As part of a calibrated trickle of disclosures over how Facebook mishandled use data and privacy permissions for years, Facebook announced a new round of changes to its platform, and a very unflattering statistic. “In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica,” the company buried at the end of its latest blog post.
As the old saying goes, “WhoOoOoOoOoOoOoOoOoOoOoOoOps!”
To cut down on misuse of Facebook’s data, the company is tightening developer restrictions on their API and what third parties can access, and they’re stepping up their review process for apps that developers integrate with Facebook. For instance, developers accessing a user’s Facebook events through the API will no longer be able to pull the entire guest list.
One of the biggest holes in its system, matching email addresses and phone numbers to user identities, is also being patched: “Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery. Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature.”
Have you ever signed in to a website using Facebook? There’s good news for you! For apps using Facebook’s log-in system, Facebook “will also no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.” Hahaha. Did you know apps had these permissions, and isn’t it wild that they did? Well, it’s fixed now. I mean, all those sites you signed in to with Facebook might still have that data saved somewhere, and there’s no way of knowing if they kept it and sold it, but at least nobody else can do it now.
Anyway, 87 million Americans had their data scraped by a political-strategy firm, often without their knowledge, because around 270,000 people gave a developer access, and Facebook knew about it for years.