Facebook: 2 billion users may have had their personal data skimmed

“Most” of Facebook’s 2 billion users may have had their personal data skimmed from the site by “malicious actors,” the company said in a blog post by Chief Technology Officer Mike Schroepfer.


  1. Tomi Engdahl says:

    Facebook Scans the Photos and Links You Send on Messenger

    System aims to detect content that violates standards
    Company on the defensive about how it handles private data

  2. Tomi Engdahl says:

    Facebook admits its data drama has ‘a few’ advertisers pressing pause

    In an interview with Bloomberg, Facebook’s Sheryl Sandberg disclosed the fact that ongoing privacy revelations around Cambridge Analytica have some advertisers skittish.

  3. Tomi Engdahl says:

    Hannah Kuchler / Financial Times:
    Sheryl Sandberg says Facebook “underinvested” in safety and security and that she and Zuckerberg should have spoken about Cambridge Analytica scandal sooner — Sheryl Sandberg, Facebook’s second-in-command, said she personally made “mistakes” and that the company had been too slow …

  4. Tomi Engdahl says:

    Rhett Jones / Gizmodo:
    Facebook disables email and phone number search after malicious actors abused the features to scrape public profile data; company says most accounts affected — Since the Cambridge Analytica privacy scandal first broke last month, Facebook has tried out a number of PR strategies to address the growing outcry.

    Facebook Just Made a Shocking Admission, and We’re All Too Exhausted to Notice

  5. Tomi Engdahl says:

    Julia Angwin / The Atlantic:
    Facebook reforms being discussed in Washington: fines for data breaches, political ad policing, liability for objectionable content, and ethics review boards

    How the Government Could Fix Facebook

    After years of allowing the world’s largest social network to police itself, Congress and federal regulators are discussing some promising reforms.

  6. Tomi Engdahl says:

    Christina Farr / CNBC:
    Sources: Facebook asked several US hospitals to share anonymized data about patients for a proposed research project, but plan is on hold amid privacy scandals — – Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data …

    Facebook sent a doctor on a secret mission to ask hospitals to share patient data

    Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients.
    The idea was to build profiles of people that included their medical conditions, information that health systems have, as well as social and economic factors gleaned from Facebook.
    Facebook said the project is on hiatus so it can focus on “other important work, including doing a better job of protecting people’s data.”

  7. Tomi Engdahl says:

    Facebook demands ID verification for big Pages, “issue” ad buyers


    Facebook demands ID verification for big Pages, “issue” ad buyers
    Josh Constine
    @JoshConstine / 17 minutes ago

    facebook-election-interference (1)
    Facebook is looking to self-police by implementing parts of the proposed Honest Ads Act before the government tries to regulate it. To fight fake news and election interference, Facebook will require the admins of popular Facebook Pages and advertisers buying political or “issue” ads on “debated topics of national legislative importance” like education or abortion to verify their identity and location. Those that refuse, are found to be fraudulent, or are trying to influence foreign elections will have their Pages prevented from posting to the News Feed or their ads blocked.

  8. Tomi Engdahl says:

    Don’t Fix Facebook. Replace It.

    After years of collecting way too much data, Facebook has finally been caught in the facilitation of one privacy debacle too many.

    lawmakers will no doubt ask how Facebook might restore the public’s trust and whether it might accept some measure of regulation. Yet in the big picture, these are the wrong questions to be asking.

    The right question: What comes after Facebook? Yes, we have come to depend on social networks, but instead of accepting an inherently flawed Facebook monopoly, what we most need now is a new generation of social media platforms that are fundamentally different in their incentives and dedication to protecting user data. Barring a total overhaul of leadership and business model, Facebook will never be that platform.

  9. Tomi Engdahl says:

    Facebook reportedly suspends AggregateIQ over connection to improper data-sharing

    AggregateIQ, a Canadian advertising tech and audience intelligence company, has been suspended by Facebook for allegedly being closely connected with SCL, the parent company of Cambridge Analytica, reported the National Observer.

    News broke late last month that AIQ, which was deeply involved with (and handsomely paid by) pro-Leave Brexit groups, was not the independent Canadian data broker it claimed to be.

