back to article How could the Facebook data slurping scandal get worse? Glad you asked

Yet another rogue Facebook app that gathered and sold "intimate" details on millions of users has come to light. A report from New Scientist finds that the myPersonality app had collected and shared the personal information for as many as three million users who had installed the app on their Facebook profile. The data has …

Silver badge

data use

... a thorough investigation into whether they did in fact misuse any data."

Does misuse even have any meaning in this context.? As far as I'm concerned the fact that they gather it is in the first place is the big issue here.

49
0
Def
Silver badge

Re: data use

There are plenty of legitimate use cases for gathering *some* personal data.

If you're playing a game, for example, that game might request and store your contacts so that the game can notify you automatically when one of your friends starts playing the same game, or has beaten your best score, or done something you haven't, etc.

As long as that data is held securely and never sold or otherwise disseminated to third parties *and* as long as permission is given in the first place, I would argue that that is a legitimate use of that data.

A lot of the problems stem from the fact there are too many apps out there that take advantage of user laziness and grab all they can. Educating users and prosecuting rogue developers should take priority in my mind.

6
4
Silver badge

Re: data use

Users don't want to learn, and rogue developers are as likely as not protected by hostile sovereignty. So what next?

4
1
Silver badge

Re: data use

" that game might request and store your contacts so that the game can notify you automatically when one of your friends starts playing the same game, or has beaten your best score, or done something you haven't, etc."

That's not a legitimate reason to request access to your contacts. The game should request the specific game user IDs of your friends instead of requesting a complete list of everybody in your address book.

"As long as that data is held securely and never sold or otherwise disseminated to third parties *and* as long as permission is given in the first place, I would argue that that is a legitimate use of that data."

First, nobody can legitimately assure you that the data will not be disseminated to third parties. Circumstances change over time. Second, it's not the person installing the game who needs to give permission -- it's the people whose contact information is stored in your device. It's their information, not yours.

11
1
Silver badge

Facebooks failure to comply with 2011 consent decree

Facebook can finger point all they want, but none of these data problems would exist had Facebook not violated the 2011 FCC decree.

7
0
Silver badge

The horse is out of the barn

Once ANYONE collects the data. I'm sure it wasn't just CA, and some companies that have a stash of this data have probably realized it is now a valuable commodity since Facebook is cracking down and are looking for ways to quietly resell it to whoever is interested.

The only thing Facebook slamming the barn door shut now does is prevent collection of data on people who join Facebook after this spring. Probably 95% of Facebook's current userbase is out there now thanks to the idiocy of letting apps collect data on people's friends.

6
1
Def
Silver badge

Re: data use

That's not a legitimate reason to request access to your contacts. The game should request the specific game user IDs of your friends instead of requesting a complete list of everybody in your address book.

That makes no sense. Where will it request these IDs from? How will it know who your friends are?

Here's how I envision it working (and how I will implement it if I ever have time to work on game projects again):

1) You download and start playing a game.

2) Your contact information (email or phone number) is hashed, sent to the game server, and stored along with your game user ID. (And possibly other information that you have consented to sending, like a nickname and/or your real name.)

3) The game then retrieves unique identification data for each person in your contacts list (email and phone number), hashes each in turn and sends them to the backend which attempts to find existing matches in the game's database. If a match is found, those accounts in the backend are linked for future notifications.

At no time are any of your friends' details stored remotely unless they play the game and give their consent. But the game still needs access to your contacts list to perform the above.

2
2
Silver badge

Re: The horse is out of the barn

Yes, this. I quit Facebook years ago, and that still remains one of the best online decisions I've ever made.

4
0
Silver badge

Re: data use

"Where will it request these IDs from? How will it know who your friends are?"

Because you personally tell it which game user IDs you want to be connected with. There should be no automatic scraping for this.

"At no time are any of your friends' details stored remotely unless they play the game and give their consent."

Your approach is less egregious (but still problematic in minor ways -- what if there's a player in the game who does not want to be linked up like that?)

