Be careful, Facebook and Instagram are the worst social media for your privacy
Update: On October 4, 2024, we made some changes when LinkedIn contacted us about some corrections to Incognit’s report. According to the new ranking, LinkedIn is not one of the worst social media in terms of privacy, but ranks ninth out of fifteen social media services tested.
Despite using social media platforms every day, we all know that they can be bad for our digital privacy – even if you use security software like the best VPN apps. But just how bad are they? This is what the team at Incognit, a data erasure service provider, set out to discover.
After looking at the top 15 most popular social networks, researchers found major differences in the way these platforms handle our personal data. It is perhaps not surprising that Facebook and Instagram emerged as the worst when it comes to protecting our privacy. Reddit, Snapchat and Pinterest (in order) are the platforms that represent the lowest risk.
Keep reading as I go through some of the most important tips and tricks to increase your privacy on social media.
Researchers assessed the privacy risks per platform based on five categories. As expected the collection and storage of data category significantly shaped the final privacy ranking (see chart below), with Meta’s Facebook, Messenger, and Instagram achieving the worst results.
Another variable researchers looked at was the level of user control and consent. These include privacy settings, default privacy settings, and opt-out or visibility options. Once again, some meta-platforms (Messenger and WhatsApp) performed the worst besides TikTok.
Experts at Incognit were particularly surprised by the number of data points each of these platforms collect and share with third parties, but also by the number of data points you can collect. can’t unsubscribe from.
The violations category refers to fines and data breach incidents. Here, Telegram, Reddit, Quora and Discord achieved a very positive score: 0. Not so good for X (formerly known as Twitter), which saw well over a quarter of its total score come from this category, alongside Facebook and LinkedIn. The latter was the platform that suffered the highest number of data breaches and massive data scrapes – according to Incognit data.
In terms of transparency – i.e. how much user data reaches governments and the accessibility of certain features – Quora and Telegram had the worst ratings, while LinkedIn, Discord, Snapchat and YouTube performed the best.
Finally, user-friendliness looked at how easy it is to understand the platform’s privacy policy and how many steps you need to take to delete your account. Obviously, Facebook products performed poorly here too, alongside Google-owned YouTube.
“Everything seems designed to make it difficult for people to fully understand what’s happening with their personal data,” Emilia Jasinska-Dias, spokesperson for Incognit, told me.
Researchers found that to understand the privacy policies of the analyzed platforms, a user must be at the university level. Jasinska-Dias believes this could be intentional. She said: “It seems like they are constructed in such a way that people won’t read them.”
Experts say a consistent, standards-based format that’s easy to navigate is needed to ensure everyone can make informed decisions about which social media platform to use – and what data they’re comfortable giving away.
It takes up to 6 clicks to delete your account
If you’ve ever embarked on the mission to close an old Facebook account, then you probably already know this: deleting a social media profile is anything but easy.
Researchers found that the steps required to delete a social media account can range from a minimum of two clicks (TikTok, Telegram and Discord) to a maximum of six. This last category includes all of Meta’s products except WhatsApp, which requires three, and YouTube.
Still, as the report notes, “deleting accounts should be a relatively simple process.”
Your data will be retained for up to 180 days after you leave a platform
“The most shocking discovery was how long data is sometimes retained after a user decides to delete their account,” said Jasinska-Dias. “In some cases it can take up to six months.”
Among the platforms that retain your personal data for approximately 180 days after you have clearly expressed your intention to deviate from a specific service are Facebook, Instagram, Messenger, YouTube and Discord. On the contrary, Telegram only keeps your data for a few days after deletion.
This is especially concerning given that some of the most invasive platforms (Facebook and X) have suffered at least two data breach incidents in the past.
Data protection laws are not enough
While most social media platforms have built their business models from the ground up around collecting your personal data, many countries have implemented new privacy laws in recent years that aim to keep data collection and retention to a minimum. Do these measures help at all? According to Incognit, not much.
Did you know?
Experts at Proton, the provider behind ProtonVPN and ProtonMail, found that companies like Meta, Google, Apple and Microsoft only made enough money after a week in 2024 to pay off all the fines they received in 2023.
Facebook, for example, was hit hardest by legal fines for violating the privacy of its users – three from EU bodies and five from other jurisdictions. WhatsApp, another Meta product, was fined five times, while TikTok and X were fined four each. Despite this, the research clearly shows how these platforms are still among the worst in terms of privacy protection.
“When we look at the number and amounts of fines imposed on each platform, it is clear that they are not enough to make platforms change their approach to the way users’ personal information is handled,” he said. Jasinska-Dias me, adding that at the moment there are no rules that sufficiently safeguard the interests of users.
She believes that policymakers can only limit the extent of personal data collection by ensuring that breaking the law is not more profitable than adhering to it.
As Incognit’s research shows, the most popular social media platforms are also the most invasive services out there. While privacy-respecting alternatives exist – think Mastodon, Nostr and Matrix, for example – you may not be ready to give up your social media presence on other platforms. It is then crucial to learn how to minimize the data you share.
As a rule of thumb, Jasinska-Dias suggests opting for services that allow registration without using your real data where possible. If you can’t do that, consider setting up a special email account instead of giving away your main address. I wouldn’t sign up with your phone number either if that’s possible.
“It’s worth noting that Google and Meta platforms make managing your privacy more complicated,” says Jasinska-Dias. It is vital to remember that these services are integrated into a larger group and they share your data between them.
I strongly recommend that you check your privacy settings to ensure that you are only sharing strictly necessary information with the social media company.
You should also gain more confidence in the provider’s usage and privacy policies while staying informed of any changes. Last week, for example, LinkedIn quietly started training its AI data with user data. If you haven’t already done so, here are some instructions on how to unsubscribe.