Your Facebook friends can leave you vulnerable for a major invasion of privacy


Your Facebook friends could be leaving you vulnerable to major privacy invasions

Artboard 1

The opinions of outside authors and analysis of the most important issues in politics, science and culture.

Facebook finally released a tool last week, allowing users to check if their personal data was compromised in Cambridge Analytics, a shady British company use these data in the “psychological profile” of potential voters. I took a deep breath, clicked, and was greeted with good news: “based on our existing records, neither you nor your friends have entered the ‘this is your life” app, which the company used Facebook to lure users to disclose personal information. So my data has not been compromised.

There are in the direction In which the message should alert all users of Facebook: the phrase “neither you nor your friends.” Indeed, many Facebook users who checked their status was met by another message: “You are not logged in ‘this is your life … [h]Oh, your friend did.” This means that their data were collected, although they (wisely) are not personally included in the app.

Because even users with strict privacy practices of control, but who has friends who were less careful could end up with a Cambridge Analytics to collect personal information like telephone number, which members of their families, of all places, where they “checked in” and which groups they joined, including those whose very names and subjects may disclose personal information, such as support groups for health conditions.

And really, who can believe that none of their hundreds of friends casually? We all have that one uncle who responds to the “Nigerian Prince” letters, or school friend who never met a personality quiz they took. Unfortunately, the regulation of private life as Facebook were created before 2014, made it impossible for even the most conscientious users of Facebook, to protect yourself from data leaks, one friend can lead.

And despite several rounds of edits and repairs for many years, privacy settings, Facebook is still many things outside the control of the users. Too many users still don’t understand how vulnerable data to their friends ‘ third-party applications.

Mark Zuckerberg plans to meet this week with the European Commission Vice President in charge of digital, Andrus Ansip. Here are some troubled history — and continuing a problem behavior — what Ansip, not to mention U.S. regulators may want to focus on:

Facebook opened the floodgates privacy apps

Remember how annoying the days of unfettered application on Facebook was? Farmville and other games has turned the tide of notifications to friends of the players (“Sally Smith sent a sheep on farmville!”). Apps encourage players to grant the application access to information of their friends, limiting play if they did it, or allowing players to win more in the game if they did. But the problem is much deeper than irritation.

When the player receives the app permission to access their friends, it was all or nothing: the application is not just gain access to the list of people; he could see everything that player can see the friends ‘ birthdays, phone numbers, messages, register, groups, and more.

Facebook likes to emphasize the role of the user’s choice of privacy preferences, and the application users may not understand what they were agreeing to in granting access, and the friends of the app users were, of course, never asked.

As a scientist, I knew that it was foolish to provide this kind of access to questionable quizzes, games and such, but I watched in despair as my friends eagerly installed them, revealing my information without my consent. I even considered unfriending some features of the app-promiscuous friends, but, realizing that this task was Sisyphean, and I gave undesired and unauthorized data breaches.

Facebook may argue that even friends of app users have retained some control over their data if they decided not to let their friends see their birthday or phone number, or even status updates, applications could not see these things! But many users on Facebook, because they enjoy small pleasures, how your friends send congratulations on the Birthday. They have to choose between the pleasure and lose your privacy to third-party developers?

What’s the point to update the status of Facebook, if your friends will see it? But it was a “choice” that the privacy minded users of Facebook have encountered in a while.

Since then, in 2014, to be exact — Facebook and to separate some of these privacy settings: you can now show your friends your birthday, but hiding it from your friends. The screenshot below shows what the controls look like today. I turned off all access, but by default, every piece of data You can see here is that the apps your friends know about you:

Your Facebook friends could be leaving you vulnerable to major privacy invasions

Or You don’t feel comfortable with Facebook having all this data on you, you definitely should not trust the third-party application developers. Facebook does a cursory background check applications to ensure that they meet the requirements, like not crashing, but there is essentially no screening of applications to ensure that they are reliable, or even know what they are doing.

Application owners agree to the terms of service that prohibit them from, for example, taking all “friends only” post you wrote and posting it publicly. But applications of these data and, in practice, Facebook has no way to ensure that they do not use to abuse it. Facebook is not even a good way to punish offenders after the fact, but to prohibit their application from gathering new data about users of Facebook in the future.

As soon as the application producers, Facebook is not an effective way to get it back. Imagine that 30 years, the Author obscure, long-defunct third-party Facebook application, dust on their server and remembers they still have the personal data of a million people. Now imagine that they use the names and phone numbers along with years of recorded pictures and the memories now of old to deceive people convincingly pretending to be a long-lost friend.

Last week, Zuckerberg told the senators, “it’s not enough to give people control over their information, we need to make sure that the developers are too protecting him.” While he did not come close to achieving any goal.

Facebook tracks even if You are not on Facebook

Over the past few weeks, there have been many stories about people who decided to reduce their activity on Facebook, or even delete your account. But it is not enough to ensure that Facebook does not continue to collect personal data about you. Here are a few examples of how Facebook collects data about users and non-users — which are less obvious than just keeping what you write and do on the website:

  • Off-Facebook browsing data using web-browser cookies and tracking “pixels” — small images, too small to see, hidden in the corner of a web page- Facebook can track your browsing habits, even if you are on websites not belonging to or operated on Facebook. For example, the Huffington post, the news, and, Yes, the vocals all have built-in pixels or buttons of social sharing, keep track of what articles you read. This ensures that web sites and advertisers with important information about audience demographics, company Size and the presence of ad purchases, but also Facebook data tracking.
  • Non-browser user data: Facebook may not know the names of the non-users, but with pixels and browser is tracking, they can still accumulate a demographic profile based on their use on other sites — like news and shopping, what Facebook sees their device to repeatedly visit. Facebook can suggest ads that appear on these sites that are tailored to the interests of the person, without that person not having been in Facebook or create an account.
  • Non-users of other networks such as Facebook not only knows what non-users to read and buy online, but the company can also be a good idea, who their friends are. This is because someone is using Facebook “find friends” puts all your contacts without permission from those friends. (This is not unlike the Pre-2014 app problem.) Every time someone not on Facebook is among these contacts, Facebook learns more about its social and business ties.
  • Facial recognition: if your face appeared in the group photos that were posted to Facebook, the site learns to recognize you with biometric facial analysis. Facebook can track who you spend time analyzing the photos is whether or not you were tagged in them. And if these pictures attached GPS tags, they will be your location data as well.

Given the almost complete monopoly Facebook enjoys that is now a key piece of infrastructure in our global society, protecting our data is important. I’ve heard many friends tell me that recent revelations about personal life problems became ashamed of their use of social networks, or ashamed that they find the idea to quit Smoking is very difficult, or shame that their attempt to give up Facebook for lent collapsed only a few days.

I don’t think someone should be ashamed of wanting to be in touch with your friends and family. Better than disconnecting from each other to ensure that those who join us to do it safely and responsibly.

Cynthia Lee is a lecturer in the Department of computer science at Stanford. She founded the website NEER Imanual for Informatics to support teachers in flipping their classrooms of computer science with the use of mutual learning. She holds a PhD in high performance computing.

The big idea is the main VOX for an intelligent discussion of most important problems and ideas in politics, science and culture — usually external stakeholders. If you have an idea for an article, please contact us at


No votes yet.
Please wait...


Please enter your comment!
Please enter your name here