Millions of Facebook users began to be alerted this week that their data was compromised in the Cambridge Analytica breach with a notification at the top of their News Feed about protecting their information.
Facebook has recently been under scrutiny from everything from user privacy to election meddling. This notification is part of Facebook’s response to bombshell reports that the U.K.-based political analysis company Cambridge Analytica improperly accessed data from tens of millions of Facebook users, via a psychology professor at the University of Cambridge named Aleksandr Kogan.
Kogan, who also co-founded a company called Global Science Research, built and used an app that not only collected data on those who downloaded the app, but also of their Facebook friends, according to what whistleblower Christopher Wylie told the Guardian. Cambridge Analytica’s services were then retained by various customers, including the 2016 presidential election campaigns for Sen. Ted Cruz and later Donald Trump.
After an initial period of silence from Facebook, the company is in mea-culpa mode. On Wednesday, Facebook founder, chairman and CEO Mark Zuckerberg held a press call to further explain everything from privacy to safeguarding elections. Facebook COO Sheryl Sandberg has also appeared in a series of interviews apologizing on behalf of the company.
Here’s what to know if you are one of the 87 million Facebook users whose data was compromised:
What notifications did affected Facebook users see on Tuesday?
The notifications told users if they or their friends had information shared with Cambridge Analytica through the app “This is Your Digital Life,” which Facebook said it deleted in 2015.
In interviews, Sandberg said Facebook users would see a notification on the top of their News Feed directing them to the “Apps and Websites” Facebook setting. If users’ information was compromised by Cambridge Analytica, their notification would have additional language about the breach; and when directed to “Apps and Websites,” Facebook would explain what data may have been exposed.
At the “Apps and Websites” page, Facebook users will be able to see “what apps they use — and the information they have shared with those apps,” according to a blogpost. “People will also be able to remove apps that they no longer want.” Users will be able to see what apps they’re currently giving access to certain data, what apps they haven’t used in the past 90 days, and what apps they’ve deleted from their page. The New York Times also reported at the end of March that Facebook will roll out a centralized privacy page.
Users can manage what apps have access to their data by either going to their settings (click the triangle Facebook’s blue menu bar at the top of the page) or by clicking the “?” help button (also located on the top of the page in the blue bar) and run a “Privacy Checkup.” There users will be able to access the “Apps and Websites” page (on the lefthand side of “Settings” or the second leg of “Privacy Checkup”), and see what apps they are currently giving permission to access certain data.
Tuesday’s notification seems to be in line with what Zuckerberg told reporters last week about making sure people are aware of the privacy settings that exist on Facebook.
“I think we could do a better job of putting these tools in front of people and not just offering them,” Zuckerberg said. “I would encourage people to use them and make sure that they’re comfortable with how their information is used on our services and others.”
Where did Facebook’s 87 million figure come from?
Initial reports from Wiley, the Cambridge Analytica whistleblower, estimated that at least 50 million people may have been impacted by the improper sharing of data. Last Wednesday, Facebook revealed 87 million people were expected to have been impacted.
With this number, by Zuckerberg’s own admission, there are still many unknowns — even for Facebook. “What we announced with the 87 million is the maximum number of people we could calculate could have been accessed,” he told reporters on Wednesday. “We don’t actually know how many people’s information Kogan actually got. We don’t know what he sold to Cambridge Analytica, and we don’t know today what they have in their system.”
Zuckerberg said Facebook doesn’t have logs that go back to when Kogan’s app collected the data, but that they have “constructed the maximum possible number of friends lists that everyone could have had over the time, and assumed that Kogan queried each person at the time when they had the maximum number of connections that would’ve been available to them,” to come up with the current figure.
What else is Facebook doing to protect users’ privacy?
In addition to letting Facebook users know whether they’ve been impacted by the Cambridge Analytica scandal and showing them their “Apps and Websites” controls, Chief Technology Officer Mike Schroepfer’s blog post laid out eight other ways that Facebook is restricting the amount of data that can be collected. This includes limiting what apps can collect from events, groups and pages; changes to the Facebook Login system where people can use Facebook to log into other apps; updates to the Instagram Platform API; changing search and recovery to prevent profile scraping; making sure Facebook doesn’t collect the content of Facebook Messages or call length; and the shutting down of Partner Categories.
At the macro level, on Friday, Zuckerberg announced via his Facebook page changes that will be made to combat election meddling, including labeling political ads, requiring advertisers and those who run large pages to be verified, and show who paid for ads.
First, from now on, every advertiser who wants to run political or issue ads will need to be verified. To get verified, advertisers will need to confirm their identity and location. Any advertiser who doesn’t pass will be prohibited from running political or issue ads. We will also label them and advertisers will have to show you who paid for them. We’re starting this in the US and expanding to the rest of the world in the coming months.
For even greater political ads transparency, we have also built a tool that lets anyone see all of the ads a page is running. We’re testing this in Canada now and we’ll launch it globally this summer. We’re also creating a searchable archive of past political ads.
Second, we will also require people who manage large pages to be verified as well. This will make it much harder for people to run pages using fake accounts, or to grow virally and spread misinformation or divisive content that way.
Zuckerberg, who is taking responsibility for the breach, is testifying before Congress about the recent scandals. The company is also investigating data collection by other third-party apps.