The problem with your approach is that it requires trusting that the developer is honest and has correctly implemented the functionality. You may be trustworthy, but a ton of developers are not, and there's no way to know that you're the exception. Also, what if your game is a hit and you sell it to a game company that has other plans for that data? Your careful treatment of the data would be reversed on the next update. From the point of view of avoiding throwing your friends and family under the bus, no app should be allowed to have access to sensitive data like a contact list.

If the app want specific information for specific purposes, it should have the user specifically provide it rather than engaging in automatic scraping.

3
0

Re: data use

"2) Your contact information (email or phone number) is hashed, sent to the game server, and stored along with your game user ID."

So like Signal and their hash of your contacts, so it can let you know which of your friends are on it.

0
0
Silver badge

good looks

"The revelation comes as Facebook is trying to rehab its image in the wake of the Cambridge Analytica scandal. Having another Cambridge-based outfit caught harvesting details from millions of users is hardly a good look for Zuck and Co."

Also not a particularly good look for the university, is it? I'm surprised how little that angle's really been pushed in the press so far, but maybe that'll change now...

37
0
Silver badge

Re: good looks

Right. What is it about Cambridge? Is its psychology department that much more unscrupulous than those of thousands of other universities worldwide? That seems hard to swallow.

Or is it because it's still, after all these years, the recruiting ground of choice for Russian spies?

37
0
Anonymous Coward

Re: good looks

>Also not a particularly good look for the university, is it? I'm surprised how little that angle's really been pushed in the press so far, but maybe that'll change now...

Really? The journalists here might be strictly red brick but I guess the majority of the reporters at BBC, Independent, Guardian, Telegraph etc are from "one of the two universities."

21
0

Re: good looks

Cambridge Analytica doesn’t actually have anything to do with Cambridge, city or university. It’s just a word in the name.

2
0
Silver badge

Re: good looks

But the researcher who gathered the data and sold it to CA was connected to the university.

3
0

“Archibong” will keep me smiling all day.

14
0
Silver badge

“Archibong”

Is he related to Steve? We need to know.

8
0
Silver badge

On curves, and being behind them.

Those of us who worry about such things have watched malware sophistication keeping ahead of anti-malware measures for a long time now. The development curves pace each other, with the malware programmers just a bit ahead of the anti-malware programmers. (By evolutionary principles, of course: anti-malware, like the immune system, can so far not respond to a threat until it appears.)

Facebook, aka Zucklandia, is rather like a medieval duchy of inbred and diseased courtiers whose sole talent is exploiting the peasants. When a horde of rather savvy and innovative Mongols invades, they have neither the skills nor the weaponry to eradicate the invaders.

They've never done fark-awl about securing Zucklandia against exploitation, and now the shoes are well and firmly on the wrong feet. And, to switch back to the original metaphor, the curve is so far ahead of them they can't even see the rise. Couldn't happen to a more deserving enterprise, IMHO.

36
0
Silver badge

Re: On curves, and being behind them.

"By evolutionary principles, of course: anti-malware, like the immune system, can so far not respond to a threat until it appears."

OTOH if system designers built in security by design the bad guys would be lagging a long way behind the good guys.

Of course when it comes to something like FB the concept of "good guys" doesn't apply. We have to think in terms of bad and worse.

15
0
Silver badge
Coat

Re: On curves, and being behind them.

Just the Robber Barons of to day.

"Robber baron" is a derogatory metaphor of social criticism originally applied to certain late 19th-century American businessmen who used unscrupulous methods to get rich."

7
0

Re: On curves, and being behind them.

> They've never done fark-awl about securing Zucklandia against exploitation, and now the shoes are well and firmly on the wrong feet. And, to switch back to the original metaphor, the curve is so far ahead of them they can't even see the rise. Couldn't happen to a more deserving enterprise, IMHO.

All of which kind of assumes that Facebook cares in the slightest about 3rd parties exploiting their data. History shows they only ever care rather belatedly, when someone gets caught doing it and there's an uproar. Otherwise, the system appears to be working exactly as intended.

3
0
Silver badge

If anyone ever thinks for a moment that Facebook won't stop collecting as much as it can and/or will stop selling that info, I have bridge for sale.

39
0
Silver badge

If anyone ever thinks for a moment that Facebook won't stop collecting as much as it can and/or will stop selling that info, I have bridge for sale.

