Master list of Facebook's 2018 scandals

By Issie Lapowsky's count, Facebook had 21 major scandals in 2018. This feels low to me. Wasn't it more like 21,000,000? (2018 was a hell of a year).

She's arranged her master list in chronological order, starting with February ("Special counsel Robert Mueller's indictment of Russian trolls reveals the role Facebook played in Russia's plot—and so much more") and ending in December ("Another Times investigation finds Facebook shared lots of personal user data with large companies").

Perhaps next year, Facebook will oblige us with 25 scandals in time for December 1 and we can make an advent calendar out 'em.

December 2018: Facebook's internal communications go public through a lawsuit over a defunct bikini app

In 2015, the developer of an app that allowed people to find Facebook users' bathing suit photos sued Facebook in California for damages. The app, which was called Pikinis and was developed by a company called Six4Three, was forced to shut down because Facebook had changed its privacy settings, prohibiting app developers from hoovering up their users' friends data without their knowledge, and therefore making Pikinis inoperable. The lawsuit was going along quietly until Thanksgiving weekend, when lawmakers in the UK seized a trove of documents that had been ordered sealed in California from Pikinis' creator. In December, British parliamentarians published 250 pages worth of internal Facebook emails and other files, including personal emails from Zuckerberg himself. The emails appeared to show Facebook offering major advertisers special access to user data, deals some view as a contravention of Facebook's promise not to sell data. Facebook, for its part, has said the emails lack context and maintains that it never sold user data. Now, the founder of Six4Three, Ted Kramer, is facing his own legal troubles for handing the documents over to British MPs.

December 2018: Facebook bug exposes 6.8 million users' photos to third-party developers

With weeks to go before the New Year, Facebook announced another monster screwup. Thanks to a bug in its photo API, up to 1,500 apps may have had access to users' photos, whether they shared those photos or not. The bug, which was introduced on September 13, impacted people who use Facebook Login to access apps. It was finally found and patched on September 25. But Facebook waited more than two months to disclose that fact to the public. It's unclear how regulators will view this delay, particularly in the European Union where the General Data Protection Act mandates data breach disclosures within 72 hours. That's a question for 2019.

December 2018: Another Times investigation finds Facebook shared lots of personal user data with large companies

Just when it seemed no more scandals could break, on December 18, the New York Times published an investigation that found the company shared troves of personal user data with more than 150 companies—including major players like Amazon, Microsoft, Netflix, and Spotify—long after Facebook said it had cut off access to that kind of information. The big takeaway from this latest news seems to be: despite Facebook's claims that users have "complete control" over their data, the company has, throughout its history, traded on data access in order to grow the business.

The 21 (and Counting) Biggest Facebook Scandals of 2018 [Issie Lapowsky/Wired]