Stop using all Meta services, including Facebook, Instagram, WhatsApp, Threads, and Oculus Rift. A massive amount of data and accumulated over eight years (all the data below), shows how many times Meta has broken laws, been sued, and fined. This is legitimate data.
Some may think the idea of Mark Zuckerberg and executives going to jail is extreme. However, when a hacker exploits personal data, they are often arrested, fined, or both. In contrast, Meta’s current and past executives have exploited more personal data than any other organisation or hacking group in the world, yet have never faced jail time. This demonstrates how the extremely wealthy are above the law. They continue to pay fines in the tens, hundreds of millions, or even billions, but the value of the data they collect and sell far exceeds these fines. The only way to stop them is to send them to jail, but no one is doing it, not even the European Union, which has stronger privacy laws than Canada or the USA.
Almost everyone with a smartphone uses Instagram or WhatsApp daily, and many still use Facebook. What Meta does is disgusting and disturbing. It’s so bad that Meta’s own shareholders have successfully sued executives like Mark Zuckerberg for billions of dollars for violating people’s privacy (more on that below). The very people who are supposed to make the shareholders rich are being sued by them—this is unheard of and shows how serious the situation is.
2018
March – We’ll look at the timeline from 2018 onward, when controversy exploded for the company. In March 2018, it was revealed that 50 million Facebook profiles were harvested in a data breach for Cambridge Analytica, an organisation that scraped data from Facebook and sold it for political purposes. They used this data to target ads and successfully manipulate the public.
April – After the news of Cambridge Analytica broke, one of WhatsApp’s co-founders admitted that when he sold the company to Facebook (now Meta), he compromised his users’ privacy. He said he began to notice a complete disregard for user privacy and data within Facebook. In an interview with Forbes, he stated, “I sold my users privacy for a larger benefit. I made a choice and compromise and live with that every day.” He then publicly tweeted “#deletefacebook” and later, on April 30th, quit the company. He then donated $50 million to the Signal Foundation, a non-profit organisation which operates the privacy based Signal communication service which I highly recommend as an alternative to WhatsApp (more info here).
June – Also in 2018, the New York Times revealed that for the past decade, Facebook had data-sharing relationships with over 60 device makers, including Apple, Amazon, BlackBerry, Microsoft, and Samsung. Facebook collected data on user likes and other information. Despite Apple’s claims of being a champion of privacy, they were buying data that was considered private from Facebook.
September – On September 28th, Facebook announced that a cyberattack had exposed the information of nearly 50 million users, giving attackers access to their accounts and the services they used to log in. They later revised the number to 30 million. This demonstrated a complete lack of care for user privacy and their credentials.
December – The New York Times story from June was just the tip of the iceberg. Later, on December 19th, it was discovered that the list of companies was much larger, including more than 150 companies like Microsoft, Netflix, and Spotify. These companies had the ability to read Facebook users’ private messages, as Facebook was selling this data. This is ironic since Netflix and Spotify are often critical of people who pirate their content.
Netflix and Spotify find pirating of their content to be unacceptable, yet they had no problem with being caught buying private user data. This included Amazon and Apple, which continued with the practice even after being exposed. Apple’s claims of caring about privacy are a joke. This is just a fraction of the data found, and there are many more instances of misconduct.
2019
January – In 2019, Facebook was caught paying teenagers to install a VPN app. They offered a bribe of around $20 per month to kids to install the app. However, this app was secretly collecting all personal information on these kids, including every website visited and every app used, and then selling the data.
March – On March 4th, it was found that Facebook failed to protect users’ phone numbers. For years, Facebook had claimed that phone numbers used for two-factor authentication were private and for security purposes only. It was discovered that these numbers were being made public without any way for users to disable it.
March – On March 21st, it was revealed that Facebook staff had access to hundreds of millions of user passwords. These passwords were stored in plain text, making them easily viewable to any employee with database access. This lack of security allowed for credentials to be stolen, giving access to personal data and activity.
