data use
... a thorough investigation into whether they did in fact misuse any data."
Does misuse even have any meaning in this context.? As far as I'm concerned the fact that they gather it is in the first place is the big issue here.
Yet another rogue Facebook app that gathered and sold "intimate" details on millions of users has come to light. A report from New Scientist finds that the myPersonality app had collected and shared the personal information for as many as three million users who had installed the app on their Facebook profile. The data has …
There are plenty of legitimate use cases for gathering *some* personal data.
If you're playing a game, for example, that game might request and store your contacts so that the game can notify you automatically when one of your friends starts playing the same game, or has beaten your best score, or done something you haven't, etc.
As long as that data is held securely and never sold or otherwise disseminated to third parties *and* as long as permission is given in the first place, I would argue that that is a legitimate use of that data.
A lot of the problems stem from the fact there are too many apps out there that take advantage of user laziness and grab all they can. Educating users and prosecuting rogue developers should take priority in my mind.
" that game might request and store your contacts so that the game can notify you automatically when one of your friends starts playing the same game, or has beaten your best score, or done something you haven't, etc."
That's not a legitimate reason to request access to your contacts. The game should request the specific game user IDs of your friends instead of requesting a complete list of everybody in your address book.
"As long as that data is held securely and never sold or otherwise disseminated to third parties *and* as long as permission is given in the first place, I would argue that that is a legitimate use of that data."
First, nobody can legitimately assure you that the data will not be disseminated to third parties. Circumstances change over time. Second, it's not the person installing the game who needs to give permission -- it's the people whose contact information is stored in your device. It's their information, not yours.
That's not a legitimate reason to request access to your contacts. The game should request the specific game user IDs of your friends instead of requesting a complete list of everybody in your address book.
That makes no sense. Where will it request these IDs from? How will it know who your friends are?
Here's how I envision it working (and how I will implement it if I ever have time to work on game projects again):
1) You download and start playing a game.
2) Your contact information (email or phone number) is hashed, sent to the game server, and stored along with your game user ID. (And possibly other information that you have consented to sending, like a nickname and/or your real name.)
3) The game then retrieves unique identification data for each person in your contacts list (email and phone number), hashes each in turn and sends them to the backend which attempts to find existing matches in the game's database. If a match is found, those accounts in the backend are linked for future notifications.
At no time are any of your friends' details stored remotely unless they play the game and give their consent. But the game still needs access to your contacts list to perform the above.
"Where will it request these IDs from? How will it know who your friends are?"
Because you personally tell it which game user IDs you want to be connected with. There should be no automatic scraping for this.
"At no time are any of your friends' details stored remotely unless they play the game and give their consent."
Your approach is less egregious (but still problematic in minor ways -- what if there's a player in the game who does not want to be linked up like that?)
The problem with your approach is that it requires trusting that the developer is honest and has correctly implemented the functionality. You may be trustworthy, but a ton of developers are not, and there's no way to know that you're the exception. Also, what if your game is a hit and you sell it to a game company that has other plans for that data? Your careful treatment of the data would be reversed on the next update. From the point of view of avoiding throwing your friends and family under the bus, no app should be allowed to have access to sensitive data like a contact list.
If the app want specific information for specific purposes, it should have the user specifically provide it rather than engaging in automatic scraping.
Once ANYONE collects the data. I'm sure it wasn't just CA, and some companies that have a stash of this data have probably realized it is now a valuable commodity since Facebook is cracking down and are looking for ways to quietly resell it to whoever is interested.
The only thing Facebook slamming the barn door shut now does is prevent collection of data on people who join Facebook after this spring. Probably 95% of Facebook's current userbase is out there now thanks to the idiocy of letting apps collect data on people's friends.
"The revelation comes as Facebook is trying to rehab its image in the wake of the Cambridge Analytica scandal. Having another Cambridge-based outfit caught harvesting details from millions of users is hardly a good look for Zuck and Co."
Also not a particularly good look for the university, is it? I'm surprised how little that angle's really been pushed in the press so far, but maybe that'll change now...
Right. What is it about Cambridge? Is its psychology department that much more unscrupulous than those of thousands of other universities worldwide? That seems hard to swallow.
Or is it because it's still, after all these years, the recruiting ground of choice for Russian spies?
>Also not a particularly good look for the university, is it? I'm surprised how little that angle's really been pushed in the press so far, but maybe that'll change now...
Really? The journalists here might be strictly red brick but I guess the majority of the reporters at BBC, Independent, Guardian, Telegraph etc are from "one of the two universities."
Those of us who worry about such things have watched malware sophistication keeping ahead of anti-malware measures for a long time now. The development curves pace each other, with the malware programmers just a bit ahead of the anti-malware programmers. (By evolutionary principles, of course: anti-malware, like the immune system, can so far not respond to a threat until it appears.)
