Understanding the recent Facebook privacy problem and how it relates to every site/app/company.

[Kayze]

Ok, I'm going into this as someone who works in tech and has looked at Facebook API. Disclaimer: I do not work at Facebook and do not view it as a infallible or "do good" company. They're a business that needs money and have done plenty of shifty things to do so. I don't give out information on myself that would be incriminating if ever was made public for ANY website/service because nothing online is 100% secure. So this is just informative and not defending any party.

What happened wasn't anything new. Cambridge Analytica (or CA) gamed a feature of the API that was seemingly a non-issue, though controversial still. Basically, when a user connects/logins with an application using their Facebook account, they're allowing the app/game/site to access certain info on their Facebook account. For the user it's the benefit of not having to go through the long sign up process and for the app it's higher conversions with the benefit of more data. What CA did is they created those stupidly popular quizzes and games that require users to connect via Facebook. Stuff like what character are you on whatever show or which friend is your facebook valentine, etc. Once connected, the app can make requests to Facebook on your behalf.

When a user initiates the connect process, Facebook generally communicates the permissions the app is requesting to the user and if you want to continue or not. Most people still don't understand what the data is being asked is (average person isn't that smart) or they just don't care at the time (but do when it becomes a problem). With CA, it requested access to the user's  "Friends info" and "Friends of Friends info" (which is a bit concerning why that's even available for a user to grant permission on at all). However, Facebook offers this as a way for an app to help connect you with other friends using that app too; as the permissions only provides basic information on those friends for that intent (not as much as if their friends actually connected themselves). However, that basic information was enough for CA to exploit later with ads and news stories.

So then the issue is: why does my friend has permission to give my information (of any amount) to a 3rd party? It's a breach of privacy, even if the intent on Facebook's part wasn't malicious. But this feature was around far before CA and any developer knew about it. Anyone looking at what apps request when a user connects should know as well. But it definitely is still an issue and CA exploited it.

 

While Facebook deserves the backlash, the end users really need to understand what a free app means and that what they do online IS NEVER 100% SECURE. If what you upload online (or store on a company connected to the internet) is incriminating or extremely distressing if it became public, DO NOT UPLOAD/POST/ETC THAT INFORMATION. It's impossible for anything to be 100% secure, so it doesn't matter how much a company tries or how good they are. Security is measured in how much it delays breaches before someone can act on it but nothing can become bulletproof.

[Grimalkin]

I have to say, I've become awfully complacent about the disappearance of my "privacy."

 

Because, as you say, I've volunteered all this information. I willingly put it out there. It's my fault. It's also why nothing I want to keep private goes near the internet.

 

If I wanted to be more private I could disconnect from everything, but I don't want to do that, because modern connect life is very convenient. I could not own a cell phone and travel with paper maps and live in the middle of nowhere like my parents do, but at this point, I'm cool with having the things I air on the internet visible to other people.

 

Except my old diary I kept at thirteen. It's still on the internet somewhere and I'd like that to remain completely hidden please.

[Tercy]

I think the motive behind the manufactured outrage was more to use this issue as fuel for the unrelenting anti-Trump and anti-Brexit media machine, than any genuine sentiment of discovering/exposing what CA and similar organisations can do or have been doing. After what had already been month/years of never-ending articles blaming the aforementioned for everything from third-world poverty to children tripping over in the street.

 

As for the legality of it, I do vaguely remember some mention of CA retaining or collecting data they weren't allowed to by the terms and conditions or some shit, but I've not looked into it in any depth so that could be wrong. Either way, the media did make it sound like they'd illegally hacked Facebook and fired nukes against Russia in the process.

[Cimmerian]

Oh yes it is most definitely an app/tech problem in general. It's the extended version of "Accept or you can't do any of these things", but with apps or social media sites like Facebook it's typically more invasive than your everyday website. You sell your soul information by playing free games or accepting the terms and conditions to use a specific app. It's a sick standard and one that it would be great if we could restrict on a much higher level because these elements make new tech feel less and less like progress and more and more like a creepy, invasive stalker whom you have no right to do anything about.

 

19 hours ago, Tercy said:

As for the legality of it, I do vaguely remember some mention of CA retaining or collecting data they weren't allowed to by the terms and conditions or some shit, but I've not looked into it in any depth so that could be wrong. Either way, the media did make it sound like they'd illegally hacked Facebook and fired nukes against Russia in the process. 

Supposedly CA claimed it's be used for academic purposes only. (Not that academic research hasn't been used to analyze trends or patterns in groups or usage of social media and then later used to create strategies and such that could later be marketed or sold for the researcher's profit.) If the data was used in an agggregate way for research and it led to conclusions about how marketing would be more effective at a later point based on specific factors (and if CA then later used their research conclusions rather than insights on individual users for the campaign) then it could have well been within the guidelines. I doubt we'll ever know the actual details.

 

But I agree, based on how ridiculous the media's been and how easy Facebook makes it for apps to get or share data from people (or at least how it was when I used it and based on what I've heard friends give permission for). They did exactly what facebook allows tons of groups/apps to do. They're just angry that it was used against their preferred interest this time rather than a campaign that they were 'on the side' of.

[princessem1020]

I hope my friends/family continue to not see what closed groups I am a member of on my page. I could get in a lot of trouble with them if they found out because I am a member of groups that are about things I am passionate about or are a part of that they disagree with. I don't really post anything though. When I do, it's something they are all fine with.