I feel somewhat bad for not keeping up with the news around Facebook, Cambridge Analytica, and data privacy. After all, I do work for a data company, in their marketing department no less. Regardless, after some skimming (and in-depth reading), I can say I'm generally caught up — and it has raised a lot of questions.
As much as society has been making fun of Congress and their lack of knowledge regarding data, social media, and modern technology, most people aren't that much further ahead. So the goal of this post is to shed some light on data privacy, Facebook, and some things to consider moving forward.
What you should know — Facebook profiles
I knew the day my dad got Facebook that it was no longer a fancy apps for millennial who lived online. People who were once scared of having their profiles online, who scoffed at the idea of email addresses and even more so when people started posting full profiles of themselves online (with photos, personal details, and more), are now joining the herd. With billions of users, it's safe to say that Facebook is mainstream.
Most people have some level of understanding about Facebook privacy settings. The majority have posts viewable to family / friends, and despite the friends-of-friends option being a little confusion, it's all-around manageable. You have friend requests, can block random / creepy people, and are in a generally safe space.
There are a select few who take this more seriously. Some will remove themselves from search results, remove the option of adding them as a friend, and make the majority of their photos (include additional profile pictures, tagged photos, etc) private and unviewable unless you are a friend. This is the minority of people.
So for the majority of people, the following is true:
(1) Your profile is searchable by anyone on Facebook.
This can be either a direct search (i.e. Trevor Sookraj) or some filtered search (i.e. name is Trevor, lives in San Francisco, etc.). If you don't think the latter is possible, just go to Facebook, click the friends tab, then click "find friends". Using the filters on that page (including mutual friends) you can search for basically anyone.
I'm sure this comes as a shock to a good number of Facebook users. For me, Facebook is the same as having your name listed in a phone book — but I'm sure the thought of someone searching for you, and finding photos, personal details, and your entire friends list (rarely made private, although it's a setting) instead of just a name and phone number, is scary.
(2) Your photos aren't really private
Sure, with basic (default) privacy rules, someone will only be able to see some public photos of you. They can't dig into family albums, or stalk any of your friends. Keep in mind that basic privacy rules have changed over the years; meaning that older albums may have other rules, making them public unless you deem otherwise. This is often true for the "Photos You're Tagged In" section, which is public for a surprising number of people.
However, with a simple right-click, they're able to view the image and save it if they want. I haven't found a setting to disable this yet, but I'm sure with enough searching there is one. You can argue that someone can just screenshot their screen, but that's a very different scenario than having a high resolution photo of you on their computer.
(3) Your friends list is powerful (and not private)
I have to admit, it's a little creepy when someone random in India or Russia adds me on LinkedIn, with only a few mutual connections (usually someone with thousands of connections... a LinkedIn influencer, some might say). But generally I don't really care — it's a public (professional) network that's essentially like a resume. I can ignore the request, and everything goes smoothly.
On Facebook, it's a little different. You might think it's safe to have information viewable to "friends of friends", but I've had Facebook for more than 10 years and don't talk to a good number of my older friends on Facebook, let alone know who their friends might be.
That group of people can be huge. I have close to 3,500 friends on Facebook, each of whom must have at least 100 friends, probably more. That's at least 350,000 people who can view my content, profile, photos, and more. Maybe something worth changing if you're concerned about privacy.
Businesses can't do anything
The Cambridge Analytica scandal (which I'll get into later) has sparked a new conversation around information Facebook is selling to businesses. The thought that Walmart has my name, email, birthday, interests, and more in their personal record is frightening enough, let alone some random business who can purchase it — right?
For starters, Facebook is a free service. They need a way to monetize the platform, pay their bills, and make money (they're a business, after all). A lot of people will consent to being shown ads — but Facebook isn't The Super Bowl. Even the category of "Sports Fans" is too broad for a category to be advertised to.
A cutting-edge mouthguard brand made especially for hockey players isn't going to get direct results from showing a display ad (i.e. TV commercial) to a 67 year-old Eagles fan at the Super Bowl. They're going to get direct results from showing an ad (with a product link) designed specifically for and targeted to men who like hockey, hockey brands, and are aged 18-32. And they can't get that from simply paying to "show ads" to people on Facebook — it needs to be more specific than that to justify spend and guarantee return-on-investment.
So Facebook is going to have to make your data interpretable by businesses. Note how I didn't say accessible; businesses can't find you specifically within this segment, view your profile, call + text you, and visit you on weekends. They can only see that ~ 450,000 people exist in that specific segment, and that's who their ads are going to be shown to.
Have you used Facebook Ads Manager? I can guarantee that 90%+ of Facebook users haven't. It shows exactly how ads can be designed, what targeting looks like, and how businesses can track their marketing spend and campaign results for Facebook Ads. Take it for a spin, you'd be surprise how limiting it is.
This doesn't excuse the fact that Facebook is (indirectly) selling your data, but it does answer a handful of key questions. Your data (individually) isn't being sold, it's being aggregated and sold as a whole. Even if you click on an ad and buy something, that advertiser can't see your profile specifically — they can only see an ID that can be used for future retargeting (within Facebook). There's some work arounds (i.e. tags in your url when you hit their site) but connecting the email you used to buy something to your Facebook profile using that system is challenging, let alone getting all the information from your profile into their database. Long story short — they're selling to you, but they're not really buying your data.
Conclusion (and Cambridge Analytica)
To be honest, I'm no expert on this subject and don't really feel comfortable giving my opinion on the Facebook / Cambridge Analytica fiasco. The tl;dr that I've learned is that Cambridge Analytica paid someone to make a survey app, which users consented to use. You know, that pop-up you see when you download a Facebook App that says "You allow Candy Crush to view your profile, friends, post for you, change your marital status, etc".
So depending on the specifics, it's possible these 50 million users at the very least consented to having their personal information collected. Whether it was legal for that guy to transfer / sell that data to Cambridge Analytica is another story, but that first point is key to note. Alone, those people gave some random developer access to all their personal information. Remember also that the minute you navigate away from Facebook, you're on your own. Had they made an account with that app, and given any information, that data is the property of the app owner. I don't agree that hiding this info in their "Terms of Service" is justifiable, but if it's as blatant as the Facebook pop-up, the user has to take some responsibility.
Regardless, the main take-away here is that apps have a lot more power than you'd think, and it's up to you (as a user) to restrict your privacy and prevent them from leveraging your data. The over-arching take-away is that it's the 21st century, and your data is no longer nearly as private as it used to be.
And that's okay — as long as there are mediums in place (like I mentioned above with Facebook Ads) that prevent people from maliciously using that data. The sad truth is that there often isn't. It starts with something as basic as your individual privacy rules on Facebook, and goes as deep as digital literacy for people everywhere.