April – A few weeks later, in April, more data was leaked from Facebook. A 146-gigabyte database containing 540 million records of data, including comments, likes, reactions, account names, and Facebook IDs, was exposed to the public. It became clear that all data on Facebook was not private.
April – In April, it was revealed that Facebook had collected the email contacts of 1.5 million users without their consent. The company had removed a notification that informed new users their contact lists would be uploaded upon signing up. This practice was only discovered three years later, in 2019.
2020
December – The following year, in December 2020, Facebook had to disable several services on its apps, including Messenger and Instagram, to comply with EU regulations. Features like sending media files, chat nicknames, and polls were all temporarily removed while the company worked to become compliant with European privacy laws.
2021
Janruary – In January 2021, WhatsApp, which is owned by Facebook, delayed a privacy update after a backlash from users concerned about data sharing. The update would have allowed WhatsApp business accounts to retrieve and use messages from chats for marketing purposes. This raised concerns that conversations with businesses on the platform were not as private as users had assumed.
September – Later in the year, a Wall Street Journal investigation, based on leaked internal documents, revealed that Facebook was aware of the negative effects Instagram has on teenage girls. The company’s own research showed the app was harmful to a significant portion of its young female users. Despite these findings, Facebook publicly downplayed the app’s negative impact, including in communications with Congress. Continuing on, Facebook claimed the negative effects weren’t widespread, and downplayed the issue.
November – In November 2021, Facebook shut down its facial recognition tagging program, which had been in place since before 2019. The decision stemmed from a lawsuit alleging that the technology violated Illinois’s biometric privacy law, which led to a $650 million settlement.
2022
September – In September 2022, Meta was fined 405 million euros by the European Data Protection Board for violating children’s privacy. The investigation found that children between the ages of 13 and 17 had their phone numbers and email addresses publicly displayed on their profiles by default. This feature was an “opt-out” for children, meaning they had to manually change their privacy settings to prevent this information from being public.
November – Also in November 2022, healthcare providers and other companies faced lawsuits for using Meta Pixel, a code that sends user data to Meta. The data collected included information on scrolling, clicks, data typed on the web page and time spent on pages. This data was then sold for marketing purposes. Investigations revealed that 33 of the top 100 hospitals in the United States had Meta Pixel installed on their websites, raising concerns about the privacy of sensitive healthcare data.
There is no excuse for hospitals using Meta Pixel, as they have professional staff or contractors who understand web design and code. This was a deliberate choice to gather and sell private health data. It is believed this information is sold to the highest bidder, likely pharmaceutical companies and other medical service providers.
2023
February – In 2023, it was confirmed that Instagram chats are not encrypted by default. This means Meta has open access to users’ conversations unless they manually turn on end-to-end encryption. The company is not even attempting to hide the fact that it can access users’ messages.
May -In May of that year, Meta faced a record-breaking 1.2 billion euro fine from the EU for repeatedly violating data residency rules. The company was found to be illegally transferring data from European users to the United States. This fine was a warning against a common practice among large technology companies.
November – Later in November 2023, 42 U.S. state attorneys general filed a joint lawsuit against Meta for violating the Children’s Online Privacy Protection Act. The lawsuit claims that Meta designed its platforms to be addictive for young users and failed to take necessary precautions to limit privacy harms.
Meta has created platforms that are intentionally addictive, using some of the world’s best minds to ensure user engagement. This is especially problematic as it’s targeted at children. This is similar to how online games are designed to keep players hooked, but instead of just selling content, these companies are making money off of users’ data. Google does this with YouTube, Spotify with recommended music, Instagram with doom scrolling, and so on.
2024
September – A September 2024 FTC report examined several major tech companies, including Meta, Google, Twitter, and more, and found they were violating people’s privacy by gathering and selling personal data for marketing. The report also warned that the rise of AI will likely make this process even more efficient, allowing companies to analyse and sell data faster than ever.
