If you’re a Facebook user, you’ve probably heard about the Cambridge Analytica controversy by now. It’s a grim reminder that no matter how careful you are with your online profiles, your information is still being used, cataloged, tracked, monetized and analyzed by a number of companies out there.
In this case, analytics firm Cambridge Analytica is being accused of having acquired a treasure trove of Facebook users’ data by way of a third-party app that served as a personality test.
The company is said to have used this data to influence political campaigns. That revelation, along with the very idea of the site being used to mine information, may be enough to get some to rethink whether or not they actually want to be on Facebook.
But how is this even possible? Are we not masters of our own Facebook data? Well, technically, we are. But with the myriad of settings and privacy options that Facebook throws at you, you have to dig deep into your Facebook profile to protect yourself.
In light of this current fiasco, short of deactivating or deleting your Facebook account, what should be your first order of business?
Well, you have to check, review and audit your Facebook third-party apps. Throw out the outdated, delete the unwanted, kill the unused, remove all the suspicious apps lurking in your Facebook account as soon as you can.
How Facebook third-party apps can be dangerous
Remember when you took that little Facebook quiz? Or that funny photo app that turned you into a Hollywood movie star? Or maybe you’ve been using your Facebook account to log in to other services on the web?
This is Facebook’s API called Platform at work. This allows third-party apps and websites to integrate with your Facebook account and exchange data with them via developer tools.
While there is no denying that this integration can be convenient, it also has a big potential for abuse.
See, when you use “Log in With Facebook” feature and grant a third-party app or service access to your Facebook account, it also asks permission to receive specific Facebook data from you.
Common information that is requested includes your email address, birthdate, gender and public posts and likes.
However, some apps go beyond your basic profile info and ask for more data than they ought to. If you’re not careful about granting these permissions, an app can wind up mining even your most personal data.
This is exactly what happened in the Facebook/Cambridge Analytica debacle.
How Cambridge Analytica collected its data
In 2015, Cambridge University Professor Dr. Aleksandr Kogan developed a Facebook app called “thisisyourdigitallife” and shared his data with data analytics firm Cambridge Analytica.
Thisisyourdigitallife was presented as a personality test (similar to the hundreds of quizzes and tests that some of my Facebook friends seem to take every day) and it was popular enough to reel in 270,000 users.
However, back in 2015, Facebook still allowed third-party apps to collect data, not just from Facebook users who granted the permissions, but from their Facebook friends, as well.
So this means that even if you didn’t take the”thisisyourdigitallife” test yourself, if one of your Facebook friends did, then your information was mined too.
This was all within Facebook’s terms of service back then so as far as Kogan was concerned, the data collection was done without violating Facebook’s rules at that time. (The transfer of data from Kogan to an analytics firm like Cambridge Analytica is highly questionable, though and is actually against Facebook’s terms of service.)
Note: Currently, apps are no longer permitted to collect data from your Facebook friends.
This allowed Cambridge Analytica to amass information from around 50 million Facebook profiles and create psychological profiles that were allegedly used to influence the 2016 U.S. presidential campaign.
UPDATE: 4/4/18 : 2:00 PM PST Security researchers now say more than 87 million Facebook profiles were collected by Cambridge Analytica
Now, when you take that seemingly harmless quiz, app or game, please check its permissions diligently. If it’s asking for more than your basic public information, think twice before logging in and granting it access to your Facebook profile.
Here’s one more thing you need to know. Once you authorize a third-party app to access your Facebook data it can remain on your profile forever.
If you’re not auditing your third-party Facebook apps, they can be accessing your data for years without your knowledge!
So in the name of Facebook security, it’s time to audit those third-party Facebook apps!
How to review and deactivate your third-party apps on Facebook:
Disabling ALL third-party apps and services
1. Go to your Facebook Account Settings to access your Apps and Websites settings.
Desktop: Click the upside-down triangle on the top-right then click Settings >> Apps.
Mobile: Go to your profile page by tapping the “hamburger icon” (three horizontal lines) on the lower-right corner of the screen. Scroll down, tap Settings >> Account Settings >> Apps.
2. On the Apps Settings page, to disable ALL third-party app access with one click, turn off Facebook’s Platform.
Desktop: Click “Edit” on the “Apps, Websites and Plugins” then choose “Disable Platform.”
Mobile: Tap Platform then “Edit” on the “Apps and Websites” section. Choose “Turn Off Platform.”
Disabling individual apps and services
Keep in mind that turning off Facebook’s Platform will disable even the legitimate apps and services that you use. For example, if you linked your Facebook profile to login to or share with other services like Spotify, Airbnb or Twitter, you will lose that access.
To retain third-party apps that you trust, you can manually review and deactivate individual apps instead. Check for outdated apps, apps that you no longer use or apps that you don’t recognize then remove them.
This will also allow you to review each third-party app’s permissions and data level access. If you think an app is receiving information more than it should, then remove it by all means!
Desktop: On the same App Settings page, you’ll see a list of all the third-party apps and services you have authorized. To remove an app, simply click the “x” symbol in the right-hand corner of the app.
Mobile: On the same Apps and Websites page, tap “Logged in with Facebook.” Here, you’ll see all the apps that you’ve authorized. Simply select an app, scroll down then tap “Remove App.”
Ahhh, doesn’t that make you feel better for now?
In related news, Facebook’s new “privacy” tool is actually spying on you.
Facebook recently rolled out its Protect feature that links to a mobile VPN app called Onavo Protect. But is this app doing more than it should? Click here to get the whole lowdown!