Facebook shares are taking it on the chin today as the Cambridge Analytica story unfolds and we learn just how insecure our Facebook data has been. The mainstream press has — as usual — understood only parts of what’s happening here. It’s actually worse than the press is saying. So I am going to take a hack at it here. Understand this isn’t an area where I am an expert, either, but having spent 40+ years writing about Silicon Valley, I’ve picked up some tidbits along the way that will probably give better perspective than what you’ve been reading elsewhere.
Much of this is old news. There are hundreds — possibly thousands — of companies that rely on Facebook data accessed through an Application Programming Interface (API) called the Graph API. These data are poorly protected and even more poorly policed. So the first parts of this story to dispel are the ideas that the personality test data obtained by Cambridge Analytica were in any way unusual or that keeping those data after their sell-by date was, either. That doesn’t necessarily make the original researcher without blame, but the Cambridge folks could have very easily found the same data elsewhere or even generated it themselves. It’s not that hard to do. And Facebook doesn’t have a way to make you throw it away (or even know that you haven’t), either.
Facebook never really tried to protect its data in any big way. They have a rate limiter to slow down the number of pulls through the API, but it is (maybe was depending on events of this week) all very lenient. The only trick is getting Facebook members to authorize you. Facebook’s safe harbor, you see, is the fact that you have authorized this specific release of personal data. Often, however, the Facebook member has no idea they have authorized anything.
Much like Nigerian spammers purposely including spelling errors in their emails to trap “dumb” people —the quizzes on Facebook about “Which Star Wars character are you?” are there just to get you to authorize them. Then they go harvest your data. The authorization is built into the terms of service when you take the test.
So don’t take any Facebook quizzes, surveys, or tests — EVER.
The aspect of this story that ought to be of most concern to Facebook members is that once I have authorized someone to use my Facebook data I have authorized them to use not only my data but also that of all my Facebook friends!
As of this morning I have 2,980 Facebook friends. If I was stupid enough to authorize the release of my data I’d be authorizing the release of all the data on 2,980 other people, too. Now maybe I have more Facebook connections than most people, but you can see how getting only a few thousand survey responses can yield hundreds of thousands of records.
I’m told the average active Facebook member has 250 friends, so one person signing up is like getting 250 full and complete profiles. It’s such a broken system with no way to ever opt out.
One thing Facebook needs to do, then, is to give its users an easy way to opt out of any and all such data scams after-the-fact.
Why would Facebook allow such a system to even exist? Some reporters have pointed out that selling data is, itself, a business for Facebook. Actually, it’s not that big a business — certainly not big enough to justify this shit storm. The more likely reason for such lax behavior is that it drives up the numbers that are of such interest to Wall Street. Total number of users and activity on the Facebook site are important to Wall Street along with ad revenue. And while Facebook is opposed to driving higher numbers with robots: hey, accessing the data on 2,981 members after I click send isn’t a robot, it’s just stupid old me — a longtime member. No bots here.
Wall Street always wants higher and higher activity so Facebook has had little impetus to be good.
I’ll end on a rumor. I have no idea whether this is true or not but the story is going around and it has a ring of truth to me. Just as Cambridge Analytica crunched the numbers and figured out Facebook data could be a valuable tool for influencing voter behavior, Facebook CEO Mark Zuckerberg reportedly came to the same conclusion. Zuck, who has harbored dreams of public office, apparently found the inspiration for those dreams by realizing the incredible manipulation tool he had at his disposal. He could manipulate his way into office.
Regular readers may remember that one of my predictions for 2018 was that Zuckerberg would this year give up his Presidential ambitions.
I’ll mark that prediction as correct.
This isn’t a Mineserver post. Do you even know how time functions when you say: “at Mineserver LLC and will have a revised design ready to go shortly….Look for a spec update and a new shipping schedule in a couple more weeks, followed shortly by a clever marketing announcement you may enjoy (it’s Fallon’s idea).” – January 2, 2018
.
At this point you’re going out of your way to ignore the issue. Everyone wants closure. Check our your Kickstarter site which has people BEGGING for information and all you give us is silence…
Face it. You’ve been HAD. Look in the mirror and say “you are a sucker”. Chalk it up as a loss and move on with your life. Lesson learned.
–
Never trust someone you don’t know personally. And even then loans should have collateral.
@Mark So you’re willing to admit/accept that Bob is just a fraudulent liar who keeps saying “more on that soon” rather than being true to his word that he truly does have an update coming “any day now”? How can you follow/trust anyone who lacks credibility like this and is leading “suckers” along and won’t just step up and put an end to all of this if that were truly the case?
.
