March 29, 2018

The Facebook Kerfuffle and What it Means For You

The Facebook Data Scandal and What it Means for You and Your Personal Information


How to Protect Your Facebook Information,
and How To Download Your Facebook Data



For the last week or so, Facebook and its data-sharing tendencies have been in the news.  "Delete Facebook" campaigns are proliferating the Web, and a lot of folks are wondering what really happened and how worried they need to be.  Today, we're going to look at the Facebook controversy, discuss how users were actually complicit in this breech, and talk a little about the ramifications. We'll also look at how to protect yourself in the future, as well as explain how you can download a copy of your Facebook profile so you can understand what the data miners really obtained.

What Happened with Facebook and My Personal Information?

In a nutshell, an individual created a rogue quiz app.  This particular quiz was a Personality Test, and of course, it encouraged you to both share your results and to invite friends to take the quiz.  Almost immediately after launching, over 10,000 Facebook users had taken the test.  After it went viral, over 270,000 people downloaded the quiz app, and even more used the web-based version.  Folks ignored the app's permission requirements, and willingly gave the app permission to access their information, as well as that of their friends.  Soon, the quiz had harvested the Facebook data of over half a million users.  Many of these folks had never accessed the quiz personally, but rather had their data mined through a "friend" giving the app permission to basically take what it wanted.

The Quiz Creator then sold all the information he had collected to a data mining firm. That firm repackaged the data and sold it to Cambridge Analytics.  Cambridge Analytics then used the data to profile people politically, and to "reach out" to folks in order to manipulate their thoughts during the last election.

So in sum, a dude created a quiz so that he could mine data, with folks' permission. He mined data, and then he sold all that information to  marketers. They ran their algorithms on the content, repackaged the data and sold it yet again.  Someone blew the whistle, and Facebook users were outraged, expressing surprise that their Facebook information could be used in this way.

What folks are failing to understand is that they basically gave permission for all of this to occur when they clicked "log in with Facebook" on that quiz app.  Users failed to pay attention to the permissions the app was requesting, and they failed to check the Terms of Service or Privacy Policy of the site hosting the quiz.  

If you are a follower of this blog, you've read the warnings about data harvesting and the dangers of Internet quiz sites.  For newer readers, the following posts detail how many of these sites exist solely to mine and sell your data, and what you need to look for when you want to take (or host) a quiz:


In light of this Facebook kerfuffle, it might be time for some folks to go back and read these articles again.   When you take many of these quizzes, you are basically exchanging your personal data for a chance to see how you would look as a Cover Girl.  If you read the Terms of Service, you will see that you are giving them permission to mine and use your information so long as the app remains connected to your Facebook Account.

So Cambridge Analytica basically did nothing wrong.  They purchased data users had given them permission to aggregate.  Users granted the original quiz app permission to use their Facebook Data, as well as to sell it.  

The Scope of the Information Collected

This scandal brought the scope of the information Facebook collects on its users into the forefront.  Many people share the most personal and intimate details of their lives on Facebook, and they think they are keeping them private when they restrict viewing to "Friends Only."  They fail to realize connecting an app to Facebook generally gives its creators the same rights as your Facebook Friends, and then some.  

I think the biggest shock to users was finding out that permissions granted to the Facebook App itself were "inherited" by many of the apps users would connect to Facebook.  People tend to ignore the permissions apps request, and just blindly install them.  On most mobile platforms, you must grant all permissions an app requests, or that app will not function.  Like with overly long and complex Terms of Services, users tend to click "agree" without really understanding what they are agreeing to, or how an app will use many of those permissions.  

With the proliferation of ad-blockers, apps and websites must turn to other methods of making money so that they can remain free to use.  Ad-generated revenue is quickly being replaced by data mining. And users willingly give up their information for a chance to win real money in the latest viral trivia game.

ALL of the Facebook mobile apps require extensive permissions for use.  All of these permissions are echoed in the Facebook Terms of Service.  The required Android permissions are reprinted below, copied and pasted from the corresponding apps at the Play Store.  Pay particular attention to the data listed under "Other."

