of collected and used data has absolutely no Usage Data category to track users via other companies’ apps and websites (Data Used to Track You). This is quite absurd, as users can only log into Threads with an Instagram account. And in the process of trying to catch requests from the application, it can be seen that Threads mainly calls the API endpoints at i.instagram.com. Therefore, that it is highly likely that contact information (including Physical Address), device identifiers and other data types are also used by Threads for this purpose.
With this design, users will not have the right to withdraw once they have used this application. When they want to wipe all their data or accounts, they are forced to delete their Instagram account. This violates the GDPR under Privacy Rights. Moreover, the processing time of freezing user data before permanent deletion is relatively long, and during that time Meta still has the right to use user data.
In addition, in the process of using and tracking requests sent from Threads, this application sends a lot of information about the device and user in the headers and body content. This information includes the user ID at the Meta system, IP (even internal IP), user behavior at the device along with a lot of other unknown headers. When this information is removed, the server side still returns the response to the corresponding function normally.
Comparison to Twitter
Meanwhile, “rival” Twitter lists relatively clearly and concisely the scope of usage data. The real identity and phone number of users are much more restricted to use than Threads as well as applications. other uses of Meta Sensitive data are not collected and used by Twitter.
Advice for users
If you want to experience Threads, create a brand new Instagram account and do not have any links to old accounts on the Meta platform. This will limit Meta’s ability to collect sensitive data as well as ensure certain safety for personal information in old accounts.
If you are a loyal user of Meta, refrain from providing additional information and using Meta’s services.
Besides, you should choose social networks and applications with transparent user data privacy policies. This is shown through the App Privacy section at the bottom of the App Store platform, and similarly with Google Play.
Conclusion
While Apple’s App Privacy is for reference only, Threads can be hard to trust in privacy-related matters. The application lists too many types of user data used compared to the functionality. In addition to the past scandals, Threads in particular and Meta in general are losing trust of users in data management and security. Therefore, Threads needs to clarify the above and soon have a new account management mechanism to be able to pass the GDPR.
References
[1] Natasha Lomas (2023). Meta’s Threads app is a privacy nightmare that won’t launch in EU yet, from <https://techcrunch.com/2023/07/05/threads-no-eu-launch/>
[2] Armani Syed (2023). Why Twitter Rival Threads Isn’t Available in the E.U, from <https://time.com/6292586/privacy-concerns-threads-meta/>
[3] Reece Rogers (2023). How Threads’ Privacy Policy Compares to Twitter’s (and Its Rivals’), from <https://www.wired.com/story/meta-twitter-threads-bluesky-spill-hive-mastodon-privacy-comparison/>
