Skip to Content
Security & privacy

Instagram’s ad partner was secretly collecting your location, stories

What does privacy even mean to companies anymore these days? According to one “trusted” Instagram ad partner, not much, apparently. A major marketing startup was recently booted from Instagram for what the company is calling a policy violation — but what it really did was ignore the platform’s rules and harvest data without users’ consent.

Does it count as a “data breach” when a verified company skirts a platform’s rules for personal gain? It’s definitely an oversight on the part of the platform, and probably a serious privacy violation. But no matter what you call it, this trend spells bad news for the sanctity of your personal data.

When companies put profits over people, it’s the customer that gets shafted in the end. See how one Instagram partner gamed the system in order to learn more about millions of users — leaving one of the biggest companies on Earth with egg on its face. You won’t believe what they got away with!

Startup “Hyp3r” broke Instagrams rules, extracted location data and Stories

Hyp3r is a major marketing firm based in San Francisco that boasts millions of dollars in investment capital. Several major brands have harnessed its services for location-based advertising, and the platform has seen major success with its social media integration services.

But all that changed on August 7th, 2019, when Instagram announced that it had booted Hyp3r from its platform — citing a number of rule violations.

According to reports from Business Insider, however, Hyp3r was guilty of far more than a few simple broken rules. In fact, the service was able to harness Instagram in order to build detailed profiles of millions of users based on data that is supposed to expire after 24 hours.

Hyp3r has never been shy about the way it aggregates social media data in order to build competitive marketing campaigns, but the recent spat with Instagram paints a solid picture about how little these platforms care about individual user privacy.

Hyp3r collected geolocation data from Instagram users, as well as captured Stories and stored them in its database. Both of these data points are not designed to be permanent (unless images are specifically geotagged), and stories, in particular, are designed to expire after a day.

It’s not clear exactly how much data Hyp3r has on Instagram users, but according to public statements made by the company, it boasts “a unique dataset of hundreds of millions of the highest value consumers in the world.”

That’s no small number, so it’s no wonder that Instagram took them to task in the method it did. Keep in mind, this action came from a “trusted Instagram ad partner,” which means the company had been vetted by Instagram (and by extension Facebook) themselves.

What happens to this data now that Hyp3r is no longer on the platform is unknown. Most likely, it will continue to be used in their advertising campaigns and strategies for the time being.

What can I do to protect my personal data from Instagram ad partners?

If you’re getting Cambridge Analytica vibes from this entire situation, that’s understandable. Trust was broken and data was harvested, in the end. But unlike Cambridge Analytica, Hyp3r was always explicit about how it used the data it collected.

The issue lies more in the fact that they were able to break Instagram’s rules and collect the data in the first place. Despite clear guidelines on what kind of data-related conduct is acceptable, Instagram still gave Hyp3r the tools to accomplish its goals.

It boggles the mind why the platform would even allow this to happen if the rules explicitly forbid it.

Thankfully, the action on behalf of Instagram can at least help put aside fears of data breaches or ongoing harvesting. However, the nature of Instagram’s platform is to be a haven for advertisers, marketers, and demographic researchers.

It’s the very reason the platform has skyrocketed to success both socially and financially — so there isn’t much that can be done about the way advertisers monitor your activity on the platform other than deactivating your account.

However, if you want to at least hide certain pieces of data like location services, you can easily disable them for Instagram in your phone’s privacy settings. This will prevent the platform from knowing where you are, which is probably a smarter way to use the service altogether.

Until we know that Facebook and Instagram are choosing to handle our data in a reasonable manner, it may be worth denying them the privilege for the time being. Otherwise, when the next Cambridge Analytica scandal happens, they may see users running for the hills.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out