Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on November 1, 2017

No, Facebook employees aren’t reading your private Google Docs files


No, Facebook employees aren’t reading your private Google Docs files

The age-old conspiracy that Facebook is somehow secretly spying on its users is catching a second wind (colloquially speaking, though the number is probably much higher in reality) this week.

Only days after company representatives had to go on the record to dispel any rumors that the social media titan has covertly taken over users’ microphones to listen in and use this data to target them with ads more efficiently, there is already a new Facebook mystery circulating the web.

The latest paranoia-infused theory speculates that company employees are quietly reading through the private Google Docs files you share with friends via Messenger. But before I dig further into the matter, let me put this out there: No, Facebook reps probably aren’t checking your files – but its bots sure are.

Earlier today, a concerned user took to Reddit to share an unusual experience he had on Facebook. “I made a crypto portfolio spreadsheet and decided to share it with my brother, whom I’ve been Facebook friends with for [over 10] years and we share links all the time,” the post read.

But when the Redditor hit the send button, he was immediately welcomed with an error warning. Highlighted in red, the message read, “Sorry, this feature isn’t available right now.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

He went to make several more attempts to transfer the file, but to no avail. After doing some Googling, the Redditor found out that he was most likely “caught in the spam filter.”

This, in his own words, meant he had somehow triggered Facebook’s security measures and would have to endure a specific “time limit before [he] could send any links.” The other alternative, he continued speculating, was that “the link that got caught in the spam filter was sent to Facebook ’employees’ for them to manually approve it.”

Now, it is important to point out that this ‘explanation’ came from another Facebook user, and not the company itself. So while it might be partially true, it would be a safe play to take it with a grain of salt. Unfortunately, this isn’t how the Redditor in question interpreted the situation.

After a couple more botched attempts to share the file via Messenger, the user headed back to Docs only to stumble upon a highly suspicious activity: There were “TWO anonymous users browsing [the] sheet.” What made this even more unusual was that the file was viewable only to users “with the link.”

“I went back and double checked my chat history and none of the messages went through,” the user continued. “[M]y brother hadn’t opened it.”

So who was reading his sheet and how did they access it? Seeking to get to the bottom of this, the Redditor used the internal Google Docs messaging system to ask the anonymous users how they obtained access to the hidden file. But they both left without responding to his line of enquiry.

The situation is admittedly bizarre. But while there are numerous possible explanations, the Redditor brazenly proceeded to sum it up with the following conclusion: “I sent a link to a Google Sheet as a private message to my brother […] and Facebook employees manually checked it out to approve it.”

Pretty spooky stuff… if true. But here is the thing: It probably isn’t.

The post has since gone viral on Reddit, amassing well over 2,000 upvotes and sparking heated debates about the authenticity of the claims among commenters in the Privacy subreddit. The same post also appeared on HackerNews, but – curiously – the response there was not nearly as sensational.

In fact, most users found this anecdote to be a non-story. “If you’ve ever sent a link via Google Chat you would have witnessed the same behavior – before the link is delivered it will often be loaded by a [G]oogle crawler who will check it for malicious content,” one user commented. “I’m sure Facebook does the same.”

Indeed, this is precisely what happens. The reason Facebook runs crawlers on its platform is to improve URLs and offer more information to users about what the link contains. In order to do so, its bots would open a page, scrape all the necessary data, and generate an image and an accompanying card for the URL.

More or less like this:

In all fairness, Facebook did at one point suffer from a vulnerability that could have legitimately exposed privately shared links to practically anybody else using the platform. But the social media giant has since patched this loophole to prevent this from happening.

Quite obviously though, the paranoia still lingers – and not without a reason.

Chances are that anything you do on the platform is being monitored, recorded, and stored on its servers. That is an open secret. But it is extremely unlikely that this is actively being done by actual humans.

Meanwhile, we have contacted Facebook for further clarification and will update this post accordingly if we hear back.

And before I wrap up, let me clue you in to another illuminating revelation: Facebook and Messenger have never been known for safety and privacy. There is a reason privacy-oriented messengers like WhatsApp, Telegram, Signal and co. are thriving.

So next time you find yourself paranoid over Facebook employees possibly spying on you. Do what the rest of the world is doing: Move the conversation to another platform. Case closed.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with