Posted on

Facebook Data Breach – How to stop this.

This Facebook Data Breach and How to control your Social Media is the 3rd part of the story and what you may have to endure to stop this again. Social Media Management especially your own is important and such breaches are important and could have consequences yet to be discovered.

Your Social Media Management techniques should be reviewed. As I suggested previously,the API has been used to generate logins to other sites. If you disable this feature on FB you will have to renew and certainly change all your passwords to your SM sites after this and there is no guarantee what has happened with what information. This article from How to Geek outlines how to change your settings.

I hope this will be of use and is certainly something to consider.


How to Stop Facebook Giving Your Data to Third Parties

by Harry Guinness on March 22nd, 2018

The Cambridge Analytica fiasco wasn’t really a data breach. Everything collected was allowed by Facebook’s Terms of Service. So, how can you protect yourself against these sort of things?


How to Quit Facebook, Twitter, Google+ and Other Social Networks

The real problem here is Facebook’s API and platform. By logging into the Cambridge Analytica quiz app, Facebook users willingly (though probably unwittingly) gave up information about themselves and their Facebook friends. So, unless you’re going to go all in and delete your account, you need to address how much of your information third-parties can access with the Facebook API.

Head to Facebook, click the downward facing arrow in the top right, and then click the “Settings” option.

On the sidebar, switch to the “Apps” category. You can also go directly to this link.

There are two options we’re interested in here: “Apps, Websites and Plug-Ins,” and “Apps Others Use.”

The “Apps, Websites and Plugins” setting controls whether you can use Facebook for third-party apps at all. You can only turn it on or off. To do so, click the “Edit” button under that section, and then click the “Disable Platform” button.


How to Remove Third-Party Facebook Apps From Your Account

The problem for you  is that a lot of sites and services use Facebook to verify logins. If you turn it off completely, you won’t be able to log in to things like your Spotify account. If you’re really serious about making sure third-parties can’t get your data, you can disable it, but for the most part, you’re better off being careful with which apps you give your Facebook data to and removing any you no longer use.

The better option is to limit what data of yours third-parties can get from the apps your friends use. To do that, click the “Edit” button under the “Apps Others Use” section.

The checkboxes here control what third-parties can get when your friends log in to their apps. For example, if one of my friends had logged into the quiz and I had things set up the way they’re shown as before, a lot of info is available.

Cambridge Analytica could have my Bio, Birthday, Family and Relationships, Home Town, Current Location, Education and Work, Activities, Interests and Likes, App Activity Website, and whether or not I’m Online. That’s a hell of a lot of info.

To stop your friends inadvertently sharing all this stuff about you, turn off all the options, and then click the “Save” button.

Now, as long as you’re careful with which apps you use, third-parties aren’t going to end up with your data. If they already have it, there’s not a lot you can do, but at least you’re protected from future issues.

Image credit: Clint Adair.

Posted on

Report of Data Breach at Facebook

“What happened ?  It’s not my fault Guv  I dunno”

Here’s something you should be aware of, a recent story just breaking, this article credited to the Recode Newstream. I shall update my blog to pass on interesting articles constantly.

The feature being referred to is the Facebook login. To me it unclear if  this also includes the login you can sometimes do when you use the ‘Login with Facebook or Google Chrome’ in other programs. However, it does appear to include all your friends contact details.

For myself, whilst being a public person, I want my Internet personal privacy and respect that of others and find this shocking from such a large company.

Perhaps we should consider this more when giving similar permissions elsewhere on Social Media.


Here’s how Facebook allowed Cambridge Analytica to get data for 50 million users

Facebook says it isn’t at fault.

By Kurt Wagner  Mar 17, 2018, 3:47pm EDT


Photo by Justin Sullivan/Getty Images

Cambridge Analytica, the data analytics firm that helped Donald Trump get elected President, amassed a trove of Facebook user data for some 50 million people without ever getting their permission, according to a report from The New York Times.

Facebook is in another awkward situation. The company claims that it wasn’t breached, and that while it has suspended Cambridge Analytica from its service, the social giant is not at fault. Facebook contends that its technology worked exactly how Facebook built it to work, but that bad actors, like Cambridge Analytica, violated the company’s terms of service.

On the other hand, Facebook has since changed those terms of service to cut down on information third parties can collect, essentially admitting that its prior terms weren’t very good.

So how did Cambridge Analytica get Facebook data on some 50 million people?

Facebook’s Chief Security Officer, Alex Stamos, tweeted a lengthy defense of the company, which also included a helpful explanation for how this came about. (He later deleted the tweets, saying he “should have done a better job weighing in,” though you can see screenshots of some of them below.)

Facebook offers a number of technology tools for software developers, and one of the most popular is Facebook Login, which lets people simply log in to a website or app using their Facebook account instead of creating new credentials. People use it because it’s easy — usually one or two taps — and eliminates the need for people to remember a bunch of unique username and password combinations.

An example of what Facebook Login looks like. Facebook

When people use Facebook Login, though, they grant the app’s developer a range of information from their Facebook profile — things like their name, location, email or friends list. This is what happened in 2015, when a Cambridge University professor named Dr. Aleksandr Kogan created an app called “thisisyourdigitallife” that utilized Facebook’s login feature. Some 270,000 people used Facebook Login to create accounts, and thus opted in to share personal profile data with Kogan.

Back in 2015, though, Facebook also allowed developers to collect some information on the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. This was not a secret — Facebook says it was documented in their terms of service — but it has since been updated so that this is no longer possible, at least not at the same level of detail.

Through those 270,000 people who opted in, Kogan was able to get access to data from some 50 million Facebook users, according to the Times. That data trove could have included information about people’s locations and interests, and more granular stuff like photos, status updates and check-ins.

The Times found that Cambridge Analytica’s data for “roughly 30 million [people] contained enough information, including places of residence, that the company could match users to other records and build psychographic profiles.”

This all happened just as Facebook intended for it to happen. All of this data collection followed the company’s rules and guidelines.

Things became problematic when Kogan shared this data with Cambridge Analytica. Facebook contends this is against the company’s terms of service. According to those rules, developers are not allowed to “transfer any data that you receive from us (including anonymous, aggregate, or derived data) to any ad network, data broker or other advertising or monetization-related service.”

As Stamos tweeted out Saturday (before later deleting the tweet): “Kogan did not break into any systems, bypass any technical controls, our use a flaw in our software to gather more data than allowed. He did, however, misuse that data after he gathered it, but that does not retroactively make it a ‘breach.’”

Tweets from Facebook’s Chief Security Officer, Alex Stamos, which have since been deleted.

The problem here is that Facebook gives a lot of trust to the developers who use its software features. The company’s terms of service are an agreement in the same way any user agrees to use Facebook: The rules represent a contract that Facebook can use to punish someone, but not until after that someone has already broken the rules.

Facebook is not alone in this world of data sharing. The major mobile platforms like iOS and Android allow developers to collect people’s contact lists with permission. Twitter has a login feature similar to Facebook Login, and so do Google and LinkedIn.

Subscribe to the Recode newsletter