  10. Tomi Engdahl says:

    Instagram suddenly chokes off developers as Facebook chases privacy

    Without warning, Instagram has broken many of the unofficial apps built on its platform. This weekend it surprised developers with a massive reduction in how much data they can pull from the Instagram API, shrinking the API limit from 5,000 to 200 calls per user per hour. Apps that help people figure out if their followers follow them back or interact with them, analyze their audiences or find relevant hashtags are now quickly running into their API limits, leading to broken functionality and pissed off users.

  11. Tomi Engdahl says:

    Senator warns Facebook better shape up or get ‘broken up’

    “Mr. Zuckerberg is going to have a couple of very unpleasant days before Congress next week and that’s the place to start,” Wyden said at the TechFestNW conference in his home state of Oregon on Friday.

    “There are going to be people who are going to say Facebook ought to be broken up. There have been a number of proposals and ideas for doing it and I think unless [Zuckerberg] finds a way to honor the promise he made several years ago, he’s gonna have a law on his hands.”

    For Wyden, concealing the truth about data sharing in the fine print is a deceptive practice that’s gone on too long.

    “I think we got to establish a principle once and for all that you own your data, period,” Wyden said.

  12. Tomi Engdahl says:

    Hannah Kuchler / Financial Times:
    Sheryl Sandberg says Facebook “underinvested” in safety and security and that she and Zuckerberg should have spoken about Cambridge Analytica scandal sooner

    Sheryl Sandberg says Facebook was too slow to respond to crises
    Social network ‘still does not know what data Cambridge Analytica has’

  13. Tomi Engdahl says:

    Zeynep Tufekci / Wired:
    Mark Zuckerberg’s 14-year apology tour for privacy invasions hasn’t fixed Facebook because Facebook’s decisions are still primarily driven by its business model

    Why Zuckerberg’s 14-Year Apology Tour Hasn’t Fixed Facebook

    In 2003, one year before Facebook was founded, a website called Facemash began nonconsensually scraping pictures of students at Harvard from the school’s intranet and asking users to rate their hotness. Obviously, it caused an outcry. The website’s developer quickly proffered an apology.

    In 2004 Zuckerberg cofounded Facebook, which rapidly spread from Harvard to other universities. And in 2006 the young company blindsided its users with the launch of News Feed, which collated and presented in one place information that people had previously had to search for piecemeal. Many users were shocked and alarmed that there was no warning and that there were no privacy controls. Zuckerberg apologized. “This was a big mistake on our part, and I’m sorry for it,” he wrote on Facebook’s blog. “We really messed this one up,” he said.

    Then in 2007, Facebook’s Beacon advertising system, which was launched without proper controls or consent, ended up compromising user privacy by making people’s purchases public.

    By 2008, Zuckerberg had written only four posts on Facebook’s blog: Every single one of them was an apology or an attempt to explain a decision that had upset users.

    In 2010, after Facebook violated users’ privacy by making key types of information public without proper consent or warning

    I’m going to run out of space here, so let’s jump to 2018 and skip over all the other mishaps and apologies and promises to do better

    Last month, Facebook once again garnered widespread attention with a privacy related backlash when it became widely known that, between 2008 and 2015, it had allowed hundreds, maybe thousands, of apps to scrape voluminous data from Facebook users—not just from the users who had downloaded the apps, but detailed information from all their friends as well.

    One such app was run by a Cambridge University academic named Aleksandr Kogan, who apparently siphoned up detailed data on up to 87 million users in the United States and then surreptitiously forwarded the loot to the political data firm Cambridge Analytica. The incident caused a lot of turmoil

    At first Facebook indignantly defended itself, claiming that people had consented to these terms

    But the backlash wouldn’t die down. Attempting to respond to the growing outrage, Facebook announced changes. “It’s Time to Make Our Privacy Tools Easier to Find”,

    Zuckerberg again went on an apology tour, giving interviews to The New York Times, CNN, Recode, WIRED, and Vox (but not to the Guardian and Observer reporters who broke the story). In each interview he apologized. “I’m really sorry that this happened,” he told CNN. “This was certainly a breach of trust.”

