‘Utterly horrifying’: ex-Facebook insider says covert data harvesting was routine | News | The Guardian

https://www.theguardian.com/news/2018/mar/20/facebook-data-cambridge-analytica-sandy-parakilas

This has grown to a huge story!

Hundreds of millions of Facebookusers are likely to have had their private information harvested by companies that exploited the same terms as the firm that collected data and passed it on to Cambridge Analytica, according to a new whistleblower.

190 Comments

  1. Tomi Engdahl says:

    Now would be a good time for Mark Zuckerberg to resign
    https://techcrunch.com/2018/03/21/now-would-be-a-good-time-for-mark-zuckerberg-to-resign/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Facebook is at the center of a dozen controversies, and outrage is peaking. The social network has failed again and again at expanding beyond a handful of core features. Doubts of its usefulness, and assertions of its uselessness, are multiplying. A crisis of confidence at multiple levels threatens the company’s structure and mission. Now is the time for Mark Zuckerberg to spare himself the infamy and resign — for Facebook’s sake and his own.

    Facebook has failed
    Of course, it’s also true that Facebook has succeeded beyond every expectation. But its success arrived early and remains essentially a simple thing: being a broadly accessible, functioning social network. A single network of friends, a basic news feed from them and a few adjunct capabilities were industry-defining ideas and to a certain point were executed quite well. Beyond that admittedly towering success, Facebook has accomplished remarkably little.

    Reply
  2. Tomi Engdahl says:

    7 much scarier questions for Zuckerberg
    Did Cambridge Analytica attain other ill-gotten Facebook data?
    https://techcrunch.com/2018/03/21/did-cambridge-get-other-data/

    AdChoices

    7 much scarier questions for Zuckerberg
    Did Cambridge Analytica attain other ill-gotten Facebook data?
    Josh Constine
    @JoshConstine / 23 hours ago

    Zuckerberg cambridge analytica
    Could this be just the beginning of a much bigger Cambridge Analytica scandal for Facebook? The answer rides on how transparent Facebook is actually being right now. CEO Mark Zuckerberg just put forth a statement and plan to improve data privacy, but omitted some of the most grievous inquiries — and stopped short of apologizing.

    Exactly how Facebook handled the multi-year fiasco could be core to whether the public forgets and goes back to scrolling their News Feed, or whether users leave en masse while government regulators swoop in. With journalists around the world digging in and government officials calling for Zuckerberg to testify, the truth is likely to trickle out.

    Reply
  3. Tomi Engdahl says:

    Cambridge Analytica CEO Alexander Nix Used N-Word in Emails (Report)
    https://m.sfgate.com/entertainment/the-wrap/article/Cambridge-Analytica-CEO-Alexander-Nix-Used-N-Word-12772204.php

    The Times of London reported on the now-suspended CEO

    Reply
  4. Tomi Engdahl says:

    Zuckerberg on #deletefacebook: ‘You know, it’s not good’
    https://techcrunch.com/2018/03/21/zuckerberg-on-deletefacebook-you-know-its-not-good/

    Regarding the company’s acceptance at face value that Cambridge Analytica had deleted the data they weren’t supposed to have

    And what about the thousands of apps that may have performed similar data grabs during the many years it was possible?

    The data isn’t on our servers, so it would require us sending out forensic auditors to different apps.

    Reply
  5. Tomi Engdahl says:

    Zuckerberg’s response to Cambridge scandal omits why it delayed investigating
    Zuckerberg’s response to Cambridge scandal omits why it delayed investigating
    Josh Constine
    @JoshConstine / Yesterday

    https://techcrunch.com/2018/03/21/zuckerberg-cambridge-analytica/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Reply
  6. Tomi Engdahl says:

    Sheryl Sandberg says Facebook leadership should have spoken sooner, is open to regulation
    https://techcrunch.com/2018/03/22/sheryl-sandberg-says-facebook-leadership-should-have-spoken-sooner-is-open-to-regulation/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook

    The days of silence from Facebook’s top executives after the company banned the political advisory service Cambridge Analytica from its platform were a mistake, according to Sheryl Sandberg.

    The firestorm that erupted over Facebook’s decision to ban Cambridge Analytica — and the ensuing revelations that the user data of 50 million Facebook users were accessed by the political consulting and marketing firm without those users’ permission — has slashed Facebook stock and brought calls for regulation for social media companies.

    Even as $60 billion of shareholder value disappeared, Zuckerberg and Sandberg remained quiet.

    Reply
  7. Tomi Engdahl says:

    How To See And Block All The Apps Tracking You On Facebook
    http://www.iflscience.com/technology/how-to-see-and-block-all-the-apps-tracking-you-on-facebook/

    Facebook is currently facing a scandal over the use of its data by British political research company Cambridge Analytica.

    The company reportedly obtained the personal information of 50 million Facebook users.

    It didn’t get the data through a hack, but reportedly through a Facebook app which gave a researcher user data – and also the data of their friends.

    Most people forget that when they download an app or sign into a website with Facebook, they are giving those companies a look into their Facebook profile. Your profile can often include your email address and phone number as well as your work history and current location. And most people don’t realize that if you’re sharing that data with friends, then apps used by those friends can see that data as well!

    Reply
  8. Tomi Engdahl says:

    Facebook has lost $60 billion in value
    https://techcrunch.com/2018/03/20/facebook-has-lost-60-billion-in-value/

    More importantly, if you look at Monday and Tuesday combined, Facebook shares are down 11.4 percent compared to Friday’s closing price of $185.09. In other words, Facebook was worth $537.69 billion on Friday evening when it comes to market capitalization. And Facebook is now worth $476.83 billion.

