Cambridge Analytica Bends the Rules
Unless you’ve been living under a rock for the past few weeks, you’ve probably heard somewhere in the news about the recent scandal involving Facebook and the UK-based political consultation firm Cambridge Analytica. Just in case you haven’t though, here’s a quick refresher of what we know so far.
It all started back in 2013 when a Russian researcher named Alexsander Kogan developed an application for Facebook which was designed to allow users to take a survey about their political leanings. This led to around 270,000 people willingly signing up for the survey, though the questionnaire was actually just a front for the real operation teeming underneath. See, although Facebook states explicitly in their Terms of Service that no user data can be acquired or purchased for the purpose of marketing or advertising, the social networking giant does allow data troves to be used for what the company deems as “academic purposes”.
Cambridge Analytica purchased the data from Kogan (an academic researcher) and used this loophole in the system to acquire data on over 50 million of its US users, making it the largest data breach of personal information in the history of modern politics. Analytica then turned around and used this data to influence the people it had gathered data on into voting for the Republican ticket in 2016, and many believe it may have been this process that led to Donald Trump swaying the election in his favor.
Facebook says that it noticed the transfer of the data from Dr. Kogan to Cambridge Analytica in 2015, at which point they deleted his survey application and investigated to make sure the 50 million profiles had been deleted from Analytica’s servers.
Then on March 17 of this year, the New York Times published a damning report complete with sources who worked for Cambridge Analytica at the time of the breach. The report claimed that not only was the data not deleted, but that it had been used to influence voters leading all the way back to 2015.
But how does this differ from normal political espionage efforts? Well, Cambridge was hired by the Republican party themselves to participate in this plan. Both former National Intelligence Strategist Steve Bannon and megadonor to the GOP Robert Mercer were implicated in the data breach, supposedly paying Analytica upwards of $15 million on behalf of the Trump campaign to grease the wheels of the whole operation.
So What Does This Mean for Your Privacy?
Why would Cambridge Analytica be interested in your Facebook profile though? Well, because using that data the firm was able to reach into nearly every aspect of the violated users’ lives, playing off their status updates, likes, pages visited and just about everything in between to specifically target them and exert control over their perception of certain candidates in the race.
This includes buying ads which only display on certain users’ pages, as well as directing them to external content which would align with the political leanings hinted at in their Facebook accounts to make them more agreeable to any proposals the Trump campaign put forth.
In short: Facebook let the data of their users (which is supposed to be protected from exactly these kinds of tactics) fall right into the hands of a major political candidate’s campaign -- and given that that particular candidate is now sitting in the White House -- one can only assume that $15 million was very well spent.
In the wrong hands the kind of data that Facebook collects on you can be used for all sorts of nefarious purposes, including influencing people who aren’t even aware that they’re being swayed toward voting for a certain candidate as it’s happening in real time.
Facebook Faces the Fallout
The major slap in the face here is that despite becoming aware of the data breach all the way back in 2015, the company kept all wrongdoing on behalf of Cambridge Analytica a secret from the public. It’s only now -- after they’ve been called out by the press and authorities alike -- that Mark Zuckerberg himself issued a statement addressing the breach and admitting that his company lost control of the data.
“We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it.”
Of course this all seems to be a case of “too little, too late” on Facebook’s part, and given that the company kept the breach silent for so long only adds to the suspicion that the social network is apologizing just to keep their stock price from plummeting rather than out of a true desire to make amends with the userbase.
More Logging Questions Arise
With the fervor surrounding Facebook over this data breach, many journalists and outlets have begun digging into their profiles and mobile phones to find out exactly what the company knows about them; and the results don’t look good. According to a report released by Ars Technica at the end of March, Android users of the Facebook Messenger mobile app as well as the Facebook Lite may be in even deeper than they thought. The site collected reports from several users and did their own independent investigation into the data that was being scraped from phones back in 2015 and 2016, finding that not only did the Facebook app collect your contacts (a known tactic), but also seemed to be keeping track of the people texted and called from the phone as well as the length of the call and the metadata left behind from the text.
This was achieved through a loophole in the way that older versions of Android (specifically Jellybean 4.1 and below) handled permissions. Before Marshmallow, Android would lump permissions together instead of letting you toggle them individually. This meant if you gave Messenger or Facebook Lite permission to access your contacts (generally to find other people using the app), it would also scrape your phone for call and SMS logs that were previously on the phone, as well as keep any data on those two aspects of your usage going forward.
The company responded to that post with their own “Fact Check” blog, claiming they were fully within their legal right to use that metadata as the company saw fit due to the permissions loophole.
