Through a simple quiz app, Aleksandr Kogan was able to collect the personal data of some 87 million Facebook users. However, tens of thousands of app developers did the exact same thing.
A scientist at the University of Cambridge, Kogan developed a quiz app that was used by consulting firm Cambridge Analytica to mine the data of 87 million Facebook users, including their private messages. That data was then used to target political advertisements in the run-up to the 2016 election in the US.
Kogan’s app collected data not just from users who accepted its terms, but from their friends and contacts too. It did this through a feature called ‘Friend Permissions.’ Sandy Parakilas, a former data protection manager at Facebook, told NBC’s Lesley Stahl how this worked:
“The way it works is if you’re using an app and I’m your friend, the app can say, ‘Hey, Lesley, we want to get your data for use in this app, and we also want to get your friends’ data.’ If you say, ‘I will allow that,’ then the app gets my data, too.”
“It seems crazy now,” said Kogan. “But this was a core feature of the Facebook platform for years. This was not a special permission you had to get. This was just something that was available to anybody who wanted it who was a developer.”
According to Kogan, “tens of thousands” of app developers did the exact same thing, until Facebook recently removed the ‘Friend Permissions’ feature after the Cambridge Analytica scandal went public last month.
Mark Zuckerberg had no problem appearing before Congress but not so much going on 60 Minutes to be grilled by Lesley Stahl. What a joke! App Developer Aleksandr Kogan, who mined the millions of Facebook profiles, spilled the beans. Zuckerberg obviously is a liar/could care less.
— thehoch (@hochalicious) 23 апреля 2018 г.
In a congressional hearing this month, Facebook CEO Mark Zuckerberg singled out the Cambridge Analytica breach as a once-off incident. He explained that Facebook was in the process of conducting an internal privacy audit, and he expected to find “a handful” of apps improperly harvesting user data, a far cry from the “tens of thousands” Kogan spoke of.
While Facebook’s developer policy forbids app developers from selling the data they gather, Kogan told NBC that nobody from Facebook, to the developers, to the users, ever read this policy.
“Facebook clearly has never cared,” he said. “I mean, it never enforced this agreement.” Parakilas brought these privacy concerns to higher-ups at Facebook, where he said they fell on deaf ears. “I would say that they prioritize the growth of users, the growth of the data they can collect and their ability to monetize that through advertising,” he said.
Facebook “has repeatedly shown that it doesn’t prioritize privacy over the years,” said Kogan. “If your partner was cheating on you and they cheated on you 15 times and apologized 15 times…at some point, you have to say, ‘Enough is enough. Like, we need to make some kind of a change here.”
Kogan is currently banned from Facebook. His co-developer Joseph Chancellor, who helped write the data-scraping quiz app, was hired by Facebook.
Since the Cambridge Analytica data breach went public, Facebook has been hit with a barrage of new scandals, including the news that another analytics firm harvested user data for commercial use; another gathered and leaked data on an additional 48 million users; and that Facebook sent a doctor on a mission to several top US hospitals to convince them to share confidential patient data with the company.
CubeYou also used Facebook quizzes to suck in vast amounts of private user data that was then sold to advertisers. Despite the rolling scandal, it took CNBC’s story to get them shut down. Facebook is a tire fire of privacy abuses. Nuke it from orbit. https://t.co/K5KhIv1tu2
— DHH (@dhh) 8 апреля 2018 г.
A majority of Americans now believe their personal data is unsafe with Facebook. Six in 10 Americans also think the government should increase regulations on social media and technology companies in general to prevent their private user data from being shared without their consent.