Meta: Difference between revisions

Meta

Basic information
Founded	2004
Type	Public
Industry	Technology
Official website	https://meta.com/

Meta Platforms, Inc., formerly known as Facebook, is a multinational technology conglomerate primarily known for its social media platforms, including Facebook, Instagram, WhatsApp, and Messenger. Founded in 2004 by Mark Zuckerberg, Facebook quickly grew into one of the largest social networks in the world. Over the years, the company has expanded its business model, incorporating advertising, data collection, and virtual reality products, with a focus on connecting users globally.

In 2021, Facebook rebranded itself as Meta, signaling its shift toward a broader vision focused on the "metaverse" – a virtual-reality, interconnected digital world. Meta has faced ongoing scrutiny over issues related to consumer privacy, data security, content moderation, and its role in spreading misinformation. The company has been involved in several high-profile regulatory and legal challenges, particularly regarding its handling of user data and its impact on user well-being.

Anti-consumer practices

Facebook

The Linux Ban

On January 19th 2025, Meta updated their internal policies to recognize the free and open source software and operating system Linux as a "cybersecurity threat".^[1][2] As part of this, many Facebook users had their accounts either locked or muted for merely mentioning Linux, most notably the Linux distribution tracking site, DistroWatch. DistroWatch claims they appealed the decision the next day and had it affirmed to them that "Linux-related material is staying on the cybersecurity filter" alongside the personal account the appeal was sent from being locked. ^[1] This quickly gained media attention with many calling this out as irony given Meta's infrastructure mostly runs on Linux.^[3] 9 days later on January 28th, PCMAG posted A comment to them by Meta directly confirming this was an error following Distrowatch's account being reinstated and the blocking of any Linux related content being lifted.^[4]

Tracking pixel

The Meta tracking pixel can be added to websites to track user behavior.^[5] The tracking tool has faced several lawsuits for violations of privacy laws. The lawsuits range from websites failing to disclose the use of the tracking tool Meta pixel to outright declaring the tool illegal. In 2023, the Austrian DSB decided the technology is illegal, as it cannot guarantee data is not shared back to data centers located in US from the EU.^[6][7] At that time there was legal uncertainty regarding these data transfers, as the privacy framework for EU-US data transfers was annulled in 2020. This legal grey area was entered again in 2025, as the current privacy framework with the US faces uncertainty.

Artificial permission requirements in Android App

The Facebook Android App summarily requests a lot of permissions. Most of those can be denied if unwanted. However, when the unlimited permission to access all media files on the user's phone is not granted, it is not possible to share images from the app. This is a completely bogus requirement, technically this permission is not needed to share images out of an app. The app will guide the user into enabling that permission when they [first] try to share an image. Notably, even granting limited access will trigger the "more permissions required" guidance.

As a crude workaround, one can take screenshots of images in the app instead of using its sharing functionality. Since that yields images in screen resolution, this workaround may not be suitable in all cases.

[Anecdote follows, is there a better place for information like this?] This seems especially concerning since the app recently suggested that I post a "story", by putting together its suggestion of one. In that story, it used a picture I have in my camera roll - interestingly, a picture that is years old, that actually shows me, and I'm only partially dressed - it's a picture I took in a fitting booth that did not have good mirrors available. Possibly complete coincidence, but since only a very small percentage of pictures in my camera roll actually show me, it strongly suggests some algorithmic stuff going on. Which leaves the question, does that algorithm really run completely locally on the phone, or are images uploaded to Meta that the user never OK'd for this?

In my opinion, Android [or an Open Source fork of it] could strongly use a sandbox model that would allow me to "grant" that permission to the app, without actually allowing it to access anything outside of a dedicated container that the user has complete control over.

Meta Oculus VR

Oculus VR Facebook account requirement

In 2014, Meta acquired Oculus VR for approximately $2 billion, which was known for developing the Oculus Rift and other virtual-reality (VR) products. Before the acquisition, users could create and use Oculus accounts to access their VR content. This allowed users more control over their privacy and data, without needing to use Facebook.

After Oculus VR was purchased by Meta in October 2020, Oculus Quest and Rift S users were required to sign in with a Facebook account in order to continue to use their purchased VR headsets.^[8] This forced integration of Facebook accounts with Oculus devices created several issues for users, particularly those who preferred to keep their VR experience separate from social media.

