April 16, 2018
In last week’s Senate committee hearing, Mark Zuckerberg said he would feel uncomfortable sharing the contents of his private messages sent through the Facebook messenger app. Yet, this is exactly the type of information that was shared with Cambridge Analytica by users of an app called “This is Your Digital Life.” Users did give the app consent to collect their data (and the data of their friends) but the breach occurred when the owner of the app sold that data to Cambridge Analytica without their consent. The political data analysis firm potentially used this data to build psychological profiles of voters to help its clients win elections.
(For a detailed description of what Cambridge Analytica is and how they gained access to millions of people’s data, check out this article by Time Magazine.)
While most of this data was limited to your public profile, Page likes, birthday, and current city, those who directly used the app also granted access to their entire News Feed, timeline, posts, and private messages. The Cambridge Analytics data privacy scandal affected 87 million people. Facebook admits, however, that third-party apps and outside companies have most likely accessed the data of the majority of its 2 billion users without their permission.
This major breach of trust has many people asking some hard-to-answer questions: What exactly does Facebook know about each of us and how can we limit that knowledge? Is it even possible to keep our data private anymore in the social media age? And what does this all mean for your business if you, like 65 million others, use a Facebook Page to promote your services or products?
Here’s a summary of what we know so far and what steps you can take to protect your personal virtual identity and the online activity of your business.
How to see what Facebook knows about you
All your past activity on Facebook is recorded in your Activity Log. If you plan to delete your account, or just want an offline copy of all your data, you can download a zip file of everything stored by Facebook. You can also view this information on Facebook by going to your profile and clicking ‘View Activity Log’ in the top right hand corner. This information includes the obvious, like a history of all posts to your timeline, tagged photos of you, and your likes, reactions, and comments. It also includes some slightly more disconcerting information like your search history, articles you’ve read, songs you’ve listened to, “products you wanted” (this could be based on posts to your Newsfeed or based on other websites you’ve visited that use retargeting ads through Facebook), and videos you’ve watched.
On Monday, April 9, Facebook also began notifying its users whether or not their information was accessed by Cambridge Analytica. Over the next week, you should see a notification at the top of your news feed with the headline “Protecting Your Information.” If you don’t see this notification, you can also find out if your information was shared by visiting this link. The screenshot below is the notification received by users whose information was compromised:
It’s also important to note that even if you’re part of the small minority without a Facebook profile, Facebook is still collecting data about you through outside sources. For example, when you share your information with an online business, this data could make its way back to Facebook through brokers who sell customer information. Facebook also collects your web browsing activity, such as when you make a purchase online or “favorite” a product. The social media giant then aggregates this data to create what’s referred to as a ‘shadow profile’ of the individual.
How to limit Facebook’s access
While many Facebook users have threatened to delete their account in protest of the company’s failure to protect its users privacy, this is not a viable solution for most. The reality is we’ve come to rely on Facebook for much of our personal and professional social interactions, from event invites and sharing baby photos to promoting products and spreading the word about important issues.
Even if you do delete your account, it takes two weeks before your account is removed and 90 days for Facebook to delete data that’s stored in their backup systems. It’s unclear whether third party apps still have access to previously collected data but it’s probably safe to assume most of them do.
Instead of deleting your account, here are some ways to limit the amount of data that’s shared with Facebook:
Related post: How Secure is Your Messaging App
How to limit access of third-party apps
As of April 9, Facebook now allows you to easily remove or limit access of third party apps. Here’s how:
Once you’re on the Apps and Websites page, you will see all apps that you’re currently connected to via Facebook. (This means that you log-in to these apps using your Facebook account login info.) You can choose to remove select apps or disable “your ability to interact with apps, websites and games both on and off Facebook.” Be aware that by disabling this setting, you will no longer be able to log-in to the apps using Facebook. This means you will need to setup new account login information and may lose saved information on those apps. If you’d still like to disable your apps, find the Apps, Websites, and Games box towards the bottom left of the page. Click Edit and select to ‘Turn off’ this setting.
Last but not least, you can click on each connected app, game, or website and choose what information you share with them. This is a step in the right direction but it does not guarantee that your previously collected data is deleted.
It takes a lot of time and effort to understand Facebook’s data collection policies and the above steps are not a foolproof protection against another data breach like Cambridge Analytica. In an article for NPR, Jeff Chester, executive director of the Center for Digital Democracy, shared a highly pessimistic take on this predicament: "I think for the average person there's nothing that one can do to protect their privacy."
We have more hope than Chester yet it’s true that when you share information online there’s always a risk. The risk is especially high on a social media platform whose main revenue source comes from ads targeting its users based on their recorded activity.
How Facebook plans to protect your privacy
In response to the Cambridge Analytica data breach, Facebook is tightening the restrictions and approval process for third-party apps. Before apps can access your check-ins, likes, photos, groups, etc. they will have to adhere to much stricter regulations than previously required.
Facebook also specifies that they will “no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.”
In addition, developers will now have limited access with required approval from Facebook to use several APIs (application program interfaces) including Events, Groups, and Pages. This means that the access to any data you provide in these APIs, such as the names and profile photos of event attendees or closed group members, will not be available to the apps.
See the full statement from Facebook here.
Should your business still use Facebook?
We’ve shared how to protect your information as a personal Facebook user but what about your business? If your business has a Facebook page, all info that you publish to that page is automatically considered public information. This is a known Facebook policy and besides, as a business, the end goal is typically to get your social media content, including contact information, in front of as many eyes as possible.
In short, the Cambridge Analytica scandal doesn’t affect business pages the way it does personal accounts. However, in order to create or run a business page you are required to have a personal account, and this means it’s still important to understand Facebook’s privacy policies.
The more we know about how companies are accessing and using our data, the more power we have to protect our ‘virtual self.’ Are you concerned by Facebook’s data breach? And if so, what worries you most? Share your thoughts with us on Twitter by tagging @PagodaTech or get in touch through our contact page.
Need ongoing IT support for your business? Contact us for a free consultation. We’d love to work with you!
About Pagoda Technologies IT services
Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at email@example.com to schedule a complimentary IT consultation.
Return to Pagoda Blog Main Page