    That’s how you lose $60 billion in market cap.

    Reply
  9. Tomi Engdahl says:

    Facebook and the endless string of worst-case scenarios
    https://techcrunch.com/2018/03/18/move-fast-and-fake-things/

    AdChoices

    Facebook and the endless string of worst-case scenarios
    Josh Constine
    @JoshConstine / Mar 19, 2018

    facebook-platform-10-year
    Facebook has naively put its faith in humanity and repeatedly been abused, exploited, and proven either negligent or complicit. The company routinely ignores or downplays the worst-case scenarios, idealistically building products without the necessary safeguards, and then drags its feet to admit the extent of the problems.

    This approach, willful or not, has led to its latest scandal, where a previously available API for app developers was harnessed by Trump and Brexit Leave campaign technology provider Cambridge Analytica to pull not just the profile data of 270,000 app users who gave express permission, but of 50 million of those people’s unwitting friends.

    Facebook famously changed its motto in 2014 from “Move fast and break things” to “Move fast with stable infra” aka ‘infrastructure’.

    Reply
  10. Tomi Engdahl says:

    https://techcrunch.com/2018/03/18/move-fast-and-fake-things/

    Here’s an incomplete list of the massive negative consequences and specific abuses that stem from Facebook’s idealistic product development process.

    Beacon = Your Shopping Revealed

    Engagement Ranked Feed = Sensationalized Fake News

    Engagement Priced Ad Auctions = Polarizing Ads

    App Platform = Game Spam

    New Privacy Controls = A Push To Share Publicly

    Academic Research = Emotion Tampering

    Ethnic Affinity Ad Targeting = Racist Exclusion

    Real Name Policy = Enabling Stalkers

    Internet.org = International Net Neutrality Concerns

    Self-Serve Ads = Objectionable Ads

    Developer Data Access = Data Abuse – Most recently, Facebook has found its trust in app developers misplaced. For years it offered an API that allowed app makers to pull robust profile data on their users and somewhat limited info about their friends to make personalized products.

    Each time, Facebook built tools with rosy expectations, only to negligently leave the safety off and see worst-case scenarios arise. In October, Zuckerberg already asked for forgiveness, but the public wants change.

    Reply
  11. Tomi Engdahl says:

    Worried About Being on Facebook? Some Options Explained
    https://www.securityweek.com/worried-about-being-facebook-some-options-explained

    A snowballing Facebook scandal over the hijacking of personal data from millions of its users has many wondering whether it’s time to restrict access to their Facebook information or even leave the social network altogether, with the #deletefacebook movement gaining traction.

    Here are some options open to the worried Facebook user.

    Put it to sleep

    Putting a Facebook account on hold used to be difficult but has become a lot easier.

    Kill the account

    Deleting an account is a more radical step, as users will not be able to access it again once they’ve gone for that option.

    Be more alert

    Facebook users can check with the network how much of their personal information is accessible on the network.

    In “settings”, the option “download a copy of your Facebook data” allows a user to do just that.

    - Go after Facebook –

    Some experts and consumer rights organizations argue that rather than withdraw from Facebook, users should help shift the balance of power between the social network giant and individuals by legal means.

    “We must be able to use the service without being under Facebook’s surveillance,” said Arthur Messaud at Quadrature du Net, a French organization that defends the rights of internet users.

    Reply
  12. Tomi Engdahl says:

    Growing Mistrust Threatens Facebook After Data Mining Scandal
    https://www.securityweek.com/growing-mistrust-threatens-facebook-after-data-mining-scandal

    As Facebook reels from the scandal over hijacked personal data, a movement to quit the social network gathered momentum Wednesday, portending threats to one of the most powerful internet firms.

    In a sign of the mood, one of those calling it quits was a high-profile co-founder of the WhatsApp messaging service acquired by Facebook in 2014 for $19 billion.

    “It is time. #deletefacebook,” Brian Acton said in a tweet, using the hashtag protesting the handling of the crisis by the world’s biggest social network.

    The WhatsApp co-founder, who now works at the rival messaging application Signal, posted the comment amid a growing uproar over revelations that Facebook data was harvested by a British political consulting firm linked to Donald Trump’s presidential campaign.

    “Delete and forget. It’s time to care about privacy,” he said.

    Reply
  13. Tomi Engdahl says:

    Elon Musk deletes own, SpaceX and Tesla Facebook pages after #deletefacebook
    https://techcrunch.com/2018/03/23/elon-musk-deletes-own-spacex-and-tesla-facebook-pages-after-deletefacebook/?utm_source=tcfbpage&sr_share=facebook

    Elon Musk apparently wasn’t aware that his company SpaceX had a Facebook page. The SpaceX and Tesla CEO has responded to a comment on Twitter calling for him to take down the SpaceX, Tesla and Elon Musk official pages in support of the #deletefacebook movement by first acknowledging he didn’t know one existed, and then following up with promises that he would indeed take them down.

    He’s done just that

    The prolific entrepreneur noted that Instagram was “borderline,” since FB’s “influence is slowly creeping in,” but it seems like he’s okay with maintaining that presence for now.

    Prior to their deletion, both the SpaceX and Tesla pages had over 2.6 million Likes and Follows, and super high engagement rates.

