Facebook's business model has always been simple: acquire as much personal information from users as possible, then find a way to make money off of it.
For more than a decade, it proved to be a remarkably successful strategy, bringing to the social platform 2 billion monthly users to friend, feud and play Farmville.
But as the year comes to a close, Facebook is facing a pair of major lawsuits in the U.S. and reeling from a string of public relations disasters. The company's stock has lost over 25 percent of its value since January and took another 7 percent hit last week after a report that it shared the power to read and delete users' private messages with companies such as Netflix and Spotify.
Surprisingly, the scandals that have pummeled the company in 2018 are largely in line with what made the company successful in the first place.
"For many companies, including but not limited to Facebook, there is a business model of harvesting as much personal information from technology users as possible and then monetizing it, and doing so without getting real consent from the users," said Adam Schwartz, senior staff attorney at the privacy advocacy group the Electronic Frontier Foundation.
To bring more users in, keep them spending more time on the platform, and urge them to share more information, Facebook opened its platform to other companies interested in accessing its user base.
The problem is that users are only now coming to realize what Facebook and other tech companies are doing with their data.
"When I agree to be friends with someone on Facebook," Schwartz said, "what I don't expect is that it results in all of my information being sucked into an app that one of my friends is using."
That question of consent lies at the heart of Facebook's legal troubles.
The company faces a suit in Washington D.C. for failing to inform users that Cambridge Analytica was accessing their data and the data of their entire friend list, a class-action lawsuit over its use of facial recognition software to identify people in images uploaded to the platform, and more recently, an investigation published by the New York Times found that Facebook gave corporate partners such as Netflix, Spotify and the Royal Bank of Canada the ability to read and delete users' private messages.
The lack of clear user consent may pose a problem for a company that faced a 2011 Federal Trade Commission consent order requiring Facebook obtain user consent before sharing data with other companies.
A bigger problem, however, may be dwindling consumer confidence in their basic relationship with Facebook. An October study asking respondents to rank American companies and institutions by how much confidence they inspired ranked Facebook third to last, ahead of only "Political Parties" and "Congress."
"A lot of these things are from a different era, when Facebook was a different product," said Alex Stamos, Facebook's former chief security officer. "When people had been using it for fun, and then all of a sudden it became the world's most important communications platform, the security and privacy decisions you made are no longer valid."
Facebook said that it handled the data-sharing relationships in accordance with the law, citing an exception in the consent agreement for moving data to service providers.
"We think that's a misuse of the service provider exception," Schwartz said.