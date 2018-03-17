Did Cambridge Analytica Harvest 50 Million Facebook Profiles? (theguardian.com) 25
Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."
Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...
The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."
Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...
"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."
If your Facebook Profile is set to "Public" then all the "Public" can see it. This is a "breach"? Maybe of the Facebook TOS, but those are meaningless.
This is from the original Slashdot article on the subject:
Facebook said late Friday that it had suspended Strategic Communication Laboratories (SCL), along with its political data analytics firm, Cambridge Analytica, for violating its policies around data collection and retention.
I'm really not sure how you can "suspend" someone or some organization from accessing "Public" - i.e publically available - data on a public facing website. Again, these TOS things are bu8llshit - you put it out there free of charge, people can do what they want with it, as long as a real law hasn't been broken.
The same way a restaurateur can refuse to serve a customer who previously made a mess of your dining room.
Facebook may be 'facing the public' but its still a private service and it can decide not to provide service, or do business with anyone it wants pretty much for any reason, at any time. The ToS maybe "bullshit", but its not even necessary... they don't have to wait until you violate the ToS they can decide they just don't like your face, without any ToS at all.
I'm more concerned about shadow profiles (Score:4, Insightful)
Given I closed my Facebook account several years ago, I'm more worried about whether these bad actors managed to access Facebook's shadow profiles - since, unfortunately, most of my family is on Facebook.
For people who are actually on Facebook - including my family - I say "don't pretend to be outraged since you voluntarily decided to hand them all your personal information".
Slashdot commenters want to have it both ways:
- Users are too dumb to know what they are signing up for. #sheeple
- Users knew what they were signing up for, no use crying over it now.
If you posted stuff on facebook for the general public to read (which is the sole reason to post stuff on facebook as far as I can tell) then what's the problem with the general public reading it?
I don't see any reason why this is any kind of breach of privacy or a surprise.
Perhaps facebook's problem here is that they didn't negotiate a sufficiently high service charge or license fee for the third party use of their data but that's their problem to solve, nothing to do with the folks who entered their data
So the only thing he did that made Facebook take action was violate their ToS. They're making it seem as if this is some generous act on their part, their tools did exactly what they were meant to do but they're upset he didn't grease their palms first.
At least they're moving on from 'teh Russians' (Score:1)
BS story (Score:2)
There's little evidence that CA did anything better than guessing. These stories just burnish the reputation of a scam company.
Hell, where's the story on Theranos getting pulled out of Walgreen's because they're cutting too much into their profit margin.