December – In December 2024, a telehealth company called GoodRx paid a $25 million settlement in a lawsuit for using Meta Pixel to send users’ health information to Meta and other companies like Google. This could include sensitive data like addictions, disabilities, and medications, which could potentially be sold to insurance companies and lead to higher rates. This provided concrete evidence of Meta selling personal health data.
Similarly, Boston Global Media Partners was fined $5 million for using Meta Pixel to track what people were watching and clicking on its websites. The company was found to be collecting this information and sending it to Meta to be sold. One of the frustrating aspects of these cases is that while the companies using the Pixel are fined, there has been no public information about Meta or Google being held accountable.
Companies with billions in revenue often seem to be immune from serious consequences for their data privacy violations, often getting away with fines that are a small percentage of their earnings.
2025
February – In February 2025, Meta warned users its AI systems would scan direct messages across Facebook, Instagram, Messenger, and WhatsApp. The company says this is to train its AI, but many users are not fully aware of this. Although the information is buried in the terms and conditions, the problem is that most people don’t read the terms. This allows Meta to use users’ chat data for AI training, which can lead to more addictive products. Of all Meta’s products, Instagram is arguably the most dangerous due to its addictive nature, particularly with “doom scrolling.”
March – A report from March 2025 detailed how much information WhatsApp collects, dispelling the myth that it’s completely private due to end-to-end chat encryption. While the content of the chats may be encrypted, WhatsApp still collects and sells a vast amount of other information, including your phone number, IP address, physical location, device type, profile picture, contact list, and the names and phone numbers of people in your groups. Meta then cross-references this WhatsApp data with a user’s Facebook and Instagram profiles to create a complete picture of who the person is, what they do, and who they talk to.
June – In June, Instagram and Facebook introduced a new AI feature that, if enabled, would scan all photos on a user’s phone, regardless of whether they were uploaded (I covered this in greater depth in this post). This means the AI can scan photos that haven’t been uploaded to Facebook and Instagram that you assume to be private. The company’s own official documentation confirmed this functionality.
July – In July, in a shocking turn of events, Mark Zuckerberg and other Meta executives reached an $8 billion settlement with their own shareholders. The lawsuit was filed because the shareholders believed the executives were causing financial harm to the company by consistently violating privacy laws and paying massive fines. The settlement shows that even those with a financial stake in the company are concerned about its continuous privacy violations, though an $8 billion loss is not a significant setback for a company of Meta’s size.
August – In August, Instagram enabled a new map-sharing feature that allows users to share their real-time physical location with other contacts. The company says the feature is off by default. A recurring theme from user’s posts on Threads (Meta’s Twitter cloned service) is that even when users opt-out of the feature, it is often found to be turned on anyway.
July – In August, a jury found that Meta had illegally collected menstrual data from a service called Flo by purchasing it, along with Google. The behaviour was ruled to be a gross violation of personal health information.
September – In September, it was discovered that a lot of people had a setting turned on, without their permission, that sent their photos directly to Meta’s servers. This allowed the company to analyse all photos on a person’s phone, whether or not they were uploaded to a social media account. This is different from the AI scanning of photos that haven’t been uploaded to Facebook or Instagram. This is photos simply being uploaded to Meta servers which theoretically means their AI service can scan it anyway.
These incidents highlight the dangers of using platforms like Instagram and WhatsApp. I believe that Instagram is an addiction platform that leverages doom scrolling and other psychological tactics for a quick dopamine effect. The most effective way to combat this is to use alternatives like Signal, a service that prioritises user privacy and simply stop using Meta services like I have. When I uninstalled Instagram, I noticed that I became far more productive, reaching for my phone less often and engaging in more fulfilling activities.
I hope this has been an informative summary. If it was helpful, please educate those you care about. The addiction to use an evil company’s services isn’t worth it.
