The Week in Privacy Problems: Who’s Hacking, Selling, and Manipulating Your Data


This hasn’t been a good week for privacy — but is it ever, these days? Here are the hot messes that dominated the depressing privacy discussion this week.


Last night, Chinese hackers broke into the Times‘ computer network and stole every single employee’s password, then used the data to access 53 employees’ personal devices. The paper attracted Chinese ire when, back in October, it reported that China’s prime minister, Wen Jiabao, used his position to stockpile wealth and hid it behind a shady network of investment vehicles and offshore accounts.

Fortunately for the paper’s subscribers, the hackers didn’t try to uncover customer data. Instead, they targeted employees who worked on the story, searching for names of people who may have provided information on Jiabao’s family finances. Less reassuring is the fact that the Times‘s anti-virus software, provided by Symantec, failed to detect all but one of the 45 pieces of malware the hackers used to gain access.

Of course, China denies everything, reminding us that “Chinese law forbids hacking and any other actions that damage Internet security.” Suuure.


NBC reports that Equifax, one of the three huge credit reporting agencies in the country, has been selling the data it accumulates to debt collectors and other third parties. It’s subsidiary, a company called The Work Number, is an expansive database of salary records, health insurance information, unemployment claims, pay stubs, and other personal data. Its records are routinely sold, despite a section on The Work Number’s FAQ page that promises, “You have to give someone authorization to get your income information from the service.”

Despite the clear breach of privacy, what The Work Number is doing is completely legal under the Fair Credit Reporting Act. And sadly, you can’t easily opt out from having your data stored on The Work Number — many businesses freely offer up their employees’ information, unaware of how its being used.

If you want to see what kind of dirt The Work Number has on you, you can find out on


Recently, Instagram users were up in arms about the company’s new privacy policy, which stated:

Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.

Or, more simply, “We’ll take all of your information now and use it for advertising, thanks.” Fans of the Facebook-owned photo-editing service freaked out, causing Instagram to backpedal the policy.

Last night, Facebook CEO Mark Zuckerberg finally explained why he wants all that information so badly, especially the photos — to sell more ads, of course. Here’s his explanation:

One of our product design principles is, we want the organic content to be of the same basic type as paid content. Advertisers want really rich things like big pictures and video and we haven’t provided those historically.

But one of the things we’ve provided in the last year — you see the organic News Feed posts moving towards bigger pictures and rich media. The success of products like Instagram is that they work because they’re so immersive on a small screen. When you have those form factors for content, that gives you the ability to offer those form factors for advertisements as well. It allows us to offer more engaging experiences for advertisers as well.

All this means is that you can expect even more of those aggravating advertising posts popping up in your Facebook feed, and probably soon in your Instagram feed as well. It’s almost enough to make us want to give up on smart phones entirely and migrate back to the candy bar phones whose only features are calling and texting.

It sucks, but unless you want to start reading a bunch of Thoreau and go off the grid, expect a lot more yucky privacy news in the near future.