Facebook Hacks and SMS, Oh My

What Facebook’s Cambridge Analytica problem means for your data

As you may already know, there’s been a security meltdown at Facebook, thanks to a company called Cambridge Analytica and Donald Trump. Facebook CEO Mark Zuckerberg insists it wasn’t a breach, which is technically true. But that doesn’t change the fact that the data of 50 million users was obtained without express permission and used for political purposes.

This is a tricky topic to tackle because the story is ongoing, and we won’t have a clear picture of events for quite some time. If you want to keep up with the latest happenings, the Cambridge Analytica files section on the Guardian website is a solid resource.

What we can do, though, is explain in simple terms exactly what happened at Facebook, and what it means for you as a user. Slight spoiler alert: It involves lots of complex questions about what you really want and need from a social network platform. But we’ll get to that. First up?

The explanation, step-by-step

  1. An app called thisisyourdigitallife, created by Aleksandr Kogan, was used to roll out a personality test to hundreds of thousands of (paid) volunteers, who agreed to have their data collected for academic use, and who also logged in using their Facebook account.
  2. The app also (legally at the time) collected the data of the volunteers’ friends on Facebook, which resulted in a data pool made up of tens of millions of users. While the volunteers allowed the app access to their friend’s list, they likely didn’t realize the extent to which the data would be mined.
  3. Facebook data collected by app developers isn’t supposed to be used for advertising or sold to third parties, but Kogan shared the data with Cambridge Analytica, the firm that helped elect Donald Trump. And that’s where everything starts to go wrong because there’s now an ongoing investigation into the use of this data for political purposes.

Done! And it only took three steps.

What now?

See, I’m moving away from all that complicated government/election/political stuff because it’s a gigantic, tangled mess. If you want to learn more about the political implications of this non-breach, you can read the New York Times story that broke the camel’s back, if you will.

Instead, I’d like to address the Facebook bit and what users can do to protect their data from future misuse. Sadly, the answer to that is: not much, at the moment. We can certainly explain privacy permissions and app security, but ultimately it can only help so much. Keep in mind that this passing of data from one place to another—and the fact that it is not a breach—had the ball set rolling by people voluntarily signing up for something. Nobody went in and crowbarred a bunch of data in the middle of the night. Today’s acceptable permissions are tomorrow’s dumpster fire. And, as with the above meltdown, there’s often nothing stopping a large chunk of data being collected in the “right” way, but then being used in a decidedly wrong way afterward.

Or, to put it another way:

Want to escape the clutches of targeted ads? Have fun with that house move to the middle of nowhere. You did say you want to avoid the advertisements, right?


Enabled some app permissions? Nothing to worry about, right? Right? Well, it depends on what worries you.


I could go on, but this is just a *sliver* of the kind of under-the-hood details currently being discussed online in a “Do you know where your data is going?” fashion. The struggle is most definitely uphill, and ultimately if you’re going to use a social network, you have to accept that simply by logging in and making use of basic functionality, you are the product, and your data is up for grabs.

Having said that, if you want to lock down several aspects of your Facebook profile to be as secure as possible within that context, we’ve included some handy links below. Just be conscious of the fact that this doesn’t necessarily “solve” whatever problems you may object to the most. No matter what precautions you take, once the data is in the system, it can just as easily hop, skip, and jump right on out of there. And after the event, there isn’t much you can do about it.

Facebook has changed its data-sharing policies in recent years, so the kind of data handover that happened with Cambridge Analytica isn’t supposed to be able to happen anymore. It’s worth noting that privacy policies, EULAs, and Terms of Service are endlessly shifting sands. Incredible complexity and several headaches await those who try to make sense of it all, and given that everything can change rapidly soon after, the cynical among us may well ask, “Why even bother?”

Keep that whole “Caveat Emptor” thing in your mind at all times, and then make the decision that feels right for you.

How to see—and control—app settings on Facebook for mobile and desktop (source: Mashable)

Downloading your Facebook data (source: A plus)

Controlling your privacy settings (source: Facebook)

Facebook tips for iPhone users (source: Computerworld)

Tips for day-to-day Facebook security precautions (source: Chicago Tribune)

We’ll continue to keep an eye on this story, but for now, we wish you many safe days of social networking ahead. Or, if the misuse of data is enough to make you quit Facebook cold turkey, we wish you many even safer days free of social networking altogether.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.