What to learn from the Cambridge Analytica story

If you are using Facebook and intend to keep using it the Cambridge Analytica story can teach a few good practices to protect your privacy. Now of course nothing will be as safe as not having a Facebook account but there are sensible steps. Also I won’t mention typical security and privacy settings recommendation because there are already many websites treating this (for instance https://www.techradar.com/how-to/internet/facebook-privacy-and-security-tips-1307505).

  1. Avoid using apps or answering quizzes: These may look benign but some of them are aimed at harvesting data. In the scandal it appears some apps could access your friend’s data as well. At least Facebook claims the accessing the friend’s data part is fixed.

  2. Keep your number of friends low: Facebook clearly wants the opposite by constantly suggesting friends but friends on Facebook is precisely what Cambridge Analytical used to access so many accounts. They only surveyed 250000 accounts but through their friends they got access to 50 million accounts. In principle Facebook doesn’t let third parties access friends data anymore but having people you don’t know (well) or trust in your Facebook friend list is a risk. So ask yourself do you really need to have 1000 friends?

  3. Treat Facebook data as public even if you set tight privacy options: There are a couple of reasons for this. Firstly Facebook isn’t in the business of keeping data completely hidden, secure and private. To survive as a company they need to sell access to some of that data to clients like advertisers. As a company they have to walk a fine line between privacy demanded by their users and openness demanded by their clients. Preventing malicious access to data in those conditions is especially difficult. Add in the fact that Facebook developers and admins despite being some of the best in the world aren’t perfect, they operate a complex website and mistakes happen. Malicious access to Facebook data has happened and will probably happen again. Secondly Facebook has a popularity curse. Their website and data is one of the primary target on the whole internet for hacking. The treasure is just too valuable to many malicious hackers and not just random individuals but also big companies and governments. Finally there is the problem of mass exposure. When you interact on Facebook, you tend to interact with hundreds or even thousands of people. Facebook is not like a discussion in your living room but more like a permanent public rally. Now you can mitigate this to some extent with the privacy settings but it isn’t as simple as it sounds. They’re complex and have serious limitations in practice (see .https://www.eff.org/deeplinks/2010/04/facebook-timeline). So even if Facebook is secure it is hard to guarantee all your Facebook friends access Facebook securily (many people have malware on their computer). To summarise it is far harder to restrict access to your content on your Facebook than you might think, so it might be wise to treat it as public discourse.