Unfortunately even though Facebook claims they have control of your data (and must legally, according to a 2011 Senate hearing on the subject), the Analytica scandal shows that not even the company themselves are 100% sure where all your data is going or what entities have control of it. Since the scandal broke Zuckerberg has said there will be new policies moving forward which will place greater restrictions on exactly how external apps collect data and where it goes once they’ve got it. Given that the company was initially made aware of the breach in 2015 and still haven’t done anything about it until now however, one can only assume that not even Facebook or its engineers are capable of fully reigning in the beast they themselves created.
If Frankenstein’s monster had a Facebook page, it would probably look something like what we’re dealing with now.
How to Delete Your Facebook Account (or Do the Next Best Thing)
Now that the breach is out of the bag, we here at VPN.com believe that in order to retake control of your digital privacy, the only way forward is to delete your Facebook account entirely. That said, we’re aware a lot of people still rely on the site to keep in touch with old friends, organize events in their local community, or just show off pictures of their cat Mittens in her cute new Halloween costume...but we digress.
In this guide we’re going to take you through all the steps you need to know in order to achieve any of the following:
Delete your Facebook account entirely
Disabling your Facebook account temporarily
Reconfiguring your privacy settings in your Facebook profile to better control how your data is managed by the company
Informing you on all the ways that both the Facebook website and their series of mobile apps and related products collect your data so you can decide for yourself what stays and what gets wiped
What Does Facebook Know About You?
To start, it helps to know the different ways that Facebook actually collects your data, which apps and services have access to that data, and where all that data eventually ends up.
Download Your Digital Archive
The best way to find out exactly what information Facebook has collected on you over the years (and more importantly what external companies/advertisers have access to), is by downloading your personal archive.
To do this, start by clicking the small arrow in the top-right corner of your Facebook dashboard, next to the bubbled question mark. Next scroll down and select Settings:
From here you should have been taken to the General tab. At the bottom of this list you should see a small link labeled Download a copy of your Facebook data:
This will take you to the next page with a button labeled Start My Archive. Press this, and Facebook will start creating your data archive, a process which takes anywhere from 5-30 minutes depending on the amount of data they have to round up.
This data archive is a complete picture of everything that Facebook has ever collected on you from the day you signed up to the service. This includes anything from your Messenger archives with friends to posts to your Timeline, as well as the companies and applications that you’ve granted profile access to over the years.
From here you can get a better idea of which applications are using your data to advertise to you, which have permissions to use your login, and the full picture of what your digital footprint looks like in the eyes of Facebook.
Once the file is downloaded (it should be a *.zip), extract it to a folder of your choosing and navigate to the sub-folder labeled HTML. Once the file is opened scroll to the bottom and look for the section labeled Advertisers with your contact info.
This is a complete rundown of any and all advertisers who have requested information from your profile. You’ll find a similar list located in the Apps *.html file, as it was through one of these types of apps that Facebook initially lost control of their 87 million user data records.
We recommend using your data archive as a general guideline moving forward to help you gain greater control over who has access to your profile data (that is if you’re not simply deleting Facebook altogether, more on that later).
Control Your App Settings on Facebook
Cambridge Analytica was able to breach Facebook using a dummy survey application, primarily because the social network is terrible about properly vetting the companies who apply for access to your information.
This is why we recommend checking out your App Settings to determine exactly what programs are floating around out there that have the ability to dig through your personal info unrestricted.
Here you’ll see a full list of all the applications that have ever requested access to your Facebook account. The depth to which they can dive is determined by a set of rules that are set up whenever you agreed to link that particular app to your Facebook account.
To edit these, click on the small gray pencil off to the right of the icon representing the app you want to edit (blink twice and you’ll miss it, Facebook really doesn’t want users taking control of their privacy in this department if they can avoid it):
A box containing information about that app should appear, and you’ll be presented with a full list of any information that app has ever requested. This can be something as innocuous as your birthday, but can get much more personal very quickly if left to its own devices.
To turn off individual pieces of information that an app can see, uncheck the blue boxes to the right of the information you want to keep private.
We recommend you go through this process with every app listed in your App Settings tab, and either delete the app entirely if it’s old and you don’t use it anymore, or at the very least disable it from getting your vital details that aren’t necessary to help the app function.
Privacy Checkup is a tool that Facebook provides that lets users quickly configure how their profile is seen by the outside world, as well as control which apps can publish information to your timeline and what parts of your personal information in the About Me section are visible, and to whom.
This is a very rudimentary way to gain a greater level of control over your privacy on Facebook, but still works in a pinch for anyone who doesn’t want to get bogged down in the muck of all the rest of the options you’ll find in the Settings tab.
Privacy Settings and Tools
Finally, there’s the Privacy Settings and Tools tab located in the Privacy section of your Settings.
This is where users are able to control who can see their profile and future posts, as well as review the privacy settings for anything posted on your Timeline previously.
