With Facebook still trying to recover from the Cambridge Analytica ordeal, the social networking giant has been working furiously to show the public that it does, in fact, value user privacy. The latest measure comes in the form of a new data abuse bounty that will offer users tens of thousands of dollars for information involving instances of data abuse.
Similar to the bug bounty programs that many tech giants have, Facebook’s data abuse bounty will reward users who can pinpoint examples of apps on the Facebook platform that collect and transfer “people’s data to another party to be sold, stolen or used for scams or political influence.” The cash reward for each report will vary depending on the scope of the breach, though the company notes that it has paid out as much as $40,000 under its bug bounty program.
Facebook’s announcement on the new program reads in part:
We’ll review all legitimate reports and respond as quickly as possible when we identify a credible threat to people’s information. If we confirm data abuse, we will shut down the offending app and take legal action against the company selling or buying the data, if necessary. We’ll pay the person who reported the issue, and we’ll also alert those we believe to be affected.
Naturally, Facebook’s nascent data abuse bounty program has a few caveats as evidenced below.
To be eligible for a reward the situation must involve
- More than 10,000 Facebook users.
- Definitive abuse of data. Not just collection.
- A case we were not already aware of or actively investigating.
Explicitly out of scope scenarios:
- Scraping.
- Malware or mass-scale tricking of users to install apps.
- Scenarios where social engineering is a major component.
- Non-Facebook cases (ex: Instagram).