Facebook App Permissions:


This app has access to:

Device & app history

    retrieve running apps

Identity

    find accounts on the device
    add or remove accounts
    read your own contact card

Calendar

    read calendar events plus confidential information
    add or modify calendar events and send email to guests without owners' knowledge

Contacts

    find accounts on the device
    read your contacts
    modify your contacts

Location

    approximate location (network-based)
    precise location (GPS and network-based)

SMS

    read your text messages (SMS or MMS)

Phone

    directly call phone numbers
    read call log
    read phone status and identity
    write call log

Photos/Media/Files

    read the contents of your USB storage
    modify or delete the contents of your USB storage

Storage

    read the contents of your USB storage
    modify or delete the contents of your USB storage

Camera

    take pictures and videos

Microphone

    record audio

Wi-Fi connection information

    view Wi-Fi connections

Device ID & call information

    read phone status and identity

Other

    download files without notification
    adjust your wallpaper size
    receive data from Internet
    view network connections
    create accounts and set passwords
    read battery statistics
    send sticky broadcast
    change network connectivity
    connect and disconnect from Wi-Fi
    expand/collapse status bar
    full network access
    change your audio settings
    read sync settings
    run at startup
    reorder running apps
    set wallpaper
    draw over other apps
    control vibration
    prevent device from sleeping
    toggle sync on and off
    install shortcuts
    read Google service configuration

Messenger Permissions:


This app has access to:

Identity

    find accounts on the device
    add or remove accounts
    read your own contact card

Contacts

    find accounts on the device
    read your contacts
    modify your contacts

Location

    approximate location (network-based)
    precise location (GPS and network-based)

SMS

    read your text messages (SMS or MMS)
    receive text messages (MMS)
    receive text messages (SMS)
    send SMS messages
    edit your text messages (SMS or MMS)

Phone

    directly call phone numbers
    reroute outgoing calls
    read call log
    read phone status and identity

Photos/Media/Files

    read the contents of your USB storage
    modify or delete the contents of your USB storage

Storage

    read the contents of your USB storage
    modify or delete the contents of your USB storage

Camera

    take pictures and videos

Microphone

    record audio

Wi-Fi connection information

    view Wi-Fi connections

Device ID & call information

    read phone status and identity

Other

    download files without notification
    receive data from Internet
    view network connections
    create accounts and set passwords
    read battery statistics
    pair with Bluetooth devices
    send sticky broadcast
    change network connectivity
    full network access
    change your audio settings
    control Near Field Communication
    read sync settings
    run at startup
    draw over other apps
    control vibration
    prevent device from sleeping
    toggle sync on and off
    install shortcuts
    read Google service configuration

The Outrage

Really, this scandal exposed the amount of data Facebook was allowing others to collect.  Even folks who were somewhat aware that Facebook was collecting this data were surprised to hear that ALL of it was being shared freely. Folks complained that they were not aware that "logging in with Facebook" or connecting an app shared anything more than a Public Profile.  Facebook apologized for not making this clearer, and promised to do better in the future when it came to how much was shared.  Upset at Zuckerberg's "weak" apology, "Delete Facebook" campaigns started going viral.

This outrage is misplaced. They may have hidden it in the fine print, but both Facebook and the associated apps warned you they were going to mine your data from the start.  You just didn't pay close enough attention.

This article (http://techlaurels.blogspot.com/2017/05/more-dangers-of-internet-quiz-sites.html) walks you through the Terms of Service of one of the viral quiz sites. These sites pop up under different names all of the time, with cloned terms.  They basically REQUIRE you to connect to the quiz using a social network BECAUSE they want to mine that data.  

Most of that data is already out there. (We discuss this in Privacy Implications of Sweepstakes, Freebies, and Like-Farming Sites.) Facebook just presents it in a neater format, much easier to export to a database, to run algorithms, and to detect trends.  And data miners have to give users so little in return for their personal information, if they can just convince them to connect with Facebook.  

What did the Data Miners Get Exactly?


If you want a better idea of the information the data miners obtained, you can download your own Facebook Profile.  The exact data they obtained depends on what you've shared and what permissions you have given to apps and pages.  European users lost less than American users, as their government imposes tighter controls on the type of information that can be shared and sold.  How you posted (mobile vs. desktop) can also impact the data collected, as you grant different permissions to Facebook apps than you do to its web portal.  

When you download your profile, it will break your profile up into categories.  My profile categories are represented in the graphic.  

Data categories include contact information (including demographics,) Timeline, Photos, Videos, Friends, Messages, Pokes, Events, Security, Ads, and Applications. If you play games, they most likely will be listed under  "Applications."  "Ads" shows the keywords Facebook uses to serve you targeted content, including sponsored posts, suggested pages, suggested groups, suggested apps, and plain, vanilla ads.  "Security" lists your various Facebook Sessions, including what devices and browsers are logged in, giving the data analysts lots of information about how and when you use Facebook.

How Do I Download My Facebook Profile?

It is easy to request your data from Facebook.  However, you really should do this from a computer with plenty of storage space, rather than on a mobile device. Depending on how much you use Facebook and the number of photos and videos you upload, your archive will be VERY LARGE.  Some archives are nearly a gigabyte in size.  You also want to avoid downloading your archive on any type of metered connection.  

