You ARE censoring my blog – for recording purposes.
Reblogged on kommonsentsjane/blogkommonsents.
9 Questions about Facebook and data sharing you were too embarrassed to ask
What does it mean for a third party to access my data? Can I do anything to stop it?
By Jen Kirbyjen.firstname.lastname@example.org Apr 10, 2018, 11:50am EDT
(Tried to put a photo here about facebook with the hand pointed down and they wouldn’t allow it.)
Baby pictures, vacation check-ins, your new job announcement — they all seem like innocuous posts to mark simple milestones. But your personal life is Facebook’s business. Those data points, taken together, build a powerful (and lucrative) profile of who you are and what you value.
That’s perhaps one of the most important lessons from the Cambridge Analytica scandal and the revelation that the firm may harvested data from as many as 87 million Facebook users. But Cambridge Analytica is far from the only firm that gained access to vast amounts of users’ personal information.
“There are certainly thousands, if not millions, of applications that had similar access and collected similar data — and many are still doing it, although under different terms,” Ian Bogost, a professor at the Georgia Institute of Technology and contributing editor to the Atlantic, told Vox.
Privacy changes Facebook made to its platform in 2015 made it harder for third-party groups to get users’ data, according to Siva Vaidhyanathan, the director of the Center for Media and Citizenship at the University of Virginia. And in the wake of the Cambridge Analytica revelations, Facebook announced still more changes meant to further safeguard privacy.
Before you resign yourself to the idea you’ve sold your soul to Facebook for the privilege of posting wedding photos, here are what the experts say on what it means if a third party gets your data, why it happened, and what, if anything, can be done about it.
1) What does it mean for a “third party” to access my Facebook data?
It means you, as a Facebook user, have given an outside entity — usually a developer who made a game, or a personality quiz, or some other app used on Facebook — the ability to tap into your Facebook profile and get all the information there.
This isn’t a breach or a hack: You likely gave the app developer or quiz maker permission, you just probably just didn’t realize it.
It’s often hard to know what permissions you’re giving, and to whom, because the details are buried in overly long terms of service policies, written in legal and technical jargon.
And, Bogost said, to the average Facebook user, it often wasn’t totally obvious that a third party was getting involved at all. “People didn’t realize they were leaving Facebook — because they weren’t leaving Facebook,” Bogost said. “They were still happily, warmly ensconced within their web page.”
2) But I definitely didn’t take any quizzes. The Farmville trend totally passed me by. I’m probably fine, right?
Not necessarily. Until May 2015, when Facebook changed its API (application program interface) policies, giving a third party the right to your data also meant it could also harvest your friends’ data. That’s perhaps what was so insidious. If that random guy you friended freshman year of college or two jobs ago played a lot of games on Facebook, he could, unwittingly, also be handing over the information of his friends — including you.
This is how an estimated 87 million people might have had their data scraped by Cambridge Analytica; it wasn’t that millions of people took that quiz, it’s that once you start expanding out the social network — friends, friends of friends — it starts adding up. “A treasure trove of information,” Bogost called it.
In 2015, Facebook tweaked what third-party developers can access. Those changes to its policy, which were announced in 2014 and went into effect in 2015, limited the amount of relevant information that could be shared with third-party developers, specifically when it came to friends’ data.
3) What do these third parties do with my data?
The answer is, it depends who gets it. Facebook platform policy prohibits app developers from sharing or selling data. If a developer violates this policy, Facebook will suspend the developer and conduct a full investigation before it will allow the developer back on the platform, a Facebook spokesperson told Vox.
Facebook also reviews exactly what type of permissions third parties request — in other words, tell me why you need to know someone’s birthday for them to use your app — as part of the update to its API policies in 2015.
But there are still some questions about how robust that review process is. “It’s kind of a murky netherworld,” Bogost said. “It’s in the shadows.”
4) How much do third parties know about me?
Even if third parties could only get a little bit of your data — your hometown, say, or your gender — they could match it up with all kinds of other records, such marketing databases or voter registration databases, to paint a more complete picture of you as a person.
And then, armed with all that robust information, that third party can go and retarget ads on Facebook to you that they already discovered. “That’s the sort of cycle, Bogost said. “You get into people’s data, and either use it directly or expand on it.”
Even the little nuggets of information are quite valuable. Bogost tested this out himself, building a game on Facebook called Cow Clicker. (He wrote about this in an entertaining Atlantic article about how your data gets extracted from Facebook).