    But Zuckerberg didn’t stop at an apology this time. He also defended Facebook as an “idealistic company” that cares about its users and spoke disparagingly about rival companies that charge users money for their products while maintaining a strong record in protecting user privacy.

    Facebook’s 2 billion users are not Facebook’s “community.”

    This isn’t a community; this is a regime of one-sided, highly profitable surveillance, carried out on a scale that has made Facebook one of the largest companies in the world by market capitalization.

    Whenever a serious competitor to Facebook has arisen, the company has quickly copied it (Snapchat) or purchased it (WhatsApp, Instagram), often at a mind-boggling price that only a behemoth with massive cash reserves could afford.

    So, here’s the thing. There is indeed a case of Stockholm syndrome here. There are very few other contexts in which a person would be be allowed to make a series of decisions that have obviously enriched them while eroding the privacy and well-being of billions of people; to make basically the same apology for those decisions countless times over the space of just 14 years; and then to profess innocence, idealism, and complete independence from the obvious structural incentives that have shaped the whole process. This should ordinarily cause all the other educated, literate, and smart people in the room to break into howls of protest or laughter. Or maybe tears.

    Facebook has tens of thousands of employees, and reportedly an open culture with strong internal forums.

    By now, it ought to be plain to them, and to everyone, that Facebook’s 2 billion-plus users are surveilled and profiled, that their attention is then sold to advertisers and, it seems, practically anyone else who will pay Facebook—including unsavory dictators like the Philippines’ Rodrigo Duterte. That is Facebook’s business model. That is why the company has an almost half-a-trillion-dollar market capitalization, along with billions in spare cash to buy competitors.

    These are such readily apparent facts that any denial of them is quite astounding.

  14. Tomi Engdahl says:

    6 questions Facebook’s Mark Zuckerberg still needs to answer

    The CEO of the world’s largest social network will testify before Congress next week. Maybe he’ll answer our burning questions.

  15. Tomi Engdahl says:

    New York Times:
    Preparing for Mark Zuckerberg’s congressional testimony, Facebook hired advisers who are coaching him and are role-playing members of congress in mock hearings — For Facebook, Tuesday is being seen as a kind of dreaded final exam. — That’s when Mark Zuckerberg, the company’s chief executive …

    Zuckerberg Gets a Crash Course in Charm. Will Congress Care?

    For Facebook, Tuesday is being seen as a kind of dreaded final exam.

    That’s when Mark Zuckerberg, the company’s chief executive, will swap out his trademark gray T-shirts for a suit and tie, and embark on a two-day marathon of testimony on Capitol Hill. His goal? To apologize for Facebook’s missteps, reassure Congress that Facebook intends to stop foreign powers from using its service to meddle in American elections and detail the company’s plans to better protect its users’ privacy.

    It has also hired a team of experts, including a former special assistant to President George W. Bush, to put Mr. Zuckerberg, 33, a cerebral coder who is uncomfortable speaking in public, through a crash course in humility and charm.

  16. Tomi Engdahl says:

    Michelle Castillo / CNBC:
    Facebook suspends data analytics firm CubeYou which developed popular quiz apps for Cambridge University and boasted of having personal info of tens of millions

    Facebook suspends another data analytics firm after CNBC discovers it was using tactics like Cambridge Analytica

    Data analytics firm CubeYou used personality quizzes clearly labeled for “non-profit academic research” to help marketers find customers.
    One of its quizzes, “You Are What You Like” which also goes by “Apply Magic Sauce,” states it is only for “non-profit academic research that has no connection whatsoever to any commercial or profit-making purpose or entity.”
    When CNBC showed Facebook the quizzes and terms, which are similar to the methods used by Cambridge Analytica, Facebook said it was going to suspend CubeYou from the platform to investigate.