    Reply
  14. Tomi Engdahl says:

    Facebook knows literally everything about you
    Behind every feature, Facebook is collecting data
    https://techcrunch.com/2018/03/23/facebook-knows-literally-everything-about-you/?utm_source=tcfbpage&sr_share=facebook

    AdChoices

    Facebook knows literally everything about you
    Behind every feature, Facebook is collecting data
    Romain Dillet
    @romaindillet / 5 minutes ago

    Private sign
    Cambridge Analytica may have used Facebook’s data to influence your political opinions. But why does least-liked tech company Facebook have all this data about its users in the first place?

    Let’s put aside Instagram, WhatsApp and other Facebook products for a minute. Facebook has built the world’s biggest social network. But that’s not what they sell. You’ve probably heard the internet saying “if a product is free, it means that you are the product.”

    And it’s particularly true in that case because Facebook is the world’s second biggest advertising company in the world behind Google.

    That’s 98.5 percent of Facebook’s revenue coming from ads.

    Ads aren’t necessarily a bad thing. But Facebook has reached ad saturation in the newsfeed.

    So Facebook has been collecting as much personal data about you as possible — it’s all about showing you the best ad. The company knows your interests, what you buy, where you go and who you’re sleeping with.

    You can’t hide from Facebook
    Facebook’s terms and conditions are a giant lie. They are purposely misleading, too long and too broad. So you can’t just read the company’s terms of service and understand what it knows about you.

    That’s why some people have been downloading their Facebook data. You can do it too, it’s quite easy.

    Messaging apps are privacy traps
    But Facebook has also been using this trick quite a lot with Messenger. You might not remember, but the on-boarding experience on Messenger is really aggressive.

    The next time you pay for a burrito with your credit card, Facebook will learn about this transaction and match this credit card number with the one you added in Messenger

    On Android, you can let Messenger manage your SMS messages. Of course, you guessed it, Facebook uploads all your metadata. Facebook knows who you’re texting, when, how often.

    Even if you disable it later, Facebook will keep this data for later reference.

    The company knows a lot more about you than what you can find in your downloaded archive. The company asks you to share your location with your friends. The company tracks your web history on nearly every website on earth using embedded Javascript.

    It turns out that Facebook also buys data about your offline purchases.

    And the next time an app asks you to share your address book, there’s a 99-percent chance that this app is going to mine your address book to get new users, spam your friends, improve ad targeting and sell email addresses to marketing companies.

    I could say the same thing about all the other permission popups on your phone.

    Reply
  15. Tomi Engdahl says:

    ‘Looks lame anyway’: Elon Musk just deleted Facebook pages of Tesla, SpaceX — on a dare.
    https://www.washingtonpost.com/news/innovations/wp/2018/03/23/looks-lame-anyway-elon-musk-just-deleted-teslas-facbeook-page-on-a-dare/?utm_term=.7116fc32eaf4

    To the delight of many of his Twitter followers, Tesla and SpaceX chief executive Elon Musk followed through on a promise Friday to delete the Facebook pages of both companies, flushing more than 5 million combined “likes” down the digital drain on a whim.

    The Facebook pages for the automaker and aerospace innovator have been replaced by a default page noting that “content isn’t available right now.”

    Reply
  16. Tomi Engdahl says:

    Trump’s new national security advisor has ties to Cambridge Analytica
    https://techcrunch.com/2018/03/23/cambridge-analytica-john-bolton-trump-administration/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Trump’s third national security advisor John Bolton shares at least one thing in common with his first one, Michael Flynn: both men have ties to Cambridge Analytica, a political data firm at the center of a new Facebook privacy firestorm.

    Reply
  17. Tomi Engdahl says:

    House and Senate put Zuckerberg on notice: ‘You are the right person to testify before Congress’
    https://techcrunch.com/2018/03/23/house-and-senate-put-zuckerberg-on-notice-you-are-the-right-person-to-testify-before-congress/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Facebook CEO Mark Zuckerberg has been rather scarce lately, despite a host of woes besetting his company — but Wednesday he emerged from his cocoon to offer a limp apology, admit they had no control over data like that used by Cambridge Analytica, and that he “will happily” testify before Congress if he’s the right person to do so.

    Well, Congress has taken him at his word. “You are the right person to testify before Congress,”

    “We had one hearing — they all sent their lawyers. I don’t know what they paid them but they got their money’s worth, cause their lawyers didn’t say a damn thing.”

    At this point it would be pretty dangerous for Zuckerberg not to heed the call. Lawmakers don’t take kindly to captains of industry who send underlings instead of tackling major issues like this personally.

    the shortcomings of Facebook’s privacy rules are only part of the story

    Reply
  18. Tomi Engdahl says:

    Facebook’s Zuckerberg Outlines Steps to Protect User Data
    https://www.bloomberg.com/news/articles/2018-03-21/facebook-s-zuckerberg-outlines-steps-to-protect-data-after-leak

    Social network will audit all apps that had broad access
    Sandberg says she ‘deeply regrets’ company didn’t do more

    The co-founder also said Facebook still hasn’t independently confirmed reports from news organizations over the weekend that kicked off the controversy.

    “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Zuckerberg said. “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.”

    Zuckerberg said that the most important solution to the problem — preventing developers from getting access to information on their user’s friends — was resolved in 2014.

    Reply
  19. Tomi Engdahl says:

    Silicon Valley Has Failed to Protect Our Data. Here’s How to Fix It
    https://www.bloomberg.com/news/articles/2018-03-21/paul-ford-facebook-is-why-we-need-a-digital-protection-agency

    It’s time for a digital protection agency. It’s clear ethics don’t scale, and it’s not just Facebook’s problem

    Reply
  20. Tomi Engdahl says:

    Facebook’s recent debacle is illustrative. It turns out that the company let a researcher spider through its social network to gather information on 50 million people. Then the Steve Bannon-affiliated, Robert Mercer-backed U.K. data analysis firm Cambridge Analytica used that data to target likely Trump voters. Facebook responded that, no, this was not a “breach.”

