How many clicks does it take to keep your Facebook data private?
That was the question I set out to answer when I created a Facebook account on Wednesday. Specifically, I wanted to discover what it takes to prevent my Facebook friends from sharing data from my account (created under the alias Lauren Mapala, because I’d make a terrible spy).
In case you’ve somehow missed it, Facebook is under intense scrutiny this week after The New York Times, The Guardian and the Observer revealed that Cambridge Analytica — a data consultancy that helps businesses and political parties “change audience behavior” — had gotten its hands on personality data from tens of millions of Facebook users. That data came from an app created by University of Cambridge neuroscientist Aleksander Kogan. Facebook CEO Mark Zuckerberg on Wednesday said Kogan’s app was installed by 300,000 people, giving Kogan access to their friends’ data, too. According to The New York Times, the total number of Facebook users affected could be more than 50 million.
It was all possible because Facebook allowed software developers to create apps that could collect information on a user’s entire network of friends. The backlash prompted Facebook CEO Mark Zuckerberg to promise to do better. In a Facebook post Wednesday he said, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
“It’s important to note that Kogan’s app would not have access to detailed friends’ data today,” Facebook Vice President of Global Operations Justin Osofsky said in a statement over the weekend. The company rejects a “significant number” of apps for accessing too much user data in its review process, he said.
But third-party apps can still collect limited information on users’ friends.
You can prevent your friends from sharing your data with third-party apps, but you’ll have to do a fair bit of clicking first.
That’s because privacy settings on new Facebook accounts default to letting your friends share some of your information with third-party apps — and it’s likely you and your friends have no idea that’s happening. It’s a glaring example of something privacy experts have been saying for years: Companies make it too damn hard for regular users to control their privacy.
“You should not have to be a settings wizards to enjoy a popular platform in a safe and secure manner,” said Gennie Gebhart, a researcher at the privacy-oriented Electronic Frontier Foundation.
A lot of clicks
So how many clicks does it take to protect Lauren Mapala’s — and your — privacy from third-party apps? About two dozen, assuming my fictional Facebook self is a competent novice. I took the path that seemed most intuitive. I clicked on Facebook’s “Privacy Tour,” which took me through four slides, the last of which was about apps and personal data.
This in turn led me to an FAQ about privacy on Facebook. One question asked, “How do I edit the privacy and settings for my apps and games?” The answer told me to go to my settings and then select “Apps” in the left menu.
I suppose I could have gone to settings first, but how would new Facebook users know to head specifically to the Apps section? And my clicking wasn’t done yet.
Once I got to the Apps settings, I needed to make some decisions: By default, Lauren was letting her friends share a lot of her Facebook data with third-party apps. To change that, I clicked to edit “Apps others use.”
Here I saw that Lauren’s Facebook friends were able to “bring with them” her information to other apps, which means those apps would have access to these categories of data:
- family and relationships
- my website
- if I’m online
- posts on my timeline
- my hometown
- current city
- education and work
- activities, interests, things I like
- my app activity
The only categories not selected by default are “religion” and “interested in.” Third-party apps do have access to everything else, including Lauren’s Liked pages, which for some reason currently includes only feminist Ryan Gosling.
You might think unchecking all the boxes on this screen would prevent your friends from sharing your information. But you’d be wrong.
Below all those check boxes is a message from Facebook: “If you don’t want apps and websites to access other categories of information (like your friend list, gender or info you’ve made public), you can turn off all Platform apps. But remember, you will not be able to use any games or apps yourself.”
So the only way to keep third-party apps from getting any information about you through your friends is to opt out of using apps yourself. That’s a problem for privacy minded users, as mobile apps and websites increasingly allow users to authenticate themselves via their Facebook accounts.
Here’s what you can learn from Lauren’s 27-click journey through Facebook’s account settings. To keep friends from sharing your information with third-party apps, go to Settings, select “Apps” from the left menu, and click on “Edit” under “Apps others use.” Then uncheck all the boxes and hit save.
Next, ask yourself whether you can afford to avoid interacting with all apps on Facebook. If the answer is yes, then stay in the “Apps” section of settings and find “Apps, Websites and Plugins.” Click “Edit,” and then click “Disable Platform.”
Whose (de)fault is it?
Gebhart said it shouldn’t be Facebook users’ job to navigate “this maze of obscure privacy settings.” And please don’t blame the users whose Facebook information wound up in the Cambridge Analytica harvest, she said.
“Their data was very much taken from them,” Gebhart said.
In his post Wednesday, Zuckerberg said Facebook would be introducing a new tool to help users find what information apps can currently access about them. But Gebhart said the data should be protected by default, instead of leaving users to change settings to keep their information private.
It just shouldn’t be up to individual users, she said. “That’s Facebook’s job.”
Technically Incorrect: Bringing you a fresh and irreverent take on tech.
Special Reports: CNET’s in-depth features in one place.