When you request your archive, Facebook will take a while to actually prepare it.  Then it will send you a link to a website zip file.  The link is only good for 4 days, after which the zip file will be deleted from the server.  When the archive is prepared, Facebook will send you an e-mail containing the link. It will also send you a Facebook notification.  

How To Request Your Facebook Archive, Step-by-Step


If you have Facebook Pages, as well as a personal profile, you'll need to request each separately. The process is similar for Pages and Profiles.

Step 1: Open Facebook

Since you'll want to download your archive on a computer, we'll walk you through requesting it from the Web Version of Facebook, rather than the Mobile App.  So you'll want to open Facebook on your computer and log in to the associated Facebook Account.


For Pages, you'll see a "Settings" link near the top, right corner. Click on that to go to your Settings Page.



To access the Settings Page for your Personal Profile, click on the down arrow (next to the question mark) in the upper right corner. This will drop down a menu; settings is located near the bottom of this menu.  Click on "Settings" to access your Settings Page.


Step 2: Click on "Download a copy of your Facebook data"

For a Personal Profile, you will see a link at the bottom that says "Download a copy of your Facebook data."



The Settings Page looks a little different for a Facebook Page.


You will see a section called "Download Page." You need to expand that to get to the request archive link.  Once expanded, click on the text that says "Download Page."



Step 3:  Click "Download Archive"

Whether you are requesting a Page or a Profile Archive, you will be brought to a "Download" page after clicking the request archive link.


Click on the green "Download Archive" button to initiate the request.


A box will pop up asking you to re-enter your Facebook password.  



Yet another box will pop-up, telling you it will take some time to compile the archive.  Click "Request Archive" to start this process. 




You'll get a pop-up telling you you've made your request, and you'll be notified when the archive is ready. Click on okay to close this box. You'll return to the Download Archive page. You can close that until you receive your notification.

Step 4: Wait for a Notification


You will receive an e-mail, at the address associated with your Facebook Account, when your archive is ready.  This e-mail will contain a download link. The notification may go into your Spam Folder, so be sure to check that before thinking it never came. The link will expire in 4 days, and once it expires, you will need to start the request process from scratch.



If you have requested a Page as well as a Profile Archive, you will receive a separate e-mail and link for each.  When you have received the e-mail, click on the link contained in the body.  This will open a web browser and take you to a Facebook Download Page.

Step 5: Download Your Archive



When you've clicked through the e-mail link, or clicked through from a Facebook Notification, you'll be brought to the Facebook Download Page. That page will tell you your archive is ready to download.  Click on the green download button to initiate the download process.


Yet another box will pop up, titled "Start Download."  Click on the blue button in that box to actually start the download process. Depending on which browser you are using, you may get a box asking you if you want to "save" or "open" the file. You want to click on "Save" rather than "Open."

Again, archives may be large, and depending on the size, may take a LONG time to download.  Your archive will come in a "zipped" file, which you will need to decompress. The graphic below shows the sizes of my archives.  I share few photos and videos, and I was a late Facebook adopter, so my personal archive is relatively small, compared to most.




Step 5: View Your Archive

Unzip your downloaded archive and open the folder. (You MUST unzip the folder for the navigation to work properly; your "index" page will NOT function if you try to view your archive while the folder is still compressed.) You should see a set of folders, along with a file called "Index.htm."  



Double-click on "index.htm." The page will open in your default Web Browser. You will see a set of navigation links in the left panel. 




Click on any of the links in the left navigation panel to open the associated information.  The graphic below shows the "timeline" section of the Techlaurels Facebook Page.  Content will be similar for a personal profile.  As you can see, this section contains all of the timeline posts from the Techlaurels Page.


Links for other categories will bring up similar pages with your archived posts.  


I found the "Ads" section particularly interesting, as this is what Facebook assumes interests me.  At the bottom of this page, there is a list of "Advertisers with your contact info."  I found MANY entries that correspond with my biggest junk mailers.  Believe it or not, THIS section is one of the most valuable to data miners.  THIS is the stuff they wanted that Facebook wasn't necessarily supposed to be sharing.  This list, run through various algorithms, can predict a LOT about the associated individual.

And in my case, it is probably the least accurate indicator of who I am. Sure, a lot of my page likes and tags are amongst the items on that list. But a lot of things I don't really like or use are represented on this list, probably because I am a sweepster.  I enter a LOT of vacation contests, none of which I ever win.  I enter a lot of contests sponsored by organic food companies, although I don't purchase a lot of these products. Looking at my "ads" list, you would think I do.  You'd also think I travel frequently.

So once you start examining the data Facebook has mined, you may be shocked by its inaccuracy.  You may think running your profile through a computer program would assemble a person with little resemblance to you. You might even decide to allow a little more tracking so at least the folks trying to sell you something have a better idea of what you might like. And you may not be as upset with the contents of what is floating around various data markets about you and your likes.