    OK, sure, let’s not call it a breach. It’s how things were designed to work. That’s the problem.

    Source: https://www.bloomberg.com/news/articles/2018-03-21/paul-ford-facebook-is-why-we-need-a-digital-protection-agency

    Reply
  21. Tomi Engdahl says:

    Facebook is making it harder for developers to “steal” data, but what they should be doing is making it easier for users to delete their old data

    Currently you have to delete either your entire account or nothing at all.

    Reply
  22. Tomi Engdahl says:

    As I understand GDPR, it requires people to give explicit consent to the actual purpose that you will use the data for.

    Reply
  23. Tomi Engdahl says:

    Cambridge Analytica raided by UK data watchdog
    https://techcrunch.com/2018/03/24/cambridge-analytica-raided-by-uk-data-watchdog/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook

    The UK’s data watchdog, the ICO, finally obtained a warrant to enter and search the offices of Cambridge Analytica late Friday — carrying out an evidence gathering sweep of the company into the small hours of Saturday morning.

    Cambridge Analytica is at the centre of a data misuse storm that’s wiped billions off the value of Facebook since newspaper revelations late last week revealed the extent of data swiped by the UK political consultancy which intended to use the information for the Trump campaign.

    Reply
  24. Tomi Engdahl says:

    The Guardian:
    Eighteen investigators, including some from the UK’s Information Commissioner’s Office, raid Cambridge Analytica’s London offices after search warrant granted — Officials raid firm’s London offices amid allegations it may have illegally acquired data

    Investigators complete seven-hour Cambridge Analytica HQ search
    https://www.theguardian.com/news/2018/mar/23/judge-grants-search-warrant-for-cambridge-analyticas-offices

    Investigators from Britain’s data watchdog have spent nearly seven hours searching the London offices of Cambridge Analytica.

    Eighteen enforcement officers entered the Cambridge Analytica headquarters in London’s West End on Friday night to search the premises after the Information Commissioner’s Office (ICO) was granted a warrant to examine its records.

    The officials concluded the search at about 3am on Saturday.

    “We will now need to assess and consider the evidence before deciding the next steps and coming to any conclusions,”

    Officials raid firm’s London offices amid allegations it may have illegally acquired data

    Reply
  25. Tomi Engdahl says:

    Wall Street Journal:
    Sources: Facebook has been contacting ad agencies and trade bodies to reassure them that customer data is being protected in light of Cambridge Analytica news — Social-media giant plans marketing outreach to reassure users of safety on its platform and prevent more advertisers from dropping out

    Facebook Tries to Calm Advertisers After Cambridge Analytica Crisis
    https://www.wsj.com/articles/facebook-tries-to-calm-advertisers-after-cambridge-analytica-crisis-1521836823?mod=e2tw

    Social-media giant plans marketing outreach to reassure users of safety on its platform and prevent more advertisers from dropping out

    Reply
  26. Tomi Engdahl says:

    Andy Kroll / Mother Jones:
    Sources on how Cambridge Analytica milked Mercer-backed GOP candidates, including Cruz campaign, which paid $5.8M and compared the firm to a Ponzi scheme — The secretive data firm said it could move the minds of American voters. That wasn’t its real victory. — Looking for news you can trust?

    Cloak and Data: The Real Story Behind Cambridge Analytica’s Rise and Fall
    https://www.motherjones.com/politics/2018/03/cloak-and-data-cambridge-analytica-robert-mercer/

    The secretive data firm said it could move the minds of American voters. That wasn’t its real victory.

    Reply
  27. Tomi Engdahl says:

    Alex Kantrowitz / BuzzFeed:
    A week after Cambridge Analytica and despite #deletefacebook, Facebook app installs did not drop, no big advertisers quit, and analysts recommend buying the dip — As Facebook’s Cambridge Analytica scandal spiraled into chaos this week, a frantic hail of notes from Wall Street analysts …

    Why Nothing Is Going To Happen To Facebook Or Mark Zuckerberg
    You got mad, but Facebook chugs on.
    https://www.buzzfeed.com/alexkantrowitz/nothing-is-going-to-happen-to-facebook-or-mark-zuckerberg?utm_term=.kbnJmw6Wg#.cw69GmD1Q

    As Facebook’s Cambridge Analytica scandal spiraled into chaos this week, a frantic hail of notes from Wall Street analysts reached investor inboxes with a clear and definitive directive: Buy.

    “We view the medium-term and long-term risk-reward on the shares as downright compelling,” said RBC analyst Mark Mahaney. “We would urge investors to not lose sight of the areas where FB is doing very well,” said Wells Fargo analysts Ken Sena and Peter Stabler. “We see the current selloff as a buying opportunity,” said Oppenheimer senior analyst Jason Helfstein. Though the company’s stock did take a beating this week, its market cap is still approximately $480 billion, up significantly over the past year.

    With Wall Street leading the way, the four entities with the strongest ability to cause long-term damage to Facebook in response to revelations that Cambridge Analytica illicitly used 50 million of its users’ data for political purposes didn’t seem ready to do so: Analysts told investors to buy the dip. Advertisers kept spending. Legislators continued to sit on their hands while a basic ad transparency bill rotted in Congress. And though users posted #DeleteFacebook en masse, Facebook actually rose to 8th place from 12th in the iOS mobile App Store since the day before the Cambridge Analytica news broke. It’s holding steady on Android, too.

