Instagram and zero privacy

 Sat, 01 Jun 2024 12:58 UTC

Instagram and zero privacy
Image: CC BY 4.0 by cybrkyd


A few days ago, I started re-exploring Instagram. It has been years since I last used the platform and I thought, “Let me see what’s changed”. I’m talking so long ago, it was before taking pictures of lunch became a thing!

Using a browser

I initially went through all the account creation steps without issue. Once approved and my account was created, I managed to spend all of 2 whole minutes inside Instagram before I was suddenly redirected to a page which read “Your account has been disabled. You have 180 days to appeal this decision”.

I had literally done nothing besides navigate to my profile page to begin adding a profile picture, a bio and so forth. Interesting! One thing to note here was that I had used an email address to create the account; not a phone number. Again, very interesting.

Using the app

Right, on to the next attempt. I downloaded the app on my Android device and installed it, and proceeded with the sign-up process but this time, I used my phone number.

This made Instagram very happy. The account was created and it is still active.

Worryingly — and without asking for ANY permission whatsoever — Instagram started suggesting the majority of my contacts as potential connections. Yes, I checked what permissions the app had and surprise surprise! None at all. I checked my contacts app to see if it had somehow automatically granted access to Instagram…no! Hmmm. Very interesting indeed. How was this possible?

Could it be the other way around? Where, if MY number is saved in YOUR phone, it does a reverse look-up? Let’s see.

Let’s go incognito

Luckily, I live in a country where you can still purchase a sim card with no questions asked. Anyone can walk into a newsagent, convenience store or even a supermarket and there are sim cards for sale for as little as £1.

That’s what I did. I installed Instagram on an iPad which holds no contacts, used the burner sim card as the registering number and presto! No disabled accounts for unknown reasons and no stalker contacts in sight. There are no long-lost friends who are dying to reconnect with me (according to the algorithm, at least). I also tried saving the burner phone number to my phone (the one with the app) and a few days running, no reverse look-up has happened. Yet.

What does all this show?

Instagram, like all Meta services, thrives on your data. I will happily conclude — with no evidence at all — that the reason why my browser sign-up was disabled for no understandable reason was that I was been aggressively pushed towards using their app on my phone. Meta are, after all, are on a mission “to connect every person in the world”, whether you want to or not. To do this, they need your contacts, something they cannot yet do if you use Instagram on your PC.

The way in which they go about this, however, is very stealthy, as seen in my experience of Instagram’s app somehow having automatic access to all my contacts. I accept that they may be utilising a form of reverse look-up BUT, there were quite a few suggested connections in there who I know do not have my current personal phone number. Their contact details are, however, still saved in my phone.

How indeed.