Well duh... a Zucck's gotta eat too you know. Or did you confuse Facebook with some Geocities Webpage from the 90s? and, just though well that's ok then?

2
5
Silver badge

"If anyone ever thinks for a moment that Facebook won't stop collecting"

I think they won't stop, at least not voluntarily, which is why I'm not buying your bridge.

10
0
Silver badge

> If anyone ever thinks for a moment that Facebook won't stop collecting as much as it can and/or will stop selling that info, I have bridge for sale.

Which bridge, and how much?

I'm sure there are some parliamentarians who are interested.

7
0
Bronze badge
Devil

some Geocities Webpage from the 90s

I MISS my crappy Geocities webpage from the 90s that I coded entirely in Notepad. I do not, however, even remotely miss FB. Does that make me a Luddite?

9
0
Silver badge

"some Geocities Webpage from the 90s?"

The same Geocities that claimed irrevocable rights to all content posted to their web server?

plus ça change

6
0
Bronze badge

So if my personality refuses to co-operate with the misuse then the VP of Partnerships Mr Archibonk will get all disciplinarian and give it a good spanking? Maybe I misread something... sounds very personal, vicar.

8
1
Anonymous Coward

Facebook Crimes

Rogue Apps... Whose the bigger rogue here? Zuk was forced to admit that the entire population of Facebook or 2 Billion+ users, should consider their data at risk. Senior executives failed to block email / phone number lookups by rogue actors rotating pools of IP's addresses, despite knowing the risks!

9
0
Silver badge

Underestimation of the year

"myPersonality app had been collecting and sharing the personal information for as many as three million users who had installed the app" and another 346 million unsuspecting "friends", "friends of friends", and so on...

22
0
Silver badge

Archibong...

No relation to Steve "Archi" Bong?

6
0
Anonymous Coward

Don’t worry!

The idiot masses gave it all away years ago for likes, ego-stroking and virtue signalling. They’re a generation of mental prostitutes; my dog has more intelligence and better morals than most social media users. Doesn’t really matter what Facebook does now or how they attempt to explain themselves. Who cares, who understands, and who’s even listening?

17
8
Silver badge
Facepalm

Re: Don’t worry!

@ac

"ego-stroking and virtue signalling."

of course, you'd never do any kind of virtue signalling yourself would you? oh wait.....

11
3
Anonymous Coward

Re: Don’t worry!

"you'd never do any kind of virtue signalling yourself would you". No. Hence posting anonymously. But I can imagine what your instagram feed will be like: "here's me in Lycra on my £3k bike! And here's me again with my beard and totally gifted kids! And here's me again on my best holiday ever! I am so blessed..." and so on and so on...

6
6
Silver badge
Happy

Re: Don’t worry!

my dog has more intelligence and better morals than most social media users.

Harsh words indeed - especially as I know your dog, and he's as thick as pig-shit!

9
0
Anonymous Coward

Re: Don’t worry!

"and he's as thick as pig-shit!" - well is he? He gets to stay at home all day and lick his balls*, which sounds pretty smart to me.

(* well, the general region where they used to be, before he was tutored...)

1
0
Silver badge

Isn't this a bit like rope, meet neck?

I mean I thought the whole point of Facebook (Commercially speaking of corse), was to harvest, and then sell on the harvested Data, of its users. In a not so distant fasion that Google probably does, and nobody has botherd to really go and, have a deep look at it. Since that was prety much Googles EXPLICIT mission statement since day one.

7
2

Quality of the data

It's a bit of a self-selecting sample. You're talking about people who will a) click on the quiz/app/thing called "My Personality" in the first place b) Click "Yes" to "Allow this app to rifle through my data"

So we're talking about thick narcissists. Although, come to think of it, that's the sort of demographic that advertisers would die for.

15
0
Silver badge

Re: Quality of the data

So we're talking about thick narcissists. Although, come to think of it, that's the sort of demographic that advertisers would die for.

You can use that expression interchangeably with "Facebook User". All of them.

9
7

Re: Quality of the data

I smell a generalization. Although signing on to Facebook is and of itself a big blunder, it is not narcissism to have been forced into it.