While I don’t trust Bob anymore, I DO think he’s smarter than wanting to put on this charade indefinitely if it really were just a hoax to swindle money ($35k). I think he and his sons are “working” on the Mineservers, they just have zero motivation and drive to get it done within any reasonable amount of time, meanwhile Bob continues to just make empty promises to cover his butt and keep us at bay…
I have to admit that I’m puzzled by this – it was quite obvious that this was happening before the last election. I’m very glad that it’s now become a big topic but Facebook are not the only people doing this – corporations like Equifax have access to very much the same data sets.
You say “It’s such a broken system with no way to ever opt out.” Actually, there is a very easy way to opt out.
https://www.facebook.com/help/delete_account
There you go. If you click on that, you will add 10 years to your life.
If you know anyone on Facebook then they will still keep collecting data on you – Facebook data collection is not limited to Facebook members.
Never signed up for FB. Their idea of *free* is WAY WAY too expensive for me. I use every browser trick to keep from disclosing data to them and their ilk. Yet I have no way to stop my meat world friends from downloading the app and coughing up my contact information.
–
That is what congress and the FTC need to work on. Allowing users to REALLY opt out.
“I’ll end on a rumor. […] I’ll mark that prediction as correct.” …wait, what?!? You’re taking a rumor as a fact towards locking your prediction down as correct? Do you generally use this logic to pad your numbers? I don’t even know where to start with this.
what i think he’s saying is that MZ will have to abandon being elected due to having to answer questions about whether he manipulated the populous simply because he can. no one will believe denials at this point.
Bob took credit for predicting that Apple will buy Adobe few years ago. Bob was DJT even before DJT.
Once you gain access to “Friends” Facebook data is there anything preventing you from accessing their friends also?
I’m told it stops at the first friends layer, thus not including “Friends of Friends”
Now, I have no idea what happens if one of those friends hasn’t locked down their privacy settings and everything they do is “Public” There are way too many profiles out there that anyone can fully browse.
Someone should look into that.
As an aside….when I found out that signing into ANY FB game to play (like Bejeweled, or what was that big one? Farmville?) you automatically become that corporations “Friend”
When I wrote FB two years ago and asked them if that was true their answer was ” Yes, because it helps improve my facebook experience”
Good analysis. From this perspective, Zuckerberg is one of the luckiest people alive in becoming a multibillionaire based on tech that’s not that revolutionary. Your term, Accidental Empire, applies here in spades.
One thing Facebook needs to do is ……. die. It is a blight on humanity…..
The problem is that it’s not just Facebook, there are a lot more organizations that have built databases like Facebook have … read up on the details of how Cambridge Analyticia did it … and sit back and think how easy it is …
Wow, two posts in the space of a week! In Crookely time, that’s like less than a minute!
.
With so much energy and production in the Crookely lair, I’m sure we’ll have those Mineserver updates (New specs! New shipping schedule! New marketing idea!) Real Soon Now™!
.
Please get a life.
There’s one born every minute.
Thanks for the reminder about Bob’s credibility, and the need to address the issue properly.
This has been happening for a very long time. Acxiom Corp owns Infobase, the largest database of non-financial information on pretty much all Americans (they know what magazines you read, what car you drive, what prescriptions you take, and so on). They started as a direct-mail outfit for Democratic election campaigns.
Why the journalist and media feel that NOW the social networks are using and analyzing private data (made public by millions of silly people) ? Lack of news ? What is “new” behind all these ? What is the new event nobody else knew about, before the media made public actions like “gathering/storing/analyzing of data” ? Not even Snowden was necessary to enlight these facts. Ahh, people is NOT IT-aware, thus, before these actions were made public, people never thought that somebody would use their data… ahh… people never think in what happens when they PUBLISH personal stuff and make it available to THE WORLD.
What I wonder is why the media, the journalist believe they must focus the public attention on this things NOW. I know these things happens since the beginning, no need an Einstein to know, really, so I don’t see what’s “new” in these “news” of today. You ? You think that Facebook was a “secure” thing ? Why do need to play the cinical here Bob ? To have a subject to write about ? There are so many subjects in the universe and among those you need to write about THESE ? Why is that ? Of course the police use the data. Of course ALL the information agencies use the data. Everybody use the data, ALL THE TIME SINCE DAY ONE. What is new ? Everybody should know that the most used source of data IS internet, the social networks, the silly things people say, the opinions that people share, everything IS used ALL the time. What is new ? What is it that nobody knew before today ? You know far better that all this, so I wonder: Am I missing something ?
