Facebook Bought Giphy But Not to Learn How You Use GIFs
In a world where Zoom had to recently apologize for having seemingly no idea that their client was sending data back to Facebook, who will be next to make a similar apology? We don’t know who, but we can guess why: Giphy.
Articles and pundits are watching the hand the magician is waving rather than watching the magician’s other hand. I keep reading that this will be wonderful data for Facebook on how people use GIFs. Given Facebook’s general modus operandi and love of tracking everything you read, click, say, do, browse, like, etc., there has to be more to it than, “Let’s have better data on how people use GIFs.”
Follow the data trail
Facebook is buying Giphy for $400M. Giphy seems like the kind of thing Facebook could have built, become a competitor for way less than that price tag, and really had monster data on how you use GIFs. Plus they already have wild information on how you use GIFs and memes in Facebook, Facebook Messenger, Instagram, and WhatsApp. Did they need MORE data on how you use GIFs?
This is all too low-level for the realms in which Facebook plays. What’s the real endgame?
My hypothesis is that Facebook will use the Giphy integration to collect a lot of data about you from apps and systems where Giphy is connected. Imagine if a little change to an SDK and some terms later, and all of Giphy’s integrations are now collecting a mountain of things you’re doing without you knowing.
What would Facebook give to know everything you typed, what people typed back, what you wrote about publicly, and things you wrote privately? Sure, they’d know that you used a positive meme for something politically right wing or left wing. But what would Facebook pay to know everything your coworkers are typing about in your team chat… that you thought was private?
Roughly $400 million. “Oh, Giphy updated their terms. Yeah, whatever, accept.”
What about Giphy’s integration with Slack?
I emailed Slack to ask them what stops Giphy from accessing data about Slack workspaces, members, and conversations. The very nice rep explained that the current Giphy integration into Slack was built by Slack, and designed to give Giphy nearly zero data. However, if Facebook/New Giphy wants to build their own Slack app that grabs all kinds of Slack data, and put it through the Slack integration approval process, they could try that.
This could end up a case of “buyer beware,” where you are supposed to have read the permissions or terms to know what’s being collected (and given to Facebook). If, down the road, there are two Giphy apps available to Slack, pick the one created by Slack since it has minimal permissions and access.
All Giphy integrations will now be a case of buyer beware as well as partner beware.
Reading terms of service seem like the right thing to do, but that won’t help since many are written to be vague. Facebook isn’t going to be up front and honest. You are likely to see terms saying that we collect lots of data, we do what we want with it, and you agreed to it so we tell ourselves you like what we do.
The solution is to better know the SDKs and integration models that you are using. Again, you don’t want to be like Zoom and be (supposedly) surprised that they were sending data to Facebook. Your Engineering and Security teams should know exactly what third-party code does, how it does it, and how you will proactively monitor your own app, site, system, client, and internet traffic to make sure that nothing is happening that you were not expecting and approving.
Those integrating with Giphy’s systems will need to pour through the documentation and terms. Get your lawyers and your security team on it. You don’t want to have to answer to a public outcry that you are sending Facebook data through the (future) Giphy integration, and you didn’t even know it.
Stay alert and be proactive.
This can’t be said enough. You don’t want to make headlines. You don’t want to piss off your customers. You made promises to them. Hopefully ethical promises, grounded in treating them and their privacy even better than you would want yours treated.
Dig deeper, make no assumptions, and hold my Delta CX “Bad Actor Brainstorming Workshops.” This will get a larger cross-functional team brainstorming all the ways that something you don’t want happening to or with your system or with your data could happen. How would a violent ex-spouse, a foreign hacker, or Facebook try to game our system, obtain data, or use information in a way we wouldn’t want?
Consider as many methods and possible outcomes as possible. Then put the strategies, tools, systems, people, and automated checks in place to proactively monitor for any of these things happening.