  17. Tomi Engdahl says:

    Zeynep Tufekci / Wired:
    Despite repeated apologies over 14 years from Mark Zuckerberg, Facebook has continued to violate users’ privacy, driven primarily by its business model

  18. Tomi Engdahl says:

    Facebook’s Sandberg Says Other Cases of Data Misuse Possible

    Facebook was aware more than two years ago of Cambridge Analytica’s harvesting of the personal profiles of up to 87 million users and cannot rule out other cases of abuse of user data, chief operating officer Sheryl Sandberg said.

    Sandberg, who joined Facebook in 2008 from Google, has been largely silent since the privacy scandal broke but she gave interviews on Thursday and Friday to National Public Radio and NBC’s “Today Show.”

    “We know that we did not do enough to protect people’s data,” Sandberg told NPR. “I’m really sorry for that. Mark (Zuckerberg) is really sorry for that, and what we’re doing now is taking really firm action.”

    “Safety and security is never done, it’s an arms race,” she said. “You build something, someone tries to abuse it.”

    “But the bigger (question) is, ‘Should we have taken these steps years ago anyway?’” Sandberg said. “And the answer to that is yes.

    “We really believed in social experiences, we really believed in protecting privacy, but we were way too idealistic,” she said.

  19. Tomi Engdahl says:

    Apple co-founder Steve Wozniak says he’s left Facebook over data collection

    Apple co-founder Steve Wozniak told USA TODAY he’s leaving Facebook out of growing concern for the carelessness with which Facebook and other Internet companies treat the private information of users.

    “Users provide every detail of their life to Facebook and … Facebook makes a lot of advertising money off this,” he said in an email to USA TODAY. “The profits are all based on the user’s info, but the users get none of the profits back.”

    Wozniak said he’d rather pay for Facebook than have his personal information exploited for advertising. And he heaped praise on Apple for respecting people’s privacy.

    “Apple makes its money off of good products, not off of you,” Wozniak said. “As they say, with Facebook, you are the product.”

    Zuckerberg hit back in a subsequent interview with Vox, calling Cook’s comments “extremely glib.”

    “If you want to build a service which is not just serving rich people, then you need to have something that people can afford,” said Zuckerberg.”

    Wozniak is one of the prominent users who have called it quits. On Sunday, he deactivated his Facebook account after posting the following message: “I am in the process of leaving Facebook. It’s brought me more negatives than positives. Apple has more secure ways to share things about yourself. I can still deal with old school email and text messages.”

    In an email to USA TODAY, Wozniak said he was taken aback by the extent of Facebook’s data collection when he changed and deleted some of his information before deactivating his account.

    Still, breaking up with Facebook isn’t easy. Wozniak chose not to delete his Facebook account. He didn’t mind bidding farewell to his 5,000 Facebook friends, many of whom he says he doesn’t know. But he didn’t want to give up his “stevewoz” screen name.

    “I don’t want someone else grabbing it, even another Steve Wozniak,” he said.

  20. Tomi Engdahl says:

    Lähes 20 000 suomalaista saa tänään Facebookilta ikävän viestin – pian selviää, ovatko tietosi vuotaneet

    Facebook to contact 87 million users affected by data breach

    Message will reveal which users had personal information was harvested by Cambridge Analytica

  21. Tomi Engdahl says:

    Facebook Scans the Photos and Links You Send on Messenger

    Facebook Inc. scans the links and images that people send each other on Facebook Messenger, and reads chats when they’re flagged to moderators, making sure the content abides by the company’s rules. If it doesn’t, it gets blocked or taken down.

    The company confirmed the practice after an interview published earlier this week with Chief Executive Officer Mark Zuckerberg raised questions about Messenger’s practices and privacy. Zuckerberg told Vox’s Ezra Klein a story about receiving a phone call related to ethnic cleansing in Myanmar. Facebook had detected people trying to send sensational messages through the Messenger app, he said.

    “In that case, our systems detect what’s going on,” Zuckerberg said. “We stop those messages from going through.”

