For all the talk with Facebook CEO Mark Zuckerberg in the US Senate and House this week, there was very little surprising content. We give consent to use the Facebook service, we upload images, write posts, and like articles. We have control at every step of our interaction to decide how much to share with Facebook and what we give the company is exactly what is given back to us in the data archive download tool. It’s shocking to see every interaction you’ve ever made on Facebook in one place, but there is nothing here we don’t expect. There is no post we didn’t make or image we didn’t take. Facebook remembers what we do on the service as long as we have an account.
But that doesn’t mean everything from the last week was old information.
What was clarified?
An important point Zuckerberg reiterated is that Facebook does not sell user data. This would be a silly business move because Facebook’s value to advertisers is in the uniqueness of its data. It is in Facebook’s best interests to keep it’s trove of data secure, as it requires advertisers to keep coming back. There’s no other place advertisers can go to get the same level of targeting.
Instead of selling data, Facebook actually collects all the details from every person “in the community” and compiles the best advertising opportunity for a given ad. Facebook assures advertisers their ad placement will reach the intended audience with the greatest possibility of interaction. It is this assurance that gives Facebook it’s gazillion dollar market cap.
The Cambridge Analytica case was different, but still Facebook never sold data. Instead, Cambridge Analytica got raw Facebook user data from an app developer who used a survey app to harvest data. In 2014, it was within Facebook terms for a 3rd party app developer to use the Facebook developer platform to collect just about all the information about you and all your friends ever entered onto the site.
This is why the current Facebook fiasco is not a data security breach, but a data privacy leak. Hackers did not break into Facebook systems to obtain user data, but a developer (which could have been anyone) used Facebook sanctioned tools to collect your information. Facebook has since locked down it’s platform to prevent such unrestricted access to user data, but it does not change the fact that massive amounts of user data left the platform seemingly without consent of its users. And yes, it’s true that by signing up you agreed to the terms that allowed developers to leverage the wide open API to gather profile information, but did you really know that was part of the agreement?
What was surprising and novel?
Did you check if your info was collected by Cambridge Analytica? Go ahead, I’ll wait ⌚😊
After you’ve read through your activity log and exported your data, take a minute and think about what stands out from the content (I think this tinfoil hat scandal is all a ploy to get us to go on Facebook even more. Feel free to finish reading in the meantime, the export takes a while). Once you get to the details, you can see the majority of the information came from you, but there is a small subset which reveals the inner working of the Facebook machine.
To put things in perspective, focus on your ad preferences and take a look at your ad demographics information. This is a window to the
96 98 categories from the Senate hearing. Advertiser demographic is the result of running all our interactions on Facebook through a proprietary algorithm. Of all the information in the data archive, this piece is novel. We didn’t explicitly tell Facebook this information, but they determined it based on what we’ve done on the site.
This is why the Facebook hearing this week is only the tip of the iceberg. If we are concerned that Cambridge Analytica could sway an election with a slice of our data, what kind of power does Facebook have? Sure we didn’t entrust Cambridge Analytica with our data, but why does opting into a puppy video sharing service change our perception of possible psychological manipulation?
What does Facebook do with all our data? And what can they do?
We need greater transparency on how our data is used. I can control and know what I upload, but what happens with the data “I own” once it’s handed over?
When I upload a photo to Facebook, what algorithms are tuned as a result? How does the content of the photo affect ads I see?
WhatsApp communication is encrypted, so it’s private between those in the conversation, but in what way does Facebook link my WhatsApp, Instagram, Facebook accounts? I’ve logged into all three on the same device so they must know it’s the same person (even though I signed up for all three as separate users).
And what about activity coming from the same IP address or GPS location? Does Facebook correlate data of those physically closest to me, outside of our connections on it’s services? What about when I’m on Facebook but signed out?
The consumer facing fun part seems like a front for the stingy advertising business on the back end. What is the difference between the two? It’s telling that Zuckerberg doesn’t fully understand the difference (from questioning by Brian Schatz). From Facebook’s perspective, the “fun part” is the user feature set that drives advertising revenue. It’s the top of the funnel for all of Facebook’s algorithms and drives the companies valuation.
For a platform that relies on its users to generate value, the company doesn’t provide much information to said users on how the internal cogs work. Perhaps it’s best to be blissfully unaware, or maybe it’s not a requirement, but when 2 billion people feel like the product and not the customer, it’s reasonable for them to want a little more information on how they’re being used.
What can you do to stay in control?
Adjust log-in behavior to prevent future data leaks
Check permissions when using Facebook (or Google or any over service) to sign up for a new site. To keep the same convenience, sign up for a password manager like Dashlane or LastPass which can generate and remember a new login for each site you visit. This adds a layer of security to your accounts and removes the possibility of another Cambridge Analytica style data leak.
Prevent cross site tracking
Use a separate browser just for Facebook. Only log in to Facebook on that browser and do all your other web stuff in another. Or use extensions like Ghostery (which also tracks your trackers, so maybe just turn off the internet for the day…) or the Facebook Container for Firefox.
Limit sharing data
All sorts of links
Video of Zuckerberg’s Senate hearing (transcript) and appearance before House committee (transcript)
Day 2 from MIT Technology Review
What was Facebook Thinking by James Allworth
The Facebook Current and The Facebook Brand from Stratechery
Facebook and Cambridge Analytica Explained from NYTimes
Facebook’s Real Mistake and Facebook Fatigue from Exponent Podcast
Mark Zuckerberg is Either Ignorant or Deliberately Misleading Congress from The Intercept
What is GDPR?
General Data Protection Regulation
Coachella streams 1, 2, and 3