Cambridge Analytica (CA) may have gotten its hands on data from a far greater number of Facebook users, without their knowledge or permission, than independent sources originally estimated: 87 million, up from the initial estimate of 50 million.
Facebook tucked the new number into a post announcing new data access restrictions: just the latest in a string of attempts it’s been making to appease lawmakers and regulatory bodies and to try to keep users from torching their accounts.
(Need a match? Here you go.)
Facebook said in Wednesday’s post that “most people on Facebook” may have had their public profile information scraped by “malicious actors.” The scraping was done with account recovery and search tools that let users look up people by their phone numbers and email addresses, then take information from their profiles.
From the post, written by Facebook CTO Mike Schroepfer:
Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.
Facebook has now disabled the feature that allowed for searching by phone number or email address. It says it’s also making other changes to account recovery to reduce the risk of scraping, but it didn’t give details.
Facebook’s been dishing up its appeasement banquet for a few weeks, ever since whistleblowers started telling the tale of “utterly horrifying” data harvesting that’s been routine at the platform.
Sandy Parakilas, the platform operations manager at Facebook responsible for policing data breaches by third-party software developers between 2011 and 2012, has described a history of Facebook hiding its head in the sand when it came to user data shared with apps, likely frightened of being found liable for what it’s enabled developers to do with that data.
The first whistleblower was CA founder Christopher Wylie, who worked with Cambridge University professor Aleksandr Kogan to obtain the data used to create a tool that could be used to profile voters and influence the 2016 US presidential election and Brexit campaign. Kogan has been linked to previously undisclosed Russian affiliations.
The fallout has been all sorts of hairy for Facebook: for one thing, the US Federal Trade Commission (FTC) is on its tail, investigating how the company let all those users’ data wind up with CA … a data analytics firm whose secret influence-voters-with-psychographic-voodoo sauce was recently, allegedly discovered open to all on the internet.
Late last month, Facebook said it was revamping security and privacy settings as one response to the CA mess.
Before that, CEO Mark Zuckerberg announced a crackdown on abuse of Facebook’s platform, strengthened policies, and pledged an easier way for people to revoke apps’ ability to use their data.
Besides disabling the ability to look people up by their phone numbers or email addresses, Facebook’s making a number of other changes to try to crack down on third-party data access.
Apps will no longer be able to see personal information about users, like religion, political views, relationship status, education, work history, fitness activity and what books, movies and music people have consumed.
Apps will also need permission from Facebook before they can access things like Groups, Pages and check-ins. Nor will they be able to see the names and profile photos of people posting and commenting in a group, or see the guest list for events.
Facebook plans to delete call logs older than a year for Messenger and Facebook Lite users on Android who’ve opted in to the call and text history feature. In spite of this having been opt-in, many Android users were startled to discover years of contacts and call history when they downloaded their data archives last month.
On Monday, Facebook users will also see an option on top of their News Feed to review which apps have access to what type of information. As part of that process, Facebook will also tell people if their information was improperly shared with CA.
Tracy
There is an old say that says it is easier to plug the hole when the bucket is empty. So I suppose that now that these third parties have all of that data, Facebook can now keep others from getting any more. At this point anything else would be statistically insignificant.
By the way Miss Vaas, I love the term (psychographic-voodoo sauce) in your article. It is an apt description for what Ad companies have been doing to us for years. The use of demographics and profiling to get us to buy their products and services. In essence to sway the way you think. Sound familiar? :)
Mahhn
Thanks Lisa. I hope you have the opportunity to follow up on CA with regards to the (illegal?) data mined being deleted from all parties that it was provided to, and who may oversee this. Or will they be allowed to keep our Pie? (I know its PII, but it sounds more fun as Pie)
I looked and found what was called a Class action suits over this, but no way to add names. So I think its fake to discourage people from doing so. If we even have the option.
Laurence Marks
Generally when the court acknowledges the viability of a “class” for a class action suit, the all potential parties are required to be notified.
David L
Well, as usual, the fact that the Obama campaign of 2012 did the very same thing CA did, is glaringly missing. An oversight? Me thinks not. Back then, the Obama campaign was “Praised” for their ingenuity by the MSM and Techies everywhere. But…. let a right leaning organization do the very same thing, and it’s “The End of the World”!
Leftist harp on “Fake News” yet are often the purveyors of it themselves, by Obfuscation. Perhaps Lisa is truly unaware, because certainly, any mentions that the leftist do anything wrong, just seems to disappear, or be buried and keep from the light of day by those who now cry foul.
Randy D
Well stated David L. We need more outspoken patriots like yourself responding to these situations.
Wilderness
How is the scraping of public profile data a big deal?
Tracy
In essence it is an invasion of your privacy. The data that they get often identifies you and is used to influence you in some way. Ad agencies can use it to target you with ads that your information implies you are most likely to buy. Charities use it to create ads that will play on your empathies or sympathies and politicians will use the data to create ads to influence the way you vote. In simple terms they use it to control the way you think. :)
For the person that gave Wilderness a thumbs down please realize that the question Wilderness posed was honest and valid. I think it unfair. :(
Steve
I presume you’re referring to this bit from Facebook:
“Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.”
I was wondering the same thing; if people choose to make that information public, what is the problem?