So, What Happens Now?

You know the entire world is upset, now that they realize their data is being sold on the open market to the highest bidder.  You've heard Zuckerberg apologize and promise to clamp down.  He's even offered monetary rewards for folks who report apps that misuse data. This is the equivalent to "sending thoughts and prayers." It's empty talk that really does nothing but try to appease the  sheeple, the digital equivalent of a "bedbug letter."  

Technically, none of the apps in question really misused data; they just suckered folks into willingly giving it up for next to nothing.  They told users what they intended to do with the data they collected. But users blindly gave permissions, never realizing the scope of to what they were agreeing.  If you want to protect your data from the data miners, you must refuse to give them the permissions they seek, and  you need to read Terms of Service and Privacy Policies BEFORE agreeing to connect with an app.

The good part of the "Delete Facebook" campaign is the awareness it brought to a lot of folks, as well as to the sites and apps that treat us like suckers day after day.  We must start voting with our feet and refusing to use the apps, games, and web sites that require free use of our data in exchange for an account.  We must understand that when an app asks for permission to "view our friends profiles, issue invitations, and post as you" that you are giving away your friends' personal data as well as your own.  And it's not the app's fault for asking; it is a users' fault for agreeing to outrageous terms in exchange for little in return.

Facebook, not wanting to see its stock crash any further, has vowed to crack down on permissions requested that are not really needed by an app. They did the same when the "Delete Messenger" campaign went viral a few years ago, but made few real changes in response. If they had really clamped down as they promised, the Cambridge Analytica scandal never would have occurred.

Today, Facebook promised to make privacy controls easier to find and to make data collection policies more transparent. They also agreed that from now on, anything you delete from your profile will also be deleted from the associated Facebook archive, and they'll stop collecting data on it.  How many of you were aware that when you deleted something from your Facebook, it persisted in their "master record" forever?  So this is a start, but it still represents little change in the status quo.  In other words, nothing much has changed on Facebook's side.

The ONLY way to protect your personal information is to change your own behavior. Your data is a commodity, like any other, in today's digital world.  We all must recognize that it IS a commodity, and require something significant in return when we give it up.  They can have my data for a free t-shirt, however, I'm not giving it up for some bogus answer to who I was in a past life.  

So what is next is behavioral change.  So long as folks keep accepting outrageous terms, apps and websites will keep requiring them. Internet users must start being better about voting with their feet.

Summary

Today, we looked at the Facebook kerfuffle and the whole topic of data mining for profit.   We talked about what actually got shared, how it happened, and how Internet users were actually complicit in giving up their information.  It all started with a viral quiz, one that required connecting an app with Facebook, and required permissions that basically allowed them to mine your data as well as that of your Facebook Friends.  That data was compiled and sold.  The buyer analyzed and compiled data and resold it to a company that used it in a way we neither liked nor anticipated.  And the world became more aware of the implications of data mining.

We also looked at the type of information the data miners collected. We learned how to download our own Facebook Archives so we could see exactly what parts of our own data were sold.  We discovered we can examine our own Facebook Archives to see the specific data Facebook has and retains.  We discussed how we all need to be more vigilant in protecting our own information and seeing it as the commodity it has become.  We talked about stopping the madness by refusing to accept the terms of service that put our own information at risk, and refusing to use apps or web sites that require it.

I recognize that this topic is controversial, and that my take is different than most. I have read article after article about how egregious Facebook was, and how we were duped and lied to.  I have seen the term "misuse" and "stolen" too many times when it comes to Facebook data.  And I have countered that it is not abuse when they tell you what they're planning to do, but rather naivety amongst the average Facebook User, who has never really pondered how Facebook actually makes its money.  I have stressed that this is not something that "happened to us," but rather is something we allowed to occur.  I expect many readers may be angry at this take. I welcome discussion in the Comments Section.

However, I stand by my reasoning, and I hope ALL readers will learn from this experience.  I hope EVERYONE will become more selective with what apps they allow to connect, and will become more judicious about reading terms before blindly agreeing to anything.  This issue is not unique to Facebook. Thousands of other apps and sites are selling your information in the exact same manner.  Facebook is just getting the brunt because of its size and ubiquitousness. 

We'd love to hear readers' thoughts and opinions on this whole kerfuffle, either here in the comments or on our Facebook Page.  We'd even like to hear why you think our take on this is wrong.

And as always, thanks for reading.




No comments:

Post a Comment

Thank you for contributing to the discussion! Your feedback is valued! (Unless you are a sunglasses or work at home spammer, in which case, your comment will be promptly deleted. :D) The Mods are reviewing it, to keep those types away! ;)