We’re sure you’ve heard of Cambridge Analytica (CA), the controversial company that harvested data from Facebook and then used it in ways that you almost certainly wouldn’t have wanted.
About a month ago, we reported how a CA whistleblower named Christopher Wylie claimed that the company had allegedly:
…exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.
Were you affected?
The thing is that CA didn’t crack passwords, break into accounts, rely on zillions of fake profiles, exploit programming vulnerabilities, or do anything that was technically out of order.
Instead, CA persuaded enough people to trust and approve its Facebook app, called “This is Your Digital Life”, that it was able to access, accumulate and allegedly to abuse personal data from millions of users.
That’s because the app grabbed permission to access data not only about you, but about your Facebook friends.
In other words, if one of your friends installed the app, then they might have shared with CA various information that you’d shared with them, even if you didn’t install the app yourself.
But how to find out which of your friends (some of whom may be ex-friends by now) installed the app, and how to be sure that they remember correctly whether they used the app or not?
Facebook has now come up with a way, given that it has logs that show who used the app, and who was friends with them.
We used this link:
https://www.facebook.com/help/1873665312923476
After we’d logged into Facebook, we got the result we hoped for:
Based on our available records, neither you nor your friends logged into “This Is Your Digital Life.”
As a result, it doesn’t appear your Facebook information was shared with Cambridge Analytica by “This Is Your Digital Life.”
Phew – we’re OK.
Unfortunately, you might not be, but if you don’t yet know, it’s worth finding out, even if only to help you decide how to approach social networks, friending and sharing from now on.
What to do?
If some of your personal data has fallen into Cambridge Analytica’s hands, there’s nothing much you can do about that now – the horse has already bolted.
But it’s still worth locking the stable door, to tighten things up for next time.
As Facebook recommends, review and update the information you share with apps and websites via the Facebook settings page.
https://www.facebook.com/app_settings_list
Also, consider how much personal data you want to share with your Facebook friends – and how many friends you want to share it with.
Remember: if in doubt, don’t give it out.
wally
but, if you don’t belong to facebook (and frankly I was disappointed to see you using facebook for your videos), how do you know what facebook members who are relatives/friends may have posted about you?
Paul Ducklin
We don’t post videos only on Facebook. We also use Twitter, YouTube, Vimeo and others (though there are no doubt readers who are disappointed to hear that we use some or all of those, too), so why shouldn’t we use Facebook to communicate with our readers who *do* use Facebook? More than a quarter of a million people follow us on Facebook, and are happy to interact with us there – and Facebook provides a high-quality, free video streaming service that does not require you to login (or even to have an account) to watch.
In short, you can watch our Facebook Live videos without belonging to, or being tracked at all by, Facebook. Or simply not watch at all – most of our videos are there to add to our written articles, simply because many people like to consume our content in various ways. Variety is the spice of life, etc.
As for how to know what other people are saying about you on Facebook, or anywhere online for that matter – well, if they have made it public, you can look (or search) for it yourself. If they have chosen to keep it away from you but to share it with select others, you will have to rely on one of those people telling you.
That’s not a problem unique to Facebook – you can’t see what other people have said about you on Gmail either, unless you were on the original email distribution list, or someone else forwarded the message to you.
William Miller
Not that this isn’t informative, but Cambridge Analytica is one of what, millions of companies that create a stupid little app for people to install with the expressed purpose of hoovering up data? The whole idea of Facebook and Google is to monetize user information. Maybe you could write something short on just how these apps work, how people are fooled, and what they can do to limit their exposure going forward.
Paul Ducklin
I can’t think of anything shorter or less ambiguous than, “If in doubt, don’t give it out.”
Basically, you authorise the app to perform various actions on your behalf, without you needing to log in and find the right sequence of buttons to click. If the app can read data that you would be able to see after logging in, then…hey, the app can misuse that data too.
It’s sort of like outsourcing. In fact, it *is* outsourcing :-)
Trena Chapman
That webpage doesn’t exist anymore.
Paul Ducklin
Which web page? I just tried all the links in the article and they seem to work fine.
(Note that we deliberately didn’t make the links to Facebook actively clickable – they are just straight text so that they directly document the link without giving any special instructions to your browser. Given the controversial nature of the issue we wanted to present the links as plainly as we could so at the very least you’d have to take the deliberate step of copying and pasting the links yourself :-)
socmedman
Is the URL https://www.facebook.com/help/1873665312923476 specific to your Facebook account.
Anna Brading
It’s not specific to your account, but you do have to be logged in for Facebook to tell you if your data was included.
whitehurst
And what do those of us that have since deleted our FB account do to determine if we were affected?
Paul Ducklin
Not sure. I suppose you have to email Facebook, identify yourself somehow and ask… of course, if the account deletion process purges you from Facebook’s records entirely, then I assume you *can’t* find out, at least unless the list of victims gets breached or leaked some time.