How to Protect Yourself From a Facebook ‘Data Breach’ (And Why It’s Terrifying)
The platform is now less a social network than an intricate web of data points.
It’s likely that your social media feeds over the past few days have been filled with news of a data breach at Facebook at the hands of a UK-based data analytics company called Cambridge Analytica. Over the weekend, a whistleblower (and BC native) named Christopher Wylie, who’d worked at the data analytics company while living in London, revealed that, in 2014, the firm commissioned a professor at Cambridge University to create a personality quiz/app in order to get data about users’ personalities, political views, and other preferences and habits. 270,000 American users took the quiz, allowing the firm to access their public profile data. What they didn’t realise is that the app was also scraping data from their friends’ profiles (something the site allowed at the time), resulting in information from over 50 million Facebook users becoming available to the makers of the app. This data was eventually used to target people with ads and news stories with the specific intention of influencing monumental political events (the firm was hired in 2015 by the Brexit ‘Leave.EU’ campaign and later by the Trump presidential campaign, but maintains that it didn’t use this massive pool of data in their work. Right.).
What makes it even scarier—you know, besides the whole manipulation-to-change-the-course-of-history thing—is that this isn’t a one-off “breach.” As Vox explains, “reports calling CA’s data harvesting a ‘leak,’ a ‘hack,’ or a serious violation of Facebook policy are all incorrect. All of the information collected by the company was information that Facebook had freely allowed mobile developers to access.” According to Facebook itself, via its deputy general counsel Paul Grewal, “No systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.” That’s all true. A small portion of the data that was taken from users was given up willingly, by granting the app access to their profiles, and the remaining bulk of it was taken legally from the users’ friends’ accounts (albeit without their explicit approval). But that’s what makes all of this really scary. We’re offering up our entire lives to the internet at large, with very little understanding of how far and wide all that precious information is travelling, and what it’s being used for.
“Social media is free because the commodity it is selling isn’t the platform, it’s you. The business of social media is to harvest and sell information about you, through various means,” writes information warfare expert Molly McKew for Cosmopolitan. “Millennials and Gen Z (people born from 1980 til now-ish) tend to lay their whole lives out online, and Instagram and Facebook and Tinder are amazingly efficient and sometimes sexy ways to communicate and form relationships,” she later writes. “But in the world of data, once you post something, you can’t take it back. Even if you delete a scandalous photo or undo a like, it might be gone from your visible profile but it’s part of your data profile forever.”
Now that we’re all suitably shaken, what can we do to protect ourselves going forward?
Obviously reading things like data harvesting, information warfare, and breach of privacy sent me right to my Facebook settings to see what sort of data about myself I was offering up to the world. I’m not a prolific Facebook user, I recently uninstalled its app from my phone, and I frequently delete or discontinue the use of apps that request to import my profile data from the social network. That said, there were several apps that apparently still had access to my profile and everything it contains, apps that I didn’t even remember downloading and that I’d probably granted access to several years ago.
But here’s the thing—they didn’t only have access to my bare-bones public profile data, as I’d originally thought. Some of the apps had access to all of my photos, including photos of me uploaded by friends (altogether that’s over 12000 photos just floating around in the ether!), all my status updates, and things other people had posted to my timeline. That’s terrifying. So I went in and systematically disallowed or curtailed the apps’ access. Here’s how you can do the same.
To edit the privacy and settings for your apps and games:
1. Click in the top right of Facebook and select Settings.
2. Click Apps in the left menu.
3. Click an app or game to edit its settings.
4. Click Save.
You can also head to Facebook’s Help Centre to learn more about the following: how to control your permissions when you create an account for an app or game, which allows you to review the information you’d be providing before you proceed; how to contact the developer of an app or a game to request that they delete the data about you that they have collected; and how to turn off Facebook’s integration with apps, games and websites.
“Until larger policy changes are made, there are some ways you can make smarter data choices,” advises McKew in her Cosmo explainer. “Never take quizzes or surveys; those are just about data access and collection. Don’t click on recommended pages or profiles; these come from algorithms, and feedback into them. Don’t link data profiles — don’t use your Facebook login, for example, to log in to other apps or services; when you do, you are giving those secondary providers access to everything in your Facebook profile. Keep in mind that apps running in the background on your phone are still collecting data.”
In other words, someone’s always watching.
If all this is a bit too much for you, The Verge has a handy step-by-step guide on how to delete your Facebook account.