Skip to content
Naked Security Naked Security

Facebook fallout: How to protect your data

Is it time to end your Facebook life? At the very least, it's time to check Facebook privacy settings/audit apps/turn off API sharing.

Is it time to end your Facebook life?
Not deactivate, mind you – actually end things once and for all.
In the wake of Facebook having failed to protect user data from being drained by Cambridge Analytica, we’re talking about what’s involved in permanently deleting data that Facebook holds on us.
That’s likely to be too extreme for many of us. But at the very least, it’s definitely time to check Facebook privacy settings, audit Facebook apps, and consider turning off API sharing.
But first, a quick recap: over the weekend, news emerged about Facebook having lost control of 50 million users’ data.
Facebook, after a week of questioning from investigative reporters at the New York Times and the Observer, suspended data analytics firm Cambridge Analytica and its parent company Strategic Communication Laboratories (SCL), as well as data analytics specialist and Cambridge Analytica founder Christopher Wylie.

How do we escape?

If you’re not ready to part with Facebook entirely, you should at least take a look at who and what you’re sharing your information with on Facebook. That would entail the obvious:

Check your privacy settings

We’ve written about this quite a bit. Here’s a good guide on how to check your Facebook settings to make sure your posts aren’t searchable, for starters.
That post also includes instructions on how to check how others view you on Facebook, how to limit the audience on past Facebook posts, and how to lock down the privacy on future posts.

Those are just part of our 3 ways to better secure your Facebook account, so it’s also worth checking out that article to make sure you’re doing all three.
Next, it’s time to….

Audit your apps.

You should always be careful about which Facebook apps you allow to connect with your account, as they can collect varying levels of information about you.
Case in point: the recent revelations about Cambridge Analytic center around an app, thisisyourdigitallife, that not only took personal data from the 270,000 users who willingly signed up for this personality test, it also scraped the profiles of users’ friends – which is how we got to that astronomical number of 50 million users having their information plundered without permission.
Unless you’ve locked down your privacy settings correctly – see above – the apps, games and websites that your friends use can also access your personal details, photos and updates.
If you yourself have used Facebook to sign in to a third-party website, game or app, those services may continue to access your personal data.
To audit which apps are doing what:
1. On Facebook in your browser, drop down the arrow at the top right of your screen and click Settings. Then click on the Apps tab for a list of apps connected to your account. This takes you to the App Settings page.
2. Check out the permissions you granted to each app to see what information you’re sharing and remove any that you no longer use or aren’t sure what they are for.
3. Below the summary of which apps are sucking what out of your neck is an innocuous looking gray box called Apps Others Use, with this brief description: “People who can see your info can bring it with them when they use apps. Use this setting to control the categories of information people can bring with them.”

Click Edit and there you will find a list we call “Holy mackerel, people can get all that?!

Make the changes and click Save to button up your privates.
If you’re using the Facebook app you can access the same information by pressing the burger menu at the bottom right of your app, then choosing Settings and Account Settings. You’ll then find a menu option for Apps from which you can remove or restrict apps.

Turn off API sharing.

The Electronic Frontier Foundation (EFF) put out this guide to opt out of platform API sharing.
It does so with an apology: we shouldn’t have to “wade through complicated privacy settings in order to ensure that the companies with which you’ve entrusted your personal information are making reasonable, legal efforts to protect it,” but, well, recent events make clear that we can’t leave it up to Facebook to protect our privacy.
1. As above, visit the App Settings page.
2. Click the Edit button under Apps, Websites and Plugins. Click Disable Platform.

3. If that’s too much, you can, again, limit what information can be can be accessible to apps that others use. See above!
And finally, if you’re ready to disengage entirely, there’s the cut-it-out-completely option:

Delete your profile.

This is a lot more serious than simply deactivating your profile. When you deactivate, Facebook still has all your data. To truly remove your data from Facebook’s sweaty grip, deletion is the way to go.
But stop: don’t delete until you’ve downloaded your data first! Here’s how:
1. On Facebook in your browser, drop down the arrow at the top right of your screen and click Settings.
2. At the bottom of General Account Settings, click Download a copy of your Facebook data.
3. Choose Start My Archive.
Be careful about where and how you keep that file. It does, after all, have all the personal information you’re trying to keep safe in the first place.

You ready?

Have you downloaded the data? Have you encrypted it or otherwise stored it somewhere safe? OK, take a deep breath. Here’s comes the doomsday button.
Go to Delete My Account.
There. That’s done. Now all you have to do is listen to friends and family lament your Facebook death. Maybe it will start some conversations about why you felt deleting your profile was necessary.
If you want to share your Facebook exodus stories with us in the comments section below, please do: we’re all ears.


I don’t do Facebook. I have never signed up. Still I get Facebook cookies nearly every day on Safari. How can I permanently block all access from Facebook to my computer?


So, here’s a question. I know what data *I* have entered into FaceBook (and I have just downloaded a 55MB zipped archive file of it from FB). But how much of the additional data e.g. inferences, preferences etc,, that have been generated by FB’s algorithms directly from the existence of what I have entered might also be considered as ‘mine’ under GDPR? Since those inferences are connected to me, does that qualify as ‘personal data’, too? Should I be able to see that, download it, correct it, have it deleted?


Have we even heard from the ceo of facebook about this? he’s in charge of his company.


Yes, Zuck put up a timeline of events yesterday. Hang tight, writing that up now, along with news about another former Facebook insider who’s turned whistleblower. He’s given testimony to MPs about how Facebook has burned a blind eye to this type of data misuse. Likely due to fears of breach liability. This all could have been prevented, he believes, but Facebook wanted to grow, grow, grow.


I’ve done all these things long since. I came here to find out how to revoke permission for FB/Messenger to log my calls. How do I do that?


Deleting account just suspends your account. I have deleted my account in the past. While you are no longer searchable, FB still keeps all your info. So if you decide to go back, it will reactivate and all your info is still there. Just carry on if you just had a temper tantrum for a few months.


I agree, there’s no way to know exactly what data still exists in Facebook’s grasp after you delete your account. For instance, your data doesn’t magically get deleted from their past system backups, and these can be restored to any offline system to harvest data.


No Privacy Laws or Clauses will ever protect privacy. All the information is collected and sooner or later used. Most large internet companies indemnify themselves via the terms & conditions that no one ever has the time to read and are continuously updated.
Saying all of that, the market is less forgiving than any law. If Facebook does something users don’t like, they will simply stop using them whether its legal or not. This has the potential to kill a billion dollar company overnight.


The problem is, these companies can exist for years just on the sheeple that claim they have nothing to hide. They won’t quit these services until all of their friends do.


I agree with you. Unfortunately the younger generation are more accepting of having their information used and in the public domain, something that I don’t think we will be able to roll back. Its the cost of the so called “free services” and why the internet has grown so fast.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!