Facebook launched a tool yesterday that you can use to find out whether you or your friends shared information with Cambridge Analytica, the Trump-affiliated company that harvested data from a Facebook app to support the then-candidate’s efforts in the 2016 presidential election.+
If you were affected directly — and you have plenty of company, if so — you should have already received a little notification from Facebook. If you missed that in your News Feed (or you’ve already sworn off Facebook, but want to check and see if your information was compromised), Facebook also has a handy little Cambridge Analytica tool you can use.
The problem? While the tool can tell you if you or your friends shared your information via the spammy “This is Your Digital Life” app, it won’t tell you who among your friends was foolish enough to give up your information to a third party. You have lost your ability to publicly shame them, yell at them, or go over to where they live (or fire up a remote desktop session) to teach them how to … not do that ever again.
So, what can you do now?
Even though your past Facebook data might already be out there in the digital ether somewhere, you can now start locking down your information a bit more. Once you’re done checking the Cambridge Analytica tool, go here (Facebook’s Settings page). Click on Apps and Websites. Up until recently, Facebook had a setting (under “Apps Others Use”) that you could use to restrict the information that your friends could share about you to apps they were using. Now, you’ll see this message instead:
“These outdated settings have been removed because they applied to an older version of our platform that no longer exists.
To see or change the info you currently share with apps and websites, review the ones listed above, under ‘Logged in with Facebook.'”
Sounds ominous, right? Well, according to Facebook, these settings haven’t really done much of anything for years, anyway. As a Facebook spokesperson recently told Wired:
“These controls were built before we made significant changes to how developers build apps on Facebook. At the time, the Apps Others Use functionality allowed people to control what information could be shared to developers. We changed our systems years ago so that people could not share friends’ information with developers unless each friend also had explicitly granted permission to the developer.”
Instead, take a little time to review (again) the apps you’ve allowed to access your Facebook information. If you’re not using the app anymore, or if it sounds a little fishy, remove it — heck, remove as many apps as you can in one go.
For the nuclear option, click on “Edit” underneath the “Apps, Websites, and Games” box and turn off the ability to log into any third-party app or services with Facebook. This won’t allow you to delete data you’ve already shared, but it will lock down your Facebook from future requests.
Facebook itself is also in the process of making changes to restrict the amount of data that authorised apps can access. As described by Ime Archibong, vice president of product partnerships, in a post last week:
As part of our efforts to put additional protections in place, we are changing Facebook Login. Last week, we announced that access to a person’s list of friends who use the app now requires review. Today, we are going even further and protecting sensitive permissions like photos and likes. This data is powerful, so access to checkins, likes, photos, posts, videos, Events, and Groups, will require prior approval by Facebook.
In addition, the following deprecations are effective immediately and will return empty data as if a person didn’t fill in this information on their Profile:
Permissions: religion and political views, relationship status, relationship details, custom friend lists, about me, education history, work history, my website URL, book reading activity, fitness activity, music listening activity, video watch activity, news reading activity, games activity.
APIs: taggable friends and mutual friends APIs.
In the next week, if someone hasn’t used an app in 90 days, the app will be blocked from accessing that person’s data until they re-authorise the app. People will also be able to see their active apps in settings, and remove any apps they no longer want to use.
Sit back, cross your fingers, and hope that Facebook gets its next round of privacy updates right — or start updating your profile with dummy information (or just sanitize your profile) in case you want your real-world demographics to remain private.