Facebook Can’t Get The Data Toothpaste Back In The Tube
Given this week’s uproar about Facebook’s data leakage (the Cambridge Analytica story), many are asking how a third party accessing FB’s API could gather so much data on so many users. The answer, according to Digiday, is amazingly simple.
It all ties back to FB’s April, 2010 launch of a new tool called Graph API, which allowed publishers to select data they wanted to glean from FB when a user signed in to their app for the first time using a Facebook ID. Signing in with your FB credentials is something we’ve all done several times. It turns out this was all the permission needed for third parties to harvest your data based on the pre-selected fields they were interested in. The image below is an actual screen shot of the kind of data choices third parties could select from. Scary, I know.
As Digiday explains, this is akin to someone showing their driver’s license to get into a bar and that bar receiving a list of names and genders for every one of that person’s friends. The bar could ask for more information, like when each friend was born, where they work, their political views and their hometown. A person could decline to share that information, but then they wouldn’t be allowed in the bar.
The worst part about this situation is that there’s no way for FB to undo this problem. So the toothpaste is officially out of the tube, and Mark Zuckerberg just keeps slipping in it.