News & Trends

Is Threads a “threat” to users’ privacy?

CyStack Avatar

Thy Dang

Content Executive @ Marketing Team|September 8, 2023

Launched on 05/07/2023, Threads immediately became a “fever” with million registrations within the first few hours. However, Threads requiring access and collecting information from users, including sensitive items such as Health & Fitness or Search History have caused a stir in the cyber community.

What is Threads?

Threads is an online social network owned by the company Meta Platforms – which operates other popular social networks such as Facebook, Instagram and WhatsApp. Users can search and download apps at the iOS and Google Play stores on mobile devices.

The way Threads works is similar to Twitter. Users can upload and share images, text of no more than 500 characters, and videos up to 5 minutes in length. In addition, users can interact back and forth by replying, retweeting, quoting and liking posts on the platform. The special thing is that users are required to use Instagram to register for Threads. And they will “stick” together, once you delete the account of this platform, the remaining linked accounts will also be deleted.

About Threads privacy policy

After its launch, Threads immediately became a hot topic of discussion around the world. Besides receiving a huge number of users – 2 million registrations in the first 2 hours, Threads attracted the attention of the public because of its unavailability on the App Store and Google Play platforms in Europe due to non-compliance with the European Union’s General Data Protection Regulation (GDPR). [1]

Threads makes users concerned about the “privacy” of the app when it comes to requesting access to users’ personal information. Specifically, Threads requests to collect 14 different items of user information in the Data Linked to You category, including Health & Fitness, Financial Info, Contact Info, User Content, Browsing History, Usage Data, Diagnostics, Purchasing, Location, Contacts, Search History, Identifiers, Sensitive Info and Other Data.

List of user data that Threads request to access and collect

However, if you search for Meta’s two “brothers” applications, Facebook and Instagram, it is easy to see that these two platforms also collect the same amount of data as Threads. only when Threads emerged as a trend did the public notice this “unusual behavior” and began to question why Meta needed to collect so much sensitive information.

Although Apple does mention “Privacy practices information is not verified by Apple”, the amount of data listed on the list is enough to raise concern, especially when Meta had and is having a lot of legal problems with GDPR compliance in Europe.

For Threads, Meta provides additional terms in the Threads Additional Terms of Use and Privacy Policy. These addendums are intended to clarify interactions with third-party services. However, the main data issues still lie in the Privacy Policy. Through the section Why and how we process your information, it can be seen that a large number of different data types are fully utilized by Meta. [2][3]

Meta scandals in the past

This is not the first time Meta has faced criticism from users. Meta has many times leaked data, causing waves of outrage in the technology world.

Only in 2023, Meta was twice entangled in controversies surrounding the leaking of user data to third parties. In May, Meta received a record fine of up to $ 1.3 billion for transferring user data from the EU to the US for analysis. In January, Meta was fined $410 million for running analytics-based ads on Facebook and Instagram, which violated the GDPR.

In 2021, Facebook exposed the personal information of 553 million accounts from 106 countries, including phone numbers, Facebook IDs, full names, addresses, dates of birth, biographies and in some cases emails. In 2018, Facebook faced a scandal when it allowed the data of 87 million users to be illegally accessed and used by Cambridge Analytica. What is more surprising is that Cambridge Analytica did not violate Facebook’s policy in collecting information from users around the world.

Comparison between products in Meta

Compared to Meta’s predecessor products such as Facebook and Instagram, it can be seen that Threads’ list of collected and used data has absolutely no Usage Data category to track users via other companies’ apps and websites (Data Used to Track You). This is quite absurd, as users can only log into Threads with an Instagram account. And in the process of trying to catch requests from the application, it can be seen that Threads mainly calls the API endpoints at i.instagram.com. Therefore, that it is highly likely that contact information (including Physical Address), device identifiers and other data types are also used by Threads for this purpose.

