Facebook Portal: Privacy Policy Breakdown

Can Facebook’s always-listening screen be anything short of a privacy minefield? The company has taken some concerns onboard - but targeted ads are definitely not off the table and there will be no end-to-end encrypted video calls.

Facebook Portal in white, duo
Natasha Stokes
By Natasha Stokes

Facebook was always going to have a trust issue with the Portal. The video-calling smart screen, which makes calls between two Messenger accounts, has a camera that can pan 140 degrees, using artificial intelligence to track people in shot, and microphones that passively listen for a wake word. For a company often charged with reckless or nonconsensual handling of user data, it’s kind of an ask for users to pop one of these in their living room.

Continual demands for transparency have meant that Facebook has improved the simplicity of its privacy settings and the Portal privacy policy is clearly set out. However, a few of its privacy claims could be more direct on how user data will be used:

Facebook Portal won’t serve ads at this time.

What it means: Facebook has confirmed that it will “collect usage data such as length of calls, frequency of calls – same as on other Messenger-enabled devices [and] may use this information to inform the ads we show you across our platforms.”

In other words, Facebook will probably add metadata from Portal calls to the information it already uses to target ads across Facebook, Instagram and WhatsApp. Given Facebook’s business model (and the phrase “at this time”) it is likely that ads will be served on the Portal at some point, too.

Earlier this year, the company came under fire for logging SMS and phone call metadata via the Messenger app. This tracking is turned on – unbeknownst to many users – if users had enabled the Messenger feature to “Text anyone in your phone”, which comes up the first time the app is opened. (The feature, which “continuously uploads info about your contacts […] and your call and text history”, can be turned off from Messenger settings.)

Facebook says that this tracking helps “provide a better experience across Facebook” and that it does not collect the content of text messages or calls – so it’s not difficult to imagine something similar will happen with Portal calls.

Video calls are encrypted.

What it means: Video calls are encrypted in transmission, preventing them from being listened in on, if intercepted. However, they are not end-to-end encrypted, which leaves open the possibility for calls to accessed by law enforcement, for example, or in the event of a breach – like the one where Facebook’s View As feature (to see one’s profile as from the point of view of another user) was hacked to expose 50 million accounts, or the one where it allowed millions of accounts to be harvested by Cambridge Analytica…

“Given that Facebook owns WhatsApp which does end-to-end encrypt calls, it’s puzzling it hasn’t offered end-to-end encryption on Portal calls. I would have thought they would have been more sensitive given the recent data breaches,” says David Emm, principal security researcher at Kaspersky.

In a BBC interview, Facebook honcho Andrew Bosworth defended the decision by saying the Portal calls are encrypted exactly the same way they are on Messenger – even though in Messenger there is an option in Settings to enable end-to-end encrypted Secret Conversations.

Facebook diagnostic server

Credit: Facebook

Facebook doesn’t listen to, view or keep the contents of Portal video calls.

What it means: According to Facebook, it does not record Portal calls. Camera information – what it tracks during a call – is controlled and stored on the Portals themselves, rather than being transmitted back and forth with Facebook’s servers. Users also have the ability to clear call logs.

“This is reassuring,” Emm says.

However, Wired reports that a Facebook spokesperson said that Portal “information might be accessed, preserved or shared in response to a legal request,” suggesting that there is a timeframe during which video calls could be accessible by Facebook.

Portal only sends voice commands to Facebook servers after hearing “Hey Portal”.

What it means: Like other smart speakers, the Portal only starts actively listening on its wake word, responding to commands to start a call, adjust volume or activate third-party apps. These are sent to Facebook servers, but voice history can be deleted from users’ Facebook Activity logs.

Of course, there’s a concern that the non-voice audio it picks up could be monitored: as Time reports, Cambridge Analytica whistleblower Christopher Wylie said companies – not necessarily Facebook – often track ambient audio such as whether someone is at home or the office to target advertising.

However, Facebook has denied past accusations of using phone mics to capture audio for ad targeting – after all, it hardly needs to – so presumably the Portal operates something like how Google and Amazon say their smart speakers do: where it’ll listen in snippets of a few seconds (or less), discarding each snippet from the device after detecting whether the wake word has been heard.

Portal versus other smart speakers

One might have similar privacy concerns with the likes of Google Home and Amazon’s screen-packing Echo Show. Like Facebook, Google and Amazon own advertiser networks that span much of the internet. All three tech juggernauts have a lot invested in getting their always-listening devices into people’s homes – the more data they gather about how people like to behave – such as who they call and what they search for – the more effectively they can serve ads and in Amazon’s case, suggest items to purchase.

However, Facebook has taken a heavy beating to its user trust lately. It at least appears to have taken onboard some of the privacy concerns people might have with a Facebook camera in their homes:

  1. Portals will ship with a physical lens cover so users can block the camera from recording while still using audio functions.
  2. The microphone and camera can be disabled by a single tap on the screen, and will require a physical button to be turned on, preventing any kind of software-based hack.
  3. The camera AI recognises the shape of people, but does not use facial recognition, so can’t identify users.
  4. Facebook can’t access voice commands made to Amazon’s Alexa – data which is arguably even more revealing.

These security measures might be enough for those users who don’t distrust Facebook – after all, it’s worth noting that the data Facebook now says it will take from the Portal (call length, frequency and with whom) is no different from what users are already sharing with Facebook for the purposes of ad targeting and general user experience enhancements. The question is whether further modifications to the privacy policy will emerge, all in the name of a better experience across Facebook and its other platforms.

The Portal ships in the US from 8 November for $199, the 15-inch Portal+ for $349.