Cancel Icon Table of Contents

In-Depth Analysis of Social Media Privacy Policies

Dive into our comprehensive exploration of social media privacy policies. Our in-depth analysis breaks down and scrutinizes the privacy policies of key platforms including Threads, Twitter, LinkedIn, Meta, and Mastodon. We’ve worked tirelessly to dissect and understand these policies, providing you with a clear, concise overview and comparison. Discover the critical similarities and differences as we shed light on the often opaque world of social media data privacy.

Introduction

We have spent several hours delving into the privacy policies of TikTok, LinkedIn, Twitter, Instagram (meta), and Mastodon. I must express my concerns about the significant disparity between what these platforms claim in their privacy policies and the actual practices they employ. It raises suspicions that the privacy policies of these tech giants are excessively embellished.

Regarding the sensations experienced, it further reinforces the notion that a considerable gap exists between what they claim to do and what they actually execute. Having read these policies, I feel like ‘the fool in the town.’ Everyone is doing as they please with our data.

Furthermore, it is important to note that the individual who conducted this study is not a lawyer. Consequently, this document does not constitute legal advice or hold any legal value. It is intended for informational purposes only. Any actions taken based on the information provided in this document should be done with the understanding that it is not a substitute for professional legal consultation.

Methodology

Our methodology for creating this white paper involved a rigorous and detailed reading of the privacy policies of TikTok, Meta, LinkedIn, and Mastodon. After thoroughly reviewing each policy, we proceeded to categorize each point these policies are based on. This allowed us to create a comprehensive framework encompassing the key aspects defining a platform’s privacy approach.

Subsequently, we assigned scores to each social media platform based on their shared data. The scoring system was meticulously designed to offer a clear, quantitative comparison across platforms. This process provided us with in-depth insights into how these platforms manage and handle user data and how much they prioritize privacy.

The result is a comprehensive, comparative analysis that allows us to compare and contrast the privacy policies of these major social media platforms. We believe this will be an invaluable resource for those interested in understanding social media’s current data privacy landscape.

Privacy Policy comparison table

In the following tables, you’ll find some points left ‘blank.’ This indicates that we were not able to find explicit information on that particular aspect in the respective privacy policy. In most cases, we believe it likely applies, but without certainty, we prefer to mark it as such. We’ve taken this approach to ensure our analysis remains as accurate and transparent as possible.

Links:

Meta’s Threads Privacy Policy

We want to give special mention to Meta’s Threads. The privacy policy for Threads is a supplement to Meta’s overarching privacy policy. After a thorough analysis and careful reading, we have not found any points where Threads diverges from, in this case, Instagram. However, rumors and comments circulating on social media suggest that it may handle highly personal data, such as health-related user information stored on the user’s device. It’s important to note that these are, as yet, unconfirmed and stem largely from speculation rather than stated policy.

Information users provide to the Social Networks

As you can see, all companies use the same data that we have provided. The main issue is what they do with that data. Do they apply predictive algorithms to our data? That would be interesting and necessary for them to share at some point. We know what data you store. Now I want to know how it is being processed.

Please note that all the information listed in this table represents data that we ourselves upload when creating our accounts on the respective social media platforms. Access to our contacts is only possible if we provide it. Therefore, it is important to emphasize that we are responsible for our privacy, as well as for the privacy of our contacts. We have the power to control what information we share, which is a crucial aspect of maintaining our digital privacy.

In other words, the moment we store data from our friends, colleagues, or family members on our phones, we become responsible for safeguarding that data. Just as we wouldn’t freely share our family’s phone numbers with everyone, we should think twice before sharing them with social media platforms. Remember, privacy matters, and it is our responsibility to protect not only our own personal data but also that of our contacts.

Information that Social Network catch automatically

Information that other providers like Advertisers’ websites, send to Social Networks

We particularly emphasize here the advertisers on social media.

If advertisers embed tracking or conversion pixels on their websites, they send user information to social networks. So, every time users visit an advertiser’s website, it is highly likely that they are sending information to social networks.

This happens when we accept cookies. When we accept cookies, we accept the cookies of the website we visit, but also from platforms like Google Ads, Twitter Ads, LinkedIn Ads, TikTok Ads, etc. Through these cookies, this is how advertisers communicate with social networks.

Why do platforms like TikTok or Instagram need data about our battery status, whether full or empty or how much storage space we have on our phones? The most concerning aspect, however, is that these platforms analyze the content we upload. They scrutinize who appears in our photos or videos, what we say, how we say it, whether we seem happy if we have an old TV, or fashionable or black clothes… they process everything because technology allows it. In the past, they ‘only’ stored and did what they could with our data. Nowadays, algorithms can process vast amounts of data and create highly precise and sophisticated profiles of who we are and what we aspire to be and have.

Amazon was already working with predictive algorithms back in 1999. They could predict what books we would buy next and offer them to us. This was almost 25 years ago and with comparatively rudimentary technology. Just imagine what they can do now.

