Facebook is embroiled in a hot mess right now, largely in part due to its own failings to secure user data obtained by Cambridge Analytica.
On 16 March, following a ground-breaking report in The Observer, the social network giant confirmed that it had suspended Strategic Communication Laboratories (SCL) and its political data analytics company, UK-based Cambridge Analytica, for violating its terms. The companies had collected and shared the personal information of up to 50 million Facebook users - without their explicit consent.
Here's what you need to know about the scandal and how to protect your data on Facebook so that it can't be harvested without your consent.
- Facebook Messenger Kids: How does it work and where is it available?
- Don't want to unfollow a friend? Facebook now lets you 'snooze' them
- What is Facebook Creator and what can you do with it?
The Cambridge Analytica scandal explained
Who is Christopher Wylie?
Christopher Wylie, a data scientist, is a former Cambridge Analytica employee turned whistleblower.
He spoke to The Observer about his former employer and about how Facebook’s core business model - delivering tailored ads to users - can be exploited. He revealed Cambridge Analytica quietly collected data on Facebook users and weaponised that data, in a sense, by targeting people with misinformation and specific ads designed to change their behavior (like, whether to believe in a cause or vote a certain way).
As a result, several questions have been raised about how much of your data was - and can be - collected without your explicit consent and whether it was used to influence the 2016 US presidential campaign. It also raises questions over the 2016 Brexit referendum, as it's been reported that Cambridge Analytica had pitched to work on the Leave.EU campaign that Ukip backer Arron Banks funded.
What is Cambridge Analytica?
Cambridge Analytica, which is owned in part by hedge fund billionaire Robert Mercer, primarily helps politicians from across the world with their campaigns. It did work for Senator Ted Cruz's 2015 presidential campaign, for instance, and even Donald Trump's presidential campaign in 2016. It reportedly also helped the Leave.EU campaign - on an informal basis - with profiling and targeting voters on Facebook.
The company, which claims to harvest massive amounts of data to develop personality profiles and target voters’ “unconscious psychological biases", has been swept up in an investigation by the UK Information Commissioner’s Office (ICO). As of 19 March, the ICO was in the process of obtaining a search warrant to examine the internal servers of the company. Cambridge Analytica denied any wrongdoing.
How did Cambridge Analytica obtain Facebook user data?
As for how Cambridge Analytica obtained users' personal information in the first place, think to yourself for a moment about whether you've given permission to various quizzes and apps on Facebook. Have you seen those quizzes about "What would you look like as a movie star?" or "What’s your St. Patrick’s Day nickname?" If so, and if you tried them, you've likely exchanged access to your personal data.
Each app developer asks for different amounts of information, but it’s possible you've shared your Facebook likes, family and relationships, education and work history, religious and political affiliations, and more. A Cambridge University psychology professor, Aleksandr Kogan, developed a personality-prediction app that passed along personal data from 50 million Facebook users to Cambridge Analytica.
The app, called "thisisyourdigitallife", was presented as a personality quiz and research app for academic purposes. It collected 5,000 different data points about users and accessed their Facebook accounts and all their friends' profiles, too. This data was used to create targeted ads.
Is Cambridge Analytica grossly unethical?
Thanks to the trove of Facebook user data it collected using Kogan's app, Cambridge Analytica is able to tailor extremely specific ads to potential voters. The Trump campaign began working with Cambridge Analytica in 2016. Trump even appointed Steve Bannon, a former vice president of Cambridge Analytica, his campaign’s chief executive. Wylie described the company’s work as a “grossly unethical experiment".
He said Cambridge Analytica “built models to exploit what we knew about [voters] and target their inner demons.” Channel 4 exposed some of Cambridge Analytica's inner-workings when its reporters posed as clients and spoke with senior members of Cambridge Analytica's team, including CEO Alexander Nix, who bragged on a hidden camera about using bribes and sex workers to entrap politicians on behalf of clients.
The expose aired 19 March on Channel 4.
Does Cambridge Analytica still have the data?
