Déjà data-analytics vu: Facebook’s suspended yet another firm for dressing up its personal-data snarfing as “nonprofit academic research,” in the form of personality quizzes, and handing over the data to marketers.
The company, Cubeyou, a la Cambridge Analytica (CA), pasted the label “for non-profit academic research” onto its personality quizzes, CNBC reported on Sunday.
One of Cubeyou’s quizzes, “You Are What You Like,” was created in conjunction with the University of Cambridge, as was the psychographic data collected by the Facebook quiz thisisyourdigitallife.
Another version of Cubeyou’s quiz, named “Apply Magic Sauce,” states that it’s only for “non-profit academic research that has no connection whatsoever to any commercial or profit-making purpose or entity.” That sounds an awful lot like thisisyourdigitallife, which billed itself as “a research app used by psychologists.”
Cambridge University professor Aleksandr Kogan’s Facebook license was only to collect data for research purposes, not to pass on to a commercial outfit like CA. In violation of Facebook’s terms, he passed users’ data on to CA for targeted political ad marketing in the 2016 US presidential election. Similarly, Cubeyou sells data to ad agencies that want to target certain Facebook user demographics. It’s not what you’d call cloak and dagger: the data analytics firm’s site advertises its wares as “All the best consumer data sources in one place.”
Our platform brings together the most robust consumer data sources available, both online and offline. Leverage social media statistics, syndicated studies, government surveys, and more – even your own data.
One of many examples:
DEEP Go deeper than you’ve ever thought possible, mixing demographics, psychographics, lifestyles, interests and consumption traits to pinpoint the exact audience you’re looking for. Get hyper-local with over 10 Million panelists distributed across 950 US metro areas. ex. Millennial Gamers in San Francisco that purchase electronics at BestBuy
The site says that the company has access to personally identifiable information (PII) such as first names, last names, emails, phone numbers, IP addresses, mobile IDs and browser fingerprints. CNBC also dug into cached versions of the site from 19 March that said that Cubeyou also keeps age, gender, location, work and education, and family and relationship information.
It keeps Facebook users’ activity, as well: likes, follows, shares, posts, comments, check-ins and mentions of brands/celebrities. CNBC found on the cached site that such company interactions are tracked back to 2012 and are updated weekly. From the site:
This PII information of our panelists is used to verify eligibility (we do not knowingly accept panelists under the age of 18 in our panel), then match and/or fuse other online and offline data sources to enhance their profiles.
CNBC said it gave Facebook a heads-up about Cubeyou after it found that the company was using these CA-like tactics. After CNBC showed Facebook the Cubeyou quizzes and terms, Facebook said that it would suspend the company from the platform and investigate.
CNBC suggested that the case of Cubeyou “suggests that collecting data from quizzes and using it for marketing purposes was far from an isolated incident” and that Cubeyou could get away with it, just as Kogan and former CA employee Christopher Wylie did, because Facebook didn’t lift a finger to stop the harvesting of users’ data without permission until CNBC pointed it out:
[It] suggests the platform has little control over this activity.
That’s exactly what whistleblower Sandy Parakilas described. Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, calls Facebook’s lack of oversight over external developers “utterly horrifying.”
Facebook thanked CNBC for bringing Cubeyou to its attention. Ime Archibong, Facebook vice president of product partnerships, sent a statement that said that Cubeyou has been suspended pending an audit:
These are serious claims and we have suspended Cubeyou from Facebook while we investigate them. If they refuse or fail our audit, their apps will be banned from Facebook. In addition, we will work with the UK ICO [Information Commissioner’s Office] to ask the University of Cambridge about the development of apps in general by its Psychometrics Centre given this case and the misuse by [Aleksander] Kogan.
CNBC says that in the years before Facebook put a stop to it in 2015, Cubeyou, like the quiz that fed user data to CA, could scrape not just the data of those who agreed to take it, but also their friends’ PII.
That greatly expands the reach of these quizzes. Facebook last week said that independent estimates of how many Facebook users got dragged into CA’s nets were way off: in actuality, it was maybe around 87 million, Facebook said. In simpler terms: potentially, the public information of all US users.
As of Sunday morning, both of Cubeyou’s quizzes – a version of You Are What You Like and Apply Magic Sauce – could be found on Facebook, CNBC reports. Cubeyou’s response to CNBC’s findings: the company only worked with Cambridge University from December 2013 to May 2015, only collected data from that time, and hasn’t had access to new people who’ve taken the quiz since June 2015.
CEO Federico Treu said that the terms of usage on YouAreWhatYouLike.com are now more upfront about how collected information would be used. The terms now include the stipulation that data may be used “for academic and business purposes” (emphasis added) and shared with third parties, including research institutions. Plus, it would be disclosed only anonymously.
The University of Cambridge Psychometrics Center said in a statement that it wasn’t aware what Cubeyou was up to and said that it would contact the company to ask that it clarify its terms. The Center gets a lot of wannabe collaborating companies that name-drop, it said:
We have not collaborated with them to build a psychological prediction model – we keep our prediction model secret and it was already built before we started working with them. Our relationship was not commercial in nature and no fees or client projects were exchanged. They just designed the interface for a website that used our models to give users insight on [the users’] data. Unfortunately collaborators with the University of Cambridge sometimes exaggerate their connection to Cambridge in order to gain prestige from its academics’ work.