by Dave Moore, CISSP
07/23/2023
“It sees you when you’re sleeping. It knows when you’re awake. It knows when you’ve been good or bad, so be good for goodness sake.”
Those lyrics adapted from “Santa Claus is coming to town” are easily applied to Twitter wannabe “Threads,” the new social media app launched recently by Meta.
Many people don’t put two and two together, though, when they hear the word, “Meta.” They didn’t get the memo that, in 2021, after scathing criticism over privacy violations and possible national election tampering, plus a $5 billion fine from the U.S. Federal Trade Commission and a $1.3 billion fine by the European Union, Facebook changed its name to Meta. It then took most of Facebook’s core functions and moved them to a new company they named… Facebook. Got it? Just remember, when you hear about a company named Meta, think Facebook.
So, Meta/Facebook recently used its photo/video sharing service named Instagram to launch a new text-based conversation app named Threads, ostensibly so Meta/Facebook owner Mark Zuckerberg can compete directly with the wildly popular Twitter messaging app, and its new owner, Elon Musk.
Both Twitter and Facebook have dirty hands when it comes to privacy fines and government penalties, as do most of the giant tech companies. Facebook, however, rules the roost with its status as Number One Privacy Violator, with $6.3 billion in fines compared to Twitter’s relatively paltry $150 million.
What better way to avoid public scrutiny and criticism than to start new companies with new names? Hence, Meta and Threads.
Sadly, Threads has no encouraging differences in its privacy policies and the way it handles personal information that makes it any better than Facebook or Twitter. If anything, it’s worse.
CTV News notes that Threads policies include the ability to “…collect, and link to your identity, data including your health and fitness, financial, browsing history, location and contact information, along with the broad category of “sensitive information.” BNN Bloomberg quotes banking executive Claudette McGowan as saying, “This is a hacker’s dream.”
What makes Threads a “hackers dream” is that, by gathering so much sensitive private data into one place, Threads has flown a big “come and hack it” red flag that attracts criminals who regularly use such information to power identity theft, ransomware and other lucrative attacks.
The story that is emerging is not pretty: Threads is much worse at hoarding personally invasive and potentially dangerous private information than most of its competitors. Scott Ikeda, in CPO Magazine, reports grave concerns regarding ” …the app’s ability to log browsing history, search history, physical geolocation, employment, union membership, health status, race and ethnicity, sexual orientation and more under the app’s current expansive data collection terms.”
The caveat with Threads is serious, but not new. If you are going to use any social media app, be it Threads, Facebook, Twitter, etc., don’t regard anything you’ve said or done as “private.” You’ve got to lock down what privacy settings you have available to you, and, more importantly, stop putting personal information out there for all the world to see. Mark September 20 on your calendar, come to the Norman Public Library at 6:30pm to take my Internet safety class, “Fight the Internet Bad Guys and Win!” You’ll be glad you did.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org