News broke yesterday evening that Facebook now believes that the data of up to 87 million people was improperly shared with Cambridge Analytica – many more than previously disclosed – with around 1.1 million UK-based.
Despite this story being covered by every major media outlet, we are just scratching the surface. Thoughts such as “isn’t this total disrespect for our privacy?!” are now painfully visible and critically accurate. IT security experts commented below.
Evgeny Chereshnev, CEO at Biolink.Tech:
“It doesn’t matter what this data leakage would have proven or not proven. The point is that there was always the opportunity, and possibility, that certain data would be extracted from Facebook by hackers or third party providers that we, the users, were not aware of. It has been said that it’s data taken from Facebook without the users’ consent. This is both true and not true. If you read the licence agreement, when you sign up to Facebook, you would understand that you have absolutely no rights when it comes to your data; your information, what you post and how information is gathered about you. Facebook can analyse and use this data any way it wants.
I am actually very happy this has happened, as it shows just how severe and significant the problem is. Firstly, if there is a database, it only has two states – already hacked or will be hacked – that is simply the fate of all centralised user databases. We have to embrace blockchain and diversified, distributed way of dealing with data.
Secondly, we need to totally rethink the way we approach data – our digital trail and DDNA (digital DNA). Privacy of personal data MUST become a constitutional right that everyone has from birth. Data is there forever, and it should be illegal to take it from users. It goes back to the age old question – what is self? Who owns it and what needs to be co-owned by third parties for self to coexist in the society that we live in? For example, a healthcare system needs access to my vital health records in order to administer the right treatment, but they don’t need to own that data. We should own our own self.
In that sense, the EU is the closest to doing the right thing, but there is always room for improvement, even when GDPR comes into effect.”
Craig Young, Computer Security Researcher at Tripwire:
“This is one of those situations that should be an eye opener to people on the importance of reading before clicking OK. Unfortunately, data privacy is a lot like oral hygiene, everyone knows they should pay attention to it but in practice people tend to neglect it.
Many Facebook users are naturally upset about this situation, but in the end the moral of the story here is that people need to be more considerate about what data they are sharing and with whom.”
Travis Smith, Principle Security Researcher at Tripwire:
“There are a few areas of Facebook that people should be concerned with when trying to protect their privacy. I would follow these steps in order, based off of the level of privacy you wish to have.
- Limit what you share on Facebook. There is no need to create a check in location at your house, where people can see your exact location, what valuables you have inside the house, and when you’re on vacation in Disneyland for a week.
- Make your profile private. I would recommend making anything you post on the social network be limited to the individuals you have accepted as friends.
- Limit what applications you give access to. When signing up for a new service, there’s a handy little “Join with Facebook” option many times. This can allow the creator of that website unfettered access to your profile. Similarly, clicking the various personality tests or similar apps gives the author a level of access that you may not even want your own family to have. The author of these games rarely, if ever, needs access to your profile. Be very wary about who you give access to, because once they have access once, the data can be taken and you cannot get it back.
- Monitor what applications have access to your profile currently. Even though the applications already could have harvested everything from your profile, it’s wise to go through and make sure to keep the list clean.
- Don’t stop at Facebook. Every other service on the Internet has similar collection mechanisms about your private data. What you search for on Google, what YouTube videos you watch, what you search for and buy from Amazon; all of this is stored and can be used to profile you. Don’t assume that anything you do on the Internet is private, because it isn’t.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.