Because Oculus headsets were now tied to Facebook accounts, users who had their Facebook profiles suspended for any reason found themselves unable to access their purchased content, including games and apps, and unable to use their devices.^[9] Meta offered no options for Oculus VR users aside from going through Facebook's moderation process to attempt to regain access to their accounts.

Additionally, Oculus account holders who did not want to link to Facebook risked losing access to their purchases entirely.^[10] If they did not migrate to a Facebook account, they would no longer be able to use their Oculus headsets or access any content they had purchased from the Oculus Store.

In August 2022, following public backlash, Meta reversed the policy, allowing users to sign in with a new "Meta account" instead of a Facebook account.^[11] This, however, did not prevent several original Oculus accounts from being deleted or suspended, with Facebook users being locked out of their headsets for two years.

Additionally to all of this the headsets are not usable at all without connecting them to the Internet and logging them into a Meta/Facebook account when the owner wants to use it for the first time after purchase. This creates the risk that the headsets will be indefinitely unusable, or at least not to be able to be set up after a reset of the software, if Meta theoretically decides to shutdown the authentication or login servers.

Echo VR shutdown and Ready At Dawn

Echo VR was a VR e-sports title centered around zero-gravity physics, developed by Ready At Dawn Studios.^[12] The game released on July 20, 2017, on the Oculus Rift store, before being ported over to the Meta Quest platform (formerly the Oculus Quest platform) on May 5, 2020.

Ready At Dawn Studios was a game developer most notably known for creating the original God of War series and Daxter. They were acquired by Oculus Studios, an umbrella organization of Meta, in June 2020.^[13]

On January 31, 2023, Ready At Dawn announced that Echo VR would be shut down on August 1 of that year. They claimed in a blog post that the reason was them "consolidating studio support" to work on their next project, as well as confirming that players who had spent money on in-game currency would not be able to receive a refund.^[14] Meta's CTO, Andrew Bosworth, answered questions regarding the shutdown in an Instagram AMA, explaining that it would be "even less cost effective" to open-source or sell the game.^[15]

Fans of Echo VR protested against the game's shutdown, going so far as to fly a banner over Meta's headquarters asking to reverse the decision.^[16] Despite this, the game's servers did shut down on the given date. Echo VR itself was still able to be downloaded and opened, meaning the contents of the game were still available, but a player would not be able to progress after a shutdown notice pop-up.^[17]

Despite Ready At Dawn's claims, there have been no other project released following the shutdown. The studio proceeded to suffer major layoffs and, in August 2024, Meta shut down Ready At Dawn Studios itself, blaming Oculus Studios' budgetary constraints.^[18]

Attempts to block other OpenXR runtimes (third party or other brands) from working with games^[19]

Both Unity and Unreal Engine allow various OpenXR vendor plugins to be used, one of which is Meta's Oculus XR Plugin internally called the OVRPlugin. The OVRPlugin is a unified plugin that allows developers a single unified implementation for their Quest devices and OpenXR compatible devices for the PC. This sounds like an easy solution to target all current popular high-end VR headsets in one implementation.

Under the hood Meta has taken steps to lock down this plugin to only work with their own devices. This is done by checking the name of the runtime, the presence of the nonstandard XR_META_headset_id, and the lack of legacy OVR support. ^[19]

It would be understandable that Meta locks down their own vendor plugin if it were incompatible with other OpenXR devices, in which case the engine could fall back to another implementation. However this is not the case as Meta makes it deliberately difficult to implement such fallbacks. For example in Unity if the generic OpenXR support is enabled while the OVRPlugin is enabled it will claim incompatibility and revert this selection to just OVRPlugin.^[19]

Workarounds have been applied that trick the OVRPlugin into thinking it is interacting with a compliant runtime after which both third party runtimes and other headset brands are known to work without issues. This demonstrates that the vendor gated checks are to broadly implemented and unnecessary for OpenXR functionality.^[19]

Meta if willing could have resolved the issue by removing the checks for functions present in the OpenXR spec, or allowing automatic fallbacks to the generic implementation if their implementation is incompatible with the used runtime.

