Consumer privacy and social media

Looking at the privacy related stories of 2022, it’s not hard to see that much of the focus was on the social media giants. Banning TikTok is slowly becoming a trend among US states. Google and Facebook’s owner Meta was fined on several occasions for amounts that would have put other companies out of business, and Twitter fell victim to a power struggle that made victims left and right.

Social media

The problem for social media users is that there will always be voices telling them it’s their own fault. But is it really? Can you blame users for being unable to stop using apps that have algorithms which are fine-tuned to a tee to keep them hooked. Social media platforms like TikTok are designed to serve you the content you have shown an interest in. The result? According to research, the average American teenager spends 7 hours and 22 minutes on their phone every day.

For many users, social media is a way to stay in touch with people to a level that would be impossible if they have to resort to physical contact or even phonecalls. For others, social media a way of showing the fruits of their creativity. For some, it’s a way of keeping up with current events, some of which is fake news.

It’s easy to tell social media users that they are responsible for providing their personal data themselves. In a breach you can point at the company that was supposed to keep your data safe, but when it comes to social media you are expected to read hundreds of pages of legalese and understand that the platforms will share your data with third parties.

For companies, social media platforms have become invaluable tools in education, marketing and communication. Stop using them and you are giving the advantage to your competition, allowing them to take your place.

Cookies and advertising

Internet giants like Meta (Facebook, Instagram) and Alphabet (Google) depend on advertising. Advertising represented 98% of Facebook’s $86 billion revenue in 2020, and more than 80% of Alphabet’s revenue comes from Google ads, which generated $147 billion in 2020.

Now that awareness, regulation, and tools to control cookies have become mainstream, these advertising moguls have started looking at other ways to capitalize on their user numbers. Google has started experimenting with its FLoC alternative and others have looked at alternatives like TrustPID.

Harvesting data

Social networking companies harvest huge amounts of sensitive data about their users’ activities, interests, personal characteristics, political views, purchasing habits, and online behavior. Although in most cases the data is gathered solely to increase the effectivity of advertising and making it more targeted, the data could be used for far more nefarious reasons if they fall into the wrong hands.

And, let’s face it, the personal data that social media platforms collect and retain are vulnerable to hacking, scraping, and data breaches.


Scraping data by and for advertisers is not the only concern about social media. The Chinese owned TikTok app has been under a lot of scrutiny, and a few US states have officially banned TikTok from state-owned or state-leased smartphones, laptops, and other internet-enabled devices.

Federal Communications Commissioner (FCC) Brendan Carr called for TikTok to be banned in America, months after deeming it an unacceptable security risk, and calling for Apple and Google to completely remove the app from their app stores. FBI Director Christopher Wray expressed deep concerns about China’s influence on US citizens via TikTok.


Yes, there are alternatives for popular social media. With a change of management at Twitter, part of the infosec community migrated to Mastodon, a decentralized platform. But as the Twitter case has demonstrated, migrating to a different platform only appeals to users within certain communities and most companies are waiting to add these new platforms to their outreach potential, let alone migrate from the old and proven to the new and unknown.

Privacy policies

I fear that having easy to find and understand privacy policies might not chase away existing users, but an often-heard complaint is that the privacy policy that is presented to a new user is hard to understand, full of loopholes and exceptions, and often not much more than a long-winded waiver which can be subject to one-sided change at any given moment.


Private information

When it comes to social media, there are three main methods of leaking information.

  • The information you post voluntarily. Everything from which restaurants you visited, to sharing how happy you are about soft drugs getting legalized, can come back to bite you later. More importantly, it provides people and advertisers with information about what kind of person you are.
  • The information your connections share about you. For example, remember how much fun we had together when we went to this event or that location? You can’t stop their sharing, so limit the number of connections to those that will understand if you ask them not to share that kind of information without checking first.
  • The information you provide to the company running the social media service. And not just your birthday, recovery email address, and phone number, but also about your online behavior, your shopping preferences, and which topics you are into.

What all this information has in common is that once it’s out there, it’s impossible to make it disappear. If you share, post, and click with that in the back of your mind, you’re a long way towards responsible use of social media.


It is doubtful whether the countermeasures we have tried so far have made more than a little dent in the money-making machines that are social media companies. Legislation and fines are tackled by some of the best lawyers that money can buy. And as long as the optimized algorithms keep us hooked, users will keep going back and give up their privacy voluntarily.

All we can do is remind users of the dangers, and inform them about methods that are less harmful than giving all their data up for free. 

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.