The Facebook Data Misuse Was Not A Leak (And How To Protect Yourself)

News broke recently that millions of Facebook users' profile information was collected without their knowledge by a data analytics company, and subsequently utilized by the Trump presidential campaign. The company - Cambridge Analytica - got a $15 million investment from Republican donor Robert Mercer, on the promise that they could identify personalities and predict behavior of American voters.

Cambridge Analytica, however, did not actually have the tools to do that. In order to get that information, the firm hired a Russian-American researcher named Dr. Aleksandr Kogan. Dr. Kogan created an app called "thisisyourdigitallife" that promised to offer users a personality prediction based on their answers. Approximately 270,000 people downloaded the app, explicitly giving permission for Dr. Kogan to use their profile information - including the city they lived in, content they liked, and information about friends whose privacy settings allowed it - in his research.

All of that wouldn't have been a problem if Dr. Kogan hadn't then used the data for other purposes - namely, figuring out personal voter information for use in the presidential race. There was no permission to use the data for that purpose. And, importantly, friends of users did not give explicit permission for their data to be used for either purpose, even if they had more open privacy settings. Ultimately, Dr. Kogan provided data bout 50 million people to Cambridge Analytica, 30 million of which had enough information that the firm was able to build psychographic profiles.

The misuse of data has been erroneously called a "data leak," including by the New York Times. "Data leak" generally refers to cases where data was obtained by hackers or otherwise stolen. That's not what happened here. Instead, people willing gave data to a company, which was then used in ways other than the ways that were disclosed to those users. It's a scenario most of us have probably been in: A silly, time wasting app that we give access to our data without thinking twice.

But that giving access to data is exactly the issue here. Dr. Kogan did nothing wrong until he used the data for purposes outside the purposes he disclosed from the beginning. This case highlights the fact that people are very willing to give up data without thinking much about what might happen to it - and that Facebook has set up an ecosystem that normalizes and makes this type of behavior easier.

The app that started this all was released in 2014. Since that time, Facebook has made changes to how much information apps are given.

"We are constantly working to improve the safety and experience of everyone on Facebook," the company wrote in a blog post responding to this case. "In the past five years, we have made significant improvements in our ability to detect and prevent violations by app developers. Now all apps requesting detailed user information go through our App Review process, which requires developers to justify the data they're looking to collect and how they're going to use it - before they're allowed to even ask people for it."

While those changes are important, they don't change the fact that this data was misused in the first place. And while Facebook claims that none of the data is still out there, the New York Times reports that a former employee of Cambridge Analytica claims to have "recently seen hundreds of gigabytes on Cambridge servers" - and that the data was unencrypted.

All of this begs the question: Do you know what apps have access to your data? Luckily, Facebook makes it fairly easy to check and delete any connections you don't want anymore. Just go into Settings on your Facebook profile, then Apps. You'll see a list of apps there that currently are connected to your Facebook account. Go through and disconnect any you're not using anymore, in order to protect your data.

And moving forward, be thoughtful before automatically using Facebook logins for third-party apps - including in-platform apps, which the app in this situation was. Ask yourself: Is it worth giving up that data? Sometimes the answer might be "yes" - we're not saying you should never access anything via Facebook. But be aware of what you're giving for that access, because even things that look legitimate might not be.

Share this post

About Tenta

Tenta is a next generation browser designed for privacy and security. Built-in true VPN, full data encryption, video downloader, secure medai vault, HTTPS Everywhere, Tenta DNS, and more.

View all posts by Tenta >

Install Tenta Browser Free!

Start protecting your online privacy today with Tenta Browser.

Download Tenta Browser Google Play Button