According to a Business Insider investigation, Instagram has been allowing a San Francisco-based marketing agency, HYP3R, to flout its rules and collect information from millions of users. That includes physical locations, stories, photos, and bios, which were used to create a database of user profiles. In fact, according to HYP3R itself, the marketing firm scrapes as many as one million posts a month.
Instagram, which is owned by Facebook, has largely avoided many of the privacy scandals and scrutiny that have plagued its parent company. This revelation, however, puts that scrutiny in an entirely new light as the company seems to do little to actually enforce privacy protections designed to prevent the sort of behavior.
In Instagram’s defense, it took swift action once it was presented with Business Insider’s reporting, issuing a statement that it had banned HYP3R from its platform, and making a change that would prevent other companies from taking advantage of its API in the same way.
“HYP3R’s actions were not sanctioned and violate our policies. As a result, we’ve removed them from our platform. We’ve also made a product change that should help prevent other companies from scraping public location pages in this way,” the company told Business Insider through a spokesperson.
HYP3R is a “Facebook Marketing Partner,” meaning this isn’t some rogue firm acting outside the lines. It’s one of Instagram’s preferred partners, and though there are policies against this type of behavior, there were apparently no actual limitations on the access the marketing firm had to your private data via the API it created.
In a response to my request for comment, an Instagram spokesperson provided me with the same statement as above and stressed to me that the data scraped by HYP3R was publicly available and that HYP3R wasn’t able to access private user account information.
Despite Instagram’s response, it’s more than a little concerning that there weren’t actual technical protections that would have prevented this kind of activity. And, of course, there’s the fact that this is just one more in a long list of episodes involving a Facebook-owned app and “privacy problem” in the same headline.
In no uncertain terms, we are at the point where Facebook needs an all-hand-on-deck response to what can only be described as a five-alarm fire. Any amount of trust that Facebook still had with its users is burning to the ground. Sure, the company is still profitable, but that’s the problem.
These practices and lack of care with users’ information largely feed that profit engine, leaving the company little incentive to do anything different. Facebook, as a platform, is fundamentally unable to protect its users’ information– because it literally exists to exploit that information.
You could argue that it’s impossible to fully police the activity of the countless number of advertising and marketing partners the company has on its platforms. That may be true, but if it is, then it’s time to shut the whole thing down. Seriously.
Where else is would we say it’s okay to gather a bunch of hens into a hen house, promising them a safe place to hang out, and then invite a bunch of foxes over to come and play? There’s no scenario where that ends well for the hens.
Friends, we are the hens. And while we’ve known for a while that there was something wrong, it turns out it’s a much bigger problem than we thought.
All of this is a reminder, though I’ve written it many times, that trust is your brand’s most valuable asset. What you do to guard that trust, or betray it, makes all the difference in whether or not you get the benefit of the doubt when bad news comes.
And, as a final thought, regardless of the impact on your company’s brand, there’s also a more global principle of “do the right thing.” Do the right thing for your customers, even when it isn’t the most convenient thing for you. Protect their privacy, even when it means sacrificing some easy profits.
Do the hard work of thinking through the implications of your business practices and policies so that you don’t find yourself in a situation where those practices end up in a headline about just another scandal or major problem.
It turns out that “do the right thing,” usually leads to trust anyway.