Facebook, aka Zucklandia, is rather like a medieval duchy of inbred and diseased courtiers whose sole talent is exploiting the peasants. When a horde of rather savvy and innovative Mongols invades, they have neither the skills nor the weaponry to eradicate the invaders.
They've never done fark-awl about securing Zucklandia against exploitation, and now the shoes are well and firmly on the wrong feet. And, to switch back to the original metaphor, the curve is so far ahead of them they can't even see the rise. Couldn't happen to a more deserving enterprise, IMHO.
"By evolutionary principles, of course: anti-malware, like the immune system, can so far not respond to a threat until it appears."
OTOH if system designers built in security by design the bad guys would be lagging a long way behind the good guys.
Of course when it comes to something like FB the concept of "good guys" doesn't apply. We have to think in terms of bad and worse.
> They've never done fark-awl about securing Zucklandia against exploitation, and now the shoes are well and firmly on the wrong feet. And, to switch back to the original metaphor, the curve is so far ahead of them they can't even see the rise. Couldn't happen to a more deserving enterprise, IMHO.
All of which kind of assumes that Facebook cares in the slightest about 3rd parties exploiting their data. History shows they only ever care rather belatedly, when someone gets caught doing it and there's an uproar. Otherwise, the system appears to be working exactly as intended.
If anyone ever thinks for a moment that Facebook won't stop collecting as much as it can and/or will stop selling that info, I have bridge for sale.
Well duh... a Zucck's gotta eat too you know. Or did you confuse Facebook with some Geocities Webpage from the 90s? and, just though well that's ok then?
Rogue Apps... Whose the bigger rogue here? Zuk was forced to admit that the entire population of Facebook or 2 Billion+ users, should consider their data at risk. Senior executives failed to block email / phone number lookups by rogue actors rotating pools of IP's addresses, despite knowing the risks!
The idiot masses gave it all away years ago for likes, ego-stroking and virtue signalling. They’re a generation of mental prostitutes; my dog has more intelligence and better morals than most social media users. Doesn’t really matter what Facebook does now or how they attempt to explain themselves. Who cares, who understands, and who’s even listening?
"you'd never do any kind of virtue signalling yourself would you". No. Hence posting anonymously. But I can imagine what your instagram feed will be like: "here's me in Lycra on my £3k bike! And here's me again with my beard and totally gifted kids! And here's me again on my best holiday ever! I am so blessed..." and so on and so on...
I mean I thought the whole point of Facebook (Commercially speaking of corse), was to harvest, and then sell on the harvested Data, of its users. In a not so distant fasion that Google probably does, and nobody has botherd to really go and, have a deep look at it. Since that was prety much Googles EXPLICIT mission statement since day one.
It's a bit of a self-selecting sample. You're talking about people who will a) click on the quiz/app/thing called "My Personality" in the first place b) Click "Yes" to "Allow this app to rifle through my data"
So we're talking about thick narcissists. Although, come to think of it, that's the sort of demographic that advertisers would die for.
Im still confused about what a "facebook app" is.
Do they see an ad on the stream or whatever its called that says "hey! click here to what sort of random bullshit we will assign to the size of your knob" and then they do that - and find they have to install and download and approve an actual application - and they still want to do it ?
is this just on mobiles?
is it actual mobile app or some kind of plug in for facebook app?
If you're prepared to "Install an app" to get a random fortune cookie type phrase re your personality , then the data gathered by the app authors is going to be a cross section of gullible morons.... ah i see the value now .
It's more like a plugin. Well, more basic than that - an iframe is opened to the developers website, and at the same time, the request contains an authorisation token the developers site can then use to interogate facebook server and get all the data it's authorised to receive.
So basically, just a third party website loading within the facebook page, having been given the keys to the door, so to speak.
Just like with mobile app installs, before the site opens, you generally get a facebook click-through saying "this app requests your name, your age, your place of birth, your credit card details, your bank passwords, and your PIN. Click OK to continue"
No worries! Though I forgot the bit about the "ad in the stream". That's one way to go, and that's how they start off.
Unfortunately most of these "apps" end with something like "You scored 10 out of 10. Click here to let your friends know what a brainbox you are."
By doing so, the app posts into the users stream, and their friends see it in their stream just as they would a manual posting by said user.
However, instead of the usual "I had 3 eggs for breakfast today" - JJ
It would say something like: "JJ has just scored 10 out of 10 on our whizzo app <insert cutesie image here> Can you beat them?? Click here to find out!"
So, one person runs the app, and then all their friends get to know about it. Then any of them that try the app will generally propogate that information to all their friends etc. so it's easy to see how these apps spread, with minimal ads needed to give them an initial kick start - ads are cheap too - it was many years ago when I last looked at it, but you could get an ad for a penny a click - if they didn't click, you didn't pay.
(*) Of course, when I say "app" I mean "someone elses web page loaded in an iframe" but "app" is shorter to type :-)
"I smell a generalization. Although signing on to Facebook is and of itself a big blunder, it is not narcissism to have been forced into it."
uk.gov plans to use Facebook as an authentication mechanism for citizens to sign into government websites doesn't appear to me in news much these days. I wonder how that project is getting on? Maybe El Reg could ask the relevant parties about its progress.