How does the Social Networks use our information?

Obviously, they all use our data to improve their platform and enhance our experience. As we said at the beginning, enhancing our experience means investing more hours on social media, giving them more opportunities to impact us.

On the other hand, improving the platform, in addition to technical improvements, clearly means improving their bank account and that of advertisers, thanks to our data. The better they profile us, the more they can sell to us and, even worse, manipulate us.

How does the Social Networks share our information?

Do these platforms monetize our data?

Now, the question arises: Do these platforms monetize our data? Undoubtedly, they do. Social networks sustain themselves through two primary means: user payments and revenue generated from advertisers seeking to reach their users.

Except for Mastodon, all these platforms operate on an advertising-based business model. Twitter has even introduced Twitter Blue, charging public institutions over €1000 per month! Consequently, the more users spend time on the platform, the more excellent the opportunity for the platform to display advertisements.

How do they utilize our data?

The platforms employ our data in two distinct ways, depending on the perspective: User and Advertiser.

From the user perspective, the objective is to keep users engaged on the platform for as long as possible by presenting personalized content. From the advertiser’s perspective, the aim is to run profitable campaigns by leveraging user data to target individuals with a high likelihood of making a purchase.

To summarize schematically:

User0 > Content > Algorithm > Displays user0’s content to other ‘like-minded’ users.
User0 > Content > Algorithm > Displays advertisements ‘aligned’ with user0’s interests to user0 and other ‘like-minded’ users.

Everything revolves around algorithms!

And precisely therein lies the concern. While much is said about data collection and how it will be treated—which is indeed crucial—very little, if anything, is mentioned about the concrete utilization of that data.

The specific uses mentioned in the platforms’ privacy policies include improving the website, offering more relevant content, aiding targeted advertising, and fulfilling security, research, and legal requirements.

How these platforms handle data

Now let’s discuss how they handle data: Platforms acquire our data through two different complementary methods: A) We willingly provide it to them. B) Others provide it to them.

Under ‘We willingly provide it to them,’ all platforms fall, including Mastodon:

  • Username
  • Email
  • Password
  • Text we write
  • Videos, audio, and images we upload
  • IP address

Furthermore, among the additional data we unknowingly share with them, all platforms except Mastodon utilize:

  • Device brand and model
  • Available disk space
  • The signal strength of the connection
  • Installed plugins
  • Installed apps
  • Location
  • Metadata
  • Bluetooth
  • Wi-Fi connections
 

Consequently, the platforms possess information about us, such as the frequency of our visits to their platforms, what we consume, with whom we interact, our location, the type of device we have, and whether we make intensive use of it.

Additionally, it is worth noting that while using social media platforms with their respective apps, once you click on a link and visit a website, the apps of these platforms continue to track your behavior within those websites, further enriching your profile. They know your purchases and your interest level in different products.

Hence, it is not only the information we voluntarily and knowingly provide while using social networks that they possess; they also track our activities beyond their platforms when we use their respective apps.

The data that others provide to Social Networks

Now, let’s discuss data that others provide to them:

If the previous revelations were already concerning, the situation now becomes even more complicated. Let us focus on advertisers. Advertisers invest in social media platforms for advertising purposes. The primary objective of an online marketing specialist is to make the allocated budget profitable. To achieve this, they need to measure the effectiveness of their campaigns, i.e., whether their investments result in conversions and sales.

How does the marketing department determine the profitability of their campaigns?

Through the use of cookies. When marketing runs a campaign on Instagram, for instance, and a user views it, clicks on it, and subsequently makes a purchase, marketing can attribute that sale to the Instagram platform through cookies. At the end of the month, they compare.

  • The advertising budget invested in Instagram (A)
  • The sales generated from the traffic that visited them from Instagram (B)

If (A) > (B), the campaign is profitable, and they may decide to maintain or increase their investment.
The information collected by these cookies from websites that use them is then shared back with social media platforms. This allows the platforms to enrich user profiles further, gathering more data about us.
The most alarming fact is that this information flows back to social networks without us having viewed or clicked on that particular advertisement.

Allow me to share a personal and real-life example:

  • I wanted to test the validity of these claims, so I did the following:
  • I searched for ‘minimalist wallets’ on Google.
  • I clicked on two Google Ads results and two organic search results.
  • I noted down the websites I visited.
  • Then, I opened Instagram, and lo and behold!
  • I was shown advertisements from minimalist wallet brands that were not among the four websites I visited.
 

This is highly concerning because every website incorporating tracking codes from social media platforms sends information back to those platforms if we accept cookies!

Therefore, they not only possess the information we voluntarily share while using their platforms, which is already substantial, but they also gather data about our internet activities!

They know everything about us if we conduct most activities on our mobile devices!