With this design, users will not have the right to withdraw once they have used this application. When they want to wipe all their data or accounts, they are forced to delete their Instagram account. This violates the GDPR under Privacy Rights. Moreover, the processing time of freezing user data before permanent deletion is relatively long, and during that time Meta still has the right to use user data.

In addition, in the process of using and tracking requests sent from Threads, this application sends a lot of information about the device and user in the headers and body content. This information includes the user ID at the Meta system, IP (even internal IP), user behavior at the device along with a lot of other unknown headers. When this information is removed, the server side still returns the response to the corresponding function normally.

Comparison to Twitter

Meanwhile, “rival” Twitter lists relatively clearly and concisely the scope of usage data. The real identity and phone number of users are much more restricted to use than Threads as well as applications. other uses of Meta Sensitive data are not collected and used by Twitter.

List of user data that Twitter request to access and collect

Advice for users

If you want to experience Threads, create a brand new Instagram account and do not have any links to old accounts on the Meta platform. This will limit Meta’s ability to collect sensitive data as well as ensure certain safety for personal information in old accounts.

If you are a loyal user of Meta, refrain from providing additional information and using Meta’s services.

Besides, you should choose social networks and applications with transparent user data privacy policies. This is shown through the App Privacy section at the bottom of the App Store platform, and similarly with Google Play.

The Locker Password Manager application does not collect any user data

Conclusion

While Apple’s App Privacy is for reference only, Threads can be hard to trust in privacy-related matters. The application lists too many types of user data used compared to the functionality. In addition to the past scandals, Threads in particular and Meta in general are losing trust of users in data management and security. Therefore, Threads needs to clarify the above and soon have a new account management mechanism to be able to pass the GDPR.

References

[1] Natasha Lomas (2023). Meta’s Threads app is a privacy nightmare that won’t launch in EU yet, from <https://techcrunch.com/2023/07/05/threads-no-eu-launch/>

[2] Armani Syed (2023). Why Twitter Rival Threads Isn’t Available in the E.U, from <https://time.com/6292586/privacy-concerns-threads-meta/>

[3] Reece Rogers (2023). How Threads’ Privacy Policy Compares to Twitter’s (and Its Rivals’), from <https://www.wired.com/story/meta-twitter-threads-bluesky-spill-hive-mastodon-privacy-comparison/>

Bài viết liên quan

Ransomware là gì? Cách Phòng chống Mã Độc Tống Tiền
Ransomware là gì? Cách Phòng chống Mã Độc Tống Tiền
28/03/2024|News & Trends

Ransomware là một loại phần mềm độc hại có mục đích tống tiền người dùng bằng cách xâm nhập vào máy tính và thao túng dữ liệu của nạn nhân. Trong những năm gần đây, không phải virus, mà chính ransomware mới là mối đe dọa đối với các tổ chức, doanh nghiệp. Các quản …

Nghị định 13/2023/NĐ-CP về bảo vệ dữ liệu cá nhân có gì mới?
Nghị định 13/2023/NĐ-CP về bảo vệ dữ liệu cá nhân có gì mới?
13/11/2023|News & Trends

Nghị định 13/2023/NĐ-CP về Bảo vệ dữ liệu cá nhân, hay Nghị định 13, do Chính phủ Việt Nam ban hành đã chính thức có hiệu lực kể từ ngày 01/07/2023 với một số điểm mới nổi bật đáng chú ý dành cho doanh nghiệp. Tổng quan về Nghị định 13 Sau hơn 02 năm kể …

Bảo mật thương mại điện tử: Giải pháp cho doanh nghiệp Việt
Bảo mật thương mại điện tử: Giải pháp cho doanh nghiệp Việt
27/09/2023|News & Trends

Trong những năm gần đây, Thương Mại Điện Tử tại Việt Nam chứng kiến sự phát triển vượt bậc với các tên tuổi lớn như Tiki, Shopee, Lazada, Sendo, Vntrip, hay Luxstay. Bên cạnh tiềm năng phát triển, vẫn tồn tại những thách thức và rủi ro kìm hãm sự bứt phá của các doanh …