“If you played Cow Clicker, even just once,” Bogost wrote, “I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running, allowing players to keep clicking where a cow once stood, before my caprice raptured them into the digital void.”
If you took a quiz 10 years ago, chances are that the data the third party collected will be 10 years old. That makes it less valuable. But it doesn’t make it valueless. “We don’t know who has all of that data from all of those years,” Vaidhyanathan said, “and how would they have used it in the past, and even if it’s incomplete or out of date, how they’re using it now. There’s no accountability, whatsoever.”
5) Can I figure out who has my data?
Right now, there’s no way to know all the third parties who might have your data. (Facebook is notifying everyone whose data might have been shared with Cambridge Analytica.) You can see which applications you gave permission to in your Facebook account, but you can’t see if, say, your data got harvested because a friend played a million apps.
6) Did Facebook know this kind of third-party data harvesting would happen or was it an unintended consequence?
Matwyshyn said the question isn’t really whether Facebook knew or didn’t know, but whether it reasonably should have known that this was going to happen. “And it was reasonably foreseeable that this sort of problem would happen,” she said.
She points to the company’s initial public offering. “What they tell the SEC is that their business is the business of relationship,” she said. “They’re connecting people and sharing information on Facebook, helping with the sharing of information, whether that is connecting audiences to marketers, or connecting individuals to other individuals.”
7) How has Facebook changed its policies?
Part of the reason things changed in 2015 was because the social network figured out it was better for business to keep all that information about its millions of users in-house, Vaidhyanathan said.
Between 2010 until 2015, Vaidhyanathan explained, Facebook was mostly focused on rapidly growing its business. “So having Farmville or Words with Friends was really important,” he said. “Those rather addictive games kept people engaged on Facebook and kept people engaged with their friends on Facebook.”
In other words, Facebook actually needed those things to help get you hooked in its early days. That’s not the case anymore; it’s growing without those apps. “They have no reason to give [the data] up to anybody anymore,” Vaidhyanathan said.
Matwyshyn said Facebook realized information is a powerful commodity — even if users posting baby pictures and sharing news articles don’t necessarily see it the same way. “Consumers don’t necessarily connect the dots,” she said, “that if someone knows their political preferences, their health history, their favorite flavor of ice cream, their mother’s maiden name, the names of all of their siblings, the name of their pets, and where they’ve been in sequence in the last six months, that’s an awful lot of information that could be used.”
8) I have a lot of apps that use my Facebook login. I thought it was supposed to make my life easier. Were these companies just trying to grub my data the whole time?
It’s a tradeoff. Those apps really do use Facebook logins to make it easier to use their services because it also makes your life easier — no additional passwords or usernames to keep track of this way. Bogost said reducing friction is the primary goal of this services.
But that, of course, that means that the app has your email, maybe your photos, and other information it scrubbed to help you log in to their service.
9) Short of deleting Facebook, is there anything I can do to protect my data now?
Matwyshyn suggests it’s sort of three-prong process — part technical, part social, and part resignation to the reality of Facebook. You can change your privacy setting, and read the terms of service. You can help your friends change their privacy settings.
“And some of it is the less pleasant recognition that when you’re posting things, you need to think not only about what that post will mean today in terms of information that you want to share with your friends, but also what that information could say about you five months from now in the hands of a party that wanted to use it to hurt you in some way,” she said.
Vaidhyanathan said he didn’t think there was much individuals could do — Facebook’s issues are too vast, and he believes any real solution requires government action or regulation. He believes the solution is breaking Facebook up — carving off Instagram, and Whatsapp, for example, so Facebook itself has some competition. At the minimum, Facebook could extend the data protection rules just implemented in Europe to all of its users.
But the bigger issue Vaidhyanathan suggests is one that’s much harder to fix — the disconnect between what Facebook users except the social network to be, and how Facebook sees itself. Which is really the core of the issue. Facebook’s users and Facebook itself.
“People at the top of Facebook believe what is good for Facebook is good for humanity, and vice versa,” Vaidhyanathan said. “They truly believe if they have as much data as possible, they can figure out how to use it, they can roll out services that will improve our lives, it will all be worth it.
“As long as we go along with it, all or our lives will be better,” he added. “That’s the fundamental animating principle of Facebook.”