  22. Tomi Engdahl says:

    Facebook suspends another data analytics firm after CNBC discovers it was using tactics like Cambridge Analytica

    Data analytics firm CubeYou used personality quizzes clearly labeled for “non-profit academic research” to help marketers find customers.
    One of its quizzes, “You Are What You Like” which also goes by “Apply Magic Sauce,” states it is only for “non-profit academic research that has no connection whatsoever to any commercial or profit-making purpose or entity.”
    When CNBC showed Facebook the quizzes and terms, which are similar to the methods used by Cambridge Analytica, Facebook said it was going to suspend CubeYou from the platform to investigate.

  23. Tomi Engdahl says:

    Maybe it doesn’t matter. All they need to do is access your data once and then save a copy of the data to a database….ridiculous!

    Facebook begins blocking apps from accessing user data after 90 days of non-use

  24. Tomi Engdahl says:

    Fact Check:
    What Mark Zuckerberg Said About Facebook, Privacy and Russia

    Mark Zuckerberg, Facebook’s chief executive, is testifying before Congress on Tuesday and Wednesday to answer questions about the social network’s failure to protect the data of millions of its users and its role in Russian interference in the 2016 presidential election.

    Here are some of Mr. Zuckerberg’s claims, as well as some claims from the lawmakers, which we fact checked.

  25. Tomi Engdahl says:

    Mark Zuckerberg: ‘There will always be a version of Facebook that is free’

    Today during Mark Zuckerberg’s testimony before the Senate, the Facebook CEO reiterated that “there will always be a version of Facebook that is free.”

    In the midst of the Cambridge Analytica scandal, in which the user data of up to 87 million people was sold by a third-party developer to Trump Campaign-linked firm Cambridge Analytica, there has been talk of Facebook potentially adding a subscription layer.

    The scandal has brought to light the heart of a problem that many have been well aware of: if you’re not buying a product, you are the product.

  26. Tomi Engdahl says:

    Jordan Novet / CNBC:
    Zuckerberg’s notes for hearing: “Lots of stories about apps misusing Apple data, never seen Apple notify people”, “Don’t say we already do what GDPR requires”

    Mark Zuckerberg’s notes for his Senate hearing, revealed

    The notes say Zuckerberg should not say that Facebook already does everything required under the European Union’s upcoming General Data Protection Regulation rules.
    The document provided the Facebook CEO with go-to lines to use in response to questions about whether he would resign and whether Facebook should be broken up.

  27. Tomi Engdahl says:

    Casey Newton / The Verge:
    Hearing highlights: Zuckerberg was asked about Facebook’s monopoly power, hopes AI will flag bad content in future, says Facebook doesn’t snoop on phone calls — Congress doesn’t understand Facebook. Does anyone? — Mark Zuckerberg made his highly anticipated debut before Congress today during …

    The 5 biggest takeaways from Mark Zuckerberg’s appearance before the Senate

    Congress doesn’t understand Facebook. Does anyone?

    Mark Zuckerberg made his highly anticipated debut before Congress today during a marathon five-hour hearing before a joint session of the Commerce and Judiciary committees. Zuckerberg remained calm and level-headed throughout, and senators were mostly polite and deferential as they sought to understand how Facebook had inadvertently allowed the profiles of up to 87 million people to be collected by the political data-mining firm Cambridge Analytica.

  28. Tomi Engdahl says:

    Zuckerberg struggles to name a single Facebook competitor
    ‘Is there an alternative to Facebook in the private sector?’ asked Sen. Lindsey Graham

    “Who’s your biggest competitor?” Graham asked Zuckerberg. The CEO struggled to answer the question, naming Google, Apple, Amazon, and Microsoft as “overlap[ing]” with Facebook in different ways.

    “If I buy a Ford, and it doesn’t work well, and I don’t like it, I can buy a Chevy. If I’m upset with Facebook, what’s the equivalent product I can go sign up for?” Graham asked. When Zuckerberg attempted to again break down Facebook’s different types of services, Graham reiterated his question.

    “I’m not talking about categories. I’m talking about real competition you face. ‘Cause car companies face a lot of competition. They make a defective car, it gets out in the world, people stop buying that car, they buy another one. Is there an alternative to Facebook in the private sector?”

    Zuckerberg tried to give a longer answer about how the “average American uses eight different apps” to connect with their friends, attempting to frame Facebook as just one of many apps.

