Netflix says it didn’t get access to direct messages of millions of users on Facebook, but a New York Times investigation has uncovered documents that clearly state otherwise. On Tuesday, the Times reported that Facebook gave many companies access to far more of its users personal information than it disclosed, including access to private messages and more.
Included in a lengthy list of companies Facebook let snoop was Netflix, the streaming giant that uses data of what users are watching and talking about to help recommend shows and movies users would like. But Netflix didn’t appreciate being included in the report and actually fired back on Tuesday, denying the contents of the lengthy Times investigation into Facebook security.
Netflix tweeted directly at the Times denying that it snooped on streaming customers who also had a Facebook account, saying it didn’t slide into its customers DMs.
Netflix never asked for, or accessed, anyone's private messages. We're not the type to slide into your DMs.
— Netflix (@netflix) December 19, 2018
There was just one problem: the Times says they most certainly did, and was privy to documents that proved they were, indeed, part of a group of companies who were given access to that information. (NOTE: Please see our update at the bottom of this post.) And much more. Which is why the Times captured an image of that tweet and used it to promote its story on Wednesday, reporting that Netflix had admitted it used information to recommend things on the streaming service.
Netflix said it didn’t have access to Facebook messages, but Facebook documents show Netflix had the ability to do just that. Netflix then acknowledged that it did access personal messages, but only for sending and receiving movie and TV recommendations. https://t.co/d1UjN1nMj3 pic.twitter.com/iixiUa9O8Y
— The New York Times (@nytimes) December 20, 2018
In a separate story that went into further detail about just what companies could do with user data on Facebook, the Times reported that Netflix was given access to user data so they could share and recommend a show on the social platform after they had finished watching it. But also included in that access was plenty of other functions..
To accomplish such sharing, the Netflix application had to be able to send Facebook messages. But Netflix was given the ability not only to send private messages but also to read, write and delete them, and to see all participants on a thread. A Netflix spokesman said the company was not aware it had been granted such broad powers and had used the access only for messages sent by the recommendation feature.
Netflix deactivated the feature about a year after it was introduced, but documents show that the company still had access to users’ messages in 2017.
Netflix wasn’t the only company to get access to users’ information. In fact, the Times investigation pointed out that the New York Times itself was one of nine media companies that got access to users’ information as recently as 2017. Spotify, Amazon, and other companies all got far more information from Facebook than the social network told users. It’s yet another major scandal for the social network in a year where users data was stolen in a security breach and Facebook’s continued negligence in the dissemination of misinformation and Russian political influence has rocked the social media company.
Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.
The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
What Netflix did wrong here in using information it wasn’t supposed to have is obvious. A lot of companies also carry that distinction. But what’s worse is that Netflix denied it had done anything after the fact, then released a statement to the Times saying it actually did what it said it had not done on Twitter. That only make things worse. The lesson here, as always, is that not everything you read on Twitter is true. And maybe the privacy we assume to have online simply isn’t there like we’d hope.
UPDATE — A Netflix spokesperson has issued the following statement:
“Over the years we have tried various ways to make Netflix more social. One example of this was a feature we launched in 2014 that enabled members to recommend TV shows and movies to their Facebook friends via Messenger or Netflix. It was never that popular so we shut the feature down in 2015. At no time did we access people’s private messages on Facebook, or ask for the ability to do so.”
You’ll see the original NYT article now includes Netflix’s point of view here: A spokesman for Netflix said Wednesday that it had used the access only to enable customers to recommend TV shows and movies to their friends. “Beyond these recommendations, we never accessed anyone’s personal messages and would never do that,” he said.