The reason it’s in the news now is that Facebook, even now, continues to insist on their website that you have control of who sees your data. Exactly what they mean by that is unknown to me. Unfortunately, Bob and the rest of the media still don’t clearly explain the apparent contradiction. If Facebook’s privacy claims were provably false, they could be sued out of existence, yet there are no news stories about lawsuits.
Why *NOW* is that over last weekend Channel 4, a British TV channel broke the story of an under cover investigation they’d been running on Cambridge Analytica, which appears to be rather far from the nice fluffy, clean-handed organisation it had claimed to be. It also has deep ties to President Trump because Steve Bannion was one of its founders.
Apart from that, the link to Facebook is somewhat indirect: in 2016 a researcher named Aleksandr Kogan ran a data collection app on Facebook data for a psychological study he was working on. Somehow Cambridge Analytica found out about that, discovered the data was exactly what the Trump campaign organisation needed, and obtained a copy from Mr Kogan. The trouble Facebook is in right now has been well explained by Robert Cringely.
You in America need to discover the full ramifications of the links between organisations like Cambridge Analytica and your political parties because its starting to become obvious that this type of activity is not limited to the Republicans and involves rather more companies than just Cambridge Analytica.
The same can be said here: there appear to be close links between the Conservative Party and the C-suite of Cambridge Analytica and its holding company, the SCL Group. I wouldn’t be at all surprised to hear that these also extend to Nigel Farrage and his UK Independance Party, seeing that Cambridge Analytica seemd to have had its fists deep in the Brexit campaign.
Make no mistake: Cambridge Analytica is a danger to democracy everywhere: it has been involved in elections in Africa and South America and, one sustects, in the Middle East as well. You guys seem to tolerate this sort of interference in your elections as long as it isn’t by the Russians, but we don’t like it at all, no matter who is doing it and, in fact, have for a long time put limits on the amount any candidate or party can spend during an election.
“…we don’t like it at all, no matter who is doing it…”
You say that Brits don’t like invasions of privacy, but your government has surveillance cameras everywhere, probably even in the loo. Seems that you gave up that fight a long time ago.
Unfortunately, here in the States we’ve been following your lead…
When I said ‘We don’t like it” I was referring specifically to big money and business interfering in elections, not to privacy.
You’re right about the number of CCTV and ANPR cameras scattered around the UK, though. There are too many, but hopefully the full adoption of GDPR will start reigning those in. However, as far as general hoovering up of stuff from the internet and phones, I don’t think we’re any more surveiled by GCHQ than you are by the NSA and FBI, though both sets of ‘stasi need a firm boot in the groin before being put back in their kennels.
There is evidence that the snoops already have more data than they can handle. You’ll note that in the Paris shooting and the killing of Gunner Mills that the perps in both cases were known to the security people and yet they did nothing to stop both crimes. They’ve never said why this was the case, so I’m left wondering whether their data haystack was simply too bit for anybody to fond the needles in it.
Following myself up to say…
A central figure in breaking this story seems to be Chris Wylie, who was a Cambridge Analytica analyst until he thought about where the stuff he was working on was leading to and resigned.
I’ve just being listening to a BBC Radio 4 program that clarified the timeline and the news organisations involved on understanding this story. The originator is a free-lance journalist, Carole Cadwalladr, who did most of the ground work over about two years in conjunction with The Observer and Harper’s Bazaar. They brought the New York Times on board because Chris Wylie wanted a reputable US newspaper involved. Channel was a later arrival at the ball and, my guess, was brought in because they could do the undercover filming and would make a bigger initial splash – one that would be much harder to kick into the long grass.
The program ended by saying that there will be more breaking news tomorrow on this topic.
Here’s a link to the Observer article (it is part of the Guardian Media Group in case you are wondering):
https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election
There is also useful coverage on The Register: https://www.theregister.co.uk
I suspect that the reason for the lax data security is to allow advertisers to find out as much as possible about Facebook users, so that they can target them more precisely.
What they pay the big bucks for is not the harvesting the data but for the advertising that follows. The more that they know about who their potential customers are, the more they’re prepared to pay Facebook to target them. That’s much better value for money than the old-fashioned scattergun approach of showing the same ads to everyone.
It’s not “lax security” – the information is what Facebook are selling … everything you need to do “targeted advertising” …
“Miss Stellwagon says advertising makes people who can’t afford it, buy things they don’t want, with money they haven’t got.” – Mr. Blandings Builds His Dream House (1948)
Political parties spend billions of dollars on election campaigning, nearly all of which is just advertising. But people are now shocked to discover that this campaigning uses the same techniques as other advertising campaigns. Yes, this involves snooping on users of social media, but hardly anyone seemed bothered about that before.