    Shortly thereafter, Graham cut to the chase and asked if Zuckerberg thought Facebook was a monopoly.

    “It certainly doesn’t feel like that to me,” Zuckerberg replied, as laughter rippled through the room.

  29. Tomi Engdahl says:

    Christopher Knaus / The Guardian:
    Just 53 Australians and 10 New Zealanders used the Facebook quiz app that Cambridge Analytica gleaned data from, but ~375K users in the countries were affected

    Just 53 Australians used Facebook app responsible for Cambridge Analytica breach

    Most of 310,000 Australians affected by breach did not directly consent to harvesting of their personal details

  30. Tomi Engdahl says:

    Zuckerberg: Facebook Doesn’t Use Your Mic For Ad Targeting

    During today’s joint hearing before the Senate Judiciary and Commerce Committees, CEO Mark Zuckerberg fully denied the idea that Facebook listens in on your conversations via microphones to display relevant ads.


  31. Tomi Engdahl says:

    Mark Zuckerberg’s Privacy Shell Game

    Mark Zuckerberg appeared before Congress Tuesday, and for five hours, senators who appeared to have halting grasp of the company’s intricacies questioned the Facebook CEO on topics ranging from Russia to artificial intelligence. Zuckerberg for the most part gave considered answers to their questions—except when it came to the specifics of how users can control their privacy.

    That Zuckerberg would dodge uncomfortable questions is a disappointment, though maybe no surprise. But when it came to addressing how the company collects and handles data—and what tools it gives you to control that flow of information—Zuckerberg landed repeatedly on a common refrain: Users have complete control over how their data gets used.

  32. Tomi Engdahl says:

    If Congress Doesn’t Understand Facebook, What Hope Do Its Users Have?

    Facebook CEO Mark Zuckerberg received a less than warm welcome in Washington, DC, where he testified before a joint hearing of two Senate committees Tuesday. Among the crowds of spectators lining up to watch Zuckerberg get grilled were members of the activist group CodePink, wearing oversized sunglasses with the words, “Stop Spying,” written across them. Another group wore t-shirts with the hashtag #DeleteFacebook scrawled on them in red Sharpie.

  33. Tomi Engdahl says:

    Facebook and the Price of Tech Utopia

    In the dawning days of the millennium, a great harvest was promised. A new class of young revolutionists, who saw the world as not yet living up to its grandeur and thus felt the duty to order it in their vision, vowed a season of abundance and grand prosperity. Among these strivers was Facebook CEO Mark Zuckerberg, whose pursuit—equal parts singular, noble, and naive—was to rewire communication. Beset by a pioneer spirit, Zuckerberg sculpted ambition into reality, upending the way we document, exchange, and consume information. In doing so, he has in part revolutionized the capacity of human potential. But just as a harvest rewards, so will it forsake. What has since transpired from those early moments of millennial innocence is as tragic as it was inevitable. The cost of utopia, we are now seeing, may be too high.

  34. Tomi Engdahl says:

    What privacy rights Facebook users give up when joining

    More than two billion users have accepted Facebook’s terms and conditions when joining—and most of those users probably didn’t read through the fine print to know exactly what they were agreeing to.

    Facebook can track users’ location through GPS, Bluetooth and WIFI.

    It can collect payment information, like a credit card, when users make purchases through the site. It can even pick up on keywords users search or say in conversations.

    Karrie Karahalios, a University of Illinois Computer Science Professor, said the idea of online privacy is still a new concept.

    “Everyone is trying to figure out what privacy means right now in this century,” Karahalios said.

  35. Tomi Engdahl says:

    Key Points From Facebook-Zuckerberg Hearings

    Facebook chief Mark Zuckerberg testified for nearly 10 hours over two days on Facebook’s privacy and data protection issues before committees of the Senate and House on Tuesday and Wednesday. Here are key points:

    Protecting the platform

    “It’s clear now we didn’t do enough,” Zuckerberg said on the protection of private user data and to prevent the hijacking of data on millions by Cambridge Analytica.