    After examining whether first-time US installs of Facebook were dropping, Randy Nelson, head of mobile insights at app analytics company SensorTower, told BuzzFeed News: “The short answer is no.” App Store rankings don’t directly reflect user numbers, but they’re a good of indicator of interest.

    Reply
  28. Tomi Engdahl says:

    Facebook was warned about app permissions in 2011
    https://techcrunch.com/2018/03/24/facebook-was-warned-about-app-permissions-in-2011/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Who’s to blame for the leaking of 50 million Facebook users’ data?

    he regretted not telling Facebookers at the time their information had been misappropriated.

    Meanwhile, shares in the company have been taking a battering. And Facebook is now facing multiple shareholder and user lawsuits.

    Essentially Facebook’s line is that it believed the data had been deleted — and presumably, therefore, it calculated (wrongly) that it didn’t need to inform users because it had made the leak problem go away via its own backchannels.

    Except of course it hadn’t. Because people who want to do nefarious things with data rarely play exactly by your rules just because you ask them to.

    There’s an interesting parallel here with Uber’s response to a 2016 data breach of its systems. In that case, instead of informing the ~57M affected users and drivers that their personal data had been compromised, Uber’s senior management also decided to try and make the problem go away — by asking (and in their case paying) hackers to delete the data.

    Aka the trigger response for both tech companies to massive data protection fuck-ups was: Cover up; don’t disclose.

    Facebook denies the Cambridge Analytica instance is a data breach — because, well, its systems were so laxly designed as to actively encourage vast amounts of data to be sucked out, via API,
    without the check and balance of those third parties having to gain individual level consent.

    So in that sense Facebook is entirely right; technically what Cambridge Analytica did wasn’t a breach at all. It was a feature, not a bug.

    Clearly that’s also the opposite of reassuring.

    What the company very clearly turned a blind eye to is the risk posed by its own system of loose app permissions that in turn enabled developers to suck out vast amounts of data without having to worry about pesky user consent. And, ultimately, for Cambridge Analytica to get its hands on the profiles of ~50M US Facebookers for dark ad political targeting purposes.

    Indeed, in August 2011 Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole

    As a result of Schrems’ complaint, the Irish DPC audited and re-audited Facebook’s systems in 2011 and 2012. The result of those data audits included a recommendation that Facebook tighten app permissions on its platform

    recommendation that we made in 2012, that was implemented by Facebook in 2014 as part of a wider platform change that they made

    from 1st May 2014 they couldn’t do this. They gave a 12 month period for existing users to migrate across to their new platform… and it was in that period that… Cambridge Analytica’s use of the information for their data emerged.

    expressed surprise at Zuckerberg’s claim to be “outraged” by the Cambridge Analytica revelations — now snowballing into a massive privacy scandal.

    So why did it take Facebook from September 2012 — when the DPC made its recommendations — until May 2014 and May 2015 to implement the changes and tighten app permissions?

    Facebook could have prevented these problems if it had listened to the very valid concerns data protection experts were raising more than six years ago.

    Reply
  29. Tomi Engdahl says:

    Chris Welch / The Verge:
    Tim Cook says that some well-crafted privacy regulations may be necessary; Zuckerberg acknowledged Facebook may need to be regulated in CNN interview this week — Apple’s CEO says the Cambridge Analytica controversy is “dire” — Apple CEO Tim Cook, long an staunch advocate for consumer privacy …

    Tim Cook wants ‘well-crafted’ privacy regulations after latest Facebook scandal
    Apple’s CEO says the Cambridge Analytica controversy is “dire”
    https://www.theverge.com/2018/3/24/17159610/apple-ceo-tim-cook-wants-privacy-regulation-facebook-cambridge-analytica

    Apple CEO Tim Cook, long an staunch advocate for consumer privacy, says that he supports the idea of tech companies facing regulations that specify just how they’re able to use customer data. Speaking at the China Development Forum in Beijing on Saturday, Cook was asked for his thoughts on what should happen in the aftermath of Facebook’s latest privacy fiasco, according to Bloomberg’s recap of his remarks.

    “I think that this certain situation is so dire and has become so large that probably some well-crafted regulation is necessary,” he said. “The ability of anyone to know what you’ve been browsing about for years, who your contacts are, who their contacts are, things you like and dislike and every intimate detail of your life — from my own point of view, it shouldn’t exist.”

    The Cambridge Analytica controversy has led people to review their Facebook settings, and many have been startled to discover the sheer volume of third-party apps that have access to aspects of their account and personal information.

    “We’ve worried for a number of years that people in many countries were giving up data probably without knowing fully what they were doing and that these detailed profiles that were being built of them, that one day something would occur and people would be incredibly offended by what had been done without them being aware of it,” he said. “Unfortunately that prediction has come true more than once.”