It’s all a game, not a serious thing (provided that really serous things exist at all).
Why should FB be more secure than a bank, insurance of government system?
Just becasue we think they’re nerd-like, geek-like, hacker-like people?
Ah! Forget about that! It’s all a game. We read everyday about breaches in banks, governments, utilities, dating clubs, email providers … Can you spell “Snowden”?
Those systems have backdoors, intentional or not isn’t relevant.
Those services can be abused in a number of ways, by design or not isn’t relevant.
Do you think I am joking or overrating the problem? Maybe.
But please, think a little bit more about the Intel ME backdoor.
Think about the “meltdown” and “spectre” CPU exploits.
Think about the security that should be in place at your mobile operator services.
Think about the security that should be in place inside your mobile device.
Would you place your bet you, your behaviors and your data are safe?
Facebook is clearly an overrated service, a clear bait for unsavvy people willing to put all of their private stuff in plain sight.
In the end, it’s just a game. You don’t complain when you loose your hotel at Monopoly, why would you when someone uses your data from FB?
”… Actually, it’s not that big a business…” Well, being able to sell the position to the next president of a country or providing the tools to other to round up and jail 150.000 of his opponents in a week sounds like pretty big business to me.
You might want to also turn off any setting like this with Windows 10 as well. And I stopped using Chrome and use Firefox private windows.
No surprise. I knew from day one that they’d collect whatever they could, like Google, ads are their income generator. And the FB app itself is very simple with a limited crappy design, nothing really good like apps by developers for private industry companies. Just junk.
I use a fake name on Facebook, and do not really use it for anything meaningful, no personal data added, no apps, shut off anything privacy thing I can, no friends (sniff!). I just do some random posts on news forums that require FB sometimes.
> “You might want to also turn off any setting like this with Windows 10 as well.”
Sure, you can move the little sliders around. And 10 keeps chatting with the Mothership anyway. Note Microsoft backported telemetry to 8 and (to some degree) 7 as well.
I figure it’s like the fake thermostats some office buildings put in various places. They’re not actually connected to anything, but being able to turn the dial makes the cubedwellers less frustrated…
I feel that the Equifax hack was a much bigger deal than what’s going on in FB. Equifax had Social Securtity #’s stolen along with addresses, which to me seems to be more personal than what people put up on FB. Yet, the FB deal has been blown up way more than the Equifax hack, EFX stock is almost back to where it was prior to the hack, I thought the company would go under for it. FB stock is not far off from where it was, but the media seems to be portraying this as pretty apocalyptic. I’m not on FB so maybe I am missing why this is such a big deal, just need some clarity on why this is a bigger deal than Equifax.
A question from a person w/o a FB account: Should one unsubscribe from FB, does FB get to keep the data?
I’m rather liking the Right to Be Forgotten (R2BF) concept of the GDPR these days. Could a non-EU person request such a thing, or does it happen magically when one unsubscribes?
How would a person do so for InfoBase, per Fazal’s note, above? Or sheesh, even from Yahoo? Or from leasing companies, credit card companies — oy veh.Suddenly it feels daunting. At least my Blockbuster rental history is toast. (or is it?) Netflix/Hulu/Amazon–fy dah!
Seems like it’s time for the US to have a R2BF regulation.
Don’t forget the opm data leak which got very little press
Leaking everyone’s security clearances
https://www.cringely.com/2015/07/30/who-is-your-it-outsourcing-firm-working-for/
Everyone has forgotten how close google and the White House was under obama
http://www.unitedliberty.org/articles/16862-new-america-foundation-google-and-the-obama-administration
[…] https://www.cringely.com/2018/03/20/facebook-cambridge-analytica-and-our-personal-data/ […]
CA did this Facebook mining with an app, because another source of the data was charging too much.
Obama campaign did something similar, and pulled the entire Facebook social connections graph. Facebook looked the other way on this because they were supporting Obama.
Reality is these things to do not make that much of a difference. CA started out working with Ted Cruz.
At one point, based on a CA analysis, he supported a particular law just to get 6 votes in Iowa.
Trump dropped CA for the closing stretch of the campaign, finding RNC data to be more effective.
Republican campaigns hire CA because they see it as a requirement to get money from a prominent donor.
Glad, Zuck has accepted the charges.
“Face it. You’ve been HAD. Look in the mirror and say “Bob is a con artist”. Chalk it up as a loss and move on with your life. Lesson learned.”
.