To edit who can see what types of information, you only need to click the Edit button located off to the right of any post type you want to control:
Once here you’ll have the option to choose from three different groups to show your posts to: Everyone, Friends, and Friends of Friends.
To get the greatest amount of privacy control over your profile using these options, we recommend you set everything in this section to Friends only. This will make it impossible for anyone except people you’ve approved on your friends list from seeing what you’re up to or who you’re talking to on a daily basis.
Restrict Your Ad Preferences
Finally to round things out, we recommend editing your ad settings to prevent advertisers from being able to display content that might feed off your identity in one fashion or another. These are definitely the most broad applications of using your privacy against you as far as everything else on Facebook goes, but it’s still a good setting to manage nonetheless.
To start, click on the Ads tab located on your Settings page:
You should be taken to the following window:
From here, click on the tab labeled Your information. To get complete privacy, toggle each of these sections off using the button located on the right-hand side. This will prevent advertisers from being able to use any of your personal data to display you ads on the service.
How to Deactivate Your Facebook Account Temporarily
If you’re tired of worrying about your privacy and what Facebook is doing with your information, but still aren’t ready to take the plunge into the deep end by deleting your account altogether, the network provides a more tepid half-measure that will let you temporarily deactivate your account, rather than going for the full Monty.
To deactivate your Facebook account, start by using the top-right menu to enter your Settings page. Once here, at the bottom of the General tab you’ll see an option labeled Manage Account with an Edit button next to it on the right-hand side.
At the bottom of this drop-down menu you’ll see a link to Deactivate your account. Click this and you’ll be required to enter your password at the next screen.
Once your password has been entered, you’ll be taken to a screen which tries to pull on your heartstrings to keep your account activated, putting up photos of your friends and family’s profiles and claiming they’ll “miss you”.
After you’ve scrolled past this cheap ploy to retain users at the last minute, you’ll be required to tell Facebook why you’re deactivating your account (you can put anything here, it doesn’t change the outcome). After that’s done you’ll see a blue button labeled Deactivate my account. Press this and the process is complete!
This process won’t delete any of the data Facebook keeps on you, and your profile will remain in the company’s servers indefinitely unless you take the full step of deleting your account entirely.
How to Delete Your Facebook Account
If for you, like many of us here at VPN.com, Facebook losing control of 87 million profiles was the last strike in a string of many against the company and their privacy record, then it’s time to join the movement and #DeleteFacebook once and for all.
Of course, the company hasn’t exactly made it easy to delete your account, instead trying to guide most of its users toward the softer “deactivation” option instead (more on that below). Deactivation may sound good on the surface, but when you find out that all it really does is stop you from being able to use the service (while they still freely sell your data like nothing ever happened), that choice becomes a whole lot less appealing.
To delete your Facebook account, click on this link to be taken to the account deletion page. Now be careful, because one click on the Delete My Account button is all it will take to have your information completely deleted from Facebook’s servers forever.
Facebook claims it may take the company “up to 90 days” for your information to be erased from their network, but given that the process is instantaneous with one button push for us, we really can’t imagine why it would take so long for them to scrub what they know about you on the backend.
Clicking this button will permanently and irrevocably format anything and everything Facebook knows about you from their servers, so be absolutely sure this is what you want before you make that final choice. And even though it is technically possible to create a new account if you ever really want to go back to the service, it will probably be a long time before Zuckerberg and Co are back in everyone’s good graces enough to earn our trust again.
WARNING: This is the full list of services you’ll lose access to if you decide to go through with this process. Be aware that deleting your Facebook profile is only one piece of the puzzle, but it’s the core glue that holds the rest of these services together. They include:
Facebook Messenger for Kids
Facebook Business Manager
Also, below is a list of separate Facebook-owned applications that won’t work unless you have a Facebook profile to log in with. These include:
Once you understand just how far and deep the reach of Facebook goes it can be a daunting proposition to delete your account entirely. That said, it’s literally the only way you can prevent the company from holding your data or selling it to third-party advertisers, which means if preventing that is your primary goal, then #DeleteFacebook is the way to go.
At VPN.com, we are dedicated to making sure that all our readers and customers have complete control over their digital privacy. That’s a tall order in today’s world where dozens of free online services are forced into the game of turning their userbase into the product that’s sold to advertisers, and where every app that seems too good to be true probably is for one data-mining reason or another.
That said, when a company like Facebook loses control of their data in such a spectacular fashion like what we’ve seen with the Cambridge Analytica scandal, they leave us few other options than to set the scroll wheel down and simply walk away. Sure Facebook is a great way to connect with old friends from high school or make some new ones in Facebook Groups, but is that convenience really worth sacrificing your entire digital life?
We sure don’t think so, which is why we encourage anyone reading this to join us in kicking Zuckerberg to the curb and #DeleteFacebook once and for all.