As the result of their actions Meta's users are now locked in Meta's own runtime and remote streaming solution if no workarounds are applied either in the game or in the runtimes of third party's. This makes it seem like only Meta's runtime is stable and compatible with the latest games. Likewise, this forces all other headset vendors to implement similar workarounds for their devices.

Game developers are adviced to avoid the OVRPlugin where possible and rely on generic OpenXR implementations that support the standard correctly. Effected users can try the Meta Plugin Compatibility option in their SteamVR settings. The latest version of Virtual Desktop should also have the workarounds implemented. Players of Unreal Engine games report that launching the game with -hmd=openxr can bypass the plugin.

Lawsuits

United States of America v. Facebook

In July 2019, Facebook agreed to pay $5 billion USD and implement corrective measures after it was sued by the Department of Justice and Federal Trade Commission (FTC) for "misleading users about the extent to which third-party application developers could access users' personal information."^[20]

Controversy over default privacy settings (2010–2018)

Facebook's default settings allowed third-party app developers to access not only the data of users who installed their apps, but also the data of those users' friends. While users could opt out of this data sharing, the setting was located separately from the main privacy settings page, making it difficult to find and adjust.^[21]

After settling with the FTC in 2012 over deceptive privacy practices, Facebook initially added a privacy disclaimer about friend data sharing but removed it four months later. This occurred while continuing the same data-sharing practices that prompted the original FTC investigation, violating the order's prohibition against misrepresenting users' privacy control.^[21]

While Facebook publicly announced in 2014 that it would stop allowing third-party developers to collect data about users' friends, it privately maintained agreements with dozens of "whitelisted developers" who continued to have this access until June 2018.^[21]

Deceptive two-factor authentication (2015–2018)

Facebook requested users' phone numbers for security purposes, including two-factor authentication, without effectively disclosing that this information would also be used for advertising purposes.^[21]

Misleading implementation of facial recognition

In 2018, Facebook's updated data policy implied that facial recognition technology was opt-in, while tens of millions of users with older versions of the technology actually had to opt out to disable it.^[21]

GDPR violations

In July 2020, the Irish Data Protection Authority submitted an inquiry into Meta's Facebook service for transferring its users' personal data to the U.S.^[22] which failed to comply with a 2020 decision^[23] that the company's data was not secure enough. In May 2023, the European Data Protection Board (EDPB) enforced the $1.2 billion euro fine on Meta and an order to cease the "unlawful processing, including storage, in the U.S. of personal data of European users transferred in violation of the GDPR."

In September 2022, the Irish Data Protection Commission (DPC) fined Meta 405 million euros and imposed several "corrective measures" on Meta for its illegal handling of children's Instagram profile data.^[24] Before corrective measures were imposed upon Meta, their Instagram platform publicly disclosed email address and phone numbers of children who used the business account feature.

The State of Texas Court v. Meta Platforms

In February 2022, Attorney General Paxton sued Meta for the illegal collection of Texas citizens' biometric data, such as retina scans, fingerprints, voiceprints, and face geometry, without their informed consent from 2010 to 2021.^[25] Meta would share it with third parties and would not delete this data despite promising to do so, which violated Texas' Capture or Use of Biometric Identifier (CUBI) Act and the Deceptive Trade Practices Act (DTPA).

In July 2024, Meta agreed to pay Texas $1.4 Billion in a settlement with the attorney general^[26] which consisted of a $25,000 USD fine for each CUBI violation and $10,000 USD for each DTPA violation.

"Pay or consent" model

As of early 2024, Meta is being investigated for violating the EU's Digital Markets Act (DMA) by using a "pay or consent" model to its Facebook and Instagram platforms, forcing users to pay a monthly subscription for an ad-free version or to accept versions with personalized advertisements.^[27] Launched in late 2023, Meta's model offered European users two options: pay approximately €13 monthly for ad-free access to Facebook and Instagram, or continue using free accounts with personalized advertising.

The Commission determined that this binary choice violates DMA regulations, which require "gatekeeper" platforms to offer equivalent alternatives for users who decline personal data collection. The DMA mandates that large tech companies must obtain explicit consent before combining users' personal data across services, and cannot make service access conditional upon such consent.^[28]

References