    Zuckerberg said Facebook was built as “an idealistic and optimistic company” to help people connect but failed “to prevent these tools from being used for harm… that goes for fake news, for foreign interference in elections, and hate speech, as well as developers and data privacy.”

    He said that by the end of the year Facebook would have 20,000 people working on security and content review and would also step up use of artificial intelligence to weed out fake accounts and inappropriate content.

  36. Tomi Engdahl says:

    Hard Questions: What Data Does Facebook Collect When I’m Not Using Facebook, and Why?

    When does Facebook get data about people from other websites and apps?
    Many websites and apps use Facebook services to make their content and ads more engaging and relevant. These services include:

    Social plugins, such as our Like and Share buttons, which make other sites more social and help you share content on Facebook;
    Facebook Login, which lets you use your Facebook account to log into another website or app;
    Facebook Analytics, which helps websites and apps better understand how people use their services; and
    Facebook ads and measurement tools, which enable websites and apps to show ads from Facebook advertisers, to run their own ads on Facebook or elsewhere, and to understand the effectiveness of their ads.
    When you visit a site or app that uses our services, we receive information even if you’re logged out or don’t have a Facebook account. This is because other apps and sites don’t know who is using Facebook.

  37. Tomi Engdahl says:

    Josh Constine / TechCrunch:
    Researchers: 3rd-party JavaScript trackers embedded on sites using Login With Facebook can grab Facebook user data; abusive scripts found on 434 of top 1M sites — Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed …

    Login With Facebook data hijacked by JavaScript trackers

    Facebook confirms to TechCrunch that it’s investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user’s data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It’s unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data.

  38. Tomi Engdahl says:

    Login With Facebook data hijacked by JavaScript trackers

    Facebook could have identified these trackers and prevented these exploits with sufficient API auditing. It’s currently ramping up API auditing as it hunts down other developers that might have improperly shared, sold, or used data

    Revelations like this are likely to beckon a bigger data backlash. Over the years, the public had became complacent about the ways their data was exploited without consent around the web. While it’s Facebook in the hot seat, other tech giants like Google rely on user data and operate developer platforms that can be tough to police. And news publishers, desperate to earn enough from ads to survive, often fall in with sketchy ad networks and trackers.

    Zuckerberg makes an easy target because the Facebook founder is still the CEO, allowing critics and regulators to blame him for the social network’s failings. But any company playing fast and loose with user data should be sweating.

  39. Tomi Engdahl says:

    An investigation of data-mining company Palantir, cofounded by Peter Thiel, which works with government agencies and law enforcement to help track US citizens — Peter Thiel’s data-mining company is using War on Terror tools to track American citizens. The scary thing? Palantir is desperate for new customers.

    Palantir Knows Everything About You

  40. Tomi Engdahl says:

    LinkedIn Vulnerability Allowed User Data Harvesting

    LinkedIn recently patched a vulnerability that could have been exploited by malicious websites to harvest data from users’ profiles, including private information.

    The flaw affected the AutoFill functionality, which allows websites to offer users the possibility to quickly fill out forms with data from their LinkedIn profile. Users simply click the AutoFill button on a webpage containing a form and some of the fields are pre-populated with data available from LinkedIn, including name, title, company, email address, phone number, city, zip code, state and country.

    Jack Cable, an 18-year-old researcher based in Chicago, noticed that this functionality could have been abused to harvest user data by placing the AutoFill button on a malicious site. Rather than leaving the button as provided by LinkedIn, an attacker could have changed its properties to spread it across the entire web page and make it invisible.

    Whenever a user would visit the malicious site and click anywhere on the page, they would actually be clicking on the invisible AutoFill button, resulting in their LinkedIn data being harvested by the website.


  41. Tomi Engdahl says:

    Josh Constine / TechCrunch:
    To better protect user data, Facebook and Instagram announce they will shut down or make changes to several APIs, with some going into affect today

    Facebook shuts down custom feed-sharing prompts and 12 other APIs

    Facebook is making good on Mark Zuckerberg’s promise to prioritize user safety and data privacy over its developer platform. Today Facebook and Instagram announced a slew of API shutdowns and changes designed to stop developers from being able to pull your data or your friends’ data without express permission, drag in public content or trick you into sharing.

