My problem with this 'outing' of CA is that Facebook explicitly commercially exists to harvest user data for Procter & Gamble, Johnson & Johnson, Fidelity etc etc so they can profile us. A million dollars is chump change in the crazy US election game. This all seems overly selective - it's ok for some people to profile but not for others. I'm not in favor of any of it to be clear but there is a definite political bias going on here.
Let's not forget FB itself has a formal political unit that exists to push propaganda in foreign elections, 'stifling opposition and stoking extremism'<p><a href="https://www.bloomberg.com/news/features/2017-12-21/inside-the-facebook-team-helping-regimes-that-reach-out-and-crack-down" rel="nofollow">https://www.bloomberg.com/news/features/2017-12-21/inside-th...</a>
I remember when the Obama campaign hired data scientists and used targeted social networking tools to pursuade voters who were on the fence and it was heralded as brilliant and the future of politics.<p>I worked for a company crawling Facebook data by creating viral apps the year the original API came out. By now I am sure this is done by many companies.<p>Why is any of this news? My understanding is that companies harvesting social networking data via viral apps and then reselling it to perform targeted voter advertising is literally a 10 year old concept. Were any laws broken here? Were there any techniques used here that were novel or done by one political party and not the other? Why are we talking about this one firm and not the many others that surely exist that are trying to do the same thing for <insert political candidate of choice>
I used to make fb apps, any app gets full access to fb's user graph as long as they request the relevant permissions.<p>Users don't comprehend what permissions they are giving to apps they run. A quiz site getting full access is not surprising.<p>Once an app has any amount of access the only thing stopping them from harvesting their own clone of your data is an agreement in the ToS that you won't store PII for more than x hours.<p>These rules are like the bare minimum to stop good actors. If you're a bad actor fb does not do a single thing to protect users from you. As evident in this report fb is also not above blaming the users for the hostile environment fb created and placed them in.<p>There must be countless copies of harvested fb data out there. My employer at the time once realized we were accidentally storing some PII permanently in a derived field. If good actors can't even keep above the law what do you think the ecosystem looks like in the shadows?<p>IMO we aren't having the right conversation with fb over how they mistreat our PII and we should loosen the definition of that term when companies like the one in the article can infer our political preferences from the innocuous bits of our lives we tag on facebook.<p>We should be asking why even an authorized API that can't stop you from copying the data doesn't count as a systemetized data breach.
I was curious how the figure leaped from the 270k cited in the Facebook press release to this 50M figure.<p>It sounds like they never had full access to the Facebook profiles beyond the 270k who installed the app, but just harvested the friend lists of those 270k. This doesn't give the app developer full access to the friends' profile data, but I guess once you have the network of friend connections you can use other public data sources to fill in or infer the gaps. And of course some of those 50M will have FB profiles that are fully public open books ready for anyone to harvest.<p>I will say as someone who has developed Facebook apps, the whole ecosystem is pretty much on the honor system for protecting user data. There are some seemingly random and capricious (and often erroneous) abuse detection algorithms, but once an app has access to user data who knows what they do with it and whether it was kept secure -- surely Facebook has no idea unless they perform invasive manual physical audits.
Minor point of confusion -- this article refers multiple times to a "data breach". (<i>"...one of the largest-ever breaches of Facebook data...", "At the time of the data breach...", "...first reported the breach..."</i>)<p>As far as I can tell, there is no data breach, right? It sounds like CA got facebook data through an app they wrote, thisisyourdigitallife, which did some shady things.<p>Also, <i>"The New York Times is reporting that copies of the data harvested for Cambridge Analytica could still be found online"</i>.<p>The link is: <a href="https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html" rel="nofollow">https://www.nytimes.com/2018/03/17/us/politics/cambridge-ana...</a><p>Anyone know what they're talking about? I haven't heard of any 50-million-profile data dump, and I really like collecting corpora...
One thing other commenters haven't mentioned is that Facebook asked the other parties to delete the data and promise never to use it again and the other parties even certified that they had done so, but the whistleblower is alleging they lied to Facebook.<p>Maybe that's legally actionable.
OK, this feels like it will bring about the end. Of something. Facebook? Massive use of data for political campaigns? Anything?<p>If we keep consuming news like this, and do nothing, it's going to scalate massively. Same way as when Snowden told people they were spyed on and they collectively shrugged and continued with their lives as if nothing had happened.<p>We, people in tech, have a massive moral burden to educate 'normals' on the meaning of news like this!
