Instagram's 'preferred marketing partner' tracked location of millions
Even after scandals like Cambridge Analytica and a massive FTC fine, Facebook's privacy woes aren't coming to a halt. The company recently connected kids with strangers on Messenger, and now, a Business Insider report has revealed that one of Instagram's "preferred marketing partners" dodged the photo-sharing site's rules and tracked location and other data of millions. Here's all about the case.
Hyp3r developed tool to scrape location data
Following the Cambridge Analytica debacle, Facebook strengthened the privacy policy of all its products to keep developers from mining location from public posts and other sensitive data. However, according to BI, San Francisco-based marketing firm Hyp3r circumvented these restrictions. The company reverse-engineered a framework to exploit an Instagram security lapse and geofence specific locations and harvest every public post tagged with them automatically.
Then, they built detailed profiles with location, public Stories
Hyp3r's tool created a humongous database of locations - bars, restaurants, airports, fitness clubs - and scraped the posts tagged with them. These photos were automatically saved into the company's system, along with all publicly available information about the poster, like their profile picture, bio, number of followers. This way, it created detailed user profiles featuring information about their interests and places frequently visited.
Plus, Hyp3r even saved public Stories
Along with location-specific public posts, Hyp3r also mined photo/video Stories shared by users as well as the metadata associated with it. Stories are supposed to disappear after 24 hours, but the company's tool saved them indefinitely, contributing to the profiles being built. Now, this is a clear breach of Instagram's rules as the social network doesn't offer Stories, not even through its developer framework.
Instagram has taken action against Hyp3r
Despite recognizing Hyp3r as a trusted ad partner, Instagram noted the violations of automated data and Story scaping and pulled the company from its ad platform. "HYP3R's actions were not sanctioned and violate our policies," an Instagram spokesperson said, adding that they have "also made a product change that should help prevent other companies from scraping public location pages in this way."
Meanwhile, Hyp3r denies wrongdoing on its part
In response to the case, Hyp3r CEO Carlos Garcia said, their company "enables authentic, delightful marketing that is compliant with consumer privacy regulations and social network Terms of Services. We do not view any content or information that cannot be accessed publicly by everyone online."
