Social media is abuzz with Facebook data leak. I can understand that non-tech savvy people were not entirely aware that Facebook traced their every step. What comes as a surprise to me is that tech people are also shocked. Yes, Facebook screwed up, but deleting Facebook account won’t fix the Internet in the long run.
Not only Facebook
Basically, all big players gather massive amount of data about you. For instance - Google, from where you can download your data as well. In my case, it tells much more about me than Facebook. My locations, some messages from Hangouts, Google and Youtube search history, every page I found via Google since I have account there, as well as every Youtube video I watched. Yes, this weird stuff I found out late at night is also there. No to mention all my emails that - not so long time ago - Google sniffed through. They announced they would stop it less than a year ago.
Money, honey! Facebook is one big advertising platform - and profiling is very important in advertising. Data is the biggest asset in this business. For the same reason Youtube, Google, Twitter, Amazon and loads of other companies gather as much information about you as they can. The goal is to make sure that the right ad finds the right user.
Are they willing to share this information with other parties? Not really. Both Facebook and Google stated that they are not selling your data and won’t sell it in the future. Of course, they would allow third parties to use it on their platforms. That makes really good sense. If you have better data than your competition you can capitalize on it more effectively. Scary part is what happens if they change their focus. Influencing opinions, choices, social dynamics, social engineering - with such a power, a lot is possible. This data in the wrong hands can mess us up big time.
Cambridge Analytica case was a warning. They showed that this data can be used in politics (another story is if they achieved their goals). From a business perspective, releasing data of 50 million people was a huge mistake. This amount of information is pretty valuable. Some say that CA spent 1 mln USD to get it. 20 cents per user - that’s dirt cheap! That’s why I think it’s a data breach caused by neglect rather than by choice.
I thought that most intentions and action of big companies are well known in the IT world. And I was wrong. Here we have this tweet, from a really smart guy:
Downloaded my facebook data as a ZIP file— Dylan McKay (@dylanmckaynz) March 21, 2018
Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD
He is shocked that an application that has permissions to use phone, contacts, camera, etc. actually used those permissions. Yes, it’s not cool, but totally possible as Messenger asked for it on install. Probably a platoon of lawyers checked if it’s legal to use this data.
This is strange for me because as IT professionals, we learn that the Internet is not a very friendly place. We spend a lot of time closing all doors that can be used with malicious intentions. We make sure that our systems don’t give away too much about them as it weakens the overall security. We have a defensive stance.
Yet we use completely different logic when it comes to our data. We’ve opened a lot of doors for Facebook and other companies. We’ve trusted these companies, invited them to our lives and now we are amazed how much they know about us. Really?
This is a part of an interview from 2010.
Some of the experts are saying that current situation is a crisis of trust. How on earth was it possible that this trust was built in the first place? You trusted companies that make billions of dollars mainly because they gather every piece of information about you they can.
It’s a good thing that Cambridge Analytica scandal broke since it awoke a lot of people.
I’m sure that #DeleteFacebook is not a solution of the problem, though. It’s more like a statement, a protest - and I get it. It can “hurt” Facebook and grab some attention in the mainstream. But there are still other companies out there that do exactly the same. It’s not a great idea to wrap your head in aluminium foil and develop a paranoia either.
First step is to start applying the logic of cyber security to your own data. Second - to discuss the Internet privacy in a broader context - beyond Facebook and Cambridge Analytica (although at the moment it seems none of this will happen anytime soon). Alternatively we can use this guy wisdom: