Whether you consider it a harmless pastime or necessary evil, you probably have a Facebook account that you use to stay in touch with far-flung friends and family. The average user might assume that their data is safeguarded from third parties as long as they don't volunteer it, but the recent Cambridge Analytica scandal has shown that's unfortunately not the case. You may think you know how to protect your data on Facebook, but there's a good chance you're missing a step or two, because it's actually a fairly complicated process.
First, the background: Cambridge Analytica is a data consulting firm that helped the Trump campaign influence voters on social media during the 2016 election, according to the New York Times. The firm obtained the data from psychology professor Aleksandr Kogan, who told Facebook that he was collecting it for academic purposes, which the social media site allowed. About 270,000 Facebook users voluntarily installed Kogan's app, which was designed to map user' personality traits based on their activity. But it also collected the private data of their friends. In total, Kogan delivered more than 50 million profiles to Cambridge Analytica, which it then used to serve up targeted, customized political messages intended to sway users' beliefs.
Facebook CEO Mark Zuckerberg released a statement saying that a 2014 site redesign will "prevent any app like Kogan's from being able to access so much data today." Sharing the data was also against Facebook policy, he added, and both Kogan and Cambridge Analytica have been banned from the site. He also appeared on CNN on Wednesday, telling host Laurie Segall, "I'm really sorry that this happened," and promising that the company would take further steps to secure user data. A representative for Facebook told Romper that the site will "have more changes to share in the next few days."
If you're patting yourself on the back right now because you know better than to download some sketchy "personality quiz" app, think again. Remember, less than 300,000 people did; the remaining 49 million-plus profiles were friends of theirs, and Facebook still allows apps to do this. You'd assume that there's a simple opt-out button in your privacy settings, but that's actually not the case. Think about everyone you're friends with on Facebook — the neighbors, your former coworkers, relatives who aren't very tech-savvy — and you'll quickly realize why this is a major concern.
To stop apps from gathering your data via your friends, you'll need to go to Settings, and then choose Apps. One of the four categories you can customize is Apps Others Use, and clicking that will bring up a list of 13 separate categories of data. All but two, "Interested in" and "Religious and political views," are available to be harvested by default. Uncheck each box to correct that, and click Save. The other category you'll probably want to edit is Apps, Websites and Plugins, which controls what data you give away via your own actions. And believe me, you've been giving away more than you think.
When you hear about third-party websites integrating with Facebook, you probably think of those silly quizzes that require you to log in, but that's only half of it. Some websites may be trading data about you with Facebook even if you're not logged in, because they have cookies tracking you for advertising purposes. Data from those sites, as well as from your Facebook profile, can all be pooled together to create a complete picture of you and your interests. And that data collection doesn't stop once you close your laptop; if you've ever signed up for a supermarket rewards card or an email newsletter for a retailer, they can upload your data to a Facebook customer list, match it to your profile, and target you with ads.
The most disturbing part of all this is that Facebook doesn't just rely on pages or posts that you Liked to create your ad-targeting profile. It uses all that extra data to fill in the gaps and make assumptions, some of which are way off-base, and some which are probably eerily correct. For example, I discovered that I was being targeted by two regional grocery store chains that don't have any stores in my area of the country. And although sharing "Interested in" and "Religious and political views" were already unchecked on my apps settings, a visit to my ad preferences page also revealed that Facebook had pegged me as a Democratic, LGBTQ, atheist parent of a child aged 8 to 12. I removed every interest that the site assigned me, but I'm sure they'll be back. The only way to really keep your data from Facebook is to delete your account, an option the site does its best to discourage by forcing you to click through multiple links, help articles, and even a slideshow before finally agreeing to purge your data... in 14 days.