How to Turn Off Third-Party Data Access to Your Facebook Account

Is Facebook evil by design? (source)

by Gaius Publius

Note: To jump straight to the steps, click here.

Facebook has come under scrutiny lately for its role in passively giving data on 50 million of its users to Cambridge Analytica, a company that uses Facebook-type data to target and change electoral outcomes worldwide. (There's more on the Cambridge Analytica story here and here. Note that Carole Cadwalladr is a co-author of both stories. Her reporting is one of the centers for information about this revelation.)

Cambridge Analytica got that Facebook data, not because Facebook gave it to them, but because Facebook's policy on info-sharing allowed them to harvest it. Here's how that was done (h/t Naked Capitalism; emphasis mine):

On March 17, The Observer of London and The New York Times announced that Cambridge Analytica, the London-based political and corporate consulting group, had harvested private data from the Facebook profiles of more than 50 million users without their consent. The data was collected through a Facebook-based quiz app called thisisyourdigitallife, created by Aleksandr Kogan, a University of Cambridge psychologist who had requested and gained access to information from 270,000 Facebook members after they had agreed to use the app to undergo a personality test, for which they were paid through Kogan’s company, Global Science Research.

But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview, the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted.

In addition, the app provided access to information on the profiles of the friends of each of those users who agreed to take the test, which enabled the collection of data from more than 50 million.

All this data was then shared by Kogan with Cambridge Analytica, which was working with Donald Trump’s election team and which allegedly used this data to target US voters with personalised political messages during the presidential campaign. As Wylie, told The Observer, “we built models to exploit what we knew about them and target their inner demons.”

Forget the Trump factor and consider simply the Cambridge Analytica app and how it operated.

People who agreed and were paid to use it gave up more information to the app than was disclosed to them. Part of what they unknowingly surrendered was information from the profiles of all of their Facebook friends. That's how harvesting the data from 270,000 people became a hack, via the app, of data on 50 million, who gave no approval for this transfer.

Note also that the means by which the original data was acquired was a ruse. The company's interest in its "personality test" — thisisyourdigitallife — was false. All they wanted was the data it extracted.

"Exactly How Facebook's Infrastructure Was Designed to Work"

This is not an aberration; this is how Facebook is designed to work and the source of the great wealth of its founders and investors. These Facebook apps (the games you play, the "tests" you take, and so on) are designed specifically as data transfers, to Facebook itself and to its customers.

When you play a game on Facebook or take part in a "quiz" to see which Roman emperor you most resemble (or whatever), you may think you're taking part in the "fun" of being on Facebook. In reality, you're being used by the app makers, and Facebook is making money selling you and your data to them.

The Electronic Freedom Foundation (EFF) puts it this way (again, my emphasis):

Over the weekend, it became clear that Cambridge Analytica, a data analytics company, got access to more than 50 million Facebook users' data in 2014. The data was overwhelmingly collected, shared, and stored without user consent. The scale of this violation of user privacy reflects how Facebook's terms of service and API [Application Programming Interface] were structured at the time. Make no mistake: this was not a data breach. This was exactly how Facebook's infrastructure was designed to work.

The only way to fix this situation for yourself is to turn off the ability of Facebook's "platform API" to send out your data. That means to anyone. You also have to disable your ability to log into third-party sites using your Facebook account. That so-called "convenience" opens big holes.

Getting Between Zuckerberg and His Money

Below are the latest instructions for doing just that. But before we go there, pause to consider what Facebook is — a company that collects masses of data from billions of users, uses algorithms to analyze that data to get more information about its users, then (a) sells that data to third parties for any use they wish, generally manipulative ones; (b) sells access to its users and their data to third parties via games, apps and other means; and (c) uses that data for its own manipulative purposes if it so wishes.

This is where the money is, this is what Facebook was designed to do, and stopping or regulating it means using the government to get between Facebook's investors and a honking huge pile of money. In these neoliberal times, that's going to be a monster ask.

How To Turn Off Third-Party App Access to Your Data

Now the fix for your own account. You could, of course, just delete your Facebook account, but until Facebook is regulated, they're going to keep the data you've already given them anyway. #DeleteFacebook is a good personal solution to the problem going forward, but it's understandably not for everyone.

For those who choose not to do delete their Facebook account, here's how, as of this writing, to eliminate access to your Facebook data by third-party apps. This comes from the EFF article linked above, but has been modified to reflect changes Facebook has already made since the controversy (what a mild term) erupted.

As the EFF piece warns, "Keep in mind that this disables ALL platform apps (like Farmville, Twitter, or Instagram) and you will not be able to log into sites using your Facebook login."

Step 1. Click the pull-down arrow in the upper right corner of your Facebook page and select Settings. Then click Apps in the column on the left. (Or click here for a shortcut that takes you to the same place.)

Step 2. Remove your Facebook login from all apps currently using it by looking in the large blue box labeled "Logged in with Facebook," clicking on the check box below each app name, then clicking Remove.

Explanation: The first large box below "App Settings" is labeled "Logged in with Facebook". Listed are games, organizations and apps where your Facebook login is already your app login.

My suggestion, don't ever use your Facebook login as a third-party login. Instead create a login that's specific to that organization or app and tie nothing to your Facebook account.

When a game or other web-based app asks you to create an account or "sign in with Facebook or Twitter," you're handing over access to your account data if you choose the easier Facebook (or Twitter) option — just as those who took money from Cambridge Analytica did. Yes, you can limit this access to just certain types of data, but (a) most people don't do that, and (b) who knows if app or the organization behind it is doing just what Cambridge Analytica did?

Step 3. Now remove this permission generally. Under "Apps, Websites and Games" see if the setting is "turned on" or "turned off." If it's turned off, you're done.

If it's turned on, click the Edit button, then click Turn Off. You're done.

Explanation: As Facebook reminds you, if you turn off this setting:

• You won't be able to log into apps or websites using Facebook
• Apps and websites you've logged into with Facebook may delete your accounts and activity
• You won't be able to play some games on Facebook [Gameroom], and [some of] your gaming activity may be deleted
• Your posts, photos and videos on Facebook that apps and websites have published may be deleted
• You won't be able to interact with or share content from other apps and websites on Facebook using social plugins such as the Share and Like buttons

You may miss the use of Share and Like buttons on websites, but that's the price. As of this writing, they don't separate the permissions associated with Share and Like buttons from Facebook's Gameroom and third-party login permissions. You can always go to Facebook itself and Share or Like a web post.

Final Words

Just as the "business model of Wall Street is fraud" (Bernie Sanders), the business model of Facebook is "surveillance." As I said above, the reason third parties offer Facebook games, apps and login options is to harvest, monetize and use the data of people with Facebook accounts.

And the reason Facebook exists at all is to monetize the motherlode of data on its billions of users — or use that data in any other way they wish. Could Facebook itself swing elections? I think they think they can. Have they already tried? Who knows.

Facebook and its ilk are a problem, and as near as I can tell an entirely modern one. This situation does need a solution, but it may never get one until the modern neoliberal regime is overturned.

GP