Meta's new "Twitter killer" app Threads is the latest social media platform to burst onto the scene and is taking the industry by storm, with over 100 million users signing up less than a week after it launched.
But experts are warning of potential privacy concerns, particularly in the way Meta handles the data it collects from users when they subscribe to the new service. This includes sharing it with other platforms, including ones that may not have as strict data privacy protections, or that could even have servers in China, reports Fox Business.
Buried in the terms of service is a pledge to soon make Threads part of the "fediverse" – a decentralized network of servers that allows member social networks, like Mastodon, to communicate with each other. For example, a Threads user would be able to interact with a Mastodon user seamlessly, despite being on different platforms.
The upside is an online network that can be used without ever creating a profile or sharing personal data. The downside is Threads users with a public profile have already signed away that access.
Once the app is a part of the fediverse, Meta says: "Please be aware that you are directing us to deliver your information to services not controlled by Meta… Information sent to Third Party Services is no longer in Meta's control and is subject to the terms and policies of those Third Party Services."
The terms of service are predictably vague on what data gets shared, carefully worded to allow the most flexibility and protect Meta from liability. And once the data is out there, users may have no recourse.
"Do I have the ability to ever delete that data and wrestle control of my personally identifiable information back from those services?" asked Phillip Shoemaker, CEO of Identity.com and a former Apple executive. "I think the answer is no. Once it's out there, the cat is out of the bag and there's not much you can do about it."
Some companies storing user data may not be widely known and could have servers outside the US TikTok, for example, is under scrutiny for storing American user data in China. Industry experts worry Threads sharing data through the fediverse could pose the same challenge.
"A company could store data on servers in China or Russia, where these governments have complete control and access to that data," Shoemaker said. "That's a problem because we will start seeing government entities using this as a way to monitor their citizens and citizens from other countries."
One suggestion is for platforms to commit to certain standards, so users are not left vulnerable.
Shoemaker argues that "these companies need a set of guidelines on what they do with the data, what guarantees there are and what they're going to do with the records."
Meta did not respond to FOX Business' inquiry about whether it plans to vet platforms it shares user data with or ensure they do not have servers in countries like China.
How Threads' privacy policy compares to Twitter and others
Privacy advocates and security researchers have noted that Threads already collects more personal data than many other social media apps; a wide variety of it could be considered invasive, and is also not at all necessary for the app's function.
Threads (Android, Apple) potentially collects a wide assortment of personal data that remains connected to you, based on the information available in Apple's App Store, from your purchase history and physical address to your browsing history and health information.
“Sensitive information” is also listed as a type of data collected by the Threads app. Some information this could include is your race, sexual orientation, pregnancy status, and religion as well as your biometric data.
Threads falls under the larger privacy policy covering Meta's other social media platforms. There's one caveat, though. The app has a supplemental privacy policy that's also worth reading.
A noteworthy detail from this document is that while you're able to deactivate your Threads account whenever, you must delete your Instagram if you fully want to delete your Threads account.
Do you have the Facebook or Instagram app on your phone? Keep in mind that this data collection by Meta is comparable to the data those apps collect about you.
For Android users, the Google Play Store doesn't require you to hand over the same amount of extensive data to try out Threads. You have more control than Apple users, since you can granularly toggle what personal data is shared with apps.
It may seem like Threads collects a ton of personal data (because it does.) Twitter (Android, Apple) keeps plenty of data that's linked to users and used to track you, like your purchase history and browsing history.
With that in mind, the app does not list “sensitive information” as one of the disclosed categories of data collection.
Instagram already has a checkered history in terms of sharing user data with Facebook (and its web-spanning advertising network), something that has been at the center of privacy concerns for over a decade now.
When Facebook acquired Instagram in 2012, the company initially made assurances that existing users would not have data shared with Mark Zuckerberg's social media empire.
Facebook wasted little time in reneging on this offer, beginning compulsory data sharing between the two apps in 2012. The scope of this gradually expanded over the years, culminating in the formal back-end merger of Facebook Messenger and Instagram in 2020.
The privacy concerns about Threads are thus based in recent company history, and it appears users will not have much of an option in keeping their personal data from use of the app out of the Facebook advertising monolith.
Nor will they be able to effectively separate family and friends on the two different apps, at least not without creating a “burner” Instagram account.
While the Threads party has already started in some 100 countries, the app's debut is on indefinite hold in the EU due to privacy concerns. Meta is currently weathering legal difficulty on multiple fronts in the region, all of which could continue to hold up the rollout.
The EU has other landmines waiting for Threads.
The most immediate reason for the pause to the regional rollout is likely the scope of sensitive information it insists on collecting, which falls into a special protected category under the GDPR terms.
Meta previously claimed a “legitimate interest” exception to these rules to collect such data without notifying the user, which was recently struck down in court.
The app would either have to pare back the data it collects in the EU to assuage privacy concerns, or give up on Europe.
And the EU is not the only place where privacy concerns are bringing regulatory scrutiny.
Threads is not safe in the US, where Meta is still under a consent decree first issued by the FTC in 2012 that forbids “unfair or deceptive” practices as regards handling user personal information.
It is possible that the forced linking of Instagram and Threads accounts could violate this decree if the FTC determines that users of either service have lost adequate control of the privacy of their data or have to go through onerous extra steps to ensure it is secured.