Main content

Alert message

Background

Eye peering through a keyhole in cloud

In March 2018 it was revealed that the data firm, Cambridge Analytica, gained unauthorised access to almost 87 million (primarily United States) Facebook users’ data. Also implicated was Cambridge Analytica’s British counterpart, Strategic Communication Laboratories.

Facebook users’ data was harvested through the two data firms through a personality-quiz app created by Cambridge psychology professor, Aleksandr Kogan, named “This Is Your Digital Life”. Facebook confirmed that only 270,000 Facebook users downloaded Kogan’s app, but Facebook has not yet refuted claims that up to 87 million users’ data had been accessed. During this time, when Facebook users downloaded apps connected to their Facebook accounts, they also exposed data from many of their friends to the app developer, hence, the large estimated number of users affected.

This app was promoted as being able to predict users’ personalities, so when users downloaded the app and logged in through Facebook, it gave Kogan access to users’ information, such as their city, Facebook content they ‘liked’ and their Facebook friends network. This user data collected from Kogan’s app was then handed over to Cambridge Analytica and Strategic Communication Laboratories, in violation of Facebook terms of service.

Once Facebook found out about the violation, it then removed the app from Facebook and requested that Kogan and his associates permanently delete the collected data.

In light of the controversy, Facebook suspended Cambridge Analytica and Strategic Communication Laboratories for breach of its policies regarding data collection and storing.

Since then, what's changed?

  • Review: Facebook CEO, Mark Zuckerberg, said that Facebook will review apps which access and use Facebook data, as well as restricting apps’ access to users’ Facebook data.

  • Remove multiple apps at once: If you go into the apps section of your Facebook settings, you can select any amount of third party apps which have access to your data and remove them from having access to your Facebook data. Before this update, a user would have to do so one app at a time, meaning that the process was not as efficient as it is now.

  • Removal of apps after three months of inactivity: Facebook has also said that it will remove apps from having access to user data automatically if a user does not access apps for three months.

  • Option to delete all posts after removing an app: When apps are removed, users will be given the option of whether they would like to delete all posts, photos and videos that a user has posted to their timeline / profile.

  • Less data for app developers than before: App developers will now have less access to user data, having to receive Facebook’s permission to access more detailed data on users. This means that when developers use Facebook Login, they will now have information only on a user’s name, profile picture, and email address when a user signs in through Facebook. Other information, such as a user’s Facebook posts, will require the developers to obtain permission from Facebook.

  • Pre-2014 apps will be investigated: Facebook also announced that it will be investigating apps that had access to large amounts of information before Facebook changed its platform in attempts to minimise data access in 2014.

  • Facebook will have the power to audit apps: Facebook announced that it would conduct a full audit of any app with suspicious activity and ban any developer from its platform who does not agree with a detailed audit conducted by Facebook.

  • Some app developers could be banned: Any developers that Facebook finds to have misused users’ personally identifiable information will be banned from Facebook and affected users of those apps will be notified.

  • Users will be able to know more about how apps are using their information: Facebook has also made it easier for users to access information regarding which apps are connected to their Facebook accounts. At the top of users’ News Feed's, there will soon be a tool which will show users which apps they have used, as well as providing an easy way to revoke those apps’ permissions to users’ data. This is able to be done when a user goes into their Facebook privacy settings, but Facebook now wants to make it simpler for users to access by placing this tool at the top of users’ News Feed's.

  • Settings will be easier to navigate: Facebook’s settings menu will be centralised and easier to navigate for users. Facebook settings are currently spread across different screens. Users can access their settings on the top right corner of their News Feed by clicking the downwards facing arrow.

  • Users can check whether their data was shared with Cambridge Analytica: Users can access the Facebook Help Centre by clicking on the downwards facing arrow to the right of the Help button in the top right corner of their news feed and selecting Visit Help Centre. Once in the Help Centre, users can search for ‘How can I tell if my info was shared with Cambridge Analytica?’, as shown in the image below.

 

Guide on how to check Facebook settings for Cambridge Analytica

Tips to ensure your data is protected on social media

  • Turn off your location: Unless you really need your location to be on, say for navigation purposes, turn it off. Many apps and social media websites can use location data to build profiles of users just like you and then target ads and sell data to other corporations using your location data. You can turn off your location in your device settings. 

  • Disable access to your information (contacts, photos, videos etc.): Unless you really want to share a photo or video on social media, it is a good idea to limit the amount of access apps and social media websites have to your information. This can typically be done by logging into your social media account and accessing your settings on their website or app and then limiting the amount of information you share with the platform. You can also go into your device settings and limit the access the social media platform has to your information or device. This is a particularly good idea if you want to limit the amount of personal information leaked in the event of a data breach. 

  • Read the terms and conditions and/or policies of use: Even though it can be tempting to scroll through lengthy terms and conditions or policies, the terms and conditions or policies typically detail what information is required of you, what information is being taken from you and how your information is being used. Otherwise, you may be signing yourself up to have all of your data shared with third parties.

  • Use a strong password...and a different one to your other online accounts: Using the same password across multiple social media accounts can be tempting due to the convenience of it, but it only worsens the outcome of a data breach, i.e. a malicious hacker seeking to obtain user personal information for nefarious reasons. Make sure to avoid using your name as your password or a generic password such as “Password1”. Make your password difficult to guess and create a new one for your other accounts.

  • Log out if you’re not using your account: Logging out of your social media account when you’re not using it is important because it prevents others from accessing your account and any sensitive information. Plus, browsing the web whilst logged into your social media account can enable third parties to gather more information from you as based off your browsing habits.

  • No matter how tempting it is, stay away from connecting to free Wi-Fi: Free, unsecured Wi-Fi networks can be tempting to connect to, but once you do connect to it, it can leave your data - and you - exposed. This means that anyone who is motivated to do so has the opportunity to monitor your traffic while connected to the free Wi-Fi network. If you still decide to use free, unsecured Wi-Fi, then do not log into any accounts that you wouldn’t want information taken out of, i.e. bank accounts, medical records, social media accounts. To ensure your traffic is secured on an unsecured network, it is a good idea to use a trusted VPN (Virtual Private Network).

  • Practice safe browsing: Be careful of what you click or download when browsing the internet and social media on your smartphone. Beware of any dodgy links and apps. It is a good idea to buy and download antivirus protection to make sure you’re protected.

  • Limit the amount of information you share on social media: Before posting to social media, ask yourself if you really need to be sharing your personal information or photos on there. The less information about you online, the lesser the chance of your information being compromised.

  • Install add-ons that block trackers: There are add-ons that can be easily installed in your browser that can block some or all of the trackers within websites, such as social media websites. The catch is that they might not make the website as easy to use as it would be without the add-on installed. Trackers can be planted in your web browser by a website and allow the website or third parties to collect information on your browsing habits (even after closing the app or logging out of an online account). It is useful to clear your browsing data regularly – Apple, Google and Microsoft provide simple instructions on how to do so.

  • Have a look at what’s already out there: Some social media platforms allow you to access the data that the platform has collected. For example, Facebook lets users download their Facebook data. This can help users understand what is being collected, how it is collected and what is being done with what’s collected. Facebook now also lets users see whether their data was accessed by Cambridge Analytica. Users can also edit the privacy settings for the apps and games that they use, as shown in the image below.

 

Guide on how to check Facebook apps permission

  • Delete: If you’ve decided that you don’t want your data shared with social media platforms and their third parties, most social media platforms will allow you to choose to temporarily deactivate your social media account (this does not delete your account) or permanently delete your social media account (your data and account will be deleted). Apps can also be unlinked from social media and deleted.