Despite all the ways Facebook has flouted privacy standards—like how it recently experimented with 700,000 users’ emotions by manipulating the positive and negative content of their newsfeeds—the company hasn’t yet provided personal data to oppressive governments. But that didn’t deter the Thai junta. When Facebook refused to help Thailand’s newly installed military government access users’ personal information, the junta created a misleading Facebook application to capture its citizens’ names and email addresses.
As you might remember, back in May, after months of anti-government protests, Thailand’s military staged a coup. Once in power, the military suspended the constitution, installed a 10 p.m. curfew, banned gatherings of more than five people, and attempted to suppress dissidents—including any of the estimated 28 million Thai users on Facebook, a third of the country’s population. On May 29, the new government tried to have a meeting with social-media companies, including Facebook, to discuss censoring Thailand’s anti-coup dissent, but none of them showed up.
But the Thai junta didn’t take this as a sign to give up on tapping into the power of social media. Instead, as the Electronic Frontier Foundation reports, the junta placed a Facebook login button to track users on more than 200 of the government’s restricted websites, like the webpage of Human Rights Watch.
Before the coup this May, Thai users would have seen websites like the HRW page blocked by Thailand’s Technology Crime Suppression Division. But after the coup, Thai citizens noticed they were being rerouted to a page that included two new buttons: a blue “log in with Facebook” button and a blue “close” button. Both buttons took the user to a Facebook application created by the junta that asked users for permission to access data in their Facebook profiles. Simply logging in and clicking “okay” to the application’s first page would immediately allow the TCSD, without disclosure, to access the user’s email address, age, gender, date of birth, and other information, the nonprofit Thai Netizen Network warned Thai Facebook users.
According to the Electric Frontier Foundation blog, which reported this story from local Thai news, the junta was able to harvest hundreds of email addresses this way. As EFF reports, Facebook has been pushing back against this type of behavior:
A deceptive Facebook app without a clear privacy policy or embedded explanation is a violation of Facebook’s own platform policies, and the Crime Suppression Division’s app has now been suspended by Facebook at least twice. The first “Login” app was removed shortly after the Thai Netizen Network published details of its deceptive appearance. An identical app which subsequently replaced it on the page was suspended by Facebook after less than a week of operation.
The Technology Crime Suppression Division later posted that they were collecting this data to “handle more witnesses which can lead to more prosecutions and will make the online society more clean.” Relative to its recent behavior, faking Facebook was a quiet move by the military. Certainly quieter than the junta persecuting a man reading George Orwell’s 1984 in public. Or detaining those wearing T-shirts with either pro-peace or anti-coup messages. Or reportedly blocking Facebook outright for about a half hour, which spurred a flurry of online protests (the government’s official line is that it was a technical glitch). It’s no wonder Thai citizens trust the social-media platform more than their own government.