    Reply
  30. Tomi Engdahl says:

    Washington Post:
    Around the time he was working with Cambridge Analytica, psychologist Aleksandr Kogan co-authored an unrelated academic paper with two Facebook data scientists — The psychologist who disseminated Facebook user data to an analytics firm working for the Trump campaign had a closer relationship …

    Facebook had a closer relationship than it disclosed with the academic it called a liar
    https://www.washingtonpost.com/business/economy/facebook-had-a-closer-relationship-than-it-disclosed-with-the-academic-it-called-a-liar/2018/03/22/ca0570cc-2df9-11e8-8688-e053ba58f1e4_story.html?utm_term=.aa75f1c2f118

    Reply
  31. Tomi Engdahl says:

    Sean Gallagher / Ars Technica:
    Facebook has been collecting phone call and SMS metadata from users who gave permission to various Facebook apps to access contacts on Android phones for years — Maybe check your data archive to see if Facebook’s algorithms know who you called. — This past week, a New Zealand man …

    Facebook scraped call, text message data for years from Android phones
    Maybe check your data archive to see if Facebook’s algorithms know who you called.
    https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/

    Reply
  32. Tomi Engdahl says:

    Natasha Lomas / TechCrunch:
    Four lawsuits against Facebook by its users and shareholders have been filed in federal courts so far after Cambridge Analytica revelations

    Facebook hit with shareholder lawsuits over data misuse crisis
    https://techcrunch.com/2018/03/23/facebook-hit-with-shareholder-lawsuits-over-data-misuse-crisis/

    The lawsuits are piling up against Facebook in the wake of the Cambridge Analytica data misuse and political ad targeting scandal.

    According to SF Gate the company has been hit with four suits in federal courts so far this week following fresh revelations about how Facebook’s app permissions were abused to surreptitiously suck out vast amounts of user data.

    One lawsuit filed yesterday in Northern California on behalf of a Facebook shareholder, Jeremiah Hallisey, alleges the company’s senior management “breached their fiduciary duties by failing to prevent the initial misappropriation [of user data by CA] and, after learning of it in 2015, failing to inform affected Facebook users or the public markets”.

    It notes Facebook has lost $50 billion in market capitalization since the data leak was disclosed, and flags reports that the FTC has launched an inquiry into Facebook’s conduct and whether it violated the terms of a 2011 consent decree that requires the company to notify users before sharing their data with third parties.

    the political consultancy had been able to obtain vast amounts of user information — as many as 50 million US Facebook users’ profiles — without the vast majority of the users being aware their data had been harvested nor what it would be used for. The firm had been working for the Trump presidential campaign.

    After the newspaper reports Facebook acknowledged that 270,000 people had downloaded the survey app.

    Reply
  33. Tomi Engdahl says:

    My Cow Game Extracted Your Facebook Data
    https://www.theatlantic.com/technology/archive/2018/03/my-cow-game-extracted-your-facebook-data/556214/?utm_source=atlfb

    The Cambridge Analytica scandal is drawing attention to malicious data thieves and brokers. But every Facebook app—even the dumb, innocent ones—collected users’ personal data without even trying.

    For a spell during 2010 and 2011, I was a virtual rancher of clickable cattle on Facebook.

    I’d had enough of it—the click-farming games, for one, but also Facebook itself. Already in 2010, it felt like a malicious attention market where people treated friends as latent resources to be optimized. Compulsion rather than choice devoured people’s time.

    In response, I made a satirical social game called Cow Clicker. Players clicked a cute cow, which mooed and scored a “click.” Six hours later, they could do so again. They could also invite friends’ cows to their pasture, buy virtual cows with real money, compete for status, click to send a real cow to the developing world from Oxfam, outsource clicks to their toddlers with a mobile app, and much more. It became strangely popular, until eventually, I shut the whole thing down in a bovine rapture—the “cowpocalypse.”

    But one worth revisiting today, in the context of the scandal over Facebook’s sanctioning of user-data exfiltration via its application platform.

    But worse, in those days, it was hard to avoid extracting private data, for years even, without even trying. I did it with a silly cow game.

    And yet, if you played Cow Clicker, even just once, I got enough of your personal data that, for years, I could have assembled a reasonably sophisticated profile of your interests and behavior. I might still be able to; all the data is still there, stored on my private server, where Cow Clicker is still running

    When you access an app on Facebook’s website, be it a personality-quiz, a game, a horoscope, or a sports community, the service presents you with an authorization dialog, where the specific data an app says it needs is displayed for the user’s consideration. That could be anything from your name, friend list, and email address, to your photos, likes, direct messages and more.

    The information shared with an app by default has changed over time

    In 2014, Facebook began an app review process for information beyond that which a user shared publicly, but for years before that, the decision was left to the user alone. This is consistent with Facebook’s longstanding, official policy on privacy, which revolves around user control rather than procedural verification.

    App authorizations are not exceptionally clear. For one thing, the user must accept the app’s request to share data with it as soon as they open it for the first time, even before knowing what the app does or why. For another, the authorization is presented by Facebook, not by the third party, making it seem official, safe, and even endorsed.

    To the average web user, especially a decade ago, it looked like the game or app was just a part of Facebook itself.

    When a user loads an app, Facebook’s servers pass those requests to a remote computer, where the individual or company that made the app hosts their services. The app sends its responses to Facebook, which formats and presents them to the user, as if they were inside of Facebook itself.

    The authorization process happens once, the first time the app is accessed for a specific user. After that, every time the user loads the app, Facebook sends it a payload of basic user data to facilitate the app’s operation (additional data can be requested separately when needed). For years, these transmissions were even conducted unencrypted, until Facebook required apps to communicate with its service over a secure connection.

    Facebook “secured” user data shared with third-parties by requiring every app to publish a privacy policy

    As far as I can tell, all the platform did was to insure that accessing the URL for an app’s privacy policy didn’t result in a page-not-found error. Facebook was checking that privacy policies existed as reachable web pages, not that they existed as privacy policies, let alone policies that provided any specific protections.

    In essence, Facebook was presenting apps as quasi-endorsed extensions of its core service to users who couldn’t have been expected to know better. That might explain why so many people feel violated by Facebook this week—they might never have realized that they were even using foreign, non-Facebook applications in the first place, let alone ones that were siphoning off and selling their data.