Let me illustrate this reality with a hypothetical scenario

Imagine a person named Felipe with a profile on Instagram. Felipe uploads photos reflecting various aspects of his life, such as birthdays, parties with friends and family, watching a tennis match at his home, his pet cat, his engagement with content related to Real Betis football club, attending a crucial business meeting, visiting a renowned company for work purposes, interacting with content from ESADE Business School, liking photos from the Spanish television show El Hormiguero, having recently purchased a OnePlus device, following Macnificos on Instagram, and showing interest in the content of Taylor Swift and Beyoncé.

Based on Felipe’s profile, he is single in his mid-thirties since there are no pictures of a partner, and he has the Tinder app installed on his mobile device. It appears he comes from an Andalusian immigrant family residing in Logroño. Felipe is well-educated, and his work position suggests he is prepared for a higher-paying job. However, he cannot afford the latest iPhone (e.g., iPhone 14 PRO) and recently purchased a OnePlus device. He exhibits a discerning taste in technology but lacks the financial means.

Further analysis of Felipe’s profile would require additional data to determine his political ideology and sexual orientation.

Now, let us consider advertisers. Advertisers gather information about Felipe from various sources. They provide Instagram with data associated with the hashed email address, unsurprisingly corresponding to Felipe:

  • Felipe visits sports news websites.
  • Felipe has not made any purchases related to sports apparel or footwear.
  • Felipe visits general news websites with a “right-leaning” profile.
 

Based on this information, it becomes evident that Felipe leans more toward the political right and does not actively engage in sports activities.

As a marketing director of one of these companies, you must decide whether to display your advertisements to Felipe. Your options include:

  • A school is preparing individuals for civil service exams.
  • Smartphone brands such as OPPO or Xiaomi.
  • A grocery store chain like Mercadona.
  • A department store like El Corte Inglés.
  • A sports brand like Nike.
 

Although the example above is fictitious, it is not far from reality. The statement ‘I have nothing to hide’ should be replaced with ‘I have everything to hide.’

By using these platforms, which allow us to interact with others, we sacrifice our privacy. It is not a matter of ‘security’ but a luxury.

Fortunately, there are privacy-first alternatives. If you have read this far, I am confident that you will consider using them. However, the real challenge lies in convincing our ‘tribe’ to join us on these alternative platforms.

Here is a list of each point covered in the privacy policies of each platform. As you will see, except Mastodon, they all operate similarly. The key lies in how they handle our data, how much they employ AI, and how far they are willing to go with it.

How do they know everything about you?

We give them data about ourselves beyond just our names. We give them our thoughts, likes, physical appearance, purchases, and education. We share images of our homes, families, cars… They know where we live, where we work, how we move, where we go in the evenings, for parties or studying…

Furthermore, they receive information about us from “others.” In other words, if we lead a life “outside of their app,” they still find out about it because advertisers, who want to sell us something, provide them with “anonymous” information about us, about their customers. They continue to gather information that we have yet to give them directly but indirectly by accepting cookies.

Currently, we depend on these companies’ “good faith” to avoid harm in the form of manipulation, politics, social matters, sexuality, habits… It’s a danger!

Tips and Next Steps:

I suggest closing all your social media accounts and using Mastodon exclusively.

However, this may not be a feasible solution.

Let me share what I have been doing for the past few weeks:

  • Uninstalling mobile apps to prevent excessive data collection and unnecessary access to my device. Why do they need to know the battery level?
  • Rejecting all cookies. I achieve this by using the Brave browser, which effectively blocks the cookie consent banners that frequently interrupt browsing experiences.
  • Connecting through web interfaces, despite the slight inconvenience.
  • Exercising caution when sharing content on social media platforms.
  • Using a VPN on mobile devices to safeguard my privacy further.
 

They know everything about us. TODAY, they know everything about us. It’s up to you to decide whether they continue “learning” about you. It’s a matter of privacy but also a matter of intimacy.

Conclusions

They know everything about us. TODAY, they know everything about us; it’s up to you to stop them from “learning” about you. It’s a matter of privacy, but it’s also a matter of intimacy.

How do they know everything about you?

We give and gift them our data: beyond our name, we give them our thoughts, our likes, our physical appearances, our purchases, our studies, images of our house, family, car, etc. Where we live, where we work, how we move, where we go in the afternoon, to party or to study… Moreover, they receive from “others,” meaning, if you live a life “outside their APP”, they also find out because those advertisers who want to sell us stuff give them “anonymous” information about us, their buyers, and they continue to gather the information that we have not given them directly, but indirectly by accepting cookies.

We currently depend on the “good faith” of these companies so that they do not harm us through manipulation, whether political, social, sexual, habit-related, etc. It’s a danger!

In a conversation with a marketer, I said: ‘They’ve made us believe that our privacy is worthless; people argue that they “have nothing to hide”‘, and she quickly replied:

Today, we are in the hands of private companies. It’s up to you to stop it!