Facebook data breach explained – what happened with Cambridge Analytica and are you safe?
FACEBOOK is caught up in a data breach controversy that saw info on 50 million users exposed – but what actually happened?
Here’s a simple guide to the Facebook data breach fiasco.
What’s the Facebook data breach controversy about?
This weekend, a report by The Guardian revealed that a company called Cambridge Analytica had harvested the personal data of 50 million Facebook profiles.
This information was allegedly used to map out voter behaviour in 2016 for both the Brexit campaign and the US presidential election.
Cambridge Analytica is a British company that helps businesses “change audience behaviour”, and supposedly helped get US President Donald Trump elected.
How was the Facebook data harvested?
Back in 2015, a Cambridge psychology professor called Aleksandr Kogan built an app called “thisisyourdigitallife”.
The app was a personality quiz that asked Facebook users for information about themselves.
Kogan’s company Global Science Research had a deal to share info from the app with Cambridge Analytica.
Roughly 270,000 Facebook users signed up and took personality tests.
But the app also collected the information of each user’s Facebook friends, who couldn’t possibly have provided consent.
Related: How to delete Facebook
How did we find out it happened?
We only know about this because a Cambridge Analytica whistleblower exposed the whole ruddy affair to The Guardian.
Christopher Wylie said: “We exploited Facebook to harvest millions of people’s profiles.
“And built models to exploit what we knew about them and target their inner demons.
“That was the basis the entire company was built on.”
Around 50 million people are believed to have had their data harvested without their permission.
And the New York Times reports that copies of the data are still available online.
What was the data used for?
Cambridge Analytica are a data analysis company that anyone with enough money can hire.
In this instance, the data they sourced from Kogan was allegedly used to help Trump get elected, and to boost the Brexit campaign.
The company used the data to build psychological profiles of Facebook users, to create better political campaigns that could sway their views.
Wylie explained: “It is a full-service propaganda machine.
“If you can control all of the streams of information around your opponent, you can influence how they perceive that battle space, and you can then influence how they’re going to behave and react.”
Has Facebook responded?
Facebook has flatly denied that the fiasco was even a data breach.
They say Kogan’s app picked up information in “a legitimate way”.
However, they admit that their rules were violated when the data was sold on to Cambridge Analytica.
In a series of now-deleted tweets, Facebook’s security boss called The Guardian’s story “important and powerful”.
But he went on: “IT is incorrect to call this a ‘breach’ under any reasonable definition of the term.
“We can condemn this behaviour while being accurate in our description of it.
“The researcher in question, Aleksandr Kogan, enticed several hundred thousand individuals to use Facebook to log in to his personality quiz in 2014. He lied to those users and he lied to Facebook about what he was using the data for.
“However, Kogan did not break into any systems, bypass any technical controls, or use a flaw in our software to gather more data than allowed.
“He did, however, misuse that data after he gathered it, but that does not retroactively make it a ‘breach’.”
So why are people angry at Facebook?
The problem is that Facebook knew about the harvested data since 2015, but supposedly did nothing to protect users.
The social network tracked down the groups that the data had been given to, and asked them to delete it.
But Facebook didn’t enforce this, and had no way of knowing whether the data was actually deleted.
Also, Facebook didn’t tell users whose data had been harvested, which could be illegal in the UK and USA.
Facebook Data Policy – what do they know?
Facebook admits collecting the following data…
- Things you do when you use Facebook
- The information you provide to Facebook
- The information other people submit about you, including info, photos, and messages sent to you
- Your networks and connections
- Information about payments made through Facebook
- Device information about the gadgets you use to access Facebook
- Location information, uncovered through your device
- Information from websites and apps that use Facebook services
- Information from third-party partners, like advertisers
- Information from Facebook-owned companies, like WhatsApp and Instagram
In a blog post, Facebook said: “Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted.
“We are moving aggressively to determine the accuracy of these claims.
“If true, this is another unacceptable violation of trust and the commitments they made.”
Are you safe?
Sadly, there’s no way to know if your data has been harvested right now.
The good news is that the information being harvested is technically public, because it’s on your Facebook profile.
That means you probably don’t need to worry about being scammed or hacked as a result of the alleged breach.
Xiaomi phones covertly send user data to China: report
Many users online had earlier expressed their concerns about the Chinese government using manufacturers from the country to spy on users overseas.
Chinese smartphone manufacturer Xiaomi has been called out for spying on personal user data using their smartphones. According to a new report online, the Xiaomi Redmi Note has been found to be sending photos and texts to a server in Beijing. This has further fueled speculations about the Chinese government spying on users overseas through phones made by Chinese manufacturers.
A user in Hong Kong using the Xiaomi Redmi Note published screenshots from his device claiming that the device is connected to an IP Address in China. According to him, this server is receiving photos and tests from the phone when the user was connected to WiFi. Apparently, the transfer doesn’t stop even after the phone is flashed with a different firmware.
This could have been a case of Xiaomi’s cloud service backing up data, which the company had confirmed is done on servers in China, but the reports also said that the MiCloud backup feature on the MiUI had been turned off on the phone when the transfer was taking place. A reader from PhoneArena pointed out that the Chinese government may be involved. According to the PhoneArena report, looking up the website of the company owning the IP Address reveals that, “CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of the People’s Republic of China. It is based in the Zhongguancun high tech district of Beijing.” During the Xiaomi Mi3 launch event in Delhi, we had raised the question of the geographical location of the servers where user data was being backed up, and Hugo Barra, VP International operations for Xiaomi, had revealed that the backup was being stored on Amazon’s cloud servers.
Xiaomi has been creating a lot of waves in the global smartphone market, with devices that are priced at obscenely low prices for the hardware that they bring. The company recently launched its Mi3 smartphone in India, which has gone out of stock twice — once in 38 minutes and 50 seconds and the second time yesterday in 5 seconds. Further, many users in India have showed concerns about such spying by the Chinese government since the company’s launch event.