    Once I have your Facebook ID, I can look up your profile programmatically, or I can just load it in the public website by appending it to “facebook.com”

    These days, Facebook generates a unique, app-specific ID for each user, in order to prevent an app from connecting someone directly to Facebook profiles.

    Because I collected and stored my users’ true Facebook IDs to be able to count their clicks and build their pastures and the like, I still have them, and, in theory, I could use them nefariously.

    This is also why Zuckerberg’s response to the present controversy feels so toothless. Facebook has vowed to audit companies that have collected, shared, or sold large volumes of data in violation of its policy, but the company cannot close the Pandora’s box it opened a decade ago, when it first allowed external apps to collect Facebook user data. That information is now in the hands of thousands, maybe millions of people.

    To be honest, I’m not even sure I know what the Facebook platform’s terms of service dictated that I do with user data acquired from Facebook. Technically, users could revoke certain app permissions later, and apps were supposed to remove any impacted data that they had stored. I doubt most apps did that, and I suspect users never knew—and still don’t know—that revoking access to an app they used eight years ago doesn’t do anything to reverse transmissions that took place years ago.

    As Jason Koebler put it at Motherboard, it’s too late. “If your data has already been taken, Facebook has no mechanism and no power to make people delete it. If your data was taken, it has very likely been sold, laundered, and put back into Facebook.”

    the publicity around Facebook’s Cambridge Analytica crisis might be sending lots of old app developers, like me, back to old code and dusty databases, wondering what they’ve even got stored and what it might yet be worth.

    Some Facebook app developers were dishonest from the start, and others couldn’t help themselves once they saw the enormous volume of data they could slurp from millions or tens of millions of Facebook users.

    Millions of apps had been created by 2012

    On the whole, none of us asked for your data. But we have it anyway, and forever.

    Reply
  34. Tomi Engdahl says:

    Cambridge Analytica-linked firm ‘boasted of poll interference’
    http://www.bbc.com/news/uk-43528219

    The company that became Cambridge Analytica boasted about interfering in foreign elections, according to documents seen by the BBC.

    Cambridge Analytica is embroiled in a storm over claims it exploited the data of millions of Facebook users.

    The BBC has seen a brochure published by parent company SCL Elections, it is believed prior to 2014.

    The brochure outlines how SCL Elections had apparently organised “anti-election rallies” to dissuade opposition supporters from voting in the Nigerian presidential election in 2007. The election was described by EU monitors as one of the least credible they had observed.

    The document claims SCL Elections deliberately exploited ethnic tensions in Latvia in the 2006 national elections in order to help their client.

    In a statement, the acting CEO of Cambridge Analytica, Dr Alexander Tayler, said “Cambridge Analytica was formed in 2013, out of a much older company called SCL Elections.

    Reply
  35. Tomi Engdahl says:

    Whistleblower: We tested Trump slogans in 2014
    https://edition.cnn.com/videos/cnnmoney/2018/03/20/christopher-wylie-cambridge-analytica-trump-slogans-2014-sot.cnn

    Cambridge Analytica whistleblower Christopher Wylie says the company tested Trump slogans such as “drain the swamp” and “deep state” as early as 2014, before Trump announced a presidential run.

    Reply
  36. Tomi Engdahl says:

    Exposed: Undercover secrets of Trump’s data firm
    https://www.channel4.com/news/exposed-undercover-secrets-of-donald-trump-data-firm-cambridge-analytica

    An investigation by Channel 4 News has revealed how Cambridge Analytica claims it ran ‘all’ of President Trump’s digital campaign – and may have broken election law. As the report went on air, the firm announced it has suspended chief executive Alexander Nix, pending a full investigation.

    Reply
  37. Tomi Engdahl says:

    Regulation could protect Facebook, not punish it
    Zuckerberg has the cash to jump through the
    https://techcrunch.com/2018/03/25/the-regulation-moat/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook

    You know what tech startups hate? Complicated legal compliance. The problem is, Facebook isn’t a startup any more, but its competitors are.

    There have been plenty of calls from congress and critics to regulate Facebook following the election interference scandal and now the Cambridge Analytica debacle.

    The government could require extensive ads transparency reporting or data privacy protections. That could cost Facebook a lot of money, slow down its operations, or inhibit its ability to build new products.

    But the danger is that those same requirements could be much more onerous for a tiny upstart company to uphold.

    Reply
  38. Tomi Engdahl says:

    Zuck apologizes for Cambridge Analytica scandal with full-page print ad
    https://techcrunch.com/2018/03/25/zuck-apologizes-for-cambridge-analytica-scandal-with-full-page-print-ad/?utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    Facebook chief Mark Zuckerberg has taken out a full page ad in the Washington Post, the New York Times, the Wall Street Journal and six UK papers today to apologize Cambridge Analytica scandal, according to CNN’s Brian Stelter.

    The ad starts in bold letters, saying:

    “We have a responsibility to protect your information. If we can’t, we don’t deserve it.”

    Reply
  39. Tomi Engdahl says:

    Facebook scraped call, text message data for years from Android phones [Updated]
    Maybe check your data archive to see if Facebook’s algorithms know who you called.
    https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/

    Fact Check: Your Call and SMS History
    https://newsroom.fb.com/news/2018/03/fact-check-your-call-and-sms-history/

    You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission.

    Reply
  40. Tomi Engdahl says:

    UK Regulators Search Cambridge Analytica Offices
    https://www.securityweek.com/uk-regulators-search-cambridge-analytica-offices

    British regulators on Friday began searching the London offices of Cambridge Analytica (CA), the scandal-hit communications firm at the heart of the Facebook data scandal, shortly after a judge approved a search warrant.

