Facebook, Instagram and Twitter Harms Wrap-up

Written by Internet Safety Labs
October 27, 2023

One of the things we measured in our 2022 US K12 EdTech Safety Benchmark was the presence of risky trackers within the school’s website. In fact, we recorded the presence of Facebook and Twitter trackers (amongst several others) within the school websites.  

Similar to our post from Wednesday, even when students aren’t using Facebook or Twitter, those platforms are using the students [i.e., their data]. 18% of the school websites included Facebook trackers and 19% included Twitter trackers. This is still too high; these numbers should be zero to ensure student privacy.  

To summarize our key points from this week: 

    1. Social media platforms are used by 91% of schools in the US and it’s not going to change soon because there aren’t safe, free, easy alternatives. 
    2. Even if a school doesn’t have an active social media link on its page it can still contain “invisible” social media tracking of student data (shown above). 
    3. Even if a student isn’t actively using a social media platform, the other education related apps they’re using may be communicating with Facebook and Twitter. 33% of all tested apps in our benchmark were observed communicating with Facebook.
    4. Facebook, Instagram, and Twitter are scored as Very High Risk apps per the ISL safety scoring rubric. As we described, our scores currently only reflect privacy risks and don’t yet include the deceptive and harmful patterns contained in the user interface. But we can readily observe two known harmful patterns in all social media: (1) the like button, and (2) infinite scroll.  

We would be remiss not to mention this crucial effort by the FTC to disallow the monetization of data from children under the age of 18. If accomplished, this plus a win by the more than 40 states suing Meta would eliminate two crucial safety risk “surfaces”: (1) data monetization (which entails staggering sharing) of children’s data, and (2) removing deliberately harmful and/or addictive behaviors in the user interface. We hope that the additional data we’ve made available this week is helpful in these efforts.  

Until the software is changed to be made safer, we also want to leave schools and districts with these recommendations: 

    1. Remove social media trackers from your websites. These are probably coming from the platform provided code snippets for sending users from your school’s site to Facebook, et al. We strongly recommend that you hard code linking to social media on your website, instead of using the code snippets provided by the vendors. 
    2. Require your students to use privacy-preserving browsers (like Mozilla’s Firefox) and also teach them how to install tracker blockers like EFF’s Privacy Badger and configure the browser for maximum privacy.