I think I finally understand what the point of Facebook apps is and why they've always felt in some way dodgy. It's been clear for years that Facebook apps can get your user data, and that of your friends, and that Facebook designed them that way and were aware of that. The Guardian article even mentions that one of the apps used by GSR to gather data for Cambridge Analytica triggered Facebook security protocols trying to pull too much data.<p>What I didn't understand is why Facebook would grant this - maybe at some point they needed viral apps on the platform and giving user data away encouraged people to make them - but why did it still work a few years ago? But this article made it click: all you can really do to monetise or use millions of profiles of Facebook users is target them with ads, and Facebook is the only place you can target those ads effectively given Facebook user data, and the more data you have the more effective those ads are, the more you pay Facebook.<p>Facebook don't sell user data, they've long said that - and it's true. They sell the ability to target advertising to their users, and you can do that a whole lot better if you have their user data. So they don't sell it, they give an API for their users to freely give it away, knowing that once you've done all your analysis on it you'll conclude that you should spend money paying Facebook to actually deliver your messages to those users.
> Facebook denies that the harvesting of tens of millions of profiles by GSR and Cambridge Analytica was a data breach. It said in a statement that Kogan “gained access to this information in a legitimate way and through the proper channels” but “did not subsequently abide by our rules” because he passed the information on to third parties.<p>This is exactly how Facebook was designed. You get a stupid quiz or photo frame in exchange for a copy of your friends list. It's always worked that way, and it's why Facebook OAuth was more popular than Google+ and other Oauth since 5+ years ago -- because app devs can make more money from Facebook OAuth since it comes with a copy of your friends list, so they prefer to integrate Facebook.
So... If I were in Cambridge Analytica's position, employed to influence the US election, one of the first things I'd do is match this data with any data I could find on voting patterns. Which reminds me, didn't some of the Russian APTs hack into state voter databases?
I think it is much more important to focus on an investigation to make clear to the public how this data was used. That i think will lead into a much more interesting story. No one seems to want to go there and i don't understand why. Maybe because a lot of its clients are political parties/political individuals around the world and they do not want to be ousted for using "public opinion manipulation technology" on a wide scale.
I wonder how many of the "see what you'll look like when you're 80" and "find out how you'll die" quiz apps are doing this behind the scenes.
This kind of work combining propaganda and disinformation with AI models and feedback into them to get a progressive change of belief is fascinating. I think of this as the first of many wars democracy will fight against AI and we are currently loosing.<p>This comment is from the “Duped” article that has a different headline and more detail.
For example, "Weev" got 3 years for downloading ATT user data. I wonder whether Bannon&Co would get anything ... So far it doesn't look like FB makes any push for CFAA case here. I wonder what would FB do if instead of Bannon it were a nobody like the above mentioned "weev".
50M doesn't strike much in FB scale, that's until...<p><pre><code> At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential US voters.</code></pre>
Nothing new about Campaign Data companies. In fact knew of a South San Francisco company called 'Campaign Data' in the '90s that ran a SAS on DECUnix. They collected voter registrar data from counties for targeted voting campaigns. Usually for passing more restrictive laws or raising taxes. Like raise property taxes for schools; send flyers to renters with kids and send nothing to homeowners with no kids. It was always in a way, unfair and evil.
Let's be realistic here. This headline is nothing but partisanship. The only reason this is exaggerated as a "data breech" is because of the connection to the Trump campaign.<p>The real scandal is that such data is so easily harvested and freely available.<p>I'd be interested in seeing how much of facebook's data repository was used in targeted political ads by all parties. Including Russian agitators who have been shown playing both sides.
I hadn’t thought of it like this before, but from a political POV everyone’s vote, whether they are a dole bludger or a quantum physiscist, are worth the same. So really, to win an election .. take that as you will. Identifying these people is a very profitable area.<p>Interesting side note .. in Australia we assign school funding based on the highest education received or wage class of the parent (classes A, B ... E or such).
1) Facebook collects and builds a profile about you
2) Facebook allows third parties to target advertisements based on the profile
3) Advertisements are tracked
4) Browsing habits and advertisement tracking reconstructs who was targeted
This is hardly news... Facebook ads cannot target specific <i>users</i>, they only target audience <i>segments</i>.<p>It's actually far easier to create ads targeted at segments with likely political beliefs, and Marketers have access to aggregate numbers of niche segments today.<p>There's no need to scrape people's profiles or get down to the individual level.
China has more. They have enough that this is a drop in the bucket. While they might be as blatant and ineffective as Russia by interfering with an election, they want a low profile and to maximize capture of revenue, so they are more about making money than trying to put feces on the face of the American political process.<p>You people should pick your battles. It would help if you knew the battlefield first.