For Facebook's two-billion-plus users, the news about Cambridge Analytica's data grab ought to serve as a wakeup call. Here's how you can protect your privacy.
In twinned stories posted over the St. Patrick’s Day weekend, the London Guardian and the New York Times dropped a bombshell that reverberated on both sides of the Atlantic. In 2014, they reported, the consulting firm Cambridge Analytica had surreptitiously acquired information from the personal profiles of more than 50 million Facebook users. The company used the private data to develop technology that came into play during the 2016 presidential primaries on behalf of one of its clients: Donald Trump.
The revelations may be bad news for Cambridge Analytica, which is already the focus of government inquiries in England owing to the services it performed for the “Leave” side of 2016’s Brexit referendum. The United Kingdom has stricter privacy protections than the United States, and its Information Commissioner’s Office is now looking into the Facebook/Cambridge Analytica fandango. (On the U.S. side, meanwhile, the Times story noted that it’s illegal for companies based here to employ foreigners on political campaigns.)
Given Cambridge Analytica’s founding duo of billionaire right-winger Robert Mercer and erstwhile Trump-whisperer Steve Bannon, the reports couldn’t have brightened the day of anyone at the White House. But that knife sliced a little on the left too: As the headline of an Investor’s Business Daily editorial pointed out, “Funny, When Obama Harvested Facebook Data on Millions of Users to Win In 2012, Everyone Cheered.” (The editorial board did concede that the Obama team’s operation and ethical practices were substantially different from Cambridge Analytica’s.)
But back to Facebook: The reports were definitely bad news for the world’s largest social-media platform, whose founder and CEO Mark Zuckerberg is taking his lumps from governments here and in the U.K., and a dent in his big fat wallet. (Facebook claims it long ago changed its policies to prevent the release of the sort of data that Cambridge Analytica got ahold of.) Between the stock market’s close last Friday and midday on Tuesday, Facebook plummeted more than 12 percent before starting to creep back up.
For Facebook’s two-billion-plus users, the reports of Cambridge Analytica’s data grab served as a wakeup call — or at least they ought to.
Enter the Electronic Frontier Foundation (EFF).
On March 19, the online-privacy watchdog provided a much-needed measure of relief for data-mining-induced aches and pains. In a post titled, “How to Change Your Facebook Settings to Opt Out of Platform API Sharing,” EFF researcher Gennie Gebhart delivered on the headline’s promise, but not before setting us all straight as to the identities of the bad actors in this particular immorality play.
Make no mistake: this was not a data breach. This was exactly how Facebook’s infrastructure was designed to work.
In addition to raising questions about Facebook’s role in the 2016 presidential election, this news is a reminder of the inevitable privacy risks that users face when their personal information is captured, analyzed, indefinitely stored, and shared by a constellation of data brokers, marketers, and social media companies.
Tech companies can and should do more to protect users, including giving users far more control over what data is collected and how that data is used. That starts with meaningful transparency and allowing truly independent researchers—with no bottom line or corporate interest—access to work with, black-box test, and audit their systems. Finally, users need to be able to leave when a platform isn’t serving them — and take their data with them when they do.
Gebhart then lays out clear and concise instructions on how to keep all your personal information clear of Facebook’s application program interface (API) — the mechanism that makes it possible for its software to communicate and integrate with external apps.
It turns out that protecting your own privacy on Facebook requires only a few simple steps and takes only a couple of minutes. But the folks at Facebook don’t advertise the procedure, and they certainly don’t advocate for it. (In fact, they all but suggest you don’t do it.)
In order to turn off data sharing, a user must navigate to “Settings” and then to the “Apps” screen — as opposed to the one labeled “Privacy,” where you might have expected to find it, nor “Security and Login,” nor even “General” — and override the default to disable what Facebook labels the “Platform.”
Once you’re in the right place, it only takes one click.
The downside, as Gebhart notes, is that in exercising this degree of control over one’s privacy, a user is also disabling “ALL platform apps (like Farmville, Twitter, or Instagram) and you will not be able to log into [external] sites using your Facebook login.”
But, Gebhart tells us:
“Facebook has allowed third parties to violate user privacy on an unprecedented scale, and, while legislators and regulators scramble to understand the implications and put limits in place, users are left with the responsibility to make sure their profiles are properly configured.”
And click the link below to take responsibility, already!
New York Times tech writer Brian X. Chen (@bxchen) published a more in-depth primer regarding the degree to which Facebook might access your data, along with things you can do about it: