Warning: *privacy not included with this product
Let's be honest, Meta (formerly Facebook) has a pretty terrible track record when it comes to protecting their users' privacy (remember that record $5 billion dollar fine for privacy failures?). Now they're asking people to drop a couple hundred dollars to put a device with an AI-powered smart camera capable of tracking your every move and an Alexa-powered, always listening microphone in your home. What could go wrong? Given Meta/Facebook's terrible track record on privacy, we're worried a lot.
What could happen if something goes wrong?
Meta (you know, the company that used to be Facebook), has a very long history of betraying users' privacy and trust. They've faced record fines around the world for this and have been caught hiding data leaks from their users. In April 2021, it was reported the personal information of more than 500 million Facebook users was shared online in a massive data leak. Then there was the 2022 admission that over one million Facebook users’ login info may have been compromised due to malicious apps stealing data through the Facebook third-party login (hey, Meta/Facebook did announce this themselves, so, good for them). And the report that Meta/Facebook’s own engineers say they don’t have control and understanding of how their systems use all that data they collect on your. All this this coupled with with the Facebook whistleblower testimony in 2021 to the US Congress that outlined the harms Meta/Facebook causes and the dishonest way they approach dealing with these harms and Meta/Facebook appears to be one of most immoral companies we review in *Privacy Not Included.
This is the starting point for a device you bring into your home with an AI-powered smart camera and microphone that sends data back to Meta/Facebook regularly. To use the device, consumers are required to have a Facebook or Whatsapp account (a Workplace plan can also be used but those are paid business plans), another flag for us as Meta/Facebook collects and shares a large amount of user data and doesn’t always secure that data properly.
Which is why we are happy to see that Meta/Facebook plans to no longer produce the consumer version of their Meta/Facebook Portal devices (this includes the Meta Portal, Meta Portal Go, Meta Portal Plus, and Meta Portal TV). These products never felt like a good idea for consumers to bring into their homes, so we’re more than happy to see them go. They are still for sale on Meta’s website at the time of this review though, so buyer beware! Because, the question comes down to, does Meta/Facebook have your best interests at heart when it collects all the data this device is capable of collecting? From Cambridge Analytica to where we are today, the answer to that question is a resounding NO. We're afraid these devices come with *Privacy Not Included.
One more note on Meta from a privacy researcher’s point of view. Trying to read through Meta's crazy network of privacy policies, privacy FAQs, privacy statements, privacy notices, and supplemental privacy documentation for their vast empire is a nightmare. There are so many documents that link to other documents that link back even more documents that understanding and making sense of Meta's actual privacy practices feels almost impossible. We wonder if this is by design, to confuse us all so we just give up? Or, if maybe even Meta'’s own employees possibly don’t know and understand the vast network of privacy policies and documentation they have living all over the place? Regardless, this privacy researcher would love to see Meta do better when it comes to making their privacy policies accessible to the consumers they impact.
Tips to protect yourself
- Check Meta Portal privacy settings.
- Keep your location data private
- You can disable the camera and built-in microphone on Portal with a single tap or with a sliding switch. A red light next to the lens indicates the camera and microphone are off.
- When starting a sign-up, do not agree to tracking of your data.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
What can be used to sign up?
Facebook or WhatsApp account is required
What data does the company collect?
Name, email address, password, messages, photos
Voice clips are recorded and sent back to Facebook when you say "Hey Portal."
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In September 2022, Meta was fined $405M for treatment of childrens' data on Instagram.
In October 2022, Meta Pixel was a cause of a data breach of sensitive healthcare data that hit 3 million patients at Advocate Aurora Health (AAH), a 26-hospital healthcare system in Wisconsin and Illinois.
In October 2022, Meta notified around 1 million users of potential compromise through malicious apps.
In August 2022, private and personal information of over 1.5 billion Facebook users were allegedly being sold on a popular hacking-related forum.
In March 2022, Meta received a $18.6M fine from the Data Protection Commision. The DPC found that Meta Platforms failed to have in place appropriate technical and organisational measures which would enable it to readily demonstrate the security measures that it implemented in practice to protect EU users’ data, in the context of the twelve personal data breaches. The decision followed an inquiry by the DPC into a series of twelve data breach notifications it received in the six month period between 7 June 2018 and 4 December 2018.
In October 2021, Facebook's WhatsApp was fined nearly $270 million by Irish authorities for not being transparent about how it uses data collected from people on the service.
In April 2021, it was reported that there was a personal data leak of about 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It included their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and, in some cases, email addresses.
In August 2019, Bloomberg reported that Facebook hired contractors to transcribe audio messages users sent through Messenger and Facebook confirmed the report.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Meta/Facebook has a confusing number of privacy policies and privacy pages and data policy pages that are difficult to navigate and understand.
Links to privacy information
Does this product meet our Minimum Security Standards?
Portal video calls are encrypted. All Portal WhatsApp calls are end-to-end encrypted and all Portal Facebook Messenger calls are encrypted in-transit. Facebook says that it does not listen to, view or keep the contents of any video or audio calls on your Portal.
The Portal requires you to log in with a Facebook account and strong password. You may also set a passcode for the device.
Automatic updates are enabled by default.
Facebook has a bug bounty program.
Facebook runs an AI portal. https://machinelearning.apple.com/
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
The Portal has an AI-powered "SmartCamera" feature that tracks you as you move in the video frame during a call. It is done by performing the computer vision (CV) modeling on-device. Portal’s camera does not use facial recognition and does not identify who you are — it uses AI technology to frame a scene. To do this, it determines whether something in the room is or isn’t a person.
Portal also has AI-powered augmented reality features in Messenger and WhatsApp video calling, and in the Photobooth and Storytime apps.
Portal also offers AI-powered voice assistant features. This includes an on-device wake word detection and automatic speech recognition models when a “Hey Portal” wake word is detected.
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Meta Is Killing Off Consumer Versions of the Portal Video-Calling and Streaming DeviceVariety
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked DocumentMotherboard: Tech by Vice
Meta warns 1 million Facebook users their login info may have been compromisedThe Washington Post
Meta Faces Another Lawsuit Over Health Data Privacy PracticesHealthITSecurity
VR Tracking Facial Expressions May Be the Next Privacy Nightmare—Here's WhyLifewire
Facebook privacy settings to change nowThe Washington Post
533 million Facebook users’ phone numbers, personal information exposed online, report saysThe Washington Post
533 million Facebook users' phone numbers and personal data have been leaked onlineBusiness Insider
Under the hood: Portal's Smart CameraEric Hwang, Peter Vajda, Matt Uyttendaele, Rahul Nallamothu
Facebook data privacy scandal: A cheat sheetTechRepublic
Facebook's new whistleblower is renewing scrutiny of the social media giantNPR
Facebook won’t even tell you if your data was compromised in the massive breachBGR
Facebook paid billions extra to the FTC to spare Zuckerberg in data suit, shareholders allegePolitico
Facebook documents show how toxic Instagram is for teens, Wall Street Journal reportsCNBC
Everything We Know About Facebook's Massive Security BreachLouise Matsakis and Issie Lapowsky
Facebook's new Portal smart displays: Who's listening and what's happening to your data?CNET
Facebook’s Portal Device Has A Tracking Camera And Knows When You’re HomeBuzzFeed News
Even the Muppets can’t make Facebook Portal seem less creepyFast Company
Got a comment? Let us hear it.