FTFY
Unrelated comment, but ProPublica (https://features.propublica.org/ibm/ibm-age-discrimination-american-workers/) just published a study that said IBM practiced age discrimination. Old news for Cringely followers.
no, he is just buying time
Comparing the Obama campaign’s use of Facebook with the Trump campaign’s use of fear to manipulate opinion can only kindly be described as disingenuous. Actually, it’s flat wrong.
https://www.snopes.com/fact-check/obama-campaign-use-tactics-cambridge-analytica/
Also, @Roger Sinasohn, nobody like a troll.
“There’s one born every minute.” — O’Brien
.
Absolutely true. Most of us, however, don’t take advantage of them and some of us even try to look out for them.
.
Crookely fans seem to think it’s all hunky-dory when when it’s Crookely who’s doing the taking-advantage-of.
.
To be perfectly honest, it reminds me a lot of all those folks who were up in arms over Clinton’s peccadilloes or Obama’s tan suit but don’t mind at all when Trump is off having multiple affairs right after his wife gave birth or when he basically said he sexually assaults women or when he encouraged violence….
.
@ScottC – what about sanctimonious a***holes that speak up without really knowing what is going on. The Mineserver jihadists are making sure that Mark’s misdeeds aren’t forgotten.
Lol
This has become a tabloid of presidents sexual lives now
Someo of us know their sexual lives ?
Like the Facebook scandal revealed they they and get everyone in compromised positions so they can be controlled
Look at the wiki leaks guy as an example
This Facebook stuff is done all the time
Google was and IT corporations have an enourmos influence as does India with corporate help, nibody cares
Corporations have the most powerful lobbies, yet nobody cares, they donthe most damage to public inretewts, oirsouring h1b healthcare etc nobody cares, and we are worried about Russia
I’m glad someone is keeping tabs on people’s sexual lives, that’s really important
“Right to Be Forgotten” (RTBF) regulations are abused in Europe by bad actors who use them to remove
true information about their misdeeds. I.e., A scams B; B posts a legitimate complaint; A invokes RTBF
to have post taken down.
What is needed is ownership of personal data. Third parties would need explicit permission to to collect,
aggregate, sell, etc.
Snopes is just retelling the same things to make them look different. Both Obama and CA pulled data on people and their friends from Facebook. They didn’t know this was happening. The friends never gave permission. The exact method was different, and snopes tries to use this to clear Obama of ‘wrongdoing’.
> Zuck, who has harbored dreams of public office, apparently found the inspiration for those dreams by realizing the incredible manipulation tool he had at his disposal. He could manipulate his way into office. Regular readers may remember that one of my predictions for 2018 was that Zuckerberg would this year give up his Presidential ambitions. I’ll mark that prediction as correct.
If this is true, he frankly doesn’t need to run for president – he’s already able to be powerful and influential enough without the daily grind of governing a superpower.
To those folks who are upset about the Mineserver/Kickstarter issue: I understand that you’re upset and we could empathize with you on it at some point in the past, but please take your communications with Bob somewhere else.
You’re not hurting Bob at all with your vitriol-filled comments. You’re instead hurting us innocent readers. Your bitter posts have become nothing more than white noise and spam that we have to skim through, when all we want is to be informed by other commenters’ opinion on the subject at hand.
Please consider the above before throwing another pointless grenade into the community of commenters.
So are comments broken here too? Can’t seem to reply to the one I want to reply to…
.
Re: Right To Be Forgotten laws and their potential for abuse, I also think shame has a certain role in a healthy society. However we have something in America in which guilty parties can ask after a decent interval to have their record expunged. It varies widely from state to state and serious crimes are impossible to have expunged. Something of this nature would maybe be the closest thing to an adequate RTBF process we can manage.
“You’re not hurting Bob at all with your vitriol-filled comments. You’re instead hurting us innocent readers. Your bitter posts have become nothing more than white noise and spam that we have to skim through, when all we want is to be informed by other commenters’ opinion on the subject at hand.” — BJ1921
And I wonder how many readers have stopped reading Bob’s site? Perhaps, at some point down the road, it will be only Crookely, his Mineserver backers, and the crickets here. Then, maybe, he might actually do something about the mess, other than saying things like “Look for a spec update and a new shipping schedule in a couple more weeks…” and then not saying anything else for, what, almost 4 months now.
Life without Facebook is fine and dandy as far as I’m concerned.
The mineserver issue needs to be properly addressed. Until then it’s like discovering Superman is a pedophile.
Left Facebook a week ago after almost nine years.
Ready for a subscription-based social network that treats me like a customer, not a food source.
If Apple has all that cloud capacity, I think I see a potential use for it.
I Agree! That has always been my position!
Amazing post… Xender Application is the most driving and awesome application which is utilized for send, exchange and get records. You can easily install Xender for PC Windows .