Since Christopher Wylie spoke out on 16 March, Facebook has removed both him and Kogan's app and said it actually asked Cambridge Analytica in 2016 to destroy all the data it harvested. However, The Observer noted that “Facebook did not pursue a response," and that it didn't notify any of the affected users. The New York Times also said Cambridge Analytica “still possesses most of all of the trove.”
Cambridge Analytica said that it did destroy the information in question and is currently working with Facebook to resolve any issues. Facebook has now hired a digital forensics team to investigate the company. It said that, contrary to claims from Cambridge Analytica, it received reports that the data has not been destroyed. Facebook also disputed reports that describe this entire incident as a “breach."
It insisted that Kogan requested and gained access to information from users who "chose to sign up" to his app, "and everyone involved gave their consent." It's claiming people "knowingly" provided their information, and that "no systems were infiltrated'.
How to change your Facebook settings
Don't use third-party apps and revoke their access
Let's be clear: if you put any personal information on Facebook, you can expect it to be harvested and used by Facebook and third parties. But, if you want to lock down what exactly can be collected, you should never grant access to your Facebook account. When you see a funny quiz or cute app and want to try it, notice that it asks for permission to your Facebook account. That's how they harvest your data.
From a desktop, you can see a list of all the apps that have access to your data via your Facebook's App Settings page. Keep in mind many sites, like Airbnb, use Facebook Connect so you can login with your Facebook account. Those are generally safe, but there are other apps that you may not be using and may be unaware of how much of your data they are harvesting. Remove those apps, immediately.
Hover over the app in question, then select the 'X' remove button, and confirm. Alternatively, you can click the Pencil icon and change the app's visibility ("only me" or "friends", etc) and the info you provide to the app. On mobile, go to Settings > Account Settings > Apps > Logged in with Facebook. From there, you can tap on each app and adjust all the same settings found on the desktop site.
Adjust 'Apps Others Use' setting
Now, a little-known setting in Facebook allows people who can see your information to bring it with them when they use apps. Seriously. So, if a friend uses a third-party app on Facebook, he or she can share your information with that app. You can, however, adjust your settings to stop this from happening, via the Facebook's App Settings page. From a desktop, go to the Apps Other Use section at the bottom.
From there, deselect all the categories of information you don't want shared, like bio, posts on my timeline, birthday, hometown, family and relationships, current city, interested in, education and work, religious and political views, activities, interests, things I like, my website, my app activity, If I'm online, and so on. Be sure to click the Save button once you've finished editing your preferences.
On mobile, go to Settings > Account Settings > Apps > Apps others use. Now, you can adjust all the same settings found on the desktop site.
Make your Facebook account private
This one may be obvious, but make sure your Facebook is private. Facebook has a lot of privacy settings (here) available to users. You can manage them by tapping the drop-down arrow on the top-right of Facebook (from the desktop site). Next, choose Settings and select Privacy. You can then change who sees your posts, your number, your friend requests, and more. We recommend changing those to "only me".
On mobile, go to Settings > Account Settings > Privacy. Now, you can adjust all the same settings found on the desktop site.
Turn on those additional security settings
It's worth exploring Facebook's other security features (here). You can get alerts for when Facebook sees a login from a device or browser you don't typically use. You can also enable two-factor authentication so that a code is sent to your phone and is required every time you log in to Facebook. These feature will help prevent others from accessing your account, though they won't stop your data from being harvested.
On mobile, go to Settings > Account Settings > Security and Login. From there, you can adjust all the same settings found on the desktop site.
Should you delete your Facebook?
This is a personal decision that we can't decide for you. The best way to protect your personal data is to leave Facebook, but in reality, Facebook also owns Instagram and WhatsApp. So, to properly leave Facebook's ecosystem and lock down your data, you'd need to abandon those as well. If that's what you want to do, go here to deactivate your Facebook. It isn't permanent, and you can always go back if you wish.
On mobile, go to Settings > Account Settings > General > Manage account. From there, you can deactivate your account.