    Around 18 enforcement agents from the office of Information Commissioner Elizabeth Denham entered the company’s London headquarters at around 8:00pm (2000 GMT) to execute the warrant.

    Reply
  41. Tomi Engdahl says:

    Worried About Being on Facebook? Some Options Explained
    https://www.securityweek.com/worried-about-being-facebook-some-options-explained

    A snowballing Facebook scandal over the hijacking of personal data from millions of its users has many wondering whether it’s time to restrict access to their Facebook information or even leave the social network altogether, with the #deletefacebook movement gaining traction.

    Here are some options open to the worried Facebook user.

    Put it to sleep

    Putting a Facebook account on hold used to be difficult but has become a lot easier.

    To deactivate their account, users need to go on their “settings” page, then on to “manage account”, where they can “deactivate” their account. Facebook defines this action as putting activity “on hold”.

    The move disables a user’s profile and removes their name and pictures from most things they have shared.

    Kill the account

    Deleting an account is a more radical step, as users will not be able to access it again once they’ve gone for that option.

    Facebook warns users that it can take up to 90 days to purge the network of a user’s posts.

    Even so, some information is likely to stay online, for example messages sent to friends.

    Be more alert

    Facebook users can check with the network how much of their personal information is accessible on the network.

    In “settings”, the option “download a copy of your Facebook data” allows a user to do just that.

    - Go after Facebook –

    Some experts and consumer rights organizations argue that rather than withdraw from Facebook, users should help shift the balance of power between the social network giant and individuals by legal means.

    “We must be able to use the service without being under Facebook’s surveillance,” said Arthur Messaud at Quadrature du Net, a French organization that defends the rights of internet users.

    The group is planning a class action suit against Facebook in France, based on a new set of EU data protection rules that come into force in May, Messaud said.

    Reply
  42. Tomi Engdahl says:

    Ian Bogost / The Atlantic:
    How every Facebook app in 2010 collected users’ personal data, what devs could do with it, and why Facebook can’t close the Pandora’s box it opened a decade ago — For a spell during 2010 and 2011, I was a virtual rancher of clickable cattle on Facebook. — It feels like a long time ago.

    My Cow Game Extracted Your Facebook Data
    https://www.theatlantic.com/technology/archive/2018/03/my-cow-game-extracted-your-facebook-data/556214/

    The Cambridge Analytica scandal is drawing attention to malicious data thieves and brokers. But every Facebook app—even the dumb, innocent ones—collected users’ personal data without even trying.

    Reply
  43. Tomi Engdahl says:

    Suzanne Vranica / Wall Street Journal:
    Inside the fight between the Facebook-Google duopoly and Madison Avenue as advertisers get nervous about the Facebook fallout and push aggressively for changes — Latest uproar over voter profiling data follows company demands for more control, more transparency from tech giants
    https://t.co/FAiVfdivQX

    Reply
  44. Tomi Engdahl says:

    Josh Constine / TechCrunch:
    New complicated privacy and transparency regulations might be a mere speed bump for Facebook but an insurmountable burden for startups — You know what tech startups hate? Complicated legal compliance. The problem is, Facebook isn’t a startup any more, but its competitors are.
    https://techcrunch.com/2018/03/25/the-regulation-moat/

    Reply
  45. Tomi Engdahl says:

    Jean-Louis Gassée / Monday Note:
    By claiming that Facebook was not aware of a widespread misuse of user data by outside developers, Mark Zuckerberg sends a message that he thinks we are idiots

    Mark Zuckerberg Thinks We’re Idiots.
    by Jean-Louis Gassée
    https://mondaynote.com/mark-zuckerberg-thinks-were-idiots-638c64dfab12

    Surprise: Thanks to the Cambridge Analytica revelations, we’re finding out that Facebook allowed a much broader and deeper prostitution of our private data than it had previously claimed. Facebook’s disingenuous explanations call for more questions and even less trust.

    Reply
  46. Tomi Engdahl says:

    BBC:
    Facebook took out full-page ads, signed by Mark Zuckerberg, in several major US and UK newspapers on Sunday to apologize for Cambridge Analytica data leak

    Facebook boss apologises in UK and US newspaper ads
    http://www.bbc.com/news/business-43532948

    Facebook boss Mark Zuckerberg has taken out full-page adverts in several UK and US Sunday newspapers to apologise for the firm’s recent data privacy scandal.

    He said Facebook could have done more to stop millions of users having their data exploited by political consultancy Cambridge Analytica in 2014.

    “This was a breach of trust, and I am sorry,” the back-page ads state.

    It comes amid reports Facebook was warned its data protection policies were too weak back in 2011.

    Reply
  47. Tomi Engdahl says:

    Sara Salinas / CNBC:
    FTC says it has an open non-public probe into Facebook’s privacy practices; a violation of consent decree signed in 2011 could carry a penalty of $40K/violation — The FTC confirmed Monday it’s investigating Facebook and its data practices in the wake of the Cambridge Analytica data scandal.

    Facebook stock slides after FTC launches probe of data scandal
    https://www.cnbc.com/2018/03/26/ftc-confirms-facebook-data-breach-investigation.html

    The FTC had declined to confirm last week that it was investigating Facebook and whether it violated a consent decree the tech company signed with the agency in 2011.
    Facebook is facing questions of its data handling following reports that research firm Cambridge Analytica improperly gained access to the personal data of more than 50 million Facebook users.
    The stock briefly fell into bear market territory before paring losses.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*