If you're running a "mom'n'pop" business with a potential worldwide audience of 2 billions people, it's not narcism, it's simple economics.
I'm just a budding partime pro-photographer, I shoot images mostly for fun but I'm currently working on a project with someone I met through Facebook that could net us some serious revenue. I've had companies approach me to license my images and we're not talking a tenner to use an image on a website, we're talking about the sort of 1 or 2 year image license payments that allow me to buy professional level lenses with the "pocket money" I make from a license. I've had requests for people seeking training in shooting images, average daily rate you can charge is upwards of £150, the real pros happily charge £300/day. That's why I use Facebook.
I always say, Facebook is a like a chainsaw. Show it respect from a distance, use it at arms length and be careful or it happily chew your arm off and leave you for dead if you let it!
Have you forgotten that the whole CA scandal blew up because it was the whole "yes, please slurp my friends' data as well and, no, don't bother getting their permission, it's okay, they won't mind" that upset people, not the idea of people voluntarily giving up their own data?
It is oddly difficult to not use social media. I deleted my facething just before the Cambridge Analytica thing hit the mainstream. But, here at work, they are saying that social media is an excellent way of staying in touch with the users and we should be expanding it's use. Are they going to hoover up all the intellectual property of said university? Am I going to have to reactivate my facething just so I can tell a user that I have patched their server, or rather that puppet has.
Does that make me a sheeple?
Also, no one seems to be getting exercised about what Google is doing with all the data that people hand over to them.
I know that I don't have the answers I just hope that cleverer people than me come up with some.
A lot of people think I'm strange because I don't use LinkedIn. I remind them that they jizzed out millions of user details because they didn't think to sanitise their user inputs.
They don't care.
If they don't care about sheer incompetent oafs, why would they care about competent baddies?
The terms of service state something along the lines of “All your postings are belong to us“.
That and the lack of a downvote/dislike/disagree option always put me off. The suppression of dissent at Facebook’s core, which makes it unsuitable for any real interaction. This totalitarian “you may only agree”, the hijacking of any and all posts and pages for commercial purposes, manipulating the feed so I actually DON’T get to see what my firends are up to, but instead get another ad for some exploitative corporation trying to sell me a climate killer machine, whole swathes of the population being used as guineapigs for mad scientist style social experiments, and the fact the whole damn site looks like something out of a horror movie featuring Windows Vista have made it unsuitable for human consumption. But hey, drivethroughs are also popular.
Anonymous because these days we even need to hide our secondary made-up online identities from the Borg.
I don't think Facebook's policies have anything to do with anything.
The fact that Facebook gives developers a whole raft of tools that allow them to do these things is more pertinent.
Them washing their hands and saying the developer is at fault is hypocritical and probably meaningless if they were ever taken to court.
If you give someone the keys to the castle you can't say its not your fault when the drawbridge comes down because you told them not to open it.
Ignoring all the bollocks coming out of Facebook towers about policies etc
Facebook have not become a multi billion $ organisation flogging adverts for toothpaste and whatever crap gets pushed to the screen.
They have made their money by selling data and access to the tools that allows data harvesting.
Their tick box defence of "its against our policies" is as useful as the "are you over 18, click yes to see tits click no to not see tits"
Its not a defence any more than a 14 year old is going to click "no" companies using data harvested from Facebook will have brought the tools with the tacit acknowledgement that they were going to harvest data and make financial gain from that.
but I thought... I thought I heard...I thought I read... some strongly-worded statements from Cambridge University to the tune of "Cambridge Analytica - nothing to do with us, guv!"
Would they be so uninformed?! Or is it, perhaps, fake news?! No other option comes to my mind....
The change in the T&Cs for WhatsApp is another, typical Facebook cop out. Essentially it is used by loads of people, including minors (not the underground type) to communicate. Recently a pop-up appeared where you just ticked a box to say you were over 16. How in hells name are kids just going to stop using it. They will just tick the box as the shites at Facebook say, well you agreed and then continue to sell the data. I have zero confidence in Facebook to be doing what they claim and keeping the two separate. They should never have been allowed to buy WhatsApp in the first place. If you read the T&Cs then there is every chance that data is being used for profile matching with Facebook accounts.
They are simply the worst bunch of money-grubbing lying scroats there is, along with most of the similar Silicon Valley app-based outfits.
The revelation comes as Facebook is trying to rehab its image in the wake of the Cambridge Analytica scandal.
Facebook doesn't need to go to rehab it needs a defibrillator.
"To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data."
You gave them to tools to do it and they did it gladly
"The report notes that the app, developed by Cambridge University researchers, had advertised its data sharing as being anonymous"
Any time an organization is collecting data online about you and is claiming that it is anonymous or "anonymized", they're either mistaken or lying.