    Some changes go into effect today, and others roll out on August 1 so developers have more than 90 days to fix their apps. They follow the big changes announced two weeks ago.

    Most notably, app developers will have to start using the standardized Facebook sharing dialog to request the ability to publish to the News Feed on a user’s behalf. They’ll no longer be able to use the publish_actions API

    One significant Instagram Graph API change is going into effect today, which removes the ability to pull the name and bio of users who leave comments on your content, though commenters’ usernames and comment text is still available.

  42. Tomi Engdahl says:

    Tony Romm / Washington Post:
    Conflict of interest concerns raised over FTC settlements that let Facebook, Google, Twitter, and Uber choose third-party responsible for compliance assessments

  43. Tomi Engdahl says:

    Tony Romm / Washington Post:
    FTC settlements that allow tech giants to choose third parties for privacy assessments spare the agency resources but may lead to conflicts of interest — Facebook’s mishandling of its users’ personal information prompted stiff penalties from the U.S. government in 2011 …

    Facebook’s handpicked watchdogs gave it high marks for privacy even as the tech giant lost control of users’ data

    Facebook’s mishandling of its users’ personal information prompted stiff penalties from the U.S. government in 2011 — including a requirement that the social giant submit to regular privacy checkups for the next two decades.

    However, Facebook got to handpick its own reviewers, global accounting firm PwC, which didn’t appear to catch marketers, political consultants and malicious actors as they tapped public and private profile data on Facebook without users’ permission or knowledge, even years after the social giant’s first major privacy mishap.

    To government officials and consumer watchdogs alike, it’s a sign that a key element of Washington’s chief mechanism for overseeing Facebook — and many of its privacy-infringing tech industry peers — isn’t sufficiently independent and may lack teeth.

  44. Tomi Engdahl says:

    Will Oremus / Slate:
    A history of the Facebook critique “if you’re not paying, you’re the product” and why it wrongly paints users as powerless pawns incapable of demanding change

    Are You Really the Product?
    The history of a dangerous idea.

  45. Tomi Engdahl says:

    Joseph Cox / Motherboard:
    Facebook confirms it has fired one of its security engineers who allegedly used privileged access to stalk women online

    Facebook Fires Employee Who Allegedly Used Data Access to Stalk Women

    After a member of the information security community provided evidence to Facebook’s chief information security officer, the company has terminated a security engineer who allegedly used their work position to stalk women online.

  46. Tomi Engdahl says:

    Facebook’s Growing Privacy Concern

    Facebook’s Web Traffic Monitoring is Second Only to Google

    With GDPR imminent (25 May), Facebook’s problems in Europe are mounting. In April, CEO Mark Zuckerberg was questioned by Congress on the Cambridge Analytica affair. He declined to face British lawmakers, sending CTO Mike Schroepfer in his place. Now Damian Collins, head of the UK parliament’s Digital, Culture, Media and Sport Committee, has said, “We hope that [Zuckerberg] will respond positively to our request, but if not the Committee will resolve to issue a formal summons for him to appear when he is next in the UK.”

    It’s not just the Cambridge Analytica scandal. Austrian privacy activist Max Schrems has been pursuing Facebook for years. An earlier case against Facebook led to a European Court of Justice ruling on October 6, 2015 declaring the Safe Harbor agreement between the EU and U.S. to be unconstitutional and invalid. This is often described as the Schrems Ruling, and is now part of EU case law.

    Safe Harbor was replaced by Privacy Shield; and Max Schrems has pursued a largely similar course of action — claiming that his rights as an EU citizen are violated by Facebook transferring his PII to the U.S. where they are easily available to third parties. Once again the case was heard in Ireland (EU home to Facebook); and once again, it has been referred to the Court of Justice of the EU for a decision.

    The Schrems Ruling will undoubtedly figure in the court’s deliberations; as will the new U.S. CLOUD Act that makes it easier for U.S. government agencies to access any data held by U.S. companies anywhere in the world.


Leave a Comment

Your email address will not be published. Required fields are marked *