9
1
Silver badge

Re: Quality of the data

Also worth noting that it probably also hoovers up all the data it can of all their "friends" too.

It's not narcissism, in most cases it's boredom, killing time. It doesn't make them all bad people.Your friends or relatives probably did it.

8
0
Silver badge

Re: Quality of the data

Im still confused about what a "facebook app" is.

Do they see an ad on the stream or whatever its called that says "hey! click here to what sort of random bullshit we will assign to the size of your knob" and then they do that - and find they have to install and download and approve an actual application - and they still want to do it ?

is this just on mobiles?

is it actual mobile app or some kind of plug in for facebook app?

If you're prepared to "Install an app" to get a random fortune cookie type phrase re your personality , then the data gathered by the app authors is going to be a cross section of gullible morons.... ah i see the value now .

6
1
Silver badge

Re: Quality of the data

It's more like a plugin. Well, more basic than that - an iframe is opened to the developers website, and at the same time, the request contains an authorisation token the developers site can then use to interogate facebook server and get all the data it's authorised to receive.

So basically, just a third party website loading within the facebook page, having been given the keys to the door, so to speak.

Just like with mobile app installs, before the site opens, you generally get a facebook click-through saying "this app requests your name, your age, your place of birth, your credit card details, your bank passwords, and your PIN. Click OK to continue"

7
1
Anonymous Coward

Re: people who will a) click on the quiz/app/thing called "My Personality"

I thought fb is all about "moi", hence 100% would click on "my personality"? And yet, it's only 100 mln? What's wrong with you, people?!

3
4
Anonymous Coward

Re: to have been forced into it

Oh, I'm sure huge majority has been forced into it, can't be any other way! :D

4
0
Anonymous Coward

Re: Your friends or relatives probably did it

well, they're bad, bad people, and I told them this. They might have blocked me on facebook since then, but...

3
1
Silver badge
Pint

Re: Quality of the data

Thanks JJ

2
1
Anonymous Coward

Re: Quality of the data

If you're running a "mom'n'pop" business with a potential worldwide audience of 2 billions people, it's not narcism, it's simple economics.

I'm just a budding partime pro-photographer, I shoot images mostly for fun but I'm currently working on a project with someone I met through Facebook that could net us some serious revenue. I've had companies approach me to license my images and we're not talking a tenner to use an image on a website, we're talking about the sort of 1 or 2 year image license payments that allow me to buy professional level lenses with the "pocket money" I make from a license. I've had requests for people seeking training in shooting images, average daily rate you can charge is upwards of £150, the real pros happily charge £300/day. That's why I use Facebook.

I always say, Facebook is a like a chainsaw. Show it respect from a distance, use it at arms length and be careful or it happily chew your arm off and leave you for dead if you let it!

6
5
Silver badge

Re: Quality of the data

No worries! Though I forgot the bit about the "ad in the stream". That's one way to go, and that's how they start off.

Unfortunately most of these "apps" end with something like "You scored 10 out of 10. Click here to let your friends know what a brainbox you are."

By doing so, the app posts into the users stream, and their friends see it in their stream just as they would a manual posting by said user.

However, instead of the usual "I had 3 eggs for breakfast today" - JJ

It would say something like: "JJ has just scored 10 out of 10 on our whizzo app <insert cutesie image here> Can you beat them?? Click here to find out!"

So, one person runs the app, and then all their friends get to know about it. Then any of them that try the app will generally propogate that information to all their friends etc. so it's easy to see how these apps spread, with minimal ads needed to give them an initial kick start - ads are cheap too - it was many years ago when I last looked at it, but you could get an ad for a penny a click - if they didn't click, you didn't pay.

(*) Of course, when I say "app" I mean "someone elses web page loaded in an iframe" but "app" is shorter to type :-)

3
0
Silver badge

Re: Quality of the data

"I smell a generalization. Although signing on to Facebook is and of itself a big blunder, it is not narcissism to have been forced into it."

uk.gov plans to use Facebook as an authentication mechanism for citizens to sign into government websites doesn't appear to me in news much these days. I wonder how that project is getting on? Maybe El Reg could ask the relevant parties about its progress.

6
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018