Are other social networks doing what Facebook did?

How did Facebook harvest users’ data, and do Twitter, WhatsApp and Instagram do the same?

  Facebook chief executive  Mark Zuckerberg: he says the company will  retrospectively examine Facebook Connects’ liberal data sharing policy. Photograph: Josh Edelson/AFP/Getty Images

Facebook chief executive Mark Zuckerberg: he says the company will retrospectively examine Facebook Connects’ liberal data sharing policy. Photograph: Josh Edelson/AFP/Getty Images

 

Facebook chief executive Mark Zuckerberg gave interviews to a number of media outlets last Wednesday. They followed the news that data-mining and political consultancy firm Cambridge Analytica had used personal information from Facebook, without users’ permission.

Cambridge Analytica worked on Donald Trump’s presidential election campaign and on the Brexit campaign in the UK. After the Observer, the New York Times and Channel 4 News reported the data breach, Facebook banned Cambridge Analytica from advertising on its network.

Zuckerberg’s conversation with Kara Swisher for tech publication Recode was among the more revealing interviews, in that it helped explain not only how Cambridge Analytica exploited Facebook data, but how Facebook itself was designed.

The launch of the “Facebook Platform” was a critical step in Facebook’s growth path in 2007, also the year Facebook launched in Ireland and the UK. To grow faster, Facebook sought out developers who – in return for getting access to users’ data – could build applications that would further benefit Facebook’s pervasiveness, at no cost to the network.

The platform allowed developers to build applications within Facebook – people will be familiar with the idea of “signing in” to apps via Facebook, rather than using the traditional username/password method. This was promoted by Facebook as Facebook Connect and is now called Facebook Login for Apps.

When authorised, those apps usually sought extra data from Facebook profiles (dates of birth, “ liked” pages and, crucially, friends lists). And unless users turned off access, these apps had continuous access those details as users’ Facebook profile evolved.

Cambridge Analytica and third-party researcher Alexander Kogan exploited this functionality, as did tens of thousands of other developers. A year after Facebook Platform’s launch, Facebook had 33,000 applications and 400,000 developers registered.

Just how many apps, developers and Facebook user data was transferred or stored elsewhere?

But Kogan did something additional, building a personality quiz app that Facebook users authorised to access their data. His objective: to identify personality traits, and match these with Facebook data.

Some 270,000 people filled in the quiz – enough for Kogan’s research. It is claimed that Kogan handed Cambridge Analytica not only data on these 270,000 users, but also all their friends – about 50 million users (the average Facebook user has about 180 friends).

This was done in 2014, before Facebook implemented changes that restricted this type of behaviour to some degree.

The question now is: between the dates of 2007 and 2014 when Facebook Connect had a more liberal data sharing policy: just how many apps, developers and Facebook user data was transferred or stored elsewhere? Zuckerberg has said Facebook will now pursue this issue retrospectively.

But Facebook was not the only company that pursued a platform strategy in the late 2000s. Do other social networks leave users similarly vulnerable?

Twitter

Twitter is at lower risk than Facebook to the kinds of data “breaches” we saw with Cambridge Analytica. Because Twitter collects less information and because it is a more open platform by default, it is less vulnerable to the same tactics.

Perhaps the biggest difference between Twitter and Facebook is the breadth of data each holds. While Facebook focuses on harvesting as much data from users as it can – from where you went to school to whether you are in a relationship – Twitter keeps it simpler: your name, description and a link.

Twitter allows similar app functionality – when you “sign in” via Twitter, the third-party app seeks permission to read tweets in your timeline, post tweets on your behalf, or send you private messages.

However because Twitter is open, it’s possible – though difficult – to “mine” the social connections of users. Twitter has set relatively high limits on how developers can graph relationships (who follows you, who you follow), based on how many times a developer could “call” their platform per hour.

But if you can convince people to authorise your app, you can use that person’s spare “calls” to augment your own. This allows you to effectively understand the inter-relationships of Twitter’s user base – which can be valuable for understanding or targeting users based on communities they have formed via mutual connections. (It also happens to be useful for detecting “bots” – automated user networks – since these networksoften follow each other).

Twitter’s biggest risk is not data breaches. It is fake users or “bot armies” that influence conversations by forcing hashtags to trend, shaping the narrative of news online, as in the 2016 US election campaign.

Instagram

Where it perhaps gets more interesting is in Facebook’s other holdings. The company owns Instagram, the messaging service WhatsApp and of course Facebook Messenger.

Instagram is similar to Twitter in structure and style. Instead of tweets, there are pictures. But they share a similar format and have the same followers/following network structure. Facebook can infer lots of information about a user once it knows an Instagram account is tied to a Facebook account (generally because the same email address is being used for both logins).

One data point that Instagram users share far more than Facebook users is location. So if your Facebook and Instagram accounts are linked, Facebook can deduce quite a lot of information about your life.

WhatsApp

WhatsApp encrypts the content of messages between users (so not even Facebook can read them), but a great deal of other data is available. The system can determine when users are active or inactive; gather phone contacts; and this data can be tied to cookies on users’ browsers.

Facebook Messenger

Messenger is not encrypted, so users’ communication with friends can be stored on a server controlled by Facebook. Facebook has admitted in the past that it scans these chats to further understand users and their preferences.

Indeed, in a 2014 conference call Zuckerberg himself said Facebook would focus on private communications for opportunities.

Facebook spent years allowing apps to be built on its platform, in exchange for access by developers to its users’ data. Though the company later changed its mind on this, it also acquired companies such as WhatsApp and Instagram that have allowed Facebook to augment its understanding of billions of people – and to monetise that understanding through advertising. Zuckerberg may say that Facebook helps connects people, but at what price for society, for democracy and for you, the user? Gavin Sheridan is a journalist and digital rights advocate

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.