Click here to visit Original posting
Despite using social media platforms every day, we all know that they may be bad for our digital privacy – even if you're using security software like the best VPN apps. But how bad are they, exactly? This is what the team at Incogni, a data removal service provider, set out to discover.
After looking into the top 15 most popular social networks, researchers uncovered stark differences in how these platforms handle our personal data. Unsurprisingly, perhaps, Facebook and LinkedIn came out as the worst when it comes to protecting our privacy. Reddit, Snapchat, and Pinterest (in order) are the platforms representing the lowest risk.
Keep reading as I go through some of the biggest takeaways and some tips to boost your social media privacy.
Social media services have different views on privacy
Researchers assessed the privacy risks for each platform according to five categories. As expected, the data collection and retention category significantly shaped the final privacy ranking (see the graph below), with Meta's Facebook, Messenger, and Instagram getting the worst results.
Another variable researchers looked at was the level of user control and consent. These include privacy settings, default privacy settings, and opt-out or visibility options. Again, some Meta platforms (Messenger and WhatsApp) performed the worst alongside TikTok.
Experts at Incogni were especially surprised not only by how many data points each of these platforms collects and shares with third parties, but also by the number of data points you can't opt out for.
Your data stay up to 180 days after leaving a platform
"The most shocking discovery was how long data is sometimes held after a user decides to delete their account," said again Jasinska-Dias. "In some cases, it might be as long as 6 months."
Among the platforms holding onto your personal information for about 180 days, after clearly expressing the intention to depart from a specific service, are Facebook, Instagram, Messenger, YouTube, and Discord. On the contrary, Telegram retains your data for just a few days after deletion.
This is especially worrisome considering that some of the most invasive platforms (Facebook, X, and LinkedIn) suffered at least two data breach incidents in the past.
Data protection laws aren't enough
While most social media platforms have constructed their business model around harvesting your personal data since the beginning, in recent years many countries have implemented new privacy laws aimed at minimizing data collection and retention. So, are these measures helping at all? Well, according to Incogni, not much.
Experts at Proton, the provider behind ProtonVPN and ProtonMail, found that only after a week into 2024 the likes of Meta, Google, Apple, and Microsoft earned enough to pay off all the fines they got in 2023.
Facebook, for instance, was hit the most by legal fines for breaching the privacy of its users – three from EU bodies and five from other jurisdictions. WhatsApp, another Meta-owned product, was fined five times, while TikTok and X received four fines each. Despite this, the research clearly shows how these platforms remain among the worst for privacy protection.
"Examining the number and amounts of fines imposed on each platform, it’s apparent that they aren’t enough to make platforms change their approach toward how user personal information is handled," Jasinska-Dias told me, adding that, at the moment, there are no regulations that would sufficiently secure users' interest.
She believes the only way for policymakers to limit the extent of personal data collection is to ensure that violating the law isn’t more profitable than complying with it.
How to boost your privacy on social media
As Incogni's research shows, the most popular social media platforms are also the most invasive services around. While privacy-respecting alternatives do exist – think Mastodon, Nostr, and Matrix, for instance – you might not be willing to give up your social media presence on other platforms just yet. It's then crucial to learn how to minimize the data you share.
As a rule of thumb, Jasinska-Dias suggests opting for services that allow registration without using your real details whenever possible. If you cannot do that, you might want to think about creating a dedicated email account instead of giving away your main address. I would refrain from signing up with your phone number if you can, too.
"It’s worth noting that platforms belonging to Google and Meta make managing your privacy more complicated," said Jasinska-Dias. It's vital to keep in mind that these services are integrated into a bigger group and they share your data between them.
I strongly suggest reviewing your privacy settings to make sure you're sharing only strictly necessary information with the social media company.
You should also become more confident with the provider's usage and privacy policies while staying up-to-date with any changes that occur. For example, last week LinkedIn silently began training its AI data with user data. If you haven't done so already, here are some instructions on how you can opt out.